Commit Graph

8199 Commits

Author SHA1 Message Date
Benedikt Meurer
2d827809e0 [turbofan] Add language mode to JSCallFunction operator.
Also do some drive-by-cleanup to the unittests.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1107883002

Cr-Commit-Position: refs/heads/master@{#28066}
2015-04-27 10:44:30 +00:00
machenbach
fbf300802f Revert of [turbofan] Optimize loads from the global object in JSTypeFeedbackSpecializer. (patchset id:180001 of https://codereview.chromium.org/1063513003/)
Reason for revert:
[sheriff] Breaks nosnap debug:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug%20-%201/builds/156

Original issue's description:
> [turbofan] Optimize loads from the global object in JSTypeFeedbackSpecializer.
>
> Uses lazy deoptimization and code dependencies to introduce loads
> from property cells and also to promote globals to constants.
>
> R=mstarzinger@chromium.org
> BUG=
>
> Committed: https://crrev.com/aae4a62d07e839455b1d0ad4fa512cc5d48a1a68
> Cr-Commit-Position: refs/heads/master@{#28057}

TBR=mstarzinger@chromium.org,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1084533003

Cr-Commit-Position: refs/heads/master@{#28063}
2015-04-27 10:07:08 +00:00
mstarzinger
d6e99a7f52 [turbofan] Introduce explicit JSCreateLiteral[Array|Object].
This uses explicit operators instead of intrinsic runtime calls to
create literals froms boilerplates. It allows for easier access of
static parameters and syncs it with other allocating operators.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1104453006

Cr-Commit-Position: refs/heads/master@{#28062}
2015-04-27 09:57:22 +00:00
Benedikt Meurer
ecf499ef8e [turbofan] Sanitize language mode for JSStoreProperty operator.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1109733002

Cr-Commit-Position: refs/heads/master@{#28061}
2015-04-27 09:33:38 +00:00
jochen
3383f6280e Reland "Remove the weak list of views from array buffers"
Original description:
> Instead, views have to check their array buffer for whether
> it's neutered or not.
>
> BUG=v8:3996
> R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
> LOG=n

BUG=v8:3996
R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1107843002

Cr-Commit-Position: refs/heads/master@{#28060}
2015-04-27 09:27:53 +00:00
Benedikt Meurer
f13f949361 [turbofan] Sanitize language mode for javascript operators.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1084243005

Cr-Commit-Position: refs/heads/master@{#28059}
2015-04-27 09:12:43 +00:00
mstarzinger
a38f9dddd1 [turbofan] Use FastNewClosureStub if possible.
This introduces a JSCreateClosure operator which can be lowered by the
typed pipeline to the aforementioned stub. It also allows for further
optimizations of closure creation.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1105513002

Cr-Commit-Position: refs/heads/master@{#28058}
2015-04-27 09:07:57 +00:00
titzer
aae4a62d07 [turbofan] Optimize loads from the global object in JSTypeFeedbackSpecializer.
Uses lazy deoptimization and code dependencies to introduce loads
from property cells and also to promote globals to constants.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1063513003

Cr-Commit-Position: refs/heads/master@{#28057}
2015-04-27 09:06:41 +00:00
mvstanton
caeb9004f0 Don't MISS if you read the hole from certain FastHoley arrays.
If the array's map is the initial FastHoley array map, and the array prototype
chain is undisturbed and empty of elements, then keyed loads can convert the
load of a hole to undefined.

BUG=

Review URL: https://codereview.chromium.org/1100083002

Cr-Commit-Position: refs/heads/master@{#28056}
2015-04-27 08:46:38 +00:00
jarin
ae0bc41635 Fix stack layout of full code arm64 for object literal.
BUG=

Review URL: https://codereview.chromium.org/1095203005

Cr-Commit-Position: refs/heads/master@{#28055}
2015-04-27 08:31:33 +00:00
arv
2279dfe789 [es6] Map/Set size getter should have "get size" name
This reverts commit d5565c1f68.

Getter and setter function names in ES6 are defined as "get foo" and
"set foo".

This also moves the logic for handling symbols from runtime-function.cc
to v8natives.js.

BUG=None
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1093183006

Cr-Commit-Position: refs/heads/master@{#28050}
2015-04-24 18:15:59 +00:00
jkummerow
968715c653 Revert of Lazily register prototype users (patchset id:20001 of https://codereview.chromium.org/1104813004/)
Reason for revert:
Suspected of causing GC stress failures.

Original issue's description:
> Lazily register prototype users
>
> when handing out validity cells to handles; because invalidating said cells is the only time we'll need the user registrations.
> Along the way, fix a corner case in WeakFixedArray, which can now be empty after the recently introduced compaction support.
>
> Committed: https://crrev.com/a4bb7643c076b014816431a9b85af3e2edf828e7
> Cr-Commit-Position: refs/heads/master@{#28047}

TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1108583002

Cr-Commit-Position: refs/heads/master@{#28049}
2015-04-24 14:09:48 +00:00
jkummerow
a4bb7643c0 Lazily register prototype users
when handing out validity cells to handles; because invalidating said cells is the only time we'll need the user registrations.
Along the way, fix a corner case in WeakFixedArray, which can now be empty after the recently introduced compaction support.

Review URL: https://codereview.chromium.org/1104813004

Cr-Commit-Position: refs/heads/master@{#28047}
2015-04-24 12:51:37 +00:00
dcarney
ccc8e4e4a2 prepare to deprecate non phantom weak callbacks
BUG=

Review URL: https://codereview.chromium.org/1089853005

Cr-Commit-Position: refs/heads/master@{#28046}
2015-04-24 12:34:58 +00:00
conradw
ae7ce701ae [strong] Disallow implicit conversions for binary arithmetic operations
Implements the strong mode proposal's restrictions on
implicit conversions for binary arithmetic operations, not
including the + special case. Adds some infrastructure
for future implementation of the restrictions for other
operators.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1092353002

Cr-Commit-Position: refs/heads/master@{#28045}
2015-04-24 12:32:41 +00:00
mstarzinger
6b60f19168 [turbofan] Fix frame state for class literal definition.
This introduces a bailout point for class literals right after the
%DefineClass function has been called. Otherwise the FrameState after
class literal evaluation might contain the literal itself.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-480819
BUG=chromium:480819
LOG=N

Review URL: https://codereview.chromium.org/1104673004

Cr-Commit-Position: refs/heads/master@{#28043}
2015-04-24 11:12:57 +00:00
bmeurer
4f9bc2d1c3 [turbofan] Ignore dead cached nodes in the JSGraph.
BUG=chromium:480807
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1101273002

Cr-Commit-Position: refs/heads/master@{#28041}
2015-04-24 10:51:32 +00:00
yangguo
cadf96da90 Migrate error messages, part 5 (array.js and i18n.js).
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1096243003

Cr-Commit-Position: refs/heads/master@{#28040}
2015-04-24 10:21:43 +00:00
jochen
41098dbb07 Revert of Reland "Remove the weak list of views from array buffers" (patchset id:20001 of https://codereview.chromium.org/1093183004/)
Reason for revert:
still working on perf

Original issue's description:
> Reland "Remove the weak list of views from array buffers"
>
> Original description:
> > Instead, views have to check their array buffer for whether
> > it's neutered or not.
> >
> > BUG=v8:3996
> > R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
> > LOG=n
>
> BUG=v8:3996
> R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
> LOG=n
>
> Committed: https://crrev.com/655b04637e9da2749f53c866bca8f5f6abb05a3f
> Cr-Commit-Position: refs/heads/master@{#28029}

TBR=dslomov@chromium.org,hpayer@chromium.org,verwaest@chromium.org,dcarney@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996

Review URL: https://codereview.chromium.org/1053203007

Cr-Commit-Position: refs/heads/master@{#28038}
2015-04-24 06:46:23 +00:00
arv
d5565c1f68 Revert of [es6] Map/Set size getter should have "get size" name (patchset id:80001 of https://codereview.chromium.org/1094323005/)
Reason for revert:
Breaks GCMole ia32

http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gcmole/builds/1685/steps/GCMole%20ia32/logs/stdio

src/runtime/runtime-function.cc:96:3: warning: Possible problem with evaluation order.
  f->shared()->set_name(*NameToFunctionName(name));
  ^
src/runtime/runtime-function.cc:96:3: warning: Possible problem with evaluation order.
2 warnings generated.

Original issue's description:
> [es6] Map/Set size getter should have "get size" name
>
> Getter and setter function names in ES6 are defined as "get foo" and
> "set foo".
>
> BUG=None
> LOG=N
> R=adamk@chromium.org
>
> Committed: https://crrev.com/83c89a2e71a363afb35595f903423e650d788e42
> Cr-Commit-Position: refs/heads/master@{#28034}

TBR=adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=None

Review URL: https://codereview.chromium.org/1106713002

Cr-Commit-Position: refs/heads/master@{#28035}
2015-04-23 22:06:27 +00:00
arv
83c89a2e71 [es6] Map/Set size getter should have "get size" name
Getter and setter function names in ES6 are defined as "get foo" and
"set foo".

BUG=None
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1094323005

Cr-Commit-Position: refs/heads/master@{#28034}
2015-04-23 21:56:10 +00:00
mvstanton
df7e09da19 Empty Array prototype elements protection needs to alert on length change.
If the length of the array prototype is changed, be sure to turn off the
guarantee that it's elements are empty.

This case was missed in https://codereview.chromium.org/1092043002
("Protect the emptiness of Array prototype elements with a PropertyCell")

R=jkummerow@chromium.org
BUG=479781
LOG=N

Review URL: https://codereview.chromium.org/1099453007

Cr-Commit-Position: refs/heads/master@{#28033}
2015-04-23 16:08:51 +00:00
marja
ddd3f318c7 [strong] Stricter check for referring to other classes inside methods.
Add the restriction that both classes must be declared inside the same
consectutive class declaration batch.

Dependency analysis not implemented yet.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1060913005

Cr-Commit-Position: refs/heads/master@{#28032}
2015-04-23 14:04:47 +00:00
wingo
d5fd58165c Function scopes only must have a context if they call sloppy eval
A strict arrow function with no parameters and no variable bindings
won't need a context object because it will never have any
locals.  (This is unlike strict normal functions, which do have
"arguments" and "this" locals.)

R=rossberg@chromium.org
BUG=v8:4056
LOG=N

Review URL: https://codereview.chromium.org/1093183003

Cr-Commit-Position: refs/heads/master@{#28031}
2015-04-23 13:19:54 +00:00
jochen
655b04637e Reland "Remove the weak list of views from array buffers"
Original description:
> Instead, views have to check their array buffer for whether
> it's neutered or not.
>
> BUG=v8:3996
> R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
> LOG=n

BUG=v8:3996
R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1093183004

Cr-Commit-Position: refs/heads/master@{#28029}
2015-04-23 13:02:36 +00:00
bmeurer
4940c0bd42 [turbofan] Unify frame state inputs.
Now all nodes that care about deoptimization always take frame state
inputs no matter whether deoptimization is enabled for a particular
function. In case that deoptimization is off, the AstGraphBuilder just
inserts the empty frame state. This greatly simplifies the logic in
various places and makes testing easier as well, and is probably the
first step towards enabling --turbo-deoptimization by default.

There seems to be no noticable performance impact on asm.js programs.

Also fix the graph replay in order to regenerate the scheduler unittests.

Review URL: https://codereview.chromium.org/1106613003

Cr-Commit-Position: refs/heads/master@{#28026}
2015-04-23 09:04:19 +00:00
hpayer
ee59bde703 Reland Force full GCwhenever CollectAllGarbage is meant to trigger a full GC.
BUG=

Review URL: https://codereview.chromium.org/1099783003

Cr-Commit-Position: refs/heads/master@{#28024}
2015-04-23 08:37:05 +00:00
jarin
aaddea11b2 Materialize booleans in the turbofan deoptimizer.
BUG=
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1055453006

Cr-Commit-Position: refs/heads/master@{#28022}
2015-04-23 08:06:55 +00:00
arv
d0db1c39ca [es6] Function.prototype.name should be the empty string
ES6 specifies the function name property (it was not part of ES5) and
it specifies the name of Function.prototype to the empty string ("" and
not "Empty"). This makes us match Firefox, Safari and IE developer
preview.

BUG=v8:4033
LOG=N
R=adamk@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1080393004

Cr-Commit-Position: refs/heads/master@{#28021}
2015-04-23 00:29:27 +00:00
paul.lind
bf06d5c9f5 Skip poppler and sqlite tests on big-endian platforms.
Emscripten use of typed-arrays is little-endian only.

BUG=

Review URL: https://codereview.chromium.org/1082723007

Cr-Commit-Position: refs/heads/master@{#28020}
2015-04-22 22:31:27 +00:00
machenbach
8244686f6d [mjsunit] Fix bad test expectations.
BUG=v8:3924,v8:3969,chromium:478788
NOTRY=true
LOG=n

Review URL: https://codereview.chromium.org/1095893004

Cr-Commit-Position: refs/heads/master@{#28019}
2015-04-22 21:22:17 +00:00
arv
3f06291b3a [es6] Class extends may not be a generator function
BUG=v8:4009
LOG=N
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/1101543002

Cr-Commit-Position: refs/heads/master@{#28016}
2015-04-22 16:07:21 +00:00
jochen
47f2dfa9bd Revert of Remove the weak list of views from array buffers (patchset id:100001 of https://codereview.chromium.org/1094863002/)
Reason for revert:
I'm reverting this while working on the regression fix

Original issue's description:
> Remove the weak list of views from array buffers
>
> Instead, views have to check their array buffer for whether
> it's neutered or not.
>
> BUG=v8:3996
> R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
> LOG=n
>
> Committed: https://crrev.com/5ae083a05a6743d6cb91585f449539f7846a5d8c
> Cr-Commit-Position: refs/heads/master@{#27995}

TBR=dslomov@chromium.org,hpayer@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996

Review URL: https://codereview.chromium.org/1061753008

Cr-Commit-Position: refs/heads/master@{#28014}
2015-04-22 15:03:12 +00:00
titzer
5b6111edff Add test for deoptimization bug.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1100113002

Cr-Commit-Position: refs/heads/master@{#28013}
2015-04-22 14:32:49 +00:00
yangguo
9146ae720c Blacklist mjsunit/es6/generators-debug-scopes.js from turbofan.
TBR=mstarzinger@chromium.org
NOTRY=true
BUG=v8:4055
LOG=N

Review URL: https://codereview.chromium.org/1098293002

Cr-Commit-Position: refs/heads/master@{#28012}
2015-04-22 14:16:17 +00:00
dslomov
aec46ca54a Stack allocate lexical locals + hoist stack slots
Review URL: https://codereview.chromium.org/981203003

Cr-Commit-Position: refs/heads/master@{#28008}
2015-04-22 13:22:18 +00:00
svenpanne
9bb8b58549 Add an --omit-quit flag to d8 for Emscripten's sake.
Review URL: https://codereview.chromium.org/1101683002

Cr-Commit-Position: refs/heads/master@{#28004}
2015-04-22 12:24:15 +00:00
machenbach
1ea118d592 Revert of Revert of [strong] checking of this & super in constructors (patchset id:1 of https://codereview.chromium.org/1105453002/)
Reason for revert:
Was an infrastructure problem.

Original issue's description:
> Revert of [strong] checking of this & super in constructors (patchset  id:110001 of https://codereview.chromium.org/1024063002/)
>
> Reason for revert:
> [Sheriff] Breaks mac gc stress:
> http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1024
>
> Original issue's description:
> > [strong] checking of this & super in constructors
> >
> > R=dslomov@chromium.org, marja@chromium.org
> > BUG=v8:3956
> > LOG=N
> >
> > Enforces for constructors that
> > - the only use of 'super' is the super constructor call
> > - the only use of 'this' is a property assignment
> > - both of these must happen at the top-level of the body
> > - 'this' may only be assigned after the 'super' call
> > - 'return' may only be used after the last assignment to 'this'
> >
> > Not yet working for arrow functions (there might be deeper bugs with those).
> >
> > Committed: https://crrev.com/580d66bcda66220d2f3062ac58daf925436df74c
> > Cr-Commit-Position: refs/heads/master@{#27977}
>
> TBR=dslomov@chromium.org,marja@chromium.org,conradw@chromium.org,rossberg@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3956

TBR=dslomov@chromium.org,marja@chromium.org,conradw@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3956

Review URL: https://codereview.chromium.org/1073103004

Cr-Commit-Position: refs/heads/master@{#28001}
2015-04-22 11:04:13 +00:00
machenbach
2631c9f5e3 Revert of Revert of Protect the emptiness of Array prototype elements with a PropertyCell. (patchset id:1 of https://codereview.chromium.org/1099203004/)
Reason for revert:
This was probably an infrastructure problem caused by the mac ninja/goma switch.

Original issue's description:
> Revert of Protect the emptiness of Array prototype elements with a PropertyCell. (patchset  id:120001 of https://codereview.chromium.org/1092043002/)
>
> Reason for revert:
> MAC GCSTRESS failure on new test.
>
> Original issue's description:
> > Protect the emptiness of Array prototype elements with a PropertyCell.
> >
> > Not just emptiness, but also a particular structure.
> >
> > BUG=v8:4044
> > LOG=N
>
> TBR=jkummerow@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4044

TBR=jkummerow@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4044

Review URL: https://codereview.chromium.org/1052253003

Cr-Commit-Position: refs/heads/master@{#28000}
2015-04-22 10:35:09 +00:00
machenbach
6911943e0b Revert of Revert of [es6] don't throw if argument is non-object (O.freeze, O.seal, O.preventExtensions) (patchset id:1 of https://codereview.chromium.org/1103473003/)
Reason for revert:
This was probably an infrastructure problem caused by the mac ninja/goma switch.

Original issue's description:
> Revert of [es6] don't throw if argument is non-object (O.freeze, O.seal, O.preventExtensions) (patchset  id:140001 of https://codereview.chromium.org/1011823003/)
>
> Reason for revert:
> [Sheriff] breaks mac gc stress:
> http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1029
>
> Original issue's description:
> > [es6] don't throw if argument is non-object (O.freeze, O.seal, O.preventExtensions)
> >
> > BUG=v8:3965, v8:3966
> > R=arv@chromium.org
> > LOG=N
> >
> > Committed: https://crrev.com/b09c048f693d280052ac63c7d6b3baf27b3bf271
> > Cr-Commit-Position: refs/heads/master@{#27985}
>
> TBR=arv@chromium.org,caitpotter88@gmail.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3965, v8:3966

TBR=arv@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3965, v8:3966

Review URL: https://codereview.chromium.org/1098243002

Cr-Commit-Position: refs/heads/master@{#27999}
2015-04-22 10:33:33 +00:00
mvstanton
15b98a3328 Revert of Protect the emptiness of Array prototype elements with a PropertyCell. (patchset id:120001 of https://codereview.chromium.org/1092043002/)
Reason for revert:
MAC GCSTRESS failure on new test.

Original issue's description:
> Protect the emptiness of Array prototype elements with a PropertyCell.
>
> Not just emptiness, but also a particular structure.
>
> BUG=v8:4044
> LOG=N

TBR=jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4044

Review URL: https://codereview.chromium.org/1099203004

Cr-Commit-Position: refs/heads/master@{#27998}
2015-04-22 09:56:28 +00:00
machenbach
27397421f8 Revert of Revert of [es6] implement Array.prototype.copyWithin() (patchset id:1 of https://codereview.chromium.org/1084183004/)
Reason for revert:
Check if this CL fails independently of 580d66bcda

Original issue's description:
> Revert of [es6] implement Array.prototype.copyWithin() (patchset  id:120001 of https://codereview.chromium.org/376623004/)
>
> Reason for revert:
> [Sheriff] This causes test failures on mac gc stress:
> http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1027
>
> Original issue's description:
> > [es6] implement Array.prototype.copyWithin()
> >
> > https://people.mozilla.org/~jorendorff/es6-draft.html#sec-array.prototype.copywithin
> >
> > BUG=v8:4039
> > R=adamk@chromium.org
> > LOG=N
>
> TBR=dslomov@chromium.org,rossberg@chromium.org,adamk@chromium.org,caitpotter88@gmail.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4039
>
> Committed: https://crrev.com/9283fc89710e59445bdc4479454fba97ab9ebdd7
> Cr-Commit-Position: refs/heads/master@{#27984}

TBR=dslomov@chromium.org,rossberg@chromium.org,adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4039

Review URL: https://codereview.chromium.org/1072193005

Cr-Commit-Position: refs/heads/master@{#27997}
2015-04-22 09:43:13 +00:00
Benedikt Meurer
556221a23e [mjsunit] Import asm.js test case for poppler.
R=hablich@chromium.org

Review URL: https://codereview.chromium.org/1105483002

Cr-Commit-Position: refs/heads/master@{#27996}
2015-04-22 09:33:43 +00:00
jochen
5ae083a05a Remove the weak list of views from array buffers
Instead, views have to check their array buffer for whether
it's neutered or not.

BUG=v8:3996
R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1094863002

Cr-Commit-Position: refs/heads/master@{#27995}
2015-04-22 09:19:19 +00:00
dcarney
8a9fe731fb add StdGlobalValueMap
BUG=

Review URL: https://codereview.chromium.org/1104463002

Cr-Commit-Position: refs/heads/master@{#27994}
2015-04-22 09:17:34 +00:00
mvstanton
b6f075f001 Protect the emptiness of Array prototype elements with a PropertyCell.
Not just emptiness, but also a particular structure.

BUG=v8:4044
LOG=N

Review URL: https://codereview.chromium.org/1092043002

Cr-Commit-Position: refs/heads/master@{#27993}
2015-04-22 08:50:14 +00:00
machenbach
310d205c8f [mjsunit] Skip newly added tests under asan.
TBR=svenpanne@chromium.org, titzer@chromium.org, bmeurer@chromium.org,
NOTRY=true
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1101653002

Cr-Commit-Position: refs/heads/master@{#27992}
2015-04-22 08:35:17 +00:00
machenbach
b3875aacbb Revert of [strong] checking of this & super in constructors (patchset id:110001 of https://codereview.chromium.org/1024063002/)
Reason for revert:
[Sheriff] Breaks mac gc stress:
http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1024

Original issue's description:
> [strong] checking of this & super in constructors
>
> R=dslomov@chromium.org, marja@chromium.org
> BUG=v8:3956
> LOG=N
>
> Enforces for constructors that
> - the only use of 'super' is the super constructor call
> - the only use of 'this' is a property assignment
> - both of these must happen at the top-level of the body
> - 'this' may only be assigned after the 'super' call
> - 'return' may only be used after the last assignment to 'this'
>
> Not yet working for arrow functions (there might be deeper bugs with those).
>
> Committed: https://crrev.com/580d66bcda66220d2f3062ac58daf925436df74c
> Cr-Commit-Position: refs/heads/master@{#27977}

TBR=dslomov@chromium.org,marja@chromium.org,conradw@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3956

Review URL: https://codereview.chromium.org/1105453002

Cr-Commit-Position: refs/heads/master@{#27991}
2015-04-22 08:00:27 +00:00
machenbach
2b97a0e3bc Revert of [es6] don't throw if argument is non-object (O.freeze, O.seal, O.preventExtensions) (patchset id:140001 of https://codereview.chromium.org/1011823003/)
Reason for revert:
[Sheriff] breaks mac gc stress:
http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1029

Original issue's description:
> [es6] don't throw if argument is non-object (O.freeze, O.seal, O.preventExtensions)
>
> BUG=v8:3965, v8:3966
> R=arv@chromium.org
> LOG=N
>
> Committed: https://crrev.com/b09c048f693d280052ac63c7d6b3baf27b3bf271
> Cr-Commit-Position: refs/heads/master@{#27985}

TBR=arv@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3965, v8:3966

Review URL: https://codereview.chromium.org/1103473003

Cr-Commit-Position: refs/heads/master@{#27990}
2015-04-22 07:57:49 +00:00
Benedikt Meurer
78f2efe0e4 [mjsunit] Add custom tests based on SQLite 3.8.9.
Also adjust the test runner to remove --always-opt for FAST_VARIANTS.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1056423004

Cr-Commit-Position: refs/heads/master@{#27989}
2015-04-22 07:44:50 +00:00
Benedikt Meurer
f68e24ad46 Revert "[test] Initial import of an emscripten test suite."
This reverts commit bb346227db because it
adds a lot of overhead without significantly increasing our test
coverage. We need a different approach to deal with this.

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1099813007

Cr-Commit-Position: refs/heads/master@{#27987}
2015-04-22 04:31:56 +00:00
caitpotter88
b09c048f69 [es6] don't throw if argument is non-object (O.freeze, O.seal, O.preventExtensions)
BUG=v8:3965, v8:3966
R=arv@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1011823003

Cr-Commit-Position: refs/heads/master@{#27985}
2015-04-21 21:45:57 +00:00
machenbach
9283fc8971 Revert of [es6] implement Array.prototype.copyWithin() (patchset id:120001 of https://codereview.chromium.org/376623004/)
Reason for revert:
[Sheriff] This causes test failures on mac gc stress:
http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1027

Original issue's description:
> [es6] implement Array.prototype.copyWithin()
>
> https://people.mozilla.org/~jorendorff/es6-draft.html#sec-array.prototype.copywithin
>
> BUG=v8:4039
> R=adamk@chromium.org
> LOG=N

TBR=dslomov@chromium.org,rossberg@chromium.org,adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4039

Review URL: https://codereview.chromium.org/1084183004

Cr-Commit-Position: refs/heads/master@{#27984}
2015-04-21 21:11:31 +00:00
caitpotter88
6d00703e5e [es6] implement Array.prototype.copyWithin()
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-array.prototype.copywithin

BUG=v8:4039
R=adamk@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/376623004

Cr-Commit-Position: refs/heads/master@{#27983}
2015-04-21 19:05:37 +00:00
rossberg
580d66bcda [strong] checking of this & super in constructors
R=dslomov@chromium.org, marja@chromium.org
BUG=v8:3956
LOG=N

Enforces for constructors that
- the only use of 'super' is the super constructor call
- the only use of 'this' is a property assignment
- both of these must happen at the top-level of the body
- 'this' may only be assigned after the 'super' call
- 'return' may only be used after the last assignment to 'this'

Not yet working for arrow functions (there might be deeper bugs with those).

Review URL: https://codereview.chromium.org/1024063002

Cr-Commit-Position: refs/heads/master@{#27977}
2015-04-21 16:34:29 +00:00
jochen
1692380f93 Revert of Reland "LayoutDescriptor should inherit from JSTypedArray" (patchset id:40001 of https://codereview.chromium.org/1094333002/)
Reason for revert:
Breaks gbemu

Original issue's description:
> Reland "LayoutDescriptor should inherit from JSTypedArray"
>
> Original issue's description:
> > LayoutDescriptor should inherit from JSTypedArray
> >
> > It can't just inherit from a FixedTypedArray-like type, as we soon
> > assume that a FixedTypedArray-like type is always held by an
> > ArrayBufferView-like type
> >
> > BUG=v8:3996
> > R=ishell@chromium.org,verwaest@chromium.org
> > LOG=n
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n

TBR=ishell@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996

Review URL: https://codereview.chromium.org/1080403004

Cr-Commit-Position: refs/heads/master@{#27975}
2015-04-21 15:58:07 +00:00
mstarzinger
d1597b7d22 [turbofan] Use FastCloneShallow[Array|Object]Stub if possible.
This allows the JSIntrinsicLowering to optimize the cloning of literal
boilerplate objects using either the FastCloneShallowArrayStub or the
FastCloneShallowObjectStub when applicable.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1097963002

Cr-Commit-Position: refs/heads/master@{#27974}
2015-04-21 15:43:15 +00:00
jochen
d20660e05e Reland "LayoutDescriptor should inherit from JSTypedArray"
Original issue's description:
> LayoutDescriptor should inherit from JSTypedArray
>
> It can't just inherit from a FixedTypedArray-like type, as we soon
> assume that a FixedTypedArray-like type is always held by an
> ArrayBufferView-like type
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n

BUG=v8:3996
R=ishell@chromium.org,verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1094333002

Cr-Commit-Position: refs/heads/master@{#27973}
2015-04-21 15:21:56 +00:00
titzer
1850803d56 [turbofan] Fix reduction of LoadProperty/StoreProperty to LoadNamed/StoreNamed.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1095313002

Cr-Commit-Position: refs/heads/master@{#27972}
2015-04-21 15:12:58 +00:00
wingo
8be0499fce Allow eval/arguments in arrow functions
Originally landed in https://codereview.chromium.org/1061983004;
re-landing after re-landing formal parameter parsing refactors.

R=marja@chromium.org
BUG=v8:4020
LOG=N

Review URL: https://codereview.chromium.org/1077153005

Cr-Commit-Position: refs/heads/master@{#27971}
2015-04-21 14:44:03 +00:00
jochen
8a309a1eae Revert of LayoutDescriptor should inherit from JSTypedArray (patchset id:1 of https://codereview.chromium.org/1084793004/)
Reason for revert:
breaks mjsunit on debug bots

Original issue's description:
> LayoutDescriptor should inherit from JSTypedArray
>
> It can't just inherit from a FixedTypedArray-like type, as we soon
> assume that a FixedTypedArray-like type is always held by an
> ArrayBufferView-like type
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n

TBR=ishell@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996

Review URL: https://codereview.chromium.org/1073053006

Cr-Commit-Position: refs/heads/master@{#27968}
2015-04-21 14:02:54 +00:00
jochen
6d79ceb294 LayoutDescriptor should inherit from JSTypedArray
It can't just inherit from a FixedTypedArray-like type, as we soon
assume that a FixedTypedArray-like type is always held by an
ArrayBufferView-like type

BUG=v8:3996
R=ishell@chromium.org,verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1084793004

Cr-Commit-Position: refs/heads/master@{#27964}
2015-04-21 13:07:14 +00:00
Benedikt Meurer
bb346227db [test] Initial import of an emscripten test suite.
These tests are based on individual tests from the Emscripten benchmark
suite, which are used to test Emscripten itself. We adopt them to test
asm.js code paths in V8.

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1101493002

Cr-Commit-Position: refs/heads/master@{#27962}
2015-04-21 12:24:10 +00:00
wingo
636cb4f365 Factor formal argument parsing into ParserBase
This commit is a precursor to making lazy arrow function parsing use
similar logic to function(){} argument parsing.

Originally landed in these three CLs:

  https://codereview.chromium.org/1078093002
  https://codereview.chromium.org/1083623002
  https://codereview.chromium.org/1083953002

These were rolled out due to a performance regression on CodeLoad.  This
patchset will fix that by avoiding creation of a DuplicateFinder in the
full parser.

R=marja@chromium.org
BUG=
LOG=N

Review URL: https://codereview.chromium.org/1100713002

Cr-Commit-Position: refs/heads/master@{#27960}
2015-04-21 11:09:34 +00:00
svenpanne
4d3044e161 Removed src/{isolate,property-details,utils}-inl.h
Baby steps towards saner #includes...

Review URL: https://codereview.chromium.org/1051393003

Cr-Commit-Position: refs/heads/master@{#27958}
2015-04-21 10:21:37 +00:00
yangguo
9b2fe70d93 Migrate error messages, part 4 (v8natives.js).
Goal is to reduce native context size.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1099573002

Cr-Commit-Position: refs/heads/master@{#27953}
2015-04-21 09:03:09 +00:00
Daniel Vogelheim
abb23b5284 Disable mjsunit/es7/object-observe on gc-stress, due to flakiness.
TBR=machenbach@chromium.org
CC=adamk@chromium.org
BUG=478788
LOG=N

Review URL: https://codereview.chromium.org/1092323003

Cr-Commit-Position: refs/heads/master@{#27948}
2015-04-20 18:14:40 +00:00
titzer
f557d75360 Reland "Refactor compilation dependency handling."
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1099473004

Cr-Commit-Position: refs/heads/master@{#27945}
2015-04-20 15:21:44 +00:00
mvstanton
9987221c02 Make sure builtins preserve guarantees about empty element array prototypes.
We have a bottleneck around storing elements in the array and object prototypes,
but the Push() and Unshift() builtins don't respect them.

Fix this exactly to the level of existing support for stores.

BUG=v8:4043
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1066003003

Cr-Commit-Position: refs/heads/master@{#27943}
2015-04-20 15:16:34 +00:00
jochen
ad854ea11e Allow for accessing an ArrayBuffer contents without externalizing it
The embedder has to take appropriate steps to ensure that the
ArrayBuffer doesn't die while it's accessing the pointer, e.g. keep a
Local handle to it around

BUG=none
R=dslomov@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1095083002

Cr-Commit-Position: refs/heads/master@{#27942}
2015-04-20 15:01:43 +00:00
yangguo
8cf289ca4f Throw when attaching a stack trace to an object fails.
R=jarin@chromium.org
BUG=chromium:478011
LOG=N

Review URL: https://codereview.chromium.org/1077153003

Cr-Commit-Position: refs/heads/master@{#27941}
2015-04-20 14:40:45 +00:00
jochen
53cc6486df Remove support for externally backed elements from the API
Embedders should use ArrayBuffers instead

BUG=v8:3996
LOG=y
R=verwaest@chromium.org,dslomov@chromium.org,kbr@chromium.org

Review URL: https://codereview.chromium.org/1092923002

Cr-Commit-Position: refs/heads/master@{#27939}
2015-04-20 13:31:27 +00:00
Ross McIlroy
063fc25122 Replace OVERRIDE->override and FINAL->final since we now require C++11.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1088993003

Cr-Commit-Position: refs/heads/master@{#27937}
2015-04-20 13:08:14 +00:00
machenbach
fde66e2a72 Temporarily skip slow test.
TBR=bmeurer@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1093143002

Cr-Commit-Position: refs/heads/master@{#27936}
2015-04-20 12:23:14 +00:00
Benedikt Meurer
7eb7141fc4 [mjsunit] Import test case based on the Massive/SQLite benchmark.
This adds a stripped down version of the SQLite benchmark (running with
--size 1) to the mjsunit suite. We might want to move that to a
dedicated slow/stress/whatever test suite once an appropriate decision
is made.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1094043002

Cr-Commit-Position: refs/heads/master@{#27930}
2015-04-20 07:58:31 +00:00
adamk
4a5c91387b [modules] Parsing: add ModuleRequests where missing
Two last forms supported in this patch:
  - 'import' ModuleSpecifier
  - 'export' '*' 'from' ModuleSpecifier.

BUG=v8:1569
LOG=n

Review URL: https://codereview.chromium.org/1094963002

Cr-Commit-Position: refs/heads/master@{#27927}
2015-04-17 22:45:06 +00:00
yangguo
5a9a0b20e7 Migrate error messages, part 3 (runtime.js).
Motivation for this is reducing the size of the native context.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1089303003

Cr-Commit-Position: refs/heads/master@{#27917}
2015-04-17 13:27:28 +00:00
jkummerow
4204c72739 Don't use normalized map cache for prototype maps
BUG=chromium:477924
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1090193002

Cr-Commit-Position: refs/heads/master@{#27916}
2015-04-17 12:16:07 +00:00
wingo
37520d3e03 Revert "Factor formal argument parsing into ParserBase"
Revert https://codereview.chromium.org/1078093002/ and follow-on parser
patches due to a perf regression.

This reverts commit 53ddccfc33.
This reverts commit 71d3213a3f.
This reverts commit 0f432ebb76.
This reverts commit 1dbc432729.

R=marja@chromium.org

Review URL: https://codereview.chromium.org/1094653002

Cr-Commit-Position: refs/heads/master@{#27912}
2015-04-17 09:51:15 +00:00
verwaest
c153a8437e [crankshaft] Fix property access with proxies in prototype chain
BUG=

Review URL: https://codereview.chromium.org/1090813003

Cr-Commit-Position: refs/heads/master@{#27911}
2015-04-17 09:25:13 +00:00
yangguo
7f994ee0a7 Disable always-opt for locker tests.
In no-snap mode, creating 100 contexts can take a while.
This becomes even worse with always-opt.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1092003002

Cr-Commit-Position: refs/heads/master@{#27910}
2015-04-17 09:13:55 +00:00
yangguo
ae2057e81a Reland "Migrate error messages, part 2."
Review URL: https://codereview.chromium.org/1083083004

Cr-Commit-Position: refs/heads/master@{#27907}
2015-04-17 08:35:47 +00:00
machenbach
e3c2ba776a Revert of Refactor compilation dependency handling. (patchset id:60001 of https://codereview.chromium.org/1095433002/)
Reason for revert:
[Sheriff] Causes crashes in laout tests:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2543

Extra bisect run:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2548

Original issue's description:
> Refactor compilation dependency handling.
>
> Extract a new data structure CompilationDependencies and move (most) logic there.
>
> R=mstarzinger@chromium.org,verwaest@chromium.org
> BUG=
>
> Committed: https://crrev.com/b882479f1c84a48961b8aec81fa1bb1225034784
> Cr-Commit-Position: refs/heads/master@{#27892}

TBR=mstarzinger@chromium.org,verwaest@chromium.org,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1093783002

Cr-Commit-Position: refs/heads/master@{#27904}
2015-04-17 07:47:09 +00:00
verwaest
8098253562 Reland "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
BUG=chromium:476592
LOG=n

Review URL: https://codereview.chromium.org/1086333002

Cr-Commit-Position: refs/heads/master@{#27898}
2015-04-16 17:32:00 +00:00
mstarzinger
8924a9e1b7 [turbofan] Add single --turbo flag.
This flag is intended as a staging flag for TurboFan. It serves as a
single flag that always enables a most recent configuration of TurboFan
for test suites and benchmarks, without needing to update test drivers.

R=titzer@chromium.org,machenbach@chromium.org

Review URL: https://codereview.chromium.org/1094573002

Cr-Commit-Position: refs/heads/master@{#27896}
2015-04-16 16:28:39 +00:00
titzer
b882479f1c Refactor compilation dependency handling.
Extract a new data structure CompilationDependencies and move (most) logic there.

R=mstarzinger@chromium.org,verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1095433002

Cr-Commit-Position: refs/heads/master@{#27892}
2015-04-16 16:04:34 +00:00
erikcorry
a0e2dd23ce Make test unthreaded so other tests don't interfere with heap size
R=hpayer@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1086423003

Cr-Commit-Position: refs/heads/master@{#27890}
2015-04-16 14:44:25 +00:00
machenbach
d881baaced Revert of Migrate error messages, part 2. (patchset id:1 of https://codereview.chromium.org/1086313003/)
Reason for revert:
[Sheriff]: This changes layout test expectations e.g.
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Win/builds/2964

Original issue's description:
> Migrate error messages, part 2.
>
> Motivation for this is reducing the size of the native context.
>
> Committed: https://crrev.com/d3b788df0a4ccfedbe6e1df5e214cb6ba2792a65
> Cr-Commit-Position: refs/heads/master@{#27878}

TBR=mvstanton@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1095573002

Cr-Commit-Position: refs/heads/master@{#27889}
2015-04-16 14:33:26 +00:00
marja
2dc0f2ec01 [strong] Allow mutually recursive classes.
The previous restrictions were overshooting (didn't allow a class to refer to a
later class under any circumstances); after this CL we're undershooting (allow
referring to any class from inside a method).

Implementing the correct checks (allow referring only if the class declarations
are in a consecutive block and if there's no dependency cycle) will be
implemented as a follow up.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1087543004

Cr-Commit-Position: refs/heads/master@{#27888}
2015-04-16 14:12:52 +00:00
conradw
d8bccfe974 [strong] Implement static restrictions on switch statement
Implements the strong mode proposal's restrictions on the syntax of the
switch statement. Also fixes a minor bug with empty statements in strong
mode and improves StrongUndefinedArrow parser synch tests.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1084983002

Cr-Commit-Position: refs/heads/master@{#27885}
2015-04-16 13:29:20 +00:00
mstarzinger
54cb7b6ea3 Disable more failing tests after f3338dd3b0.
TBR=jkummerow@chromium.org
TEST=mjsunit/debug-ignore-breakpoints
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1087673003

Cr-Commit-Position: refs/heads/master@{#27881}
2015-04-16 12:46:28 +00:00
yangguo
d3b788df0a Migrate error messages, part 2.
Motivation for this is reducing the size of the native context.

Review URL: https://codereview.chromium.org/1086313003

Cr-Commit-Position: refs/heads/master@{#27878}
2015-04-16 11:34:47 +00:00
hpayer
bbd222f882 Revert of Experiment: reduce heap growing factor to investigate OOM impact. (patchset id:60001 of https://codereview.chromium.org/1060533003/)
Reason for revert:
Experiment done.

Original issue's description:
> Experiment: reduce heap growing factor to investigate OOM impact.
>
> This CL will be reverted after getting sufficient data.
> BUG=
>
> Committed: https://crrev.com/8b737395c8fcde35cbfbed6607f767ed48eefc5b
> Cr-Commit-Position: refs/heads/master@{#27804}

TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1085353003

Cr-Commit-Position: refs/heads/master@{#27871}
2015-04-16 09:06:40 +00:00
titzer
addb10633c [turbofan] Clean up cached nodes in JSGraph.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1080023002

Cr-Commit-Position: refs/heads/master@{#27870}
2015-04-16 08:41:34 +00:00
ulan
aae2c01740 Use atomic operation to read the length of a fixed array.
This fixes a race where
- mutator changes the fixed array length by trimming it,
- sweeper thread reads the length of the fixed array.

Also rename FROM_GC and FROM_MUTATOR to be more precise.

BUG=chromium:462908
LOG=NO

Review URL: https://codereview.chromium.org/1034163002

Cr-Commit-Position: refs/heads/master@{#27869}
2015-04-16 08:39:12 +00:00
yangguo
a5ac029058 Start migrating error message templates to the runtime.
Currently done with two templates, one used from native js, one from runtime.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1087633005

Cr-Commit-Position: refs/heads/master@{#27864}
2015-04-16 07:01:16 +00:00
adamk
b054ff4620 Revert "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
This reverts commit 8c98cc074e
because it causes flaky failures in the dromaeo.jslibeventprototype
benchmark on Linux/Windows and consistent failures on Android.

Also reverts the followup "Remove kForInStatementIsNotFastCase bailout reason"
(commit ba24e67696) to avoid breaking the build.

BUG=chromium:476592
TBR=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1066663005

Cr-Commit-Position: refs/heads/master@{#27859}
2015-04-15 21:28:22 +00:00
mvstanton
13459c1ae3 Array() in optimized code can create with wrong ElementsKind in corner cases.
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.

This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1086873003

Cr-Commit-Position: refs/heads/master@{#27857}
2015-04-15 21:02:13 +00:00
arv
79be74364a Fix issues with name and length on poison pill function
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.

BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1061393002

Cr-Commit-Position: refs/heads/master@{#27855}
2015-04-15 17:15:26 +00:00
erikcorry
e0be05036f Reduce regexp compiler stack size when not optimizing regexps
R=jkummerow@chromium.org
BUG=chromium:475705
LOG=y

Review URL: https://codereview.chromium.org/1082763002

Cr-Commit-Position: refs/heads/master@{#27851}
2015-04-15 15:15:52 +00:00