Remove unused macro-asm instruction and associated address patching.
On mips64, remove unused JumpLabelToJumpRegister(). On mips, rename
it appropriately (it's still used there for JR->J optimizations).
BUG=
Review URL: https://codereview.chromium.org/1059433003
Cr-Commit-Position: refs/heads/master@{#27593}
As with TF fix 94506cc3, correctly support absurdly large stack
adjustments.
TEST=mozilla/js/tests/js1_5/Regress/regress-396684.js
BUG=
Review URL: https://codereview.chromium.org/1057763002
Cr-Commit-Position: refs/heads/master@{#27592}
This keeps the length of the context chain tracked by the environment
in sync even for local control flow commands. It removes the need to
guess the correct chain length at Environment::Merge points.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1045703003
Cr-Commit-Position: refs/heads/master@{#27588}
The original code will not update the IC info if one of parameter is SMI. It Can not handle Number + Smi.
BUG=
Review URL: https://codereview.chromium.org/1056663005
Cr-Commit-Position: refs/heads/master@{#27583}
Currently, this doesn't really help to generate better code,
nevertheless this is the right thing to do. When our type system(s)
are fixed, this should avoid falling back to floating point operations
in various cases.
Review URL: https://codereview.chromium.org/1057813002
Cr-Commit-Position: refs/heads/master@{#27578}
Could not encode the large slot number in opcode MiscField.
TEST=mozilla/js/tests/js1_5/Regress/regress-396684.js
BUG=
Review URL: https://codereview.chromium.org/1043393002
Cr-Commit-Position: refs/heads/master@{#27574}
In ES6 Object.getOwnPropertyDescriptor should call ToObject, which
means that primitive values will return descriptors from the wrapper.
BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/998163004
Cr-Commit-Position: refs/heads/master@{#27569}
Reason for revert:
Spike in OOM crashes: crbug.com/403113
Original issue's description:
> Remove promotion backup case and report OOM instead.
>
> There are no test cases for this piece of code and it is really hard to test. If this rare case triggers, we are anyway in an OOM situation and would crash probably soon afterwards.
>
> BUG=
>
> Committed: https://crrev.com/e813afaf127ab80290153ab676dc07212bdc8946
> Cr-Commit-Position: refs/heads/master@{#27026}
TBR=mstarzinger@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1050113002
Cr-Commit-Position: refs/heads/master@{#27568}
Reason for revert:
Got one dev-channel with this. Should be enough.
Original issue's description:
> Add CHECKs when updating pointers from the slots and store buffers
>
> We want to verify that we always overwrite heap objects with heap
> objects, and non-heap objects with non-heap objects
>
> BUG=chromium:452095
> R=hpayer@chromium.org
> LOG=n
>
> Committed: https://crrev.com/58fbcfac8ae82b1241f07e1b8ea81a5973514c11
> Cr-Commit-Position: refs/heads/master@{#27479}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:452095
Review URL: https://codereview.chromium.org/1052713002
Cr-Commit-Position: refs/heads/master@{#27565}
This reverts commit 992751d0dc.
The final spec for Object.getPrototypeOf calls ToObject on the
parameter, which means that it should only throw for null and
undefined. For other non object values the prototype of the wrapper
should be used.
Difference from last time: Updated .status and will disable Blink
side tests as needed.
BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1051523003
Cr-Commit-Position: refs/heads/master@{#27558}
It triggers once per context that calls observe (or attempts to access
any observation metadata, e.g. through Object.getNotifier).
Review URL: https://codereview.chromium.org/1048213002
Cr-Commit-Position: refs/heads/master@{#27557}
In DevTools we've already used sourceURL in inline scripts.
This CL makes the behavior of the V8 in the same for Error.stack property and v8::StackTrace.
BUG=v8:3920
LOG=Y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1044173002
Cr-Commit-Position: refs/heads/master@{#27554}
Lack of sign extension on simulator builds gives bad value for
RETRY and EXCEPTION codes.
TEST=mjsunit/regexp-stack-overflow, regress-crbug-467047
BUG=v8:3992
LOG=n
Review URL: https://codereview.chromium.org/1040753003
Cr-Commit-Position: refs/heads/master@{#27553}
Add missing parts of the port to MIPS/MIPS64 implementations.
BUG=
Review URL: https://codereview.chromium.org/1047213002
Cr-Commit-Position: refs/heads/master@{#27551}
The spec settled on ToBoolean instead of only using not undefined.
BUG=v8:3827
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1045113002
Cr-Commit-Position: refs/heads/master@{#27548}
Port 8dad78cdbd
Original commit message:
This adds the basics necessary to support float32 operations in TurboFan.
The actual functionality required to detect safe float32 operations will
be added based on this later. Therefore this does not affect production
code except for some cleanup/refactoring.
In detail, this patchset contains the following features:
- Add support for float32 operations to arm, arm64, ia32 and x64
backends.
- Add float32 machine operators.
- Add support for float32 constants to simplified lowering.
- Handle float32 representation for phis in simplified lowering.
In addition, contains the following (related) cleanups:
- Fix/unify naming of backend instructions.
- Use AVX comparisons when available.
- Extend ArchOpcodeField to 9 bits (required for arm64).
- Refactor some code duplication in instruction selectors.
BUG=v8:3589
LOG=N
R=mbrandy@us.ibm.com
Review URL: https://codereview.chromium.org/1049253004
Cr-Commit-Position: refs/heads/master@{#27547}
This ensures that all expressions that throw actually mark the current
environment as dead in the AstGraphBuilder. This prevents live ranges
from being unnecessarily increased by paths that don't fall-through.
Note that we can do that because Runtime::kThrowFoo never returns.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1049203002
Cr-Commit-Position: refs/heads/master@{#27546}
This changes the IrOpcode::kThrow operator to have kNoThrow property,
which sounds unintuitive, but holds for our graphs. The operators is
used to indicate exceptional control flow out of the function, but in
itself does not throw, the throwing is done by a runtime call.
R=titzer@chromium.org
TEST=unittests/CommonOperatorTest/CommonSharedOperatorTest.Properties
Review URL: https://codereview.chromium.org/1046173002
Cr-Commit-Position: refs/heads/master@{#27541}
Currently this only sets branch hints, so we get unlikely code "out of
the way", but in the long run the register allocator needs some love
to treat the unlikely code as, well, unlikely. :-)
Review URL: https://codereview.chromium.org/1048063002
Cr-Commit-Position: refs/heads/master@{#27540}
The libdl library is already included on target builds of Android and needs
to be added to the build command line with a particular order to avoid
undefined references in other libraries. Fix this by only explicitly including
it in host builds and relying on the implicit inclusion on target builds.
Also remove the librt hack which is not longer necessary due to the AOSP build
bot having been removed.
BUG=chromium:469973
LOG=Y
Review URL: https://codereview.chromium.org/1036133005
Cr-Commit-Position: refs/heads/master@{#27535}
Port 8dad78cdbd
Original commit message:
This adds the basics necessary to support float32 operations in TurboFan.
The actual functionality required to detect safe float32 operations will
be added based on this later. Therefore this does not affect production
code except for some cleanup/refactoring.
In detail, this patchset contains the following features:
- Add support for float32 operations to arm, arm64, ia32 and x64
backends.
- Add float32 machine operators.
- Add support for float32 constants to simplified lowering.
- Handle float32 representation for phis in simplified lowering.
In addition, contains the following (related) cleanups:
- Fix/unify naming of backend instructions.
- Use AVX comparisons when available.
- Extend ArchOpcodeField to 9 bits (required for arm64).
- Refactor some code duplication in instruction selectors.
BUG=
Review URL: https://codereview.chromium.org/1045203003
Cr-Commit-Position: refs/heads/master@{#27534}
Because simulators have a seperate JavaScript and C++ stack, and
because they try to avoid calling the runtime StackCheck function
on entry to every function, it can happen in recursive calls that
the C++ stack overflows while the JavaScript stack is okay. The
runtime StackCheck function would catch this, but as an optimization,
generated code only looks at the JavaScript stack pointer to
determine if it should make that runtime call.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1050433002
Cr-Commit-Position: refs/heads/master@{#27533}
Port 8dad78cdbd
Original commit message:
This adds the basics necessary to support float32 operations in TurboFan.
The actual functionality required to detect safe float32 operations will
be added based on this later. Therefore this does not affect production
code except for some cleanup/refactoring.
In detail, this patchset contains the following features:
- Add support for float32 operations to arm, arm64, ia32 and x64
backends.
- Add float32 machine operators.
- Add support for float32 constants to simplified lowering.
- Handle float32 representation for phis in simplified lowering.
In addition, contains the following (related) cleanups:
- Fix/unify naming of backend instructions.
- Use AVX comparisons when available.
- Extend ArchOpcodeField to 9 bits (required for arm64).
- Refactor some code duplication in instruction selectors.
BUG=v8:3589
LOG=n
Review URL: https://codereview.chromium.org/1046953004
Cr-Commit-Position: refs/heads/master@{#27531}
The V8::IdleNotification will only return 'True' when the gc idle time handler
thinks there is no more GC which can be done. However, the gc idle task handler
can end up repeatedly making no progress (e.g., if it can't finalize a sweep)
which causes idle tasks to be repeatedly scheduled in Chrome which do nothing
but wake up Chrome. Fix this by returning Done if we can't make any progress
within an Idle Round.
BUG=chromium:470615
LOG=Y
Review URL: https://codereview.chromium.org/1042483002
Cr-Commit-Position: refs/heads/master@{#27529}
We only report the usages when full parse is happening, i.e. only when the function that declares a legacy const is compiled. This is an approximation that is easy to implement, but still should reflect the real-world usage.
BUG=v8:3942
LOG=N
Review URL: https://codereview.chromium.org/1041863002
Cr-Commit-Position: refs/heads/master@{#27526}
This CL reduces the size of generated code for snapshot by 1.6%.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1039283002
Cr-Commit-Position: refs/heads/master@{#27514}
A bug allows JSObject literals with elements to have the elements in the
boilerplate modified.
BUG=466993
LOG=N
Review URL: https://codereview.chromium.org/1037273002
Cr-Commit-Position: refs/heads/master@{#27511}
This adds the basics necessary to support float32 operations in TurboFan.
The actual functionality required to detect safe float32 operations will
be added based on this later. Therefore this does not affect production
code except for some cleanup/refactoring.
In detail, this patchset contains the following features:
- Add support for float32 operations to arm, arm64, ia32 and x64
backends.
- Add float32 machine operators.
- Add support for float32 constants to simplified lowering.
- Handle float32 representation for phis in simplified lowering.
In addition, contains the following (related) cleanups:
- Fix/unify naming of backend instructions.
- Use AVX comparisons when available.
- Extend ArchOpcodeField to 9 bits (required for arm64).
- Refactor some code duplication in instruction selectors.
BUG=v8:3589
LOG=n
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1044793002
Cr-Commit-Position: refs/heads/master@{#27509}
No compiler support for now (BTW: %_NewString, doesn't have that,
either), inline allocation will come later. Hopefully the last
intrisic to add for a StringAddStub POC...
Review URL: https://codereview.chromium.org/1041723002
Cr-Commit-Position: refs/heads/master@{#27508}
And reland "Use a slot that is located on a heap page when removing
invalid entries from the SlotsBuffer."
This reverts commits de018fbda3 and
d23a9f7a3e.
Reason for relanding: looking fine on Canary, let's get these fixes back in.
BUG=chromium:454297,chromium:470801
LOG=y
TBR=ishell@chromium.org
Review URL: https://codereview.chromium.org/1043703003
Cr-Commit-Position: refs/heads/master@{#27507}
This avoid to depend on MiscField to be big enough to hold the offset/size.
This patch also remove the Arm64PokePair which is no longer used.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1039753002
Cr-Commit-Position: refs/heads/master@{#27505}
We do not need to step one instruction further since we do not use Jr to J
optimization anymore for mips64.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1041833002
Cr-Commit-Position: refs/heads/master@{#27504}
On 'debugger' statement, if anything in debugger calls 'EnsureDebugInfo'
on a function, EnsureDebugInfo would compile and substitute code without
debug break slots. This causes weird behavior later when stepping fails
to work (see added test as an example).
This fix is to make sure the debugger is prepared for breakpoints in
that case as well.
Also adds extra testing for bug 468661.
R=yangguo@chromium.org,yurys@chromium.orh
BUG=v8:3990,chromium:468661
LOG=N
Review URL: https://codereview.chromium.org/1032353002
Cr-Commit-Position: refs/heads/master@{#27502}
This fixes simulated debug-mode failures in the following tests:
mjsunit/regexp-stack-overflow
mjsunit/regress/regress-crbug-467047
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1035003002
Cr-Commit-Position: refs/heads/master@{#27500}
The current GC idle time handling heuristics are getting too complicated. Moreover, with longer idle time we are getting more full garbage collections. This CL shrinks the idle round window and reduces complexity in the case where we cause a full garbage collection.
BUG=chromium:468554
LOG=n
Review URL: https://codereview.chromium.org/1024043003
Cr-Commit-Position: refs/heads/master@{#27493}
Reason for revert:
Reverting risky GC changes that block v8 roll.
Original issue's description:
> Reland "Filter invalid slots out from the SlotsBuffer after marking."
>
> > There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> > 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> > 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
>
> > This CL also adds useful machinery that helps triggering incremental write barriers.
>
> > BUG=chromium:454297
> > LOG=Y
>
> NOTRY=true
>
> Committed: https://crrev.com/f86aadd1d45c756467dff8e08a055b462d7a060b
> Cr-Commit-Position: refs/heads/master@{#27433}
TBR=machenbach@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1041593002
Cr-Commit-Position: refs/heads/master@{#27491}
Reason for revert:
Reverting risky GC changes that block v8 roll.
Original issue's description:
> Use a slot that is located on a heap page when removing invalid entries from the SlotsBuffer.
>
> BUG=chromium:470801
> LOG=Y
>
> Committed: https://crrev.com/2f3a42f9a1d66ffc9d260d9700ff831c3aa1cd41
> Cr-Commit-Position: refs/heads/master@{#27467}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:470801
Review URL: https://codereview.chromium.org/1033163002
Cr-Commit-Position: refs/heads/master@{#27490}
The aforementioned predicate reported a JSFunction that was marked for
optimization as already compiled. This in turn also prevented us from
being aggressive about FLAG_always_opt treatment.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1019293003
Cr-Commit-Position: refs/heads/master@{#27481}
We want to verify that we always overwrite heap objects with heap
objects, and non-heap objects with non-heap objects
BUG=chromium:452095
R=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1035763002
Cr-Commit-Position: refs/heads/master@{#27479}
port 38a719f965 (r27440)
original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
BUG=
Review URL: https://codereview.chromium.org/1030283003
Cr-Commit-Position: refs/heads/master@{#27478}
Only one FrameInspector can be active at a time on any given stack,
this ensures that it's lifetime is sufficiently scoped.
R=yangguo@chromium.org
TEST=mjsunit/regress/regress-crbug-259300
Review URL: https://codereview.chromium.org/1034743002
Cr-Commit-Position: refs/heads/master@{#27477}
This variant avoids a constant pool entry, which can be problematic
when LTO'ing. It is also slightly shorter.
R=bmeurer@chromium.org,Jacob.Bramley@arm.com
BUG=chromium:453195
LOG=n
Review URL: https://codereview.chromium.org/986643004
Cr-Commit-Position: refs/heads/master@{#27474}
Instead of CanRetainOtherContext, we now manually blacklist all access-checked objects.
BUG=
Review URL: https://codereview.chromium.org/1020803004
Cr-Commit-Position: refs/heads/master@{#27473}
Before this patch the embedder could assign timestamp to the last interval after calling GetHeapStats. This would be slightly different from the timstamps assigned by v8 internally and written into heap snapshot. This patch allow to avoid this small discrepancy by returning timestamp along with last heap stats update.
BUG=chromium:467222
LOG=Y
Review URL: https://codereview.chromium.org/1037803002
Cr-Commit-Position: refs/heads/master@{#27466}
The value returned on AIX for platform.machine() is not the
best value to map the architecture from. Use platform.system
to determine if we are on AIX and if so set host_arch to
ppc64 as AIX 6.1 (the earliest supported) only provides a
64 bit kernel
AIX was reporting warning that offset may be used uninitialized
modified: build/detect_v8_host_arch.py
modified: build/standalone.gypi
modified: src/hydrogen-bce.cc
R=mbrandy@us.ibm.com, jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1006583004
Cr-Commit-Position: refs/heads/master@{#27463}
port 6689cc27eb (r27377)
original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Review URL: https://codereview.chromium.org/1033733005
Cr-Commit-Position: refs/heads/master@{#27461}
This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
Method looks obsolete.
One of the strange side effect is shown by attached issue.
BUG=chromium:468781
TBR=yangguo@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1033973002
Cr-Commit-Position: refs/heads/master@{#27458}
Port 38a719f965
Original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
TEST=cctest/test-run-jsexceptions/DeoptTry
R=yangguo@chromium.org, R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1035533004
Cr-Commit-Position: refs/heads/master@{#27453}
This adapts the debugger so that the first break event starting the
stepping process can come from optimized code. TurboFan supports a
debugger statement and hence can be the top-most frame whenever the
Debug::HandleDebugBreak handler is triggered.
R=yangguo@chromium.org
TEST=mjsunit/debug,cctest/test-debug
Review URL: https://codereview.chromium.org/1038613002
Cr-Commit-Position: refs/heads/master@{#27447}
Also fix Debug.showBreakPoints for multiple break points at the same location.
BUG=v8:3960
LOG=N
Review URL: https://codereview.chromium.org/998253005
Cr-Commit-Position: refs/heads/master@{#27444}
Port 38a719f965
Original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
TEST=cctest/test-run-jsexceptions/DeoptTry
BUG=
Review URL: https://codereview.chromium.org/1037743002
Cr-Commit-Position: refs/heads/master@{#27443}
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
R=yangguo@chromium.org
TEST=cctest/test-run-jsexceptions/DeoptTry
Review URL: https://codereview.chromium.org/1010883002
Cr-Commit-Position: refs/heads/master@{#27440}
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
> BUG=chromium:454297
> LOG=Y
NOTRY=true
Review URL: https://codereview.chromium.org/1032833002
Cr-Commit-Position: refs/heads/master@{#27433}
Port 6689cc27eb
Original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
R=mbrandy@us.ibm.com, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1029413002
Cr-Commit-Position: refs/heads/master@{#27430}
Reason for revert:
Need to revert in order to revert https://codereview.chromium.org/1029323003/
Original issue's description:
> Filter invalid slots out from the SlotsBuffer after marking.
>
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
>
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297
> LOG=Y
>
> Committed: https://crrev.com/5c47c1c0d3e4a488f190c16a64ee02f5a14e6561
> Cr-Commit-Position: refs/heads/master@{#27423}
TBR=hpayer@chromium.org,erik.corry@gmail.com,ishell@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297
Review URL: https://codereview.chromium.org/1033453005
Cr-Commit-Position: refs/heads/master@{#27426}
The root cause for the bug is that the positions assigned to desugared
code was inconsistent with the source ranges of block scopes.
Since the fact that the position is assigned causes the debugger to
break at the parser-generated statement, the fix is to remove positions
from those nodes that we do not want to break on.
The CL also teaches Hydrogen to tolerate these cases.
R=adamk@chromium.org,rossberg@chromium.org
BUG=chromium:468661
LOG=Y
Review URL: https://codereview.chromium.org/1032653002
Cr-Commit-Position: refs/heads/master@{#27424}
There are two reasons that could cause invalid slots appearance in SlotsBuffer:
1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297
LOG=Y
Review URL: https://codereview.chromium.org/1010363005
Cr-Commit-Position: refs/heads/master@{#27423}
Gather references to unbound variables where the reference (VariableProxy) is
inside strong mode. Check them against the global object when a script is bound
to a context (during compilation).
This CL only checks unbound variables which are not inside lazy functions - TBD
how do we solve that; alternatives: add developer mode which disables laziness /
do the check whenever lazy functions are really compiled.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1005063002
Cr-Commit-Position: refs/heads/master@{#27422}
Some code in type-info.cc could allow a cross context map to be visible to
crankshaft. Tighten up this code to be certain that only a JSFunction, an
AllocationSite or a Symbol can be returned.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1026343004
Cr-Commit-Position: refs/heads/master@{#27417}
These are needed (among other things) for a TurboFan-generated
StringAddStub. Furthermore, they can be used to nuke the overly
complex %_IsInstanceType intrisic, it's completely expressible in
JavaScript now, but that will be done in a separate CL.
Alpha-sorted things a bit on the way to ease navigation.
Review URL: https://codereview.chromium.org/1010973010
Cr-Commit-Position: refs/heads/master@{#27415}
This removes the CompilationInfoWithZone class from the header file
because it is more than a pure convenience class and shouldn't be used
outside of the compiler at all.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1000353004
Cr-Commit-Position: refs/heads/master@{#27411}
