Commit Graph

20335 Commits

Author SHA1 Message Date
svenpanne
cbf3b0bcc7 More -fsanitize=vptr fixes.
This actually fixes 3 different issues when accessing Operand1:

   * Object vs. HeapObject

   * Wrong defaults for equals/hash

   * silently dropping const

TEST=test/mjsunit/regress/regress-441099.js
BUG=chromium:441099
LOG=y

Review URL: https://codereview.chromium.org/812563002

Cr-Commit-Position: refs/heads/master@{#25843}
2014-12-16 14:20:28 +00:00
ishell
08146dc023 Introduced PropertyType ACCESSOR_FIELD.
Review URL: https://codereview.chromium.org/805453002

Cr-Commit-Position: refs/heads/master@{#25842}
2014-12-16 13:22:31 +00:00
dcarney
0349f7b71f [turbofan] enable stack slot reuse
BUG=

Review URL: https://codereview.chromium.org/793683002

Cr-Commit-Position: refs/heads/master@{#25841}
2014-12-16 13:09:23 +00:00
Benedikt Meurer
2b4eb88cdd [turbofan] Cache conversions inserted during typed lowering.
This greatly reduces the number of nodes in the graph (by more than 20x in
some extreme cases) for the Emscripten python interpreter main function.

BUG=v8:3763
LOG=y
TEST=cctest,mjsunit,unittests
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/802353003

Cr-Commit-Position: refs/heads/master@{#25840}
2014-12-16 12:59:16 +00:00
erik.corry
d287f225a3 Limit code size generated for very large regexps
R=jkummerow@chromium.org, yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/799403003

Cr-Commit-Position: refs/heads/master@{#25839}
2014-12-16 12:33:32 +00:00
marja
978f41a1da RegExpParser: Fix Reset()ting to the end.
The bug would occur when we try to Reset() to a position already at the end.

This happens e.g., when the regexp ends with \u. What used to happen in that
case: 1) Advance past \ and u (to the end) (which wouldn't increase next_pos_
enough) 2) Try to parse 4 hex digits 3) When that failed, Reset() to the
position which should've been at the end but wasn't.

To be able to properly Reset() to a position at the end, we need to allow
next_pos_ to move beyond the end (since position() is next_pos_ - 1).

Minimal repro case:

var r = /foo\u/
r.test("foou") // should be true, was false.

(Note that \u not followed by 4 hex didits should be interpreted as an identity
escape. It already worked unless \u was at the end of the regexp.)

BUG=v8:3756
LOG=NO

Review URL: https://codereview.chromium.org/802313003

Cr-Commit-Position: refs/heads/master@{#25838}
2014-12-16 12:14:19 +00:00
titzer
0f619463f2 [turbofan] First version of loop analysis: loop finder on the soup of nodes.
R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/803993002

Cr-Commit-Position: refs/heads/master@{#25837}
2014-12-16 09:36:40 +00:00
Benedikt Meurer
9754c38573 [turbofan] Always align loop headers at 16-byte boundaries.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/811713002

Cr-Commit-Position: refs/heads/master@{#25836}
2014-12-16 07:56:18 +00:00
Sven Panne
1ee700c45a Log V8 version in profiler log file
Patch from issue 800293002 authored by ben@strongloop.com

TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/806143002

Cr-Commit-Position: refs/heads/master@{#25835}
2014-12-16 07:40:13 +00:00
Benedikt Meurer
54a31b628d [base] Add iterator_range helper class.
TEST=unittests
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/810683003

Cr-Commit-Position: refs/heads/master@{#25834}
2014-12-16 07:32:03 +00:00
chunyang.dai
ab7622a094 X87: [turbofan] Remove the no-context hack for JSToNumber.
port d211608a3e

original commit message:
  [turbofan] Remove the no-context hack for JSToNumber.

  The ToNumberStub is now able to handle all plain primitives (Numbers,
  Booleans, Null, Undefined and Strings) without context access.

BUG=

Review URL: https://codereview.chromium.org/810683002

Cr-Commit-Position: refs/heads/master@{#25833}
2014-12-16 07:14:00 +00:00
Benedikt Meurer
283175d984 [turbofan] Relax effects and context for JSToNumber(x:plain-primitive).
Relanded with fix for always returning Change for PlainPrimitive even
if there was no change. The performance regression on primes.js and
corrections.js is due to unlucky loop header alignment; will be addressed
separately.

TEST=unittests
R=svenpanne@chromium.org

Committed: 75484e8d16

Review URL: https://codereview.chromium.org/799413002

Cr-Commit-Position: refs/heads/master@{#25832}
2014-12-16 05:39:46 +00:00
bmeurer
2c30ab6616 Revert of [turbofan] Relax effects and context for JSToNumber(x:plain-primitive). (patchset #1 id:1 of https://codereview.chromium.org/799413002/)
Reason for revert:
Performance regressions on primes and corrections benchmarks.

Original issue's description:
> [turbofan] Relax effects and context for JSToNumber(x:plain-primitive).
>
> TEST=unittests
> R=svenpanne@chromium.org
>
> Committed: 75484e8d16

TBR=svenpanne@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/806103002

Cr-Commit-Position: refs/heads/master@{#25831}
2014-12-16 04:45:09 +00:00
v8-autoroll
8e7b7daefc Update V8 DEPS.
Rolling v8/tools/clang to 6538d768c1dd43ad3942574cfc5ba90a8e1e0517

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/803183005

Cr-Commit-Position: refs/heads/master@{#25830}
2014-12-16 04:28:50 +00:00
jkummerow
60dafcaab2 Add infrastructure to keep track of references to prototypes.
There are no users of this infrastructure yet, so it's behind an off-by-default flag.

Review URL: https://codereview.chromium.org/768633002

Cr-Commit-Position: refs/heads/master@{#25829}
2014-12-15 19:57:54 +00:00
caitpotter88
aed5d734e6 Use proper ToLength() operation in %ArrayConcat()
LOG=N
R=dslomov@chromium.org
BUG=

Review URL: https://codereview.chromium.org/799853003

Cr-Commit-Position: refs/heads/master@{#25828}
2014-12-15 19:08:41 +00:00
rmcilroy
94071011ac [GN] Output external snapshot blobs in out directory.
The snapshot and natives blob files should be output in the out directory
instead of the gen directory so that they can be picked up by the
executable.

BUG=421063
LOG=N

Review URL: https://codereview.chromium.org/805813004

Cr-Commit-Position: refs/heads/master@{#25827}
2014-12-15 17:01:08 +00:00
dslomov
6d35dedf6e Ship ES6 classes.
R=arv@chromium.org
BUG=v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/808433002

Cr-Commit-Position: refs/heads/master@{#25826}
2014-12-15 16:44:00 +00:00
arv
a76419f0f4 Revert of ES6 computed property names (patchset #9 id:160001 of https://codereview.chromium.org/795573005/)
Reason for revert:
Crashes on Win32

http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%201/builds/1357

Test: mjsunit/harmony/computed-property-names
Flags: --stress-opt --always-opt
Command: build\Release\d8.exe --test --random-seed=-233815021 --stress-opt --always-opt --nohard-abort --nodead-code-elimination --nofold-constants --harmony-computed-property-names test\mjsunit\mjsunit.js test\mjsunit\harmony\computed-property-names.js

Run #1
Exit code: -1073741819
Result: CRASH
Expected outcomes: PASS

Run #2
Exit code: -1073741819
Result: CRASH
Expected outcomes: PASS

Run #3
Exit code: -1073741819
Result: CRASH
Expected outcomes: PASS

Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> BUG=v8:3754
> LOG=Y

TBR=dslomov@chromium.org,wingo@igalia.com
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754

Review URL: https://codereview.chromium.org/809433002

Cr-Commit-Position: refs/heads/master@{#25825}
2014-12-15 16:38:42 +00:00
balazs.kilvady
9167c996d3 MIPS: [turbofan] Remove the no-context hack for JSToNumber.
Port d211608a3e

Original commit message:
The ToNumberStub is now able to handle all plain primitives (Numbers,
Booleans, Null, Undefined and Strings) without context access.

TEST=cctest,mjsunit,unittests
BUG=

Review URL: https://codereview.chromium.org/803973002

Cr-Commit-Position: refs/heads/master@{#25824}
2014-12-15 16:02:05 +00:00
jkummerow
ed6e1735b6 Add fast path for array indices to Runtime_HasOwnProperty
Review URL: https://codereview.chromium.org/803833004

Cr-Commit-Position: refs/heads/master@{#25823}
2014-12-15 15:57:55 +00:00
jkummerow
c060f4e26c Internalize strings being stored into uninitialized property cells
Review URL: https://codereview.chromium.org/804993002

Cr-Commit-Position: refs/heads/master@{#25822}
2014-12-15 15:46:11 +00:00
arv
6e38caf8d3 ES6 computed property names
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.

BUG=v8:3754
LOG=Y

Review URL: https://codereview.chromium.org/795573005

Cr-Commit-Position: refs/heads/master@{#25821}
2014-12-15 15:27:19 +00:00
jochen
a8045635cb Take the build level into account for the version hash
build is the third number of the V8 version, and very likely to change
(in contrast to the patch level which typically is zero on canaries).

BUG=chromium:440984
R=mvstanton@chromium.org,yangguo@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/802363002

Cr-Commit-Position: refs/heads/master@{#25820}
2014-12-15 14:28:33 +00:00
hpayer
e3479c553c Reland Call DisableInlineAllocation() in heap setup when flag inline_new is off.
BUG=

Review URL: https://codereview.chromium.org/806783002

Cr-Commit-Position: refs/heads/master@{#25819}
2014-12-15 14:02:06 +00:00
Benedikt Meurer
75484e8d16 [turbofan] Relax effects and context for JSToNumber(x:plain-primitive).
TEST=unittests
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/799413002

Cr-Commit-Position: refs/heads/master@{#25818}
2014-12-15 13:42:54 +00:00
fedor.indutny
f6e68d2c2c Hydrogen: fix keyed loads with string keys
Keyed loads should not unconditionally be compiled to element loads. Update KeyedLoadICs to keep track of the key type, so that Hydrogen can emit ICs for string-keyed loads it doesn't have inline support for.

BUG=v8:3167
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/755513003

Cr-Commit-Position: refs/heads/master@{#25817}
2014-12-15 13:36:23 +00:00
ishell
b74cfe4a8f LayoutDescriptorHelper is now able to calculate the length of contiguous regions of tagged/non-tagged fields.
This functionality is now used by both object visitor and store buffer.

TEST=cctest/test-unboxed-doubles

Review URL: https://codereview.chromium.org/726713003

Cr-Commit-Position: refs/heads/master@{#25816}
2014-12-15 12:13:21 +00:00
hpayer
286748c97b Revert of Call DisableInlineAllocation() in heap setup when flag inline_new is off. (patchset #1 id:1 of https://codereview.chromium.org/790353006/)
Reason for revert:
Fix Windows nosnap.

Original issue's description:
> Call DisableInlineAllocation() in heap setup when flag inline_new is off.
>
> BUG=

TBR=ulan@chromium.org,mstarzinger@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/794053003

Cr-Commit-Position: refs/heads/master@{#25815}
2014-12-15 11:39:27 +00:00
bmeurer
d211608a3e [turbofan] Remove the no-context hack for JSToNumber.
The ToNumberStub is now able to handle all plain primitives (Numbers,
Booleans, Null, Undefined and Strings) without context access.

TEST=cctest,mjsunit,unittests

Review URL: https://codereview.chromium.org/801333002

Cr-Commit-Position: refs/heads/master@{#25814}
2014-12-15 11:14:16 +00:00
hpayer
3c30f6e1f6 Call DisableInlineAllocation() in heap setup when flag inline_new is off.
BUG=

Review URL: https://codereview.chromium.org/790353006

Cr-Commit-Position: refs/heads/master@{#25813}
2014-12-15 11:13:05 +00:00
Benedikt Meurer
6e7ceee4d0 [turbofan] Correctify TruncateFloat64ToInt32 reduction in MachineOperatorReducer.
TEST=unittests
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/801263002

Cr-Commit-Position: refs/heads/master@{#25812}
2014-12-15 07:46:21 +00:00
Benedikt Meurer
c0bd56a510 [turbofan] Remove obsolete contains_js_nodes_ field.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/806653003

Cr-Commit-Position: refs/heads/master@{#25811}
2014-12-15 07:37:38 +00:00
adamk
4fb4d75db6 Use C++11 nullptr in Hydrogen to replace static_cast<HValue*>(NULL)
Review URL: https://codereview.chromium.org/805523002

Cr-Commit-Position: refs/heads/master@{#25810}
2014-12-15 04:33:15 +00:00
mathiasb
b24f04d4c3 Make RegExp.prototype.flags getter configurable
TEST=mjsunit/harmony
BUG=v8:3751
LOG=N

Review URL: https://codereview.chromium.org/788053003

Cr-Commit-Position: refs/heads/master@{#25809}
2014-12-13 22:36:29 +00:00
caitpotter88
48054170e9 Implement ES6 @@isConcatSpreadable / Array.prototype.concat
Add support for Symbol.isConcatSpreadable in Array.prototype.concat. This enables spreading non-Array objects with the symbol.

LOG=N
R=dslomov@chromium.org
BUG=

Review URL: https://codereview.chromium.org/771483002

Cr-Commit-Position: refs/heads/master@{#25808}
2014-12-12 18:38:48 +00:00
danno
10b38df268 [turbofan]: Fix x64 regression during ia32 lea port
Review URL: https://codereview.chromium.org/795353008

Cr-Commit-Position: refs/heads/master@{#25807}
2014-12-12 18:17:01 +00:00
adamk
a32291fa1f Stop sending Object.observe notifications for API accessor properties
Such properties never notified prior to r21558, but the combination of
that change and r23163 led to sending notifications when they were
set via Object.defineProperty (but not when set via other means).

This also allows some cleanup in v8natives.js and objects.cc,
both of which were doing unnecessary contortions to produce the right
change records.

BUG=v8:3745
LOG=n

Review URL: https://codereview.chromium.org/791243002

Cr-Commit-Position: refs/heads/master@{#25806}
2014-12-12 18:15:52 +00:00
rmcilroy
6fb69a2136 Fix OS::GetCurrentThreadId to work when building Android on Mac.
The Mac version of GetCurrentThreadId should be used when building the host
build of V8 on Android for Mac.

Review URL: https://codereview.chromium.org/799943003

Cr-Commit-Position: refs/heads/master@{#25805}
2014-12-12 17:56:58 +00:00
Daniel Vogelheim
14bb1812b1 Whitespace change to trigger bots.
BUG=

Review URL: https://codereview.chromium.org/804543002

Cr-Commit-Position: refs/heads/master@{#25804}
2014-12-12 17:33:40 +00:00
ishell
b1b5d7e2f4 StoreMode enum values renamed.
FORCE_FIELD -> FORCE_IN_OBJECT,
ALLOW_AS_CONSTANT -> ALLOW_IN_DESCRIPTOR.

Review URL: https://codereview.chromium.org/799723003

Cr-Commit-Position: refs/heads/master@{#25803}
2014-12-12 15:36:10 +00:00
ishell
ac9c9fc5ca Using PropertyKind in transitions instead of PropertyType.
Review URL: https://codereview.chromium.org/801813002

Cr-Commit-Position: refs/heads/master@{#25802}
2014-12-12 15:27:50 +00:00
dcarney
9d51f8f540 Revert of revert r25736 (patchset #2 id:20001 of https://codereview.chromium.org/803493002/)
Reason for revert:
performance bots were unchanged by the original revert

Original issue's description:
> revert r25736
>
> R=bmeurer@chromium.org
>
> BUG=

TBR=bmeurer@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/787183003

Cr-Commit-Position: refs/heads/master@{#25801}
2014-12-12 14:26:14 +00:00
Michael Stanton
22302b5179 Hydrogen code stubs for vector-based ICs.
This patch finally allows running and passing tests with vector-based
Load and KeyedLoad ICs.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/767743002

Cr-Commit-Position: refs/heads/master@{#25800}
2014-12-12 13:56:35 +00:00
v8-autoroll
c39eae9aac Update V8 DEPS.
Rolling v8/buildtools to 4995faa4a7ad968f1fa1917c26edd5cea295582f

Rolling v8/tools/clang to 3569efa494f668b68bd13835ab4f197f6a51b84a

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/801783003

Cr-Commit-Position: refs/heads/master@{#25799}
2014-12-12 13:18:20 +00:00
ishell
9134c7a629 PropertyType is divided into PropertyKind and PropertyStoreMode.
Review URL: https://codereview.chromium.org/786193004

Cr-Commit-Position: refs/heads/master@{#25798}
2014-12-12 13:06:08 +00:00
ishell
c535ec698c Map and Descriptor printing enhanced a bit.
Review URL: https://codereview.chromium.org/801783002

Cr-Commit-Position: refs/heads/master@{#25797}
2014-12-12 12:40:06 +00:00
svenpanne
7c42ae3e47 Fixed an ordering issue found by UBSan_vptr.
We managed to access the scope_ member of CompilationInfo before its
containing object was actually constructed.

Rule of thumb: When constructing an object, never ever pass around
pointers to members which come later in the member initializer list,
you simply can't see locally if this might cause trouble or not.

Review URL: https://codereview.chromium.org/796363002

Cr-Commit-Position: refs/heads/master@{#25796}
2014-12-12 12:36:15 +00:00
dcarney
eb41d0cfc1 revert r25736
R=bmeurer@chromium.org

BUG=

Review URL: https://codereview.chromium.org/803493002

Cr-Commit-Position: refs/heads/master@{#25795}
2014-12-12 12:03:30 +00:00
dcarney
3595176565 [turbofan] improve register allocator testing framework
R=bmeurer@chromium.org

BUG=

Review URL: https://codereview.chromium.org/800493002

Cr-Commit-Position: refs/heads/master@{#25794}
2014-12-12 11:15:26 +00:00