Rolling v8/build/gyp to 70ee80e82bacf2d7816a56f792bb33587b04c338
Rolling v8/tools/clang to 247bb6833987bc73051243230a1f3c949a9c9b92
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1509093002
Cr-Commit-Position: refs/heads/master@{#32672}
The Promise::Chain logic is moved to a helper function to avoid
a violation of deprecated function usage.
R=rossberg,jochen
BUG=v8:3237
LOG=Y
Review URL: https://codereview.chromium.org/1477023002
Cr-Commit-Position: refs/heads/master@{#32670}
ECMAScript dates act as if the Gregorian changeover happened at the
beginning of time. This patch fixes up internationalized date
formatting to set that changeover properly, as opposed to the ICU
default which is in the 16th century.
BUG=chromium:537382
R=adamk,cira
LOG=Y
Review URL: https://codereview.chromium.org/1501113002
Cr-Commit-Position: refs/heads/master@{#32669}
Fix some minor issues that the linter is complaining about
R=jochen
Review URL: https://codereview.chromium.org/1507823002
Cr-Commit-Position: refs/heads/master@{#32667}
Deoptimization expects the context and function marker on the stack.
To let the register allocator control spilling of the live ranges
corresponding to these 2 operands, we need their use to be represented
accurately.
BUG= v8:4533
LOG=N
Review URL: https://codereview.chromium.org/1506903002
Cr-Commit-Position: refs/heads/master@{#32666}
Port 95844d94f3
Original commit message:
The new operator provides a second output which indicates whether the
conversion from float64 to int64 was successful or not. The second
output returns 0 if the conversion fails. If the conversion succeeds,
then the second output is differs from 0.
The second output can be ignored, which means that the operator can be
used the same way as the original operator.
I implemented the new operator on x64 and arm64. @v8-mips-ports and
@v8-ppc-ports, can you please take care of the mips64 and ppc64
implementation of the second output?
BUG=
TEST=cctest/test-run-machops/RunTryTruncateFloat64ToInt64WithCheck
Review URL: https://codereview.chromium.org/1503173002
Cr-Commit-Position: refs/heads/master@{#32664}
Error still to be done, since that's not yet available in the bootstrapper.
BUG=v8:3900, v8:3931, v8:1543, v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1499923002
Cr-Commit-Position: refs/heads/master@{#32662}
Fixes code size multiplier of Arm64 based on generated code size of Octane.
Review URL: https://codereview.chromium.org/1504023002
Cr-Commit-Position: refs/heads/master@{#32661}
This adds a runtime flag that controls whether the WASM object is
exposed to JavaScript. While currently guarded by the V8_WASM build-time
flag, after landing in V8 the build-time flag will be removed, leaving
only this new runtime flag.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1507623002
Cr-Commit-Position: refs/heads/master@{#32657}
This patch improves escape analysis and fixes bugs
triggered by clusterfuzz. Impovements include:
* Handling of LoadElement/StoreElement if index is a
constant
* Handling of JSStoreProperty: invalidate all information,
as the store could have altered any field.
* Treat phis that use an allocation as escaping
* Improve resolution of replacements
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1499143002
Cr-Commit-Position: refs/heads/master@{#32656}
This makes the strong link from optimized code to code objects for all
inlined functions explicit. It adds direct references to code objects
into deoptimization data as literals. Note that this is not necessarily
the code that will be deoptimized to, because the code on the shared
function info might be replaced by other components (e.g. debugger).
Those replacement code objects however are all non-flushable, marking
explicit strong links for reachability unnecessary.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1490233009
Cr-Commit-Position: refs/heads/master@{#32654}
The new operator provides a second output which indicates whether the
conversion from float64 to int64 was successful or not. The second
output returns 0 if the conversion fails. If the conversion succeeds,
then the second output is differs from 0.
The second output can be ignored, which means that the operator can be
used the same way as the original operator.
I implemented the new operator on x64 and arm64. @v8-mips-ports and
@v8-ppc-ports, can you please take care of the mips64 and ppc64
implementation of the second output?
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1495213003
Cr-Commit-Position: refs/heads/master@{#32653}
The JSInliningHeuristic keeps a list of nodes, which might have been
killed by other reducers before the JSInliningHeuristic looks at it
again, so it has to check whether nodes are dead before trying to
expand them later (this is similar to what the ValueNumberingReducer
needs to do with its internal table).
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1508643002
Cr-Commit-Position: refs/heads/master@{#32652}
- Add JSReceiver::SetIntegrityLevel, with a fast path for regular objects.
- Make Object.{freeze,seal} call this via %Object{Freeze,Seal}, thus no longer
using broken or deprecated functions from v8natives.js.
- Add JSReceiver::OwnPropertyKeys convenience function.
- Reenable harmony/proxies-hash.js test.
R=rossberg
BUG=v8:1543
LOG=N
Review URL: https://codereview.chromium.org/1489423002
Cr-Commit-Position: refs/heads/master@{#32651}
port 086d459847 (r32644)
original commit message:
The backing store is only held alive indirectly via the array buffer
referenced by the holder (typed array), so it's not enough to keep the
elements alive (or even just the external pointer loaded from the
elements).
BUG=
Review URL: https://codereview.chromium.org/1503943002
Cr-Commit-Position: refs/heads/master@{#32648}
This makes the implementations of MacroAssembler::InvokeBuiltin go
through the InvokeFunctionCode helper on all architectures. This helper
knows how to correctly set up all registers (i.e. argument count and the
new target value).
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1488303008
Cr-Commit-Position: refs/heads/master@{#32646}
port 0ed0878041 (r32642)
original commit message:
There's no reason to limit the CompareIC to (known) JSObject instances,
as all JSReceivers behave the same wrt. abstract and strict equality.
So remove this historical limitation and track JSReceivers instead.
BUG=
Review URL: https://codereview.chromium.org/1501373003
Cr-Commit-Position: refs/heads/master@{#32645}
The backing store is only held alive indirectly via the array buffer
referenced by the holder (typed array), so it's not enough to keep the
elements alive (or even just the external pointer loaded from the
elements).
R=mstarzinger@chromium.org,bmeurer@chromium.org
LOG=n
BUG=v8:1827
Review URL: https://codereview.chromium.org/1493983004
Cr-Commit-Position: refs/heads/master@{#32644}
There's no reason to limit the CompareIC to (known) JSObject instances,
as all JSReceivers behave the same wrt. abstract and strict equality.
So remove this historical limitation and track JSReceivers instead.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1502963002
Cr-Commit-Position: refs/heads/master@{#32642}
There's no benefit in embedding the context as a constant for direct
calls. In fact it seems to be cheaper both size and execution wise to
just always load the context from the target.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1506763002
Cr-Commit-Position: refs/heads/master@{#32640}
The test expectations should fail consistently in both release and debug
builds. DCHECK is only meant for debug-only checks in production code.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1506753002
Cr-Commit-Position: refs/heads/master@{#32639}
port e89e08ca14 (r32599)
original commit message:
Reason for revert:
Seems to be (mostly) responsible for the most recent Speedometer regression, not 100% sure. Let's see what the bots have to say.
Original issue's description:
> Provide call counts for constructor calls, surface them as a vector IC.
>
> CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that ther
>
> BUG=
>
> Committed: https://crrev.com/66d5a9df62da458a51e8c7ed1811dc9660f4f418
> Cr-Commit-Position: refs/heads/master@{#32452}
additional description:
Revert "X87: Provide call counts for constructor calls, surface them as a vector IC." as r32599 does
This reverts commit 54a9d349db.
BUG=
Review URL: https://codereview.chromium.org/1506723002
Cr-Commit-Position: refs/heads/master@{#32638}
port eaa0e59611 (r32550)
original commit message:
This drops the specific slot containing the new.target value from our
construct stub frames. This side-channel has been deprecated and will
no longer be accessed by any consumers.
BUG=
Review URL: https://codereview.chromium.org/1504703002
Cr-Commit-Position: refs/heads/master@{#32636}
port 440a42b741 (r32548)
original commit message:
This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that this marks the last
consumer of said side-channel and the special slot in the construct
stub frame can be removed as a follow-up.
BUG=
Review URL: https://codereview.chromium.org/1503923002
Cr-Commit-Position: refs/heads/master@{#32635}
port 0e95683376 (r32549)
original commit message:
Whenever the InstanceOfStub finds a proxy (either passed as object or
somewhere on the prototype chain), it should bailout to the
%HasInPrototypeChain runtime function, which will do the right thing
(soonish).
BUG=
Review URL: https://codereview.chromium.org/1508553002
Cr-Commit-Position: refs/heads/master@{#32634}
port 5d38d6819c (r32547)
original commit message:
It didn't support subclassing case at all and in non-subclassing case the runtime
allocation didn't do the slack tracking step.
BUG=
Review URL: https://codereview.chromium.org/1506713002
Cr-Commit-Position: refs/heads/master@{#32633}
Reason for revert:
[Sheriff] Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3266
Please request rebase upstream first.
Original issue's description:
> Clean up promises and fix an edge case bug
>
> This patch builds on previous Promise spec compliance work by
> cleaning out some old code which existed to support
> Promise.prototype.chain, rephrasing some code to correspond more
> closely to the specification, and removing some incorrect brand
> checking. A test is added for a bug in an edge case which was fixed.
>
> R=rossberg
> BUG=v8:3641
> LOG=Y
>
> Committed: https://crrev.com/1deb89c8fd3cb69714ae0a24e3b5a4e78f6b73b4
> Cr-Commit-Position: refs/heads/master@{#32627}
TBR=rossberg@chromium.org,caitpotter88@gmail.com,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3641
Review URL: https://codereview.chromium.org/1501763004
Cr-Commit-Position: refs/heads/master@{#32629}
This patch builds on previous Promise spec compliance work by
cleaning out some old code which existed to support
Promise.prototype.chain, rephrasing some code to correspond more
closely to the specification, and removing some incorrect brand
checking. A test is added for a bug in an edge case which was fixed.
R=rossberg
BUG=v8:3641
LOG=Y
Review URL: https://codereview.chromium.org/1488783002
Cr-Commit-Position: refs/heads/master@{#32627}