Commit Graph

32327 Commits

Author SHA1 Message Date
ishell
3fbb45216d [runtime] Better encapsulation of dictionary objects handling in lookup iterator.
Now LookupIterator follows the same pattern of prepare transition, apply transition
and write value when adding new properties to dictionary objects.

JSGlobalObject case:
* Prepare transition phase ensures that there is a "transition" property cell
  prepared for receiving a value.
* Apply transition phase does nothing.
* Prepare for data property phase ensures that the existing property cell can
  receive the value.
* Write value phase writes value directly to the current property cell.

JSObject case:
* Prepare transition phase prepares the object for receiving a data value (which
  could switch an object to dictionary mode).
* Apply transition phase migrates object to a transition map. If the map happened
  to be a dictionary mode object's map then an uninitialized entry added to the
  properties dictionary.
* Prepare for data property phase does nothing.
* Write value phase just puts value to the properties dictionary.

BUG=chromium:576312

Review-Url: https://codereview.chromium.org/2127583002
Cr-Commit-Position: refs/heads/master@{#37585}
2016-07-07 12:35:06 +00:00
mstarzinger
07612e0d35 [test] Remove obsolete mjsunit/call-counts test.
R=mvstanton@chromium.org
BUG=v8:4458

Review-Url: https://codereview.chromium.org/2129903002
Cr-Commit-Position: refs/heads/master@{#37584}
2016-07-07 12:04:11 +00:00
mstarzinger
bae7870c41 [turbofan] Re-enable tests that are not longer too slow.
R=mvstanton@chromium.org

Review-Url: https://codereview.chromium.org/2132503002
Cr-Commit-Position: refs/heads/master@{#37583}
2016-07-07 11:30:15 +00:00
verwaest
a5020673cc Devirtualize AssignFeedbackVectorSlots
In AstNumberingVisitor we always know what node we're dealing with, so there's no reason for this method to be virtual. This additionally deletes 3 calls to AssignFeedbackVectorSlots that would always end up in the empty version.

BUG=

Review-Url: https://codereview.chromium.org/2128613003
Cr-Commit-Position: refs/heads/master@{#37582}
2016-07-07 11:26:56 +00:00
ulan
6bf6ab79e3 Move compile and parse trace events to a separate category.
For motivation see the bug.

BUG=625865
LOG=NO

Review-Url: https://codereview.chromium.org/2121273002
Cr-Commit-Position: refs/heads/master@{#37581}
2016-07-07 11:20:38 +00:00
machenbach
73f154ba60 [gn] Switch gcc bots to gn
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2124263002
Cr-Commit-Position: refs/heads/master@{#37580}
2016-07-07 11:17:19 +00:00
machenbach
59f2f3d836 [gn] Switch linux bots on beta/stable to gn
BUG=chromium:474921
NOTRY=true
TBR=vogelheim@chromium.org, jochen@chromium.org

Review-Url: https://codereview.chromium.org/2130723002
Cr-Commit-Position: refs/heads/master@{#37579}
2016-07-07 11:04:49 +00:00
ulan
72a2e68694 Add trace event to V8 compiler API.
BUG=chromium:626256
LOG=NO

Review-Url: https://codereview.chromium.org/2126193002
Cr-Commit-Position: refs/heads/master@{#37578}
2016-07-07 10:31:05 +00:00
jkummerow
b36237b8a3 [ForIn] Fix HasEnumerableProperty for Proxies with null prototype
BUG=v8:5181

Review-Url: https://codereview.chromium.org/2129563002
Cr-Commit-Position: refs/heads/master@{#37577}
2016-07-07 10:12:06 +00:00
mstarzinger
8acc97e2e1 [runtime] Specifically handle robust RUNTIME_ASSERTs.
This changes the last few remaining RUNTIME_ASSERT calls that need to be
intentionally robust because fuzzers or other callers can invoke the
runtime functions in question with unsafe arguments.

R=yangguo@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2122173003
Cr-Commit-Position: refs/heads/master@{#37576}
2016-07-07 09:40:47 +00:00
machenbach
207fd4b9cd [gn] Fix sysroot usage with gcc
BUG=chromium:474921
TBR=jochen@chromium.org, vogelheim@chromium.org,
NOTRY=true

Review-Url: https://codereview.chromium.org/2124003003
Cr-Commit-Position: refs/heads/master@{#37575}
2016-07-07 09:27:44 +00:00
machenbach
03453d10be [gn] Fix config for using clang
Needed for https://codereview.chromium.org/2124263002/

BUG=chromium:474921
TBR=jochen@chromium.org, vogelheim@chromium.org,
NOTRY=true

Review-Url: https://codereview.chromium.org/2125703005
Cr-Commit-Position: refs/heads/master@{#37574}
2016-07-07 09:04:54 +00:00
machenbach
9a581f602e [cq] Add temporary gyp bot to CQ experiment
BUG=chromium:474921
NOTRY=true
TBR=vogelheim@chromium.org, jochen@chromium.org

Review-Url: https://codereview.chromium.org/2129853002
Cr-Commit-Position: refs/heads/master@{#37573}
2016-07-07 08:52:00 +00:00
verwaest
b3f827c8e4 Inline Declaration::IsInlineable into crankshaft
Those virtual methods shouldn't live on the AST since they are crankshaft specific, and can easily be checked inline.

BUG=

Review-Url: https://codereview.chromium.org/2125933004
Cr-Commit-Position: refs/heads/master@{#37572}
2016-07-07 08:29:05 +00:00
neis
d3aefe8cc3 [parser] Fix bug in for-of desugaring.
When reading the value property of an iterator result fails, we must not close the iterator.
This was not discovered earlier because the tests had a subtle bug.

This CL fixes both the desugaring and the tests.

BUG=

Review-Url: https://codereview.chromium.org/2119353002
Cr-Commit-Position: refs/heads/master@{#37571}
2016-07-07 08:16:13 +00:00
verwaest
1829eb661e Avoid Context::Enter and Context::Exit if we're reentering the active and last entered context
A bit of browsing around indicates that the new fast-path is taken most of the time:
   3496 Entering new
 152295 Reentering same

BUG=

Review-Url: https://codereview.chromium.org/2131483002
Cr-Commit-Position: refs/heads/master@{#37570}
2016-07-07 07:37:47 +00:00
neis
4a4f7175df [parser] Fix bug in destructuring binding for catch.
For variables introduced as part of a catch pattern, we used to set their
"initializer position" to the beginning of the pattern.  This lead to
full-codegen eliminating crucial hole checks when reading such variables
inside the pattern itself.

R=adamk@chromium.org, littledan@chromium.org
BUG=v8:5178

Review-Url: https://codereview.chromium.org/2123953002
Cr-Commit-Position: refs/heads/master@{#37569}
2016-07-07 07:31:16 +00:00
v8-autoroll
9d8653393a Update V8 DEPS.
Rolling v8/build to 6d9becf753310daf17f04ac4f0d8c109c364cdd2

Rolling v8/buildtools to aa47d9773d8f4d6254a587a1240b3dc023d54f06

Rolling v8/tools/gyp to bac4680ec9a5c55ab692490b6732999648ecf1e9

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2123853004
Cr-Commit-Position: refs/heads/master@{#37568}
2016-07-07 03:28:34 +00:00
bjaideep
32e843dfc6 PPC/s390: [builtins] Fix MathMaxMin on arm and arm64
Port b86ac0e05a

Original commit message:

    Both of these were broken in different ways:
    * On arm, the loop counter was passed as argc on the stack.
    * On arm64, we passed argc + 1 instead of argc.

    The result in both cases was an incorrect receiver for the builtin frame
    when generating stack traces.

R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=v8:4815
LOG=N

Review-Url: https://codereview.chromium.org/2125913004
Cr-Commit-Position: refs/heads/master@{#37567}
2016-07-07 01:29:04 +00:00
littledan
1177750a98 Revert of [esnext] ship --harmony-object-values-entries (patchset #1 id:1 of https://codereview.chromium.org/2116053003/ )
Reason for revert:
Revert to see if it addresses the performance regression observed in chromium:625956 in automated graphs

Original issue's description:
> [esnext] ship --harmony-object-values-entries
>
> BUG=v8:4663
> R=littledan@chromium.org, adamk@chromium.org
>
> Committed: https://crrev.com/ab529234853a1768642f8f6c907aaaa5ea8b19bf
> Cr-Commit-Position: refs/heads/master@{#37485}

TBR=adamk@chromium.org,caitpotter88@gmail.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4663

Review-Url: https://codereview.chromium.org/2129533004
Cr-Commit-Position: refs/heads/master@{#37566}
2016-07-06 23:09:42 +00:00
franzih
efcd385ddf [builtins] Migrate ArrayBufferPrototypeByteLength to C++.
Working on eliminating the use of ClassOf(). This function was checking IS_ARRAYBUFFER.

BUG=

Review-Url: https://codereview.chromium.org/2126603003
Cr-Commit-Position: refs/heads/master@{#37565}
2016-07-06 19:25:28 +00:00
lpy
3172f6a9ce Expose TickSample and its APIs in v8-profiler.h
We want to eventually move the profiling functionality out of V8 as library,
this patch exposes TickSample and its APIs in v8-profiler.h so that when
embedders use library, they can have more details.

Minor change: Rename tick-sample.[h|cc] to simulator-helper.[h|cc].

BUG=v8:4789
LOG=N

Review-Url: https://codereview.chromium.org/2105943002
Cr-Commit-Position: refs/heads/master@{#37564}
2016-07-06 18:40:31 +00:00
bjaideep
96ebd75600 PPC/s390: [builtins] Add receiver to builtin exit frames
Port f59a23356b

Original commit message:

    Stack trace generation requires access to the receiver; and while the
    receiver is already on the stack, we cannot determine its position
    during stack trace generation (it's stored in argv[0], and argc is only
    stored in a callee-saved register).

    This patch grants access to the receiver by pushing argc onto builtin
    exit frames as an extra argument. Compared to simply pushing the
    receiver, this requires an additional dereference during stack trace
    generation, but one fewer during builtin calls.

R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=v8:4815
LOG=N

Review-Url: https://codereview.chromium.org/2129643002
Cr-Commit-Position: refs/heads/master@{#37563}
2016-07-06 18:07:54 +00:00
bjaideep
5b823bfc6e PPC: [fullcode][mips][mips64][ppc][s390] Avoid trashing of a home object when doing a keyed store to a super.
Port 43aee0331d

    Fixed minor typo in ppc file.

R=ishell@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=chromium:625590
LOG=N

Review-Url: https://codereview.chromium.org/2125933002
Cr-Commit-Position: refs/heads/master@{#37562}
2016-07-06 17:58:23 +00:00
bjaideep
433572b8e0 PPC/s390: [turbofan]: Support using push instructions for setting up tail call parameters
Port bd0d9e7d87

Original commit message:

    This optimizes the passing of stack parameters in function calls.

    For some architectures (ia32/x64), using pushes when possible instead
    of bumping the stack and then storing parameters generates much
    smaller code, and in some cases is faster (e.g. when a push of a memory
    location can implement a memory-to-memory copy and thus elide an
    intermediate load. On others (e.g. ARM), the benefit is smaller, where
    it's only possible to elide direct stack pointer adjustment in certain cases
    or combine multiple register stores into a single instruction in other limited
    situations. On yet other platforms (ARM64, MIPS), there are no push instructions,
    and this optimization isn't used at all.

    Ideally, this mechanism would be used for both tail calls and normal calls,
    but "normal" calls are currently pretty efficient, and tail calls are very
    inefficient, so this CL sets the bar low for building a new mechanism to
    handle parameter pushing that only needs to raise the bar on tail calls for now.

    The key aspect of this change is that adjustment to the stack pointer
    for tail calls (and perhaps later real calls) is an explicit step separate from
    instruction selection and gap resolution, but aware of both, making it possible
    to safely recognize gap moves that are actually pushes.

R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2123983002
Cr-Commit-Position: refs/heads/master@{#37561}
2016-07-06 17:21:03 +00:00
machenbach
a53bf2264d [gn] Add bots for gyp support
Add temporary bots that continuously test with gyp until its
deprecation.

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2123173002
Cr-Commit-Position: refs/heads/master@{#37560}
2016-07-06 15:29:47 +00:00
mvstanton
a80164ec43 [TurboFan] Improve Array constructor optimization
And in so doing, enable a handful of excluded tests.

BUG=

Review-Url: https://codereview.chromium.org/2127713003
Cr-Commit-Position: refs/heads/master@{#37559}
2016-07-06 15:17:10 +00:00
machenbach
d3413fa2da Reland of [gn] Switch more linux32 bots to gn (patchset #1 id:1 of https://codereview.chromium.org/2128493002/ )
Reason for revert:
Should be fixed after https://codereview.chromium.org/2123223002/

Original issue's description:
> Revert of [gn] Switch more linux32 bots to gn (patchset #3 id:40001 of https://codereview.chromium.org/2122933002/ )
>
> Reason for revert:
> Breaks test isolation on shared library bot.
>
> Original issue's description:
> > [gn] Switch more linux32 bots to gn
> >
> > This switches nosnap and shared library bots to gn.
> >
> > This also unsets external startup data if no snapshot is
> > used.
> >
> > BUG=chromium:474921
> > NOTRY=true
> >
> > Committed: https://crrev.com/ab4d8fc07d9d35e6fc129098f42aa0317a02244a
> > Cr-Commit-Position: refs/heads/master@{#37546}
>
> TBR=vogelheim@chromium.org,jochen@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:474921
>
> Committed: https://crrev.com/a5fa2984257a50ee9440914c7d1a199f64a86194
> Cr-Commit-Position: refs/heads/master@{#37548}

TBR=vogelheim@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2126843002
Cr-Commit-Position: refs/heads/master@{#37558}
2016-07-06 15:17:09 +00:00
jyan
a43764e13e [compiler] Fix AccessBuilder::ForNameHashField
HashField is a 32-bit field.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2117403002
Cr-Commit-Position: refs/heads/master@{#37557}
2016-07-06 15:10:46 +00:00
machenbach
00c51b99ed [mb] Fix shared-library bots.
Because the release_bot mixin includes the 'static' config,
the shared-library bots included both 'static' and 'shared'.

This removes the wrong 'static' config.

BUG=chromium:474921
TBR=vogelheim@chromium.org, jochen@chromium.org

Review-Url: https://codereview.chromium.org/2123243002
Cr-Commit-Position: refs/heads/master@{#37556}
2016-07-06 15:07:35 +00:00
machenbach
77fbb1c351 [swarming] Port updated version of isolate_driver.py
This version of the isolate_driver includes a feature
that automatically derives shared libraries for inclusion.

This is needed for GN as the shared library location is
different compared to gyp and having different configs
would be tedious.

This also removes the shared-library-specific configs as
they are no longer needed with the new driver.

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2123223002
Cr-Commit-Position: refs/heads/master@{#37555}
2016-07-06 14:21:12 +00:00
neis
2da571d268 [parser] Add convenient Print function for debugging.
R=rossberg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2127833002
Cr-Commit-Position: refs/heads/master@{#37554}
2016-07-06 14:14:53 +00:00
jkummerow
e0348dc783 [d8] Fix Shell::Stringify when exceptions are thrown.
BUG=v8:5105

Review-Url: https://codereview.chromium.org/2126693003
Cr-Commit-Position: refs/heads/master@{#37553}
2016-07-06 14:02:24 +00:00
jkummerow
a182588d49 Revert of Add crash instrumentation for crbug.com/621147 (patchset #1 id:1 of https://codereview.chromium.org/2114743002/ )
Reason for revert:
Bug found and fixed: crrev.com/7614362b7e619f9c6c1d2681c6de02b966782d0e

Instrumentation no longer needed.

Original issue's description:
> Add crash instrumentation for crbug.com/621147
>
> BUG=chromium:621147
> LOG=N
> R=ishell@chromium.org,cbruni@chromium.org
>
> Committed: https://crrev.com/5ff508a82299f20a0d9828cf73072a4f4772fab8
> Cr-Commit-Position: refs/heads/master@{#37328}

TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org,adamk@chromium.org
BUG=chromium:621147, chromium:624764

Review-Url: https://codereview.chromium.org/2127813002
Cr-Commit-Position: refs/heads/master@{#37552}
2016-07-06 13:31:41 +00:00
mlippautz
9f7fd3a554 [heap] Remove test running OOM on some bots
While the test was useful to reproduce the issue locally it creates a lot of
heap pressure and causes all sorts of troubles (OOM, slowness) on the bots, so
let's drop it.

R=hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2127803002
Cr-Commit-Position: refs/heads/master@{#37551}
2016-07-06 13:09:03 +00:00
danno
8ab0e99eb8 [stubs]: Convert FastNewContext stub to turbofan
BUG=608675

Review-Url: https://codereview.chromium.org/2113673002
Cr-Commit-Position: refs/heads/master@{#37550}
2016-07-06 11:49:08 +00:00
jochen
46428e45e9 Make it possible to create a v8::Function directly w/o a prototype
BUG=chromium:625823
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2123143002
Cr-Commit-Position: refs/heads/master@{#37549}
2016-07-06 11:42:04 +00:00
machenbach
a5fa298425 Revert of [gn] Switch more linux32 bots to gn (patchset #3 id:40001 of https://codereview.chromium.org/2122933002/ )
Reason for revert:
Breaks test isolation on shared library bot.

Original issue's description:
> [gn] Switch more linux32 bots to gn
>
> This switches nosnap and shared library bots to gn.
>
> This also unsets external startup data if no snapshot is
> used.
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/ab4d8fc07d9d35e6fc129098f42aa0317a02244a
> Cr-Commit-Position: refs/heads/master@{#37546}

TBR=vogelheim@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2128493002
Cr-Commit-Position: refs/heads/master@{#37548}
2016-07-06 10:16:26 +00:00
mstarzinger
1c39586a3b [runtime] Deprecate RUNTIME_ASSERT from WASM methods.
This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
methods. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.

R=titzer@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2125793002
Cr-Commit-Position: refs/heads/master@{#37547}
2016-07-06 10:06:38 +00:00
machenbach
ab4d8fc07d [gn] Switch more linux32 bots to gn
This switches nosnap and shared library bots to gn.

This also unsets external startup data if no snapshot is
used.

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2122933002
Cr-Commit-Position: refs/heads/master@{#37546}
2016-07-06 09:57:17 +00:00
mstarzinger
c4781e344c [runtime] Deprecate RUNTIME_ASSERT from debugger methods.
This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
methods. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.

R=yangguo@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2053573004
Cr-Commit-Position: refs/heads/master@{#37545}
2016-07-06 09:06:58 +00:00
neis
45a8167477 [debugger] Don't leak holes from generator arguments.
This is a quick fix for the hole leaking from generators via the debugger's frame
inspection feature: when collecting the arguments, convert each hole to undefined.
In the long term, we probably want to remember and restore the actual arguments
rather than pushing these dummy arguments on each resume.

BUG=v8:5164

Review-Url: https://codereview.chromium.org/2122923003
Cr-Commit-Position: refs/heads/master@{#37544}
2016-07-06 08:11:29 +00:00
jarin
7614362b7e [turbofan] Set elements kind to holey if constructing array of possibly non-zero length.
BUG=chromium:621147

Review-Url: https://codereview.chromium.org/2126623003
Cr-Commit-Position: refs/heads/master@{#37543}
2016-07-06 07:55:36 +00:00
machenbach
0ff1ca3f1f [gn] Remove an assert that's hard to adhere.
We don't explicitly switch off v8_use_external_startup_data
when not using a snapshot. Therefore we also shouldn't assert
this.

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2127633002
Cr-Commit-Position: refs/heads/master@{#37542}
2016-07-06 07:55:35 +00:00
yangguo
70e72549f0 Provide handle scope when printing stack trace for debugging.
It would be nice for 'jst' to work even when no handle scope has been created yet.

R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2119313002
Cr-Commit-Position: refs/heads/master@{#37541}
2016-07-06 05:55:11 +00:00
v8-autoroll
2625098976 Update V8 DEPS.
Rolling v8/build to b0d7c1e69e15dbf1c341d2fa90565f1b497c0f1d

Rolling v8/tools/clang to 5fe81a4bccaa62fa983c0d83b9024e973f293116

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2122603006
Cr-Commit-Position: refs/heads/master@{#37540}
2016-07-06 03:31:34 +00:00
bjaideep
305d42c010 PPC/s390: [builtins] Unify most of the remaining Math builtins.
Port 0a0fe8fb8b

Original commit message:

Import fdlibm versions of acos, acosh, asin and asinh, which are more
    precise and produce the same result across platforms (we were using
    libm versions for asin and acos so far, where both speed and precision
    depended on the operating system so far). Introduce appropriate TurboFan
    operators for these functions and use them both for inlining and for the
    generic builtin.

    Also migrate the Math.imul and Math.fround builtins to TurboFan builtins
    to ensure that their behavior is always exactly the same as the inlined
    TurboFan version (i.e. C++ truncation semantics for double to float
    don't necessarily meet the JavaScript semantics).

    For completeness, also migrate Math.sign, which can even get some nice
    love in TurboFan.

    Drive-by-fix: Some alpha-sorting on the Math related functions, and
    cleanup the list of Math intrinsics that we have to export via the
    native context currently.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=v8:3266,v8:3496,v8:3509,v8:3952,v8:5169,v8:5170,v8:5171,v8:5172
LOG=N

Review-Url: https://codereview.chromium.org/2125723002
Cr-Commit-Position: refs/heads/master@{#37539}
2016-07-05 18:14:22 +00:00
mlippautz
9a4132aad2 [heap] Clear slots for map space when writing zap values
Pointer updating requires the all slots to be valid. If we write zap values in
the sweeper we need to filter out invalid slots before.

BUG=chromium:625748
LOG=N
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2122963002
Cr-Commit-Position: refs/heads/master@{#37538}
2016-07-05 17:00:12 +00:00
mlippautz
da3745d8d9 Reland "[heap] Track length for array buffers to avoid free-ing dependency"
The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.

To avoid this dependency we track the length (as we previously used to).

BUG=chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org

This reverts commit 1791d7bb9a.

Review-Url: https://codereview.chromium.org/2127643002
Cr-Commit-Position: refs/heads/master@{#37537}
2016-07-05 16:32:17 +00:00
verwaest
71eabf5c80 Cleanup array constructor inlining in crankshaft
This CL removes unnecessary complexity from crankshaft, possible due to the
move of ArrayConstructor to code-stub-assembler. Making the code easier
hopefully helps us find bugs.

BUG=

Review-Url: https://codereview.chromium.org/2117383002
Cr-Commit-Position: refs/heads/master@{#37536}
2016-07-05 16:16:33 +00:00