Commit Graph

5484 Commits

Author SHA1 Message Date
adamk@chromium.org
3308cb5857 ES6: Add support for Map/Set forEach
This implements MapIterator and SetIterator which matches
the same constructs in the ES6 spec. However, these 2
iterators are not exposed to user code yet. They are only
used internally to implement Map.prototype.forEach and
Set.prototype.forEach.

Each iterator has a reference to the OrderedHashTable where
it directly accesses the hash table's entries.

The OrderedHashTable has a reference to the newest iterator
and each iterator has a reference to the next and previous
iterator, effectively creating a double linked list.

When the OrderedHashTable is mutated (or replaced) all the
iterators are updated.

When the iterator iterates passed the end of the data table
it closes itself. Closed iterators no longer have a
reference to the OrderedHashTable and they are removed from
the double linked list. In the case of Map/Set forEach, we
manually call Close on the iterator in case an exception was
thrown so that the iterator never reached the end.

At this point the OrderedHashTable keeps all the non finished
iterators alive but since the only thing we currently expose
is forEach there are no unfinished iterators outside a forEach
call. Once we expose the iterators to user code we will need
to make the references from the OrderedHashTable to the
iterators weak and have some mechanism to close an iterator
when it is garbage collected.

BUG=1793, 2323
LOG=Y
R=adamk@chromium.org
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/238063009

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 17:45:32 +00:00
mstarzinger@chromium.org
1213ecb50b Make Heap::AllocateRaw*String private.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/241023002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 14:58:03 +00:00
mvstanton@chromium.org
9ce1c5144a Serializer enable/disable flags need thread safety.
BUG=
R=hpayer@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/240193002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 14:45:06 +00:00
jarin@chromium.org
3277f2b90b Bump up the boot-up memory limit.
... to compansate for the extre memory consumed by r20840
("Select function map based on prototype and shared function info.")

R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/239513015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 13:58:51 +00:00
mstarzinger@chromium.org
1def20d5ef Make Heap::AllocateRaw private.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/238443016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 13:53:06 +00:00
ishell@chromium.org
313844d842 Heap::AllocateStringFromOneByte() and major part of its callers handlified.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/239243018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 13:27:02 +00:00
mstarzinger@chromium.org
1c314382c0 Extend GCMole to also cover cctest files.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/240933002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20841 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 11:57:08 +00:00
danno@chromium.org
59b3dc5812 Remove hand-written assembly ArrayPush stubs
R=mstarzinger@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/233293005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 11:37:59 +00:00
hpayer@chromium.org
39b5090f8e Grow old generation slower on low-memory devices.
BUG=
R=mstarzinger@chromium.org, rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/236063015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 11:27:45 +00:00
rossberg@chromium.org
6d475fb350 Fix handlification bug in test
R=bmeurer@chromium.org, mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/240603004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 09:30:41 +00:00
palfia@homejinni.com
ec73d3db09 Adjust memory limits.
- Introduce new constant: kBootCodeSizeMultiplier to handle the code size differences across the platforms.

- Increase memory limits due to larger code size on MIPS.

BUG=
R=danno@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/234153002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20825 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 21:57:48 +00:00
adamk@chromium.org
91618cf1e9 Revert "ES6: Add support for Map/Set forEach"
This reverts https://code.google.com/p/v8/source/detail?r=20823

It broke Windows builds. Will need to find a Windows try bot to figure
out why.

TBR=mstarzinger@chromium.org,arv@chromium.org

Review URL: https://codereview.chromium.org/238973011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 21:19:25 +00:00
adamk@chromium.org
7c300d1f83 ES6: Add support for Map/Set forEach
This implements MapIterator and SetIterator which matches
the same constructs in the ES6 spec. However, these 2
iterators are not exposed to user code yet. They are only
used internally to implement Map.prototype.forEach and
Set.prototype.forEach.

Each iterator has a reference to the OrderedHashTable where
it directly accesses the hash table's entries.

The OrderedHashTable has a reference to the newest iterator
and each iterator has a reference to the next and previous
iterator, effectively creating a double linked list.

When the OrderedHashTable is mutated (or replaced) all the
iterators are updated.

When the iterator iterates passed the end of the data table
it closes itself. Closed iterators no longer have a
reference to the OrderedHashTable and they are removed from
the double linked list. In the case of Map/Set forEach, we
manually call Close on the iterator in case an exception was
thrown so that the iterator never reached the end.

At this point the OrderedHashTable keeps all the non finished
iterators alive but since the only thing we currently expose
is forEach there are no unfinished iterators outside a forEach
call. Once we expose the iterators to user code we will need
to make the references from the OrderedHashTable to the
iterators weak and have some mechanism to close an iterator
when it is garbage collected.

BUG=1793,2323
LOG=Y
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/240323003

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 21:12:27 +00:00
rossberg@chromium.org
926ec656de Implement structural function and array types
Just wanted to add two constructors to a datatype, how ugly can it get?

R=bmeurer@chromium.org, jarin@chromium.org
BUG=

Committed: https://code.google.com/p/v8/source/detail?r=20809

Committed: https://code.google.com/p/v8/source/detail?r=20815

Review URL: https://codereview.chromium.org/228263005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 16:16:37 +00:00
rossberg@chromium.org
e3e81d85bb Revert "Implement structural function and array types"
TBR=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/237963016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 15:59:39 +00:00
rossberg@chromium.org
6782d9cea3 Implement structural function and array types
Just wanted to add two constructors to a datatype, how ugly can it get?

R=bmeurer@chromium.org, jarin@chromium.org
BUG=

Committed: https://code.google.com/p/v8/source/detail?r=20809

Review URL: https://codereview.chromium.org/228263005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 15:42:22 +00:00
rossberg@chromium.org
a947aeb315 Revert "Implement structural function and array types"
TBR=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/240143003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20810 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 13:57:25 +00:00
rossberg@chromium.org
7de4c1c63f Implement structural function and array types
Just wanted to add two constructors to a datatype, how ugly can it get?

R=bmeurer@chromium.org, jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/228263005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20809 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 13:44:26 +00:00
yangguo@chromium.org
7af5597287 Reland "Move functions from handles.cc to where they belong."
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/239113009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20807 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 13:28:11 +00:00
yangguo@chromium.org
0cba01c420 Revert "Move functions from handles.cc to where they belong."
This reverts r20802 .

TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/239543010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 12:35:50 +00:00
yangguo@chromium.org
3b66957602 Move functions from handles.cc to where they belong.
R=mvstanton@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/237673014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20802 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 12:16:06 +00:00
bmeurer@chromium.org
e05b58f0b0 Improve execution time of cctest/test-types.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/239513009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 11:56:51 +00:00
yangguo@chromium.org
5e02daca21 Fix unused variable warnings.
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/238543008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 11:50:24 +00:00
bmeurer@chromium.org
42c67d5fa2 Allow merging of monomorphic accesses to tracked fields.
Also add stability dependency only on maps that can transition,
and delay adding the dependencies until we are actually using
them, either in a HLoadNamedField or an HCheckMaps.

TEST=mjsunit/field-type-tracking
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/239923004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 11:41:09 +00:00
yangguo@chromium.org
17b33fa1da Handlify code allocation.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/235153003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20795 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 11:38:56 +00:00
verwaest@chromium.org
cf26c1421a Move property addition code from JSObject to Map
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/238543005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 10:45:57 +00:00
bmeurer@chromium.org
63a477b29b Clear invalid field maps in PropertyAccessInfo.
BUG=363956
TEST=mjsunit/regress/regress-363956
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/239623005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 09:48:32 +00:00
yangguo@chromium.org
139be49fcf Remove some uses of MaybeObject methods.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/236303015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 07:26:34 +00:00
yangguo@chromium.org
9a71bc722d Remove further unhandlified call sites of number allocations.
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/239143003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20785 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 06:18:37 +00:00
adamk@chromium.org
a44e10cad6 Revert "ES6: Add support for Map/Set forEach"
This reverts commit https://code.google.com/p/v8/source/detail?r=20781.

It broke the Win32 builders.

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/239163012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 01:03:56 +00:00
adamk@chromium.org
a1af5a2a2f ES6: Add support for Map/Set forEach
This implements MapIterator and SetIterator which matches
the same constructs in the ES6 spec. However, these 2
iterators are not exposed to user code yet. They are only
used internally to implement Map.prototype.forEach and
Set.prototype.forEach.

Each iterator has a reference to the OrderedHashTable where
it directly accesses the hash table's entries.

The OrderedHashTable has a reference to the newest iterator
and each iterator has a reference to the next and previous
iterator, effectively creating a double linked list.

When the OrderedHashTable is mutated (or replaced) all the
iterators are updated.

When the iterator iterates passed the end of the data table
it closes itself. Closed iterators no longer have a
reference to the OrderedHashTable and they are removed from
the double linked list. In the case of Map/Set forEach, we
manually call Close on the iterator in case an exception was
thrown so that the iterator never reached the end.

At this point the OrderedHashTable keeps all the non finished
iterators alive but since the only thing we currently expose
is forEach there are no unfinished iterators outside a forEach
call. Once we expose the iterators to user code we will need
to make the references from the OrderedHashTable to the
iterators weak and have some mechanism to close an iterator
when it is garbage collected.

BUG=1793,2323
LOG=Y
R=adamk@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/236143002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 00:40:03 +00:00
plind44@gmail.com
5a016958c6 MIPS: Add big-endian support for MIPS.
Important notices:

- The snapshot cannot be created for big-endian target in cross-compilation
  environment on little-endian host using simulator.

- In order to have i18n support working on big-endian target, the icudt46b.dat and
  icudt46b_dat.S files should be generated and upstreamed to ICU repo.

- The mjsunit 'nans' test is endian dependent, it is skipped for mips target.

- The zlib and Mandreel from Octane 2.0 benchmark are endian dependent due to
  use of typed arrays.

TEST=
BUG=
R=jkummerow@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/228943009

Patch from Dusan Milosavljevic <Dusan.Milosavljevic@rt-rk.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 16:39:21 +00:00
mstarzinger@chromium.org
e51d6462a7 Fix bogus call to Object.hasOwnProperty in Array builtin.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-builtinbust-5

Review URL: https://codereview.chromium.org/239033002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 12:52:41 +00:00
ulan@chromium.org
a50aca97a2 Reland r20692 "Check stack limit in ArgumentAdaptorTrampoline."
BUG=353058
LOG=N
TEST=mjsunit/regress/regress-353058
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/236633006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 08:26:26 +00:00
mstarzinger@chromium.org
39137c81e6 Fix bogus Object.isSealed check in some Array builtins.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/237253002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 08:25:42 +00:00
bmeurer@chromium.org
6b4d4b7287 Reland "Track field types.".
This is an initial step towards tracking the exact types instead of just
the representations of fields. It adds support to track up to one map of
heap object field values, eliminating various map checks on values
loaded from such fields, at the cost of making stores to such fields
slightly more expensive.

Issues with transitioning stores and fast object literals in Crankshaft
fixed.

TEST=mjsunit/field-type-tracking
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/238773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 07:36:47 +00:00
rossberg@chromium.org
7b7f787e3b Re-reland "More tests for Union & Intersect"
R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/237143002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 15:35:36 +00:00
yangguo@chromium.org
01fc2ab69b Allow allocation and GC in access check callbacks.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/234913003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 14:03:20 +00:00
hpayer@chromium.org
c1435b0832 Don't run tests that rely on compaction when compaction is turned off.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/236203010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 13:52:41 +00:00
ulan@chromium.org
8b445aaa5f Fix result of LCodeGen::DoWrapReceiver for strict functions and builtins.
BUG=362128
LOG=Y
TEST=mjsunit/regress/regress-362128
R=jacob.bramley@arm.com

Review URL: https://codereview.chromium.org/226363007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:58:18 +00:00
mstarzinger@chromium.org
b280ad6c44 Try to switch Array builtins into strict mode.
R=rossberg@chromium.org
TEST=mjsunit,test262,webkit

Review URL: https://codereview.chromium.org/233083003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:24:40 +00:00
verwaest@chromium.org
de50f63f16 Clean up the public interface of Map.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/234573005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:19:37 +00:00
rossberg@chromium.org
b73257b7a3 Revert "Reland "More tests for Union & Intersect""
Need to reproduce wrong result only occurring with ASAN.

TBR=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/236873002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 09:46:56 +00:00
mvstanton@chromium.org
a9db3bc868 Some tests and simplified TransitionArray copying
Tests for verifying that we deal correctly with shrinking transition
arrays while allocating a copy of one.

Also, we can rely on a transition array only shrinking and not
disappearing during gc while copying one.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/232883003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:58:00 +00:00
rossberg@chromium.org
a3d743b470 Reland "More tests for Union & Intersect"
Fixes size approximation in Intersect. Also lowers the number of fuzzed types in test, to address time-outs.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/226523004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:46:39 +00:00
yangguo@chromium.org
7d987b3744 Allow GetScriptNameOrSourceURL to be called with exception pending.
R=jarin@chromium.org, ishell@chromium.org

Review URL: https://codereview.chromium.org/235943006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:27:00 +00:00
jarin@chromium.org
c1a3ab6b4f Revert "Track field types."
Revert r20701.

TBR=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/236843002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:24:15 +00:00
marja@chromium.org
d70f78827e Fail the compilation if the cached data is invalid.
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/234953002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 07:35:46 +00:00
bmeurer@chromium.org
9cf3909975 Track field types.
This is an initial step towards tracking the exact types instead of just the representations of fields. It adds support to track up to one map of heap object field values, eliminating various map checks on values loaded from such fields, at the cost of making stores to such fields slightly more expensive.

TEST=mjsunit/field-type-tracking
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/167303005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 06:29:15 +00:00
ulan@chromium.org
68bbdaf28d Skip mjsunit/regress/regress-353058 for ASAN and ARM until r20692 is relanded.
TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/232463005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 17:03:35 +00:00
ulan@chromium.org
4268ce0abd Check stack limit in ArgumentAdaptorTrampoline.
BUG=353058
LOG=N
TEST=mjsunit/regress/regress-353058
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/215853005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:39:19 +00:00
ulan@chromium.org
49d951d043 Do not call user defined getter of Error.stackTraceLimit.
Handlify GetNormalizedProperty.

BUG=360733
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/233243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:16:36 +00:00
yangguo@chromium.org
80a974ba00 Reland "Handlify GetProperty."
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/235083002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 12:47:34 +00:00
dcarney@chromium.org
ee9f7f8942 Revert "More tests for Union & Intersect"
This reverts r20684.

TBR=rossberg@chromium.org

BUG=

Review URL: https://codereview.chromium.org/235133002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 12:33:20 +00:00
mvstanton@chromium.org
c5eaf80707 Handlify Map::CopyDropDescriptors().
* And contain knowledge better in TransitionArray and DescriptorArray (for example WhitenessWitness is now private to DescriptorArray).
* And remove some factory methods
* And handlify some other things.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/234783002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 12:13:53 +00:00
yangguo@chromium.org
93c9717473 Revert "Handlify GetProperty."
This reverts r20682.

TBR=dcarney@chromium.org

Review URL: https://codereview.chromium.org/234893003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 11:56:54 +00:00
rossberg@chromium.org
80d8460a20 More tests for Union & Intersect
Some fixes of corner cases on the way

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/230923005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 11:53:35 +00:00
marja@chromium.org
069d783a91 Remove the PreCompile API and ScriptData.
The new compilation API (ScriptCompiler::Compile) can produce the same data, so
the separate precompilation phase is not needed. ScriptData is replaced by
ScriptCompiler::CachedData.

R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/225753004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 11:44:49 +00:00
yangguo@chromium.org
a3d68ca64d Handlify GetProperty.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/233233004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20682 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 11:26:22 +00:00
yangguo@chromium.org
380ae9810e Return MaybeHandle from Invoke.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/231883007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 10:41:09 +00:00
ulan@chromium.org
ff953ac055 Make maps in monomorphic IC stubs weak.
Maps in monomorphic Load, KeyedLoad, Store, KeyedStore, and CompareNil IC
stubs are treated as weak references by the marking visitor.

During generation of an IC stub with a weak map, the stub is appended to the
dependent code array of the map. When the map dies, all stubs in its dependent
code array are invalidated by setting embedded maps to undefined.

BUG=v8:2073
LOG=Y
TEST=cctest/test-heap/WeakMapInMonomorphic*IC
R=mstarzinger@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/188783003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 10:36:09 +00:00
yangguo@chromium.org
a640707213 Implement handlified String::Equals and Name::Equals.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/225823003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 07:27:25 +00:00
jarin@chromium.org
166ec11e43 Avoid type assertion on object comparison in Hydrogen - the comparison is unreachable because of previous checks.
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/232053004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:45:24 +00:00
svenpanne@chromium.org
b460910644 x64: Make sure that the upper half of a 64bit register contains 0 for int32 values.
BUG=360611
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/225393005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20664 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:32:06 +00:00
jarin@chromium.org
fd988331ea There is no definition for HArgumentsObject, so LDummyUse confuses the register allocator. I have recently made similar fix for HCapturedObject (see https://codereview.chromium.org/222283002/).
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/226613007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:29:51 +00:00
danno@chromium.org
2e9902b22a Partially fix semantics of Array.push()
Semantics of elements accessors are now preserved in all optimized code paths
through Array.push(). Previously it was possible to have inconsistent behavior
between optimized and unoptimized code, and there were cases where element
accessors were completely ingored.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/232873002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 13:17:48 +00:00
bmeurer@chromium.org
990b57ba1d Treat uninitialized as internal type.
TEST=cctest/test-types
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/232913002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 11:51:03 +00:00
rossberg@chromium.org
cf4eddd3f8 Yet more type system tests
R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/232843002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 11:49:18 +00:00
svenpanne@chromium.org
5bddec047d Do not use ranges after range analysis.
Due to the SSA vs. SSI difference, we are only allowed to use the
flags computed during range analysis, not the ranges themselves. For
the case at hand, there is no such flag, so the condition is simply
remvoed.

BUG=361608
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/232553004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:40:17 +00:00
ishell@chromium.org
32735ae3a9 Object::GetElements() and friends maybehandlification.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/231103002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20644 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:20:11 +00:00
bmeurer@chromium.org
c5b6e76ada Fix compiler warnings on Win64.
TEST=cctest/test-types
TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/232773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:14:46 +00:00
bmeurer@chromium.org
4620ae5cf1 Fix symmetry of Maybe() predicate. Fix bug in NowContains() predicate.
Add tests for TypeImpl::Of(), TypeImpl::NowOf() and
TypeImpl::NowContains(). Improves the implementation of
TypeImpl::NowIs() to match that of TypeImpl::NowContains().

Mark test-types with NO_VARIANTS to speedup testing, since
the variants do not affect the type system at all.

Also improve test coverage for types.

TEST=cctest/test-types
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/230673002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 08:04:50 +00:00
bmeurer@chromium.org
5a564648dd Improve reproducibility of test runs.
Add random seed to run-tests.py, using either a user supplied
value or a random number generated by random.SystemRandom().
This same random seed is passed to all test cases, making sure
that we can easily reproduce test failures that depend on
random numbers (i.e. bugs related to our handwritten ASLR).

Also fix all uses of rand() to make use of our RNG class
instead.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/231443002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 07:25:49 +00:00
mvstanton@chromium.org
41b6c8a0f1 Handlefy Descriptor and other code in objects.cc
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/228333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 14:26:32 +00:00
machenbach@chromium.org
1b841f369d Fix test expectations for nosnap windows.
BUG=v8:3216
LOG=n
TBR=dcarney@chromium.org

Review URL: https://codereview.chromium.org/230913002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 14:01:03 +00:00
jarin@chromium.org
008a70c47b Revert "Make new space iterable when transitioning double array to objects"
This reverts r20603.

BUG=

Review URL: https://codereview.chromium.org/230863003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:39:03 +00:00
ishell@chromium.org
74e7a4ad07 ElementsAccessor::SetLength() maybehandlified.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/229943006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20621 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:16:19 +00:00
jarin@chromium.org
57d70c149c Avoid hydrogen compare-objects-equal assertions in dead code
ClusterFuzz test is triggering assertions for dead code. This fix issues
HDeoptimize instruction when it finds out that the compare instruction
is dead (because of previous checks).

R=yangguo@chromium.org
BUG=359491
LOG=N

Review URL: https://codereview.chromium.org/228883005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:08:28 +00:00
machenbach@chromium.org
3d427b5599 Skip tests in nosnap mode.
Depends on https://codereview.chromium.org/230743002/.

BUG=v8:3216
LOG=n
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/230583003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:01:54 +00:00
jochen@chromium.org
dc4ba08d17 Allow the embedder to pass the virtual memory limit to v8
The getrlimit() call might be sandboxed, so it's not safe to use it.

BUG=none
R=mstarzinger@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/228923002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:45:56 +00:00
yangguo@chromium.org
4df132a878 Fix argument expectation Runtime_StringParseInt.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/230693002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:33:51 +00:00
yangguo@chromium.org
aee76a059a Remove calls to non-handlified version of GetProperty(name).
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/229973004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:21:47 +00:00
bmeurer@chromium.org
a0ac88db82 Fix various bugs in the type systems, and improve test coverage.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/230463003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 11:12:15 +00:00
jarin@chromium.org
69d5b3c155 Make new space iterable when transitioning double array to objects
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/228643002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 09:50:08 +00:00
mstarzinger@chromium.org
e3aec7a587 Fix return value of push() and unshift() on Array.prototype.
R=ulan@chromium.org
TEST=mjsunit/regress/regress-builtinbust-3

Review URL: https://codereview.chromium.org/230453002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 09:14:56 +00:00
hpayer@chromium.org
c85cc472e7 Introduced Atomic8 and added no-barrier Atomic8 accessors.
BUG=
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/228613005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20598 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 08:20:10 +00:00
jarin@chromium.org
05670b63bf Add stack overflow check for inlined property getter
We should check for overflow for each inlined property getter;
otherwise, we can get an overflow from inlining property getter while
still having pending overflow exception from some previous inlined
getter (in the same polymorphic access).

R=verwaest@chromium.org
TEST=test/mjsunit/regress/regress-inline-getter-near-stack-limit.js

Review URL: https://codereview.chromium.org/220813003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 07:35:12 +00:00
adamk@chromium.org
902ad4a17a Use OrderedHashTables as the backing store of JSSet and JSMap
This also deletes ObjectHashSet as it's no longer used.

BUG=v8:1793
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/225183009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 20:06:35 +00:00
rossberg@chromium.org
91dec1adfe Shut up Windows and ASAN
TBR=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/226883003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 11:13:26 +00:00
rossberg@chromium.org
19f924a2ae Reland "Refactoring to allow adding new structured types"
Same as before, except that it's now using a void array instead of a struct, to shut up Clang warnings.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/224733023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 10:50:56 +00:00
yangguo@chromium.org
ed9f1af2fc Implement handlified String::Flatten.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/228093004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 09:49:49 +00:00
yangguo@chromium.org
3726ba90a7 Change exception type to Object.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/227163008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 09:44:24 +00:00
bmeurer@chromium.org
48e0d81205 Fix invalid local property lookup for transitions.
BUG=361025
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/224903023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 09:36:04 +00:00
yangguo@chromium.org
23dbc85bd7 Fix more MUST_USE_RESULT warnings.
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/228233002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20563 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 07:54:27 +00:00
dcarney@chromium.org
1d138ecdd5 Revert "Refactoring to allow adding new structured types"
This reverts commit r20538 for breaking gcmole.

TBR=rossberg@chromium.org

BUG=

Review URL: https://codereview.chromium.org/228223002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 07:48:47 +00:00
yangguo@chromium.org
9ed8c39cac Return MaybeHandle from SetElement and DeleteElement.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/227573002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 07:04:13 +00:00
hpayer@chromium.org
7f54e1999c Remove gc greedy mode.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/227553005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 14:22:32 +00:00
alexandre.rames@arm.com
622ddd3495 ARM64: Introduce a version of ADR handling distant targets.
This fixes an out-of-range label error for an ADR instruction in the
mozilla/data/js1_5/Regress/regress-280769-2.js test.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/222433002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 12:33:03 +00:00
rossberg@chromium.org
32f295314c Refactoring to allow adding new structured types
Also, simplfy representation of zone types, using a simple struct.

R=bmeurer@chromium.org
BUG=
LOG=N

Review URL: https://codereview.chromium.org/225923002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 11:00:41 +00:00
dcarney@chromium.org
1b31d2b34a Skip a bunch of new failing nacl tests
R=machenbach@chromium.org

BUG=

Review URL: https://codereview.chromium.org/227133006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 10:44:48 +00:00