Commit Graph

988 Commits

Author SHA1 Message Date
zhengxing.li
a8b2d9a18f X87: [runtime] Use "the hole" instead of smi 0 as sentinel for context extension.
port 9e6448813d (r32407)

  original commit message:
  This way we avoid the %_IsSmi magic that is required in TurboFan to
  (efficiently) check abitrary context slots for smi 0. Checking against
  "the hole" is common in the AstGraphBuilder and "the hole" is also used
  to mark other context slots as not initialized.

BUG=

Review URL: https://codereview.chromium.org/1486913002

Cr-Commit-Position: refs/heads/master@{#32441}
2015-12-01 06:39:05 +00:00
mstarzinger
269ff36d9f Deprecate unused RelocInfo::CONSTRUCT_CALL mode.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1483933002

Cr-Commit-Position: refs/heads/master@{#32403}
2015-11-30 12:39:34 +00:00
neis
18ee425cb4 Remove {FIRST,LAST}_SPEC_OBJECT_TYPE.
Use {FIRST,LAST}_JS_RECEIVER_TYPE instead.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1486563002

Cr-Commit-Position: refs/heads/master@{#32393}
2015-11-30 09:50:03 +00:00
zhengxing.li
4a54378e57 X87: [Proxies] Support constructable proxy as new.target (reland).
port 7ceaf72708 (r32370)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1483873002

Cr-Commit-Position: refs/heads/master@{#32388}
2015-11-30 04:39:14 +00:00
zhengxing.li
55480ba30e X87: [runtime] Replace global object link with native context link in all contexts.
port 47502a238b (r32381)

  original commit message:
  Previously all contexts had a link to the global object, but what is
  required in most cases (except for the global load, store and delete
  case) is the native context.

  This also removes the second dummy global object that was still linked
  to every native context. We will add a different mechanism to ensure
  that builtins do not pollute the actual global object during
  bootstrapping.

  Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.

BUG=

Review URL: https://codereview.chromium.org/1481353002

Cr-Commit-Position: refs/heads/master@{#32387}
2015-11-30 04:37:40 +00:00
jochen
c08e952566 Delete Assembler::FlushICacheWithoutIsolate
Requires passing an explicit Isolate* to a bunch of static Assembler
methods.

BUG=v8:2487
R=yangguo@chromium.org,jkummerow@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1474323002

Cr-Commit-Position: refs/heads/master@{#32376}
2015-11-27 13:35:52 +00:00
jochen
508f122dec Pass an isolate to RelocInfo
It needs ot to flush icaches all over the place

BUG=v8:2487
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1477343002

Cr-Commit-Position: refs/heads/master@{#32371}
2015-11-27 12:19:23 +00:00
jochen
e03cadab09 Always pass an Isolate to AssemblerBase
BUG=v8:2487
R=yangguo@chromium.org,jkummerow@chromium.org,mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1474763008

Cr-Commit-Position: refs/heads/master@{#32359}
2015-11-27 08:37:49 +00:00
zhengxing.li
69d946c6eb X87: [debugger] flood function for stepping before calling it.
port 81e131ce48 (r32339)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1474993004

Cr-Commit-Position: refs/heads/master@{#32357}
2015-11-27 04:39:53 +00:00
rossberg
199bbdb40f Create ast/ and parsing/ subdirectories and move appropriate files
Moves all files related to AST and scopes into ast/,
and all files related to scanner & parser to parsing/.

Also eliminates a couple of spurious dependencies.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1481613002

Cr-Commit-Position: refs/heads/master@{#32351}
2015-11-26 16:23:07 +00:00
jochen
b93e4d2c8b Initialize fast memmove methods in the Isolate's ctor
BUG=v8:2487
R=yangguo@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1480883002

Cr-Commit-Position: refs/heads/master@{#32344}
2015-11-26 14:40:12 +00:00
zhengxing.li
4334a81823 X87: [interpreter] Switch passing of new.target to register.
port 3d004eeab2 (r32264)

  original commit message:
  This passes the new.target value in a register instead of through a
  side-channel via the construct stub. The interpreter entry trampoline
  stores this value in a bytecode register so that it can be accessed
  directly by the interpreter. The size of the interpreter stack frame
  hence grows by one slot.

BUG=

Review URL: https://codereview.chromium.org/1475043003

Cr-Commit-Position: refs/heads/master@{#32309}
2015-11-26 03:14:58 +00:00
jochen
27001ca652 Lazily initialize fast_sqrt() and pass an Isolate parameter to it
R=jkummerow@chromium.org
BUG=v8:2487
LOG=n

Review URL: https://codereview.chromium.org/1473683004

Cr-Commit-Position: refs/heads/master@{#32287}
2015-11-25 16:37:28 +00:00
jochen
7ba6bb4e3b Pass Isolate to CodeAgingHelper
This is a preparation for requiring an isolate to construct a
CodePatcher

BUG=2487
R=epertoso@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1480573002

Cr-Commit-Position: refs/heads/master@{#32283}
2015-11-25 15:25:15 +00:00
jochen
aa9cfc8222 Make whether or not a Code object should be created by masm explicit
We always want to have an Isolate, so just use an extra ctor arg

BUG=2487
R=yangguo@chromium.org,mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1476763002

Cr-Commit-Position: refs/heads/master@{#32277}
2015-11-25 14:23:56 +00:00
titzer
9917f3375f Set the constant pool size to 0 on architectures that do not use it.
Turns out we've been putting garbage into code->constant_pool_offset
for quite some time.

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1478713002

Cr-Commit-Position: refs/heads/master@{#32269}
2015-11-25 13:10:33 +00:00
bmeurer
09b44428e4 [runtime] First step to sanitize regexp literal creation.
This is the initial step towards refactoring the regexp literation
creation code to make it less obscure and more similar to the mechanism
we use to create array and object literals.  There's now a new runtime
entry %CreateRegExpLiteral with the same interface as the entries for
array and object literals, except that we still pass the flags as
string.

Instead of embedding the hand written native to clone JSRegExp instances
we now have a FastCloneRegExpStub, which behaves similar to the other
FastCloneShallowArrayStub and FastCloneShallowObjectStub that we already
had.

R=mlippautz@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/1475823003

Cr-Commit-Position: refs/heads/master@{#32255}
2015-11-25 09:23:28 +00:00
zhengxing.li
b4375d92bd X87: Install ConstructNonConstructable as construct stub for non-constructables.
port 8e28e851ee (r32223)

    original commit message:

BUG=

Review URL: https://codereview.chromium.org/1475933002

Cr-Commit-Position: refs/heads/master@{#32252}
2015-11-25 08:37:51 +00:00
zhengxing.li
4a514c77ad X87: Reshuffle registers in JSConstructStub to avoid trashing costructor and new.target on fast path (so we don't need to push/pop them).
port 0ef5ad5ab9 (r32219)

  original commit message:
  This CL also fixed register usages in MacroAssembler::Allocate() broken by 2fc2cb99 (r32144).

BUG=

Review URL: https://codereview.chromium.org/1473763003

Cr-Commit-Position: refs/heads/master@{#32245}
2015-11-25 06:05:36 +00:00
zhengxing.li
116a248dba X87: Make fast_exp take an Isolate* paramter.
port 0fb2edd15d (r32217)

  original commit message:
  We still share the code globally, but if we wanted, it would be easy to
  make it per isolate now

BUG=

Review URL: https://codereview.chromium.org/1477683002

Cr-Commit-Position: refs/heads/master@{#32242}
2015-11-25 04:51:47 +00:00
zhengxing.li
1266842b3b X87: [turbofan] Switch passing of new.target to register.
port 7c45b00529 (r32203)

  original commit message:
  This passes the new.target value in a register instead of through a
  side-channel via the construct stub. Note that only TurboFan code uses
  the register value so far, but unoptimized code will be switched soon.

BUG=

Review URL: https://codereview.chromium.org/1477663002

Cr-Commit-Position: refs/heads/master@{#32240}
2015-11-25 04:31:44 +00:00
jochen
0fb2edd15d Make fast_exp take an Isolate* paramter
We still share the code globally, but if we wanted, it would be easy to
make it per isolate now

BUG=v8:2487
R=yangguo@chromium.org,jkummerow@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1468313004

Cr-Commit-Position: refs/heads/master@{#32217}
2015-11-24 15:34:48 +00:00
epertoso
4307e44899 Adds the possibility of setting a Code object as the callback of a FunctionTemplate.
BUG=

Review URL: https://codereview.chromium.org/1407313004

Cr-Commit-Position: refs/heads/master@{#32213}
2015-11-24 14:33:23 +00:00
zhengxing.li
4620a235bf X87: [builtins] Sanitize the machinery around Construct calls.
port 374b6ea210 (r32172)

  original commit message:
  There's no point in collecting feedback for super constructor calls,
  because in all (interesting) cases we can gather (better) feedback from
  other sources (i.e. via inlining or via using a LOAD_IC to get to the
  [[Prototype]] of the target).  So CallConstructStub is now only used
  for new Foo(...args) sites where we want to collect feedback in the
  baseline compiler.  The optimizing compilers, Reflect.construct and
  super constructor calls use the Construct builtin directly, which allows
  us to remove some weird code from the CallConstructStub (and opens the
  possibility for more code sharing with the CallICStub, maybe even going
  for a ConstructICStub).

  Also remove the 100% redundant HCallNew instruction, which is just a
  wrapper for the Construct builtin anyway (indirectly via the
  CallConstructStub).

  Drive-by-fix: Drop unused has_function_cache bit on Code objects.

BUG=

Review URL: https://codereview.chromium.org/1471193002

Cr-Commit-Position: refs/heads/master@{#32197}
2015-11-24 09:53:46 +00:00
zhengxing.li
84010cb2c7 X87: Make arguments adaptor not clobber new.target.
port c1e7c8d972 (r32171)

  original commit message:
  This ensures that the ArgumentsAdaptorTrampoline does not clobber the
  new.target value, but rather passes it through to the callee unaltered.
  Note that callees do not yet use the new.target value so far.

  This is a preparatory CL to allows us passing new.target in a register
  instead of via a side-channel through the construct stub frame.

BUG=

Review URL: https://codereview.chromium.org/1475523002

Cr-Commit-Position: refs/heads/master@{#32192}
2015-11-24 07:03:45 +00:00
zhengxing.li
a0ce839241 X87: [stubs] Change CallICStub to utilize the ConvertReceiverMode.
port d80fd48e5d (r32163)

  original commit message:
  The CallICStub has call-site specific knowledge about the receiver,
  which we did not utilize; plus the CallICStub does in some case know
  whether it is about to [[Call]] a function or potentially some other
  callable. In the common case we actually know that the target is a
  function and so we can use the CallFunction builtin directly instead
  of redispatching in the Call builtin.

BUG=

Review URL: https://codereview.chromium.org/1467123002

Cr-Commit-Position: refs/heads/master@{#32167}
2015-11-23 08:57:55 +00:00
jochen
c7aace4d43 Remove a bunch of Isolate::Current() callsites from simulators
BUG=2487
R=ulan@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1457223005

Cr-Commit-Position: refs/heads/master@{#32164}
2015-11-23 08:10:06 +00:00
zhengxing.li
d23330d496 X87: Fix object initialization when slack tracking for it's map is still enabled.
port 2fc2cb99f5 (r32144)

  original commit message:
  The old code was not ready for properly initialize objects with non standard headers and non zero in-object properties number.

  MacroAssembler::Allocate() implementations now return both start and end addresses of the new object (done by parameter renaming).

BUG=

Review URL: https://codereview.chromium.org/1467923002

Cr-Commit-Position: refs/heads/master@{#32161}
2015-11-23 03:17:28 +00:00
zhengxing.li
ea1d0a61be X87: [runtime] Introduce a proper %NewArray runtime entry.
port ceade6cf23 (r32131)

  original commit message:
  This adds a new %NewArray runtime entry, which constructs a new JSArray
  and does the subclassing correctly (to the same degree that %NewObject
  does currently), and also deals properly with the AllocationSite
  feedback mechanism. This runtime entry will be used by TurboFan and is
  also used as a fallback in the subclassing case in the stub currently.

BUG=

Review URL: https://codereview.chromium.org/1462283003

Cr-Commit-Position: refs/heads/master@{#32160}
2015-11-23 03:16:00 +00:00
zhengxing.li
313ff5c87f X87: Introduce a BuiltinsConstructStub that sets up new.target and does a [[call]] per ES6 9.3.2.
port 469d9bfa8d (r32120)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1459843004

Cr-Commit-Position: refs/heads/master@{#32129}
2015-11-20 03:08:32 +00:00
mstarzinger
adec263860 Simplify MacroAssembler::InvokePrologue a bit.
This removes some dead code from the function invocation code when the
arguments adaptor trampoline is called. This seems to be leftover code
from when we used to support calling code objects directly.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1455293004

Cr-Commit-Position: refs/heads/master@{#32126}
2015-11-19 19:45:06 +00:00
mstarzinger
c0356f1f6d [turbofan] Pass new.target to arguments adaptor trampoline.
This changes the interface descriptor for the arguments adaptor to also
contain an explicit register for the new.target value. Note that the
stub still clobbers the register for now.

This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.

R=bmeurer@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1457313002

Cr-Commit-Position: refs/heads/master@{#32117}
2015-11-19 14:37:02 +00:00
mstarzinger
0227857d26 [turbofan] Make new.target explicit in JSCallDescriptor.
This adds an explicit parameter to the call descriptor having kind
kJSCallFunction representing the new.target value. Note that for now
this parameter is not yet passed in and hence cannot be used yet. Also
contains some refactoring of how parameter index value are calculated,
establishing Linkage as the central point for such index computations.

This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.

R=bmeurer@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1461973002

Cr-Commit-Position: refs/heads/master@{#32112}
2015-11-19 12:48:25 +00:00
mstarzinger
c0bf04b119 Simplify dispatch in optimizing compile stubs.
This is to re-establish a single choke point for lazy compile stubs in
preparation for CallRuntimePassFunction being changed soon.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1456003003

Cr-Commit-Position: refs/heads/master@{#32095}
2015-11-18 19:34:35 +00:00
zhengxing.li
30d6a4deb2 X87: Handle StepIn for constructors through PrepareStep just like for regular calls.
port 14ec485c3a (r32044)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1457673003

Cr-Commit-Position: refs/heads/master@{#32073}
2015-11-18 08:32:35 +00:00
zhengxing.li
1d568d77ec X87: VectorICs: Remove --vector-stores flag.
port e75e625453 (r32040)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1461533002

Cr-Commit-Position: refs/heads/master@{#32068}
2015-11-18 04:35:05 +00:00
zhengxing.li
2772f1ceef X87: Rename original constructor to new target.
port 07c1d181e7 (r32023)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1458633003

Cr-Commit-Position: refs/heads/master@{#32067}
2015-11-18 04:32:33 +00:00
zhengxing.li
d9305784f9 X87: [turbofan] Move JSCallFunction specialization to JSCallReducer.
port e5edd66d07 (r32022)

    original commit message:
    This is the first part to refactoring the JSNativeContextSpecialization
    class, which has grown way too big recently.

    Also don't collect cross context feedback for the CallIC in general.
    Neither TurboFan nor Crankshaft can make any use of cross context
    JSFunction feedback that is collected by the CallIC, so there's no
    point in gathering that feedback at all (it just complicates the
    checking that is necessary in the compilers). What we should do
    instead at some point (when Crankshaft becomes less important) is
    to collect the SharedFunctionInfo as feedback for those cases.

BUG=

Review URL: https://codereview.chromium.org/1453033002

Cr-Commit-Position: refs/heads/master@{#32024}
2015-11-17 08:43:37 +00:00
zhengxing.li
43ef9bc632 X87: [builtins] One runtime fallback is enough for the String constructor.
port 34b7b21d1d (r32000)

  original commit message:
  If inline allocation fails, we can just use the %NewObject fallback,
  which will do the right thing. We don't need a dedicated fallback to
  %AllocateInNewSpace.

BUG=

Review URL: https://codereview.chromium.org/1451603002

Cr-Commit-Position: refs/heads/master@{#32002}
2015-11-16 04:33:16 +00:00
zhengxing.li
e9528b8300 X87: Support fast-path allocation for subclass constructors with correctly initialized initial maps.
port b9d25d86a8 (r31913)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1434853002

Cr-Commit-Position: refs/heads/master@{#31934}
2015-11-11 03:35:19 +00:00
zhengxing.li
12a073e69a X87: [runtime] Drop redundant %CharFromCode runtime entry.
port 2b4cb2a140 (r31873)

  original commit message:
  The %StringCharFromCode and %CharFromCode runtime function perform
  exactly the same task, so we need only one of them.

BUG=

Review URL: https://codereview.chromium.org/1432063002

Cr-Commit-Position: refs/heads/master@{#31909}
2015-11-10 02:25:21 +00:00
zhengxing.li
9acf00c78d X87: [builtins] Introduce specialized Call/CallFunction builtins.
port 7c3396d01c (r31871)

  original commit message:
  Introduce receiver conversion mode specialization for the Call and
  CallFunction builtins, so we can specialize the builtin functionality
  (actually an optimization only) based on static information from the
  callsite (this is basically a superset of the optimizations that were
  available with the CallFunctionStub and CallICStub, except that these
  optimizations are correct now).

  This fixes a regression introduced by the removal of CallFunctionStub,
  for programs that call a lot.

BUG=

Review URL: https://codereview.chromium.org/1431133002

Cr-Commit-Position: refs/heads/master@{#31884}
2015-11-09 14:05:55 +00:00
rmcilroy
7c160afd49 [Interpreter] Add test for sloppy mode receiver replacement.
Adds a test that the receiver for sloppy mode functions is replaced with
the global proxy when called with an undefined receiever.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1410113008

Cr-Commit-Position: refs/heads/master@{#31854}
2015-11-06 11:13:52 +00:00
zhengxing.li
018ecfd162 X87: Remove CallFunctionStub, always call through the Call builtin (also from CallIC).
port 44c44521ae (r31823).

  original commit message:
  This fixes receiver conversion since the Call builtin does it correctly.

BUG=

Review URL: https://codereview.chromium.org/1416673009

Cr-Commit-Position: refs/heads/master@{#31848}
2015-11-06 03:11:22 +00:00
zhengxing.li
8c1a433038 X87: [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
port ab84025977 (r31790).

  original commit message:
  The current implementation of classes throws the TypeError at the wrong
  point, after activating a new context when directly calling a class
  constructor. According to the spec, the TypeError has to be thrown
  in the caller context.

BUG=

Review URL: https://codereview.chromium.org/1419793007

Cr-Commit-Position: refs/heads/master@{#31815}
2015-11-05 05:11:57 +00:00
bmeurer
30aca03ad1 [turbofan] Implement the call protocol properly for direct calls.
The callees are expected to properly set the number of actual
arguments passed to the callee, which is now represented correctly
in the TurboFan graphs by a new Parameter right before the context
Parameter.  Currently this is only being used for outgoing calls.

Note that this requires disabling two of the TF code stub tests,
because of the JavaScript graphs are not automagically compatible
with abitrary (incoming) code stub interface descriptors.  If we
want to support JS code stubs at all, then we need to find a sane
way to feed in this information.

Drive-by-fix: Don't insert a direct call to a classConstructor.

R=mstarzinger@chromium.org
BUG=v8:4413, v8:4428
LOG=n

Review URL: https://codereview.chromium.org/1410633006

Cr-Commit-Position: refs/heads/master@{#31789}
2015-11-04 14:08:59 +00:00
yangguo
1df7377477 Merge GlobalObject with JSGlobalObject.
R=jkummerow@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1406113007

Cr-Commit-Position: refs/heads/master@{#31714}
2015-11-02 14:58:19 +00:00
zhengxing.li
62acae2436 X87: Reland "[es6] Better support for built-ins subclassing."
port 4490ce8520 (r31701).

  original commit message:
    Original issue's description:
    > [es6] Better support for built-ins subclassing.
    >
    > Create proper initial map for original constructor (new.target) instead of doing prototype
    > transition on the base constructor's initial map. This approach fixes in-object slack tracking
    > for subclass instances.
    > This CL also fixes subclassing from String.
    >
    > BUG=v8:3101, v8:3330
    > LOG=Y
    >
    > Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
    > Cr-Commit-Position: refs/heads/master@{#31680}

    It also fixes typed array map smashing done during typed array initialization.

BUG=

Review URL: https://codereview.chromium.org/1432483003

Cr-Commit-Position: refs/heads/master@{#31704}
2015-11-02 10:00:10 +00:00
rmcilroy
76d730b9b2 [Interpreter] Ensure we save the BytecodeArray register properly in InterpreterEntryTrampoline builtin.
Ensure that we save the BytecodeArray register in the InterpreterEntryTrampoline
before calling out to the kStackGuard runtime function.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1426863005

Cr-Commit-Position: refs/heads/master@{#31650}
2015-10-29 11:47:31 +00:00
zhengxing.li
4e00456471 X87: Fix the sqrt precision issue.
In order to resolve the sqrt precision issue described in https://codereview.chromium.org/1425763002/.
  we change the implementation of CreateSqrtFunction() implementation of X87 so that the optimize compiler
  and full-compiler implementation are unified.

R=weiliang.lin@intel.com
BUG=

Review URL: https://codereview.chromium.org/1417553007

Cr-Commit-Position: refs/heads/master@{#31625}
2015-10-28 11:34:38 +00:00
yangguo
67dc6ce5fd Canonicalize handles for optimized compilation.
R=bmeurer@chromium.org

Committed: https://crrev.com/15f36b2b1e166a511966a9991fddea94f890a755
Cr-Commit-Position: refs/heads/master@{#31566}

Review URL: https://codereview.chromium.org/1423833003

Cr-Commit-Position: refs/heads/master@{#31576}
2015-10-26 15:33:20 +00:00
yangguo
8bcef0d73d Revert of Canonicalize handles for optimized compilation. (patchset #1 id:1 of https://codereview.chromium.org/1423833003/ )
Reason for revert:
GC stress failure on ia32 optdebug:

/tmp/runfswAKT/out/Debug/d8 --test --random-seed=-1536184370 --turbo --always-opt --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --stack-size=46 /tmp/runfswAKT/test/mjsunit/mjsunit.js /tmp/runfswAKT/test/mjsunit/regress/regress-1132.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation

Run #1
Exit code: -6
Result: FAIL
Expected outcomes: PASS
Duration: 00:06:279

Stderr:

#
# Fatal error in ../../src/hashmap.h, line 248
# Check failed: base::bits::IsPowerOfTwo32(capacity_).
#

==== C stack trace ===============================

Original issue's description:
> Canonicalize handles for optimized compilation.
>
> R=bmeurer@chromium.org
>
> Committed: https://crrev.com/15f36b2b1e166a511966a9991fddea94f890a755
> Cr-Commit-Position: refs/heads/master@{#31566}

TBR=jochen@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1417013007

Cr-Commit-Position: refs/heads/master@{#31570}
2015-10-26 14:45:34 +00:00
yangguo
15f36b2b1e Canonicalize handles for optimized compilation.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1423833003

Cr-Commit-Position: refs/heads/master@{#31566}
2015-10-26 13:50:16 +00:00
zhengxing.li
9f4ff3b1cd X87: [runtime] Implement %_ToLength via ToLengthStub.
port e678a0f9a9 (r31358)

    original commit message:
    Use %_ToLength for TO_LENGTH, implemented via a ToLengthStub
    that supports a fast path for small integers. Everything else is still
    handled in the runtime.

BUG=

Review URL: https://codereview.chromium.org/1421803002

Cr-Commit-Position: refs/heads/master@{#31542}
2015-10-26 03:50:57 +00:00
zhengxing.li
1e52cd5282 X87: Added Popcnt as an optional operator and implement it on x64 and ia32.
port 053e280c88 (r31319).

    original commit message:

BUG=

Review URL: https://codereview.chromium.org/1420233002

Cr-Commit-Position: refs/heads/master@{#31541}
2015-10-26 03:29:34 +00:00
zhengxing.li
b5b590f511 X87: [Interpreter] Support for operator new.
port 7557dc5a70 (r31312).

    original commit message:
    This change add a new bytecode for operator new and implements it using
    the Construct() builtin.

BUG=

Review URL: https://codereview.chromium.org/1423733002

Cr-Commit-Position: refs/heads/master@{#31518}
2015-10-23 12:21:05 +00:00
zhengxing.li
f1c0a86166 X87: CTZ instruction implemented as optional operator.
port b3334087ec (r31313).

    original commit message:

BUG=

Review URL: https://codereview.chromium.org/1412893006

Cr-Commit-Position: refs/heads/master@{#31516}
2015-10-23 11:37:12 +00:00
zhengxing.li
562047df0f X87: Vector ICs: Get rid of stack arguments on ia32 transitioning stores.
port 2d4aeaad2f (r31204).

    original commit message:
    The stack manipulation was expensive. Two virtual registers are better.

BUG=

Review URL: https://codereview.chromium.org/1410573003

Cr-Commit-Position: refs/heads/master@{#31504}
2015-10-23 09:50:28 +00:00
zhengxing.li
b64c1f02ad X87: [builtins] Make sure argument count is always valid for C++ builtins.
port 9c8262f11e (r31120).

    original commit message:
    When calling into C++ builtins, we need to make sure that the argument
    count register contains the correct number of arguments, otherwise the
    CEntryStub will not be able to leave the stack in the correct state.

BUG=

Review URL: https://codereview.chromium.org/1418533009

Cr-Commit-Position: refs/heads/master@{#31503}
2015-10-23 09:43:08 +00:00
zhengxing.li
c38e429035 X87: [Interpreter] Add CallRuntime support to the interpreter.
port 75f6ad74b2 (r31089).

    original commit message:
    Adds support for calling runtime functions from the interpreter. Adds the
    CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
    and the arguments in sequential registers. Adds a InterpreterCEntry builtin
    to enable the interpreter to enter C++ code based on the functionId.

    Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
    and groups all the interpreter builtins together.

    BUG=v8:4280
    LOG=N

Review URL: https://codereview.chromium.org/1418213002

Cr-Commit-Position: refs/heads/master@{#31502}
2015-10-23 09:42:03 +00:00
zhengxing.li
2e5845f178 X87: Re-reland: Remove register index/code indirection.
port 5cf1c0bcf6 (r31087).

    original commit message:
    Previous to this patch, both the lithium and TurboFan register
    allocators tracked allocated registers by "indices", rather than
    the register codes used elsewhere in the runtime. This patch
    ensures that codes are used everywhere, and in the process cleans
    up a bunch of redundant code and adds more structure to how the
    set of allocatable registers is defined.

    Some highlights of changes:

    * TurboFan's RegisterConfiguration class moved to V8's top level
      so that it can be shared with Crankshaft.
    * Various "ToAllocationIndex" and related methods removed.
    * Code that can be easily shared between Register classes on
      different platforms is now shared.
    * The list of allocatable registers on each platform is declared
      as a list rather than implicitly via the register index <->
      code mapping.

    additional comment:
    This patch must be work with CL https://codereview.chromium.org/1405673003/
    and CL https://codereview.chromium.org/1413343002/
    which provide the needed register allocation common code change in
    v8 for this CL

BUG=

Review URL: https://codereview.chromium.org/1410393004

Cr-Commit-Position: refs/heads/master@{#31494}
2015-10-23 07:58:47 +00:00
rmcilroy
6256e1dcd5 [Interpreter] Fill out function prologue support.
Fills out some more of the function prologue support in the
interpreter. Deals with creation of arguments objects and throwing
IllegalRedeclarations if necessary. Also adds (untested) support for
this.function and new.target variable assignment.

Also fixes a bug in Frames::is_java_script() to deal with
interpreter frames correctly.

Cleans up comments in builtins InterpreterEntryTrampoline about
missing prologue support.

Adds the following bytecodes:
  - CreateArgumentsSloppy
  - CreateArgumentsStrict

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1412953007

Cr-Commit-Position: refs/heads/master@{#31486}
2015-10-22 21:42:04 +00:00
jkummerow
81ee94b650 Move Hydrogen and Lithium to src/crankshaft/
Review URL: https://codereview.chromium.org/1405363003

Cr-Commit-Position: refs/heads/master@{#31410}
2015-10-20 13:25:55 +00:00
mvstanton
2f2302f08b VectorICs: Bugfix in KeyedStore dispatcher.
The dispatcher failed to MISS properly when configured as a monomorphic
keyed string store, causing a crash.

BUG=v8:4495
LOG=N
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1415533003

Cr-Commit-Position: refs/heads/master@{#31362}
2015-10-19 09:51:46 +00:00
jarin
2d60ea51ab Introduce AllocateInNewSpace stub.
The stub is used for Turbofan's fast path allocation.

Review URL: https://codereview.chromium.org/1404773002

Cr-Commit-Position: refs/heads/master@{#31326}
2015-10-16 08:40:10 +00:00
hpayer
c1a81536ed Do not allow large object allocation from optimized code.
BUG=

Review URL: https://codereview.chromium.org/1406593002

Cr-Commit-Position: refs/heads/master@{#31244}
2015-10-13 19:20:19 +00:00
rmcilroy
c0185b7d98 [Interpreter] Add support for new local function context creation.
Adds support for creation of new local function contexts (or script context for
top-level code). As part of this, also adds support for context push/pop
operations using a ContextScope object in BytecodeGenerator. Adds the following
bytecodes:
 - PushContext
 - PopContext

Support for inner contexts and loading from / storing to context allocated
variables will come in a future CL.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1379793004

Cr-Commit-Position: refs/heads/master@{#31238}
2015-10-13 13:09:56 +00:00
mstarzinger
83a3fc7e7f Make assembler not include the entire compiler.
This removes the include of compiler.h from all our assemblers, which
was only needed for the SourcePosition class.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1397493002

Cr-Commit-Position: refs/heads/master@{#31157}
2015-10-07 16:57:31 +00:00
danno
5cf1c0bcf6 Re-reland: Remove register index/code indirection
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}

Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#31087}
2015-10-02 16:55:22 +00:00
danno
00e07b0057 Revert of Reland: Remove register index/code indirection (patchset #20 id:380001 of https://codereview.chromium.org/1287383003/ )
Reason for revert:
Failures on MIPS

Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
>   so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
>   different platforms is now shared.
> * The list of allocatable registers on each platform is declared
>   as a list rather than implicitly via the register index <->
>   code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}

TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1380863004

Cr-Commit-Position: refs/heads/master@{#31083}
2015-10-02 15:37:06 +00:00
danno
7b7a8205d9 Remove register index/code indirection
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#31075}
2015-10-02 13:59:06 +00:00
alph
8d55da3830 Eliminate no_frame_range data
It was supposed to be used by the CPU profiler. But as long as
these ranges are not built when profiler is not running, once
the profiler is started there're no ranges for already compiled
functions. So basically this code never worked.

As long as now CPU profiler uses another approach this code is no
longer needed.

Review URL: https://codereview.chromium.org/1376333003

Cr-Commit-Position: refs/heads/master@{#31056}
2015-10-01 17:08:55 +00:00
ishell
90998947bc Distinction between FeedbackVectorICSlot and FeedbackVectorSlot eliminated.
This CL also allows to use arbitrary number of feedback vector elements for particular slot kind.

Review URL: https://codereview.chromium.org/1370303004

Cr-Commit-Position: refs/heads/master@{#31050}
2015-10-01 13:48:19 +00:00
mstarzinger
6a769ac1df [presubmit] Enable readability/namespace linter checking.
This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1371083003

Cr-Commit-Position: refs/heads/master@{#31019}
2015-09-30 13:47:11 +00:00
chunyang.dai
f059762e74 X87: Introduce LiteralsArray to hide it's implementation.
port d8cdd6956a (r31000).

original commit message:

    The LiteralsArray will soon hold a type feedback vector. Code treats it as an
    ordinary fixed array, and needs to stop that.

BUG=

Review URL: https://codereview.chromium.org/1378793003

Cr-Commit-Position: refs/heads/master@{#31015}
2015-09-30 05:37:36 +00:00
alph
e0606c9f00 Move heap and CPU profilers into a dedicated directory.
Drive-by: remove unnecessary includes.

Review URL: https://codereview.chromium.org/1356223004

Cr-Commit-Position: refs/heads/master@{#30987}
2015-09-28 19:34:18 +00:00
chunyang.dai
bac284ee75 X87: Full code shouldn't embed the type feedback vector.
port c90c60ba26 (r30940)

original commit message:

    Make sure to always reference it indirectly. This allows us to make the vector
    native-context dependent should we wish.

BUG=

Review URL: https://codereview.chromium.org/1369963002

Cr-Commit-Position: refs/heads/master@{#30954}
2015-09-28 03:09:16 +00:00
chunyang.dai
8322defdb9 X87: [turbofan] Call ArgumentsAccessStub to materialize arguments.
port 9b12ec9ac2 (r30919)

original commit message:

    This lowers JSCreateArgument nodes to call the ArgumentsAccessStub for
    help with materializing arguments objects when possible. Along the way
    this changes the calling convention of said stub to take parameters in
    registers instead of on the stack.

R=weiliang.lin@intel.com
BUG=

Review URL: https://codereview.chromium.org/1368873002

Cr-Commit-Position: refs/heads/master@{#30923}
2015-09-25 03:00:44 +00:00
danno
3ac27431a9 Revert of Remove register index/code indirection (patchset #17 id:320001 of https://codereview.chromium.org/1287383003/ )
Reason for revert:
Failures on greedy RegAlloc, Fuzzer

Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
>   so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
>   different platforms is now shared.
> * The list of allocatable registers on each platform is declared
>   as a list rather than implicitly via the register index <->
>   code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}

TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1365073002

Cr-Commit-Position: refs/heads/master@{#30914}
2015-09-24 13:39:03 +00:00
danno
80bc6f6e11 Remove register index/code indirection
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#30913}
2015-09-24 12:53:13 +00:00
chunyang.dai
11fd60f5a9 X87: [es6] Introduce spec compliant IsConstructor.
port 8fe3ac0701 (30902).

original commit message:

    There was already a bit on the Map named "function with prototype",
    which basically meant that the Map was a map for a JSFunction that could
    be used as a constructor. Now this CL generalizes that bit to
    IsConstructor, which says that whatever (Heap)Object you are looking at
    can be used as a constructor (i.e. the bit is also set for bound
    functions that can be used as constructors and proxies that have a
    [[Construct]] internal method).

    This way we have a single chokepoint for IsConstructor checking, which
    allows us to get rid of the various ways in which we tried to guess
    whether something could be used as a constructor or not.

    Drive-by-fix: Renamed IsConstructor on FunctionKind to
    IsClassConstructor to resolve the weird name clash, and the
    IsClassConstructor name also matches the spec.

BUG=

Review URL: https://codereview.chromium.org/1362313002

Cr-Commit-Position: refs/heads/master@{#30908}
2015-09-24 10:46:14 +00:00
chunyang.dai
46d61217cb X87: [runtime] Remove weird pushing of something on StackOverflow.
port 556b522ac6 (r30883)

original commit message:

    We somehow try to push some stuff on the stack when we detect a stack
    overflow, that we don't need. Even worse we might access outside the
    valid stack bounds. Since we don't need this, it's gone.

BUG=

Review URL: https://codereview.chromium.org/1367943002

Cr-Commit-Position: refs/heads/master@{#30907}
2015-09-24 10:37:51 +00:00
chunyang.dai
78be1562e4 X87: [builtin] Refactor Invoke to deal with any kind of callable.
port 634d1d86d8 (r30874).

original commit message:

    Now both Execution::Call and Execution::New can deal with any
    kind of target and will raise a proper exception if the target is not
    callable (which is not yet spec compliant for New, as we would
    have to check IsConstructor instead, which we don't have yet).

    Now we no longer need to do any of these weird call/construct
    delegate gymnastics in C++, and we finally have a single true
    bottleneck for Call/Construct abstract operations in the code
    base, with only a few special handlings left in the compilers to
    optimize the JSFunction case.

BUG=

Review URL: https://codereview.chromium.org/1362293002

Cr-Commit-Position: refs/heads/master@{#30904}
2015-09-24 08:58:40 +00:00
chunyang.dai
28de5bf8fb X87: [ic] Introduce BOOLEAN state for CompareIC.
port 10c5f2e85e

original commit message:

    Slow path for relational comparison of boolean primitive values
    now goes through the runtime, which made the slow path even
    slower than it already was. So in order to repair the regression,
    we just track boolean feedback for comparisons and use that
    to generate decent code in Crankshaft (not the best possible
    code, but good enough for Crankshaft; TurboFan will be able
    to do better on that).

BUG=

Review URL: https://codereview.chromium.org/1367523005

Cr-Commit-Position: refs/heads/master@{#30903}
2015-09-24 08:53:31 +00:00
chunyang.dai
5ced12c154 X87: [builtins] Add support for NewTarget to Execution::New.
port 1dfac69f1f (r30857).

original commit message:

    Introduce new builtins Construct and ConstructFunction (in line
    with the Call and CallFunction builtins that we already have) as
    proper bottleneck for Construct and [[Construct]] on JSFunctions.
    Use these builtins to support passing NewTarget from C++ to
    JavaScript land.

    Long-term we want the CallConstructStub to be used for
    gathering feedback on entry to construction chain (i.e. the
    initial new Foo), and use the Construct builtins to do the
    actual work inside the construction chain (i.e. calling into
    super and stuff).

BUG=

Review URL: https://codereview.chromium.org/1362573002

Cr-Commit-Position: refs/heads/master@{#30899}
2015-09-24 03:52:04 +00:00
chunyang.dai
687ef62eb5 X87: [ic] Also collect known map for relational comparison.
port e56f265f6d (r30852).

original commit message:

    Previously we only collected the known map for equality comparisons. But
    if we also collect it for relational comparisons, we can inline a fast
    path of ToPrimitive on the objects, which is especially interesting
    since both sides have the same map.

    For now we only inline a very limited subset of ToPrimitive in
    Crankshaft, which is when the receiver map (and its prototype chain)
    doesn't have @@toPrimitive, and both valueOf and toString are the
    default versions on the %ObjectPrototype%. In this case the relational
    comparison would reduce to a string comparison of "[object CLASS]" with
    itself and so we can reduce that to a boolean constant plus map checks
    on both left and right hand side, plus code dependencies on the
    prototype chain. This repairs the regression on box2d.

BUG=

Review URL: https://codereview.chromium.org/1342243005

Cr-Commit-Position: refs/heads/master@{#30897}
2015-09-24 03:35:07 +00:00
chunyang.dai
be04dd5c9e X87: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.
port 8016547c8e (r30818).

original commit message:

    The StringCompareStub used to take its parameters on the (JavaScript)
    stack, which made it impossible to use in TurboFan. Actually
    StringCompareStub was currently completely unused. This changes the
    calling convention to something TurboFan compatible and introduces a
    CallInterfaceDescriptor for StringCompareStub. It also changes
    HStringCompareAndBranch to use the StringCompareStub instead of using
    the full blown CompareICStub for a stupid string comparison.

BUG=

Review URL: https://codereview.chromium.org/1355983003

Cr-Commit-Position: refs/heads/master@{#30845}
2015-09-21 09:18:18 +00:00
chunyang.dai
9155967e84 X87: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.
port 593c655a3c (r30816).

original commit message:

    This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
    and replaces them with a proper C++ implementation in Object::Compare
    and appropriate wrappers Object::LessThan, Object::GreaterThan, and
    friends that are intended to be used by a true/false returning CompareIC
    in the future, as well as the interpreter.  As a short-term solution we
    provide %Compare and %Compare_Strong entry points for the current
    CompareIC that return the appropriate integer values expected by
    fullcodegen currently.

    Now the Abstract Relational Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=

Review URL: https://codereview.chromium.org/1353343002

Cr-Commit-Position: refs/heads/master@{#30844}
2015-09-21 09:13:09 +00:00
chunyang.dai
d10b2709df X87: Remove --pretenure-call-new
port b5588f48fd (r30767).

original commit message:

    There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

BUG=

Review URL: https://codereview.chromium.org/1346043005

Cr-Commit-Position: refs/heads/master@{#30829}
2015-09-18 12:01:04 +00:00
chunyang.dai
e8ec4ede62 X87: [runtime] Initial step towards switching Execution::Call to callable.
port d5bbd45f04 (r30808).

oringial commit message:

    Currently Execution::Call (and friends) still duplicate a lot of the
    Call sequence logic that should be encapsulated in the Call and
    CallFunction builtins. So the plan now is to switch Execution::Call
    to accept any Callable and just pass that through to the Call builtin.

BUG=

Review URL: https://codereview.chromium.org/1350183005

Cr-Commit-Position: refs/heads/master@{#30828}
2015-09-18 11:59:42 +00:00
chunyang.dai
953024c640 X87: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.
port 905e008c52 (r30758)

BUG=

Review URL: https://codereview.chromium.org/1352173002

Cr-Commit-Position: refs/heads/master@{#30827}
2015-09-18 11:47:33 +00:00
chunyang.dai
55da29f443 X87: [builtins] Unify the String constructor.
port a3d6f6cce3 (r30759).

original commit message:

    Implement the String constructor completely as native builtin,
    avoiding the need to do gymnastics in JavaScript builtin to
    properly detect the no argument case (which is different from
    the undefined argument case) and also allowing to just
    tailcall through to ToString or SymbolDescriptiveString for
    the common case. Also the JavaScript builtin was misleading
    since the case for construct call was unused, but could be
    triggered in a wrong way once we support tail calls from
    constructor functions.

    This refactoring allows us to properly implement subclassing
    for String builtins, once we have the correct initial_map on
    derived classes (it's merely a matter of using NewTarget
    instead of the target register now).

    This introduces a new %SymbolDescriptiveString runtime
    entry, which is also used by Symbol.toString() now.

BUG=

Review URL: https://codereview.chromium.org/1349403002

Cr-Commit-Position: refs/heads/master@{#30826}
2015-09-18 11:46:34 +00:00
chunyang.dai
ecc6e6c52c X87: Reland VectorICs: ia32 store ics need a virtual register.
port 1e00bb57a2 (r30737).

original commit message:

    (reason for revert/reland: patch incorrectly left --vector-stores flag
     on, helpfully revealing some gcstress issues to look at, but they
     don't need to block this CL).

    Some pretty hacky code was used to carry out the tail-call
    handler dispatch on ia32 vector stores due to a lack
    of free registers. It really tanks performance. A better
    approach is to use a virtual register on the isolate.

BUG=

Review URL: https://codereview.chromium.org/1344383002

Cr-Commit-Position: refs/heads/master@{#30781}
2015-09-17 01:25:36 +00:00
chunyang.dai
e97b1938dd X87: [runtime] Replace the EQUALS builtin with proper Object::Equals.
port 54bab695f5 (r30747).

original commit message:

    Move the implementation of the Abstract Equality Comparison to the
    runtime and thereby remove the EQUALS dispatcher builtin. Also remove
    the various runtime entry points that were only used to support the
    EQUALS builtin.

    Now the Abstract Equality Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=

Review URL: https://codereview.chromium.org/1349623002

Cr-Commit-Position: refs/heads/master@{#30780}
2015-09-17 01:21:53 +00:00
chunyang.dai
2b476800e1 X87: [Interpreter] Add support for JS calls.
port e7fb233946 (r30710).

original commit message:

    Adds support for JS calls to the interpreter. In order to support
    calls from the interpreter, the PushArgsAndCall builtin is added
    which pushes a sequence of arguments onto the stack and calls
    builtin::Call.

    Adds the Call bytecode.

BUG=

Review URL: https://codereview.chromium.org/1334153004

Cr-Commit-Position: refs/heads/master@{#30745}
2015-09-15 12:24:57 +00:00
chunyang.dai
353db40970 X87: [builtins] Simplify String constructor code.
port eadfd66631 (r30706).

original commit message:

    The String constructor was somewhat complex with a lot of micro
    optimizations that are not relevant or even misguided. It would be
    really hard to port that code to ES6, which requires String to be
    subclassable. So as a first step we reduced the necessary complexity
    to the bare minimum (also removing the last user of the fairly complex
    MacroAssembler::LookupNumberStringCache method).

    This also removes the counters for the String constructor, which
    were not properly exposed anymore (and not kept in sync with inlined
    versions of the String constructor anyway).

BUG=

Review URL: https://codereview.chromium.org/1336133003

Cr-Commit-Position: refs/heads/master@{#30744}
2015-09-15 12:16:52 +00:00
chunyang.dai
8c8c7523c2 X87: Make FlushICache part of Assembler(Base) and take Isolate as parameter.
port 9fc4fc141f (r30695).

BUG=

Review URL: https://codereview.chromium.org/1339293002

Cr-Commit-Position: refs/heads/master@{#30743}
2015-09-15 11:51:49 +00:00
chunyang.dai
ee86a749bf X87: [builtins] Remove the weird STACK_OVERFLOW builtin.
port 39604dda56 (r30693).

original commit message:

    Just use a %ThrowStackOverflow runtime function instead, which
    does the trick, especially since the Isolate already has a
    preallocated StackOverflow error for that.

BUG=

Review URL: https://codereview.chromium.org/1344793002

Cr-Commit-Position: refs/heads/master@{#30741}
2015-09-15 11:31:29 +00:00
chunyang.dai
ec2f11c577 X87: [stubs] Simplify the non-function case of CallConstructStub.
port 622fa0ea21 (r30691).

original commit message:

    Currently we do this dance between the CallConstructStub, the
    CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
    and %Apply runtime functions for every [[Construct]] operation on
    non-function callables. This is complexity is unnecessary, and can
    be simplified to work without any JS builtin. This will also make it
    a lot easier to implement ES6 compliant [[Construct]] for proxies.

    Also sanitize the invariant for CallConstructStub, which up until now
    always restored the context itself, but that force us to always create
    another copy of all arguments in case of proxies and other callables,
    so we can relax that constraint by making the caller restore the context
    (this only affects fullcodegen, since the optimizing compilers already
    properly restore the context anyway).

BUG=

Review URL: https://codereview.chromium.org/1341233002

Cr-Commit-Position: refs/heads/master@{#30740}
2015-09-15 11:27:06 +00:00
chunyang.dai
cfbe3f6443 X87: On a call to Array(), we patched a call ic.
port ba7b641398 (r30649)

original commit message:

   This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and c

BUG=

Review URL: https://codereview.chromium.org/1330993004

Cr-Commit-Position: refs/heads/master@{#30672}
2015-09-10 08:40:02 +00:00
bmeurer
6b3c070db6 [runtime] Sanitize %NewClosure runtime entries.
There are now two runtime entries %NewClosure and %NewClosure_Tenured,
with the same signature (one parameter, the SharedFunctionInfo, and the
context of the caller).

Also remove the HFunctionLiteral special case instruction from Crankshaft,
as HCallWithDescriptor with FastNewClosureStub or HCallRuntime with
either %NewClosure or %NewClosure_Tenured can easily do that for you.

Also remove the redundant context parameter from the JSCreateClosure
operator, because every JS operator already takes a context input.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg

Review URL: https://codereview.chromium.org/1329293003

Cr-Commit-Position: refs/heads/master@{#30671}
2015-09-10 08:36:15 +00:00
chunyang.dai
99f0130782 X87: [calls] Consistent call protocol for calls.
port b37907ff7f (r30648).

original commit message:

    The number of actual arguments should always be available, there's no
    point in trying to optimize away a simple assignment of an immediate to
    a register before some calls.

    The main motivation is to have a consistent state at the beginning of every
    function. Currently the arguments register (i.e. rax or eax) either contains
    the number of arguments or some random garbage depending on whether
    the callsite decided that the callee might need the information or not.
    This causes trouble with runtime implementations of functions that
    do not set internal_formal_parameter_count to the DontAdaptArguments
    sentinel (we don't have any of those yet), but also makes it impossible
    to sanity check the arguments in the callee, because the callee doesn't
    know whether the caller decided to pass the number of arguments or
    random garbage.

BUG=

Review URL: https://codereview.chromium.org/1335453002

Cr-Commit-Position: refs/heads/master@{#30669}
2015-09-10 05:42:49 +00:00
chunyang.dai
20c9749b5e X87: [builtins] Unify the various versions of [[Call]] with a Call builtin.
port ccbb4ff00f (r30629)

original commit message:

    The new Call and CallFunction builtins supersede the current
    CallFunctionStub (and CallIC magic) and will be the single bottleneck
    for all calling, including the currently special Function.prototype.call
    and Function.prototype.apply builtins, which had handwritten (and
    not fully compliant) versions of CallFunctionStub, and also the
    CallIC(s), which where also slightly different.

    This also reduces the overhead for API function calls, which is still
    unnecessary high, but let's do that step-by-step.

    This also fixes a bunch of cases where the implicit ToObject for
    sloppy receivers was done in the wrong context (in the caller
    context instead of the callee context), which basically meant
    that we allowed cross context access to %ObjectPrototype%.

BUG=

Review URL: https://codereview.chromium.org/1332703002

Cr-Commit-Position: refs/heads/master@{#30668}
2015-09-10 05:41:51 +00:00
chunyang.dai
0cfa52d055 X87: [runtime] Replace many buggy uses of %_CallFunction with %_Call.
port db2ba190db (r30634).

original commit message:

    The semantics of the %_CallFunction intrinsic seem to be very unclear,
    which resulted in a lot of bugs. Especially the combination with
    %IsSloppyModeFunction is always a bug, because the receiver would be
    wrapped in the wrong context. So the %IsSloppyModeFunction helper is
    gone now, and many of the buggy uses of %_CallFunction are also
    eliminated.

    If you ever need to call something with a different receiver, then
    %_Call is your friend now. It does what you want and implements the
    call sequence fully (and correct).

Review URL: https://codereview.chromium.org/1336443002

Cr-Commit-Position: refs/heads/master@{#30667}
2015-09-10 05:40:38 +00:00
chunyang.dai
15cf7d6174 X87: initialize the FPU state for X87 in prologue.
This CL is a fix for c0c3d866fb (r30606).
   In r30606, initialization of FPU implementation is not moved to prologue
   generation correctly.

BUG=

Review URL: https://codereview.chromium.org/1317643009

Cr-Commit-Position: refs/heads/master@{#30626}
2015-09-08 03:27:20 +00:00
chunyang.dai
6b69d5365d X87: Reland Vector ICs: platform support for vector-based stores.
port 40fbed0609 (r30581)

original commit message:

    The last changes for vector store functionality, they are in 3 areas:

    1) The new vector [keyed] store code stubs - implementation.
    2) IC and handler compiler adjustments
    3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.

BUG=

Review URL: https://codereview.chromium.org/1311413007

Cr-Commit-Position: refs/heads/master@{#30612}
2015-09-07 08:19:49 +00:00
chunyang.dai
0fce748dc6 X87: Remove obsolete functionality from the MacroAssemblers.
port 64e3bad367 (r30577)

original commit message:

    This is uncontroversial the dead code removal part of
    https://codereview.chromium.org/1307943013, which was
    previously landed, but got reverted because of DOM
    breakage that requires more investigation.

BUG=

Review URL: https://codereview.chromium.org/1321653004

Cr-Commit-Position: refs/heads/master@{#30611}
2015-09-07 08:14:45 +00:00
chunyang.dai
57d16cf417 X87: [es6] Initial steps towards a correct implementation of IsCallable.
port 8a378f46d5 (r30552)

original commit message:

    This turns the has_instance_call_handler bit on Map into an is_callable
    bit, that matches the spec definition of IsCallable (i.e. instances have
    [[Call]] internal methods).

    Also fix the typeof operator to properly say "function" for everything
    that is callable.

    Also remove the (unused) premature %_GetPrototype optimization from
    Crankshaft, which just complicated the Map bit swap.

BUG=

Review URL: https://codereview.chromium.org/1310653004

Cr-Commit-Position: refs/heads/master@{#30609}
2015-09-07 08:00:49 +00:00
chunyang.dai
e5ee42fa05 X87: [es6] Re-implement rest parameters via desugaring.
port 510baeacba (r30550)

original commit message:

    Kills the kRestParameter bailout/disabled optimization, and fixes
    lazily parsed arrow functions with rest parameters.

    Supercedes https://crrev.com/1235153006/

BUG=

Review URL: https://codereview.chromium.org/1305943008

Cr-Commit-Position: refs/heads/master@{#30608}
2015-09-07 07:51:35 +00:00
chunyang.dai
c0c3d866fb X87: Crankshaft is now able to compile top level code even if there is a ScriptContext.
port 29ebcc3205 (r30496).

original commit message:

    This CL introduces HPrologue instruction which does the context allocation work and supports deoptimization.

BUG=

Review URL: https://codereview.chromium.org/1308743005

Cr-Commit-Position: refs/heads/master@{#30606}
2015-09-07 07:48:59 +00:00
chunyang.dai
4d6eef61b7 X87: [builtins] Pass correct number of arguments after adapting arguments.
port fbad63669e (r30467)

original commit message:

    The call protocol requires that the register dedicated to the number of
    actual arguments (i.e. rax on x64) always contains the actual arguments.
    That means after adapting arguments it should match the number of
    expected arguments.  But currently we pass some semi-random value
    (usually some stack address) after adapting arguments.

    It looks like this is currently not observable anywhere, because our
    builtins and functions either don't look at the number of arguments and
    just make hard coded (unchecked) assumptions, or are marked as "don't
    adapt arguments", which bypasses the broken code in the trampoline for
    arguments adaption.  Nevertheless this should be fixed.

BUG=

Review URL: https://codereview.chromium.org/1304893010

Cr-Commit-Position: refs/heads/master@{#30605}
2015-09-07 07:43:00 +00:00
mstarzinger
92e85aed10 [presubmit] Fix build/include linter violations.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1318863004

Cr-Commit-Position: refs/heads/master@{#30554}
2015-09-03 07:56:14 +00:00
chunyang.dai
3f6e5b3014 X87: [runtime] Add %ToString and %_ToString and remove the TO_STRING builtin.
port 09de997b35 (r30442).

original commit message:

    This adds a new ToString runtime function and a fast-path ToStringStub
    (which is just a simple dispatcher for existing functionality), and also
    implements %_ToName using the ToStringStub.

R=weiliang.lin@intel.com
BUG=

Review URL: https://codereview.chromium.org/1326473002

Cr-Commit-Position: refs/heads/master@{#30460}
2015-08-31 09:23:36 +00:00
chunyang.dai
5c55af556a X87: [Interpreter] Add support for parameter variables.
port 5d975694e4 (r30403)

original commit message:

    Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
    Parameters are accessed as negative interpreter registers.

R=weiliang.lin@intel.com
BUG=

Review URL: https://codereview.chromium.org/1324453003

Cr-Commit-Position: refs/heads/master@{#30440}
2015-08-28 11:00:42 +00:00
titzer
9a20cb152d Use ShouldEnsureSpaceForLazyDeopt more.
R=mcilroy@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1310283005

Cr-Commit-Position: refs/heads/master@{#30439}
2015-08-28 10:47:00 +00:00
bmeurer
f6c6d713b4 [es6] Implement spec compliant ToPrimitive in the runtime.
This is the first step towards a spec compliant ToPrimitive
implementation (and therefore spec compliant ToNumber, ToString,
ToName, and friends).  It adds support for the @@toPrimitive
symbol that was introduced with ES2015, and also adds the new
Symbol.prototype[@@toPrimitive] and Date.prototype[@@toPrimitive]
initial properties.

There are now runtime functions for %ToPrimitive, %ToNumber and
%ToString, which do the right thing and should be used as fallbacks
instead of the hairy runtime.js implementations.  I will do the
same for the other conversion operations mentioned by the spec in
follow up CLs.  Once everything is in place we can look into
optimizing things further, so that we don't always call into the
runtime.

Also fixed Date.prototype.toJSON to be spec compliant.

R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=y

Review URL: https://codereview.chromium.org/1306303003

Cr-Commit-Position: refs/heads/master@{#30434}
2015-08-28 09:21:43 +00:00
titzer
2fd84ef628 Remove CompilationInfo::MayUseThis() and replace it with what we really want to know: MustReplaceUndefinedReceiverWithGlobalProxy.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1312713004

Cr-Commit-Position: refs/heads/master@{#30427}
2015-08-27 20:31:37 +00:00
yangguo
b42c4459e6 Move (uppercase) JS builtins from js builtins object to native context.
R=bmeurer@chromium.org, mstarzinger@chromium.org, rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1316943002

Cr-Commit-Position: refs/heads/master@{#30402}
2015-08-27 10:18:42 +00:00
bmeurer
b4c7399464 [runtime] Remove the redundant %_IsObject intrinsic.
%_IsObject(foo) is equivalent to typeof foo === 'object' and has
exactly the same optimizations, so there's zero need for %_IsObject
in our code base.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1313903003

Cr-Commit-Position: refs/heads/master@{#30380}
2015-08-26 11:28:06 +00:00
mstarzinger
bfbcb3d3fb [heap] User safer root set accessor when possible.
R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1312763006

Cr-Commit-Position: refs/heads/master@{#30377}
2015-08-26 10:25:35 +00:00
chunyang.dai
3aeed04dc2 X87: Correctify instanceof and make it optimizable.
port 5d875a57fa (r30342).

original commit message:

    The previous hack with HInstanceOfKnownGlobal was not only slower,
    but also very brittle and required a lot of weird hacks to support it. And
    what's even more important it wasn't even correct (because a map check
    on the lhs is never enough for instanceof).

    The new implementation provides a sane runtime implementation
    for InstanceOf plus a fast case in the InstanceOfStub, combined with
    a proper specialization in the case of a known global in CrankShaft,
    which does only the prototype chain walk (coupled with a code
    dependency on the known global).

    As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
    implementation.

R=weiliang.lin@intel.com
BUG=

Review URL: https://codereview.chromium.org/1318663003

Cr-Commit-Position: refs/heads/master@{#30376}
2015-08-26 09:56:54 +00:00
chunyang.dai
b5911513cc X87: [Interpreter] Pass context to interpreter bytecode handlers and add LoadConstextSlot
For X87 platform, it has the same general register as ia32 and it will spill the
   context to the stack too.

port bfdc22d7fc (r29325).

original commit message:

    Passes the current context to bytecode interpreter handlers. This is held in the
    context register on all architectures except for ia32 where there are too few
    registers and it is instead spilled to the stack.

    Also changes Load/StoreRegister to use kMachAnyTagged representation since they
    should only ever hold tagged values.

BUG=

Review URL: https://codereview.chromium.org/1316583003

Cr-Commit-Position: refs/heads/master@{#30368}
2015-08-26 01:17:19 +00:00
chunyang.dai
6c40462558 X87: VectorICs: New interface descriptor for vector transitioning stores.
port cd35155918 (r30284).

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1303223002

Cr-Commit-Position: refs/heads/master@{#30297}
2015-08-21 11:15:12 +00:00
chunyang.dai
597cfc6ea8 X87: Cleanup: Remove unncessary leave_frame parameter from stub cache.
port fe432e1ace (r30250).

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1303973004

Cr-Commit-Position: refs/heads/master@{#30296}
2015-08-21 11:02:56 +00:00
chunyang.dai
97a48c538d X87: [turbofan] Unify referencing of stack slots
port cbbaf9ea6a (r30224).

original commit message:

    [turbofan] Unify referencing of stack slots

    Previously, it was not possible to specify StackSlotOperands for all
    slots in both the caller and callee stacks. Specifically, the region
    of the callee's stack including the saved return address, frame
    pointer, function pointer and context pointer could not be addressed
    by the register allocator/gap resolver.

    In preparation for better tail call support, which will use the gap
    resolver to reconcile outgoing parameters, this change makes it
    possible to address all slots on the stack, because slots in the
    previously inaccessible dead zone may become parameter slots for
    outgoing tail calls. All caller stack slots are accessible as they
    were before, with slot -1 corresponding to the last stack
    parameter. Stack slot indices >= 0 access the callee stack, with slot
    0 corresponding to the callee's saved return address, 1 corresponding
    to the saved frame pointer, 2 corresponding to the current function
    context, 3 corresponding to the frame marker/JSFunction, and slots 4
    and above corresponding to spill slots.

    The following changes were specifically     needed:

    * Frame     has been changed to explicitly manage three areas of the
      callee frame, the fixed header, the spill slot area, and the
      callee-saved register area.
    * Conversions from stack slot indices to fp offsets all now go through
      a common bottleneck: OptimizedFrame::StackSlotOffsetRelativeToFp
    * The generation of deoptimization translation tables has been changed
      to support the new stack slot indexing scheme. Crankshaft, which
      doesn't support the new slot numbering in its register allocator,
      must adapt the indexes when creating translation tables.
    * Callee-saved parameters are now kept below spill slots, not above,
      to support saving only the optimal set of used registers, which is
      only known after register allocation is finished and spill slots
      have been allocated.

BUG=

Review URL: https://codereview.chromium.org/1293103003

Cr-Commit-Position: refs/heads/master@{#30292}
2015-08-21 10:26:29 +00:00
chunyang.dai
8116f95c96 X87: [interpreter]: Changes to interpreter builtins for accumulator and register file registers.
port 00df60d1c6 (r30219).

original commit message:

    Makes the following modifications to the interpreter builtins and
    InterpreterAssembler:
     - Adds an accumulator register and initializes it to undefined()
     - Adds a register file pointer register and use it instead of FramePointer to
       access registers
     - Modifies builtin to support functions with 0 regiters in the register file
     - Modifies builtin to Call rather than TailCall to first bytecode handler.

BUG=

Review URL: https://codereview.chromium.org/1304593002

Cr-Commit-Position: refs/heads/master@{#30289}
2015-08-21 10:15:03 +00:00
chunyang.dai
682365d77f X87: [simd.js] Single SIMD128_VALUE_TYPE for all Simd128Values.
port f4c079d450 (r30107).

This is the appendix of 458dfe3b943edb3238917edfe9e2dde326cd1adb which misses
one modified file.

original commit message:

    There's no need to have one InstanceType per SIMD primitive type (this
    will not scale long-term).  Also reduce the amount of code duplication
    and make it more robust wrt adding new SIMD types.

BUG=

Review URL: https://codereview.chromium.org/1304963003

Cr-Commit-Position: refs/heads/master@{#30288}
2015-08-21 10:10:48 +00:00
titzer
ac3e24c96f Rename ParserInfo::function() and CompilationInfo::function() to literal().
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1301583005

Cr-Commit-Position: refs/heads/master@{#30254}
2015-08-19 16:51:51 +00:00
chunyang.dai
b46f0e9f46 X87: [simd.js] Single SIMD128_VALUE_TYPE for all Simd128Values.
port f4c079d450 (r30107).

original commit message:

    There's no need to have one InstanceType per SIMD primitive type (this
    will not scale long-term).  Also reduce the amount of code duplication
    and make it more robust wrt adding new SIMD types.

BUG=

Review URL: https://codereview.chromium.org/1286313003

Cr-Commit-Position: refs/heads/master@{#30241}
2015-08-19 03:18:55 +00:00
mstarzinger
25ee6d666c Remove grab-bag includes of v8.h from architecture ports.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1299563003

Cr-Commit-Position: refs/heads/master@{#30187}
2015-08-17 09:42:37 +00:00
bmeurer
9780ddeb96 [runtime] Unify and fix the strict equality comparison.
Add Object::StrictEquals to unify the implementation of strict equality
comparison in the runtime and the api (the api was already missing a
case for SIMD).  Now we (almost) have a single bottleneck for strict
equality, we just need to reduce the amount of unnecessary complexity
for the code stub.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1298603002

Cr-Commit-Position: refs/heads/master@{#30186}
2015-08-17 08:02:08 +00:00
chunyang.dai
8eeec89b9f X87: [compiler] Remove broken support for undetectable strings.
port b62dbf1efd (r30132).

original commit messge:

    Support for undetectable strings was officially dropped in
    https://codereview.chromium.org/916753002, but the compilers
    weren't fixed properly.

BUG=

Review URL: https://codereview.chromium.org/1287173002

Cr-Commit-Position: refs/heads/master@{#30156}
2015-08-13 13:32:05 +00:00
yangguo
67e4b3732a Move regexp implementation into its own folder.
Review URL: https://codereview.chromium.org/1285163003

Cr-Commit-Position: refs/heads/master@{#30144}
2015-08-13 06:55:36 +00:00
jfb
a904b569a2 Security: disable nontemporals.
The operations were available on ARM64 and x86-32 but were unused.

It has been conjectured that nontemporals can be used for rowhammer-like bitflips more easily than regular load/store operations. It is therefore desirable to avoid generating these instructions in the future.

R= titzer, jochen, jln, Mark Seaborn, ruiq

Review URL: https://codereview.chromium.org/1276113002

Cr-Commit-Position: refs/heads/master@{#30139}
2015-08-12 16:58:06 +00:00
mstarzinger
19a49abf02 Realize IWYU pattern for frames-inl.h header.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1283183002

Cr-Commit-Position: refs/heads/master@{#30127}
2015-08-12 10:28:47 +00:00
mstarzinger
00a07bc1b7 Remove inline header includes from non-inline headers (1).
This tries to remove includes of "-inl.h" headers from normal ".h"
headers, thereby reducing the chance of any cyclic dependencies and
decreasing the average size of our compilation units.

Note that this change still leaves 7 violations of that rule in the
code. However there now is the "tools/check-inline-includes.sh" tool
detecting such violations.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1283033003

Cr-Commit-Position: refs/heads/master@{#30125}
2015-08-12 07:32:54 +00:00
bmeurer
6c743b2b39 [runtime] Store constructor function index on primitive maps.
This way we can greatly simplify the different variants of ToObject in
our codebase and make them more uniform and robust.  Adding a new
primitive doesn't require finding and changing all those places again,
but it is sufficient to setup the constructor function index when
allocating the map.

We use the inobject properties field of Map, which is invalid primitive
maps anyway.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1276533003

Cr-Commit-Position: refs/heads/master@{#30119}
2015-08-11 19:36:14 +00:00
mstarzinger
58109a2c50 Remove several grab-bag includes from the v8.h header.
This is the first step of turning the v8.h file into a normal header
instead of an include-the-world header. The new rule is that no other
header files are allowed to include v8.h, which is enforced by DEPS.

Also the number of includes inside the v8.h file has been drastically
reduced. Basically the last missing piece is the inclusion of the big
objects-inl.h file.

This in turn makes many headers follow the IWYU principle.

R=bmeurer@chromium.org,hpayer@chromium.org,titzer@chromium.org

Review URL: https://codereview.chromium.org/1282503003

Cr-Commit-Position: refs/heads/master@{#30102}
2015-08-11 07:34:17 +00:00
titzer
7a222c612d [turbofan] Remove architecture-specific linkage files and LinkageTraits. Use macro-assembler-defined constants.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1272883003

Cr-Commit-Position: refs/heads/master@{#30063}
2015-08-07 10:45:43 +00:00
mstarzinger
899c4284d5 Cleanup unnecessary duplication of runtime functions.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1269323003

Cr-Commit-Position: refs/heads/master@{#30023}
2015-08-05 11:22:21 +00:00
bbudge
7b9670b63b SIMD.js Add the other SIMD Phase 1 types.
Adds Int32x4, Bool32x4, Int16x8, Bool16x8, Int8x16, Bool8x16.
Adds Simd128Value base heap object class.
Changes heap/factory construction pattern to use arrays.
Adds replaceLane functions to facilitate testing.

NOPRESUBMIT=true
(presubmit checks erroneously interpret array declaration in macro definition as variable size array.)

LOG=Y
BUG=v8:4124

Review URL: https://codereview.chromium.org/1250733005

Cr-Commit-Position: refs/heads/master@{#29974}
2015-08-03 13:02:56 +00:00
chunyang.dai
200d49bf4a X87: VectorICs: refactoring to eliminate "for queries only" vector ic mode.
port 1a5751f9b3 (r29956)

original commit message:

    Since we need the notion of a dummy vector ic, we can use that to avoid
    a special case of the IC constructor. Also, consolidate the two dummy
    ICs into one.

BUG=

Review URL: https://codereview.chromium.org/1265113002

Cr-Commit-Position: refs/heads/master@{#29963}
2015-08-03 03:09:15 +00:00
bmeurer
4fc6f54724 [stubs] Unify (and optimize) implementation of ToObject.
This is the initial (big) step towards a more uniform implementation of
the ToObject abstract operation (ES6 7.1.13), where we have a fallback
implementation in JSReceiver::ToObject() and a fast (hydrogen) CodeStub
to deal with the fast case (we should be able to do more cleanup on this
in a followup CL).  For natives we expose the abstract operation via a
%_ToObject intrinsic, also exposed via a macro TO_OBJECT, that unifies
the previous confusion with TO_OBJECT_INLINE, ToObject, TO_OBJECT,
$toObject and %$toObject.  Now the whole implementation of the abstract
operation is context independent, meaning we don't need any magic in the
builtins object nor the native context.

R=mvstanton@chromium.org,yangguo@chromium.org

Review URL: https://codereview.chromium.org/1266013006

Cr-Commit-Position: refs/heads/master@{#29953}
2015-07-31 12:25:44 +00:00
yangguo
1667c15e37 Debugger: move implementation to a separate folder.
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1265923002

Cr-Commit-Position: refs/heads/master@{#29951}
2015-07-31 11:08:15 +00:00
chunyang.dai
230d0845b7 X87: [interpreter] Add Interpreter{Entry,Exit}Trampoline builtins.
port c5dd553cf3 (r29929).

original commit message:

    Adds interpreter entry and exit trampoline builtins. Also implements the
    Return bytecode handler and fixes a few bugs in InterpreterAssembler
    highlighted by running on other architectures.

BUG=

Review URL: https://codereview.chromium.org/1271433002

Cr-Commit-Position: refs/heads/master@{#29943}
2015-07-31 05:22:28 +00:00
bmeurer
5edd18fc2e [runtime] DeclareGlobals and DeclareLookupSlot don't need context parameters.
All runtime function get a context anyway, which is the same as the
explicit one in case of DeclareGlobals and DeclareLookupSlot. So
we can remove the additional parameter there.

As an additional bonus, improve the runtime interface to DeclareLookupSlot.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1261863002

Cr-Commit-Position: refs/heads/master@{#29923}
2015-07-30 09:30:00 +00:00
jochen
fded08f694 Reland of "Remove ExternalArray, derived types, and element kinds"
Original issue's description:
> Remove ExternalArray, derived types, and element kinds
>
> BUG=v8:3996
> R=jarin@chromium.org, mvstanton@chromium.org, bmeurer@chromium.org
> LOG=y
>
> Committed: https://crrev.com/607ef7c6009a24ebf195b4cab7b0b436c5afd21c
> Cr-Commit-Position: refs/heads/master@{#29872}

BUG=v8:3996
R=bmeurer@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1262583002

Cr-Commit-Position: refs/heads/master@{#29893}
2015-07-28 09:29:55 +00:00
chunyang.dai
029ca8ca6b X87: [stubs] Don't pass name to Load/StoreGlobalViaContext stubs.
port 5dff4bdff0 (r29886).

original commit message:

    No need to pass the name explicitly to the stubs; the runtime can
    extract the name from the ScopeInfo (the extension of the
    ScriptContext) on-demand easily without any performance impact.

BUG=

Review URL: https://codereview.chromium.org/1259063004

Cr-Commit-Position: refs/heads/master@{#29892}
2015-07-28 08:37:43 +00:00
chunyang.dai
02f097487c X87: [stubs] Properly handle read-only properties in StoreGlobalViaContextStub.
port cac64b9f63 (r29881)

original commit message:

    We don't need the hole check and slow runtime mode for read-only
    properties this way.

BUG=

Review URL: https://codereview.chromium.org/1263473002

Cr-Commit-Position: refs/heads/master@{#29891}
2015-07-28 08:34:43 +00:00
machenbach
814048a04f Revert of Remove ExternalArray, derived types, and element kinds (patchset #5 id:80001 of https://codereview.chromium.org/1254623002/)
Reason for revert:
[Sheriff] Breaks several layout tests, e.g.:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/1067

Several output lines change from PASS to FAIL. If the changes are intended, please land a needsmanualrebaseline change in blink first.

Original issue's description:
> Remove ExternalArray, derived types, and element kinds
>
> BUG=v8:3996
> R=jarin@chromium.org, mvstanton@chromium.org, bmeurer@chromium.org
> LOG=y
>
> Committed: https://crrev.com/607ef7c6009a24ebf195b4cab7b0b436c5afd21c
> Cr-Commit-Position: refs/heads/master@{#29872}

TBR=bmeurer@chromium.org,hpayer@chromium.org,jarin@chromium.org,mvstanton@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996

Review URL: https://codereview.chromium.org/1257223002

Cr-Commit-Position: refs/heads/master@{#29883}
2015-07-27 20:32:16 +00:00
jochen
607ef7c600 Remove ExternalArray, derived types, and element kinds
BUG=v8:3996
R=jarin@chromium.org, mvstanton@chromium.org, bmeurer@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1254623002

Cr-Commit-Position: refs/heads/master@{#29872}
2015-07-27 13:19:36 +00:00
chunyang.dai
5c5c55fb94 X87: implement MathPow stub for X87.
In CL 0fe2fbd173 the implementation of
  MathPow for all ports are unified and MathPow stub code is invoked.
  So we move the direct runtime function call from full-codegen to MathPow
  stub for X87 platform.

BUG=

Review URL: https://codereview.chromium.org/1258873002

Cr-Commit-Position: refs/heads/master@{#29865}
2015-07-27 10:05:43 +00:00
ishell
156042f7f7 Cross-script variables handling fixed. It was possible to write to read-only global variable.
Review URL: https://codereview.chromium.org/1259853002

Cr-Commit-Position: refs/heads/master@{#29860}
2015-07-27 05:53:05 +00:00
yangguo
3be39a24bf Move Full-codegen into its own folder.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1248443003

Cr-Commit-Position: refs/heads/master@{#29840}
2015-07-24 10:11:57 +00:00
chunyang.dai
4c6989914e X87: [stubs] Optimize LoadGlobalViaContextStub and StoreGlobalViaContextStub.
port d6ee366d5c (r29834).

original commit message:

    This is the initial round of optimizations for the
    LoadGlobalViaContextStub and StoreGlobalViaContextStub, basically
    turning them into platform code stubs to avoid the Crankshaft overhead
    in the fast case, and making the runtime interface cheaper.

BUG=

Review URL: https://codereview.chromium.org/1258513003

Cr-Commit-Position: refs/heads/master@{#29839}
2015-07-24 10:08:54 +00:00
chunyang.dai
2571c69dcb X87: Unify "runtime-style" IC functions with Runtime intrinsics
port bc8041dc2b (r29811).

original commit message:

    Previous to this CL, ICs used a slightly different code idiom
    to get to C++ code from generated code than runtime intrinsics,
    using an IC_Utility class that in essence provided exactly
    the same functionality as Runtime::FunctionForId, but in its
    own quirky way.

    This CL unifies the two mechanisms, folding IC_Utility
    away by making all IC entry points in C++ code, e.g. IC
    miss handlers, full-fledged runtime intrinsics. This makes
    it possible to eliminate a bunch of ad-hoc declarations and
    adapters that the IC system had to needlessly re-invent.

    As a bonus and the original reason for this yak-shave:
    IC-related C++ runtime functions are now callable from
    TurboFan.

BUG=

Review URL: https://codereview.chromium.org/1252903002

Cr-Commit-Position: refs/heads/master@{#29837}
2015-07-24 09:59:07 +00:00
chunyang.dai
1359017f80 X87: HydrogenCodeStubs consume stack arguments via descriptor.
port 3334b830a5 (r20813).

original commit message:

    HydrogenCodeStubs consume stack arguments via descriptor.

    All of this is controlled by the CallDescriptor. It's simply the case
    that if you specify less registers than the function arity calls for,
    the rest are assumed to be on the stack.

    Bailout handlers accept these constant stack arguments too.

BUG=

Review URL: https://codereview.chromium.org/1258553002

Cr-Commit-Position: refs/heads/master@{#29836}
2015-07-24 09:57:49 +00:00
chunyang.dai
1dfcf3506c X87: Eliminate redundant descriptor ElementTransitionAndStoreDescriptor.
port 26ffee2c71 (r29789).

original commit message:

    It's just the same as StoreTransitionDescriptor.

BUG=

Review URL: https://codereview.chromium.org/1253573004

Cr-Commit-Position: refs/heads/master@{#29831}
2015-07-24 06:22:29 +00:00
chunyang.dai
5cdb1cee4b X87: Fix pushing of register in CallConstructStub outside frame.
port 1f295980b7 (r29787).

original commit message:

    This fixes a recent regression where the register holding the original
    receiver was pushed onto the stack before the internal frame within the
    CallStubInRecordCallTarget helper was created. That in turn confused
    the stack walker when allocations in these stubs failed.

BUG=

Review URL: https://codereview.chromium.org/1247493004

Cr-Commit-Position: refs/heads/master@{#29828}
2015-07-24 06:19:11 +00:00
mostynb
ff5444199a convert a bunch of DCHECKs to STATIC_ASSERT
Review URL: https://codereview.chromium.org/1251593009

Cr-Commit-Position: refs/heads/master@{#29825}
2015-07-23 23:35:14 +00:00
danno
bc8041dc2b Unify "runtime-style" IC functions with Runtime intrinsics
Previous to this CL, ICs used a slightly different code idiom
to get to C++ code from generated code than runtime intrinsics,
using an IC_Utility class that in essence provided exactly
the same functionality as Runtime::FunctionForId, but in its
own quirky way.

This CL unifies the two mechanisms, folding IC_Utility
away by making all IC entry points in C++ code, e.g. IC
miss handlers, full-fledged runtime intrinsics. This makes
it possible to eliminate a bunch of ad-hoc declarations and
adapters that the IC system had to needlessly re-invent.

As a bonus and the original reason for this yak-shave:
IC-related C++ runtime functions are now callable from
TurboFan.

Review URL: https://codereview.chromium.org/1248303002

Cr-Commit-Position: refs/heads/master@{#29811}
2015-07-23 13:32:26 +00:00
yangguo
0fe2fbd173 Reduce duplicate code in full-codegen across platforms.
R=mvstanton@chromium.org

Committed: https://crrev.com/937d4efbf9c399339fdc8e041bec8e80baa7b58f
Cr-Commit-Position: refs/heads/master@{#29798}

Review URL: https://codereview.chromium.org/1255613002

Cr-Commit-Position: refs/heads/master@{#29805}
2015-07-23 11:46:07 +00:00
yangguo
8de3518e3a Revert of Reduce duplicate code in full-codegen across platforms. (patchset #1 id:1 of https://codereview.chromium.org/1255613002/)
Reason for revert:
breaks mips

Original issue's description:
> Reduce duplicate code in full-codegen across platforms.
>
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/937d4efbf9c399339fdc8e041bec8e80baa7b58f
> Cr-Commit-Position: refs/heads/master@{#29798}

TBR=mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1252513004

Cr-Commit-Position: refs/heads/master@{#29802}
2015-07-23 09:50:34 +00:00
yangguo
937d4efbf9 Reduce duplicate code in full-codegen across platforms.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1255613002

Cr-Commit-Position: refs/heads/master@{#29798}
2015-07-23 08:23:30 +00:00
jochen
4da289c55a Store offset between fixed typed array base and data start in object
The layout of fixed typed array base is then capable of handling
external typed arrays as well. In a follow-up CL, I'll delete external
typed arrays, and use fixed typed array base instead

BUG=v8:3996
R=jarin@chromium.org,mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1248483007

Cr-Commit-Position: refs/heads/master@{#29786}
2015-07-22 10:32:25 +00:00
chunyang.dai
65f18c9d6c X87: Debugger: prepare code for debugging on a per-function basis.
port 35c28ce0a7 (r29758).

original commit message:

    Prior to this patch, we enter a global debug mode whenever a break point
    is set. By entering this mode, all code is deoptimized and activated
    frames are recompiled and redirected to newly compiled debug code.

    After this patch, we only deoptimize/redirect for functions we want to
    debug. Trigger for this is Debug::EnsureDebugInfo, and having DebugInfo
    object attached to the SFI prevents optimization/inlining.

    The result is that we can have optimized code for functions without break
    points alongside functions that do have break points, which are not
    optimized.

BUG=

Review URL: https://codereview.chromium.org/1249503002

Cr-Commit-Position: refs/heads/master@{#29765}
2015-07-21 02:52:35 +00:00
jochen
4e263bc581 Add support for adding an external and a tagged pointer
This will be used to compute the base pointer of the new unified
representation for both on-heap and external typed arrays. The idea is
that either the external or the tagged pointer is 0 (although in
practice, if the tagged pointer is non-0, the external pointer will
contain the offset from the start of the on-heap typed array to the data
in the on-heap typed array).

The HAdd is marked as depending on new-space promotion, as the tagged
pointer might move during GC, and so the result of the addition needs to
be recomputed.

BUG=v8:3996
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1244693002

Cr-Commit-Position: refs/heads/master@{#29760}
2015-07-20 15:18:00 +00:00
mstarzinger
ce6d2241bc Add function literal variable to declaration list.
This adds the implicit function variable for a function literal to the
declarations list in scope analysis, instead of specially handling it
throughout all back-ends.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1245603003

Cr-Commit-Position: refs/heads/master@{#29754}
2015-07-20 14:15:14 +00:00
ishell
cc66a1c64e Crankshaft part of the 'loads and stores to global vars through property cell shortcuts' feature.
BUG=chromium:510738
LOG=N

Review URL: https://codereview.chromium.org/1228113008

Cr-Commit-Position: refs/heads/master@{#29743}
2015-07-20 08:49:28 +00:00
chunyang.dai
3536562e18 X87: Fix memento initialization when constructing from new call
port 3285e3bf07 (r29719).

original commit message:

  Additionally, push the allocation site or undefined independently of creatin

BUG=

Review URL: https://codereview.chromium.org/1229023003

Cr-Commit-Position: refs/heads/master@{#29723}
2015-07-17 10:07:15 +00:00
bbudge
6113058427 Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29712}
2015-07-16 19:43:32 +00:00
mstarzinger
0dcba070a9 Remove obsolete %CallSuperWithSpread intrinsic.
The aforementioned intrinsic is no longer needed and can be fully
desugared now that binding assignments to 'this' are explicit.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1234383002

Cr-Commit-Position: refs/heads/master@{#29706}
2015-07-16 15:07:59 +00:00
mstarzinger
07dc66dcd5 Represent implicit 'this' binding by 'super' in AST.
This makes the implicit initializing assignment to 'this' performed
after a super constructor call explicit in the AST. It removes the
need to handle the special case where a CallExpression behaves like a
AssignmentExpression from various AstVisitor implementations.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1226123010

Cr-Commit-Position: refs/heads/master@{#29705}
2015-07-16 14:26:31 +00:00
hablich
40c38c5a5a Revert of Expose SIMD.Float32x4 type to Javascript. (patchset #14 id:450001 of https://codereview.chromium.org/1219943002/)
Reason for revert:
Seems to brake the latest roll into Chromium: http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_compile_dbg_ng/builds/59796/steps/compile%20%28with%20patch%29/logs/stdio

Original issue's description:
> Expose SIMD.Float32x4 type to Javascript.
> This CL exposes the constructor function, defines type related
> information, and implements value type semantics.
> It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
>
> TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
>
> LOG=Y
> BUG=v8:4124
>
> Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
> Cr-Commit-Position: refs/heads/master@{#29689}

TBR=rossberg@chromium.org,littledan@chromium.org,martyn.capewell@arm.com,bbudge@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review URL: https://codereview.chromium.org/1241533004

Cr-Commit-Position: refs/heads/master@{#29701}
2015-07-16 12:36:11 +00:00
chunyang.dai
c6d42c7d6c X87: Switch CallConstructStub to take new.target in register.
original commit message:

    This changes the calling convention of the CallConstructStub to take
    the original constructor (i.e. new.target in JS-speak) in a register
    instead of magically via the operand stack. For optimizing compilers
    the operand stack doesn't exist, hence cannot be peeked into.

BUG=

Review URL: https://codereview.chromium.org/1235273003

Cr-Commit-Position: refs/heads/master@{#29695}
2015-07-16 08:53:06 +00:00
chunyang.dai
1d92165049 X87: Debugger: use debug break slots to break at function exit.
port fc9c5275c3 (r29672).

original commit message:

    Debugger: use debug break slots to break at function exit.

    By not having to patch the return sequence (we patch the debug
    break slot right before it), we don't overwrite it and therefore
    don't have to keep the original copy of the code around.

BUG=

Review URL: https://codereview.chromium.org/1236023007

Cr-Commit-Position: refs/heads/master@{#29694}
2015-07-16 08:49:41 +00:00
bbudge
e5ed3bee99 Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29689}
2015-07-15 19:17:06 +00:00
machenbach
c63e50edc9 Reland Update V8 DEPS.
Rolling v8/tools/clang to 58128abd44c22255def1163d30bc9bb2cc85e15c

Reland after https://codereview.chromium.org/1241643002/

TBR=jochen@chromium.org, thakis@chromium.org

Review URL: https://codereview.chromium.org/1237793003

Cr-Commit-Position: refs/heads/master@{#29673}
2015-07-15 10:32:03 +00:00
conradw
f996793ec0 [strong] class objects created in strong mode have their prototype frozen
BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1235983002

Cr-Commit-Position: refs/heads/master@{#29646}
2015-07-14 11:31:47 +00:00
chunyang.dai
f3b843bb98 X87: Fix keyed element access wrt string wrappers
port 01f40e6ad6 (r29618).

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1233033004

Cr-Commit-Position: refs/heads/master@{#29644}
2015-07-14 10:13:10 +00:00
chunyang.dai
4fc51603b7 X87: Cleanup Generate_JSConstructStubHelper a bit.
port 6ddcd32786 (r29617)

original commit message:

  Cleanup Generate_JSConstructStubHelper a bit.

BUG=

Review URL: https://codereview.chromium.org/1237013002

Cr-Commit-Position: refs/heads/master@{#29643}
2015-07-14 10:11:06 +00:00
chunyang.dai
0b6af2c415 X87: Debugger: record reloc info for debug break slot immediate before the slot.
port 0a19e44925 (r29568)

original commit message:

    If we do it too early, we might get a constant pool between the reloc info
    and the actual slot.

Review URL: https://codereview.chromium.org/1228923003

Cr-Commit-Position: refs/heads/master@{#29642}
2015-07-14 09:59:26 +00:00
yangguo
dec11f5ee0 Debugger: make debug code on-stack replacement more robust.
The new implemtation counts the number of calls (or continuations)
before the PC to find the corresponding PC in the new code.

R=mstarzinger@chromium.org
BUG=chromium:507070
LOG=N

Review URL: https://codereview.chromium.org/1235603002

Cr-Commit-Position: refs/heads/master@{#29636}
2015-07-14 06:38:53 +00:00
chunyang.dai
f9d435d241 X87: Remove separate construct stub for new.target users.
port e50c861b09 (r29562)

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1232833002

Cr-Commit-Position: refs/heads/master@{#29631}
2015-07-14 02:45:44 +00:00
chunyang.dai
a5458c9221 X87: Debugger: use debug break slot to break on call.
port 8965b683ce (r29561)

original commit message:

    Break point at calls are currently set via IC. To change this, we
    need to set debug break slots instead. We also need to distinguish
    those debug break slots as calls to support step-in.

    To implement this, we add a data field to debug break reloc info to
    indicate non-call debug breaks or in case of call debug breaks, the
    number of arguments. We can later use this to find the callee on the
    evaluation stack in Debug::PrepareStep.

BUG=

Review URL: https://codereview.chromium.org/1233823002

Cr-Commit-Position: refs/heads/master@{#29630}
2015-07-14 02:34:46 +00:00
chunyang.dai
1b20d50594 X87: Reland: Add unoptimized/optimized variants of MathFloor TF code stub
port 737b8573f8 (r29539)

original commit message:

    - Add a TurboFanIC class, derived from TurboFanCodeStub, that
      automatically distinguishes between versions of the IC called from
      optimized and unoptimized code.
    - Add appropriate InterfaceDescriptors for both the versions of the
      stub called from unoptimized and optimized code
    - Change the MathFloor TF stub generator to output either the
      for-optimized or for-unoptimized version based on the minor_key
      parameter.

BUG=

Review URL: https://codereview.chromium.org/1235823002

Cr-Commit-Position: refs/heads/master@{#29628}
2015-07-14 02:28:47 +00:00
ishell
fec3c9cba6 TypeofMode replaces TypeofState and ContextualMode.
NON_CONTEXTUAL ~> INSIDE_TYPEOF
CONTEXTUAL ~> NOT_INSIDE_TYPEOF

Review URL: https://codereview.chromium.org/1227893005

Cr-Commit-Position: refs/heads/master@{#29611}
2015-07-13 13:39:43 +00:00
mstarzinger
79a3cb2eac Our JavaScriptFrame::function_slot_object is arch independent.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1235893002

Cr-Commit-Position: refs/heads/master@{#29607}
2015-07-13 12:45:29 +00:00
yangguo
198c75f6cd Debugger: refactor reloc info.
- split relocation info for debug break slots for
  - calls (with call arguments count as data)
  - construct calls
  - normal slots
- renamed DEBUG_BREAK into DEBUGGER_STATEMENT
- removed unused IC state for Debug stubs

R=ulan@chromium.org
BUG=v8:4269
LOG=N

Review URL: https://codereview.chromium.org/1232803002

Cr-Commit-Position: refs/heads/master@{#29603}
2015-07-13 12:32:24 +00:00
machenbach
c59fdf929c Revert of Update V8 DEPS. (patchset #3 id:40001 of https://codereview.chromium.org/1232583002/)
Reason for revert:
[Sheriff] Looks like another clang option got deprecated: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20ASAN%20mipsel%20-%20debug%20builder/builds/326

Original issue's description:
> Update V8 DEPS.
>
> Rolling v8/tools/clang to 58128abd44c22255def1163d30bc9bb2cc85e15c
>
> Original CL: https://codereview.chromium.org/1232043002/
>
> BUG=
>
> Committed: https://crrev.com/6211e1660492f653d30ddd1336bce6f9083ede94
> Cr-Commit-Position: refs/heads/master@{#29598}

TBR=jochen@chromium.org,akos.palfi@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1232803003

Cr-Commit-Position: refs/heads/master@{#29600}
2015-07-13 11:45:28 +00:00
machenbach
6211e16604 Update V8 DEPS.
Rolling v8/tools/clang to 58128abd44c22255def1163d30bc9bb2cc85e15c

Original CL: https://codereview.chromium.org/1232043002/

BUG=

Review URL: https://codereview.chromium.org/1232583002

Cr-Commit-Position: refs/heads/master@{#29598}
2015-07-13 10:59:07 +00:00
ishell
f87286e2db Loads and stores to global vars are now made via property cell shortcuts installed into parent script context.
This CL also adds hydrogen stubs for global loads and global stores, full-codegen and TurboFan now uses this machinery.

Review URL: https://codereview.chromium.org/1224793002

Cr-Commit-Position: refs/heads/master@{#29592}
2015-07-13 09:18:57 +00:00
mstarzinger
2027335f1c Remove unused byte from Map::instance_sizes field.
Note that there are currently no objects that require a pre-allocated
properties backing store, all such slots are in-object properties from
the begining. Hence {unused + pre_allocated - inobject == 0} holds.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1226203011

Cr-Commit-Position: refs/heads/master@{#29590}
2015-07-13 08:26:36 +00:00
ishell
f043ab8618 Use FullCodeGenerator::EmitGlobalVariableLoad() where possible to avoid code duplication.
Review URL: https://codereview.chromium.org/1222203007

Cr-Commit-Position: refs/heads/master@{#29520}
2015-07-07 15:04:53 +00:00
mstarzinger
a104e7c9b4 Cleanup frame description constant.
This unifies the existing frame constants that are the same accross all
architectures. It also adds a new kOriginalConstructorOffset constant
for construct frames and uses is in full-codegen.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1220223005

Cr-Commit-Position: refs/heads/master@{#29509}
2015-07-07 08:14:30 +00:00
chunyang.dai
c935d2b9ee X87: Debugger: use debug break slots instead of ICs (except for calls).
port a8a4c364c2 (r29487).

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1227603002

Cr-Commit-Position: refs/heads/master@{#29508}
2015-07-07 08:04:22 +00:00
ishell
8fe17a6780 Support for global var shortcuts in script contexts.
Review URL: https://codereview.chromium.org/1218783005

Cr-Commit-Position: refs/heads/master@{#29498}
2015-07-06 16:36:39 +00:00
verwaest
c8211b64cd Distinguish slow from fast sloppy arguments
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1221713003

Cr-Commit-Position: refs/heads/master@{#29447}
2015-07-02 14:38:53 +00:00
chunyang.dai
70bb2372a2 X87: Make context register implicit for CallInterfaceDescriptors
port 7015fd2053 (r29402)

original commit message:

    Up until now the context register was listed explicitly in each stub's
    CallInterfaceDescriptor. This was problematic, because it was listed
    first in the list of register parameters--which is fine for Crankshaft,
    which is more or less built to handle the context as the first
    parameter-- but not ideal for TurboFan, which adds the context at
    the end of all function parameters. Now the context register is no
    longer in the register list and can be handled appropriately by both
    compilers. Specifically, this allows the FunctionType specified for
    each CallInterfaceDescriptor to exactly match the parameter register
    list.

BUG=

Review URL: https://codereview.chromium.org/1216543004

Cr-Commit-Position: refs/heads/master@{#29433}
2015-07-02 04:08:33 +00:00
chunyang.dai
b913e2a97a X87: [es6] Make new.target work in functions.
port 7a63bf77eb (r29358).

original commit message:

    This makes new.target work in [[Call]] and [[Construct]] of ordinary
    functions.

    We achieve this by introducing a new construct stub for functions that
    uses the new.target variable. The construct stub pushes the original
    constructor just above the receiver in the construct frame.

BUG=

Review URL: https://codereview.chromium.org/1217083004

Cr-Commit-Position: refs/heads/master@{#29413}
2015-07-01 12:05:27 +00:00
chunyang.dai
fb1329aa2d X87: Unify the stack layout for construct frames.
port 876ae42598 (r29292).

original commit message:

   The stack layout was different for different ports.

BUG=

Review URL: https://codereview.chromium.org/1219823002

Cr-Commit-Position: refs/heads/master@{#29412}
2015-07-01 12:03:40 +00:00
chunyang.dai
b0555da826 X87: VectorICs: Lithium support for vector-based stores.
port 8a3cf4ecef (r29310).

BUG=

Review URL: https://codereview.chromium.org/1213373002

Cr-Commit-Position: refs/heads/master@{#29411}
2015-07-01 11:59:47 +00:00
chunyang.dai
f80fd37260 X87: [ic] Record call counts for monomorphic calls made with an IC.
port c1a4f7477f (r29281).

original commit message:

   The idea is that TurboFan can use this information for more intelligent
   inlining.

BUG=

Review URL: https://codereview.chromium.org/1213723005

Cr-Commit-Position: refs/heads/master@{#29409}
2015-07-01 11:39:20 +00:00
chunyang.dai
aaa92726f0 X87: Use big-boy Types to annotate interface descriptor parameters.
port c019d7f498 (r29248).

original commit message:

    Use big-boy Types to annotate interface descriptor parameters

    - Thread Type::FunctionType through stubs and the TF pipeline.
    - Augment Typer to decorate parameter nodes with types from
      a Type::FunctionType associated with interface descriptors.
    - Factor interface descriptors into platform-specific and
      platform-independent components so that all descriptors share
      a common Type::FunctionType for all platforms.

BUG=

Review URL: https://codereview.chromium.org/1210463002

Cr-Commit-Position: refs/heads/master@{#29406}
2015-07-01 11:28:03 +00:00
chunyang.dai
18d27f1935 X87: Do not add extra argument for new.target.
port 8196c28a94 (r29238).

original commit message:

  JSConstructStub for subclass constructors instead locates new.target in
  a known location on the stack.

BUG=

Review URL: https://codereview.chromium.org/1207613003

Cr-Commit-Position: refs/heads/master@{#29398}
2015-07-01 01:57:30 +00:00
chunyang.dai
32f32bdf12 X87: Clean up JSConstructStub.
port 882055ff6a (r29082).

   The original CL covers part of X87 port. This CL addes the missing changes.

original commit message:

  - fix truthfulness of comments
    - use InitializeFieldsWithFiller more consistently
    - use unsigned comparisons for pointers

    No change in functionality intended.

    Bonus: improve JavaScriptFrame::Print() for an enhanced debugging experience:

BUG=

Review URL: https://codereview.chromium.org/1210153007

Cr-Commit-Position: refs/heads/master@{#29397}
2015-07-01 01:52:12 +00:00
conradw
7281f80151 [strong] Implement strong property access semantics
Revert "Revert relanded strong property access CL"

Regression issues should be solved. Initial patchset is the original, subsequent patchsets are the fixing modifications.

This reverts commit 4ac7be5656.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1199983002

Cr-Commit-Position: refs/heads/master@{#29384}
2015-06-30 15:24:43 +00:00
conradw
f5cc091f8f [strong] Implement strong mode semantics for the count operation.
Also fixes a crankshaft bug with strong implicit conversions.

It turns out that the implicit conversion of oddball values
is smushed into so many places in crankshaft that it would
have been pretty invasive surgery to make everything fall
out naturally.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1216463003

Cr-Commit-Position: refs/heads/master@{#29381}
2015-06-30 14:22:08 +00:00
mstarzinger
a7697bdcc7 Fix clobbered register when setting this_function variable.
Reland of https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-498022
BUG=chromium:498022
LOG=N

Review URL: https://codereview.chromium.org/1214483008

Cr-Commit-Position: refs/heads/master@{#29372}
2015-06-30 10:39:16 +00:00
bmeurer
9ad117657b [turbofan] Use proper eager deopts for %_ThrowNotDateError().
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1210863002

Cr-Commit-Position: refs/heads/master@{#29309}
2015-06-26 05:56:13 +00:00
wingo
40b7d874b2 Reapply "Fix receiver when calling eval() bound by with scope"
Originally applied in https://codereview.chromium.org/1202963005

BUG=v8:4214
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
LOG=N
R=arv@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1208873002

Cr-Commit-Position: refs/heads/master@{#29293}
2015-06-25 13:46:46 +00:00
yangguo
6434ec3087 Reland 2 "Keep a canonical list of shared function infos."
BUG=v8:4132
LOG=N

Review URL: https://codereview.chromium.org/1211803002

Cr-Commit-Position: refs/heads/master@{#29291}
2015-06-25 12:20:06 +00:00
yangguo
f7ef0c9921 Revert of Reland "Keep a canonical list of shared function infos." (patchset #3 id:40001 of https://codereview.chromium.org/1211453002/)
Reason for revert:
proxies test failing https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/903/steps/Mjsunit/logs/proxies

Original issue's description:
> Reland "Keep a canonical list of shared function infos."
>
> This reverts commit 3164aa7483.
>
> Committed: https://crrev.com/cacb646d80daa429f6915824a741f595db7d5044
> Cr-Commit-Position: refs/heads/master@{#29282}

TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1206263002

Cr-Commit-Position: refs/heads/master@{#29285}
2015-06-25 10:35:12 +00:00
yangguo
cacb646d80 Reland "Keep a canonical list of shared function infos."
This reverts commit 3164aa7483.

Review URL: https://codereview.chromium.org/1211453002

Cr-Commit-Position: refs/heads/master@{#29282}
2015-06-25 09:09:44 +00:00
machenbach
93d130ce70 Revert of Fix receiver when calling eval() bound by with scope (patchset #3 id:40001 of https://codereview.chromium.org/1202963005/)
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream blink first.
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Mac/builds/574

Please consider extra blink trybots on a reland.

Original issue's description:
> Fix receiver when calling eval() bound by with scope
>
> Thanks to André Bargull for the report.
>
> BUG=v8:4214
> LOG=N
> R=arv@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/3c5f0db3a1768ade68108bf003676ce378d1cbdc
> Cr-Commit-Position: refs/heads/master@{#29259}

TBR=arv@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4214

Review URL: https://codereview.chromium.org/1201273004

Cr-Commit-Position: refs/heads/master@{#29267}
2015-06-24 19:08:35 +00:00
wingo
3c5f0db3a1 Fix receiver when calling eval() bound by with scope
Thanks to André Bargull for the report.

BUG=v8:4214
LOG=N
R=arv@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1202963005

Cr-Commit-Position: refs/heads/master@{#29259}
2015-06-24 16:47:58 +00:00
adamk
3164aa7483 Revert "Keep a canonical list of shared function infos."
Speculative revert in the hopes of fixing serializer crashes seen in canary.

This reverts commit c166945083, as well as
followup change "Do not look for existing shared function info when compiling a new script."
(commit 7c43967bb7).

BUG=chromium:503552,v8:4132
TBR=yangguo@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1207583002

Cr-Commit-Position: refs/heads/master@{#29241}
2015-06-23 22:59:30 +00:00
chunyang.dai
771eb49171 X87: Built-in apply() performance benefits from an uninitialized IC.
port 2a3b057587 (r29175).

original commit message:

   Built-in apply() performance benefits from an uninitialized IC.

BUG=

Review URL: https://codereview.chromium.org/1199913007

Cr-Commit-Position: refs/heads/master@{#29213}
2015-06-23 06:56:10 +00:00
chunyang.dai
4960fc0b24 X87: Vector ICs: Turbofan vector store ic support
port 17c8ffeaa3 (r29173)

original commit message:

    Vector ICs: Turbofan vector store ic support

    Turbofan needs to pass vector slots around for named and keyed stores.
    Also, the CL addresses a missing slot for ClassLiterals.

BUG=

Review URL: https://codereview.chromium.org/1195793007

Cr-Commit-Position: refs/heads/master@{#29212}
2015-06-23 06:55:04 +00:00
bmeurer
f2ac852015 [date] Use explicit control flow to replace %_ThrowIfNotADate.
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1191283003

Cr-Commit-Position: refs/heads/master@{#29211}
2015-06-23 06:43:40 +00:00
conradw
4ac7be5656 Revert relanded strong property access CL
Reason:
Regressions in various benchmarks.

Revert "Revert of Revert of [strong] Implement strong mode restrictions on property access (patchset #1 id:1 of https://codereview.chromium.org/1189153002/)"

This reverts commit 41405c0470.

Revert "X87: Revert of Revert of [strong] Implement strong mode restrictions on property access."

This reverts commit 48de5f4d6b.

Revert "Fix overlapping KeyedLoadIC bitfield."

This reverts commit 4e6c956abf.

Revert "MIPS64: Fix 'Revert of Revert of [strong] Implement strong mode restrictions on property access'."

This reverts commit 74f97b0d2a.

BUG=

Review URL: https://codereview.chromium.org/1199493002

Cr-Commit-Position: refs/heads/master@{#29166}
2015-06-19 19:00:53 +00:00
yangguo
c166945083 Keep a canonical list of shared function infos.
Each Script object now keeps a WeakFixedArray of SharedFunctionInfo
objects created from this script.

This way, when compiling a function, we do not create duplicate shared
function info objects when recompiling with either compiler.

This fixes a class of issues in the debugger, where we set break points
on one shared function info, but functions from duplicate shared function
infos are not affected.

LOG=N
BUG=v8:4132

Review URL: https://codereview.chromium.org/1183733006

Cr-Commit-Position: refs/heads/master@{#29151}
2015-06-19 14:40:32 +00:00
chunyang.dai
48de5f4d6b X87: Revert of Revert of [strong] Implement strong mode restrictions on property access.
port 41405c0470 (r29122).

   fix spelling error in r29122.

BUG=

Review URL: https://codereview.chromium.org/1197593002

Cr-Commit-Position: refs/heads/master@{#29133}
2015-06-19 07:20:35 +00:00
conradw
41405c0470 Revert of Revert of [strong] Implement strong mode restrictions on property access (patchset #1 id:1 of https://codereview.chromium.org/1189153002/)
Reason for revert:
Issue was ultimately caused/fixed by https://codereview.chromium.org/1194673002/

Original issue's description:
> Revert of [strong] Implement strong mode restrictions on property access (patchset #23 id:460001 of https://codereview.chromium.org/1168093002/)
>
> Reason for revert:
> Speculative revert, maybe breaks GC-stress
>
> http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/808
>
> Original issue's description:
> > [strong] Implement strong mode restrictions on property access
> >
> > Implements the strong mode proposal's restrictions on property access.
> >
> > To be fully explored in a followup: proxies, interceptors, access checks, load from super
> >
> > BUG=v8:3956
> > LOG=N
> >
> > Committed: https://crrev.com/85dbfb9a389e7b21bd2a63862202ee97fc5d7982
> > Cr-Commit-Position: refs/heads/master@{#29109}
>
> TBR=rossberg@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3956
>
> Committed: https://crrev.com/407657b706711fd5f8d417841e24b284886f3776
> Cr-Commit-Position: refs/heads/master@{#29115}

TBR=rossberg@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1185343005

Cr-Commit-Position: refs/heads/master@{#29122}
2015-06-18 17:17:07 +00:00
conradw
407657b706 Revert of [strong] Implement strong mode restrictions on property access (patchset #23 id:460001 of https://codereview.chromium.org/1168093002/)
Reason for revert:
Speculative revert, maybe breaks GC-stress

http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/808

Original issue's description:
> [strong] Implement strong mode restrictions on property access
>
> Implements the strong mode proposal's restrictions on property access.
>
> To be fully explored in a followup: proxies, interceptors, access checks, load from super
>
> BUG=v8:3956
> LOG=N
>
> Committed: https://crrev.com/85dbfb9a389e7b21bd2a63862202ee97fc5d7982
> Cr-Commit-Position: refs/heads/master@{#29109}

TBR=rossberg@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3956

Review URL: https://codereview.chromium.org/1189153002

Cr-Commit-Position: refs/heads/master@{#29115}
2015-06-18 13:40:20 +00:00
conradw
85dbfb9a38 [strong] Implement strong mode restrictions on property access
Implements the strong mode proposal's restrictions on property access.

To be fully explored in a followup: proxies, interceptors, access checks, load from super

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1168093002

Cr-Commit-Position: refs/heads/master@{#29109}
2015-06-18 11:55:45 +00:00
jkummerow
882055ff6a Clean up JSConstructStub
- fix truthfulness of comments
- use InitializeFieldsWithFiller more consistently
- use unsigned comparisons for pointers

No change in functionality intended.

Bonus: improve JavaScriptFrame::Print() for an enhanced debugging experience:

- print PC of each frame
- print the function's source also for optimized frames

Review URL: https://codereview.chromium.org/1186823003

Cr-Commit-Position: refs/heads/master@{#29082}
2015-06-17 11:58:30 +00:00
chunyang.dai
ebb0f9e52e X87: enable the X87 turbofan support.
This patch includes the following changes.
     1, Enable the turbofan backend support for X87 platform. It depends on previous CL: 3fdfebd26.
     2, Enable the test cases which are disabled because turbofan for X87 was not enabled.

BUG=v8:4135
LOG=N

Review URL: https://codereview.chromium.org/1179763004

Cr-Commit-Position: refs/heads/master@{#29049}
2015-06-16 11:23:19 +00:00
littledan
350a70e5ef Inline code generation for %_IsTypedArray
This patch implements %_IsTypedArray in fullcodegen, Hydrogen and
Turbofan in order to implement fast type checks to enable ES6
TypedArray features and semantics efficiently.

R=adamk,titzer
LOG=Y
BUG=v8:4085

Review URL: https://codereview.chromium.org/1183213002

Cr-Commit-Position: refs/heads/master@{#29033}
2015-06-15 22:16:43 +00:00
machenbach
06ac599d1e Revert of Fix clobbered register when setting this_function variable. (patchset #2 id:20001 of https://codereview.chromium.org/1185703002/)
Reason for revert:
[Sheriff] Makes mjsunit/es6/block-const-assign flaky, e.g.:
http://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/4082

Original issue's description:
> Fix clobbered register when setting this_function variable.
>
> R=arv@chromium.org
> TEST=mjsunit/regress/regress-crbug-498022
> BUG=chromium:498022
> LOG=N
>
> Committed: https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91
> Cr-Commit-Position: refs/heads/master@{#29020}

TBR=arv@chromium.org,rossberg@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:498022

Review URL: https://codereview.chromium.org/1184093003

Cr-Commit-Position: refs/heads/master@{#29022}
2015-06-15 11:56:25 +00:00
mstarzinger
bf2bbc8ba5 Fix clobbered register when setting this_function variable.
R=arv@chromium.org
TEST=mjsunit/regress/regress-crbug-498022
BUG=chromium:498022
LOG=N

Review URL: https://codereview.chromium.org/1185703002

Cr-Commit-Position: refs/heads/master@{#29020}
2015-06-15 10:18:57 +00:00
wingo
103fcfaa40 Add script context with context-allocated "const this"
This is a reapplication of https://codereview.chromium.org/1173333004.

R=rossberg@chromium.org
LOG=N
BUG=498811

Review URL: https://codereview.chromium.org/1178903003

Cr-Commit-Position: refs/heads/master@{#28998}
2015-06-12 12:34:24 +00:00
wingo
7063ed2de6 Revert of Add script context with context-allocated "const this" (patchset #2 id:20001 of https://codereview.chromium.org/1173333004/)
Reason for revert:
nosnap failure

Original issue's description:
> Add script context with context-allocated "const this"
>
> This is a reapplication of https://codereview.chromium.org/1179893002/.
>
> R=rossberg@chromium.org,mstarzinger@chromium.org
> LOG=N
> BUG=498811
>
> Committed: https://crrev.com/cfc764f4050edc74aef92daa4c39ccc113893968
> Cr-Commit-Position: refs/heads/master@{#28994}

TBR=mstarzinger@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=498811

Review URL: https://codereview.chromium.org/1177903004

Cr-Commit-Position: refs/heads/master@{#28996}
2015-06-12 11:53:11 +00:00
wingo
cfc764f405 Add script context with context-allocated "const this"
This is a reapplication of https://codereview.chromium.org/1179893002/.

R=rossberg@chromium.org,mstarzinger@chromium.org
LOG=N
BUG=498811

Review URL: https://codereview.chromium.org/1173333004

Cr-Commit-Position: refs/heads/master@{#28994}
2015-06-12 11:11:28 +00:00
machenbach
32e6455c1a Revert of Add script context with context-allocated "const this" (patchset #7 id:120001 of https://codereview.chromium.org/1179893002/)
Reason for revert:
[Sheriff] Breaks gc mole:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gcmole/builds/2435

Original issue's description:
> Add script context with context-allocated "const this"
>
> R=rossberg@chromium.org
> LOG=N
> BUG=498811
>
> Committed: https://crrev.com/fa32d461c16a053cc6d48d3fb326016bc2765765
> Cr-Commit-Position: refs/heads/master@{#28988}

TBR=rossberg@chromium.org,mstarzinger@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=498811

Review URL: https://codereview.chromium.org/1180043004

Cr-Commit-Position: refs/heads/master@{#28992}
2015-06-12 10:07:34 +00:00
wingo
fa32d461c1 Add script context with context-allocated "const this"
R=rossberg@chromium.org
LOG=N
BUG=498811

Review URL: https://codereview.chromium.org/1179893002

Cr-Commit-Position: refs/heads/master@{#28988}
2015-06-12 09:35:57 +00:00
cdai2
7e59d2603f X87: [strong] Refactor ObjectStrength into a replacement for strong boolean args
port dd85444951 (r28839)

original commit message:

    Boolean "is_strong" parameters have begun to proliferate across areas where
    strong mode semantics are different. This CL repurposes the existing
    ObjectStrength enum as a replacement for them.

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1173973002

Cr-Commit-Position: refs/heads/master@{#28952}
2015-06-11 15:57:17 +00:00
cdai2
3df35e3f94 X87: Vector ICs: ClassLiterals need to allocate a vector slot for home objects.
port b27016b78a (r28827).

original commit message:

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1178533002

Cr-Commit-Position: refs/heads/master@{#28951}
2015-06-11 15:56:04 +00:00
cdai2
2dd269f39a X87: Vector ICs: debugger should save registers for vector store ics.
port bd32a9f711 (r28825).

original commit message:

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1173963002

Cr-Commit-Position: refs/heads/master@{#28950}
2015-06-11 15:54:12 +00:00
cdai2
9afacc320f X87: Refactor lexical home object binding.
port 345fa142a9 (r28802).

    port of r28769 overwrite some of r28802 so we port them again.

original commit message:

    Before this we had 3 super related lexical bindings that got injected
    into method bodies: .home_object, .this_function,  and new.target.
    With this change we get rid of the .home_object one in favor of using
    .this_function[home_object_symbol] which allows some simplifications
    throughout the code base.

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1173933005

Cr-Commit-Position: refs/heads/master@{#28949}
2015-06-11 15:50:50 +00:00
cdai2
c8b7c2496d X87: [date] Refactor the %_DateField intrinsic to be optimizable.
port e4782a9b46 (r28782)

original commit message:

    Previously the %_DateField intrinsic would also check the object and
    throw an exception if you happen to pass something that is not a valid
    JSDate, which (a) violates our policy for instrinsics and (b) is hard to
    optimize in TurboFan (even Crankshaft has a hard time, but there we will
    never inline the relevant builtins, so it doesn't show up). The throwing
    part is now a separate intrinsics %_ThrowIfNotADate that throws an
    exception in full codegen and deoptimizes in Crankshaft, which means the
    code for the current use cases is roughly the same (modulo some register
    renamings/gap moves).

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1174913002

Cr-Commit-Position: refs/heads/master@{#28948}
2015-06-11 15:48:19 +00:00
jarin
1c5d4d7eda Make writing of frame translation platform independent.
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1175963002

Cr-Commit-Position: refs/heads/master@{#28923}
2015-06-11 06:09:13 +00:00
chunyang.dai
689a9ebedd X87: [es6] Super call in arrows and eval
port 4b8051a02a (r28769)

original commit message:

    This splits the SuperReference AST node into SuperPropertyReference and
    SuperCallReference. The super call reference node consists of three
    unresolved vars to this, new.target and this_function. These gets
    declared when the right function is entered and if it is in use. The
    variables gets assigned in FullCodeGenerator::Generate.

    This is a revert of the revert 88b1c9170a

BUG=

Review URL: https://codereview.chromium.org/1163983002

Cr-Commit-Position: refs/heads/master@{#28900}
2015-06-10 09:29:09 +00:00
chunyang.dai
0392d4f9fb X87: Build ObjectLiteral constant properties in the numbering phase.
port 450002f3a1 (r28749)

original commit message:

    It's necessary to do this in order to know how many type feedback vector slots
    we should allocate for the object literal.

BUG=

Review URL: https://codereview.chromium.org/1168563003

Cr-Commit-Position: refs/heads/master@{#28898}
2015-06-10 09:15:04 +00:00
mbrandy
e3d76269e8 Fix issues with Arm's use of embedded constant pools
- Introduce Assembler::DataAlign for table alignment in code object
- Fix several misuses of r8 (alias of the pool pointer register, pp)
- Fix calculation of pp in OSR/handler entry invocation
- Enable missing cases in deserializer
- Fix references to ool constant pools in comments.

R=rmcilroy@chromium.org, michael_dawson@ca.ibm.com
BUG=chromium:497180
LOG=N

Review URL: https://codereview.chromium.org/1155673005

Cr-Commit-Position: refs/heads/master@{#28873}
2015-06-09 16:00:25 +00:00
mstarzinger
c14ba5ec48 Drop computed handler count and index from AST.
These values were computed by the parser and hence out of sync with any
visitor over the AST. Our AST visitor aborts visitation of statement
lists as soon as a jump statement has been reached. Now handler tables
are guaranteed to be dense and fully populated.

R=ishell@chromium.org
TEST=mjsunit/regress/regress-crbug-493290
BUG=chromium:493290
LOG=N

Review URL: https://codereview.chromium.org/1157213004

Cr-Commit-Position: refs/heads/master@{#28846}
2015-06-08 18:19:40 +00:00
conradw
dd85444951 [strong] Refactor ObjectStrength into a replacement for strong boolean args
Boolean "is_strong" parameters have begun to proliferate across areas where
strong mode semantics are different. This CL repurposes the existing
ObjectStrength enum as a replacement for them.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1144183004

Cr-Commit-Position: refs/heads/master@{#28839}
2015-06-08 12:18:15 +00:00
jarin
9127d4eef4 Unify decoding of deoptimization translations.
This unifies methods Deoptimizer::DoTranslateCommand, Deotpimizer::DoTranslateObject and the arguments object materializer.

To unify these, we have to separate reading of the input frame from writing to the output frame because the argument materializer does not write to output frames.

Instead, we now deoptimize in following stages:

1. Read out the input frame/registers, decode them using the translations from the deoptimizer and store them in the deoptimizer (Deoptimizer::translated_state_). This is done in TranslatedState::Init.

2. Write out into the output frame buffer all the values that do not require allocation. We also remember references to the values that require materialization. As before, this is done in Deoptimizer::DoCompute*Frame method, but instead calling to DoTranslateCommand, we use the translated frame to obtain the values and write them to the output frames.

3. The platform specific code then sets up the output frames and calls into the deoptimization notification. This has not been changed at all.

4. Once the stack is setup, we handlify all the references in the saved translated values (TranslatedState::Prepare).

5. Finally, we materialize all the values we remembered in step (1) and write them to their frames on the stack (using the TranslatedValue::GetValue method).

BUG=

Review URL: https://codereview.chromium.org/1136223004

Cr-Commit-Position: refs/heads/master@{#28826}
2015-06-08 10:04:56 +00:00
arv
345fa142a9 Refactor lexical home object binding
Before this we had 3 super related lexical bindings that got injected
into method bodies: .home_object, .this_function,  and new.target.
With this change we get rid of the .home_object one in favor of using
.this_function[home_object_symbol] which allows some simplifications
throughout the code base.

BUG=v8:3768
LOG=N
R=adamk@chromium.org, wingo@igalia.com

Review URL: https://codereview.chromium.org/1154103005

Cr-Commit-Position: refs/heads/master@{#28802}
2015-06-04 16:22:41 +00:00
mbrandy
eac7f04669 Add support for Embedded Constant Pools for PPC and Arm
Embed constant pools within their corresponding Code
objects.

This removes support for out-of-line constant pools in favor
of the new approach -- the main advantage being that it
eliminates the need to allocate and manage separate constant
pool array objects.

Currently supported on PPC and ARM.  Enabled by default on
PPC only.

This yields a 6% improvment in Octane on PPC64.

R=bmeurer@chromium.org, rmcilroy@chromium.org, michael_dawson@ca.ibm.com
BUG=chromium:478811
LOG=Y

Review URL: https://codereview.chromium.org/1162993006

Cr-Commit-Position: refs/heads/master@{#28801}
2015-06-04 14:44:15 +00:00
mstarzinger
68beef53c3 Fix arrow functions requiring context without slots.
This fixes a corner-case where arrow functions that require a context
allocate none, because there are no additional slots allocated. Note
that this didn't happen with true function scopes because they always
had at least the receiver slot.

The outcome was a context chain that no longer was in sync with the
scope chain, hence context slot loads were bogus. This is observable
using the DYNAMIC_LOCAL optimization in all compilers.

R=rossberg@chromium.org,wingo@igalia.com
TEST=mjsunit/harmony/regress/regress-4160
BUG=v8:4160
LOG=N

Review URL: https://codereview.chromium.org/1146063006

Cr-Commit-Position: refs/heads/master@{#28788}
2015-06-03 11:32:31 +00:00
bmeurer
51439db3b2 Revert of Embedded constant pools. (patchset #12 id:220001 of https://codereview.chromium.org/1131783003/)
Reason for revert:
Breaks Linux nosnap cctest/test-api/FastReturnValuesWithProfiler, see http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug%20-%202/builds/609/steps/Check/logs/FastReturnValuesWithP..

Original issue's description:
> Add support for Embedded Constant Pools for PPC and Arm
>
> Embed constant pools within their corresponding Code
> objects.
>
> This removes support for out-of-line constant pools in favor
> of the new approach -- the main advantage being that it
> eliminates the need to allocate and manage separate constant
> pool array objects.
>
> Currently supported on PPC and ARM.  Enabled by default on
> PPC only.
>
> This yields a 6% improvment in Octane on PPC64.
>
> R=danno@chromium.org, svenpanne@chromium.org, bmeurer@chromium.org, rmcilroy@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
> BUG=chromium:478811
> LOG=Y
>
> Committed: https://crrev.com/a9404029343d65f146e3443f5280c40a97e736af
> Cr-Commit-Position: refs/heads/master@{#28770}

TBR=rmcilroy@chromium.org,ishell@chromium.org,rodolph.perfetta@arm.com,mbrandy@us.ibm.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:478811

Review URL: https://codereview.chromium.org/1155703006

Cr-Commit-Position: refs/heads/master@{#28772}
2015-06-03 03:02:40 +00:00
mbrandy
a940402934 Add support for Embedded Constant Pools for PPC and Arm
Embed constant pools within their corresponding Code
objects.

This removes support for out-of-line constant pools in favor
of the new approach -- the main advantage being that it
eliminates the need to allocate and manage separate constant
pool array objects.

Currently supported on PPC and ARM.  Enabled by default on
PPC only.

This yields a 6% improvment in Octane on PPC64.

R=danno@chromium.org, svenpanne@chromium.org, bmeurer@chromium.org, rmcilroy@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:478811
LOG=Y

Review URL: https://codereview.chromium.org/1131783003

Cr-Commit-Position: refs/heads/master@{#28770}
2015-06-02 22:50:12 +00:00
conradw
3f5cd321f1 [strong] create strong array literals
Copied, with permission, from https://codereview.chromium.org/1151853003/

Initial patch set is an unmodified copy, rebased on top of related fixes from
https://codereview.chromium.org/1158933002/

Subsequent patch sets contain fixes for remaining bugs in the CL.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1152093003

Cr-Commit-Position: refs/heads/master@{#28760}
2015-06-02 11:46:15 +00:00
chunyang.dai
388429e97c X87: [turbofan] First step towards sanitizing for-in and making it optimizable.
port e2e47f30be (r28711)

original commit message:

    [turbofan] First step towards sanitizing for-in and making it optimizable.

    In a nutshell: The FILTER_KEY builtin is gone, and was replaced by a
    simple runtime call to ForInFilter, which does everything and is even
    cheaper (because FILTER_KEY used to call into the runtime anyway).
    And ForInFilter returns either the name or undefined, which makes it
    possible to remove the control flow construction from the AstGraphBuilder,
    and thereby make both the initialization and the per-loop code of for-in
    optimizable later (in typed lowering).

BUG=

Review URL: https://codereview.chromium.org/1144143005

Cr-Commit-Position: refs/heads/master@{#28748}
2015-06-02 09:07:27 +00:00
erikcorry
4f5337a2b6 Cosmetic changes to tests to make it easier to concatenate them.
When compiling on a laptop I like to concatenate the small test files.
This makes a big difference to compile times. These changes make that
easier.

R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1163803002

Cr-Commit-Position: refs/heads/master@{#28742}
2015-06-01 22:47:08 +00:00
chunyang.dai
aa31176ab1 X87: [crankshaft] Record inlined shared function infos instead of closures.
port 388e791df9 (r28672).

original commit message:

   The list of inlined functions is used in exactly two places - for live
    edit and to prevent code flushing for inlined functions - and those are
    fine with SharedFunctionInfo and don't require a closure.

    This is one additional step towards inlining based on SharedFunctionInfo
    instead of JSFunction.

BUG=

Review URL: https://codereview.chromium.org/1143003003

Cr-Commit-Position: refs/heads/master@{#28719}
2015-06-01 09:11:43 +00:00
chunyang.dai
f1cc4ed2b2 X87: VectorICs: allocating slots for store ics in ast nodes.
port 5450fc07ba (r18659)

original commit message:

    Also adapt code generation to pass the slot to the
    store/keyed-store ic. AST nodes ObjectLiteral, Assignment,
    ForEach, Call and CountOperation now include one or more
    feedback vector ic slot ids.

BUG=

Review URL: https://codereview.chromium.org/1155383003

Cr-Commit-Position: refs/heads/master@{#28718}
2015-06-01 09:04:53 +00:00
chunyang.dai
b471651e96 X87: [es6] Support super.property in eval and arrow functions
port 44e9810345 (r28644)

original commit message:

    When we enter a method that needs access to the [[HomeObject]]
    we allocate a local variable `.home_object` and assign it the
    value from the [[HomeObject]] private symbol. Something along
    the lines of:

      method() {
        var .home_object = %ThisFunction()[home_object_symbol];
        ...
      }

BUG=

Review URL: https://codereview.chromium.org/1158543004

Cr-Commit-Position: refs/heads/master@{#28717}
2015-06-01 08:55:27 +00:00
chunyang.dai
5211fa0c59 X87: Move hash code from hidden string to a private symbol
port eca5b5d7ab (r28622).

original commit message:

   * Hash code is now just done with a private own symbol instead of the hidden string, which predates symbols.
    * In the long run we should do all hidden properties this way and get rid of the
    hidden magic 0-length string with the zero hash code.  The advantages include
    less complexity and being able to do things from JS in a natural way.
    * Initially, the performance of weak set regressed, because it's a little harder
    to do the lookup in C++.  Instead of heroics in C++ to make things faster I
    moved some functionality into JS and got the performance back. JS is supposed to be good at looking up named properties on objects.
    * This also changes hash codes of Smis so that they are always Smis.

    Performance figures are in the comments to the code review.  Summary: Most of js-perf-test/Collections is neutral.  Set and Map with object keys are 40-50% better.  WeakMap is -5% and WeakSet is +9%.

    In the code review comments is a patch with an example of the heroics we could do in C++ to make lookup faster (I hope we don't have to do this.  Instead of checking for the property, then doing a new

    In a similar vein we could give the magic zero hash code to the hash code
    symbol.  Then when we look up the hash code we would sometimes see the table
    with all the hidden properties.  This dual use of the field for either the hash
    code or the table with all hidden properties and the hash code is rather ugly,
    and this CL gets rid of it.  I'd be loath to bring it back.  On the benchmarks quoted above it's slightly slower than moving the hash code lookup to JS like in this CL.

    One worry is that the benchmark results above are more monomorphic than real
    world code, so may be overstating the performance benefits of moving to JS.  I
    think this is part of a general issue we have with handling polymorphic code in
    JS and any solutions there will benefit this solution, which boils down to
    regular property access. Any improvement there will lift all boats.

BUG=

Review URL: https://codereview.chromium.org/1153963010

Cr-Commit-Position: refs/heads/master@{#28716}
2015-06-01 08:53:19 +00:00
chunyang.dai
6b93438d51 X87: Move work to omit unnecessary ObjectLiteral stores to the numbering pass.
port 32de677805 (r29615)

original commit message:

    The reason is that this information will be needed to compute the number of
    vector ic slots done at numbering time.

BUG=

Review URL: https://codereview.chromium.org/1165693002

Cr-Commit-Position: refs/heads/master@{#28715}
2015-06-01 08:45:34 +00:00
yangguo
14eba9b275 Do not leak message object beyond try-catch.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1150293002

Cr-Commit-Position: refs/heads/master@{#28612}
2015-05-26 08:00:17 +00:00
chunyang.dai
83321b09ed X87: [es6] Spread in array literals
port 9502e91adb (r28534)

original commit message:

    This allows you to put iterables into your array literals
    and the will get spread into the array.

      let x = [0, ...range(1, 3)];  // [0, 1, 2]

    This is done by treating the array literal up to the first
    spread element as usual, including using a boiler plate
    array, and then appending the remaining expressions and rest
    expressions.

BUG=

Review URL: https://codereview.chromium.org/1152173002

Cr-Commit-Position: refs/heads/master@{#28606}
2015-05-25 13:15:26 +00:00
chunyang.dai
47448c9b19 X87: Vector ICs: Introduce Store and KeyedStore IC code stubs.
port a86384f192 (r28597).

original commit message:

    Also introduce new interface descriptors for the trampoline and full
    versions of those stubs.

    Currently, the stubs aren't functional.

BUG=

Review URL: https://codereview.chromium.org/1148963003

Cr-Commit-Position: refs/heads/master@{#28605}
2015-05-25 13:13:45 +00:00
chunyang.dai
a80d14b2b5 X87: Cleanup interface descriptors to reflect that vectors are part of loads.
port 09aaf003a9 (r28516).

original commit message:

    Also removed ornamentation like "VectorRaw" from stub names.

BUG=

Review URL: https://codereview.chromium.org/1152473003

Cr-Commit-Position: refs/heads/master@{#28532}
2015-05-21 04:31:50 +00:00
chunyang.dai
5299d17733 X87: [strong] Function arity check should be based on required parameters
port 78f0452d31 (r28491)

original commit message:

    Also check whether the arguments count is smaller than the number of
    required parameters which is the same as the SharedFunctionInfo length.

BUG=

Review URL: https://codereview.chromium.org/1146103003

Cr-Commit-Position: refs/heads/master@{#28531}
2015-05-21 04:30:39 +00:00
chunyang.dai
dec2619a18 X87: Reapply "Resolve references to "this" the same way as normal variables""
port 1efc1e4f7a (r28458).

original commit message:

  This reapplies https://codereview.chromium.org/1136073002, along with
    the followups:

      Remove Scope::scope_uses_this_ flag
      https://codereview.chromium.org/1128963005

    and

      PPC: Resolve references to "this" the same way as normal variables
      https://codereview.chromium.org/1134073003

BUG=

Review URL: https://codereview.chromium.org/1135233003

Cr-Commit-Position: refs/heads/master@{#28469}
2015-05-19 10:05:23 +00:00
chunyang.dai
528aa288bf X87: Now that vector ics are established for load, keyed load and call ics, let's remove dead code behind the flag.
port 323ced9e27 (r28422).

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1142713007

Cr-Commit-Position: refs/heads/master@{#28467}
2015-05-19 09:56:25 +00:00
chunyang.dai
19a421c694 Revert "X87: Resolve references to "this" the same way as normal variables"
This reverts commit 6eea252463.

revert reason:
   original patch is reverted.

BUG=

Review URL: https://codereview.chromium.org/1130853007

Cr-Commit-Position: refs/heads/master@{#28401}
2015-05-14 09:22:47 +00:00
chunyang.dai
6eea252463 X87: Resolve references to "this" the same way as normal variables
port bd56d279b6 (R28340).

original commit message:

    Make the parser handle references to "this" as unresolved variables, so the
    same logic as for the rest of function parameters is used for the receiver.
    Minor additions to the code generation handle copying the receiver to the
    context, along with the rest of the function parameters.

    Based on work by Adrian Perez de Castro <aperez@igalia.com>.

BUG=

Review URL: https://codereview.chromium.org/1136953010

Cr-Commit-Position: refs/heads/master@{#28390}
2015-05-13 11:18:38 +00:00
chunyang.dai
3ba6783565 X87: New hydrogen instruction to reduce cost of growing an array on keyed stores.
port 3bce9c3afb (r28359).

original commit message:

    HMaybeGrowElements moves the situation where you actually have to grow
    into deferred code. This means crankshaft doesn't have to spill registers
    just to make the bounds comparison to see if it'll need to grow or not.

    It makes the growing case a bit more expensive, but reduces the cost of
    the general case.

BUG=

Review URL: https://codereview.chromium.org/1124093008

Cr-Commit-Position: refs/heads/master@{#28388}
2015-05-13 11:16:18 +00:00
chunyang.dai
fecaed531b X87: [strong] Check arity of functions
port 3226e98020 (28346).

original commit message:

    [strong] Check arity of functions

    In strong mode it is an error to call a function with too few
    arguments.

    This is enforced inside the ArgumentsAdaptorTrampoline.

    This does not yet handle rest parameter

BUG=

Review URL: https://codereview.chromium.org/1139913007

Cr-Commit-Position: refs/heads/master@{#28387}
2015-05-13 11:15:34 +00:00
chunyang.dai
6803006b2d X87: Add a MathFloor stub generated with TurboFan
port  abc35080b3 (r28339)

original commit message:

    This stub will be used as the basis of a Math.floor-specific CallIC to
    detect and track calls to floor that return -0.

    Along the way:
    - Create a TurboFanCodeStub super class from which the StringLength and
    MathRound TF stubs derive.
    - Fix the ugly hack that passes the first stub parameter as the "this"
    pointer in the the TF-compiled JS function.
    - Fix bugs in the ia32/x64 disassembler.

BUG=

Review URL: https://codereview.chromium.org/1134323002

Cr-Commit-Position: refs/heads/master@{#28386}
2015-05-13 11:14:26 +00:00
conradw
03ef40b46c [strong] Disallow implicit conversions for comparison
Implements the strong mode proposal's restrictions on implicit conversions
for the binary >, >=, <, and <= operators.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1130283002

Cr-Commit-Position: refs/heads/master@{#28370}
2015-05-12 15:23:50 +00:00
titzer
694890790d Add a bailout id just before every variable load in fullcode.
R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1139733002

Cr-Commit-Position: refs/heads/master@{#28344}
2015-05-11 15:56:06 +00:00
verwaest
43d5319143 Revert of Allow loading holes from holey smi arrays (patchset #2 id:20001 of https://codereview.chromium.org/1134483002/)
Reason for revert:
Shouldn't unconditionally load holes since it tanks performance. I'll change it in a follow-up to only do it if the IC ever saw it happen.

Original issue's description:
> Allow loading holes from holey smi arrays
>
> BUG=
>
> Committed: https://crrev.com/eab5bb5390fab79d063f29398377c6d181963dde
> Cr-Commit-Position: refs/heads/master@{#28298}

TBR=mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1131203002

Cr-Commit-Position: refs/heads/master@{#28309}
2015-05-08 07:28:57 +00:00
chunyang.dai
93662ec235 Revert of X87: Resolve references to "this" the same way as normal variables
Reason for revert:

   original commit was reverted.

   This reverts commit c3529ce501.

   original issues's description:

   > X87: Resolve references to "this" the same way as normal variables
   >
   > port 06a792b7cc (r28263).
   >
   > original commit message:
   >
   >  Make the parser handle references to "this" as unresolved variables, so the
   >  same logic as for the rest of function parameters is used for the receiver.
   >  Minor additions to the code generation handle copying the receiver to the
   >  context, along with the rest of the function parameters.
   >
   >  Based on work by Adrian Perez de Castro <aperez@igalia.com>

BUG=

Review URL: https://codereview.chromium.org/1130913005

Cr-Commit-Position: refs/heads/master@{#28307}
2015-05-08 03:57:26 +00:00
verwaest
eab5bb5390 Allow loading holes from holey smi arrays
BUG=

Review URL: https://codereview.chromium.org/1134483002

Cr-Commit-Position: refs/heads/master@{#28298}
2015-05-07 14:02:00 +00:00
chunyang.dai
4b0565262a X87: Optimize the typeof operator.
port 7798548a8f (r28260)

original commit message:

    typeof was implemented as a runtime function. Calling it in
    optimized code with a non-constant input becomes burdensome.

BUG=

Review URL: https://codereview.chromium.org/1124263005

Cr-Commit-Position: refs/heads/master@{#28279}
2015-05-07 04:01:45 +00:00
chunyang.dai
c3529ce501 X87: Resolve references to "this" the same way as normal variables
port 06a792b7cc (r28263).

original commit message:

    Make the parser handle references to "this" as unresolved variables, so the
    same logic as for the rest of function parameters is used for the receiver.
    Minor additions to the code generation handle copying the receiver to the
    context, along with the rest of the function parameters.

    Based on work by Adrian Perez de Castro <aperez@igalia.com>

BUG=

Review URL: https://codereview.chromium.org/1124393002

Cr-Commit-Position: refs/heads/master@{#28278}
2015-05-07 04:00:01 +00:00
conradw
97bee8e964 [strong] Fix inlining issue
The Hydrogen representation for binops was never changed to care about the
language mode. We thought this was ok, but it turns out we need to keep track
of it to make sure inlining doesn't mess with the "strongness" of binops.

Also added more rigorous inlining testing.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1123043002

Cr-Commit-Position: refs/heads/master@{#28253}
2015-05-06 10:40:38 +00:00
chunyang.dai
5f047ff651 X87: Handle the case when derived constructor is [[Call]]ed with 0 args.
port cf53fed972 (r28242).

original commit message:

    ArgumentsAdaptorStub for derived constructor (the one that needs
    new.target) works in this way:
     - If the constructor is invoked via the Construct stub, we know that
       actual arguments always include new.target. ``arguments`` object
       however should not include a new.target, therefore we remove it.
       We achieve this by decrementing the argument count.
     - If the constructor is invoked as a call, we do not care for a correct
       ``arguments`` array since the constructor will immediately throw on
       entrance.
    The bug is that the call could actually pass 0 actual arguments, but I
    decrement unconditionally :(. The fix is to detect this case and avoid
    decrementing. ``arguments`` is bogus, but it is ok as constructor
    throws.

    Long-term we should just remove mucking about with arguments for
    new.target and just get it from the stack.

BUG=

Review URL: https://codereview.chromium.org/1124063002

Cr-Commit-Position: refs/heads/master@{#28246}
2015-05-06 03:46:57 +00:00
arv
d26f5d3923 [es6] When comparing two symbols we may need to throw a TypeError
When comparing a symbol to istself using <, <=, > or >= we need to
throw a TypeError. This is correctly handled in the runtime function
so if we are comparing a symbol fall back to use the runtime.

BUG=v8:4073
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1125783002

Cr-Commit-Position: refs/heads/master@{#28226}
2015-05-05 14:17:46 +00:00
jarin
b5b47e1f88 Remove materialized objects on stack unwind.
BUG=v8:3985
LOG=n
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1122083002

Cr-Commit-Position: refs/heads/master@{#28206}
2015-05-04 16:44:01 +00:00
verwaest
fab3508062 Only swap undefined for the global object if necessary in the prologue
BUG=

Review URL: https://codereview.chromium.org/1120093002

Cr-Commit-Position: refs/heads/master@{#28200}
2015-05-04 13:39:00 +00:00
chunyang.dai
d09e119bc4 X87: VectorICs: built-in function apply should use an IC.
port 83a0af5500 (r28165).

original commit message:

   VectorICs: built-in function apply should use an IC.

   Handled a TODO that sent builtin function apply to the runtime on property get.

BUG=

Review URL: https://codereview.chromium.org/1119263002

Cr-Commit-Position: refs/heads/master@{#28189}
2015-05-04 03:40:28 +00:00
chunyang.dai
906152b85a X87: Use a stub in crankshaft for grow store arrays.
port fb8e613638 (r28163).

original commit message:

 We were deopting without learning anything.

 This is a rebase/reland of https://codereview.chromium.org/368263003

BUG=

Review URL: https://codereview.chromium.org/1125623002

Cr-Commit-Position: refs/heads/master@{#28188}
2015-05-04 03:39:19 +00:00
adamk
d18dd375ac Remove unused Module-related AST nodes and associated codegen
BUG=v8:1569
LOG=n

Review URL: https://codereview.chromium.org/1106383008

Cr-Commit-Position: refs/heads/master@{#28179}
2015-04-30 16:20:56 +00:00
vogelheim
7ce30d027f Fix typo in builtins-x87, introduced in crrev.com/1107233004.
BUG=470930
LOG=N
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1116933002

Cr-Commit-Position: refs/heads/master@{#28169}
2015-04-30 14:24:41 +00:00
jochen
98140318fa Unify internal and external typed arrays a bit
Just give internal ones an ArrayBuffer with a NULL backing store. This
simplifies the access checks a lot.

BUG=v8:3996
R=hpayer@chromium.org,verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1109353003

Cr-Commit-Position: refs/heads/master@{#28168}
2015-04-30 13:46:34 +00:00
vogelheim
6b905c3a16 Implement kToBeExecutedOnceCodeAge.
An initial 'code age' state that will turn into a 'pre-aging' code age only after it was executed the first time.

BUG=470930
LOG=Y

Review URL: https://codereview.chromium.org/1107233004

Cr-Commit-Position: refs/heads/master@{#28162}
2015-04-30 12:31:46 +00:00
chunyang.dai
77a2c15fb4 X87: Don't MISS if you read the hole from certain FastHoley arrays.
port caeb9004f0 (r28056)

original commit message:
    If the array's map is the initial FastHoley array map, and the array prototype
    chain is undisturbed and empty of elements, then keyed loads can convert the
    load of a hole to undefined.

BUG=

Review URL: https://codereview.chromium.org/1104073003

Cr-Commit-Position: refs/heads/master@{#28128}
2015-04-29 10:34:25 +00:00
jochen
a2e6f970c7 Add HArrayBufferNotNeutered instruction
This instruction can be hoisted out of loops even though it contains a branch.

BUG=v8:3996
R=bmeurer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1108313003

Cr-Commit-Position: refs/heads/master@{#28109}
2015-04-28 13:43:03 +00:00
conradw
ae7ce701ae [strong] Disallow implicit conversions for binary arithmetic operations
Implements the strong mode proposal's restrictions on
implicit conversions for binary arithmetic operations, not
including the + special case. Adds some infrastructure
for future implementation of the restrictions for other
operators.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1092353002

Cr-Commit-Position: refs/heads/master@{#28045}
2015-04-24 12:32:41 +00:00
svenpanne
4d3044e161 Removed src/{isolate,property-details,utils}-inl.h
Baby steps towards saner #includes...

Review URL: https://codereview.chromium.org/1051393003

Cr-Commit-Position: refs/heads/master@{#27958}
2015-04-21 10:21:37 +00:00
Ross McIlroy
063fc25122 Replace OVERRIDE->override and FINAL->final since we now require C++11.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1088993003

Cr-Commit-Position: refs/heads/master@{#27937}
2015-04-20 13:08:14 +00:00
chunyang.dai
548a0b3bbd X87: Reland "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
port 8098253562 (r27898)

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1086813004

Cr-Commit-Position: refs/heads/master@{#27906}
2015-04-17 08:18:09 +00:00
chunyang.dai
5729299752 X87: Array() in optimized code can create with wrong ElementsKind in corner cases
port 13459c1ae3 (r27857)

original commit message:

    Array() in optimized code can create with wrong ElementsKind in corner cases.

    Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
    makes a stub call that bails out due to the length. Currently, the bailout
    code a) doesn't have the allocation site, and b) wouldn't use it if it did
    because the length is perceived to be too high.

    This CL passes the allocation site to the stub call (rather than undefined),
    and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1088423002

Cr-Commit-Position: refs/heads/master@{#27875}
2015-04-16 10:38:35 +00:00
chunyang.dai
e481c91b64 X87: VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
port 776770c0e4 (r27827).

original commit message:

  This needs "Pass load ic state through the Oracle"
  (https://codereview.chromium.org/1083933002/) to land first.

BUG=

Review URL: https://codereview.chromium.org/1093433004

Cr-Commit-Position: refs/heads/master@{#27873}
2015-04-16 10:02:41 +00:00
mstarzinger
b807d112d7 [turbofan] Fix ForInStatement that deopts during filter.
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.

R=jarin@chromium.org
TEST=mjsunit/for-in-opt

Review URL: https://codereview.chromium.org/1086083002

Cr-Commit-Position: refs/heads/master@{#27846}
2015-04-15 13:12:05 +00:00
chunyang.dai
2b16f54d94 X87: Remove unnecessary options from HTailCallThroughMegamorphicCache.
port e0844a24d3 (r27793).

original commit message:

   These options were added for a hydrogen code stub version of
the VectorIC dispatcher, which was discontinued.

BUG=

Review URL: https://codereview.chromium.org/1087573003

Cr-Commit-Position: refs/heads/master@{#27802}
2015-04-14 05:53:19 +00:00
chunyang.dai
fc6e623425 X87: Change near jump to far jump to fix the jump distance check error.
The assembler code generated by the DeoptimizeIf(...) function under X87 is larger
  and the  distance between the link point and the bind point which has two DeoptimizeIf()
  is larger then near link distance (127) for labels.

BUG=

Review URL: https://codereview.chromium.org/1065893003

Cr-Commit-Position: refs/heads/master@{#27801}
2015-04-14 02:09:10 +00:00
chunyang.dai
d93a0029dc X87: Reland "Merge cellspace into old pointer space".
port 4bd9bdbb28 (r27751)

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1051323003

Cr-Commit-Position: refs/heads/master@{#27778}
2015-04-13 09:36:00 +00:00
chunyang.dai
13b722b666 X87: [es6] implement spread calls
port 74c381221c (r27714)

original commit message:

  [es6] implement spread calls

BUG=

Review URL: https://codereview.chromium.org/1085533002

Cr-Commit-Position: refs/heads/master@{#27777}
2015-04-13 09:32:53 +00:00
chunyang.dai
8f3b3ba6ba X87: Code cleanup in GenerateRecordCallTarget.
port 6a222b8ff0 (r27630)

original commit message:

  Code cleanup in GenerateRecordCallTarget

BUG=

Review URL: https://codereview.chromium.org/1074683003

Cr-Commit-Position: refs/heads/master@{#27694}
2015-04-09 09:31:56 +00:00
chunyang.dai
8fe72d6ff5 X87: Make --always-opt also optimize top-level code
port 2d281e71ac (r27633)

original commit message:

    Make --always-opt also optimize top-level code.

    This enables eager optimization of top-level code with TurboFan and
    extends test coverage by triggering it with the --always-opt flag.
    Script contexts are now also properly allocated in TurboFan.

BUG=

Review URL: https://codereview.chromium.org/1077523002

Cr-Commit-Position: refs/heads/master@{#27693}
2015-04-09 09:30:52 +00:00
hablich
eacb0de817 Revert of Revert of X87: Reimplement Maps and Sets in JS (patchset #1 id:1 of https://codereview.chromium.org/1073723002/)
Reason for revert:
Revert the revert as this commit cannot be the cause for the closed tree.

Original issue's description:
> Revert of X87: Reimplement Maps and Sets in JS (patchset #1 id:1 of https://codereview.chromium.org/1066373002/)
>
> Reason for revert:
> Reverting as it resulted in a closed waterfall.
>
> Original issue's description:
> > X87: Reimplement Maps and Sets in JS
> >
> > port 909500aa1d (r27605)
> >
> > original commit message:
> >     Previously, the only optimized code path for Maps and Sets was for String keys.
> >     This was achieved through an implementation of various complex operations
> >     in Hydrogen. This approach was neither scalable nor forward-compatible.
> >
> >     This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
> >     in JS. The added intrinsics are:
> >
> >       %_FixedArrayGet
> >       %_FixedArraySet
> >       %_TheHole
> >       %_JSCollectionGetTable
> >       %_StringGetRawHashField
> >
> >     With these additions, as well as a few changes to what's exposed as runtime functions,
> >     most of the C++ code backing Maps and Sets is gone (including both runtime code in
> >     objects.cc and Crankshaft in hydrogen.cc).
> >
> > BUG=
> >
> > Committed: https://crrev.com/56600a35a49ffa5abcba66b14839089de3589ad9
> > Cr-Commit-Position: refs/heads/master@{#27681}
>
> TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/a0486f128109443ed07802fb463c267e53533d81
> Cr-Commit-Position: refs/heads/master@{#27682}

TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1077543002

Cr-Commit-Position: refs/heads/master@{#27685}
2015-04-09 07:11:13 +00:00
chunyang.dai
c8521794ba X87: JSEntryTrampoline: check for stack space before pushing arguments
port 146598f44a (r27614)

original commit message:

  Optimistically pushing a lot of arguments can run into the stack limit of the
  process, at least on operating systems where this limit is close to the limit
  that V8 sets for itself.

BUG=

Review URL: https://codereview.chromium.org/1069283002

Cr-Commit-Position: refs/heads/master@{#27684}
2015-04-09 06:52:02 +00:00
hablich
a0486f1281 Revert of X87: Reimplement Maps and Sets in JS (patchset #1 id:1 of https://codereview.chromium.org/1066373002/)
Reason for revert:
Reverting as it resulted in a closed waterfall.

Original issue's description:
> X87: Reimplement Maps and Sets in JS
>
> port 909500aa1d (r27605)
>
> original commit message:
>     Previously, the only optimized code path for Maps and Sets was for String keys.
>     This was achieved through an implementation of various complex operations
>     in Hydrogen. This approach was neither scalable nor forward-compatible.
>
>     This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
>     in JS. The added intrinsics are:
>
>       %_FixedArrayGet
>       %_FixedArraySet
>       %_TheHole
>       %_JSCollectionGetTable
>       %_StringGetRawHashField
>
>     With these additions, as well as a few changes to what's exposed as runtime functions,
>     most of the C++ code backing Maps and Sets is gone (including both runtime code in
>     objects.cc and Crankshaft in hydrogen.cc).
>
> BUG=
>
> Committed: https://crrev.com/56600a35a49ffa5abcba66b14839089de3589ad9
> Cr-Commit-Position: refs/heads/master@{#27681}

TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1073723002

Cr-Commit-Position: refs/heads/master@{#27682}
2015-04-09 06:49:33 +00:00
chunyang.dai
56600a35a4 X87: Reimplement Maps and Sets in JS
port 909500aa1d (r27605)

original commit message:
    Previously, the only optimized code path for Maps and Sets was for String keys.
    This was achieved through an implementation of various complex operations
    in Hydrogen. This approach was neither scalable nor forward-compatible.

    This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
    in JS. The added intrinsics are:

      %_FixedArrayGet
      %_FixedArraySet
      %_TheHole
      %_JSCollectionGetTable
      %_StringGetRawHashField

    With these additions, as well as a few changes to what's exposed as runtime functions,
    most of the C++ code backing Maps and Sets is gone (including both runtime code in
    objects.cc and Crankshaft in hydrogen.cc).

BUG=

Review URL: https://codereview.chromium.org/1066373002

Cr-Commit-Position: refs/heads/master@{#27681}
2015-04-09 02:24:13 +00:00
hpayer
59be4ba7f4 Reland "Merge old data and pointer space."
This reverts commit cbfcee5575.

BUG=

Review URL: https://codereview.chromium.org/1051233002

Cr-Commit-Position: refs/heads/master@{#27623}
2015-04-07 11:32:10 +00:00
yangguo
c67cb287a9 Always update raw pointers when handling interrupts inside RegExp code.
R=mstarzinger@chromium.org
BUG=chromium:469480
LOG=N

Review URL: https://codereview.chromium.org/1034173002

Cr-Commit-Position: refs/heads/master@{#27615}
2015-04-07 09:44:57 +00:00
chunyang.dai
d4a4f796af X87: Generate common StoreFastElementStubs ahead of time
port 16ee55097a (r27536)

original commit message:

  Generate common StoreFastElementStubs ahead of time

BUG=

Review URL: https://codereview.chromium.org/1052413002

Cr-Commit-Position: refs/heads/master@{#27597}
2015-04-03 03:09:23 +00:00
chunyang.dai
d0a7ab1dbd x87: v8:3539 - hold constructor feedback in weak cells
port b134ae74b5 (r27581)

original commit message:

   v8:3539 - hold constructor feedback in weak cells

BUG=

Review URL: https://codereview.chromium.org/1051253004

Cr-Commit-Position: refs/heads/master@{#27596}
2015-04-03 03:03:13 +00:00
chunyang.dai
9bf64f7e61 X87: Ensure object literal element boilerplates aren't modified.
port 7c347c545e (r27511)

original commit message:

    A bug allows JSObject literals with elements to have the elements in the
    boilerplate modified.

BUG=

Review URL: https://codereview.chromium.org/1057883004

Cr-Commit-Position: refs/heads/master@{#27595}
2015-04-03 02:55:05 +00:00
chunyang.dai
845154a896 Fix the bug in CompareIC_GenerateNumber for X87 platform.
The original code will not update the IC info if one of parameter is SMI. It Can not handle Number + Smi.

BUG=

Review URL: https://codereview.chromium.org/1056663005

Cr-Commit-Position: refs/heads/master@{#27583}
2015-04-02 10:17:00 +00:00
yangguo
019096f829 Serializer: move to a subfolder and clean up includes.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1041743002

Cr-Commit-Position: refs/heads/master@{#27501}
2015-03-27 15:29:07 +00:00
chunyang.dai
1caa6179d2 X87: Switch full-codegen from StackHandlers to handler table.
port 38a719f965  (r27440)

original commit message:

    This switches full-codegen to no longer push and pop StackHandler
    markers onto the operand stack, but relies on a range-based handler
    table instead. We only use StackHandlers in JSEntryStubs to mark the
    transition from C to JS code.

    Note that this makes deoptimization and OSR from within any try-block
    work out of the box, makes the non-exception paths faster and should
    overall be neutral on the memory footprint (pros).

    On the other hand it makes the exception paths slower and actually
    throwing and exception more expensive (cons).

BUG=

Review URL: https://codereview.chromium.org/1030283003

Cr-Commit-Position: refs/heads/master@{#27478}
2015-03-26 13:06:56 +00:00
chunyang.dai
5d5bf2b77f X87: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
port 6689cc27eb (r27377)

original commit message:

    Handlers should be in charge of this work. The change uncovered a bug in
    vector-ics related to keyed loads into strings. It's important for
    StringCharCodeAtGenerator, a helper used in full code and in
    LoadIndexedStringStub (a handler) to protect the vector and slot registers
    when it makes a runtime call to convert a HeapNumber to a Smi.

    It's still possible for the handler to MISS after this call, perhaps due
    to out of bounds access. In that case, the vector and slot registers need
    to be delivered safely to the MISS handler.

BUG=

Review URL: https://codereview.chromium.org/1033733005

Cr-Commit-Position: refs/heads/master@{#27461}
2015-03-26 02:53:11 +00:00
chunyang.dai
a21cc19eef X87: [es6] implement Reflect.apply() & Reflect.construct()
port d21fd15467 (r27316)

original commit message:

  [es6] implement Reflect.apply() & Reflect.construct()

BUG=

Review URL: https://codereview.chromium.org/1021723006

Cr-Commit-Position: refs/heads/master@{#27460}
2015-03-26 02:24:39 +00:00
chunyang.dai
ebae8c145c X87: [es6] generate rest parameters correctly for subclass constructors
port bef80fcfd7 (r27344)

  original commit message:

     [es6] generate rest parameters correctly for subclass constructors

BUG=

Review URL: https://codereview.chromium.org/1033643002

Cr-Commit-Position: refs/heads/master@{#27459}
2015-03-26 02:11:28 +00:00
chunyang.dai
b638550338 X87: [turbofan] Turn Math.clz32 into an inlinable builtin.
port 3aa206b865 (r27329)

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1022523005

Cr-Commit-Position: refs/heads/master@{#27429}
2015-03-25 06:41:25 +00:00
chunyang.dai
c9db590d3b X87: [stubs] Add missing interface descriptor for the CompareIC.
port e18e3cd4d8 (r27305)

original commit message:

  [stubs] Add missing interface descriptor for the CompareIC.

BUG=

Review URL: https://codereview.chromium.org/1024553007

Cr-Commit-Position: refs/heads/master@{#27397}
2015-03-24 10:23:46 +00:00
chunyang.dai
10cd7247a3 X87: Serializer: serialize internal references via object visitor.
port 7c149afb6c (r27275).

original commit message:

 Serializer: serialize internal references via object visitor.

BUG=

Review URL: https://codereview.chromium.org/1029793002

Cr-Commit-Position: refs/heads/master@{#27396}
2015-03-24 10:17:35 +00:00
chunyang.dai
62c546517f X87: Remove PropertyCell space
port 16c8485a35 (r27269).

original commit message:

  Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.

BUG=

Review URL: https://codereview.chromium.org/1013543004

Cr-Commit-Position: refs/heads/master@{#27395}
2015-03-24 10:10:59 +00:00
chunyang.dai
40de9c3f02 X87: Use platform specific stubs for vector-based Load/KeyedLoad.
port 34a1a76ddf (r27235)

original commit message:

  A hydrogen code stub is not the best approach because it builds a frame
  and doesn't have the technology to discard roots at tail call exits.
  Platform-specific stubs provide much better performance at this point.

BUG=

Review URL: https://codereview.chromium.org/1025073005

Cr-Commit-Position: refs/heads/master@{#27394}
2015-03-24 10:06:21 +00:00
chunyang.dai
5703794412 X87: Remove kind field from StackHandler.
port 15f8213809 (r27263)

original commit message:

 This relands commit 96f79568a9.

 This makes the Isolate::Throw logic not depend on a prediction of
 whether an exception is caught or uncaught. Such a prediction is
 inherently undecidable because a finally block can decide between
 consuming or re-throwing an exception depending on arbitray control
 flow.

 There still is a conservative prediction mechanism in place that
 components like the debugger or tracing can use for reporting.

 With this change we can get rid of the StackHandler::kind field, a
 pre-requisite to do table-based lookups of exception handlers.

BUG=

Review URL: https://codereview.chromium.org/1027413002

Cr-Commit-Position: refs/heads/master@{#27385}
2015-03-24 08:08:19 +00:00
mstarzinger
11fb202f96 Move CompilationInfo::this_has_uses to HGraph::this_has_uses.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1029643002

Cr-Commit-Position: refs/heads/master@{#27378}
2015-03-23 19:11:29 +00:00
chunyang.dai
f8c4c12728 X87: Simplify pending message object handling.
port d4696c4841 (r27150)

original commit message:

  This moves the decision whether to report a message or not to when
  the pending exception is propagated instead of trying to preserve the
  decision in a ThreadLocalTop field.

BUG=

Review URL: https://codereview.chromium.org/1028073002

Cr-Commit-Position: refs/heads/master@{#27360}
2015-03-23 10:21:19 +00:00
cdai2
01f1348614 X87: Simplify pending message script handling.
port f71e262683 (r27127)

original commit message:

  Simplify pending message script handling.

  This removes the separate tracking of the pending message script,
  because that script is already stored in the message object and
  duplicating it in the ThreadLocalTop makes it more brittle.

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1028993003

Cr-Commit-Position: refs/heads/master@{#27358}
2015-03-23 09:27:50 +00:00
chunyang.dai
c1cf472f8c X87: Remove frame pointer from StackHandler.
port 36e69a916f (r27115)

original commit message:

 This reduces the size of the StackHandler by yet another word. We no
 longer need to keep track of the frame pointer, as the stack walk will
 be able to recalculate it.

BUG=

Review URL: https://codereview.chromium.org/1030563002

Cr-Commit-Position: refs/heads/master@{#27357}
2015-03-23 09:23:15 +00:00
chunyang.dai
113037d9f3 X87: [es6] Throw TypeError for computed static prototype property name
port 8d946b9c3f (r27106).

original commit message:

  [es6] Throw TypeError for computed static prototype property name

  The prototype of a class constructor function is read only. When we set
  computed property names we were ignoring this and we were overriding the
  property.

  Since the prototype is the only possible own read only property on the
  constructor function object we special case this so we do not have to
  check this for every property in the class literal.

BUG=

Review URL: https://codereview.chromium.org/1028983002

Cr-Commit-Position: refs/heads/master@{#27356}
2015-03-23 08:50:28 +00:00
cdai2
289ee15307 X87: Remove code object from StackHandler.
port e0aa8ebf93 (r27103).

original commit message:

  This reduces the size of the StackHandler by one word. We no longer
  need to keep track of the code object, as the stack walk finds it.

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1022403002

Cr-Commit-Position: refs/heads/master@{#27353}
2015-03-23 08:27:16 +00:00
chunyang.dai
f395ccd6db X87: [turbofan] Implement throwing exceptions into TurboFan code.
port 1382879f29 (r27016).

oringinal commit message:

    [turbofan] Implement throwing exceptions into TurboFan code.

    This extends the stack unwinding logic to respect optimized frames
    and perform a lookup in the handler table to find handlers. It also
    contains fixes to the API call stubs to allow a stack walk while
    promoting scheduled exceptions.

BUG=

Review URL: https://codereview.chromium.org/1023943002

Cr-Commit-Position: refs/heads/master@{#27342}
2015-03-20 13:45:08 +00:00
chunyang.dai
386dee8552 X87: Fix exception for assignment to uninitialised const.
port 2ecdf736cf (r27014).

original commit message:

  Fix exception for assignment to uninitialised const.

BUG=

Review URL: https://codereview.chromium.org/1028533002

Cr-Commit-Position: refs/heads/master@{#27332}
2015-03-20 09:35:49 +00:00
hpayer
cbfcee5575 Revert "Merge old data and pointer space."
TBR=verwaest@chromium.org,ulan@chromium.org,ishell@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1027463002

Cr-Commit-Position: refs/heads/master@{#27323}
2015-03-19 22:03:32 +00:00
loislo
9f91fde045 CodeCleanup: eliminate unnecessary base class and make the children unvirtual.
I found some strange split in deopt entry points generator.
The code for table entry generator had two classes.
It is safe to join these classes together and drop virtual.

BUG=
LOG=n

Review URL: https://codereview.chromium.org/1010413003

Cr-Commit-Position: refs/heads/master@{#27264}
2015-03-18 10:34:18 +00:00
hpayer
257ff48931 Merge old data and pointer space.
BUG=

Review URL: https://codereview.chromium.org/1012023002

Cr-Commit-Position: refs/heads/master@{#27259}
2015-03-18 09:39:03 +00:00
loislo
7fef610d72 CpuProfiler: log pc offset for deopts.
This is the fifth part of https://codereview.chromium.org/1012633002
In this part we collect the offsets of deopt calls and save it into
an inlined function info.

On the Next:
Later when deopt happens we will get the offset of deopt call and
search it among inlined infos.

BUG=chromium:452067
LOG=n

Review URL: https://codereview.chromium.org/1011113004

Cr-Commit-Position: refs/heads/master@{#27258}
2015-03-18 09:30:36 +00:00
loislo
549d5dde6a CpuProfiler: x87. put right address to the stack, so the callee would be able to resolve it into the right deopt_info.
'from' is using for Code object lookup and will be used for
inline_id lookup. see https://codereview.chromium.org/1012633002
So we should be able to map it.

BUG=chromium:452067
LOG=n

Review URL: https://codereview.chromium.org/1013243002

Cr-Commit-Position: refs/heads/master@{#27251}
2015-03-18 08:08:38 +00:00
mstarzinger
86b391ecad Delegate throwing in RegExpExecStub to CEntryStub.
This ensures that there is only one stub that deals with unwinding the
stack. Having more than one place containing that logic is brittle and
error prone, especially when it is a corner case only for RangeErrors.

R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-467047
BUG=chromium:467047
LOG=N

Review URL: https://codereview.chromium.org/1012103002

Cr-Commit-Position: refs/heads/master@{#27243}
2015-03-17 15:49:40 +00:00
loislo
55d05404b7 CpuProfiler: extract DeoptInfo fill in code into a static function.
the third part of the patch https://codereview.chromium.org/1012633002

this patch
1) moves DeoptInfo builder code to platform independent file lithium-codegen.cc
2) adds inlining_id property to HEnterInlined so we can use it on lithium level.

BUG=chromium:452067
LOG=n

Review URL: https://codereview.chromium.org/1011733005

Cr-Commit-Position: refs/heads/master@{#27231}
2015-03-17 09:37:41 +00:00
svenpanne
cf1c4911b9 Remove BLACKLIST from check-name-clashes.py, it's wrong nowadays.
Fix the resulting warnings by renaming things apart.

BUG=v8:3947
LOG=n

Review URL: https://codereview.chromium.org/1009373002

Cr-Commit-Position: refs/heads/master@{#27219}
2015-03-16 13:08:49 +00:00
dslomov
92138c73a7 Remove --harmony-scoping flag.
We have been shipping harmony scoping for 2 Chrome releases now (M41
and M42). Time to remove the flag.

R=rossberg@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1007783002

Cr-Commit-Position: refs/heads/master@{#27187}
2015-03-13 15:15:57 +00:00
bmeurer
83f157bc18 [turbofan] Use builtin inlining mechanism for Math.abs and Math.sqrt.
Reduces the amount of custom support code for Math functions in TurboFan
and allows for more general inlining (i.e. independent of parameter
types).

BUG=v8:3952
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1004083002

Cr-Commit-Position: refs/heads/master@{#27172}
2015-03-13 07:06:15 +00:00
svenpanne
611eb25894 Converted FullCode to have its own list of known intrinsics.
Combined the various lists, the only slightly ugly thing is now the
distinction between intrinsics returning pairs and the rest, but
that's no big deal.

BUG=v8:3947
LOG=n

Review URL: https://codereview.chromium.org/989273003

Cr-Commit-Position: refs/heads/master@{#27135}
2015-03-11 14:03:29 +00:00
mstarzinger
36e69a916f Remove frame pointer from StackHandler.
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/991893003

Cr-Commit-Position: refs/heads/master@{#27115}
2015-03-10 15:56:27 +00:00
svenpanne
d8416f5524 Intrinsics in the INLINE_FUNCTION_LIST are now avaliable without '_', too.
This involved renaming apart a few more intrinsics. In the long run,
we want to clean up redundant intrinsics which just delegate.

BUG=v8:3947
LOG=n

Review URL: https://codereview.chromium.org/984963002

Cr-Commit-Position: refs/heads/master@{#27043}
2015-03-06 13:50:06 +00:00
svenpanne
4e7acce180 Merged INLINE_OPTIMIZED intrinsic type into INLINE.
BUG=v8:3947
LOG=n

Review URL: https://codereview.chromium.org/978123003

Cr-Commit-Position: refs/heads/master@{#27039}
2015-03-06 11:01:52 +00:00
yangguo
ce45b00e4b Serializer: correctly deal with internal references.
Internal references are absolute addresses into the instruction
stream. Turn them into relative addresses when serializing and
back when deserializing to keep them valid.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/976623002

Cr-Commit-Position: refs/heads/master@{#27020}
2015-03-05 13:46:46 +00:00