Commit Graph

27307 Commits

Author SHA1 Message Date
adamk
ebdd90142b Disable --harmony-object-observe
BUG=chromium:552100
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1515473004

Cr-Commit-Position: refs/heads/master@{#32815}
2015-12-11 21:10:23 +00:00
caitpotter88
18f41e4653 [es6] support AssignmentPattern as LHS in for-in/of loops
BUG=v8:811, v8:4599
LOG=N
R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1517973002

Cr-Commit-Position: refs/heads/master@{#32814}
2015-12-11 19:39:40 +00:00
danno
bf24486b22 [tubofan] Remove .dot output of --trace-turbo
Review URL: https://codereview.chromium.org/1514323002

Cr-Commit-Position: refs/heads/master@{#32813}
2015-12-11 16:58:31 +00:00
ishell
5c3bfe8f57 During property reconfiguring ensure that the first map that gets new descriptors is the one that owns the whole descriptor array.
This is necessary to guarantee that the whole descriptor would be marked, otherwise DescriptorArray pretenuring would cause crashes.

Review URL: https://codereview.chromium.org/1520613006

Cr-Commit-Position: refs/heads/master@{#32812}
2015-12-11 16:41:46 +00:00
ahaas
746cd5f856 [wasm] Fixed FxxMin and FxxMax for cases where one operand is NaN.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1519823002

Cr-Commit-Position: refs/heads/master@{#32811}
2015-12-11 16:40:07 +00:00
bmeurer
d671f427fe [es6] Remove the %DefaultConstructorCallSuper intrinsic.
Instead desugar the default constructor for derived classes using the
same mechanism we use for normal super constructor calls.

TBR=rossberg@chromium.org
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1517243002

Cr-Commit-Position: refs/heads/master@{#32810}
2015-12-11 16:38:57 +00:00
jochen
716eb14aec Remove remaing deprecated API calls from cctest
BUG=v8:4134
R=vogelheim@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1521593002

Cr-Commit-Position: refs/heads/master@{#32809}
2015-12-11 16:15:19 +00:00
hpayer
9647d57e5b [heap] Verify mark bits when iterating mark bits.
BUG=

Review URL: https://codereview.chromium.org/1514693010

Cr-Commit-Position: refs/heads/master@{#32808}
2015-12-11 16:12:49 +00:00
ahaas
5c44e14c2e [wasm] Turn on all wasm instructions on 64bit platforms.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1514913003

Cr-Commit-Position: refs/heads/master@{#32807}
2015-12-11 15:58:27 +00:00
verwaest
a1e9ccf90f Fix Object.prototype.toString.call(proxy)
BUG=

Review URL: https://codereview.chromium.org/1517673002

Cr-Commit-Position: refs/heads/master@{#32806}
2015-12-11 15:57:30 +00:00
jkummerow
cf46317483 [proxies] Fix JSObject::AllCanRead for Proxies on the prototype chain
Review URL: https://codereview.chromium.org/1517753003

Cr-Commit-Position: refs/heads/master@{#32805}
2015-12-11 15:51:46 +00:00
bmeurer
c77c1ca80b [es6] Don't use the %GetPrototype runtime entry for super calls.
The %GetPrototype runtime function does a lot more than the
GetSuperConstructor specified in ES6 12.3.5.2. So this introduces a
proper %_GetSuperConstructor instead with support in TurboFan.

R=jarin@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1522503002

Cr-Commit-Position: refs/heads/master@{#32804}
2015-12-11 15:49:21 +00:00
jarin
56673804e0 [turbofan] Store nodes use only MachineRepresentation, not MachineType.
Review URL: https://codereview.chromium.org/1513383003

Cr-Commit-Position: refs/heads/master@{#32803}
2015-12-11 15:34:16 +00:00
ahaas
3ee4c36089 [wasm] Fixed F32Neg and F64Neg for -0.0.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1516143004

Cr-Commit-Position: refs/heads/master@{#32802}
2015-12-11 15:30:15 +00:00
cbruni
df2a92972b [proxy] fixing for-in for proxies, fixing harmony/proxy.js tests, improving error messages and some drive-by fixes
BUG=v8:1543
LOG=n

patch from issue 1519473002 at patchset 1 (http://crrev.com/1519473002#ps1)

Review URL: https://codereview.chromium.org/1516843002

Cr-Commit-Position: refs/heads/master@{#32801}
2015-12-11 14:56:00 +00:00
ahaas
d83057b4ce [wasm] Change the return type of traps for tests, and added ftoi64 instructions.
Before this change traps always returned a 32 bit word in tests. With this
change traps return either a 32 bit word or a64 bit word, depending on the size
of the actual return value of the test.

Additionally this CL implements the wasm instructions I64SCONVERTF32,
I64UCONVERTF32, I64SCONVERTF64, and I64UCONVERTF64.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1519013003

Cr-Commit-Position: refs/heads/master@{#32800}
2015-12-11 14:54:20 +00:00
jkummerow
a83546932b Move Object.assign implementation to C++
This avoids a pair of super-high-degree polymorphic load/store ICs, and
creates the opportunity to add more fast paths if needed.

Review URL: https://codereview.chromium.org/1517963002

Cr-Commit-Position: refs/heads/master@{#32799}
2015-12-11 14:10:55 +00:00
bradnelson
ff0cc4a4c1 Reland addition of init function for asm->wasm.
This relands this, in it's new home:
032faa8a90

R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1522473002

Cr-Commit-Position: refs/heads/master@{#32798}
2015-12-11 14:10:00 +00:00
jkummerow
430bfd1b02 Fix^2 HasEnumerableElements
Arguments objects can have packed elements too.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1517073003

Cr-Commit-Position: refs/heads/master@{#32797}
2015-12-11 14:09:09 +00:00
ahaas
97161a29ed [turbofan] Change TruncateFloat32ToUint64 to TryTruncateFloat32ToUint64.
TryTruncateFloat32ToUint64 converts a float32 to a uint64. Additionally it
provides an optional second return value which indicates whether the conversion
succeeded (i.e. float32 value was within uint64 range) or not.

I implemented the new operator on x64, arm64, and mips64. @v8-ppc-ports, can you
please take care of the ppc64 implementation of the second output?

Additionally I fixed a bug on x64 and mips64 in the implementation of
TryTruncateFloat64ToUint64. Cases where the input value was between -1 and 0
were handled incorrectly.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1512023002

Cr-Commit-Position: refs/heads/master@{#32796}
2015-12-11 14:07:18 +00:00
Hannes Payer
9a5650ac9e Remove obsolete PrototypeTransitionClearing cctest.
BUG=

Review URL: https://codereview.chromium.org/1520793003 .

Cr-Commit-Position: refs/heads/master@{#32795}
2015-12-11 12:53:09 +00:00
titzer
4c5b3609fd Initial import of v8-native WASM.
As discussed in person, this adds the code from v8-native-prototype into
V8 proper, guarded by GYP flags that do not build the code by default.
Passing wasm=on to 'make' or setting v8_wasm as a GYP flag activates
building of this code.

An additional header file is added to and exported from the compiler
directory, src/compiler/wasm-compiler.h. This exposes a limited interface
with opaque Node and Graph types to the decoder to build TF graphs, as
well as functions to compile WASM graphs.

The mjsunit tests added are blacklisted because they fail without the
WASM object exposed to JS, which is also disabled by the build config
option.

This corresponds closely to 5981e06ebc, with some formatting fixes and moving some files into src/compiler.

R=mstarzinger@chromium.org, bradnelson@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1504713014

Cr-Commit-Position: refs/heads/master@{#32794}
2015-12-11 12:27:05 +00:00
mlippautz
38d889ec19 [heap] Remove SweeperType and clean up SweepSpace a bit.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1521573002

Cr-Commit-Position: refs/heads/master@{#32793}
2015-12-11 12:24:37 +00:00
Ben L. Titzer
69cf31f0b7 Disable test-heap/PrototypeTransitionClearing
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1521583003 .

Cr-Commit-Position: refs/heads/master@{#32792}
2015-12-11 12:21:09 +00:00
ulan
feed943f81 Clean up mark-compact phases and GC counter names.
BUG=chromium:568495
LOG=NO

Review URL: https://codereview.chromium.org/1515503006

Cr-Commit-Position: refs/heads/master@{#32791}
2015-12-11 11:26:21 +00:00
hpayer
0c778116bd Pretenure prototype transitions array.
BUG=

Review URL: https://codereview.chromium.org/1513313003

Cr-Commit-Position: refs/heads/master@{#32790}
2015-12-11 11:25:26 +00:00
mlippautz
bd104277c2 [heap] Remove heap-local variable caching FLAG_concurrent_sweeping
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1522433002

Cr-Commit-Position: refs/heads/master@{#32789}
2015-12-11 11:04:52 +00:00
mvstanton
3f648d7b44 Turbofan instanceof lowering needs to address proxies.
BUG=

Review URL: https://codereview.chromium.org/1518773003

Cr-Commit-Position: refs/heads/master@{#32788}
2015-12-11 11:03:07 +00:00
epertoso
474ecd67ea Revert of Removes the Callee parameter from FunctionCallbackInfo. (patchset #1 id:1 of https://codereview.chromium.org/1510483002/ )
Reason for revert:
Need to figure out a better solution for this.

Original issue's description:
> Removes the Callee parameter from FunctionCallbackInfo.
>
> This will help us to instantiate AccessorPair's getters and setters only when they are needed.
>
> BUG=
>
> Committed: https://crrev.com/2fe34ebdcdee0f21b88daa4098a7918e91abb8fb
> Cr-Commit-Position: refs/heads/master@{#32759}

TBR=jochen@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1520843002

Cr-Commit-Position: refs/heads/master@{#32787}
2015-12-11 10:20:51 +00:00
vogelheim
5819e4be5b Re-re-land FastAccessorBuilder.
... using the RawMachineAssembler and the work in crrev.com/1407313004.

The original change collided with crrev.com/1513543003.

BUG=chromium:508898
LOG=Y

Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
Cr-Commit-Position: refs/heads/master@{#32742}

patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)

Committed: https://crrev.com/ee5c38d7db907ff86dd4049721c0cb4bc90a6c4d
Cr-Commit-Position: refs/heads/master@{#32753}

patch from issue 1504713012 at patchset 20001 (http://crrev.com/1504713012#ps20001)

Review URL: https://codereview.chromium.org/1518703002

Cr-Commit-Position: refs/heads/master@{#32786}
2015-12-11 09:54:00 +00:00
mlippautz
a86ddc5bc3 Revert of [cctest] Add tests for aborting compaction of pages (patchset #6 id:140001 of https://codereview.chromium.org/1511933002/ )
Reason for revert:
Failing on Win 32bit nosnap:
  https://chromegw.corp.google.com/i/client.v8/builders/V8%20Win32%20-%20nosnap%20-%20shared/builds/10602

Original issue's description:
> [cctest] Add tests for aborting compaction of pages
>
> Tests for
> * aborting a full page.
> * partially aborting a page.
> * partially aborting a page with pointers between aborted pages.
> * partially aborting a page with store buffer entries.
>
> Also introduces force_oom() which prohibits a old space to
> expand
>
> BUG=chromium:524425
> LOG=N

TBR=ulan@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1514603008

Cr-Commit-Position: refs/heads/master@{#32785}
2015-12-11 09:50:47 +00:00
bmeurer
5382e68691 [x64] Use xorl to materialize smi zero.
Before we always loaded smi zero via a movabs with a 64-bit immediate,
which is pretty expensive compared to the xorl.

R=jarin@chromium.org

Committed: https://crrev.com/f236777bfe6e080ff1ead6baf847cc9b6bb4f9cb
Cr-Commit-Position: refs/heads/master@{#27829}

Review URL: https://codereview.chromium.org/1085153002

Cr-Commit-Position: refs/heads/master@{#32784}
2015-12-11 09:38:58 +00:00
mlippautz
161a0e0051 [cctest] Add tests for aborting compaction of pages
Tests for
* aborting a full page.
* partially aborting a page.
* partially aborting a page with pointers between aborted pages.
* partially aborting a page with store buffer entries.

Also introduces ShouldForceOOM() which prohibits a PagedSpace from expanding.
Compaction spaces refer to the corresponding actual space.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1511933002

Cr-Commit-Position: refs/heads/master@{#32783}
2015-12-11 09:14:46 +00:00
bmeurer
7e5ff19ee2 [turbofan] Some more cleanup on the intrinsics.
Remove unused obsolete %_StringGetStringLength intrinsic, and properly
optimize the %_SubString, %_RegExpExec, %_RegExpFlags, %_RegExpSource
and %_RegExpConstructResult intrinsics.

Review URL: https://codereview.chromium.org/1516753006

Cr-Commit-Position: refs/heads/master@{#32782}
2015-12-11 09:12:12 +00:00
machenbach
eaac00b4e7 Revert of MIPS: Enable v8 compilation with CLANG. (patchset #1 id:1 of https://codereview.chromium.org/1519493002/ )
Reason for revert:
[Sheriff] This seems to break chromium runhooks for android:
https://build.chromium.org/p/client.v8.fyi/builders/Android%20Builder/builds/1794

Original issue's description:
> MIPS: Enable v8 compilation with CLANG.
>
> Updated toolchain.gypi to support v8 using CLANG on MIPS. These changes
> include using integrated assembler with CLANG, and disabling options
> used by GCC which are not supported by CLANG.
>
> TEST=
> BUG=
>
> Committed: https://crrev.com/0bae3c393575de4503cb179faa220e597e35dd8f
> Cr-Commit-Position: refs/heads/master@{#32780}

TBR=paul.lind@imgtec.com,akos.palfi@imgtec.com,balazs.kilvady@imgtec.com,ivica.bogosavljevic@imgtec.com,jkummerow@chromium.org,Ilija.Pavlovic@imgtec.com,Ilija.Pavlovic@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1520823002

Cr-Commit-Position: refs/heads/master@{#32781}
2015-12-11 09:10:28 +00:00
Ilija.Pavlovic
0bae3c3935 MIPS: Enable v8 compilation with CLANG.
Updated toolchain.gypi to support v8 using CLANG on MIPS. These changes
include using integrated assembler with CLANG, and disabling options
used by GCC which are not supported by CLANG.

TEST=
BUG=

Review URL: https://codereview.chromium.org/1519493002

Cr-Commit-Position: refs/heads/master@{#32780}
2015-12-11 08:07:49 +00:00
bmeurer
5964152c8f [contexts] Place the initial JSArray maps on the native context directly.
No need to have an indirection to get to the initial JSArray maps from
the native context; we only cache the fast elements maps anyway, so
those could live on the native context directly. This will also
integrate nicely with the load/store propagation in TurboFan (once we
propagate the immutable flag for FieldAccess as well).

Drive-by-fix: Also don't embed any of the initial JSArray maps in
TurboFan generated code when allocating a new JSArray, but instead
always load the appropriate map from the native context.  This way
we ensure that we never leak a reference to one of those maps and
its as efficient as embedding a constant map.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1516433005

Cr-Commit-Position: refs/heads/master@{#32779}
2015-12-11 06:51:21 +00:00
zhengxing.li
da7c5a739c X87: [turbofan] Make MachineType a pair of enums.
port bb2a830deb (r32738)

  original commit message:
  MachineType is now a class with two enum fields:
  - MachineRepresentation
  - MachineSemantic

  Both enums are usable on their own, and this change switches some places from using MachineType to use just MachineRepresentation. Most notably:
  - register allocator now uses just the representation.
  - Phi and Select nodes only refer to representations.

BUG=

Review URL: https://codereview.chromium.org/1520793002

Cr-Commit-Position: refs/heads/master@{#32778}
2015-12-11 05:07:49 +00:00
adamk
ed698f3da1 Rewrite Object.prototype.toString in C++
The main impetus is to improve performance when --harmony-tostring
is enabled, thanks to using a generic property load instead of a
megamorphic IC.

This also reduces duplication, as the API function
v8::Object::ObjectProtoToString can share the runtime implementation.

The only functional change in this patch is to drop an accidental difference
between the JS and API implementations: the arguments object should toString
as "[object Arguments]". The JS side was corrected in
https://code.google.com/p/v8/source/detail?r=3279, but the API version was
missed in that patch.

BUG=chromium:555127, v8:3502
LOG=n
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1509533003

Cr-Commit-Position: refs/heads/master@{#32777}
2015-12-11 04:26:43 +00:00
v8-autoroll
8bd393090d Update V8 DEPS.
Rolling v8/buildtools to 68e3c238a5ab347436762cb929316aa55ca72563

Rolling v8/tools/clang to 3a1510ccbc295798602abbbffcf61065704e8acb

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1516193002

Cr-Commit-Position: refs/heads/master@{#32776}
2015-12-11 04:23:15 +00:00
mtrofin
0b1261439b [turbofan] regalloc: model context and function mark as reg-defined.
If we model them as memory operands ("SpillOperands"), as we
currently do, they are treated by the register allocator as being defined
in memory, so spilling them up to the first use requiring them in a
register is free.

That's not the case for context and function marker. They come in
registers, and the frame construction also pushes them on the stack.
This conflicts with the goals of frame elision: the allocator should avoid
eagerly spilling them, which would force a frame construction; also,
their not being spilled, should frame elision succeed for the first block,
means modeling them as spill operands incorrect.

The natural choice would be to fully decouple their spilling from frame
construction, and let the register allocator spill them. That means they
need to be presented to the register allocator as vanilla live ranges,
with pre-assigned spill slots.

The main challenge there is that not all instructions (mainly, stack checks) list their dependency on these ranges being spilled. In this
change, we change the model but leave the frame construction as-is.
This has the benefit that it unblocks frame elision, but has the drawback
that we may see double spills in the case where these live ranges spill
only in deferred blocks. I plan to enable frame elision next, after which
tackle this issue with spilling.

BUG= v8:4533
LOG=N

Review URL: https://codereview.chromium.org/1501363002

Cr-Commit-Position: refs/heads/master@{#32775}
2015-12-11 02:44:12 +00:00
adamk
8b968b70e9 Revert of [es6] support AssignmentPattern as LHS in for-in/of loops (patchset #9 id:280001 of https://codereview.chromium.org/1508933004/ )
Reason for revert:
Hits unreachable code (found by fuzzer). Example crasher:

"for(();;);"

Original issue's description:
> [es6] support AssignmentPattern as LHS in for-in/of loops
>
> BUG=v8:811, v8:4599
> LOG=N
> R=adamk@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/e47bdb775564b2cd8365047425898ab4274190a6
> Cr-Commit-Position: refs/heads/master@{#32773}

TBR=rossberg@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811, v8:4599

Review URL: https://codereview.chromium.org/1511773009

Cr-Commit-Position: refs/heads/master@{#32774}
2015-12-11 02:00:01 +00:00
caitpotter88
e47bdb7755 [es6] support AssignmentPattern as LHS in for-in/of loops
BUG=v8:811, v8:4599
LOG=N
R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1508933004

Cr-Commit-Position: refs/heads/master@{#32773}
2015-12-11 01:06:48 +00:00
littledan
88c8361b8f Unstage non-standard Promise functions
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.

BUG=v8:3237
R=rossberg
LOG=Y

Review URL: https://codereview.chromium.org/1513873002

Cr-Commit-Position: refs/heads/master@{#32772}
2015-12-10 23:58:26 +00:00
sigurds
5aeb98efcf [turbofan] Fix missing guard in native context specialization
Native context specialization was missing an SSI renaming.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1520513002

Cr-Commit-Position: refs/heads/master@{#32771}
2015-12-10 22:53:41 +00:00
littledan
46cb23c24b Disable new regression tests with noi18n
BUG=chromium:487322
R=adamk
LOG=N

Review URL: https://codereview.chromium.org/1514993002

Cr-Commit-Position: refs/heads/master@{#32770}
2015-12-10 22:52:44 +00:00
littledan
bff3074d73 Allow ICU to normalize time zones
There's at least one case of a time zone alias: Asia/Kathmandu aliases
Asia/Katmandu. ICU seems to normalize to the (deprecated) latter choice.
V8 internationalization choked on this change; this patch interprets
ICU's output more precisely and allows it.

BUG=chromium:487322
R=jungshik,adamk
LOG=Y

Review URL: https://codereview.chromium.org/1509273007

Cr-Commit-Position: refs/heads/master@{#32769}
2015-12-10 20:13:45 +00:00
adamk
eb67f85439 Fix FuncNameInferrer usage in ParseAssignmentExpression
Without this fix, AssignmentExpressions that happen to be arrow functions
would lead to unbalanced Enter/Leave calls on the fni_, causing thrashing
while trying to infer function names. Symptoms include slow parsing
or OOM (when we create too many AstConsStrings).

To try to keep this from happening in the future, added an RAII helper
class to handle Entering/Leaving FNI state.

The included regression test crashes on my workstation without the patch.
Note that it's too slow in debug mode (as well as under TurboFan),
so I've skipped it there.

BUG=v8:4595
LOG=y

Review URL: https://codereview.chromium.org/1507283003

Cr-Commit-Position: refs/heads/master@{#32768}
2015-12-10 19:19:35 +00:00
balazs.kilvady
fef93bb23b MIPS: Fix sizeField in MacroAssembler::BranchFCommon().
BUG=

Review URL: https://codereview.chromium.org/1505983008

Cr-Commit-Position: refs/heads/master@{#32767}
2015-12-10 17:45:40 +00:00
mvstanton
45fc8f4c09 Bugfix: type feedback vector should allocate *before* changing internal state.
An allocation can reenter type feedback code because of a triggered GC. Make
sure the vector state remains coherent at these points.

BUG=568524
LOG=N

Review URL: https://codereview.chromium.org/1517613003

Cr-Commit-Position: refs/heads/master@{#32766}
2015-12-10 17:40:11 +00:00