Commit Graph

27152 Commits

Author SHA1 Message Date
neis
ef1ac72901 [proxies] Make Object.{isFrozen,isSealed} behave correctly for proxies.
R=rossberg
BUG=

Review URL: https://codereview.chromium.org/1502983002

Cr-Commit-Position: refs/heads/master@{#32660}
2015-12-07 15:36:14 +00:00
jochen
6150662d89 Remove deprecate API usage from more cctests
BUG=v8:4134
R=vogelheim@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1502193002

Cr-Commit-Position: refs/heads/master@{#32659}
2015-12-07 15:28:25 +00:00
rossberg
b6a2ff8ede Split ParserBase into separate file
Reviving/redoing littledan's previous CL.

R=nikolaos@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1504833002

Cr-Commit-Position: refs/heads/master@{#32658}
2015-12-07 14:26:49 +00:00
titzer
a29f81f603 Add an --expose-wasm flag.
This adds a runtime flag that controls whether the WASM object is
exposed to JavaScript. While currently guarded by the V8_WASM build-time
flag, after landing in V8 the build-time flag will be removed, leaving
only this new runtime flag.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1507623002

Cr-Commit-Position: refs/heads/master@{#32657}
2015-12-07 13:40:03 +00:00
sigurds
5b5821142b [turbofan] Improve escape analysis
This patch improves escape analysis and fixes bugs
triggered by clusterfuzz. Impovements include:
* Handling of LoadElement/StoreElement if index is a
  constant
* Handling of JSStoreProperty: invalidate all information,
  as the store could have altered any field.
* Treat phis that use an allocation as escaping
* Improve resolution of replacements

R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1499143002

Cr-Commit-Position: refs/heads/master@{#32656}
2015-12-07 13:29:06 +00:00
rossberg
063920e2e4 Add more OWNER files
R=adamk@chromium.org, mstarzinger@chromium.org, yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1477093003

Cr-Commit-Position: refs/heads/master@{#32655}
2015-12-07 12:52:12 +00:00
mstarzinger
0738f53dd6 [heap] Make link from optimized code to inlined code explicit.
This makes the strong link from optimized code to code objects for all
inlined functions explicit. It adds direct references to code objects
into deoptimization data as literals. Note that this is not necessarily
the code that will be deoptimized to, because the code on the shared
function info might be replaced by other components (e.g. debugger).
Those replacement code objects however are all non-flushable, marking
explicit strong links for reachability unnecessary.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1490233009

Cr-Commit-Position: refs/heads/master@{#32654}
2015-12-07 12:26:23 +00:00
ahaas
95844d94f3 [turbofan] Changed TruncateFloat64ToInt64 to TryTruncateFloat64ToInt64.
The new operator provides a second output which indicates whether the
conversion from float64 to int64 was successful or not. The second
output returns 0 if the conversion fails. If the conversion succeeds,
then the second output is differs from 0.

The second output can be ignored, which means that the operator can be
used the same way as the original operator.

I implemented the new operator on x64 and arm64. @v8-mips-ports and
@v8-ppc-ports, can you please take care of the mips64 and ppc64
implementation of the second output?

R=titzer@chromium.org, v8-arm-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1495213003

Cr-Commit-Position: refs/heads/master@{#32653}
2015-12-07 12:13:05 +00:00
bmeurer
1c44aa0e8d [turbofan] Don't try to inling dead nodes.
The JSInliningHeuristic keeps a list of nodes, which might have been
killed by other reducers before the JSInliningHeuristic looks at it
again, so it has to check whether nodes are dead before trying to
expand them later (this is similar to what the ValueNumberingReducer
needs to do with its internal table).

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1508643002

Cr-Commit-Position: refs/heads/master@{#32652}
2015-12-07 11:27:48 +00:00
neis
4e2c0dd7a9 [proxies] Make Object.{freeze,seal} behave correctly for proxies.
- Add JSReceiver::SetIntegrityLevel, with a fast path for regular objects.
- Make Object.{freeze,seal} call this via %Object{Freeze,Seal}, thus no longer
  using broken or deprecated functions from v8natives.js.
- Add JSReceiver::OwnPropertyKeys convenience function.
- Reenable harmony/proxies-hash.js test.

R=rossberg
BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1489423002

Cr-Commit-Position: refs/heads/master@{#32651}
2015-12-07 11:01:35 +00:00
jkummerow
ec37add662 [API] GetOwnPropertyDescriptor: use C++ implementation
Also delete a bunch of dead code from src/js/.

Review URL: https://codereview.chromium.org/1502593002

Cr-Commit-Position: refs/heads/master@{#32650}
2015-12-07 11:00:33 +00:00
yangguo
18a3ddcfb9 [debugger] add test case for stepping into default parameter.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1500413002

Cr-Commit-Position: refs/heads/master@{#32649}
2015-12-07 10:08:29 +00:00
zhengxing.li
5837db4171 X87: [crankshaft] Loads and stores to typed arrays have to reference the backing store holder.
port 086d459847 (r32644)

  original commit message:
  The backing store is only held alive indirectly via the array buffer
  referenced by the holder (typed array), so it's not enough to keep the
  elements alive (or even just the external pointer loaded from the
  elements).

BUG=

Review URL: https://codereview.chromium.org/1503943002

Cr-Commit-Position: refs/heads/master@{#32648}
2015-12-07 09:45:11 +00:00
yangguo
4ff9bb070b [debugger] add test case for stepping into string template.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1502163002

Cr-Commit-Position: refs/heads/master@{#32647}
2015-12-07 09:41:01 +00:00
mstarzinger
35b47d89f6 Unify InvokeBuiltin implementations across architectures.
This makes the implementations of MacroAssembler::InvokeBuiltin go
through the InvokeFunctionCode helper on all architectures. This helper
knows how to correctly set up all registers (i.e. argument count and the
new target value).

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1488303008

Cr-Commit-Position: refs/heads/master@{#32646}
2015-12-07 09:27:03 +00:00
zhengxing.li
1ecb225477 X87: [ic] Change CompareIC to handle JSReceiver instead of JSObject.
port 0ed0878041 (r32642)

  original commit message:
  There's no reason to limit the CompareIC to (known) JSObject instances,
  as all JSReceivers behave the same wrt. abstract and strict equality.
  So remove this historical limitation and track JSReceivers instead.

BUG=

Review URL: https://codereview.chromium.org/1501373003

Cr-Commit-Position: refs/heads/master@{#32645}
2015-12-07 08:41:56 +00:00
jochen
086d459847 [crankshaft] Loads and stores to typed arrays have to reference the backing store holder
The backing store is only held alive indirectly via the array buffer
referenced by the holder (typed array), so it's not enough to keep the
elements alive (or even just the external pointer loaded from the
elements).

R=mstarzinger@chromium.org,bmeurer@chromium.org
LOG=n
BUG=v8:1827

Review URL: https://codereview.chromium.org/1493983004

Cr-Commit-Position: refs/heads/master@{#32644}
2015-12-07 08:37:42 +00:00
mtrofin
da8fd00e4c In addition to blocks making calls, blocks making the deopt call also
need to be marked as such.

BUG=

Review URL: https://codereview.chromium.org/1505683002

Cr-Commit-Position: refs/heads/master@{#32643}
2015-12-07 07:26:58 +00:00
bmeurer
0ed0878041 [ic] Change CompareIC to handle JSReceiver instead of JSObject.
There's no reason to limit the CompareIC to (known) JSObject instances,
as all JSReceivers behave the same wrt. abstract and strict equality.
So remove this historical limitation and track JSReceivers instead.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1502963002

Cr-Commit-Position: refs/heads/master@{#32642}
2015-12-07 07:25:18 +00:00
zhengxing.li
55f78b4371 X87: [debugger] do not predict step in target for liveedit.
port 1e671030b9 (r32614)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1502053003

Cr-Commit-Position: refs/heads/master@{#32641}
2015-12-07 06:48:27 +00:00
bmeurer
277091ba90 [turbofan] Always load context from target when lowering to direct call.
There's no benefit in embedding the context as a constant for direct
calls. In fact it seems to be cheaper both size and execution wise to
just always load the context from the target.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1506763002

Cr-Commit-Position: refs/heads/master@{#32640}
2015-12-07 06:21:53 +00:00
bmeurer
fc0a1a709c [test] Test expectations in cctest should use CHECK and not DCHECK.
The test expectations should fail consistently in both release and debug
builds. DCHECK is only meant for debug-only checks in production code.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1506753002

Cr-Commit-Position: refs/heads/master@{#32639}
2015-12-07 05:37:15 +00:00
zhengxing.li
df57698cd4 X87: Revert of Provide call counts for constructor calls, surface them as a vector IC. (patchset #4 id:60001 of https://codereview.chromium.org/1476413003/ )
port e89e08ca14 (r32599)

  original commit message:
  Reason for revert:
  Seems to be (mostly) responsible for the most recent Speedometer regression, not 100% sure. Let's see what the bots have to say.

  Original issue's description:
  > Provide call counts for constructor calls, surface them as a vector IC.
  >
  > CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that ther
  >
  > BUG=
  >
  > Committed: https://crrev.com/66d5a9df62da458a51e8c7ed1811dc9660f4f418
  > Cr-Commit-Position: refs/heads/master@{#32452}

  additional description:
  Revert "X87: Provide call counts for constructor calls, surface them as a vector IC." as r32599 does

  This reverts commit 54a9d349db.

BUG=

Review URL: https://codereview.chromium.org/1506723002

Cr-Commit-Position: refs/heads/master@{#32638}
2015-12-07 04:09:25 +00:00
zhengxing.li
1dda6ac253 X87: Reland of [debugger] do not restart frames that reference new.target for liveedit. (patchset #1 id:1 of https://codereview.chromium.org/1493863004/ )
port 15cb3fde7d (r32587)

  original commit message:
  Reason for revert:
  Didn't help...

  Original issue's description:
  > Revert of [debugger] do not restart frames that reference new.target for liveedit. (patchset #1 id:1 of https://codereview.chromium.org/1493363002/ )
  >
  > Reason for revert:
  > [Sheriff] Speculative revert for https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225
  >
  > Original issue's description:
  > > [debugger] do not restart frames that reference new.target for liveedit.
  > >
  > > R=mstarzinger@chromium.org
  > >
  > > Committed: https://crrev.com/6fca870240bdbb07a365189b5eb0c98fa65b3682
  > > Cr-Commit-Position: refs/heads/master@{#32572}
  >
  > TBR=mstarzinger@chromium.org,yangguo@chromium.org
  > NOPRESUBMIT=true
  > NOTREECHECKS=true
  > NOTRY=true
  >
  > Committed: https://crrev.com/1a61dab34b9849f3f70a42ce69317e22758c53a1
  > Cr-Commit-Position: refs/heads/master@{#32582}

BUG=

Review URL: https://codereview.chromium.org/1501323002

Cr-Commit-Position: refs/heads/master@{#32637}
2015-12-07 04:08:20 +00:00
zhengxing.li
3d40bd941e X87: Remove new.target value from construct stub frames.
port eaa0e59611 (r32550)

  original commit message:
  This drops the specific slot containing the new.target value from our
  construct stub frames. This side-channel has been deprecated and will
  no longer be accessed by any consumers.

BUG=

Review URL: https://codereview.chromium.org/1504703002

Cr-Commit-Position: refs/heads/master@{#32636}
2015-12-07 03:46:32 +00:00
zhengxing.li
e3b1cf1726 X87: [fullcode] Switch passing of new.target to register.
port 440a42b741 (r32548)

  original commit message:
  This passes the new.target value in a register instead of through a
  side-channel via the construct stub. Note that this marks the last
  consumer of said side-channel and the special slot in the construct
  stub frame can be removed as a follow-up.

BUG=

Review URL: https://codereview.chromium.org/1503923002

Cr-Commit-Position: refs/heads/master@{#32635}
2015-12-07 03:24:47 +00:00
zhengxing.li
d5a52b6636 X87: [proxies] InstanceOfStub should bailout to %HasInPrototypeChain for proxies.
port 0e95683376 (r32549)

  original commit message:
  Whenever the InstanceOfStub finds a proxy (either passed as object or
  somewhere on the prototype chain), it should bailout to the
  %HasInPrototypeChain runtime function, which will do the right thing
  (soonish).

BUG=

Review URL: https://codereview.chromium.org/1508553002

Cr-Commit-Position: refs/heads/master@{#32634}
2015-12-07 03:17:05 +00:00
zhengxing.li
fa1b0fceca X87: Fix inobject slack tracking for both subclassing and non-subclassing cases.
port 5d38d6819c (r32547)

  original commit message:
  It didn't support subclassing case at all and in non-subclassing case the runtime
  allocation didn't do the slack tracking step.

BUG=

Review URL: https://codereview.chromium.org/1506713002

Cr-Commit-Position: refs/heads/master@{#32633}
2015-12-07 03:10:41 +00:00
bmeurer
552437c08e [deoptimizer] Also print the actual literal when printing translations.
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1497233002

Cr-Commit-Position: refs/heads/master@{#32632}
2015-12-06 15:45:02 +00:00
v8-autoroll
b720ece886 Update V8 DEPS.
Rolling v8/tools/clang to 5b7bd8a08ae5ee5262c38e01f5b703cc193074d4

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1502873002

Cr-Commit-Position: refs/heads/master@{#32631}
2015-12-06 04:37:23 +00:00
balazs.kilvady
21b331e3ff MIPS: Use BOVC/BNVC for overflow checking on r6.
BUG=

Review URL: https://codereview.chromium.org/1434263003

Cr-Commit-Position: refs/heads/master@{#32630}
2015-12-05 12:18:53 +00:00
machenbach
0f2ed07f45 Revert of Clean up promises and fix an edge case bug (patchset #4 id:60001 of https://codereview.chromium.org/1488783002/ )
Reason for revert:
[Sheriff] Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3266

Please request rebase upstream first.

Original issue's description:
> Clean up promises and fix an edge case bug
>
> This patch builds on previous Promise spec compliance work by
> cleaning out some old code which existed to support
> Promise.prototype.chain, rephrasing some code to correspond more
> closely to the specification, and removing some incorrect brand
> checking. A test is added for a bug in an edge case which was fixed.
>
> R=rossberg
> BUG=v8:3641
> LOG=Y
>
> Committed: https://crrev.com/1deb89c8fd3cb69714ae0a24e3b5a4e78f6b73b4
> Cr-Commit-Position: refs/heads/master@{#32627}

TBR=rossberg@chromium.org,caitpotter88@gmail.com,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3641

Review URL: https://codereview.chromium.org/1501763004

Cr-Commit-Position: refs/heads/master@{#32629}
2015-12-05 08:51:20 +00:00
v8-autoroll
93955d1654 Update V8 DEPS.
Rolling v8/tools/clang to 6ecb01a508c93b383990381a30c06d3cbb175e8c

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1501173002

Cr-Commit-Position: refs/heads/master@{#32628}
2015-12-05 04:34:48 +00:00
littledan
1deb89c8fd Clean up promises and fix an edge case bug
This patch builds on previous Promise spec compliance work by
cleaning out some old code which existed to support
Promise.prototype.chain, rephrasing some code to correspond more
closely to the specification, and removing some incorrect brand
checking. A test is added for a bug in an edge case which was fixed.

R=rossberg
BUG=v8:3641
LOG=Y

Review URL: https://codereview.chromium.org/1488783002

Cr-Commit-Position: refs/heads/master@{#32627}
2015-12-04 18:56:17 +00:00
mbrandy
412aefac61 PPC: Refine "[runtime] [proxy] removing JSFunctionProxy and related code."
R=cbruni@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1500993003

Cr-Commit-Position: refs/heads/master@{#32626}
2015-12-04 17:54:37 +00:00
mbrandy
fe35487860 PPC: [debugger] do not predict step in target for liveedit.
Port 1e671030b9

R=yangguo@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1502573002

Cr-Commit-Position: refs/heads/master@{#32625}
2015-12-04 17:49:31 +00:00
mbrandy
cc17ead444 Revert "PPC: Provide call counts for constructor calls, surface them as a vector IC."
This reverts commit 55b41ff32ded37bb4730a6e13ff831c5def2841e.

Port e89e08ca14

Reason for revert:
    Seems to be (mostly) responsible for the most recent Speedometer regression, not 100% sure.
    Let's see what the bots have to say.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1501763002

Cr-Commit-Position: refs/heads/master@{#32624}
2015-12-04 17:29:33 +00:00
caitpotter88
b634a61d84 [es6] implement destructuring assignment
Attempt #<really big number>

Parses, and lazily rewrites Destructuring Assignment expressions. The rewriting strategy involves inserting a placeholder RewritableAssignmentExpression into the AST, whose content expression can be completely rewritten at a later time.

Lazy rewriting ensures that errors do not occur due to eagerly rewriting nodes which form part of a binding pattern, thus breaking the meaning of the pattern --- or by eagerly rewriting ambiguous constructs that are not immediately known

BUG=v8:811
LOG=Y
R=adamk@chromium.org, bmeurer@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1309813007

Cr-Commit-Position: refs/heads/master@{#32623}
2015-12-04 17:20:24 +00:00
mstarzinger
77774035d8 Fix uninitialized new.target register in InvokeBuiltin.
On some architectures the InvokeBuiltin sequence does not go through
InvokeFunctionCode, which initializes the new.target register. This
initializes the register explicitly on these architectures for now.

R=ishell@chromium.org
BUG=chromium:565046
LOG=n

Review URL: https://codereview.chromium.org/1499953002

Cr-Commit-Position: refs/heads/master@{#32622}
2015-12-04 16:35:47 +00:00
jochen
0f2bffa11e Mark deprecated debugger APIs as such
We should consider deprecating the message based API as well in the
future.

BUG=none
R=yangguo@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1485333007

Cr-Commit-Position: refs/heads/master@{#32621}
2015-12-04 15:25:40 +00:00
jkummerow
7d1263db47 [proxies] Use JSReceiver::GetKeys() for more purposes
Having beefed up GetKeys() to support everything, use it for everything now.

This fixes Object.getOwnPropertyNames and Object.getOwnPropertySymbols for
Proxies, and gets rid of a bunch of code duplication.

BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1498593006

Cr-Commit-Position: refs/heads/master@{#32620}
2015-12-04 15:20:57 +00:00
ivica.bogosavljevic
171fb5caa1 MIPS: Fixing CLANG compilation warnings
Fixing warnings which cause compilation to fail when compiling
using CLANG for MIPS

BUG=

Review URL: https://codereview.chromium.org/1493793002

Cr-Commit-Position: refs/heads/master@{#32619}
2015-12-04 14:44:04 +00:00
jochen
2ce0e87fb2 Use FixedTypedArrayBase's body descriptor for static visiting
BUG=none
R=ishell@chromium.org,hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1488053002

Cr-Commit-Position: refs/heads/master@{#32618}
2015-12-04 14:43:08 +00:00
mlippautz
f0f707d832 Reland "[heap] Refactor evacuation for young and old gen into visitors."
Create a visitor for evacuating objects for young and old generation. This is
the first step of preparing a task to process, both,  newspace and oldspace
pages in parallel.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1499893002

Cr-Commit-Position: refs/heads/master@{#32617}
2015-12-04 14:19:32 +00:00
cbruni
747f455b07 [runtime] [proxy] removing JSFunctionProxy and related code.
BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1496503002

Cr-Commit-Position: refs/heads/master@{#32616}
2015-12-04 13:49:24 +00:00
neis
eb9407c6f5 [es6] Set correct length for Reflect.get (should be 2, not 3).
R=rossberg
BUG=

Review URL: https://codereview.chromium.org/1498983003

Cr-Commit-Position: refs/heads/master@{#32615}
2015-12-04 13:40:43 +00:00
yangguo
1e671030b9 [debugger] do not predict step in target for liveedit.
R=verwaest@chromium.org

Committed: https://crrev.com/8f87ff5d62e996b07ffbde7e735daa603c1d7290
Cr-Commit-Position: refs/heads/master@{#32553}

Committed: https://crrev.com/00559c4584fe3a4c3c1a8d3a5b5af0611b19c40a
Cr-Commit-Position: refs/heads/master@{#32600}

Review URL: https://codereview.chromium.org/1491743005

Cr-Commit-Position: refs/heads/master@{#32614}
2015-12-04 13:26:17 +00:00
mstarzinger
254f9178d1 [crankshaft] Move deopt data population to LCodeGenBase.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1499103002

Cr-Commit-Position: refs/heads/master@{#32613}
2015-12-04 13:15:27 +00:00
dusan.m.milosavljevic
472e2ba9b9 MIPS:[turbofan] Match shift left and bitwise And with mask when possible.
TEST=unittests/InstructionSelectorTest.Word(32|64)ShlWithWord(32|64)And
BUG=

Review URL: https://codereview.chromium.org/1496013003

Cr-Commit-Position: refs/heads/master@{#32612}
2015-12-04 13:13:04 +00:00
Michael Achenbach
af9fa49000 Whitespace change for perf changes.
Cr-Commit-Position: refs/heads/master@{#32611}
2015-12-04 12:46:41 +00:00