Allocator does not backtrack thus during allocation we must not create an unhandled live
range which starts before the start of the current live range.
If such range is added to the list of unhandled it might see an inconsistent state of active/inactive live-ranges as they are retired to handled as soon as start of the current live range is larger than their end.
Add assertion to catch this kind of bugs early.
TEST=NavierStokes does not fail on ARM
Review URL: https://codereview.chromium.org/14262005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14274 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Renamed SignalSender to SamplerThread to match platforms that don't support signal sending.
Cygwin and Windows implementations are almost identical. Mac OS X uses different API to suspend thread but apart from that it is very similar to Windows implenenation.
BUG=None
Review URL: https://codereview.chromium.org/14264009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14272 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is a first step to having profiler sampler implementation in one file with platform capabilities guarded with #ifdef. Otherwise we have very similar implementations scattered over platform-*.cc files which makes it hard to see differences and make changes.
The next steps will be to merge win32, Mac OS X and Cygwin implementations into sampler.cc They suspend profiled thread instead of sending a signal but apart from that the logic is pretty much the same. Then I'm going to move sampler-related code from log.* into sampler.*
BUG=None
Review URL: https://codereview.chromium.org/13852005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In this patch, we added the JIT code event handler for Vtune. Most of the code is in the
folder src/third_party/vtune. Two APIs are added in include/v8.h to get the requirement info
from V8.
We add the v8_enable_vtunejit parameter for GYP to enable these Vtune code compilation.
vTune::InitilizeVtuneForV8() is invoked in the embedder of V8 to make sure it's invokded if
vtune support is enabled.
Review URL: https://codereview.chromium.org/11574031
Patch from Chunyang Dai <chunyang.dai@intel.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14253 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When defining an indexed property on an Array object, the object's
length property should (perhaps) be updated. This was done for any
property for which
ToUInt32(name) == ToNumber(name)
was true, meaning any property name that, when converted to a number,
was an integer in the range [0, 2^32). The detection should be more
strict; an indexed property is one for which
ToString(ToUInt32(name)) == name
is true only.
Review URL: https://codereview.chromium.org/13914003
Patch from Jens Lindström <jl@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r14230 (76c22097)
Original commit message:
Native method invocation from the arm/simulator-arm.cc previously made
non-portable assumptions about calling conventions. This was okay for 32-bit
stack-based machines, where by-value structs are automatically materialized
on the stack, and where both int and double parameters could be passed on the
stack. However they are not okay for x86-64, which has an elaborate scheme
for passing parameters in registers.
This CL replaces the previous non-portable code paths with portable code,
using call-sites that accurately match the prototype of the callee.
BUG=
Review URL: https://codereview.chromium.org/13989008
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14239 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r14236 (7d56d7c5)
Original commit message:
* src/generator.js: Add methods and intialization for generator meta-objects.
* src/contexts.h:
* src/bootstrapper.cc (InitializeExperimentalGlobal): Make generator
meta-objects, and store maps for constructing generator functions
and their prototypes.
* src/factory.h:
* src/factory.cc (MapForNewFunction): New helper.
(NewFunctionFromSharedFunctionInfo): Use the new helper.
* src/heap.cc (AllocateFunctionPrototype, AllocateInitialMap): For
generators, allocate appropriate prototypes and maps.
* src/code-stubs.h:
* src/arm/code-stubs-arm.h:
* src/arm/full-codegen-arm.h:
* src/ia32/code-stubs-ia32.h:
* src/ia32/full-codegen-ia32.h:
* src/x64/code-stubs-x64.h:
* src/x64/full-codegen-x64.h: Allow fast closure creation for generators,
using the appropriate map.
* test/mjsunit/harmony/builtins.js: Add a special case for
GeneratorFunctionPrototype.prototype.__proto__.
BUG=
Review URL: https://codereview.chromium.org/13988003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14238 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* src/contexts.h:
* src/bootstrapper.cc (InitializeExperimentalGlobal): Make generator
meta-objects, and store maps for constructing generator functions
and their prototypes.
* src/factory.h:
* src/factory.cc (MapForNewFunction): New helper.
(NewFunctionFromSharedFunctionInfo): Use the new helper.
* src/heap.cc (AllocateFunctionPrototype, AllocateInitialMap): For
generators, allocate appropriate prototypes and maps.
* src/code-stubs.h:
* src/arm/code-stubs-arm.h:
* src/arm/full-codegen-arm.h:
* src/ia32/code-stubs-ia32.h:
* src/ia32/full-codegen-ia32.h:
* src/x64/code-stubs-x64.h:
* src/x64/full-codegen-x64.h: Allow fast closure creation for generators,
using the appropriate map.
* test/mjsunit/harmony/builtins.js: Add a special case for
GeneratorFunctionPrototype.prototype.__proto__.
BUG=
TEST=mjsunit/harmony/generators-runtime
Review URL: https://codereview.chromium.org/13192004
Patch from Andy Wingo <wingo@igalia.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This makes the logic in the Hydrogen->Lithium translation much clearer, avoids a
hand-written dispatch and even opened up opportunities for simpler register
constraints for some operations/platforms.
Doing the same for the Hydrogen level might be done in a follow-up CL.
Review URL: https://codereview.chromium.org/13841003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Native method invocation from the arm/simulator-arm.cc previously made
non-portable assumptions about calling conventions. This was okay for 32-bit
stack-based machines, where by-value structs are automatically materialized
on the stack, and where both int and double parameters could be passed on the
stack. However they are not okay for x86-64, which has an elaborate scheme
for passing parameters in registers.
This CL replaces the previous non-portable code paths with portable code,
using call-sites that accurately match the prototype of the callee.
BUG=2614
Review URL: https://chromiumcodereview.appspot.com/13818012
Patch from Brad Chen <bradchen@google.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Specifically:
- Introduce Symbol and SymbolObject classes.
- Generalise Object::Has and Object::Delete to arbitrary Value-typed keys.
- Generalise some places in the API implementation from String to Name.
It is not possible to intercept symbol-named properties. That is consistent with the idea that symbols are private and should not leak.
R=svenpanne@chromium.org
BUG=v8:2158
Review URL: https://codereview.chromium.org/13626002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14210 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The new test checks full CPU profiling cycle: using public
V8 API it starts profiling, executes a script, stops profiling
and analyzes collected profile to check that its top-down
tree has expected strutcture. The script that is being profiled
is guaranteed to run > 200ms to make sure enough samples
are collected.
To avoid possible flakiness due to non-deterministic time required
to start new thread on varios OSs when Sampler and ProfilerEventsProcessor
threads are being started the main thread is blocked until the threads
are running.
Also I removed the heuristic in profile-generator.cc where we try
to figure out if the value on top of the sampled stack is return address
of some frameless stub invocation. The code periodically gives false positive
with the new test ending up in an extra node in the collected cpu profile.
After discussion with jkummerow@ we concluded that the logic is too fragile
and that we can address frameless stub invocations in a more reliable way
later should they have a noticeable effect on cpu profiling.
BUG=None
Review URL: https://codereview.chromium.org/13627002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Currently, when a long series of removable simulates are merged, we do
this by merging them one by one as we find them. As we merge the value
value lists of the simulates, those lists snowball so that we get a
quadratic complexity wrt runtime and memory consumption.
Instead, we gather simulates that need to be merged, and merge them
backwards starting from the last simulate.
R=jkummerow@chromium.org
BUG=v8:2612
Review URL: https://chromiumcodereview.appspot.com/13649003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r14152 (4e58a8ea)
Original commit message:
* src/scopes.h (ForceContextAllocation, has_forced_context_allocation):
New interface to force context allocation for an entire function's
scope.
* src/scopes.cc: Unless a new scope is a function scope, if its outer
scope has forced context allocation, it should also force context
allocation.
(MustAllocateInContext): Return true if the scope as a whole has
forced context allocation.
(CollectStackAndContextLocals): Allow temporaries to be
context-allocated.
* src/parser.cc (ParseFunctionLiteral): Force context allocation for
generator scopes.
* src/v8globals.h (VariableMode): Update comment on TEMPORARY.
* src/arm/full-codegen-arm.cc (Generate):
* src/ia32/full-codegen-ia32.cc (Generate):
* src/x64/full-codegen-x64.cc (Generate): Assert that generators have no
stack slots.
* test/mjsunit/harmony/generators-instantiation.js: New test.
BUG=
Review URL: https://codereview.chromium.org/13726009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14157 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For many moons now I've been seeing this warning when running make x64.release.check:
/home/wingo/src/v8/src/gdb-jit.cc:632:
Single-argument constructors should be marked explicit.
[runtime/explicit] [5]
This patch fixes it.
BUG=
Review URL: https://codereview.chromium.org/13724006
Patch from Andy Wingo <wingo@igalia.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* src/scopes.h (ForceContextAllocation, has_forced_context_allocation):
New interface to force context allocation for an entire function's
scope.
* src/scopes.cc: Unless a new scope is a function scope, if its outer
scope has forced context allocation, it should also force context
allocation.
(MustAllocateInContext): Return true if the scope as a whole has
forced context allocation.
(CollectStackAndContextLocals): Allow temporaries to be
context-allocated.
* src/parser.cc (ParseFunctionLiteral): Force context allocation for
generator scopes.
* src/v8globals.h (VariableMode): Update comment on TEMPORARY.
* src/arm/full-codegen-arm.cc (Generate):
* src/ia32/full-codegen-ia32.cc (Generate):
* src/x64/full-codegen-x64.cc (Generate): Assert that generators have no
stack slots.
* test/mjsunit/harmony/generators-instantiation.js: New test.
BUG=v8:2355
TEST=mjsunit/harmony/generators-instantiation
Review URL: https://codereview.chromium.org/13408005
Patch from Andy Wingo <wingo@igalia.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14152 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This patch refactors the parser and preparser interface to be more
readable and type-safe. It has no behavior changes.
Previously, parsers and preparsers were configured via bitfield called
parser_flags in the Parser constructor, and flags in
PreParser::PreParseProgram, ParserApi::Parse, and ParserApi::PreParse.
This was error-prone in practice: six call sites passed incorrectly
typed values to this interface (a boolean FLAG value, a boolean false
and a boolean true value). None of these errors were caught by the
compiler because it's just an "int".
The parser flags interface was also awkward because it encoded a
language mode, but the language mode was only used to turn on harmony
scoping or not -- it wasn't used to actually set the parser's language
mode.
Fundamentally these errors came in because of the desire for a
procedural parser interface, in ParserApi. Because we need to be able
to configure the parser in various ways, the flags argument got added;
but no one understood how to use the flags properly. Also they were
only used by constructors: callers packed bits, and the constructors
unpacked them into booleans on the parser or preparser.
The solution is to allow parser construction, configuration, and
invocation to be separated. This patch does that.
It passes the existing tests.
BUG=
Review URL: https://codereview.chromium.org/13450007
Patch from Andy Wingo <wingo@igalia.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* src/api.cc (ScriptData::PreCompile): Fix bogus use of bogus value for
preparsing flags by removing those arguments, which were always zero.
* src/parser.h
* src/parser.cc (ParserApi::PreParse): Remove extension and flags
arguments, both of which were either always 0 or incorrectly used.
* test/cctest/test-parsing.cc (RegressChromium62639, Regress928): Fix
more bogus uses of preparser api.
BUG=
Review URL: https://codereview.chromium.org/13496008
Patch from Andy Wingo <wingo@igalia.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This patch adds comments explaining the interface in runtime.cc and simplifies
all callers given these assumptions (e.g., no need to loop over intervals, or
calculate where the interval starts).
Took care of some unrelated issues in the edited code:
- Fixes one use of [] to InternalArray
- Removed a bunch of comments referring to ES3 which no longer hold in ES5
Review URL: https://codereview.chromium.org/13071006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This patchset begins by adding support for "yield", which is unlike other tokens
in JS. In a generator, whether strict or classic, it is a syntactic keyword.
In classic mode it is an identifier. In strict mode it is reserved.
This patch adds YIELD as a token to the scanner, and adapts the preparser and
parser appropriately. It also parses "function*", indicating that a function is
actually a generator, for both eagerly and lazily parsed functions.
Currently "yield" just compiles as "return".
BUG=v8:2355
TEST=mjsunit/harmony/generators-parsing
Review URL: https://codereview.chromium.org/12646003
Patch from Andy Wingo <wingo@igalia.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r14061 (df49702a)
Original commit message:
If we find a property in the prototype-chain that we can overwrite, and
we have a transition, keep the holder in the lookup-result as the actual
holder. We will need it for the consistency-check in GenerateStoreField.
By directly checking the entire chain we avoid having to lazily bail out
to a copy of the miss stub while generating the Field Store IC.
Currently this CL disallows a normal non-receiver holder, given that
that would require a positive lookup + details verification to ensure
the property did not become read-only. This fixes the regressions in the
attached tests.
BUG=
Review URL: https://codereview.chromium.org/12924011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Zapping is required since transition arrays contain weak references to maps: At the end of a GC cycle, ClearNonLiveTransitions removes references to dead maps from transition arrays. If a marked transition array with weak (dead) references is replaced by another transition array before the end of the GC cycle, dead references are not removed from the replaced transition array. If the replaced transition array is kept alive by a handle, marking will crash when trying to mark the first reference to a dead map.
Review URL: https://codereview.chromium.org/12987013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14063 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
If we find a property in the prototype-chain that we can overwrite, and
we have a transition, keep the holder in the lookup-result as the actual
holder. We will need it for the consistency-check in GenerateStoreField.
By directly checking the entire chain we avoid having to lazily bail out
to a copy of the miss stub while generating the Field Store IC.
Currently this CL disallows a normal non-receiver holder, given that
that would require a positive lookup + details verification to ensure
the property did not become read-only. This fixes the regressions in the
attached tests.
Review URL: https://chromiumcodereview.appspot.com/12810006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r14051 (e9140a92)
Original commit message:
(qua last week's TC39)
Specifically:
- Install Symbol constructor function on the global object.
- Adjust code generation for typeof.
- Remove IsSymbol built-in, IS_SYMBOL macro now defined using typeof.
- Remove hack that allowed symbols as constructor results, and some other special cases.
- Remove symbol_delegate and GetDelegate function.
- Extend ToBoolean stub to handle symbols.
- Extend ToNumber to return NaN on symbols.
- Poison symbol's toString function, and thereby ToString on symbols.
BUG=
Review URL: https://codereview.chromium.org/13007003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14058 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is one step in the direction of fixing a range of small bugs in the array methods when dealing with non-standard element attributes.
Added tests exercising this behavior for shift and unshift.
For Proxies and Interceptors, the behavior of %GetArrayKeys is now to just return an interval, rather than trying to list all their indexed properties. In the Proxy case, this seems like the only way to avoid an observable difference between smart and non-smart array methods. For Interceptors, the usual case (in WebKit, anyway) is for them to have all indices in [0, length), so enumerating them won't be any better than simply iterating over that range.
Review URL: https://codereview.chromium.org/12653010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14057 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
(qua last week's TC39)
Specifically:
- Install Symbol constructor function on the global object.
- Adjust code generation for typeof.
- Remove IsSymbol built-in, IS_SYMBOL macro now defined using typeof.
- Remove hack that allowed symbols as constructor results, and some other special cases.
- Remove symbol_delegate and GetDelegate function.
- Extend ToBoolean stub to handle symbols.
- Extend ToNumber to return NaN on symbols.
- Poison symbol's toString function, and thereby ToString on symbols.
R=mstarzinger@chromium.org
BUG=v8:2158
Review URL: https://codereview.chromium.org/12957004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Previously we would only mark the slot that was added specifically for
this map, if there was a backpointer and the descriptor array was shared
via the backpointer. However, ConvertTransitionToMapTransition may break
this link after we marked the transitioned map, before we marked the
transitioning map. So the descriptor slots of the parent map won't get
recorded, and we potentially point to an old address of an already
relocated function.
BUG=chromium:196331
Review URL: https://chromiumcodereview.appspot.com/12836005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Two new methods are added to allow embedders to determine that execution
should be resumed at a particular point in the stack without being forced
to unwind all JS frames.
* V8::CancelTerminateExecution() -- When execution is terminated via a call
to V8::TerminateExecution(), this method can be called to clear the
termination exception so that the engine can continue to be used.
* TryCatch::HasTerminated() -- When a TryCatch has caught a termination
exception, HasTerminated() will return true to indicate it is valid to
call V8::ResumeExecution() if desired.
A test case is added to cctest/test-thread-termination.cc.
BUG=v8:2361
Patch from Andrew Paprocki <andrew@ishiboo.com>.
Review URL: https://chromiumcodereview.appspot.com/11142013
Patch from Andrew Paprocki <andrew@ishiboo.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
