Commit Graph

31720 Commits

Author SHA1 Message Date
adamk
f795a79010 Rewrite scopes in computed properties in destructured parameters
While we properly handled scopes of initializers in destructured parameters,
we never did the right thing for computed properties. This patch fixes that
by factoring out PatternRewriter's scope rewriting logic and calls it
for the computed property case.

BUG=chromium:620119

Review-Url: https://codereview.chromium.org/2084103002
Cr-Commit-Position: refs/heads/master@{#37228}
2016-06-23 20:47:18 +00:00
littledan
7fdbd6bf10 Reland of Test262 roll (patchset #1 id:1 of https://codereview.chromium.org/2094613004/ )
Reason for revert:
Reland fixing msan and tsan

Original issue's description:
> Revert of Test262 roll (patchset #15 id:280001 of https://codereview.chromium.org/2068263002/ )
>
> Reason for revert:
> Broke msan and tsan; need to add an extra skip
>
> Original issue's description:
> > Test262 roll
> >
> > This roll does not include a test harness change; infrastructure issues
> > still need to be worked out.
> >
> > Committed: https://crrev.com/d3a95b8a78eefabf884a60bc3d6aac5830b44eb3
> > Cr-Commit-Position: refs/heads/master@{#37225}
>
> TBR=adamk@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/8ea2cbea2e65dc506d50a25a81e610f37bc751ec
> Cr-Commit-Position: refs/heads/master@{#37226}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2097573003
Cr-Commit-Position: refs/heads/master@{#37227}
2016-06-23 19:34:46 +00:00
littledan
8ea2cbea2e Revert of Test262 roll (patchset #15 id:280001 of https://codereview.chromium.org/2068263002/ )
Reason for revert:
Broke msan and tsan; need to add an extra skip

Original issue's description:
> Test262 roll
>
> This roll does not include a test harness change; infrastructure issues
> still need to be worked out.
>
> Committed: https://crrev.com/d3a95b8a78eefabf884a60bc3d6aac5830b44eb3
> Cr-Commit-Position: refs/heads/master@{#37225}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2094613004
Cr-Commit-Position: refs/heads/master@{#37226}
2016-06-23 19:31:28 +00:00
littledan
d3a95b8a78 Test262 roll
This roll does not include a test harness change; infrastructure issues
still need to be worked out.

Review-Url: https://codereview.chromium.org/2068263002
Cr-Commit-Position: refs/heads/master@{#37225}
2016-06-23 18:41:50 +00:00
ssanfilippo
91769d6464 [Interpreter] Fix missing entries for bytecode handlers in perf mapping.
Since [1], Logger does not dispatch anymore to the other loggers. This is
now the task of the CodeEventDispatcher, and Logger is just a client.

One use of the Logger as dispatcher wasn't caught in the refactoring, which
caused the entries for bytecode handlers loaded from the snapshot to be
missing from the symbols mapping written by PerfBasicLogger.

[1] https://crrev.com/9df23510eaa12eb5c298cf68a92e90c6e992855c

BUG=v8:4899
LOG=N

Review-Url: https://codereview.chromium.org/2085143003
Cr-Commit-Position: refs/heads/master@{#37224}
2016-06-23 17:52:02 +00:00
adamk
7b011fc9db Array splice should only normalize deleted_elements if it's an array
Also slightly expand regression test to end with a return instead of
an exception.

R=cbruni@chromium.org
BUG=chromium:618788

Review-Url: https://codereview.chromium.org/2090193002
Cr-Commit-Position: refs/heads/master@{#37223}
2016-06-23 17:23:20 +00:00
ishell
4f674da2e9 [ic] Don't compile load interceptor handlers for LoadGlobalIC.
As a result LoadGlobalIC requires different slow stubs for each TypeofMode.

This CL is a prerequisite for not passing variable name to LoadGlobalIC:
the interceptor handler is the only kind of handler that requires a name
and therefore LoadGlobalIC dispatcher does not need a variable name as well.

BUG=chromium:576312

Review-Url: https://codereview.chromium.org/2081143002
Cr-Commit-Position: refs/heads/master@{#37222}
2016-06-23 16:51:14 +00:00
vogelheim
25d59e9d48 Revert of Reland [heap] Avoid the use of cells to point from code to new-space objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )
Reason for revert:
This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#

I can reproduce locally, and local revert also fixes it -> revert.

Reproduce with:
 out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js  test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation

(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)

Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}

TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2090983002
Cr-Commit-Position: refs/heads/master@{#37221}
2016-06-23 16:05:46 +00:00
bgeron
ee657f0bed [compiler] Introduce a simple store-store elimination, disabled by default.
R=jarin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2087483003
Cr-Commit-Position: refs/heads/master@{#37220}
2016-06-23 15:17:43 +00:00
franzih
e9a93a9c2b Refactor Object.prototype.toString() to use the instance type instead of class_name().
Now we can turn it into a turbofan stub.

Create new instance types JS_ARGUMENTS_TYPE and JS_ERROR_TYPE.

Review-Url: https://codereview.chromium.org/2080243003
Cr-Commit-Position: refs/heads/master@{#37219}
2016-06-23 14:40:47 +00:00
franzih
bdc78957e5 Fix Object.prototype.toString() when @@toStringTag is not a string.
ES2017 draft 19.1.3.6: If @@toStringTag is not a string, Object.prototype.toString()
returns [object Object], except in the following cases:
 - Array
 - String
 - Arguments
 - Function
 - Error
 - Boolean
 - Number
 - Date
 - RegExp.

For anything else, e.g., Maps, Sets, TypedArrays, or the global object, toString() returns
[object Object] if @@toStringTag is absent or not a string. In order to be able to
easily identify the global object in d8, we set @@toStringTag to "global"
for d8.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=

Review-Url: https://codereview.chromium.org/2071343002
Cr-Commit-Position: refs/heads/master@{#37218}
2016-06-23 13:39:59 +00:00
ahaas
5508e16592 Reland [heap] Avoid the use of cells to point from code to new-space objects.
The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.

The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.

Additionally some rebasing was necessary.

Original issue's description:

Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

R=mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2091733002
Cr-Commit-Position: refs/heads/master@{#37217}
2016-06-23 13:14:17 +00:00
mlippautz
fc656803ca [heap] Add CHECK for non-null object to LeftTrimFixedArray
R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2098483002
Cr-Commit-Position: refs/heads/master@{#37216}
2016-06-23 12:51:13 +00:00
rmcilroy
13670e5073 [Interpreter] Add ValueOf intrinsic.
BUG=v8:4822

Review-Url: https://codereview.chromium.org/2097473002
Cr-Commit-Position: refs/heads/master@{#37215}
2016-06-23 12:36:28 +00:00
verwaest
059f2fa101 Cache Object.create maps on the passed prototype's PrototypeInfo
BUG=chromium:603144

Review-Url: https://codereview.chromium.org/2083353002
Cr-Commit-Position: refs/heads/master@{#37214}
2016-06-23 12:18:48 +00:00
ivica.bogosavljevic
42ac51c82e Fix int64 lowering on big-endian architectures.
Lowering of Int64Load, Int64Store, BitcastInt64ToFloat64 and
BitcastFloat64ToInt64 was using LE word ordering in memory,
causing failures on some tests.

BUG=mjsunit/regress/regress-599719,mjsunit/regress/regress-599717

Review-Url: https://codereview.chromium.org/2080213004
Cr-Commit-Position: refs/heads/master@{#37213}
2016-06-23 11:41:07 +00:00
georgia.kouveli
f5d90fc9f2 [arm64] Fix handling of CMN and ADD/SUB with overflow in VisitBinop.
CMN is a flag-setting add operation, and therefore is commutative.
{Add,Sub}WithOverflow generate ADD/SUB instructions that cannot
support a ROR shift.

BUG=

Review-Url: https://codereview.chromium.org/2087233005
Cr-Commit-Position: refs/heads/master@{#37212}
2016-06-23 11:29:20 +00:00
yangguo
2a5a8fde1c Simplify source position calculation.
R=jgruber@chromium.org
BUG=v8:5117

Review-Url: https://codereview.chromium.org/2093613002
Cr-Commit-Position: refs/heads/master@{#37211}
2016-06-23 11:17:40 +00:00
mlippautz
4244b989ca [heap] Modernize all *Page iterators to be proper C++ iterators
As part of the page type unification also unify page iterators. Iterating
over a space works the same for all spaces now (new, old, lo).

Iterating over pages of a space follows now the regular C++ iterator pattern:
- for (auto it = space->begin(); it != space->end(); ++it) {}
- for (Page* p : *space) {}

GC only: Loop supporting unlinking/freeing of a Page on the fly:
  for (auto it = space->begin(); != space->end();) {
    Page* p = *(it++);
    p->Unlink();
  }

For iteration of a range of new space pages use NewSpacePageRange which
also verifies that the range is actually a proper new space page range.

BUG=chromium:581412
LOG=N

Review-Url: https://codereview.chromium.org/2088223002
Cr-Commit-Position: refs/heads/master@{#37210}
2016-06-23 09:57:06 +00:00
mlippautz
2658eb2af5 [heap] Fix bad-cast in Sweeper
BUG=chromium:622351
LOG=N
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2097453002
Cr-Commit-Position: refs/heads/master@{#37209}
2016-06-23 09:11:08 +00:00
bmeurer
5250da6861 [turbofan] Initial version of RedundancyElimination.
The redundancy elimination is currently a graph reducer that tries to
combine redundant checks in the effect chain. It does this by
propagating the checks that happened along effect paths, which is pretty
similar to what the BranchElimination does on the control chain. We run
this reducer together with the other optimizations right after the
representation selection.

An upcoming CL will extend the redundancy elimination to also eliminate
redundant loads (and eventually map checks).

R=jarin@chromium.org
BUG=v8:5141

Review-Url: https://codereview.chromium.org/2091503003
Cr-Commit-Position: refs/heads/master@{#37208}
2016-06-23 08:59:34 +00:00
ishell
a81c66546e [mips] Fix using signaling NaN for holes in fixed double arrays.
BUG=chromium:620650

Review-Url: https://codereview.chromium.org/2086343002
Cr-Commit-Position: refs/heads/master@{#37207}
2016-06-23 08:27:54 +00:00
jochen
284f50c53f Enable check for non-gender neutral pronouns
R=danno@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2088393002
Cr-Commit-Position: refs/heads/master@{#37206}
2016-06-23 07:15:18 +00:00
v8-autoroll
766e7a569c Update V8 DEPS.
Rolling v8/build to 7194daf8360db4618456185d29db524cdc153bb4

Rolling v8/tools/mb to a7c3a793cc06ce1703347c2d2eeac6a94ac16b4d

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2094603002
Cr-Commit-Position: refs/heads/master@{#37205}
2016-06-23 03:26:33 +00:00
mattloring
97c2bc362f Revert of Include file names in trace_turbo output (patchset #3 id:40001 of https://codereview.chromium.org/2083863004/ )
Reason for revert:
Many build bots are failing with a message of the form:

Missing or invalid v8 JSON file: /tmp/tmp2qcEUy_swarming/0/output.json

Can be relanded once we understand why these failures are occuring.

Original issue's description:
> Include file names in trace_turbo output
>
> The trace turbo output will overwrite itself when functions in different
> files share the same name. Output files now have the form
> `turbo-<function_name>:<opt_file_name>-<opt_phase>.suffix`.
>
> R=ofrobots@google.com
> BUG=
>
> Committed: https://crrev.com/a53b9bf02f31e5647c37e0392afa19f74df1a3ba
> Cr-Commit-Position: refs/heads/master@{#37199}

TBR=ofrobots@google.com,bmeurer@chromium.org,danno@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2083153004
Cr-Commit-Position: refs/heads/master@{#37204}
2016-06-22 22:23:42 +00:00
mtrofin
0b98dbcc1e [wasm] Consolidate CompileAndRunWasmModule
Remove second wasm module compilation and instantiation path that
we had in CompileAndRunWasmModule and reuse the same path used
by user code.

BUG=

Review-Url: https://codereview.chromium.org/2091533002
Cr-Commit-Position: refs/heads/master@{#37203}
2016-06-22 21:39:14 +00:00
littledan
2601900dda Reland of write scopes of non-simple default arguments (patchset #1 id:1 of https://codereview.chromium.org/2081323006/ )
Reason for revert:
Infra issue appears to be over

TBR=adamk@chromium.org

Original issue's description:
> Revert of Rewrite scopes of non-simple default arguments (patchset #5 id:80001 of https://codereview.chromium.org/2077283004/ )
>
> Reason for revert:
> Seems to close tree (but it could be an infra issue)
>
> Original issue's description:
> > Rewrite scopes of non-simple default arguments
> >
> > Default parameters have additional declaration block scopes inserted
> > around them when something in the function scope calls eval. This
> > patch sets the parent scope of the expressions introduced due to
> > those defaults to the new block scope.
> >
> > R=adamk
> > BUG=chromium:616386
> >
> > Committed: https://crrev.com/0e14baf712955a1993f742647bb2adc293702b80
> > Cr-Commit-Position: refs/heads/master@{#37198}
>
> TBR=adamk@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:616386
>
> Committed: https://crrev.com/dd50262933d2ac087da32be887a7c18385fd998e
> Cr-Commit-Position: refs/heads/master@{#37201}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:616386

Review-Url: https://codereview.chromium.org/2086353003
Cr-Commit-Position: refs/heads/master@{#37202}
2016-06-22 21:09:57 +00:00
littledan
dd50262933 Revert of Rewrite scopes of non-simple default arguments (patchset #5 id:80001 of https://codereview.chromium.org/2077283004/ )
Reason for revert:
Seems to close tree (but it could be an infra issue)

Original issue's description:
> Rewrite scopes of non-simple default arguments
>
> Default parameters have additional declaration block scopes inserted
> around them when something in the function scope calls eval. This
> patch sets the parent scope of the expressions introduced due to
> those defaults to the new block scope.
>
> R=adamk
> BUG=chromium:616386
>
> Committed: https://crrev.com/0e14baf712955a1993f742647bb2adc293702b80
> Cr-Commit-Position: refs/heads/master@{#37198}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:616386

Review-Url: https://codereview.chromium.org/2081323006
Cr-Commit-Position: refs/heads/master@{#37201}
2016-06-22 19:58:10 +00:00
michaelbai
8d830a5aab Remove natives_blob.bin's arch dependence in Android.
BUG=620855

Review-Url: https://codereview.chromium.org/2074283002
Cr-Commit-Position: refs/heads/master@{#37200}
2016-06-22 18:48:52 +00:00
mattloring
a53b9bf02f Include file names in trace_turbo output
The trace turbo output will overwrite itself when functions in different
files share the same name. Output files now have the form
`turbo-<function_name>:<opt_file_name>-<opt_phase>.suffix`.

R=ofrobots@google.com
BUG=

Review-Url: https://codereview.chromium.org/2083863004
Cr-Commit-Position: refs/heads/master@{#37199}
2016-06-22 18:37:01 +00:00
littledan
0e14baf712 Rewrite scopes of non-simple default arguments
Default parameters have additional declaration block scopes inserted
around them when something in the function scope calls eval. This
patch sets the parent scope of the expressions introduced due to
those defaults to the new block scope.

R=adamk
BUG=chromium:616386

Review-Url: https://codereview.chromium.org/2077283004
Cr-Commit-Position: refs/heads/master@{#37198}
2016-06-22 18:22:18 +00:00
yangguo
8b67a00223 Only count legacy parser usage if legacy parser had effect.
We would otherwise also count if its just trimming whitespaces.

R=adamk@chromium.org
BUG=chromium:618595

Review-Url: https://codereview.chromium.org/2080183003
Cr-Commit-Position: refs/heads/master@{#37197}
2016-06-22 18:07:47 +00:00
nikolaos
b9f682baaf Fix bug with illegal spread as single arrow parameter
R=adamk@chromium.org
BUG=chromium:621496
LOG=N

Review-Url: https://codereview.chromium.org/2084703005
Cr-Commit-Position: refs/heads/master@{#37196}
2016-06-22 18:07:46 +00:00
lpy
04f710ac20 [Reland] Refactor CpuProfiler.
Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
from Logger, constructs and stores CodeEventsContainer. This patch is part of
the effort to split the logic of CodeEventListener as ProfilerListener out of
the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
to code events, construct code event to CodeEventsContainer and pass it to code
event handler.

The reason we refactor CpuProfiler is that eventually we want to move
CpuProfiler as part of sampler library and code event listener should stay
inside V8.

Main changes:
1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
functionality and the ProfilerListener listening to code events from Logger.
2. Created CodeEventObserver and made CpuProfiler inherit from it.
ProfilerListener will have a list of observers and call CodeEventHandler once a
code event is created.
3. Moved code entry list from CodeEntry to ProfilerListener.

Minor changes:
1. Moved static code entry as part of CodeEntry.
2. Added ProfilerListener to Logger.

BUG=v8:4789

Committed: https://crrev.com/cb59fc1facc9b390e2c7544b4da56a4e0a9b3222
Review-Url: https://codereview.chromium.org/2053523003
Cr-Original-Commit-Position: refs/heads/master@{#37112}
Cr-Commit-Position: refs/heads/master@{#37195}
2016-06-22 16:45:51 +00:00
littledan
c444b2b7af Stage async/await
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2083653003
Cr-Commit-Position: refs/heads/master@{#37194}
2016-06-22 16:10:19 +00:00
bgeron
21fdde3c76 Make syntax for boolean flags more discoverable.
Because --help does not show how to use boolean flags.

R=jkummerow@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2087223002
Cr-Commit-Position: refs/heads/master@{#37193}
2016-06-22 16:07:11 +00:00
hlopko
815da79694 Use gender neutral terms
BUG=
LOG=no

Review-Url: https://codereview.chromium.org/2085043005
Cr-Commit-Position: refs/heads/master@{#37192}
2016-06-22 15:05:18 +00:00
mvstanton
b52f71d57d Gender neutral comments.
BUG=

Review-Url: https://codereview.chromium.org/2085273002
Cr-Commit-Position: refs/heads/master@{#37191}
2016-06-22 14:54:03 +00:00
hlopko
be8d603464 Use gender neutral terms in heap.cc
BUG=
LOG=no

Review-Url: https://codereview.chromium.org/2084823004
Cr-Commit-Position: refs/heads/master@{#37190}
2016-06-22 14:45:03 +00:00
mythria
dc4faa623c [Interpreter] Switch functions from ignition to full-codegen early.
Updates kProfilerTicksBeforeBaseline in runtime-profiler to allow
functions to switch from ignition to full-codgen earlier. This helps
on many benchmarks and does not impact the code size significantly.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2085153003
Cr-Commit-Position: refs/heads/master@{#37189}
2016-06-22 14:41:53 +00:00
machenbach
046c1f24bd [mb] Switch windows bots to mb
BUG=chromium:616035
NOTRY=true

Review-Url: https://codereview.chromium.org/2088963003
Cr-Commit-Position: refs/heads/master@{#37188}
2016-06-22 13:53:05 +00:00
jochen
344b945601 Add GN targets for samples
BUG=chromium:609107
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2081323004
Cr-Commit-Position: refs/heads/master@{#37187}
2016-06-22 13:37:27 +00:00
bmeurer
1ee71aa29c [turbofan] Fix bug in CheckTaggedSigned lowering.
TBR=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2087803005
Cr-Commit-Position: refs/heads/master@{#37186}
2016-06-22 12:25:45 +00:00
rmcilroy
485e77519f [Interpreter] Add intrinsics called as stubs.
Adds support for intrinsics which can be called as stubs. Namely:
 - HasProperty
 - MathPow
 - NewObject
 - NumberToString
 - RegExpConstructResult
 - RegExpExec
 - Substring
 - ToString
 - ToName
 - ToLength
 - ToNumber
 - ToObject

Also adds interface descriptors for stub calls which have arguments
passed on the stack.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2051573002
Cr-Commit-Position: refs/heads/master@{#37185}
2016-06-22 12:22:47 +00:00
mlippautz
7a88ff3cc0 [heap] Filter out stale left-trimmed handles for scavenges
The missing part from
  https://codereview.chromium.org/2078403002/

R=jochen@chromium.org
BUG=chromium:621869
LOG=N

Review-Url: https://codereview.chromium.org/2077353004
Cr-Commit-Position: refs/heads/master@{#37184}
2016-06-22 12:22:46 +00:00
ahaas
d4d4703266 [wasm] Move the semaphore for parallel compilation to the wasm module.
If the semaphore is stored as a local variable in {CompileInParallel},
then the semaphore was sometimes deallocated too early and caused
the compilation tasks to crash. This only happens with libc-2.19,
libc-2.21 fixes the problem.

R=mlippautz@chromium.org, rossberg@chromium.org

Review-Url: https://codereview.chromium.org/2080223006
Cr-Commit-Position: refs/heads/master@{#37183}
2016-06-22 11:31:03 +00:00
ishell
bbbf21c240 Don't crash when trying to print a call stack of an OOM.
Receiver is the hole when we construct a builtin object.

BUG=chromium:611684

Review-Url: https://codereview.chromium.org/2083163003
Cr-Commit-Position: refs/heads/master@{#37182}
2016-06-22 11:24:17 +00:00
rmcilroy
1b4e0130fa Reland: [Crankshaft] Always check for stubs marked to not require an eager frame.
Previously only stubs built in the snapshot were checked for having an
eager frame. This caused a regression to creap in on ia32 for
RegExpConstructResultStub. Change test to always check.

CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg

Review-Url: https://codereview.chromium.org/2089673002
Cr-Commit-Position: refs/heads/master@{#37181}
2016-06-22 11:09:40 +00:00
verwaest
813f231896 Further streamline HandleApiCall
The CL avoids superfluous conversions / reboxing and handlescopes.

BUG=

Review-Url: https://codereview.chromium.org/2089703004
Cr-Commit-Position: refs/heads/master@{#37180}
2016-06-22 10:23:45 +00:00
jochen
c7715c2fbe Add HasOwnProperty with array indexes
This way embedders don't have to manually convert them to strings

BUG=chromium:619166
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2085223002
Cr-Commit-Position: refs/heads/master@{#37179}
2016-06-22 10:20:45 +00:00