Commit Graph

19203 Commits

Author SHA1 Message Date
jkummerow
c12e8d889c Revert of Fix logic for doing incremental marking steps on tenured allocation. (patchset id:60001 of https://codereview.chromium.org/1040233003/)
Reason for revert:
Suspected of triggering memory corruption issues, e.g. crbug.com/478401.

Original issue's description:
> Fix logic for doing incremental marking steps on tenured allocation.
>
> R=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/9716468ae63500adb74f5188c47de847e195d71b
> Cr-Commit-Position: refs/heads/master@{#27883}

TBR=hpayer@chromium.org,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1099633002

Cr-Commit-Position: refs/heads/master@{#27944}
2015-04-20 15:19:25 +00:00
mvstanton
9987221c02 Make sure builtins preserve guarantees about empty element array prototypes.
We have a bottleneck around storing elements in the array and object prototypes,
but the Push() and Unshift() builtins don't respect them.

Fix this exactly to the level of existing support for stores.

BUG=v8:4043
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1066003003

Cr-Commit-Position: refs/heads/master@{#27943}
2015-04-20 15:16:34 +00:00
jochen
ad854ea11e Allow for accessing an ArrayBuffer contents without externalizing it
The embedder has to take appropriate steps to ensure that the
ArrayBuffer doesn't die while it's accessing the pointer, e.g. keep a
Local handle to it around

BUG=none
R=dslomov@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1095083002

Cr-Commit-Position: refs/heads/master@{#27942}
2015-04-20 15:01:43 +00:00
yangguo
8cf289ca4f Throw when attaching a stack trace to an object fails.
R=jarin@chromium.org
BUG=chromium:478011
LOG=N

Review URL: https://codereview.chromium.org/1077153003

Cr-Commit-Position: refs/heads/master@{#27941}
2015-04-20 14:40:45 +00:00
yangguo
f66a31282a Wrap array implementation in a function.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1067523003

Cr-Commit-Position: refs/heads/master@{#27940}
2015-04-20 14:12:22 +00:00
jochen
53cc6486df Remove support for externally backed elements from the API
Embedders should use ArrayBuffers instead

BUG=v8:3996
LOG=y
R=verwaest@chromium.org,dslomov@chromium.org,kbr@chromium.org

Review URL: https://codereview.chromium.org/1092923002

Cr-Commit-Position: refs/heads/master@{#27939}
2015-04-20 13:31:27 +00:00
Ross McIlroy
063fc25122 Replace OVERRIDE->override and FINAL->final since we now require C++11.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1088993003

Cr-Commit-Position: refs/heads/master@{#27937}
2015-04-20 13:08:14 +00:00
Ben L. Titzer
7a4744ade4 Always wrap AllocationSiteContext::current() in a new handle in Crankshaft.
R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1086863003

Cr-Commit-Position: refs/heads/master@{#27935}
2015-04-20 11:46:34 +00:00
jochen
f15d01379e Indicate that low-memory-notificatin triggered GCs are "forced"
BUG=none
R=hpayer@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1095043002

Cr-Commit-Position: refs/heads/master@{#27934}
2015-04-20 10:23:42 +00:00
yangguo
726630d29c Correctly name header macros for src/snapshot/*.h.
R=mvstanton@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1091983002

Cr-Commit-Position: refs/heads/master@{#27933}
2015-04-20 10:22:07 +00:00
yangguo
cc9da821ea Serializer: assert that we deserialize only one native context.
R=mvstanton@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1097893002

Cr-Commit-Position: refs/heads/master@{#27932}
2015-04-20 09:57:00 +00:00
yangguo
e96d25536e Fix serialization statistics for external strings.
External strings are serialized as internal strings. The current way
of collecting stats is slightly wrong. We ought to use the map and
size passed to SerializePrologue.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1092253003

Cr-Commit-Position: refs/heads/master@{#27931}
2015-04-20 08:55:04 +00:00
ulan
068a6afb44 Clean up output of heap object tracing
BUG=

Review URL: https://codereview.chromium.org/1097683002

Cr-Commit-Position: refs/heads/master@{#27929}
2015-04-18 09:21:07 +00:00
adamk
4a5c91387b [modules] Parsing: add ModuleRequests where missing
Two last forms supported in this patch:
  - 'import' ModuleSpecifier
  - 'export' '*' 'from' ModuleSpecifier.

BUG=v8:1569
LOG=n

Review URL: https://codereview.chromium.org/1094963002

Cr-Commit-Position: refs/heads/master@{#27927}
2015-04-17 22:45:06 +00:00
rmcilroy
b990a6c691 Turn off SupportsFlexibleFloorAndRound for Arm64 due to a bug.
There is a bug with SupportsFlexibleFloorAndRound on Arm64. Turn it off for
now until we figure out a proper solution.

BUG=chromium:476477
LOG=Y

Review URL: https://codereview.chromium.org/1093863002

Cr-Commit-Position: refs/heads/master@{#27925}
2015-04-17 18:00:15 +00:00
hpayer
88e2d14c90 Initialize idle old generation allocation limit in constructor.
BUG=478082
NOTRY=true
LOG=n

Review URL: https://codereview.chromium.org/1093853002

Cr-Commit-Position: refs/heads/master@{#27924}
2015-04-17 16:57:26 +00:00
mbrandy
99c116ccda PPC: Reland "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
Port 8098253562

R=verwaest@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1057413003

Cr-Commit-Position: refs/heads/master@{#27923}
2015-04-17 15:56:13 +00:00
danno
5cb387c2b7 [visualizer]: Add types to visualizer output
Review URL: https://codereview.chromium.org/1083083006

Cr-Commit-Position: refs/heads/master@{#27922}
2015-04-17 15:46:12 +00:00
jkummerow
f4f2e9c558 Fix GC-induced DCHECK failure in Runtime_GetWeakMapEntries
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1091253002

Cr-Commit-Position: refs/heads/master@{#27921}
2015-04-17 14:21:21 +00:00
yangguo
c6a36305c7 Wrap object observe implementation in a function.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1086813005

Cr-Commit-Position: refs/heads/master@{#27920}
2015-04-17 14:09:52 +00:00
ssid
281d30d758 Adding V8 api to get memory statistics of spaces in V8::Heap.
This is first step towards adding V8 heap statistics to the memory
tracing infrastructure. For being able to get useful memory number into
the memory dump, v8 needs to provide an external api needs to obtain
more information about the heap. So, this Cl extends the api to give
information about the memory allocated and used in the spaces.

BUG=466141, 476013
LOG=Y

Review URL: https://codereview.chromium.org/1058253003

Cr-Commit-Position: refs/heads/master@{#27919}
2015-04-17 14:04:24 +00:00
yangguo
1df70e2749 Wrap JSON and generator implementation in functions.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1097703002

Cr-Commit-Position: refs/heads/master@{#27918}
2015-04-17 13:53:03 +00:00
yangguo
5a9a0b20e7 Migrate error messages, part 3 (runtime.js).
Motivation for this is reducing the size of the native context.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1089303003

Cr-Commit-Position: refs/heads/master@{#27917}
2015-04-17 13:27:28 +00:00
jkummerow
4204c72739 Don't use normalized map cache for prototype maps
BUG=chromium:477924
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1090193002

Cr-Commit-Position: refs/heads/master@{#27916}
2015-04-17 12:16:07 +00:00
jkummerow
30cc37e9ac Bump limit in PushStackTraceAndDie
To increase the chances of minidumps containing enough useful information

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1068783006

Cr-Commit-Position: refs/heads/master@{#27915}
2015-04-17 11:45:56 +00:00
erikcorry
1caa269cee Rename some things around incremental marking triggers
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1094843002

Cr-Commit-Position: refs/heads/master@{#27914}
2015-04-17 11:17:23 +00:00
wingo
37520d3e03 Revert "Factor formal argument parsing into ParserBase"
Revert https://codereview.chromium.org/1078093002/ and follow-on parser
patches due to a perf regression.

This reverts commit 53ddccfc33.
This reverts commit 71d3213a3f.
This reverts commit 0f432ebb76.
This reverts commit 1dbc432729.

R=marja@chromium.org

Review URL: https://codereview.chromium.org/1094653002

Cr-Commit-Position: refs/heads/master@{#27912}
2015-04-17 09:51:15 +00:00
verwaest
c153a8437e [crankshaft] Fix property access with proxies in prototype chain
BUG=

Review URL: https://codereview.chromium.org/1090813003

Cr-Commit-Position: refs/heads/master@{#27911}
2015-04-17 09:25:13 +00:00
yangguo
4e37bd0684 Fix DCHECK with unsigned int in zone.cc.
R=svenpanne@chromium.org
BUG=v8:4037
LOG=N

Review URL: https://codereview.chromium.org/1051213005

Cr-Commit-Position: refs/heads/master@{#27909}
2015-04-17 09:06:45 +00:00
jkummerow
14ec8077cc Re-enable an UNREACHABLE in JSObject::GetHeaderSize()
Review URL: https://codereview.chromium.org/1091553002

Cr-Commit-Position: refs/heads/master@{#27908}
2015-04-17 08:47:11 +00:00
yangguo
ae2057e81a Reland "Migrate error messages, part 2."
Review URL: https://codereview.chromium.org/1083083004

Cr-Commit-Position: refs/heads/master@{#27907}
2015-04-17 08:35:47 +00:00
chunyang.dai
548a0b3bbd X87: Reland "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
port 8098253562 (r27898)

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1086813004

Cr-Commit-Position: refs/heads/master@{#27906}
2015-04-17 08:18:09 +00:00
machenbach
e3c2ba776a Revert of Refactor compilation dependency handling. (patchset id:60001 of https://codereview.chromium.org/1095433002/)
Reason for revert:
[Sheriff] Causes crashes in laout tests:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2543

Extra bisect run:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2548

Original issue's description:
> Refactor compilation dependency handling.
>
> Extract a new data structure CompilationDependencies and move (most) logic there.
>
> R=mstarzinger@chromium.org,verwaest@chromium.org
> BUG=
>
> Committed: https://crrev.com/b882479f1c84a48961b8aec81fa1bb1225034784
> Cr-Commit-Position: refs/heads/master@{#27892}

TBR=mstarzinger@chromium.org,verwaest@chromium.org,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1093783002

Cr-Commit-Position: refs/heads/master@{#27904}
2015-04-17 07:47:09 +00:00
jochen
fd7d881e2b Revert of Revert "Remove early bail-out in VisitWeakList to investigate chrasher." (patchset id:1 of https://codereview.chromium.org/1080303002/)
Reason for revert:
Still doesn't work

Original issue's description:
> Revert "Remove early bail-out in VisitWeakList to investigate chrasher."
>
> >  BUG=468601
> >  LOG=n
> >
> >  Review URL: https://codereview.chromium.org/1016353002
> >
> >  Cr-Commit-Position: refs/heads/master@{#27317}
>
> R=hpayer@chromium.org
> BUG=v8:3996,chromium:468601
> LOG=n
>
> Committed: https://crrev.com/835eeafe32f442d7b43fe175237de2c70ed7ceef
> Cr-Commit-Position: refs/heads/master@{#27814}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996,chromium:468601

Review URL: https://codereview.chromium.org/1092783002

Cr-Commit-Position: refs/heads/master@{#27902}
2015-04-16 21:00:03 +00:00
yangguo
04b72aa09f Serializer: share executable accessor infos between native contexts.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1081443006

Cr-Commit-Position: refs/heads/master@{#27901}
2015-04-16 18:07:51 +00:00
erikcorry
db04a5ad6f Properly report OOM when deoptimizer allocation fails
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1052823003

Cr-Commit-Position: refs/heads/master@{#27900}
2015-04-16 18:05:22 +00:00
jkummerow
6b59e1f155 Don't crash when reporting an access check failure for a detached global proxy
BUG=chromium:475884
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1086403002

Cr-Commit-Position: refs/heads/master@{#27899}
2015-04-16 17:46:38 +00:00
verwaest
8098253562 Reland "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
BUG=chromium:476592
LOG=n

Review URL: https://codereview.chromium.org/1086333002

Cr-Commit-Position: refs/heads/master@{#27898}
2015-04-16 17:32:00 +00:00
hpayer
c96a2d3a74 Use smaller heap growing factor in idle notification to start incremental marking when there is idle time >16ms.
BUG=chromium:477323
LOG=y

Review URL: https://codereview.chromium.org/1090963002

Cr-Commit-Position: refs/heads/master@{#27897}
2015-04-16 16:31:32 +00:00
mstarzinger
8924a9e1b7 [turbofan] Add single --turbo flag.
This flag is intended as a staging flag for TurboFan. It serves as a
single flag that always enables a most recent configuration of TurboFan
for test suites and benchmarks, without needing to update test drivers.

R=titzer@chromium.org,machenbach@chromium.org

Review URL: https://codereview.chromium.org/1094573002

Cr-Commit-Position: refs/heads/master@{#27896}
2015-04-16 16:28:39 +00:00
mbrandy
cc01cd94ab PPC: Array() in optimized code can create with wrong ElementsKind in corner cases.
Port 13459c1ae3

Original commit message:
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.

This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.

R=mvstanton@chromium.org, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1089913002

Cr-Commit-Position: refs/heads/master@{#27895}
2015-04-16 16:13:12 +00:00
paul.lind
e8fe704921 MIPS: Fix for StringCharCodeAtGenerator for vector-ics.
Register pop order bug only surfaced after vector-ic optimization
in https://codereview.chromium.org/1053843003 was landed.

TEST=mjsunit/string-index.js
BUG=

Review URL: https://codereview.chromium.org/1074123004

Cr-Commit-Position: refs/heads/master@{#27894}
2015-04-16 16:06:48 +00:00
paul.lind
80f24f7a4c Reland MIPS: Vector-ICs - speed towards the monomorphic exit as quickly as possible.
Port 35a67b745d

Original commit message:
Thanks to some careful assumptions, we can examine the object found at
vector[slot] and trust it's a heap object where the second field is
either a map if it's a WeakCell, or definitely not a map if it's a
Symbol, String or FixedArray. Use this to save a memory read.

BUG=

Review URL: https://codereview.chromium.org/1053843003

Cr-Commit-Position: refs/heads/master@{#27757}

Review URL: https://codereview.chromium.org/1083413003

Cr-Commit-Position: refs/heads/master@{#27893}
2015-04-16 16:05:45 +00:00
titzer
b882479f1c Refactor compilation dependency handling.
Extract a new data structure CompilationDependencies and move (most) logic there.

R=mstarzinger@chromium.org,verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1095433002

Cr-Commit-Position: refs/heads/master@{#27892}
2015-04-16 16:04:34 +00:00
titzer
cb08656b6d Move GetRootListIndex into Heap.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1095513003

Cr-Commit-Position: refs/heads/master@{#27891}
2015-04-16 15:08:09 +00:00
machenbach
d881baaced Revert of Migrate error messages, part 2. (patchset id:1 of https://codereview.chromium.org/1086313003/)
Reason for revert:
[Sheriff]: This changes layout test expectations e.g.
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Win/builds/2964

Original issue's description:
> Migrate error messages, part 2.
>
> Motivation for this is reducing the size of the native context.
>
> Committed: https://crrev.com/d3b788df0a4ccfedbe6e1df5e214cb6ba2792a65
> Cr-Commit-Position: refs/heads/master@{#27878}

TBR=mvstanton@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1095573002

Cr-Commit-Position: refs/heads/master@{#27889}
2015-04-16 14:33:26 +00:00
marja
2dc0f2ec01 [strong] Allow mutually recursive classes.
The previous restrictions were overshooting (didn't allow a class to refer to a
later class under any circumstances); after this CL we're undershooting (allow
referring to any class from inside a method).

Implementing the correct checks (allow referring only if the class declarations
are in a consecutive block and if there's no dependency cycle) will be
implemented as a follow up.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1087543004

Cr-Commit-Position: refs/heads/master@{#27888}
2015-04-16 14:12:52 +00:00
yangguo
a2baf44bf6 Serializer: collect and output memory statistics.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1086363002

Cr-Commit-Position: refs/heads/master@{#27887}
2015-04-16 13:39:16 +00:00
ulan
da12c7c7c7 Add a flag to trace heap object stats on GC.
BUG=

Review URL: https://codereview.chromium.org/1094613002

Cr-Commit-Position: refs/heads/master@{#27886}
2015-04-16 13:30:30 +00:00
conradw
d8bccfe974 [strong] Implement static restrictions on switch statement
Implements the strong mode proposal's restrictions on the syntax of the
switch statement. Also fixes a minor bug with empty statements in strong
mode and improves StrongUndefinedArrow parser synch tests.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1084983002

Cr-Commit-Position: refs/heads/master@{#27885}
2015-04-16 13:29:20 +00:00
erikcorry
71a19439e8 If a code space commit partially succeeds, free the memory
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1086253004

Cr-Commit-Position: refs/heads/master@{#27884}
2015-04-16 13:28:14 +00:00
erikcorry
9716468ae6 Fix logic for doing incremental marking steps on tenured allocation.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1040233003

Cr-Commit-Position: refs/heads/master@{#27883}
2015-04-16 13:20:38 +00:00
wingo
e0913eccfb Simplify DoParseProgram
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.

R=marja@chromium.org
BUG=
LOG=N

Review URL: https://codereview.chromium.org/1091743002

Cr-Commit-Position: refs/heads/master@{#27880}
2015-04-16 12:42:37 +00:00
yangguo
05bfdd866a Wrap map and set implementation in functions.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1094563002

Cr-Commit-Position: refs/heads/master@{#27879}
2015-04-16 12:17:35 +00:00
yangguo
d3b788df0a Migrate error messages, part 2.
Motivation for this is reducing the size of the native context.

Review URL: https://codereview.chromium.org/1086313003

Cr-Commit-Position: refs/heads/master@{#27878}
2015-04-16 11:34:47 +00:00
chunyang.dai
758c5e123b X87: Use Cells to check prototype chain validity (disabled by default).
port 0179ec5797 (r27846).

original commit message:

 The cells are stored on prototypes (in their map's PrototypeInfo). When a
 prototype object changes its map, then both its own validity cell and those
 of all "downsstream" prototypes are invalidated; handlers for a given receiver
 embed the currently valid cell for that receiver's prototype during their
 compilation and check it on execution.

BUG=

Review URL: https://codereview.chromium.org/1090803002

Cr-Commit-Position: refs/heads/master@{#27877}
2015-04-16 10:40:43 +00:00
erikcorry
a3f5e04c99 Make store buffer more robust to OOM.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1086263002

Cr-Commit-Position: refs/heads/master@{#27876}
2015-04-16 10:39:38 +00:00
chunyang.dai
5729299752 X87: Array() in optimized code can create with wrong ElementsKind in corner cases
port 13459c1ae3 (r27857)

original commit message:

    Array() in optimized code can create with wrong ElementsKind in corner cases.

    Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
    makes a stub call that bails out due to the length. Currently, the bailout
    code a) doesn't have the allocation site, and b) wouldn't use it if it did
    because the length is perceived to be too high.

    This CL passes the allocation site to the stub call (rather than undefined),
    and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1088423002

Cr-Commit-Position: refs/heads/master@{#27875}
2015-04-16 10:38:35 +00:00
jkummerow
e39d33d3df Add missing Handle to GetOrCreatePrototypeChainValidityCell
Follow-up to 333219a745.

NOTRY=true
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1095503002

Cr-Commit-Position: refs/heads/master@{#27874}
2015-04-16 10:37:23 +00:00
chunyang.dai
e481c91b64 X87: VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
port 776770c0e4 (r27827).

original commit message:

  This needs "Pass load ic state through the Oracle"
  (https://codereview.chromium.org/1083933002/) to land first.

BUG=

Review URL: https://codereview.chromium.org/1093433004

Cr-Commit-Position: refs/heads/master@{#27873}
2015-04-16 10:02:41 +00:00
jkummerow
333219a745 Enable Cell-based prototype chain checks
Review URL: https://codereview.chromium.org/1070253004

Cr-Commit-Position: refs/heads/master@{#27872}
2015-04-16 09:31:54 +00:00
hpayer
bbd222f882 Revert of Experiment: reduce heap growing factor to investigate OOM impact. (patchset id:60001 of https://codereview.chromium.org/1060533003/)
Reason for revert:
Experiment done.

Original issue's description:
> Experiment: reduce heap growing factor to investigate OOM impact.
>
> This CL will be reverted after getting sufficient data.
> BUG=
>
> Committed: https://crrev.com/8b737395c8fcde35cbfbed6607f767ed48eefc5b
> Cr-Commit-Position: refs/heads/master@{#27804}

TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1085353003

Cr-Commit-Position: refs/heads/master@{#27871}
2015-04-16 09:06:40 +00:00
titzer
addb10633c [turbofan] Clean up cached nodes in JSGraph.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1080023002

Cr-Commit-Position: refs/heads/master@{#27870}
2015-04-16 08:41:34 +00:00
ulan
aae2c01740 Use atomic operation to read the length of a fixed array.
This fixes a race where
- mutator changes the fixed array length by trimming it,
- sweeper thread reads the length of the fixed array.

Also rename FROM_GC and FROM_MUTATOR to be more precise.

BUG=chromium:462908
LOG=NO

Review URL: https://codereview.chromium.org/1034163002

Cr-Commit-Position: refs/heads/master@{#27869}
2015-04-16 08:39:12 +00:00
ulan
63c6f7da34 Avoid evacuation of popular pages.
This breaks the (evacuation -> slots buffer overflow -> abort -> new GC -> evacuation) cycle for popular pages.

BUG=

Review URL: https://codereview.chromium.org/1037433002

Cr-Commit-Position: refs/heads/master@{#27868}
2015-04-16 08:34:03 +00:00
bmeurer
c66a2f7b46 Revert of [x64] Use xorl to materialize smi zero. (patchset id:1 of https://codereview.chromium.org/1085153002/)
Reason for revert:
Seems to cause performance regressions.

Original issue's description:
> [x64] Use xorl to materialize smi zero.
>
> Before we always loaded smi zero via a movabs with a 64-bit immediate,
> which is pretty expensive compared to the xorl.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/f236777bfe6e080ff1ead6baf847cc9b6bb4f9cb
> Cr-Commit-Position: refs/heads/master@{#27829}

TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:477592
LOG=n

Review URL: https://codereview.chromium.org/1059543004

Cr-Commit-Position: refs/heads/master@{#27867}
2015-04-16 08:31:17 +00:00
dcarney
f89bea1e17 fix visiting of phantom handles that should be retained
BUG=

Review URL: https://codereview.chromium.org/1094473002

Cr-Commit-Position: refs/heads/master@{#27866}
2015-04-16 08:30:18 +00:00
yangguo
2e0cf57804 Fix signed/unsigned compare in messages.cc
R=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1089363002

Cr-Commit-Position: refs/heads/master@{#27865}
2015-04-16 07:59:32 +00:00
yangguo
a5ac029058 Start migrating error message templates to the runtime.
Currently done with two templates, one used from native js, one from runtime.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1087633005

Cr-Commit-Position: refs/heads/master@{#27864}
2015-04-16 07:01:16 +00:00
bmeurer
0e703bd34c [turbofan] Typed lowering requires typed nodes.
There's no point in checking whether a node is typed in JSTypedLowering.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1086303002

Cr-Commit-Position: refs/heads/master@{#27863}
2015-04-16 06:39:43 +00:00
bmeurer
d641cc457c [turbofan] Split ControlEquivalence implementation and add trace flag.
Split interface and implementation of ControlEquivalence and add a
dedicated trace flag --trace-turbo-ceq to make it reusable outside the
scheduler.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1056093005

Cr-Commit-Position: refs/heads/master@{#27862}
2015-04-16 06:04:36 +00:00
Benedikt Meurer
4d3370149d [turbofan] Make js-typed-lowering.h self contained.
TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1091723002

Cr-Commit-Position: refs/heads/master@{#27861}
2015-04-16 06:00:59 +00:00
adamk
b054ff4620 Revert "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
This reverts commit 8c98cc074e
because it causes flaky failures in the dromaeo.jslibeventprototype
benchmark on Linux/Windows and consistent failures on Android.

Also reverts the followup "Remove kForInStatementIsNotFastCase bailout reason"
(commit ba24e67696) to avoid breaking the build.

BUG=chromium:476592
TBR=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1066663005

Cr-Commit-Position: refs/heads/master@{#27859}
2015-04-15 21:28:22 +00:00
wingo
53ddccfc33 Fix FormalParameterErrorLocations member names
R=arv@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1083953002

Cr-Commit-Position: refs/heads/master@{#27858}
2015-04-15 21:08:11 +00:00
mvstanton
13459c1ae3 Array() in optimized code can create with wrong ElementsKind in corner cases.
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.

This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1086873003

Cr-Commit-Position: refs/heads/master@{#27857}
2015-04-15 21:02:13 +00:00
machenbach
c85b22486a Revert of Simplify DoParseProgram (patchset id:20001 of https://codereview.chromium.org/1058363003/)
Reason for revert:
[Sheriff] Changes some layout tests on all platforms, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2032/builds/2543

Original issue's description:
> Simplify DoParseProgram
>
> DoParseProgram doesn't appear to need to receive toplevel scopes as
> arguments; it can properly set the end_position of the scopes to the
> scanner's position after parsing is complete.
>
> R=marja@chromium.org
> BUG=
> LOG=N
>
> Committed: https://crrev.com/8da9252f61d3c499a78b0b94299c314b2eb0b0c8
> Cr-Commit-Position: refs/heads/master@{#27847}

TBR=marja@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1089623002

Cr-Commit-Position: refs/heads/master@{#27856}
2015-04-15 17:20:21 +00:00
arv
79be74364a Fix issues with name and length on poison pill function
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.

BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1061393002

Cr-Commit-Position: refs/heads/master@{#27855}
2015-04-15 17:15:26 +00:00
scottmg
df087b23ed Make BitsetType enum uint32_t to avoid narrowing warnings
enum defaults to signed on win, and kTagged has 1<<31 causing
warning.

Full errors:

d:\src\cr3\src\v8\src\types.cc(1259): error C2220: warning treated as error - no 'object' file generated
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1355): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::BoundariesArray[]'
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1359): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::BoundariesArray[]'

LOG=N
R=jochen@chromium.org
BUG=440500

Review URL: https://codereview.chromium.org/1055933004

Cr-Commit-Position: refs/heads/master@{#27854}
2015-04-15 16:31:33 +00:00
scottmg
961e61b012 Remove operator delete on VS2015 to avoid compiler bug
LOG=N
R=jochen@chromium.org
BUG=chromium:440500

Review URL: https://codereview.chromium.org/1084763002

Cr-Commit-Position: refs/heads/master@{#27853}
2015-04-15 16:23:24 +00:00
erikcorry
e0be05036f Reduce regexp compiler stack size when not optimizing regexps
R=jkummerow@chromium.org
BUG=chromium:475705
LOG=y

Review URL: https://codereview.chromium.org/1082763002

Cr-Commit-Position: refs/heads/master@{#27851}
2015-04-15 15:15:52 +00:00
mbrandy
ccc7952e3b PPC: VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
Port c8e4d57d3b

Original commit message:
They are content with a dummy vector, as MISSES won't result in
changing the real vector/slot at all.

R=mvstanton@chromium.org, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1085913003

Cr-Commit-Position: refs/heads/master@{#27850}
2015-04-15 14:43:55 +00:00
mbrandy
0dc5fd7080 PPC: Use Cells to check prototype chain validity (disabled by default).
Port 0179ec5797

Original commit message:
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.

R=michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1091563002

Cr-Commit-Position: refs/heads/master@{#27849}
2015-04-15 14:39:48 +00:00
jkummerow
e02807ee8a Fix a few potential integer negation overflows
AFAICT none of these can actually be triggered currently; but it's still good to harden the code a little.

Review URL: https://codereview.chromium.org/1058533007

Cr-Commit-Position: refs/heads/master@{#27848}
2015-04-15 13:55:21 +00:00
wingo
8da9252f61 Simplify DoParseProgram
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.

R=marja@chromium.org
BUG=
LOG=N

Review URL: https://codereview.chromium.org/1058363003

Cr-Commit-Position: refs/heads/master@{#27847}
2015-04-15 13:42:20 +00:00
mstarzinger
b807d112d7 [turbofan] Fix ForInStatement that deopts during filter.
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.

R=jarin@chromium.org
TEST=mjsunit/for-in-opt

Review URL: https://codereview.chromium.org/1086083002

Cr-Commit-Position: refs/heads/master@{#27846}
2015-04-15 13:12:05 +00:00
jkummerow
0179ec5797 Use Cells to check prototype chain validity (disabled by default).
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.

Review URL: https://codereview.chromium.org/908213002

Cr-Commit-Position: refs/heads/master@{#27845}
2015-04-15 12:53:24 +00:00
mvstanton
a2481f8dd9 VectorICs: recent changes broke cases with --novector-ics
Ensure that we protect turning off the vector ics flag.

BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1087213002

Cr-Commit-Position: refs/heads/master@{#27844}
2015-04-15 12:49:51 +00:00
mstarzinger
969475b604 [crankshaft] Add missing source position for calls.
R=verwaest@chromium.org
TEST=cctest/test-api
BUG=v8:3995
LOG=N

Review URL: https://codereview.chromium.org/1058553004

Cr-Commit-Position: refs/heads/master@{#27843}
2015-04-15 12:48:48 +00:00
dcarney
00aec79079 [turbofan] cleanup ParallelMove
- make ParallelMove into a ZoneVector, removing an annoying level of indirection
- make MoveOperands hold InstructionOperands instead of pointers, so there's no more operand aliasing for moves
- opens up possibility of storing MachineType in allocated operands

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1081373002

Cr-Commit-Position: refs/heads/master@{#27842}
2015-04-15 12:36:27 +00:00
ulan
3a814e4c1a Make climit and jslimit stack limits atomic.
This fixes TSAN failure caused by race between:
 - optimizing compiler thread setting climit
 - and json parser reading climit in the main thread.

BUG=

Review URL: https://codereview.chromium.org/1031223004

Cr-Commit-Position: refs/heads/master@{#27840}
2015-04-15 11:37:03 +00:00
yangguo
dd06f905cb Reland "Wrap typed array implementations in functions."
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1090563002

Cr-Commit-Position: refs/heads/master@{#27839}
2015-04-15 10:36:19 +00:00
ulan
68a7773e0f Correctly handle clearing of deprecated field types.
BUG=v8:4027
LOG=NO

Review URL: https://codereview.chromium.org/1086063003

Cr-Commit-Position: refs/heads/master@{#27837}
2015-04-15 09:55:33 +00:00
danno
80e0d42bb2 [turbofan] Add schedule to visualizer output
Review URL: https://codereview.chromium.org/985023002

Cr-Commit-Position: refs/heads/master@{#27836}
2015-04-15 09:33:18 +00:00
machenbach
301151545e Revert of Force full GCwhenever CollectAllGarbage is meant to trigger a full GC. (patchset id:60001 of https://codereview.chromium.org/1082973003/)
Reason for revert:
[Sheriff] Breaks http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3348 and maybe leads to timeouts/crashes on layout test bots:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064/builds/3002

Original issue's description:
> Force full GC whenever CollectAllGarbage is meant to trigger a full GC.
>
> Add a finalize incremental marking mode for CollectAllGarbage to finalize incremental marking when incremental marking is in progress, but we want a full gc at a given CollectAllGarbage call site.
>
> Default mode for CollectAllGarbage is finalize incremental marking and perform a full GC.
>
> BUG=
>
> Committed: https://crrev.com/9c105f0940ba757364ac18fcdf649815ec5ab2d1
> Cr-Commit-Position: refs/heads/master@{#27831}

TBR=ulan@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1088083002

Cr-Commit-Position: refs/heads/master@{#27834}
2015-04-15 09:07:21 +00:00
jochen
47cca4684e Remove support for specifying the number of available threads
The embedder can control how many threads it wants to use via the
v8::Platform implementation. V8 internally doesn't spin up threads
anymore. If the embedder doesn't want to use any threads at all, it's
v8::Platform implementation must either run the background jobs on
the foreground thread, or the embedder should specify --predictable

BUG=none
R=yangguo@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1064723005

Cr-Commit-Position: refs/heads/master@{#27833}
2015-04-15 07:15:43 +00:00
jochen
ac23150fd2 When converting Maybe and MaybeLocal values with a check, always check
An embedder that wants to avoid the check should use MaybeLocal::ToLocal.

BUG=none
R=dcarney@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1083943002

Cr-Commit-Position: refs/heads/master@{#27832}
2015-04-15 07:11:50 +00:00
hpayer
9c105f0940 Force full GC whenever CollectAllGarbage is meant to trigger a full GC.
Add a finalize incremental marking mode for CollectAllGarbage to finalize incremental marking when incremental marking is in progress, but we want a full gc at a given CollectAllGarbage call site.

Default mode for CollectAllGarbage is finalize incremental marking and perform a full GC.

BUG=

Review URL: https://codereview.chromium.org/1082973003

Cr-Commit-Position: refs/heads/master@{#27831}
2015-04-15 07:10:39 +00:00
svenpanne
83bc009d46 Added Donald Stence to PPC owners.
Review URL: https://codereview.chromium.org/1065443004

Cr-Commit-Position: refs/heads/master@{#27830}
2015-04-15 07:00:11 +00:00
bmeurer
f236777bfe [x64] Use xorl to materialize smi zero.
Before we always loaded smi zero via a movabs with a 64-bit immediate,
which is pretty expensive compared to the xorl.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1085153002

Cr-Commit-Position: refs/heads/master@{#27829}
2015-04-15 06:13:40 +00:00
mvstanton
776770c0e4 VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
This needs "Pass load ic state through the Oracle"
(https://codereview.chromium.org/1083933002/) to land first.

BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/1083083002

Cr-Commit-Position: refs/heads/master@{#27827}
2015-04-15 02:35:34 +00:00
mvstanton
4598f1d376 Pass load ic state through the Oracle.
We'd like to know in optimized code with more precision what feedback
state was achieved for a load.

R=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1083933002

Cr-Commit-Position: refs/heads/master@{#27826}
2015-04-15 01:24:35 +00:00
paul.lind
592c0fe7b6 MIPS: [turbofan] Load immortal heap objects from the heap roots.
Port 5d2de78a77

BUG=

Review URL: https://codereview.chromium.org/1085693003

Cr-Commit-Position: refs/heads/master@{#27825}
2015-04-14 16:39:48 +00:00
wingo
71d3213a3f Allow eval/arguments in arrow functions
R=arv@chromium.org, adamk@chromium.org, marja@chromium.org
BUG=v8:4020
LOG=N

Review URL: https://codereview.chromium.org/1061983004

Cr-Commit-Position: refs/heads/master@{#27824}
2015-04-14 15:37:18 +00:00
mbrandy
8ad33d6db6 PPC: [turbofan] Load immortal heap objects from the heap roots.
Port 5d2de78a77

Original commit message:
It's cheaper to materialize heap constants by loading from the roots
array instead of embedding the constant into the instruction stream, at
least on x64, arm and arm64.

Drive-by-fix: Also cleanup the materialize constant from frame
optimization.

R=michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1075303003

Cr-Commit-Position: refs/heads/master@{#27823}
2015-04-14 15:17:26 +00:00
jkummerow
3eb277f270 %GetOptimizationStatus(): Unconditionally return a sentinel when --always-opt is present
Review URL: https://codereview.chromium.org/1086923002

Cr-Commit-Position: refs/heads/master@{#27822}
2015-04-14 14:57:48 +00:00
jochen
e683048416 Reland "Remove support for thread-based recompilation"
Original issue's description:
> Remove support for thread-based recompilation
>
> BUG=v8:3608
> R=yangguo@chromium.org
> LOG=y
>
> Committed: https://crrev.com/ed5db223a19dfe126af01
> Cr-Commit-Position: refs/heads/master@{#27619}

BUG=v8:3608
R=yangguo@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1087763003

Cr-Commit-Position: refs/heads/master@{#27821}
2015-04-14 13:57:29 +00:00
jarin
31994391ab Insert a filler at the new space top even if the top is at the limit.
BUG=chromium:470390
R=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1066653003

Cr-Commit-Position: refs/heads/master@{#27819}
2015-04-14 13:42:25 +00:00
bmeurer
5d2de78a77 [turbofan] Load immortal heap objects from the heap roots.
It's cheaper to materialize heap constants by loading from the roots
array instead of embedding the constant into the instruction stream, at
least on x64, arm and arm64.

Drive-by-fix: Also cleanup the materialize constant from frame
optimization.

R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/1088913002

Cr-Commit-Position: refs/heads/master@{#27818}
2015-04-14 12:50:37 +00:00
mvstanton
2ebb794b4f VectorICs: recreate feedback vector if scoping changes on recompile.
BUG=476488
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1080253003

Cr-Commit-Position: refs/heads/master@{#27817}
2015-04-14 12:31:31 +00:00
jochen
cf663c487f Revert of Reland "Remove support for thread-based recompilation" (patchset id:1 of https://codereview.chromium.org/1059853004/)
Reason for revert:
still times out

Original issue's description:
> Reland "Remove support for thread-based recompilation"
>
> Original issue's description:
> > Remove support for thread-based recompilation
> >
> > BUG=v8:3608
> > R=yangguo@chromium.org
> > LOG=y
> >
> > Committed: https://crrev.com/ed5db223a19dfe126af012e894582251aa3635d7
> > Cr-Commit-Position: refs/heads/master@{#27619}
>
> BUG=v8:3608
> R=yangguo@chromium.org
> LOG=y
>
> Committed: https://crrev.com/f1ceccb8b8b352a91e6366e3e3103f1db0df6afb
> Cr-Commit-Position: refs/heads/master@{#27813}

TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3608

Review URL: https://codereview.chromium.org/1082183003

Cr-Commit-Position: refs/heads/master@{#27816}
2015-04-14 12:29:26 +00:00
yangguo
2c01bd34b0 Fix Math.log10 implementation for 1 - Number.EPSILON.
R=svenpanne@chromium.org
BUG=v8:4025
LOG=N

Review URL: https://codereview.chromium.org/1084853002

Cr-Commit-Position: refs/heads/master@{#27815}
2015-04-14 11:56:02 +00:00
jochen
835eeafe32 Revert "Remove early bail-out in VisitWeakList to investigate chrasher."
>  BUG=468601
>  LOG=n
>
>  Review URL: https://codereview.chromium.org/1016353002
>
>  Cr-Commit-Position: refs/heads/master@{#27317}

R=hpayer@chromium.org
BUG=v8:3996,chromium:468601
LOG=n

Review URL: https://codereview.chromium.org/1080303002

Cr-Commit-Position: refs/heads/master@{#27814}
2015-04-14 10:55:16 +00:00
jochen
f1ceccb8b8 Reland "Remove support for thread-based recompilation"
Original issue's description:
> Remove support for thread-based recompilation
>
> BUG=v8:3608
> R=yangguo@chromium.org
> LOG=y
>
> Committed: https://crrev.com/ed5db223a19dfe126af012e894582251aa3635d7
> Cr-Commit-Position: refs/heads/master@{#27619}

BUG=v8:3608
R=yangguo@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1059853004

Cr-Commit-Position: refs/heads/master@{#27813}
2015-04-14 10:26:41 +00:00
jochen
05ed6cb6b9 Put newly allocated buffers at the right end of the buffers list
If a major gc happens between allocation and initialization of the
buffer, it might be already in old space. Since we need the list of
buffers to be sorted from new to old, we keep track of the last buffer
and put old buffers to the end

BUG=chromium:476032
R=hpayer@chromium.org,dslomov@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1079923003

Cr-Commit-Position: refs/heads/master@{#27811}
2015-04-14 09:26:10 +00:00
yangguo
0a9aa17476 Revert of Revert of Revert of Wrap typed array implementations in functions. (patchset id:1 of https://codereview.chromium.org/1083013002/)
Reason for revert:
Seems to still break those tests.

Original issue's description:
> Revert of Revert of Wrap typed array implementations in functions. (patchset  id:1 of https://codereview.chromium.org/1086683002/)
>
> Reason for revert:
> I don't think this is the cause.
>
> Original issue's description:
> > Revert of Wrap typed array implementations in functions. (patchset  id:1 of https://codereview.chromium.org/1082703003/)
> >
> > Reason for revert:
> > [Sheriff] Flaky nosnap failures:
> > http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug%20-%201/builds/1720
> > http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3312
> > http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3313
> >
> > Original issue's description:
> > > Wrap typed array implementations in functions.
> > >
> > > R=mvstanton@chromium.org
> > >
> > > Committed: https://crrev.com/6fc394a15614b74776f9bbeeb0486f430bdc8597
> > > Cr-Commit-Position: refs/heads/master@{#27784}
> >
> > TBR=mvstanton@chromium.org,yangguo@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> >
> > Committed: https://crrev.com/8e3fa7adf20f4f9c9125076a878d601eee7c9f35
> > Cr-Commit-Position: refs/heads/master@{#27789}
>
> TBR=mvstanton@chromium.org,machenbach@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/d7fe3b83f5dfa997f0c8a29436a22b999dc49a76
> Cr-Commit-Position: refs/heads/master@{#27803}

TBR=mvstanton@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1088863002

Cr-Commit-Position: refs/heads/master@{#27810}
2015-04-14 09:24:28 +00:00
dslomov
219f4a9eb4 Avoid modifying the real context chain for debug evaluation.
Instead of modifying a context chain and then modifying it back, causing
potential mismatches, we clone the inner context chain and evaluate
the expression in this cloned context. We then copy all local variable
values back if needed.

R=yangguo@chromium.org,yurys@chromium.org

Review URL: https://codereview.chromium.org/1088503003

Cr-Commit-Position: refs/heads/master@{#27809}
2015-04-14 09:07:55 +00:00
dcarney
2299f57fd3 [turbofan] Get rid of SourcePositionInstruction.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1060373006

Cr-Commit-Position: refs/heads/master@{#27808}
2015-04-14 08:08:28 +00:00
dcarney
f7ace77427 fix variable shadowing
BUG=427616
LOG=N

Review URL: https://codereview.chromium.org/1087533002

Cr-Commit-Position: refs/heads/master@{#27805}
2015-04-14 07:11:38 +00:00
hpayer
8b737395c8 Experiment: reduce heap growing factor to investigate OOM impact.
This CL will be reverted after getting sufficient data.
BUG=

Review URL: https://codereview.chromium.org/1060533003

Cr-Commit-Position: refs/heads/master@{#27804}
2015-04-14 06:58:36 +00:00
yangguo
d7fe3b83f5 Revert of Revert of Wrap typed array implementations in functions. (patchset id:1 of https://codereview.chromium.org/1086683002/)
Reason for revert:
I don't think this is the cause.

Original issue's description:
> Revert of Wrap typed array implementations in functions. (patchset  id:1 of https://codereview.chromium.org/1082703003/)
>
> Reason for revert:
> [Sheriff] Flaky nosnap failures:
> http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug%20-%201/builds/1720
> http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3312
> http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3313
>
> Original issue's description:
> > Wrap typed array implementations in functions.
> >
> > R=mvstanton@chromium.org
> >
> > Committed: https://crrev.com/6fc394a15614b74776f9bbeeb0486f430bdc8597
> > Cr-Commit-Position: refs/heads/master@{#27784}
>
> TBR=mvstanton@chromium.org,yangguo@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/8e3fa7adf20f4f9c9125076a878d601eee7c9f35
> Cr-Commit-Position: refs/heads/master@{#27789}

TBR=mvstanton@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1083013002

Cr-Commit-Position: refs/heads/master@{#27803}
2015-04-14 05:58:21 +00:00
chunyang.dai
2b16f54d94 X87: Remove unnecessary options from HTailCallThroughMegamorphicCache.
port e0844a24d3 (r27793).

original commit message:

   These options were added for a hydrogen code stub version of
the VectorIC dispatcher, which was discontinued.

BUG=

Review URL: https://codereview.chromium.org/1087573003

Cr-Commit-Position: refs/heads/master@{#27802}
2015-04-14 05:53:19 +00:00
chunyang.dai
fc6e623425 X87: Change near jump to far jump to fix the jump distance check error.
The assembler code generated by the DeoptimizeIf(...) function under X87 is larger
  and the  distance between the link point and the bind point which has two DeoptimizeIf()
  is larger then near link distance (127) for labels.

BUG=

Review URL: https://codereview.chromium.org/1065893003

Cr-Commit-Position: refs/heads/master@{#27801}
2015-04-14 02:09:10 +00:00
paul.lind
d30ea0ee1d MIPS: Split TemplateHashMapImpl::Lookup into two methods.
Port 5277c41044.

BUG=

Review URL: https://codereview.chromium.org/1084723003

Cr-Commit-Position: refs/heads/master@{#27800}
2015-04-14 00:17:04 +00:00
adamk
5277c41044 Split TemplateHashMapImpl::Lookup into two methods
This avoids both a mysterious boolean argument ("insert") and lets
non-mutating lookups skip passing an allocator (in one such case,
we were passing a scary-looking ZoneAllocationPolicy(NULL)!).

Review URL: https://codereview.chromium.org/1074943002

Cr-Commit-Position: refs/heads/master@{#27799}
2015-04-13 19:01:15 +00:00
arv
186dd69b3a [es6] Fix length property of collection constructors
{Map, Set, WeakMap, WeakSet}.length should be 0.

BUG=v8:4021
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1073233002

Cr-Commit-Position: refs/heads/master@{#27798}
2015-04-13 18:59:39 +00:00
mbrandy
3118df2362 PPC: Remove unnecessary options from HTailCallThroughMegamorphicCache
Port e0844a24d3

Original commit message:
These options were added for a hydrogen code stub version of
the VectorIC dispatcher, which was discontinued.

R=mvstanton@chromium.org, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1088573002

Cr-Commit-Position: refs/heads/master@{#27797}
2015-04-13 18:44:43 +00:00
conradw
c983689d39 [strong] Implement static restrictions on direct eval
Does not entirely disallow the use of 'eval' as an identifier in strong mode,
as originally proposed.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1059273004

Cr-Commit-Position: refs/heads/master@{#27796}
2015-04-13 17:25:15 +00:00
verwaest
434b456b51 Fix indirect push
BUG=chromium:388665
LOG=n

Review URL: https://codereview.chromium.org/1087463003

Cr-Commit-Position: refs/heads/master@{#27795}
2015-04-13 16:25:33 +00:00
mbrandy
c7f40ce738 PPC: Fix NaN Canonicalization.
Use fsub rather than fadd to avoid stripping the sign from minus zero.

Fixes mjsunit/result-table-min and mjsunit/result-table-max test failures.

R=michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1084583003

Cr-Commit-Position: refs/heads/master@{#27794}
2015-04-13 16:24:24 +00:00
mvstanton
e0844a24d3 Remove unnecessary options from HTailCallThroughMegamorphicCache
These options were added for a hydrogen code stub version of
the VectorIC dispatcher, which was discontinued.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1081883002

Cr-Commit-Position: refs/heads/master@{#27793}
2015-04-13 16:23:23 +00:00
titzer
069e6b2f5f [turbofan] Optimize loads of global constants in JSTypedLowering.
R=mstarzinger@chromium.org,verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1077343002

Cr-Commit-Position: refs/heads/master@{#27792}
2015-04-13 16:22:05 +00:00
arv
0e539d1ca9 Revert "ES6: Number and Boolean prototype should be ordinary objects"
This reverts commit e965a1f84a.

The reason is that it breaks jsfiddle.com

BUG=476437, v8:4001
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1086673002

Cr-Commit-Position: refs/heads/master@{#27791}
2015-04-13 16:21:00 +00:00
machenbach
dc65e62abd Revert of VectorICs: megamorphic keyed loads in crankshaft don't need a vector. (patchset id:40001 of https://codereview.chromium.org/1067573003/)
Reason for revert:
[Sheriff] Speculative revert for windows failure... will reland if it doesn't help:
http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug%20-%202/builds/2891

Original issue's description:
> VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
>
> They are content with a dummy vector, as MISSES won't result in
> changing the real vector/slot at all.
>
> BUG=
>
> Committed: https://crrev.com/c8e4d57d3b3036a05902f5b916cb5d853a57393c
> Cr-Commit-Position: refs/heads/master@{#27788}

TBR=dcarney@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1060263003

Cr-Commit-Position: refs/heads/master@{#27790}
2015-04-13 16:19:29 +00:00
machenbach
8e3fa7adf2 Revert of Wrap typed array implementations in functions. (patchset id:1 of https://codereview.chromium.org/1082703003/)
Reason for revert:
[Sheriff] Flaky nosnap failures:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug%20-%201/builds/1720
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3312
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3313

Original issue's description:
> Wrap typed array implementations in functions.
>
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/6fc394a15614b74776f9bbeeb0486f430bdc8597
> Cr-Commit-Position: refs/heads/master@{#27784}

TBR=mvstanton@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1086683002

Cr-Commit-Position: refs/heads/master@{#27789}
2015-04-13 15:39:46 +00:00
mvstanton
c8e4d57d3b VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
They are content with a dummy vector, as MISSES won't result in
changing the real vector/slot at all.

BUG=

Review URL: https://codereview.chromium.org/1067573003

Cr-Commit-Position: refs/heads/master@{#27788}
2015-04-13 13:50:26 +00:00
dcarney
ffe290fe2a [turbofan] remove register operand cache
BUG=

Review URL: https://codereview.chromium.org/1085623002

Cr-Commit-Position: refs/heads/master@{#27787}
2015-04-13 13:48:07 +00:00
dcarney
b0f3074b36 collect phantom handle data before it gets overwritten
R=jochen@chromium.org, hpayer@chromium.org, erikcorry@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1064713005

Cr-Commit-Position: refs/heads/master@{#27786}
2015-04-13 13:15:17 +00:00
dcarney
97499e3334 [turbofan] cleanup PointerMap
rename to ReferenceMap
use ZoneVector for storage
drop dead code

BUG=

Review URL: https://codereview.chromium.org/1081053002

Cr-Commit-Position: refs/heads/master@{#27785}
2015-04-13 12:45:50 +00:00
yangguo
6fc394a156 Wrap typed array implementations in functions.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1082703003

Cr-Commit-Position: refs/heads/master@{#27784}
2015-04-13 12:22:05 +00:00
verwaest
ba24e67696 Remove kForInStatementIsNotFastCase bailout reason
BUG=

Review URL: https://codereview.chromium.org/1081803002

Cr-Commit-Position: refs/heads/master@{#27783}
2015-04-13 11:37:10 +00:00
jochen
ada32ae636 Expose ArrayBufferView::HasBuffer
This allows the embedder to decide whether it's worthwhile to copy the
contents to avoid materializing a buffer.

BUG=v8:3996
R=dslomov@chromium.org,kbr@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1084513002

Cr-Commit-Position: refs/heads/master@{#27782}
2015-04-13 11:27:58 +00:00
vegorov
021f738127 Treat HArgumentsObject as a safe use during Uint32 analysis phase.
Deoptimization infrastructure already handles it correctly.

This change fixes repetitive deoptimizations in the code like this:

    var u32 = new Uint32Array(1);
    u32[0] = -1;

    function tr(x) { return x|0; }
    function ld() { return tr(u32[0]); }

    while (true) ld();

Currently inlined tr will contain HArgumentsObject that is considered uint32-unsafe use and prevents u32[0] from becoming uint32 load - instead a speculative int32 load is generated which just deopts.

BUG=

Review URL: https://codereview.chromium.org/1077113002

Cr-Commit-Position: refs/heads/master@{#27781}
2015-04-13 10:47:15 +00:00
wingo
0f432ebb76 Refactor formal parameter error locations into a class
This is a follow-up to https://codereview.chromium.org/1078093002.

R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1083623002

Cr-Commit-Position: refs/heads/master@{#27780}
2015-04-13 10:39:33 +00:00
ulan
2f327a5cb4 Do not inline store if field map was cleared.
BUG=v8:4023
LOG=NO

Review URL: https://codereview.chromium.org/1081033004

Cr-Commit-Position: refs/heads/master@{#27779}
2015-04-13 09:43:52 +00:00
chunyang.dai
d93a0029dc X87: Reland "Merge cellspace into old pointer space".
port 4bd9bdbb28 (r27751)

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1051323003

Cr-Commit-Position: refs/heads/master@{#27778}
2015-04-13 09:36:00 +00:00
chunyang.dai
13b722b666 X87: [es6] implement spread calls
port 74c381221c (r27714)

original commit message:

  [es6] implement spread calls

BUG=

Review URL: https://codereview.chromium.org/1085533002

Cr-Commit-Position: refs/heads/master@{#27777}
2015-04-13 09:32:53 +00:00
mstarzinger
10dd9ce8be Make compilers agree on source position of thrown errors.
This makes the compilers agree on the source position of a message
generated by "throw new Error()", it points to the beginning of the
throw directive.

R=titzer@chromium.org
TEST=message/regress/regress-3995
BUG=v8:3995
LOG=N

Review URL: https://codereview.chromium.org/1049703002

Cr-Commit-Position: refs/heads/master@{#27775}
2015-04-13 09:02:48 +00:00
bmeurer
e21f9ab42b [x86] Allow (v)divsd->(v)mulsd to execute in parallel.
This tweak was already present in CrankShaft for the non-AVX case. As it
turns out, it's also relevant even with AVX. Now the same optimization
is applied in case of TurboFan as well.

R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/1081033003

Cr-Commit-Position: refs/heads/master@{#27774}
2015-04-13 08:25:24 +00:00
wingo
1dbc432729 Factor formal argument parsing into ParserBase
This commit is a precursor to making lazy arrow function parsing use
similar logic to function(){} argument parsing.

R=arv@chromium.org
BUG=4020
LOG=N

Review URL: https://codereview.chromium.org/1078093002

Cr-Commit-Position: refs/heads/master@{#27773}
2015-04-13 08:07:06 +00:00
mike
0a4881600d Correct property descriptors on GeneratorPrototype
The ES6 specification does not explicitly state the attributes for the
'next' and 'throw' property descriptors, so their values are defined by
Section 17 [1]:

> Every other data property described in clauses 18 through 26 and in
> Annex B.2 has the attributes
> { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
> unless otherwise specified.

[1]
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-ecmascript-standard-built-in-objects

BUG=v8:3986
LOG=N
R=wingo,arv

Review URL: https://codereview.chromium.org/1051363003

Cr-Commit-Position: refs/heads/master@{#27770}
2015-04-11 21:14:20 +00:00
paul.lind
6e17f661c1 Revert "MIPS: Vector-ICs - speed towards the monomorphic exit as quickly as possible."
Reason for revert:
Test failures in string-index and regress-1187524.

This reverts commit b45a664f7b.

BUG=

Review URL: https://codereview.chromium.org/1050943004

Cr-Commit-Position: refs/heads/master@{#27769}
2015-04-11 15:23:22 +00:00
Weiliang Lin
38e764f7ac [x86] Introduce vandps/vandpd/vxorps/vxorpd.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1072343002

Cr-Commit-Position: refs/heads/master@{#27768}
2015-04-11 00:58:38 +00:00
caitpotter88
eef2b9b097 [es6] ship @@toStringTag
BUG=v8:3502
R=arv@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1072573002

Cr-Commit-Position: refs/heads/master@{#27767}
2015-04-11 00:51:04 +00:00
fedor
1f85559a69 api: introduce SealHandleScope
When debugging Handle leaks in io.js we found it very convenient to be
able to Seal some specific (root in our case) scope to prevent Handle
allocations in it, and easily find leakage.

R=yangguo
BUG=

Review URL: https://codereview.chromium.org/1079713002

Cr-Commit-Position: refs/heads/master@{#27766}
2015-04-10 23:17:09 +00:00
michael_dawson
18f9771db9 PPC: Always update raw pointers when handling interrupts inside RegExp code.
Fix c67cb287a9

Cannot access kStartIndex and kDirectCall parameters as ints on 64-bit BE platforms.

R=yangguo@chromium.org, mbrandy@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1074203003

Cr-Commit-Position: refs/heads/master@{#27764}
2015-04-10 21:54:40 +00:00
michael_dawson
48947af7d1 PPC: [es6] implement spread calls
Port 74c381221c

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1078253004

Cr-Commit-Position: refs/heads/master@{#27763}
2015-04-10 21:16:01 +00:00
michael_dawson
d646fcc2f0 PPC: [turbofan] Materialize JSFunction from frame if possible.
Port 725cdc533c

Original commit message:
This reduces the overhead of recursive calls when context specialization
is enabled. Based on this it might be possible to further reduce the
overhead by also specializing the call itself.

As a drive-by-fix, port the fast context materialization optimization to
arm and arm64, that was previously only supported on x64 and ia32.

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1078183002

Cr-Commit-Position: refs/heads/master@{#27762}
2015-04-10 21:02:25 +00:00
michael_dawson
3ab8a50244 PPC: Merge cellspace into old pointer space
Port 4e7163ce05

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1076263002

Cr-Commit-Position: refs/heads/master@{#27761}
2015-04-10 21:02:24 +00:00
yangguo
fc0dec31c0 Use array literals instead of array constructor in native javascript.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1065863003

Cr-Commit-Position: refs/heads/master@{#27760}
2015-04-10 20:51:38 +00:00
caitpotter88
e0681f0b83 [cleanup] delete dead code leftover from 48eff34
Few pieces leftover which are now effectively dead code and can be safely
deleted.

BUG=v8:3502
LOG=N
R=arv@chromium.org

Review URL: https://codereview.chromium.org/1052963004

Cr-Commit-Position: refs/heads/master@{#27759}
2015-04-10 18:36:06 +00:00
balazs.kilvady
b45a664f7b MIPS: Vector-ICs - speed towards the monomorphic exit as quickly as possible.
Port 35a67b745d

Original commit message:
Thanks to some careful assumptions, we can examine the object found at
vector[slot] and trust it's a heap object where the second field is
either a map if it's a WeakCell, or definitely not a map if it's a
Symbol, String or FixedArray. Use this to save a memory read.

BUG=

Review URL: https://codereview.chromium.org/1053843003

Cr-Commit-Position: refs/heads/master@{#27757}
2015-04-10 18:28:14 +00:00
conradw
3d5717a71b [strong] Implement static restrictions on binding 'undefined' in arrow functions
Implements the strong mode proposal's static restrictions on the use of the
identifier 'undefined', for arrow functions. Assumes these restrictions are
intended to be identical to the restrictions on the use of 'eval and 'arguments'
in strict mode. In addition, Location variables inconsistantly named (e.g.
dupe_error_loc vs dupe_loc) are now consistently named the shorter way.

Baseline: https://codereview.chromium.org/1070633002

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1060883004

Cr-Commit-Position: refs/heads/master@{#27756}
2015-04-10 18:27:05 +00:00
machenbach
7898475e92 Revert of Make full GC reduce memory footprint an explicit event in the idle notification handler. (patchset id:20001 of https://codereview.chromium.org/1072363002/)
Reason for revert:
[Sheriff] breaks nosnap with timeouts:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/2513
http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20nosnap%20-%20shared/builds/6220

Original issue's description:
> Make full GC reduce memory footprint an explicit event in the idle notification handler.
>
> BUG=
>
> Committed: https://crrev.com/845705aa99b6bfa8d264cfda1c3b5f1229802ab5
> Cr-Commit-Position: refs/heads/master@{#27753}

TBR=ulan@chromium.org,rmcilroy@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1081443002

Cr-Commit-Position: refs/heads/master@{#27755}
2015-04-10 18:21:43 +00:00
hpayer
845705aa99 Make full GC reduce memory footprint an explicit event in the idle notification handler.
BUG=

Review URL: https://codereview.chromium.org/1072363002

Cr-Commit-Position: refs/heads/master@{#27753}
2015-04-10 14:06:46 +00:00
wingo
fe031978cb Fix some -Werror=sign-compare errors
R=svenpanne@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/1072333002

Cr-Commit-Position: refs/heads/master@{#27752}
2015-04-10 13:59:39 +00:00
verwaest
4bd9bdbb28 Reland "Merge cellspace into old pointer space"
This fixes the arm(64) and mips(64) write barriers

BUG=

Review URL: https://codereview.chromium.org/1073133002

Cr-Commit-Position: refs/heads/master@{#27751}
2015-04-10 13:54:10 +00:00
titzer
277be506c8 Remove Type::Array bit and replace with Type::GlobalObject
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1074133002

Cr-Commit-Position: refs/heads/master@{#27749}
2015-04-10 13:29:39 +00:00
verwaest
8c98cc074e Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations
BUG=

Review URL: https://codereview.chromium.org/1075933003

Cr-Commit-Position: refs/heads/master@{#27748}
2015-04-10 13:15:31 +00:00
yangguo
7667d19eec Wrap proxy.js in a function.
Review URL: https://codereview.chromium.org/1075773003

Cr-Commit-Position: refs/heads/master@{#27746}
2015-04-10 12:32:20 +00:00
jkummerow
c1f28b6c10 Handlify Map::SetPrototype()
Review URL: https://codereview.chromium.org/1005393004

Cr-Commit-Position: refs/heads/master@{#27745}
2015-04-10 12:13:22 +00:00
conradw
8ef7159582 [strong] Implement static restrictions on binding/assignment to 'undefined'
identifier. Delete unused (and now incorrect) function IsValidStrictVariable.

Implements the strong mode proposal's static restrictions on the use of the
identifier 'undefined'. Assumes these restrictions are intended to be identical
to the restrictions on the use of 'eval' and 'arguments' in strict mode. The
AllowEvalOrArgumentsAsIdentifier enum has been renamed to
AllowRestrictedIdentifiers as logic involving it is now also used for this case.

BUG=v8:3956

LOG=N

Review URL: https://codereview.chromium.org/1070633002

Cr-Commit-Position: refs/heads/master@{#27744}
2015-04-10 12:04:55 +00:00
jkummerow
052924abe3 Speculative fix for stack overflow in CollectEvacuationCandidates
I don't have a repro, but it seems that when we are close to the stack limit,
CollectEvacuationCandidates' local variables can blow the limit. To avoid
this, instead of always allocating a 2000-pointer-sizes array on the stack,
use a std::vector (which stores its elements on the heap), and while we're
at it, only allocate as many elements as we actually need.

Review URL: https://codereview.chromium.org/1073123002

Cr-Commit-Position: refs/heads/master@{#27742}
2015-04-10 11:24:24 +00:00
bmeurer
d8679a2350 [turbofan] JSUnaryNot and JSToBoolean have exactly 2 inputs, no need to trim.
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/1071333004

Cr-Commit-Position: refs/heads/master@{#27741}
2015-04-10 11:08:50 +00:00
akos.palfi
826a954d1d MIPS64: [es6] implement spread calls
Port 74c381221c

Patch from Paul Lind <paul.lind@imgtec.com>.

BUG=

Review URL: https://codereview.chromium.org/1075183002

Cr-Commit-Position: refs/heads/master@{#27740}
2015-04-10 10:48:26 +00:00
bmeurer
35f6c0fdbf [turbofan] Optimize silent hole checks on legacy const context slots.
Currently we always generate a diamond in the graph builder for every
legacy const context slot, which we cannot get rid of until late control
reduction, even if we know after context specialization that the slot is
already initialized.

Now we generate a select instead, which the CommonOperatorReducer
happily removes during typed lowering. This greatly speeds up asm.js
code generated by Emscripten with the new POINTER_MASKING mode.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1072353002

Cr-Commit-Position: refs/heads/master@{#27739}
2015-04-10 10:28:12 +00:00
jochen
f56fb72f98 Special case the "empty string" root so it doesn't constantly jump around
BUG=none
R=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1075133002

Cr-Commit-Position: refs/heads/master@{#27736}
2015-04-10 09:23:44 +00:00
Yang Guo
8d4bae91c9 Make mksnapshot stats unambiguous for easier parsing.
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1073083002

Cr-Commit-Position: refs/heads/master@{#27735}
2015-04-10 08:47:56 +00:00
jochen
335254608c Add CHECKs that the array buffers list is always sorted new to old
BUG=none
R=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1078623004

Cr-Commit-Position: refs/heads/master@{#27734}
2015-04-10 08:40:07 +00:00
mstarzinger
7196ea72c8 [crankshaft] Fix interceptor shadowing constant global property.
This makes sure Crankshaft respects interceptors in the global object
even when they shadow a constant global property.

R=verwaest@chromium.org
TEST=cctest/test-api-interceptors/PrePropertyHandler

Review URL: https://codereview.chromium.org/1070803002

Cr-Commit-Position: refs/heads/master@{#27733}
2015-04-10 08:30:44 +00:00
mvstanton
69c434e3dd MIPS port for implement spread calls
R=svenpanne@chromium.org
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1073983004

Cr-Commit-Position: refs/heads/master@{#27732}
2015-04-10 07:47:02 +00:00
bmeurer
4eff883bce [x86] Support immediate indices for StoreWriteBarrier.
Ideally we would not need the StoreWriteBarrier instructions at all,
but represent the RecordWrite functionality as machine subgraph, but
that'll take some time to get there. In the mean time we can have a
shorter instruction sequence on Intel platforms by recognizing immediate
indices here.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1075103002

Cr-Commit-Position: refs/heads/master@{#27731}
2015-04-10 06:16:28 +00:00
caitpotter88
9836c34dba [es6] do not add caller/arguments to ES6 function definitions
BUG=v8:3946, v8:3982
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
LOG=N
R=arv@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1027283004

Cr-Commit-Position: refs/heads/master@{#27729}
2015-04-09 22:40:28 +00:00
michael_dawson
806e57f401 PPC: Vector-ICs - speed towards the monomorphic exit as quickly as possible.
Port 35a67b745d

Original commit message:
Thanks to some careful assumptions, we can examine the object found at
vector[slot] and trust it's a heap object where the second field is
either a map if it's a WeakCell, or definitely not a map if it's a
Symbol, String or FixedArray. Use this to save a memory read.

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1059133005

Cr-Commit-Position: refs/heads/master@{#27728}
2015-04-09 22:32:12 +00:00
michael_dawson
c00de38657 PPC: [turbofan] Add new Float32Abs and Float64Abs operators.
Port 9af9f1d026

Original commit message:
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1072963002

Cr-Commit-Position: refs/heads/master@{#27727}
2015-04-09 22:29:29 +00:00
michael_dawson
5110b400bf PPC: Make --always-opt also optimize top-level code.
Port 2d281e71ac

Original commit message:
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.

R=titzer@chromium.org, mstarzinger@chromium.org,mbrandy@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1052123005

Cr-Commit-Position: refs/heads/master@{#27726}
2015-04-09 22:14:33 +00:00
michael_dawson
9fc9d8bd3d PPC: Code cleanup in GenerateRecordCallTarget.
Port 6a222b8ff0

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1070333002

Cr-Commit-Position: refs/heads/master@{#27725}
2015-04-09 22:13:22 +00:00
adamk
52bbb4f609 Collect list of requested modules in ModuleDescriptor while parsing
BUG=v8:1569
LOG=n

Review URL: https://codereview.chromium.org/1078903002

Cr-Commit-Position: refs/heads/master@{#27724}
2015-04-09 22:09:47 +00:00
michael_dawson
ae475b54c9 PPC: Reland "Merge old data and pointer space."
Port 59be4ba7f4

Original commit message:
This reverts commit cbfcee5575.

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1074953002

Cr-Commit-Position: refs/heads/master@{#27723}
2015-04-09 21:45:48 +00:00
caitpotter88
48eff34c32 [es6] don't "replace" Object.prototype.toString for --harmony-tostring
When ObjectToString is installed on Object.prototype twice (once in v8natives.js, and once in harmony-tostring.js), this pollutes old code spaces on some devices. To prevent this, the function is only installed once, preventing test failures when the --harmony-tostring flag is flipped on by default.

BUG=v8:3502
LOG=N
R=arv@chromium.org

Review URL: https://codereview.chromium.org/1072083002

Cr-Commit-Position: refs/heads/master@{#27720}
2015-04-09 20:53:46 +00:00
michael_dawson
a5d71c2cac PPC: JSEntryTrampoline: check for stack space before pushing arguments
Port 146598f44a

Original commit message:
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1073893002

Cr-Commit-Position: refs/heads/master@{#27719}
2015-04-09 20:52:41 +00:00
michael_dawson
3865493a06 PPC: Match -0 - x with sign bit flip.
Optimiation similar to what is done for x86

R=mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1072173002

Cr-Commit-Position: refs/heads/master@{#27718}
2015-04-09 20:51:36 +00:00
mstarzinger
96ef78aa0b [turbofan] Fix FrameInspector when deoptimizer is disabled.
This is a workaround to make the debugger happy about TurboFan frames
when the debugger causes frame inspection. Note that this can happen
because the debugger can be activated while there still are optimized
TurboFan activations on the stack.

R=ishell@chromium.org
BUG=chromium:465298
TEST=mjsunit/regress/regress-crbug-465298
LOG=N

Review URL: https://codereview.chromium.org/1074793003

Cr-Commit-Position: refs/heads/master@{#27717}
2015-04-09 19:40:49 +00:00
arv
635b5fea98 Lexical arguments for arrow functions
Only allocate 'arguments' if the scope is not an arrow scope.

BUG=v8:2700
LOG=N
R=adamk@chromium.org, wingo@igalia.cmo

Review URL: https://codereview.chromium.org/1078483002

Cr-Commit-Position: refs/heads/master@{#27716}
2015-04-09 19:39:38 +00:00
adamk
9b09a28d5c Remove comparison operator and helper function from AstRawString interface
These comparisons are only meant to be done by AstValueFactory itself (in
its string_table_ operations), so make the Compare() function a private
member of AstValueFactory.

All other clients of AstRawStrings should compare them by pointer value.
There were only two clients which failed to abide by this rule, one
recently-added (in ModuleDescriptor) and the other in Literal::Match
(in ast.cc, added in https://code.google.com/p/v8/source/detail?r=24396).

Review URL: https://codereview.chromium.org/1069423003

Cr-Commit-Position: refs/heads/master@{#27715}
2015-04-09 19:38:34 +00:00
caitpotter88
74c381221c [es6] implement spread calls
BUG=v8:3018
R=
LOG=N

Review URL: https://codereview.chromium.org/938443002

Cr-Commit-Position: refs/heads/master@{#27714}
2015-04-09 19:37:19 +00:00
yangguo
14d46f52aa Correctly wrap uri.js into a function.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1076833002

Cr-Commit-Position: refs/heads/master@{#27712}
2015-04-09 19:34:58 +00:00
adamk
9e3e0aaa88 Revert of Merge cellspace into old pointer space (patchset id:180001 of https://codereview.chromium.org/1010803012/)
Reason for revert:
Causes test failures on ARM bots related to cells and write barriers.

Original issue's description:
> Merge cellspace into old pointer space
>
> BUG=
>
> Committed: https://crrev.com/4e7163ce05f135918205c7855ae60a48e5d46cc5
> Cr-Commit-Position: refs/heads/master@{#27707}

TBR=hpayer@chromium.org,balazs.kilvady@imgtec.com,yangguo@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1053243003

Cr-Commit-Position: refs/heads/master@{#27711}
2015-04-09 18:16:40 +00:00
dcarney
572196f6c2 [turbofan] support small immediates
R=titzer@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1075903002

Cr-Commit-Position: refs/heads/master@{#27709}
2015-04-09 14:06:24 +00:00
verwaest
4e7163ce05 Merge cellspace into old pointer space
BUG=

Review URL: https://codereview.chromium.org/1010803012

Cr-Commit-Position: refs/heads/master@{#27707}
2015-04-09 13:34:21 +00:00
yangguo
4a5de9d9e3 Eagerly escape RegExp.source.
Escaping used to happen lazily, implemented in an accessor property.
However, native implementation of RegExp methods use .source as well.
This leads to performance regressions. Now we do it eagerly instead.

R=jkummerow@chromium.org
BUG=chromium:436447
LOG=N

Review URL: https://codereview.chromium.org/1070093002

Cr-Commit-Position: refs/heads/master@{#27705}
2015-04-09 13:22:22 +00:00
erikcorry
780f33c040 Relax heap size assert during compaction
R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1078533003

Cr-Commit-Position: refs/heads/master@{#27703}
2015-04-09 12:42:28 +00:00
titzer
6e5d805718 [turbofan] Disable select matching due to bug manifesting on arm.
R=machenbach@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1077613002

Cr-Commit-Position: refs/heads/master@{#27702}
2015-04-09 12:41:18 +00:00
dcarney
5950acf29a [turbofan] Push layout descriptors to InstructionOperand subclasses.
Review URL: https://codereview.chromium.org/1070043002

Cr-Commit-Position: refs/heads/master@{#27701}
2015-04-09 11:28:58 +00:00
balazs.kilvady
8157b6c91a MIPS: [turbofan] Materialize JSFunction from frame if possible.
Port 725cdc533c

Original commit message:
This reduces the overhead of recursive calls when context specialization
is enabled. Based on this it might be possible to further reduce the
overhead by also specializing the call itself.

As a drive-by-fix, port the fast context materialization optimization to
arm and arm64, that was previously only supported on x64 and ia32.

BUG=

Review URL: https://codereview.chromium.org/1074743002

Cr-Commit-Position: refs/heads/master@{#27700}
2015-04-09 11:16:03 +00:00
dcarney
8392d9c43b [turbofan] Make AllocatedOperand an InstructionOperand::Kind.
This is preparatory work to have MachineTypes encoded in AllocatedOperands.

Review URL: https://codereview.chromium.org/1075863002

Cr-Commit-Position: refs/heads/master@{#27698}
2015-04-09 10:40:43 +00:00
Benedikt Meurer
f190a6d23d [turbofan] Add poor man's store elimination for storing to fields.
This is a very simple dead store elimination that removes StoreField
nodes which are immediately followed by other StoreField nodes that
store to the same field. Ideally there should be a fully featured store
elimination, which walks over the effect graph starting from the end,
but there are some technical difficulties to solve before we can get to
that, esp. we need to think about "effect producing" operators like
ValueEffect first. Once we have that, it is trivial to remove this temporary
poor man's store elimination.

R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/1070003002

Cr-Commit-Position: refs/heads/master@{#27697}
2015-04-09 10:29:26 +00:00
chunyang.dai
8f3b3ba6ba X87: Code cleanup in GenerateRecordCallTarget.
port 6a222b8ff0 (r27630)

original commit message:

  Code cleanup in GenerateRecordCallTarget

BUG=

Review URL: https://codereview.chromium.org/1074683003

Cr-Commit-Position: refs/heads/master@{#27694}
2015-04-09 09:31:56 +00:00
chunyang.dai
8fe72d6ff5 X87: Make --always-opt also optimize top-level code
port 2d281e71ac (r27633)

original commit message:

    Make --always-opt also optimize top-level code.

    This enables eager optimization of top-level code with TurboFan and
    extends test coverage by triggering it with the --always-opt flag.
    Script contexts are now also properly allocated in TurboFan.

BUG=

Review URL: https://codereview.chromium.org/1077523002

Cr-Commit-Position: refs/heads/master@{#27693}
2015-04-09 09:30:52 +00:00
dcarney
07ff6d9f22 [turbofan] cleanup InstructionOperand a little
- ConstantOperand was using a too-small field too store its virtual register
- drop ConvertTo, replace it with simple copy
- split AllocatedOperand off from Immediate and Constant to make assignment clearer, also paving the way for small Immediates
- put zone first in *Operand::New
- driveby: drop delayed ssa deconstruction experiment

R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1050803002

Cr-Commit-Position: refs/heads/master@{#27692}
2015-04-09 09:15:32 +00:00
mvstanton
a3dcfa2255 VectorICs - turn on vector ICs for LoadIC and KeyedLoadIC
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1075823002

Cr-Commit-Position: refs/heads/master@{#27691}
2015-04-09 09:06:06 +00:00
brucedawson
5a6247a31b Don't #define snprintf in VS2015 - it's illegal and unneeded.
VS 2015 supplies a conforming snprintf implementation, so #define
snprintf is no longer needed. Also, VS 2015 checks for #define of
snprintf and treats it as a fatal error.

LOG=Y
R=jarin@chromium.org
BUG=440500

Review URL: https://codereview.chromium.org/1078453002

Cr-Commit-Position: refs/heads/master@{#27690}
2015-04-09 09:02:58 +00:00
hpayer
ba70a7a3e1 MarkBit cleanup: They have to be accessed through Marking accessors. Avoid arbitrary abuse of mark bits and make marking explicit.
Added DCHECKs to mark bit transitions to check source state.

BUG=

Review URL: https://codereview.chromium.org/1040443002

Cr-Commit-Position: refs/heads/master@{#27689}
2015-04-09 08:55:43 +00:00
bmeurer
725cdc533c [turbofan] Materialize JSFunction from frame if possible.
This reduces the overhead of recursive calls when context specialization
is enabled. Based on this it might be possible to further reduce the
overhead by also specializing the call itself.

As a drive-by-fix, port the fast context materialization optimization to
arm and arm64, that was previously only supported on x64 and ia32.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1072743002

Cr-Commit-Position: refs/heads/master@{#27686}
2015-04-09 07:41:13 +00:00
hablich
eacb0de817 Revert of Revert of X87: Reimplement Maps and Sets in JS (patchset id:1 of https://codereview.chromium.org/1073723002/)
Reason for revert:
Revert the revert as this commit cannot be the cause for the closed tree.

Original issue's description:
> Revert of X87: Reimplement Maps and Sets in JS (patchset  id:1 of https://codereview.chromium.org/1066373002/)
>
> Reason for revert:
> Reverting as it resulted in a closed waterfall.
>
> Original issue's description:
> > X87: Reimplement Maps and Sets in JS
> >
> > port 909500aa1d (r27605)
> >
> > original commit message:
> >     Previously, the only optimized code path for Maps and Sets was for String keys.
> >     This was achieved through an implementation of various complex operations
> >     in Hydrogen. This approach was neither scalable nor forward-compatible.
> >
> >     This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
> >     in JS. The added intrinsics are:
> >
> >       %_FixedArrayGet
> >       %_FixedArraySet
> >       %_TheHole
> >       %_JSCollectionGetTable
> >       %_StringGetRawHashField
> >
> >     With these additions, as well as a few changes to what's exposed as runtime functions,
> >     most of the C++ code backing Maps and Sets is gone (including both runtime code in
> >     objects.cc and Crankshaft in hydrogen.cc).
> >
> > BUG=
> >
> > Committed: https://crrev.com/56600a35a49ffa5abcba66b14839089de3589ad9
> > Cr-Commit-Position: refs/heads/master@{#27681}
>
> TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/a0486f128109443ed07802fb463c267e53533d81
> Cr-Commit-Position: refs/heads/master@{#27682}

TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1077543002

Cr-Commit-Position: refs/heads/master@{#27685}
2015-04-09 07:11:13 +00:00
chunyang.dai
c8521794ba X87: JSEntryTrampoline: check for stack space before pushing arguments
port 146598f44a (r27614)

original commit message:

  Optimistically pushing a lot of arguments can run into the stack limit of the
  process, at least on operating systems where this limit is close to the limit
  that V8 sets for itself.

BUG=

Review URL: https://codereview.chromium.org/1069283002

Cr-Commit-Position: refs/heads/master@{#27684}
2015-04-09 06:52:02 +00:00
jing.bao
dba47f6486 [ia32] Introduce BMI instructions.
BUG=v8:4015
LOG=n

Review URL: https://codereview.chromium.org/1069683002

Cr-Commit-Position: refs/heads/master@{#27683}
2015-04-09 06:50:58 +00:00
hablich
a0486f1281 Revert of X87: Reimplement Maps and Sets in JS (patchset id:1 of https://codereview.chromium.org/1066373002/)
Reason for revert:
Reverting as it resulted in a closed waterfall.

Original issue's description:
> X87: Reimplement Maps and Sets in JS
>
> port 909500aa1d (r27605)
>
> original commit message:
>     Previously, the only optimized code path for Maps and Sets was for String keys.
>     This was achieved through an implementation of various complex operations
>     in Hydrogen. This approach was neither scalable nor forward-compatible.
>
>     This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
>     in JS. The added intrinsics are:
>
>       %_FixedArrayGet
>       %_FixedArraySet
>       %_TheHole
>       %_JSCollectionGetTable
>       %_StringGetRawHashField
>
>     With these additions, as well as a few changes to what's exposed as runtime functions,
>     most of the C++ code backing Maps and Sets is gone (including both runtime code in
>     objects.cc and Crankshaft in hydrogen.cc).
>
> BUG=
>
> Committed: https://crrev.com/56600a35a49ffa5abcba66b14839089de3589ad9
> Cr-Commit-Position: refs/heads/master@{#27681}

TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1073723002

Cr-Commit-Position: refs/heads/master@{#27682}
2015-04-09 06:49:33 +00:00
chunyang.dai
56600a35a4 X87: Reimplement Maps and Sets in JS
port 909500aa1d (r27605)

original commit message:
    Previously, the only optimized code path for Maps and Sets was for String keys.
    This was achieved through an implementation of various complex operations
    in Hydrogen. This approach was neither scalable nor forward-compatible.

    This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
    in JS. The added intrinsics are:

      %_FixedArrayGet
      %_FixedArraySet
      %_TheHole
      %_JSCollectionGetTable
      %_StringGetRawHashField

    With these additions, as well as a few changes to what's exposed as runtime functions,
    most of the C++ code backing Maps and Sets is gone (including both runtime code in
    objects.cc and Crankshaft in hydrogen.cc).

BUG=

Review URL: https://codereview.chromium.org/1066373002

Cr-Commit-Position: refs/heads/master@{#27681}
2015-04-09 02:24:13 +00:00
arv
e965a1f84a ES6: Number and Boolean prototype should be ordinary objects
BUG=v8:4001
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1051373002

Cr-Commit-Position: refs/heads/master@{#27680}
2015-04-08 21:18:40 +00:00
balazs.kilvady
8c3af6ca03 MIPS: [turbofan] Add new Float32Abs and Float64Abs operators.
Port 9af9f1d026

Original commit message:
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).

BUG=

Review URL: https://codereview.chromium.org/1073463003

Cr-Commit-Position: refs/heads/master@{#27679}
2015-04-08 19:30:11 +00:00
dusan.milosavljevic
b881bf9ca8 MIPS: Fix in-object memory slack tracking bug.
TEST=
BUG=

Review URL: https://codereview.chromium.org/1067393003

Cr-Commit-Position: refs/heads/master@{#27678}
2015-04-08 19:03:46 +00:00
caitpotter88
ab7d5f9620 [parser] report better errors for multiple ForBindings in ForIn/Of loops
Instead of "unexpected token" errors, report something meatier and more actionable.

BUG=
R=marja@chromium.org, arv@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1062263002

Cr-Commit-Position: refs/heads/master@{#27677}
2015-04-08 18:47:45 +00:00
arv
6244bbcd84 Ship ES6 computed property names
BUG=v8:3754
LOG=N
R=dslomov@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1054883003

Cr-Commit-Position: refs/heads/master@{#27676}
2015-04-08 17:49:18 +00:00
loislo
eb95406e2b CpuProfiler: public API for deopt info in cpu profiler.
BUG=chromium:452067
LOG=n

Committed: https://crrev.com/baf927ff5115ec62a6dad684b9232ed9d3960e3a
Cr-Commit-Position: refs/heads/master@{#27626}

Review URL: https://codereview.chromium.org/1045753002

Cr-Commit-Position: refs/heads/master@{#27674}
2015-04-08 16:13:31 +00:00
ulan
c4321962d9 Check mark bit of the found object in MarkCompactCollector::IsSlotInBlackObject.
BUG=

Review URL: https://codereview.chromium.org/1069763002

Cr-Commit-Position: refs/heads/master@{#27673}
2015-04-08 15:58:18 +00:00
svenpanne
d995d4bd4b [TurboFan] Fixed handling of CompareIC return type.
Although all this code might be moved around later, it's a good idea
to unhackify it now. :-)

Review URL: https://codereview.chromium.org/1067193004

Cr-Commit-Position: refs/heads/master@{#27672}
2015-04-08 15:57:14 +00:00
titzer
29450e14cf [turbofan] Reduce JSLoadProperty and JSStoreProperty of strings to JSLoadNamed and JSStoreNamed.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1038953002

Cr-Commit-Position: refs/heads/master@{#27669}
2015-04-08 13:28:06 +00:00
titzer
a511c78999 Fix maybe_string_add for adds that have no type feedback where --always-opt is on.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1071473003

Cr-Commit-Position: refs/heads/master@{#27667}
2015-04-08 13:14:30 +00:00
mstarzinger
322cfb3589 [turbofan] Add JSStackCheck into loop bodies.
This allows loopy TurboFan code to be interrupted by placing a stack
check (i.e. JSStackCheck node) into each loop. Note that we currently
limit this to non-asm.js code. Also note that stack checks are actually
placed after loop headers and not at back-branches, which allows us to
reuse existing BailoutIds from Crankshaft.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1065923002

Cr-Commit-Position: refs/heads/master@{#27666}
2015-04-08 12:55:02 +00:00
dusan.milosavljevic
87a27e42ea MIPS64: Unbreak cross build.
TEST=
BUG=

Review URL: https://codereview.chromium.org/1066403002

Cr-Commit-Position: refs/heads/master@{#27665}
2015-04-08 12:53:52 +00:00
mvstanton
ab86a050ce Revert of VectorICs: Turn on vector ICs for LOAD and KEYED_LOAD cases. (patchset id:1 of https://codereview.chromium.org/1070653002/)
Reason for revert:
ARM test failure, need to investigate.

Original issue's description:
> VectorICs: Turn on vector ICs for LOAD and KEYED_LOAD cases.
>
> R=verwaest@chromium.org
> BUG=
>
> Committed: https://crrev.com/2395eda3bb7aca938751938df76e01ac2b89b0a6
> Cr-Commit-Position: refs/heads/master@{#27657}

TBR=verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1072463002

Cr-Commit-Position: refs/heads/master@{#27664}
2015-04-08 12:52:49 +00:00
mstarzinger
d1bcfaf034 [ia32] Fix MacroAssembler::Move for int64 to float64 moves.
R=bmeurer@chromium.org
TEST=test262-es6/language/expressions/addition/S9.3_A4.1_T2

Review URL: https://codereview.chromium.org/1071543003

Cr-Commit-Position: refs/heads/master@{#27663}
2015-04-08 12:06:59 +00:00
Benedikt Meurer
9af9f1d026 [turbofan] Add new Float32Abs and Float64Abs operators.
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1066393002

Cr-Commit-Position: refs/heads/master@{#27662}
2015-04-08 11:55:04 +00:00
marja
b3287e91cc [es6] Stage unicode escapes in strings, var names etc.
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1071533002

Cr-Commit-Position: refs/heads/master@{#27660}
2015-04-08 11:16:05 +00:00
yangguo
3a4d073f1d Create result array of %DebugGetLoadedScripts outside the debug context.
R=jarin@chromium.org
BUG=chromium:474297
LOG=N

Review URL: https://codereview.chromium.org/1062143002

Cr-Commit-Position: refs/heads/master@{#27659}
2015-04-08 11:15:02 +00:00
titzer
2b59959c71 [turbofan] Match selects in control reducer (configurable).
R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1061303002

Cr-Commit-Position: refs/heads/master@{#27658}
2015-04-08 11:13:49 +00:00
mvstanton
2395eda3bb VectorICs: Turn on vector ICs for LOAD and KEYED_LOAD cases.
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1070653002

Cr-Commit-Position: refs/heads/master@{#27657}
2015-04-08 11:12:43 +00:00
yangguo
c4081d2503 Revert of Remove support for thread-based recompilation (patchset id:1 of https://codereview.chromium.org/966653002/)
Reason for revert:
speculative revert due to gc-stress timeouts.

Original issue's description:
> Remove support for thread-based recompilation
>
> BUG=v8:3608
> R=yangguo@chromium.org
> LOG=y
>
> Committed: https://crrev.com/ed5db223a19dfe126af012e894582251aa3635d7
> Cr-Commit-Position: refs/heads/master@{#27619}

TBR=jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
BUG=v8:3608
LOG=N

Review URL: https://codereview.chromium.org/1063383004

Cr-Commit-Position: refs/heads/master@{#27654}
2015-04-08 10:29:33 +00:00
svenpanne
1845541825 Make GetDebugContext a bit more robust.
Perhaps we should throw an exception and/or change our external API to
use a MaybeLocal, but that would be a bigger change. For now, we just
return undefined when something goes wrong with the DebugContext,
which is good enough to avoid crashing.

BUG=chromium:474538
LOG=y

Review URL: https://codereview.chromium.org/1065213002

Cr-Commit-Position: refs/heads/master@{#27650}
2015-04-08 09:10:14 +00:00
mstarzinger
f3338dd3b0 Prevent overzealous bailout due to script context.
This is a follow-up to 2d281e71ac and prevents bailouts on empty
script contexts in Crankshaft, which don't need allocation. Only
non-empty script contexts should cause a bailout.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1063373003

Cr-Commit-Position: refs/heads/master@{#27649}
2015-04-08 09:00:45 +00:00
jing.bao
584a351484 [x64] Introduce BMI instructions.
BUG=v8:4015
LOG=n

Review URL: https://codereview.chromium.org/1040603002

Cr-Commit-Position: refs/heads/master@{#27648}
2015-04-08 07:15:59 +00:00
bmeurer
aa46ebe5e2 [arm] Use position independent table switches.
Performance measurements show that the position independent code is
usually slightly faster than the position dependent code, and there
seems to be no noticable regression.

This also gets rid of a lot of support code that was only required to allow
embedding labels into the code stream. And it implies that neither the GC
nor the deserializer need to do anything for jump tables.

R=svenpanne@chromium.org
BUG=v8:3872
LOG=n

Review URL: https://codereview.chromium.org/1069633002

Cr-Commit-Position: refs/heads/master@{#27646}
2015-04-08 06:50:15 +00:00
balazs.kilvady
8e4e83119c MIPS64: Fix typo of 'Always update raw pointers when handling interrupts inside RegExp code.'
Port c67cb287a9

BUG=

Review URL: https://codereview.chromium.org/1061363003

Cr-Commit-Position: refs/heads/master@{#27644}
2015-04-07 21:12:22 +00:00
balazs.kilvady
e9224e4ab3 MIPS64: Make --always-opt also optimize top-level code.
Port 2d281e71ac

Original commit message:
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.

BUG=

Review URL: https://codereview.chromium.org/1066843005

Cr-Commit-Position: refs/heads/master@{#27643}
2015-04-07 21:11:11 +00:00
adamk
a0dbe25bce Use NumberIsNaN in collections.js and make it inlined
Review URL: https://codereview.chromium.org/1067933002

Cr-Commit-Position: refs/heads/master@{#27641}
2015-04-07 19:52:26 +00:00
caitpotter88
1fb76f055a [es6] emit error when for-in loop declarations are initialized in strict mode
The ES6 grammar forbids the initialization of variable declarations in IterationStatements.

This CL will report `for (var x = y in z)` as a SyntaxError in strict mode (as done in JSC). It is possible that this could break sites in sloppy mode, and so that change can wait.

BUG=
R=
LOG=N

Review URL: https://codereview.chromium.org/1033823002

Cr-Commit-Position: refs/heads/master@{#27639}
2015-04-07 19:28:42 +00:00
adamk
f089e5c846 Simplify collections.js now that it's wrapped in an IIFE
Also wrap templates.js in an IIFE to avoid unnecessary pollution
of the builtins object.

Review URL: https://codereview.chromium.org/1067903004

Cr-Commit-Position: refs/heads/master@{#27638}
2015-04-07 19:00:40 +00:00
erikcorry
1e02227806 More robust when allocation fails during compaction
R=ulan@chromium.org
BUG=chromium:473307
LOG=yes

Review URL: https://codereview.chromium.org/1068833002

Cr-Commit-Position: refs/heads/master@{#27637}
2015-04-07 17:22:16 +00:00
verwaest
2585bf79bd Simplify instanceof optimization; don't duplicate lookup
BUG=

Review URL: https://codereview.chromium.org/1066873002

Cr-Commit-Position: refs/heads/master@{#27635}
2015-04-07 16:11:29 +00:00
balazs.kilvady
b635967b90 MIPS: JSEntryTrampoline: check for stack space before pushing arguments
Port 146598f44a

Original commit message:
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.

BUG=chromium:469768
LOG=y

Review URL: https://codereview.chromium.org/1066843003

Cr-Commit-Position: refs/heads/master@{#27634}
2015-04-07 15:59:10 +00:00