Test that allocations which regularly happen inline in the generated code and create objects in bump pointer space will be recorded by the allocation tracker.

BUG=chromium:277984
LOG=N
R=loislo@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/73893005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/73973002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17792 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/66993006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This patch also clean up 64-bits literals handling.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/61763025

Patch from Rodolph Perfetta <rodolph.perfetta@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Instead, code sites that are interested in underlying constant integer values
should use HValue::IsInteger32Constant(). The issue is that the infer representation phase shouldn't "see through" HForceRepresentation nodes to an underlying, and less specific representation.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/65643003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/71783003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

- In an Else block it's possible to add more If<>'s in the same builder that are
  treated as an else if.
- Simplified and cleaned-up some of the IfBuilder's internals.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/66983002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/63643004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ishell@chromium.org

Review URL: https://chromiumcodereview.appspot.com/70233009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:3005
LOG=N
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/68173023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TEST=mjsunit/regress/regress-crbug-318671
BUG=318671
LOG=y
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/67473007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:3005
LOG=N
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/65833003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17771 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Original Issue: https://codereview.chromium.org/29353003/

Note that this version of the patch includes logic for bailing out of compiled ArrayPush/ArrayPop calls if the array is observed (see stub-cache-*)

R=danno@chromium.org
BUG=v8:2946
LOG=N

Review URL: https://codereview.chromium.org/68343016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Original issue: https://codereview.chromium.org/49203002/

TBR=vegorov

Review URL: https://codereview.chromium.org/63343003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17768 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Port r17756 (12e5896)

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/72603006

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17767 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

- When building binary arithmetic op and comparison restore source position of the operation itself before building operation itself after it was changed by building operands. This ensures that position recorded for operation points to the operation token instead of pointing to the rightmost operand;

- Add support for recording operands' positions and use these positions when inserting HChange instructions;

- When generating hydrogen.cfg emit H-instruction position as BCI (previously 0 was emitted), additionally on every lithium instruction emit annotation pointing to corresponding hydrogen-instruction. This allows to easily reach from deopt_id to lithium instruction and from it to hydrogen instruction and source position.

BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/49203002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=adamk@chromium.org
TBR=mstarzinger@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/73123002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Port r17755 (bfef904)

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/72983002

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Port r17748 (595bed6)

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/70233011

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Port r17741 (fe14ef8)

Original commit message:
patch from issue 54583003 (dependent code).

Zero arguments - very easy

1 argument - three special cases:
a) If length is a constant in valid array length range,
no need to check it at runtime.
b) respect DoNotInline feedback on the AllocationSite for
cases that the argument is not a smi or is an integer
with a length that should create a dictionary.
c) if kind feedback is non-holey, and length is non-constant,
we'd have to generate a lot of code to be correct.
Don't inline this case.

N arguments - one special case:
a) If a deopt ever occurs because an input argument isn't
compatible with the elements kind, then set the
DoNotInline flag.

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/72893003

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Because SetElement & co are interdependent, this patch handlfies all of JSObject::
-SetElement
-SetFastElement
-SetDictionaryElement
-SetFastDoubleElement
-SetElementWithInterceptor
-SetElementWithoutInterceptor
-SetElementWithCallbackSetterInPrototype

R=mstarzinger@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/66803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/68523009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/62953007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/72073004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:2333
LOG=N
R=hpayer@chromium.org

Review URL: https://chromiumcodereview.appspot.com/48443002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org, yurys@chromium.org
TEST=cctest/test-heap/DisableInlineAllocation

Review URL: https://codereview.chromium.org/69953023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17752 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit r17746 for breaking layout tests.

TBR=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/72753002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/72703002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

LOG=
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/61733023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/70093002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17748 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org
BUG=318454

Review URL: https://codereview.chromium.org/71653008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23537067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This is the exact copy of r17365 which was reverted in r17488 due to memory corruption. The root cause for the memory corruption - missing check for bump pointer limit before storing filler map must be addressed in r17626 where allocation hooks were removed from the generated code and left only in the runtime.

This is initial implementation of allocation profiler.

Whenever new object allocation is reported to the HeapProfiler and allocation tracking is on we will capture current stack trace, add it to the collection of the allocation traces (a tree) and attribute the allocated size to the top JS function on the stack.

Format of serialized heap snapshot is extended to include information about recorded allocation stack traces.

This patch is r17301 plus a fix for the test crash in debug mode. The test crashed because we were traversing stack trace when just allocated object wasn't completely configured, in particular the map pointer was incorrect. Invalid Map pointer broke heap iteration required to find Code object for a given pc during stack traversal. The solution is to insert free space filler in the newly allocated block just before collecting stack trace.

BUG=chromium:277984,v8:2949
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/61893031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17742 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

patch from issue 54583003 (dependent code).

Zero arguments - very easy

1 argument - three special cases:
  a) If length is a constant in valid array length range,
     no need to check it at runtime.
  b) respect DoNotInline feedback on the AllocationSite for
     cases that the argument is not a smi or is an integer
     with a length that should create a dictionary.
  c) if kind feedback is non-holey, and length is non-constant,
     we'd have to generate a lot of code to be correct.
     Don't inline this case.

N arguments - one special case:
  a) If a deopt ever occurs because an input argument isn't
     compatible with the elements kind, then set the
     DoNotInline flag.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/55933002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17741 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/63173023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17740 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/62713006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The callers to NumberToSize are supposed to validate the number, but
this adds a last line of defense.

TBR=jkummerow@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/61733021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:3004
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/63173022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit r17733 for breaking Linux build.

TBR=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/69243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The callers to NumberToSize are supposed to validate the number, but
this adds a last line of defense.

R=jkummerow@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/72323003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00