R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/136443006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Once Call ICs are replaced by LoadIC + CallFunctionStub, we'll need a new way
of tracking this information.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/141073006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Recent changes in IC logic meant that CallStubs no longer use the Contextual bit. IsUndeclaredGlobal() needed to adjust for that.

In fact, now the CL has morphed to remove the notion of storing contextual state in the IC at all, it just becomes some extra ic state of the load ic. This took some adjustment in harmony code to use the global receiver for certain stores.

Now it's clearer that only LoadICs actually record any information about contextual or not.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/140943002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Removes the embarrassing "static"s, shuffles some code around, doing various cleanups on the way.

R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/130213009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

When invoking a setter callback for a property using
JSObject::SetPropertyWithCallback(),the callback arguments includes
a correct pair of receiver and holder objects.

Such a pair of _possibly different_ arguments (receiver, holder) must
also be supplied when invoking the same setter callback from JITed
code, when the setter is invoked through the StoreCallbackProperty
stub.

An example where this matters are the accessor properties kept on the
global scope of Worker (i.e., properties kept on the global object
itself, and not on its prototype.) Conflating the receiver with the
holder leads to general confusion when attempting to fetch out the
wrapper object.

LOG=N
R=dcarney@chromium.org, dcarney
BUG=239669

Review URL: https://codereview.chromium.org/139263008

Patch from Sigbjorn Finne <sigbjornf@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Remove duplicate code in StringTable and Heap. Instead of having many InternalizeXXXString methods, add a general InternalizeStringWithKey that takes a string table key.

BUG=
R=dcarney@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/140953002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:1775
R=machenbach@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/138273016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18656 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=jkummerow@chromium.org
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/141603003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18653 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Port r18651 (49744859)

Original commit message:
This adds a fixed array sub-type that will represent a backing store for
typed arrays allocated with TypedArray(length) construtor.

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/141143003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This adds a fixed array sub-type that will represent a backing store for
typed arrays allocated with TypedArray(length) construtor.

R=mvstanton@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/101413006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit r18649 for breaking Linux/nosnap and Win64 tests.

TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/140793003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This adds a fixed array sub-type that will represent a backing store for
typed arrays allocated with TypedArray(length) construtor.

R=mvstanton@chromium.org, verwaest@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=18646

Review URL: https://codereview.chromium.org/101413006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/138963006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit r18646 for breaking Win32 build.

TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/132233012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18647 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This adds a fixed array sub-type that will represent a backing store for
typed arrays allocated with TypedArray(length) construtor.

R=mvstanton@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/101413006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Removed ADDRESS_SANITIZER #ifdefs, the extension is so tiny that it's
not worth the clutter.

R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/138143014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/133703015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/140773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
R=bmeurer@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/138033012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/103843002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18640 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/137783016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Remove an issue from the ChangeLog that was reverted.

BUG=
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/139383007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18636 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=jkummerow@chromium.org
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/140683002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

ExtensionConfiguration is just a simple container for extension names
(in a perfect world we would use vector<string> and range-based for
loops), and HandleScopeData was in the totally wrong place. Some
additional cleanup on the way, e.g. using the null pattern behind our
external API.

R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/139393002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

MIPS: Fix Win32 buildbreak (caused by overriden methods that have disappeared while having the patch out for code review).

Port r18627 (c2ba7b25)

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/140203002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Port r18626 (d3368a4c)

Original commit message:
The change replaces CallNamed, CallKeyed, CallConstantFunction and CallKnownGlobal hydrogen instructions with two new instructions with a more lower level semantics:

1. CallJSFunction for direct calls of JSFunction objects (no
   argument adaptation)

2. CallWithDescriptor for calls of a given Code object according to
   the supplied calling convention.

Details:

CallJSFunction should be straightforward, the main difference from the
existing InvokeFunction instruction is the absence of argument adaptor
handling. (As a next step, we will replace InvokeFunction with an
equivalent hydrogen code.)

For CallWithDescriptor, the calling conventions are represented by a
tweaked version of CallStubInterfaceDescriptor. In addition to the
parameter-register mapping, we also define parameter-representation
mapping there. The CallWithDescriptor instruction has variable number of
parameters now - this required some simple tweaks in Lithium, which
assumed fixed number of arguments in some places.

The calling conventions used in the calls are initialized in the
CallDescriptors class (code-stubs.h, <arch>/code-stubs-<arch>.cc), and
they live in a new table in the Isolate class. I should say I am not
quite sure about Representation::Integer32() representation for some of
the params of ArgumentAdaptorCall - it is not clear to me wether the
params could not end up on the stack and thus confuse the GC.

The change also includes an earlier small change to argument adaptor
(https://codereview.chromium.org/98463007) that avoids passing a naked
pointer to the code entry as a parameter. I am sorry for packaging that
with an already biggish change.

Performance implications:

Locally, I see a small regression (.2% or so). It is hard to say where
exactly it comes from, but I do see inefficient call sequences to the
adaptor trampoline. For example:

;;; <@78,#24> constant-t
bf85aa515a     mov edi,0x5a51aa85          ;; debug: position 29
;;; <@72,#53> load-named-field
8b7717         mov esi,[edi+0x17]          ;; debug: position 195
;;; <@80,#51> constant-s
b902000000     mov ecx,0x2                 ;; debug: position 195
;;; <@81,#51> gap
894df0         mov [ebp+0xf0],ecx
;;; <@82,#103> constant-i
bb01000000     mov ebx,0x1
;;; <@84,#102> constant-i
b902000000     mov ecx,0x2
;;; <@85,#102> gap
89d8           mov eax,ebx
89cb           mov ebx,ecx
8b4df0         mov ecx,[ebp+0xf0]
;;; <@86,#58> call-with-descriptor
e8ef57fcff     call ArgumentsAdaptorTrampoline  (0x2d80e6e0)    ;; code: BUILTIN

Note the silly handling of ecx; the hydrogen for this code is:

0 4 s27 Constant 1  range:1_1 <|@
0 3 t30 Constant 0x5bc1aa85 <JS Function xyz (SharedFunctionInfo 0x5bc1a919)> type:object <|@
0 1 t36 LoadNamedField t30.[in-object]@24 <|@
0 1 t38 Constant 0x2300e6a1 <Code> <|@
0 1 i102 Constant 2  range:2_2 <|@
0 1 i103 Constant 1  range:1_1 <|@
0 2 t41 CallWithDescriptor t38 t30 t36 s27 i103 i102 #2 changes[*] <|@

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/137663005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18630 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

while having the patch out for code review).

R=danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/136303004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

call machinery.  The change replaces CallNamed, CallKeyed,
CallConstantFunction and CallKnownGlobal hydrogen instructions with two
new instructions with a more lower level semantics:

1. CallJSFunction for direct calls of JSFunction objects (no
   argument adaptation)

2. CallWithDescriptor for calls of a given Code object according to
   the supplied calling convention.

Details:

CallJSFunction should be straightforward, the main difference from the
existing InvokeFunction instruction is the absence of argument adaptor
handling. (As a next step, we will replace InvokeFunction with an
equivalent hydrogen code.)

For CallWithDescriptor, the calling conventions are represented by a
tweaked version of CallStubInterfaceDescriptor. In addition to the
parameter-register mapping, we also define parameter-representation
mapping there. The CallWithDescriptor instruction has variable number of
parameters now - this required some simple tweaks in Lithium, which
assumed fixed number of arguments in some places.

The calling conventions used in the calls are initialized in the
CallDescriptors class (code-stubs.h, <arch>/code-stubs-<arch>.cc), and
they live in a new table in the Isolate class. I should say I am not
quite sure about Representation::Integer32() representation for some of
the params of ArgumentAdaptorCall - it is not clear to me wether the
params could not end up on the stack and thus confuse the GC.

The change also includes an earlier small change to argument adaptor
(https://codereview.chromium.org/98463007) that avoids passing a naked
pointer to the code entry as a parameter. I am sorry for packaging that
with an already biggish change.

Performance implications:

Locally, I see a small regression (.2% or so). It is hard to say where
exactly it comes from, but I do see inefficient call sequences to the
adaptor trampoline. For example:

;;; <@78,#24> constant-t
bf85aa515a     mov edi,0x5a51aa85          ;; debug: position 29
;;; <@72,#53> load-named-field
8b7717         mov esi,[edi+0x17]          ;; debug: position 195
;;; <@80,#51> constant-s
b902000000     mov ecx,0x2                 ;; debug: position 195
;;; <@81,#51> gap
894df0         mov [ebp+0xf0],ecx
;;; <@82,#103> constant-i
bb01000000     mov ebx,0x1
;;; <@84,#102> constant-i
b902000000     mov ecx,0x2
;;; <@85,#102> gap
89d8           mov eax,ebx
89cb           mov ebx,ecx
8b4df0         mov ecx,[ebp+0xf0]
;;; <@86,#58> call-with-descriptor
e8ef57fcff     call ArgumentsAdaptorTrampoline  (0x2d80e6e0)    ;; code: BUILTIN

Note the silly handling of ecx; the hydrogen for this code is:

0 4 s27 Constant 1  range:1_1 <|@
0 3 t30 Constant 0x5bc1aa85 <JS Function xyz (SharedFunctionInfo 0x5bc1a919)> type:object <|@
0 1 t36 LoadNamedField t30.[in-object]@24 <|@
0 1 t38 Constant 0x2300e6a1 <Code> <|@
0 1 i102 Constant 2  range:2_2 <|@
0 1 i103 Constant 1  range:1_1 <|@
0 2 t41 CallWithDescriptor t38 t30 t36 s27 i103 i102 #2 changes[*] <|@

BUG=
R=verwaest@chromium.org, danno@chromium.org

Review URL: https://codereview.chromium.org/104663004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Revert of Make it possible to compile d8 for the host toolset as well (https://codereview.chromium.org/139493002/)

Reason for revert:
still doesn't work on arm

Original issue's description:
> Make it possible to compile d8 for the host toolset as well
>
> 2nd attempt. Use a different output path for the host d8.
>
> BUG=v8:1775
> R=machenbach@chromium.org
> LOG=n
>
> Committed: https://code.google.com/p/v8/source/detail?r=18621

R=machenbach@chromium.org
TBR=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:1775

Review URL: https://codereview.chromium.org/139523003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18623 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This CL enables the auto-roll script to close and reopen the tree when pushing.

Modifies an auto-roll test so that the push-to-trunk part is executed in order to test the new tree control feature.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/130403006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

2nd attempt. Use a different output path for the host d8.

BUG=v8:1775
R=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/139493002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18621 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Revert "Make it possible to compile d8 for the host toolset as well" and "For V8, only build d8 on target"

This reverts commits r18618 and r18619 for breaking arm compilation.

BUG=
TBR=jochen@chromium.org

Review URL: https://codereview.chromium.org/139273004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=none
TBR=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/139403002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:1775
R=jkummerow@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/136763010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This is done similar to weak embedded objects in optimized code (r17102). The
reference from optimized code to a cell is treated weakly in marking visitors
if the cell points to a JSObject. After marking we iterate over all cells
embedded in optimized code. If a cell is not marked but its value is marked,
then we revive the cell by marking it. Otherwise, the cell value is dead, so
we mark the code for deoptimization.

BUG=v8:2073
TEST=cctest/test-heap/CellsInOptimizedCodeAreWeak
LOG=Y
R=hpayer@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/117483002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=jkummerow@chromium.org
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/130143003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts r18592 for breaking the GC stress bots.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/137783011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Reland "Remove flags argument from EmitCallWithStub" and "MIPS: Remove flags argument from EmitCallWithStub.""

This reverts commit r18606 since suspected problems still remained.

BUG=
R=jkummerow@chromium.org
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/139013005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Revert "Remove flags argument from EmitCallWithStub" and "MIPS: Remove flags argument from EmitCallWithStub."

This reverts commits r18598 and r18604 for breaking GC stress.

BUG=
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/133393003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:2999
TBR=jkummerow@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/138183006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18605 ce2b1a6d-e550-0410-aec6-3dcde31c8c00