AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
12,156 Commits 1 Branch 0 Tags 839 MiB
0599225187
Commit Graph

698 Commits

Author SHA1 Message Date
danno@chromium.org
c65f4f7f7b Don't use StoreIC_ArrayLength on frozen arrays 
The code previously assumed that an array with fast properties must have
a writable length property. But Object.freeze() now exposes a way to make
length read-only without moving the object into slow mode. This patch
simply adds a !is_frozen check to the IC code. Any future optimizations
to attribute-setting on JSArrays will need to make similar accomodations.

R=danno
BUG=v8:2711,259548

Review URL: https://chromiumcodereview.appspot.com/19115002
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-14 22:03:46 +00:00
titzer@chromium.org
9e7819fac4 Added %NeverOptimize runtime call that can disable optimizations for a method for tests. 
BUG=

Review URL: https://codereview.chromium.org/18214005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-11 14:17:56 +00:00
yangguo@chromium.org
b99ca1ab12 Do not implicitly convert receivers for builtin functions when inspecting frames. 
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/18900004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-09 13:58:11 +00:00
danno@chromium.org
bd50e6d38f Refactoring and cleanup of control instructions 
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/18331004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-05 10:40:14 +00:00
danno@chromium.org
345cc98a25 Generate StoreGlobal stubs with Hydrogen 
- Constants globals are inlined into Hydrogen code using code dependencies that invalidate the Crankshafted code when global PropertyCells or the global object change.
- The more general case generates code that is just as good as the hand-written assembly stubs on all platforms.

R=rossberg@chromium.org, ulan@chromium.org

Committed: http://code.google.com/p/v8/source/detail?r=15419

Review URL: https://codereview.chromium.org/16925008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-05 10:34:02 +00:00
ulan@chromium.org
74d147a25d Enable weak embedded maps in optimized code. 
If the top optimized code in call stack is at the point that does not support
deoptimization, then treat the maps in the code as strong pointers.

Note that other optimized code in call stack must support deoptimization
because of the call instruction with side-effects.

BUG=217858,v8:2073
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16955008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15452 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-02 15:15:58 +00:00
danno@chromium.org
77c20c30a3 Revert r15419: "Generate StoreGlobal stubs with Hydrogen" 
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/18357004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15427 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 15:12:21 +00:00
danno@chromium.org
a3bce19868 Generate StoreGlobal stubs with Hydrogen 
- Constants globals are inlined into Hydrogen code using code dependencies that invalidate the Crankshafted code when global PropertyCells or the global object change.
- The more general case generates code that is just as good as the hand-written assembly stubs on all platforms.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/16925008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 13:22:13 +00:00
yangguo@chromium.org
85d7a36ee0 Abort optimization when debugger is turned on. 
BUG=v8:2751
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/18198003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-28 11:34:51 +00:00
dslomov@chromium.org
ef189ecd82 Do not allow invocation of ArrayBuffer and array buffer views' constructors as functions. 
ES6 bug 695 (https://bugs.ecmascript.org/show_bug.cgi?id=695).
This never worked in WebKit, so no compatibility issues.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/17904007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-27 07:42:08 +00:00
yangguo@chromium.org
b7b92bd9ac Short-circuit embedded cons strings. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/17418003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-21 09:24:30 +00:00
verwaest@chromium.org
2ca5c6cd03 Fix using monomorphic store instruction for polymorphic stores. 
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16875008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15214 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 18:07:35 +00:00
svenpanne@chromium.org
010d9aba16 Avoid relying on monkey-patchable things in String.prototype.split. 
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/17391016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15206 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 12:25:40 +00:00
svenpanne@chromium.org
fb7310b1fd Fixed read-only attribute of Function.length in strict mode. 
R=cira@chromium.org

Review URL: https://codereview.chromium.org/17006006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-18 07:51:50 +00:00
wingo@igalia.com
09fcac5e39 Use keyed-call inline caches in delegating yield 
Since we can't assume anything about the shape of the iterator in a
yield* (delegating yield), use an IC to do the next() and throw()
iterator method calls.

BUG=v8:2691
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-2691

Review URL: https://codereview.chromium.org/15455002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15111 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-13 10:18:28 +00:00
mvstanton@chromium.org
75afb8ce79 Fix for bug 245480. Calling new Array(a) with a single argument could result in creating a holey array with a packed elements kind. 
BUG=245480
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/16341004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 18:04:16 +00:00
jkummerow@chromium.org
9447014780 Skip some conditional deopts for Div/Mul when all uses are truncating. 
- set "can be minus zero" flag properly so minus-zero checks are skipped
- skip "integer result?" check in division code when uses are truncating
- drive-by cleanup: consolidated computation of kCanOverflow flag for Add/Sub into range inference phase

BUG=v8:2132
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/16741002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-11 11:43:57 +00:00
wingo@igalia.com
f68d6a10f8 Fix crasher when checking for "of", but next token has no literal buffer 
Also fix a typo in an assertion in scanner.h.

R=mstarzinger@chromium.org
BUG=248025
TEST=mjsunit/regress/regress-crbug-248025.js

Review URL: https://codereview.chromium.org/16549003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-11 11:30:03 +00:00
mstarzinger@chromium.org
ecc41e30c0 Fix re-initialization of existing double field. 
R=verwaest@chromium.org
BUG=v8:2717
TEST=mjsunit/regress/regress-2717

Review URL: https://codereview.chromium.org/16735003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-10 11:55:47 +00:00
verwaest@chromium.org
3588aa45cd Take all uses into account to clear int32 truncation. 
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16656002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-07 17:28:46 +00:00
verwaest@chromium.org
5e8679beea Remove the optimized construct stub. 
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15993016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14946 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-05 08:43:25 +00:00
mvstanton@chromium.org
3d3c6b1599 Special Array constructor type feedback erroneously recorded when Array 
was called as a function. Issue was found with optimize_constructed_array
turned on. This patch makes the fix, and turns the flag back on.

BUG=244461
R=danno@chromium.org

Review URL: https://codereview.chromium.org/16057005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-03 14:46:23 +00:00
jkummerow@chromium.org
b4058a3bd4 Fast literals: fixed initialization of non-copied in-object property fields 
BUG=chromium:245424
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/16190008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14906 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-31 15:50:19 +00:00
verwaest@chromium.org
5b08a1a119 Fix DeferredTaggedToINoSSE2 to not unconditionally untag undefined to 0. 
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16228002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-31 08:37:34 +00:00
verwaest@chromium.org
1a4a904bef Replace DeoptimizeOnUndefined with whitelisting AllowUndefinedAsNan 
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15952007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-30 09:11:06 +00:00
yurys@chromium.org
09959efe41 Add support for //# sourceURL similar to deprecated //@ sourceURL one. 
BUG=v8:2702
R=yangguo@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/15859010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-29 12:40:21 +00:00
mstarzinger@chromium.org
3b114cdd64 Fix IfBuilder::Deopt to clear the current block. 
R=jkummerow@chromium.org
BUG=chromium:243868
TEST=mjsunit/regress/regress-crbug-243868

Review URL: https://codereview.chromium.org/16155003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14854 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-28 15:30:49 +00:00
verwaest@chromium.org
aa2444269b Fix the hole loading optimization. 
- Holes are only ever loaded as double or tagged.
- Change to tagged has to deoptimize on undefined (no implicit
  conversions from double the hole NaN -> tagged undefined).

BUG=
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16099006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-27 17:33:14 +00:00
yangguo@chromium.org
3e41834721 Regexp parser: reset flag after scanning ahead for capture groups. 
When the regexp pattern parser encounters an unbound reference to a
capturing group, it needs to scan ahead to decide whether it really
is a reference.  The scan advances to the end of the pattern string
and sets has_more_ to false, but fails to reset it to true so that
later on, parsing a character class wrongly fails.

R=ulan@chromium.org
BUG=v8:2690

Review URL: https://chromiumcodereview.appspot.com/15712006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-27 10:53:37 +00:00
yangguo@chromium.org
7c2a1346d6 Fix edge case in stack trace formatting. 
Bug description: in strict mode, null as receiver is not implicitly converted
to the global object, so that when formatting the stack trace, the receiver of
the stack frame is null. The IS_OBJECT check returns true for null, but
%GetDataProperty expected a JSObject, which results in a failed RUNTIME_ASSERT.

R=mvstanton@chromium.org
BUG=237617

Review URL: https://chromiumcodereview.appspot.com/15670003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-24 11:33:46 +00:00
yangguo@chromium.org
1d39355405 Add belated test for the SeqStringSetChar bug. 
R=titzer@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/15849003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-24 08:37:27 +00:00
mstarzinger@chromium.org
8fb2086847 Fix embedded new-space pointer in LCmpObjectEqAndBranch. 
R=mvstanton@chromium.org
BUG=chromium:240032
TEST=mjsunit/regress/regress-crbug-240032

Review URL: https://codereview.chromium.org/15779004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-23 14:06:28 +00:00
mstarzinger@chromium.org
b704cb9139 Fix bogus deopt in BuildEmitDeepCopy for holey arrays. 
R=verwaest@chromium.org
BUG=chromium:242924
TEST=mjsunit/regress/regress-crbug-242924

Review URL: https://codereview.chromium.org/15735012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-22 17:58:21 +00:00
verwaest@chromium.org
b353b1d131 Don't allow copying holes to fields. 
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15745006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-22 15:33:53 +00:00
mstarzinger@chromium.org
bf413b5122 Fix VisitLogicalExpression for empty blocks on RHS. 
R=jkummerow@chromium.org
BUG=chromium:242870
TEST=mjsunit/regress/regress-crbug-242870

Review URL: https://codereview.chromium.org/15744002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-22 13:27:00 +00:00
yangguo@chromium.org
9960b24694 Fix unexpected elements transition in JSON.parse 
R=verwaest@chromium.org
BUG=241344

Review URL: https://chromiumcodereview.appspot.com/15739003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-22 13:24:18 +00:00
mstarzinger@chromium.org
db4a770c3f Add regression test for fix from r14732. 
R=verwaest@chromium.org
BUG=chromium:242502
TEST=mjsunit/regress/regress-crbug-242502

Review URL: https://codereview.chromium.org/15288008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-21 14:20:42 +00:00
titzer@chromium.org
5746d38351 Fix code gen bug on arm and mips; SeqStringSetChar overwrites a register; Add better default PrintDataTo for HInstruction 
BUG=

Review URL: https://codereview.chromium.org/14895019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-16 14:27:39 +00:00
wingo@igalia.com
d6fa1d8ad9 Function constructor should avoid String.prototype methods 
Replace a use of .indexOf with a call to StringIndexOf.  As always,
lexical scoping to the rescue.

R=mstarzinger@chromium.org
TEST=mjsunit/regress/regress-2686
BUG=v8:2686

Review URL: https://codereview.chromium.org/14668013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14678 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-15 10:52:06 +00:00
wingo@igalia.com
1634369af7 Don't flush code for generator functions. 
R=mstarzinger@chromium.org
BUG=v8:2681
TEST=mjsunit/regress/regress-2681

Review URL: https://codereview.chromium.org/14731023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-13 17:36:26 +00:00
jkummerow@chromium.org
7636fdec27 Fix missing hole check for loads from Smi arrays when all uses are changes 
BUG=chromium:233737

Review URL: https://codereview.chromium.org/14978004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14638 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-13 11:58:10 +00:00
ulan@chromium.org
cd4e9866b7 Fix environment in HOptimizedGraphBuilder::VisitCountOperation. Follow-up for r14584. 
R=danno@chromium.org
BUG=v8:2671
TEST=mjsunit/regress/regress-2671-1.js

Review URL: https://chromiumcodereview.appspot.com/14972009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-08 14:58:06 +00:00
ulan@chromium.org
e5a29e8ff9 Do not change environment between simulate and scope with no observable side-effects in HandlePropertyAssignment. 
LChunkBuilder reconstructs the environment by applying simulates. A scope with no observable side-effects has no simulates. If the scope deoptimizes, then LChunkBuilder would miss the changes to the environment between the last simulate and the scope.

R=danno@chromium.org
BUG=v8:2671
TEST=mjsunit/regress/regress-2671.js

Review URL: https://chromiumcodereview.appspot.com/14793009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-08 07:40:28 +00:00
danno@chromium.org
528792e39b Fix beyond-heap load on x64 Crankshafted StringCharFromCode 
BUG=chromium:235311
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/14387008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-29 14:34:24 +00:00
jkummerow@chromium.org
628875475e Fix overflow check in mul-i which was missing since r14322 
Review URL: https://codereview.chromium.org/14471012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14430 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-25 07:36:59 +00:00
dslomov@chromium.org
852f90339a Adds EXTERNAL_DOUBLE_ARRAY to a list of instance types 
BUG=v8:2646

Patch by Andrei Kashcha <anvaka@gmail.com>

Review URL: https://codereview.chromium.org/14042008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14398 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-23 17:02:09 +00:00
ulan@chromium.org
bc4d7878e6 Do not emit Simulates in HandlePolymorphicElementAccess. 
BUG=v8:2653
R=jkummerow@chromium.org
TEST=mjsunit/regress/regress-2653.js

Review URL: https://chromiumcodereview.appspot.com/14081025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-23 15:28:44 +00:00
svenpanne@chromium.org
cd34acdae3 Do not emit double values at their use sites. 
Revert part of r14179. From the regression test's comment:

Currently, the gap resolver doesn't handle moves from a ConstantOperand to a
DoubleRegister, but these kind of moves appeared when HConstant::EmitAtUses
was changed to allow special double values (-0, NaN, hole). So we should
either enhance the gap resolver or make sure that such moves don't happen.

BUG=chrome:234101

Review URL: https://codereview.chromium.org/14429002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-23 13:08:10 +00:00
mstarzinger@chromium.org
adf9afc09e Fix missing Smi check in grow mode keyed stores. 
R=danno@chromium.org
TEST=mjsunit/regress/regress-grow-store-smi-check

Review URL: https://codereview.chromium.org/14352011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14332 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-18 14:18:27 +00:00
yangguo@chromium.org
d7b78dc230 Fix OOB write in --print-code. 
R=jkummerow@chromium.org
BUG=v8:2624

Review URL: https://chromiumcodereview.appspot.com/14018010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-15 15:19:51 +00:00