ager@chromium.org
096c21522b
Fix wrong assumption in parser that parsing a function literal cannot throw an exception.
...
Review URL: http://codereview.chromium.org/6453009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 18:46:13 +00:00
ager@chromium.org
8c6c273236
Fix issues with using defineProperty on the global proxy object.
...
Review URL: http://codereview.chromium.org/6452004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 16:31:58 +00:00
ricow@chromium.org
f64966085e
x64: Add MulI and DivI to lithium instructions.
...
Review URL: http://codereview.chromium.org/6448001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:37:50 +00:00
lrn@chromium.org
2f32f27e8f
Correct propagation of exceptions from setters.
...
BUG=v8:1105
TEST=test/mjsunit/regress/regress-1105.js
Review URL: http://codereview.chromium.org/6451003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:04:27 +00:00
kmillikin@chromium.org
bf3c3eb9cb
Fix a possible duplicate AST ID for deoptimization.
...
For redeclarations of variables that alias the parameters in functions
using arguments, we need to avoid re-visiting the shared variable
rewrite.
BUG=v8:1104
Review URL: http://codereview.chromium.org/6453004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:00:22 +00:00
ricow@chromium.org
20f2c1c98a
Make sure that we do not call is_extensible on the global proxy.
...
When calling Object.isExtensible we did not do a check for the global
js proxy. This caused the check on the extensible bit on the map to
return true, even when the bit was set to false on the global js
object.
Review URL: http://codereview.chromium.org/6450003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 13:09:07 +00:00
ricow@chromium.org
81787f986b
Make sure that we never call prevent extension on the global proxy,
...
but instead call this on the global object.
BUG: 1103
Review URL: http://codereview.chromium.org/6454001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 12:41:16 +00:00
lrn@chromium.org
48fadffcc4
Fix bug in JSON.parse for objects containing "__proto__" as key.
...
It added the __proto__ key as a normal key, which made it visible
in enumeration, while reading still hit the hard-coded accessor.
Review URL: http://codereview.chromium.org/6451002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 11:38:15 +00:00
mmaly@chromium.org
2926151fdc
Clean up es5conform.status per feedback.
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-07 16:51:47 +00:00
ricow@chromium.org
7d530e1950
Re-insert exception for mozilla/ecma/Date/15.9.5.10-2 in release mode on arm
...
The last change to mozilla.status made the assumption that this test always finish on time when in release mode, but that is not the case on arm. This change just skips the test completely on arm.
Review URL: http://codereview.chromium.org/6250193
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-07 12:07:21 +00:00
ricow@chromium.org
0c52785f1e
Remove exceptions for Function.prototype.bind from es5conform.status.
...
These exceptions are no longer valid since we do implement bind.
Review URL: http://codereview.chromium.org/6410116
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-07 08:34:42 +00:00
ricow@chromium.org
75df563bb8
Simplify exceptions for ecma/Date/15.9.5.10-2 in mozilla.status
...
We had a large number of different exceptions for this test in the
mozilla.status file - changing this to only one exception where we
allow fail and timeout in debug mode.
Review URL: http://codereview.chromium.org/6286143
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6656 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-07 08:34:33 +00:00
mmaly@chromium.org
6d5e9c88ba
Fix es5conform.status expectation file.
...
The strict mode tests were disabled until now.
The propagation of strict mode flag into eval enabled them but there are
failures due to unimplemented features of strict mode, as well as some
incorrect tests in the suite.
TBR=ager@chromium.org , lrn@chromium.org
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 22:07:10 +00:00
peterhal@chromium.org
39957aa741
Issue 117 - strict mode and future reserved words
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6653 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 18:36:37 +00:00
mmaly@chromium.org
87233c49c8
Pass strict mode to eval.
...
Code review feedback.
Code Review URL: http://codereview.chromium.org/6286043/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 18:15:49 +00:00
vegorov@chromium.org
10f715e3ff
Restore context after LApplyArguments.
...
BUG=v8:1099
TEST=test/mjsunit/regress/regress-1099.js
Review URL: http://codereview.chromium.org/6246106
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 15:42:02 +00:00
whesse@chromium.org
47f425b490
Disable Mozilla date test that times out on X64 crankshaft.
...
BUG=1100
TEST=ecma/Date/15.9.5.10-2.js
Review URL: http://codereview.chromium.org/6246104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 14:40:23 +00:00
lrn@chromium.org
19b734fd82
Fix potential overwriting of debug jumps of following code.
...
Add JSArrayLength, CallKnownFunction, and InstanceType operations.
Remove LadGlobal and StoreGlobal again (they fail).
Review URL: http://codereview.chromium.org/6347067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 14:09:03 +00:00
antonm@chromium.org
aecb05354b
Landing for Zaheer Ahmad.
...
Direct call api functions (arm implementation)
See: http://codereview.chromium.org/6170001/
Review URL: http://codereview.chromium.org/6286078
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 13:43:38 +00:00
sgjesse@chromium.org
84de496896
Implements DoubleToI on ARM. Refactor some VFP code at the same time and
...
fix the simulator behaviour.
BUG=none
TEST=added to cctest/test-assembler-arm.cc
Patch by Rodolph Perfetta from ARM Ltd.
Review URL: http://codereview.chromium.org/6368053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 07:08:50 +00:00
peterhal@chromium.org
c894b1f317
Fix bugs 992, 1083 and 1092
...
My previous patch added an assert which uncovered 1092 in the sputnik tests.
This patch adds the fix for 1092, which is to ensure that NormalizeProperties
does not get called for a JSGlobalProxy along all code paths.
Add sputnik tests to .gitignore.
BUG=
TEST=
Review URL: http://codereview.chromium.org/6286060
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 19:29:10 +00:00
antonm@chromium.org
710fbd2cfb
Do proper security checks when accessing elements with getOwnPropertyDescriptor.
...
This extends logic applied to regular properties to elements.
Review URL: http://codereview.chromium.org/6246055
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 18:09:51 +00:00
whesse@chromium.org
1853458a39
Fix X64 Windows compilation.
...
Review URL: http://codereview.chromium.org/6312120
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6621 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 15:14:46 +00:00
ricow@chromium.org
a2aa84873e
Add regression test for the deoptimizer immediately followed by gc bug.
...
In addition to the regression test I changed the gc-extension to take
a boolean flag specifying if compaction should be used (default is
false, existing tests will not change behaviour)
The regression test is disabled on arm and x64 with crankshaft
enabled. I made a bug to track this:
http://code.google.com/p/v8/issues/detail?id=1094
Review URL: http://codereview.chromium.org/6312118
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 13:47:27 +00:00
antonm@chromium.org
73348e83ea
Fix array boundary error.
...
It made value of allowed_access_type[v8::ACCESS_KEYS] be a wild value. On most of
platforms it was 0 and tests passed. But on ARM (and on ia32 if you alter test a bit)
it could become true and hence allow enumeration of properties.
Review URL: http://codereview.chromium.org/6334089
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 13:30:22 +00:00
whesse@chromium.org
3a52b68447
Fix compilation on 64-bit Windows, update Visual Studio projects.
...
Review URL: http://codereview.chromium.org/6312119
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 13:29:10 +00:00
danno@chromium.org
a2fb4a12bb
Create specialized code stubs for PixelArray loads.
...
Review URL: http://codereview.chromium.org/6287030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 12:50:50 +00:00
whesse@chromium.org
fe67b206ca
Fix X64 compilation on Windows.
...
Review URL: http://codereview.chromium.org/6334086
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 11:13:04 +00:00
antonm@chromium.org
0da3dc3e43
Properly process getOwnPropertyDescriptor for elements on global proxy object.
...
We need to go down to actual global object to perform those operations.
Review URL: http://codereview.chromium.org/6246054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 10:19:41 +00:00
antonm@chromium.org
fed5622671
Better security checks when accessing named properties via Object.getOwnPropertyDescriptor.
...
Current approach returns undefined descriptor if caller is not granted v8::HAS_ACCESS.
If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS check is
performed and value property of the descriptor is set to undefined if caller doesn't
have proper access. For JS accessors both v8::GET_ACCESS and v8::SET_ACCESS are checked
and affect if getter and setter would be stored in the descriptor.
Review URL: http://codereview.chromium.org/6286020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 17:44:29 +00:00
kmillikin@chromium.org
ca936dae9e
More of the fix for V8 issue 1079.
...
The arguments property of functions, if we find an optimized frame for
the function, is always a freshly allocated object. We never try to
find an existing arguments object.
Review URL: http://codereview.chromium.org/6349050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 15:08:29 +00:00
erik.corry@gmail.com
0097f005fd
Fix code generation bug on ARM in classic codegen.
...
Review URL: http://codereview.chromium.org/6246045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 14:14:55 +00:00
lrn@chromium.org
2d15eb9a90
Fix bug in object literals with large array indexes as strings.
...
Review URL: http://codereview.chromium.org/6410028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 14:02:58 +00:00
kmillikin@chromium.org
f1149734fc
Partial fix for V8 issue 1079.
...
Record a safepoint with a deoptimization id for throw in optimized code. We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw). For
hygiene we use the actual ID of the throw expression. Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit. This is required to insert a simulate between the throw and the exit.
Make our optimized treatment of Function.prototype.apply act like a call and
have side effects. This ensures that it will get a lazy deoptimization
environment. Use that deoptimization ID in the safepoint for the call.
Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction. Record the
environment and use the deoptimization ID at the safepoint.
Review URL: http://codereview.chromium.org/6250105
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 13:55:29 +00:00
ager@chromium.org
73a4ecfae1
A MessageObject is a purely internal object to hold information about
...
an error message that needs to be generated and reported. This change
hides all of the error information from JavaScript code so user
callbacks cannot get hold of it.
Review URL: http://codereview.chromium.org/6368051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 13:31:52 +00:00
whesse@chromium.org
a5f94a4862
Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5). These are not equal to sqrt(-0) and 1/sqrt(-0). Add tests for these cases. Fixes V8 issue 1088.
...
BUG=1088
TEST=test/mjsunit/math-pow.js
Review URL: http://codereview.chromium.org/6368050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 12:54:58 +00:00
vegorov@chromium.org
6751627615
Require typed input representation for HTypeof hydrogen instruction.
...
BUG=http://code.google.com/p/chromium/issues/detail?id=71647
TEST=test/mjsunit/regress/regress-71647.js
Review URL: http://codereview.chromium.org/6410025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 09:52:57 +00:00
ricow@chromium.org
0dd951ee84
Revert revision 6555 as it causes win32 debug to fail.
...
Review URL: http://codereview.chromium.org/6349044
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 08:14:06 +00:00
peterhal@chromium.org
5ca89179d7
Revert "Fix bugs 992 and 1083"
...
This reverts commit 6561 as the new assert caused failures in sputnik.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 20:08:01 +00:00
peterhal@chromium.org
9c89aa6dd9
Fix bugs 992 and 1083
...
Fixes JS portion of DefineOwnProperty when there is
an existing property and the new descriptor is generic.
Makes code follow spec steps more closely.
Fixes typo for check for unchanged enumerable in step 6.
Adds regression tests.
Fixes errors in object-define-property test
Don't normalize the JSGlobalProxy. Gets webkit http/tests/security/xss-DENIED-defineProperty.html working.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 17:08:14 +00:00
antonm@chromium.org
32a631d8bc
Compare JSObjects by identity immediately.
...
When invoking EQUALS JS builtin, 1st argument is passed as a receiver and
if it's a global object, it gets overwritten with global proxy object and
thus one gets incorrect results.
BUG=v8::1082
Review URL: http://codereview.chromium.org/6287018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 13:29:37 +00:00
antonm@chromium.org
93f8e3d821
Temporary disable comparison of optimizability of code objects in some cases.
...
With crankshaft, a code object can change its optimizability: it can start as
optimizable code object, but later we can find out it was a bad idea to
optimize it. Alas, currently we don't have a proper event to communicate
this back to logger. Hence we temporary allow a code object to be viewed
as optimizable judging from logs while being unoptimizable judging from
heap traversal.
Review URL: http://codereview.chromium.org/6250054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 12:39:02 +00:00
ager@chromium.org
471c0d2983
Avoid callbacks to user code during error formatting in a couple of
...
other situations.
Do not use overwritten Object.prototype.hasOwnProperty and
Array.prototype.pop. Do not use split and join in the error formatting
implementation. They are too big to control and their generality is
not needed.
Review URL: http://codereview.chromium.org/6287041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6552 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 12:31:16 +00:00
mmaly@chromium.org
aa779b3842
Fix V8 bug 1084: allow "\0" in strict mode as valid escape sequence.
...
http://code.google.com/p/v8/issues/detail?id=1084
Code Review URL: http://codereview.chromium.org/6386014/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 22:35:27 +00:00
antonm@chromium.org
a38a8ffab0
ArraySplice builtin should return empty array and not alter receiver if invoked with no arguments.
...
Review URL: http://codereview.chromium.org/6357025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 14:54:53 +00:00
antonm@chromium.org
1023f569b9
Perform security checks before fetching the value in Object.getOwnPropertyDescriptor.
...
Review URL: http://codereview.chromium.org/6386022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 13:49:15 +00:00
fschneider@chromium.org
4e7ddab6dc
Fix a bug in the placement of minus-zero checks and in GVN.
...
1. The placement of checks for negative zero has to be computed after
all conversion instructions have been inserted. I separated the code
into its own phase.
2. GVN need to take instruction flags into account when comparing
instructions for redundancy.
Review URL: http://codereview.chromium.org/6260035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 12:36:54 +00:00
ager@chromium.org
8198db7934
ARM: Add support for DoMathAbs with double inputs.
...
Adds vabs instruction to simulator, assembler, disassembler and tests.
BUG=none
TEST=Added to cctest.
Review URL: http://codereview.chromium.org/6366016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 10:16:28 +00:00
kmillikin@chromium.org
78b9981b90
Revert "Add custom typed ICs for pixel array loads. "
...
This change caused failures in (out of bounds) keyed loads of strings.
TBR'd.
Review URL: http://codereview.chromium.org/6298019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-28 15:07:04 +00:00
danno@chromium.org
afd0906204
Add custom typed ICs for pixel array loads.
...
Review URL: http://codereview.chromium.org/6323002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6526 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-28 14:06:20 +00:00