verwaest@chromium.org
4615e9edac
Reland v8:18458 "Load the global proxy from the context of the target function."
...
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/104013008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 10:46:39 +00:00
rossberg@chromium.org
2879f2104c
Revert "Load the global proxy from the context of the target function."
...
This reverts commit https://code.google.com/p/v8/source/detail?r=18458 , since it exhibits a bug that breaks some tests.
TBR=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/93863006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 09:55:25 +00:00
verwaest@chromium.org
5b40c38679
Load the global proxy from the context of the target function.
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/111613003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 08:21:17 +00:00
ulan@chromium.org
711bcbb0e3
ARM: fix loading of global object in LWrapReceiver.
...
Since r16993 the cp register is handled by registers allocator,
and we cannot assume that the cp always contains the context.
BUG=318420
LOG=Y
TEST=test/mjsunit/regress/regress-318420.js
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/121703002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-27 14:38:00 +00:00
ulan@chromium.org
7ac7a7ea99
Fix a race between concurrent recompilation and OSR.
...
If concurrent recompilation finishes before OSR, then OSR replaces
the old optimized code without evicting it from the optimized code map.
New functions can get the old optimized code from the optimized code map,
but the old code could be already deoptimized.
BUG=330046
TEST=test/mjsunit/regress-330046.js
LOG=Y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/109033003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-27 09:22:56 +00:00
yangguo@chromium.org
2a4be7067c
Refactor the compiling pipeline.
...
Goals:
- easier to read, more suitable identifiers.
- better distinction between compiling optimized/unoptimized code
- compiler does not install code on the function.
- easier to add features (e.g. caching optimized code for osr).
- remove unnecessary code.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/110203002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 14:30:35 +00:00
yangguo@chromium.org
f7929d2a87
Reland "Handlify concat string and substring."
...
This relands commit r17490.
BUG=
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/114943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18408 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 12:37:56 +00:00
yangguo@chromium.org
8c10fc6aee
Harmony: implement math.hypot.
...
R=jarin@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/118303002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 11:13:39 +00:00
yangguo@chromium.org
2e2676a843
Harmony: implement Math.log2 and Math.log10.
...
R=jarin@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/119093006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 10:54:47 +00:00
yangguo@chromium.org
cd7d61cfc2
Fix small spec violation in String.prototype.split.
...
Also slightly extended the test coverage.
R=rossberg@chromium.org
BUG=v8:3026
LOG=Y
Review URL: https://codereview.chromium.org/119093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18405 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 10:01:22 +00:00
yangguo@chromium.org
c61d07e03f
Correctly resolve forcibly context allocated parameters in debug-evaluate.
...
R=ulan@chromium.org
BUG=325676
LOG=Y
Review URL: https://codereview.chromium.org/107243006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 08:37:03 +00:00
titzer@chromium.org
be32761a67
Improve load elimination handling of transitioning stores.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/106973005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:12:41 +00:00
rossberg@chromium.org
b882bddcfd
Make a strict function's "name" property non-writable.
...
Set [[Writable]] to false for the "name" property of strict
functions as well, mirroring what non-strict functions have
it as.
LOG=N
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-270142
BUG=270142
Review URL: https://codereview.chromium.org/99203006
Patch from Sigbjorn Finne <sigbjornf@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:06:11 +00:00
hpayer@chromium.org
f583b73b70
Revert "Remove flag track-allocation-sites."
...
This reverts commit 6c430da40efe388035504d3603756aa8c46ed1dc.
BUG=
Review URL: https://codereview.chromium.org/109303006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:04:34 +00:00
mvstanton@chromium.org
e654c88fab
Remove flag track-allocation-sites.
...
The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/104923010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 11:46:31 +00:00
titzer@chromium.org
1f679a58f7
Improve check elimination with branch sensitivity on HCompareObjectEqAndBranch.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/106733002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-19 17:42:21 +00:00
jkummerow@chromium.org
3c76ecd732
Fix switch statements with non-Smi integer labels and no type feedback
...
BUG=chromium:329709
LOG=Y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/98643010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-19 14:25:58 +00:00
verwaest@chromium.org
fb7218dc3d
Enable optimization of functions with generic switches.
...
R=jkummerow@chromium.org , titzer@chromium.org
Review URL: https://chromiumcodereview.appspot.com/110123002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 11:44:38 +00:00
yangguo@chromium.org
213b05b5b9
Fix off-by-one error in AstTyper, part 2.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/112933002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-12 15:19:57 +00:00
jkummerow@chromium.org
48ff79a300
Fix polymorphic inlined calls with migrating prototypes
...
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/104793003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-12 14:57:00 +00:00
ulan@chromium.org
cc401095fb
Initialize Date parse cache with SMI instead of double to workaround sharing mutable heap numbers in snapshot.
...
This is the only field in the snapshot that was tracked as double.
R=verwaest@chromium.org
TEST=mjsunit/regress/regress-280531.js
BUG=280531
LOG=Y
Review URL: https://chromiumcodereview.appspot.com/112003005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-11 13:11:44 +00:00
yangguo@chromium.org
5bc64b9fa5
Fix off-by-one error in AstTyper.
...
This causes the first parameter to be confused with the first
stack local when we collect type information.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/105943007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18296 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-11 11:34:09 +00:00
hpayer@chromium.org
75a84eca0b
Added regression test for escape analysis.
...
BUG=
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/99133011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18290 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-10 15:54:20 +00:00
titzer@chromium.org
3de79abd85
Add a regression test for boolean concatenation in strings.
...
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/106743010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-10 14:05:25 +00:00
svenpanne@chromium.org
e1db6d86a9
Avoid FP exceptions when doing integer division.
...
BUG=v8:3039
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/104003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-09 10:15:19 +00:00
mvstanton@chromium.org
b807f4f82f
Bugfix: HCheckInstanceType::GetCheckMaskAndTag used an incorrect mask.
...
The mask to check for an internalized string was incorrectly formed. Hat
tip to Weiliang Lin for discovering the bug.
BUG=v8:3038
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/108033002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-06 09:43:07 +00:00
verwaest@chromium.org
8a4df124a4
Fix loop side-effects of deoptimizing loops with a nested live OSR loop.
...
R=titzer@chromium.org
Review URL: https://chromiumcodereview.appspot.com/106723002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 18:31:06 +00:00
machenbach@chromium.org
d8a757c669
Add tests and extension verifying CHECK and ASSERT.
...
The new native functions can also be used in blink tests to ensure that V8 asserts are turned on where they should be.
BUG=
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/105953005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18262 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 17:26:22 +00:00
yangguo@chromium.org
34f0b745b8
Reland "Implement hyperbolic math functions for ES6."
...
BUG=v8:2938
LOG=N
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/104173002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 12:36:42 +00:00
yangguo@chromium.org
3e689544af
Revert "Implement hyperbolic math functions for ES6."
...
BUG=
Review URL: https://codereview.chromium.org/104003002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18248 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 08:53:17 +00:00
yangguo@chromium.org
d1e0c338f3
Implement hyperbolic math functions for ES6.
...
R=jarin@chromium.org
BUG=v8:2938
LOG=Y
Review URL: https://codereview.chromium.org/102023003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 08:32:18 +00:00
titzer@chromium.org
1d6710c933
Add some test cases with dead loops.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/98323004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-03 18:04:45 +00:00
verwaest@chromium.org
d4eaae37d1
Check whether the receiver to a keyed-call is actually a heapobject.
...
BUG=325225
LOG=n
R=dslomov@chromium.org
Review URL: https://chromiumcodereview.appspot.com/101863004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-03 17:59:31 +00:00
titzer@chromium.org
16c4c14fac
Check elimination: Learn from if(CompareMap(x)) on true branch.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/99043002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18210 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 18:34:33 +00:00
bmeurer@chromium.org
aa83f2900a
Fix invalid assertion with OSR in BuildBinaryOperation.
...
BUG=v8:3032
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/98623004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 13:12:07 +00:00
yangguo@chromium.org
3d062847a4
Make sin-cos test case compatible with --always-osr.
...
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/98893002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 12:56:54 +00:00
mstarzinger@chromium.org
db915fe97e
Handle captured objects in OptimizedFrame::Summarize.
...
R=yangguo@chromium.org
BUG=v8:3029
TEST=mjsunit/regress/regress-3029
LOG=N
Review URL: https://codereview.chromium.org/96773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 12:11:02 +00:00
mvstanton@chromium.org
5ba1304d60
Array builtins need to be prevented from changing frozen objects, and changing structure on sealed objects.
...
BUG=299979
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/80623002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-29 15:22:16 +00:00
yangguo@chromium.org
f235194518
Fix bug in inlining Function.apply.
...
R=jkummerow@chromium.org
BUG=323942
LOG=Y
Review URL: https://codereview.chromium.org/95123003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18135 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:30:17 +00:00
titzer@chromium.org
bbdd21ebb0
Fix load elimination: can only .Equals() GVN-able instructions.
...
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/95193002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:27:42 +00:00
dslomov@chromium.org
7372596615
Ensure that length is Smi in TypedArrayFromArrayLike constructor.
...
R=jkummerow@chromium.org
BUG=324028
LOG=Y
Review URL: https://codereview.chromium.org/94473002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:22:36 +00:00
mstarzinger@chromium.org
d53e38777f
Fix missing bounds check in n-arguments Array constructor.
...
LOG=N
R=mvstanton@chromium.org
BUG=v8:3027
TEST=mjsunit/regress/regress-3027
Review URL: https://codereview.chromium.org/92103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 09:29:57 +00:00
yangguo@chromium.org
ea43173cf4
Shorten autogenerated error message.
...
R=rossberg@chromium.org
BUG=v8:3019
LOG=Y
Review URL: https://codereview.chromium.org/88393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18115 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 08:59:45 +00:00
rossberg@chromium.org
e943623b12
Harmony promises
...
Based on prototype at
https://github.com/rossberg-chromium/js-promise
which informed the latest spec draft version at
https://github.com/domenic/promises-unwrapping/blob/master/README.md
Activated by --harmony-promises.
Feature complete with respect to the draft spec, plus the addition of .when and .deferred methods. Final naming and other possible deviations from the current draft will hopefully be resolved soon after the next TC39 meeting.
This CL also generalises the Object.observe delivery loop into a simplistic microtask loop. Currently, all observer events are delivered before invoking any promise handler in a single fixpoint iteration. It's not clear yet what the final semantics is supposed to be (should there be a global event ordering?), but it will probably require a more thorough event loop abstraction inside V8 once we get there.
R=dslomov@chromium.org , yhirano@chromium.org
BUG=
Review URL: https://codereview.chromium.org/64223010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18113 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-27 17:21:40 +00:00
machenbach@chromium.org
c95173b2eb
Increase test runner speed.
...
Let the test runner preserve the order of test suites to let suites with long running tests run first.
Mark some tests as slow that can now be skipped via --slow-tests=skip.
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/88343002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18086 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 16:53:04 +00:00
yangguo@chromium.org
ab96631177
Increase precision for base conversion for large integers.
...
R=jkummerow@chromium.org
BUG=v8:3025
LOG=Y
Review URL: https://codereview.chromium.org/88583002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 15:48:13 +00:00
yangguo@chromium.org
afd8e5a305
Speed up long-running test cases.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/85163003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 11:32:39 +00:00
yangguo@chromium.org
4716b292db
Make some ARM test cases faster.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/85473004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 10:43:44 +00:00
dslomov@chromium.org
c3a4d718ce
Generate TypedArrayInitialize builtin in hydrogen.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/59023003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-25 14:41:46 +00:00
mvstanton@chromium.org
81b22bbf96
A performance regression in array literal creation was caused by refactoring that eliminated a special fast case for shallow arrays. At the same time the general case got a bit slower. This CL restores most of the performance without coding the special fast case. The virtual dispatching is unnecessary because we know what we want to do at compile time. A flag was added to Runtime::CreateArrayLiteral. The flags delivers information about shallowness but also whether or not allocation mementos should be created. This is useful for crankshafted code.
...
BUG=v8:3008
LOG=Y
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/77293003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18046 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-25 12:41:27 +00:00
yangguo@chromium.org
aa3518a0f3
Make sure files end with exactly one new line and police this in presubmit.
...
The changes are (excluding presubmit.py) mechanical. I added the following
lines after the check and iterated the presubmit script until all errors
went away:
f = open(name, "w");
if contents.endswith('\n\n'):
f.write(contents[0:-1])
else:
f.write(contents + '\n')
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/82803005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 13:50:39 +00:00
ulan@chromium.org
21fb1401bd
Restore saved caller FP registers on stub failure
...
and preserve FP registers on NotifyStubFailure.
In debug mode, clobber FP registers on each runtime call to increase
chances of catching such bugs.
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/78283002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 10:21:47 +00:00
yangguo@chromium.org
e5f187995d
Mark flaky debug test as failing.
...
The issues are known. For the time being, we mark it as failing.
R=machenbach@chromium.org
BUG=v8:2921, v8:3005
LOG=N
Review URL: https://codereview.chromium.org/77723008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 17:09:17 +00:00
yangguo@chromium.org
2c7ebfa7f0
Increase precision when finding the remainder after division by pi/2.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/66703005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 15:04:37 +00:00
svenpanne@chromium.org
8f88467bf6
Removed unused --preallocate-message-memory flag.
...
It results in a lot of dead code, and Isolate::PrintStack itself
crashes most of the time when something went wrong earlier.
Furthermore, we have plans do get better information into the
minidump, anyway.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/78003002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 12:35:58 +00:00
danno@chromium.org
06c7620302
Fixed crashes exposed though fuzzing.
...
The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set.
R=yangguo@chromium.org
TEST=test/mjsunit/regress/regress-320948.js
BUG=chromium:320948
LOG=Y
Review URL: https://codereview.chromium.org/72813004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 16:41:07 +00:00
jkummerow@chromium.org
37443768bf
Fix register trashing in Emit*ByteSeqStringSetChar
...
This is currently not observable without --allow-natives-syntax because all internal usages are safe, but it deserves to be fixed nonetheless.
BUG=chromium:320922
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/67103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 12:59:09 +00:00
mvstanton@chromium.org
bff41483dc
Bugfix: dependent code field in AllocationSite was keeping code objects alive even after context death.
...
BUG=320532
LOG=Y
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/62803008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 10:17:33 +00:00
dslomov@chromium.org
6749e57f47
Fix data view accessors to throw execptions on offsets bigger than size_t.
...
R=jkummerow@chromium.org
BUG=v8:3013
LOG=Y
Review URL: https://codereview.chromium.org/74583003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 15:16:22 +00:00
dslomov@chromium.org
cb6e8b334d
Revert "Fix data view accessors to throw execptions on offsets bigger than size_t."
...
This reverts commit r17838 for breaking arm build.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/75213005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 15:05:05 +00:00
dslomov@chromium.org
dd5c7ec89e
Fix data view accessors to throw execptions on offsets bigger than size_t.
...
R=jkummerow@chromium.org
BUG=v8:3013
LOG=Y
Review URL: https://codereview.chromium.org/74583003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 14:58:16 +00:00
dslomov@chromium.org
4228132e74
Use mock ArrayBuffer allocator to avoid really allocating 1Gb.
...
R=jkummerow@chromium.org
BUG=v8:3014
LOG=N
Review URL: https://codereview.chromium.org/61623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 14:50:45 +00:00
dslomov@chromium.org
99133912bd
Generate DataViewInitialize built-in in hydrogen.
...
R=bmeurer@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/66843011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 13:57:49 +00:00
danno@chromium.org
f27f2fa420
Match max property descriptor length to corresponding bit fields
...
BUG=v8:3010
R=verwaest@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/72333004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 11:44:06 +00:00
mstarzinger@chromium.org
ed034b39e5
Fix bogus allocation limit in allocation folding.
...
R=ishell@chromium.org
TEST=mjsunit/allocation-folding
Review URL: https://codereview.chromium.org/73563004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 18:44:59 +00:00
dslomov@chromium.org
7832aab75c
Add suppressions for regress-319722-ArrayBuffer.
...
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/59093007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 17:40:21 +00:00
jkummerow@chromium.org
c9b41c6995
Limit size of dehoistable array indices
...
LOG=Y
BUG=chromium:319835,chromium:319860
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/74113002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 17:24:10 +00:00
dslomov@chromium.org
7936ca39be
Limit the size for typed arrays to MaxSmi.
...
R=jkummerow@chromium.org
LOG=Y
BUG=319722
Review URL: https://codereview.chromium.org/73943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:37:15 +00:00
dslomov@chromium.org
c01aa1fc1f
Revert "Limit the size for typed arrays to MaxSmi."
...
This reverts commit r17798 for allocating too much memroy in tests.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/74093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:25:51 +00:00
dslomov@chromium.org
09ca1318ab
Limit the size for typed arrays to MaxSmi.
...
R=jkummerow@chromium.org
LOG=Y
BUG=319722
Review URL: https://codereview.chromium.org/73943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:09:56 +00:00
verwaest@chromium.org
341d405301
Reland and fix "Add support for keyed-call on arrays of fast elements"
...
BUG=
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/71783003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 10:52:05 +00:00
bmeurer@chromium.org
2ee5aa951c
Fix missing type feedback check for Generic*String addition.
...
TEST=mjsunit/regress/regress-crbug-318671
BUG=318671
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/67473007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 09:13:36 +00:00
rafaelw@chromium.org
bdf78a7ad3
Reland [Object.observe] Don't force normalization of elements for observed objects
...
Original Issue: https://codereview.chromium.org/29353003/
Note that this version of the patch includes logic for bailing out of compiled ArrayPush/ArrayPop calls if the array is observed (see stub-cache-*)
R=danno@chromium.org
BUG=v8:2946
LOG=N
Review URL: https://codereview.chromium.org/68343016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 21:47:39 +00:00
verwaest@chromium.org
93f2ed48d9
Handle all object types (minus smi) in load/store ICs
...
R=ulan@chromium.org
Review URL: https://chromiumcodereview.appspot.com/62953007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 16:25:31 +00:00
machenbach@chromium.org
eef8694a7e
[Sheriff] Revert "Add support for keyed-call on arrays of fast elements"
...
This reverts commit r17746 for breaking layout tests.
TBR=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/72753002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 15:00:13 +00:00
verwaest@chromium.org
607a175cbc
Add support for keyed-call on arrays of fast elements
...
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/23537067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 13:46:18 +00:00
mvstanton@chromium.org
3cf157b43b
Inline zero argument array constructor.
...
patch from issue 54583003 (dependent code).
Zero arguments - very easy
1 argument - three special cases:
a) If length is a constant in valid array length range,
no need to check it at runtime.
b) respect DoNotInline feedback on the AllocationSite for
cases that the argument is not a smi or is an integer
with a length that should create a dictionary.
c) if kind feedback is non-holey, and length is non-constant,
we'd have to generate a lot of code to be correct.
Don't inline this case.
N arguments - one special case:
a) If a deopt ever occurs because an input argument isn't
compatible with the elements kind, then set the
DoNotInline flag.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/55933002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17741 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 12:05:09 +00:00
danno@chromium.org
28ed69b8fb
Fix overflow in TypedArray initialization function
...
BUG=chromium:319120
TEST=test/mjsunit/regress/regress-319120.js
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/61753013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17711 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 06:20:48 +00:00
rossberg@chromium.org
cec8383cff
Provide private symbols through internal APIs
...
Adds a notion of private symbols, mainly intended for internal use, especially, self-hosting of built-in types that would otherwise require new C++ classes.
On the JS side (i.e., in built-ins), private properties can be created and accessed through a set of macros:
NEW_PRIVATE(print_name)
HAS_PRIVATE(obj, sym)
GET_PRIVATE(obj, sym)
SET_PRIVATE(obj, sym, val)
DELETE_PRIVATE(obj, sym)
In the V8 API, they are accessible via a new class Private, and respective HasPrivate/Get/Private/SetPrivate/DeletePrivate methods on calss Object.
These APIs are designed and restricted such that their implementation can later be replaced by whatever ES7+ will officially provide.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/48923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-13 10:34:06 +00:00
yangguo@chromium.org
e83fd01ce6
Reland "Implement Math.sin, cos and tan using table lookup and spline interpolation."
...
This relands r17594 with necessary fixes.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/70003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 14:43:18 +00:00
yangguo@chromium.org
df9665032e
Introduce %_IsMinusZero.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/63423004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 11:53:13 +00:00
bmeurer@chromium.org
6f75e92902
Add initial hydrogenized NewStringAddStub.
...
The new stub is enabled via the --new-string-add flag, which is
disabled by default. For now, it's only a stripped down version
of the native StringAddStub, it's still work-in-progress.
BUG=v8:2990
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/61893009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 10:21:08 +00:00
mstarzinger@chromium.org
d5cb83f4aa
Fix invalid reuse of weak global handle in GetScriptWrapper.
...
This fixes a direct usage of a weak global handle in GetScriptWrapper
that just casted it to a strong local handle, while a subsequent GC
might clear it. Handlepocalypse anyone?
R=machenbach@chromium.org
BUG=v8:2988
TEST=mjsunit/regress/regress-2988
Review URL: https://codereview.chromium.org/67273004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-11 16:27:36 +00:00
mstarzinger@chromium.org
c6841f1180
Tame mjsunit/fast-literal after fixing allocations.
...
Not that allocations go through Heap::AllocateRaw and actually respect
the allocation timeout, the runtime of this test spiked. This adjusts
the limit to sane values now that the values are actually respected.
R=mvstanton@chromium.org
TEST=mjsunit/fast-literal
Review URL: https://codereview.chromium.org/63603009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-11 10:22:46 +00:00
ulan@chromium.org
bc4ad49b25
Do not add values to HGraph in Lithium.
...
Lithium uses indexes after the maximium value ID in the HGraph as indexes
of virtual registers and assumes that the maximum value ID does not change.
The IsStandardConstant and GetConstantXX functions could add constants to
HGraph, which aliased virtual registers with real values. This could confuse
the register allocator to think that a value in a virtual register is tagged
and to incorrectly set it in the pointer map.
BUG=298269
TEST=mjsunit/regress/regress-298269.js
R=verwaest@chromium.org
Review URL: https://chromiumcodereview.appspot.com/66693002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 14:16:34 +00:00
yangguo@chromium.org
9f104a1a3e
Revert "Implement Math.sin, cos and tan using table lookup and spline interpolation."
...
This reverts commit r17594.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/59153007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 13:44:27 +00:00
yangguo@chromium.org
063b7c4ebb
Implement Math.sin, cos and tan using table lookup and spline interpolation.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/50563003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 13:10:39 +00:00
mstarzinger@chromium.org
59536de77d
Make HCapturedObjects non-deletable for DCE.
...
R=jkummerow@chromium.org
BUG=v8:2987
TEST=mjsunit/regress/regress-2987
Review URL: https://codereview.chromium.org/64433002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 16:07:19 +00:00
verwaest@chromium.org
dccc06e132
Disable stress-gc for memento-related test.
...
R=mvstanton@chromium.org
Review URL: https://chromiumcodereview.appspot.com/64003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17559 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 12:20:45 +00:00
yangguo@chromium.org
eb550c6da4
Fix y-umlaut to uppercase.
...
R=dcarney@chromium.org
BUG=v8:2984
Review URL: https://codereview.chromium.org/59853006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 09:08:34 +00:00
mvstanton@chromium.org
cec8548d0e
Correct handling of arrays with callbacks in the prototype chain.
...
Our generic KeyedStoreIC doesn't handle the case when a callback is
set on array elements in the prototype chain of the object, nor do
we recognize that we need to avoid the monomorphic case if these
callbacks exist.
This CL addresses the issue by looking for dictionary elements in
the prototype chain on IC misses and crankshaft element store
instructions. When found, the generic IC is used. The generic IC is
changed to go to the runtime in this case too.
In general, keyed loads are immune from this problem because they
won't return the hole: discovery of the hole goes to the runtime where
the callback will be found in the prototype chain. Double array loads
in crankshaft can return the hole but only if the prototype chain is
unaltered (we will catch such alterations).
Includes the following patch as well (already reviewed by bmeurer):
Performance regression found in test regress-2185-2.js. The problem was
that the bailout method for TransitionAndStoreStub was not performing
the appropriate transition.
(Review URL for the ElementsTransitionAndStoreIC_Miss change:
https://codereview.chromium.org/26911007 )
R=danno@chromium.org
Review URL: https://codereview.chromium.org/35413006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17525 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 15:45:43 +00:00
bmeurer@chromium.org
980739a29c
Improve implementation of HSeqStringSetChar.
...
This improves the generated code for HSeqStringSetChar across
all platforms, taking advantage of constant operands whenever
possible. It also drops the unused DefineSameAsFirst constraint
for the register allocator on x64 and ia32, where it caused
unnecessary spills when the string operand was live across the
HSeqStringSetChar instruction.
A new GVN flag StringChars is introduced to express dependencies
between HSeqStringSetChar, HStringCharCodeAt and the upcoming
HSeqStringGetChar (the GVNFlags type is now 64bit in size).
Also improves the test case.
TEST=mjsunit/string-natives
R=mstarzinger@chromium.org , yangguo@chromium.org
Review URL: https://codereview.chromium.org/57383004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17521 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 13:09:22 +00:00
rafaelw@chromium.org
13f722cae4
[Object.observe] rename intrinsic change record types for consitency.
...
Note the spec now reflects the updated naming:
http://wiki.ecmascript.org/doku.php?id=harmony:observe_spec_changes
R=rossberg@chromium.org , rossberg
BUG=v8:2940
Review URL: https://codereview.chromium.org/46043020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 12:14:24 +00:00
machenbach@chromium.org
4539c6ba5f
[Sheriff] Mark flaky test on windows.
...
It was marked as flaky on linux nosnap, arm and nacl before. Now it's marked universally flaky since windows joined the list.
BUG=v8:2921
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/54713002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 19:29:58 +00:00
yangguo@chromium.org
371265eec4
Revert "Handlify concat string and substring."
...
This reverts r17490.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/59973004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 15:36:15 +00:00
yangguo@chromium.org
23d085c691
Handlify concat string and substring.
...
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/50073005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 14:07:07 +00:00
yangguo@chromium.org
a5ed9a71c8
Correctly load message from an Error object.
...
R=mstarzinger@chromium.org
BUG=306220
Review URL: https://codereview.chromium.org/46593010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 13:04:51 +00:00
rafaelw@chromium.org
e78081ca1c
Make Object.freeze/seal/preventExtensions observable
...
Note: spec has been updated here: http://wiki.ecmascript.org/doku.php?id=harmony:observe_spec_changes .
R=rossberg@chromium.org , rossberg
BUG=v8:2975,v8:2941
Review URL: https://codereview.chromium.org/47703003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 12:25:32 +00:00
rafaelw@chromium.org
4a8319c7c6
[Object.observe] Implement implicit notification from performChange
...
R=arv@chromium.org , rossberg@chromium.org , rossberg
BUG=v8:2942
Review URL: https://codereview.chromium.org/36313002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17476 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 11:23:08 +00:00
jkummerow@chromium.org
2ebfd6e90e
Add missing negative dictionary lookup to NonexistentHandlerFrontend
...
BUG=v8:2980
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/57433003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-04 14:14:09 +00:00