Commit Graph

2537 Commits

Author SHA1 Message Date
rafaelw@chromium.org
0cc44c14e5 Revert "Enable Object.observe by default"
TBR=rossberg
BUG=

Review URL: https://codereview.chromium.org/190853007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 03:54:42 +00:00
rafaelw@chromium.org
dcf9842e07 Enable Object.observe by default
R=rossberg@chromium.org, rossberg
BUG=v8:2409
LOG=Y

Review URL: https://codereview.chromium.org/183683022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 02:47:53 +00:00
yurys@chromium.org
e18b575c6e Fix compiler warning on Win64
BUG=None
LOG=N
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/191153002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19731 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 17:20:03 +00:00
yurys@chromium.org
74546c03ad AllocationTracker now maintains a map from address range to stack trace that allocated the range. When snapshot is generated the map is used to find construction stack trace for an object using its address.
BUG=chromium:277984
LOG=Y
R=alph@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/177983003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 16:13:22 +00:00
alexandre.rames@arm.com
33a46be689 A64: Handle a few TODOs.
Notes about a few TODOs handled in this patch:

* In ProfileEntryHookStub::Generate:
    Stubs are always called with relocation.

* In CreateArrayDispatchOneArgument:
    The branches to registers can't be conditional. We could use a jump table, but
    there are only 6 different kinds so it is likely not worth it.

* In Builtins::Generate_StringConstructCode:
    Rename the argc register (x0) after its meaning changes.
    Remove a TODO: using a macro would not make the code clearer.

* In Generate_JSEntryTrampolineHelper:
    Remove the TODO and raise an internal issue to investigate this.

* In Disassembler::SubstituteBranchTargetField:
    Print the target address, but we don't have more info on the target.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/185793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19724 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 15:20:32 +00:00
yurys@chromium.org
49cd3d8a65 Allocation tracker: add separate entry for allocations via V8 API
When object is creating via native V8 API calls JS callstack is empty and the allocation is indistinguishable from say compiler allocations. This change adds a separate entry for such allocations.

Since FunctionInfo not necessarily corresponds to a heap object they are now referred to using their index in the list of all FunctionInfos.

BUG=chromium:277984
LOG=N
R=loislo@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/177203002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:32:01 +00:00
mvstanton@chromium.org
f19e15c388 Test FeedbackVectorPreservedAcrossRecompiles needs crankshaft
The new test didn't recognize that non-sse2 builds on ia32 would
disable crankshaft.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/189263007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:01:03 +00:00
mvstanton@chromium.org
1812f63fd2 Moved type feedback vector to SharedFunctionInfo.
Type Vector followup: the type vector currently lives off the code object. This CL moves it to the SharedFunctionInfo, facilitating re-use and continued use in crankshafted code if desired.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/178463007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 10:12:17 +00:00
mvstanton@chromium.org
1d3652ebe6 Symbols for type cells. We can make more efficient code to check against type cells in the future if we use symbols, guaranteed not to conflict with user code. Currently, the "symbols" are the hole and undefined. Undefined may come in from the outside.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/181283003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:10:18 +00:00
marja@chromium.org
bd1fb97d5c Remove Script::SetData and the script_data parameter from Script::(Compile|New).
This feature makes it possible to associate data with a script and get it back
when the script is compiled or when an event is handled. It was historically
used by Chromium Dev Tools, but not any more. It is not used by node.js.

Note: this has nothing to do with the preparse data, despite the confusing name.
The preparse data is passed as ScriptData*.

Note 2: This is the same as r19616 ( https://codereview.chromium.org/184403002/ )
with a unused variable fix in bootstrapper.cc.

R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/185533014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 08:43:54 +00:00
rossberg@chromium.org
758a688bb6 Add --es-staging flag
...and remove some obsolete ones.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/165723008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 10:07:07 +00:00
mstarzinger@chromium.org
9ab32061ed Print properly signed displacement in disassembler.
R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/178193028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19667 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 09:28:26 +00:00
ulan@chromium.org
b9e0b87a5a Clear optimized code cache in shared function info when code gets deoptimized.
This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info.

This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js).

This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache.

BUG=343609
LOG=Y
TEST=mjsunit/regress/regress-343609.js
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/184923002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-03 11:11:39 +00:00
marja@chromium.org
40ffba58a4 Revert "Remove Script::SetData and the script_data parameter from Script::(Compile|New)."
This reverts revision 19616.

BUG=
TBR=marja@chromium.org,svenpanne@chromium.org

Review URL: https://codereview.chromium.org/181113008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:09:52 +00:00
marja@chromium.org
55750b1c62 Remove Script::SetData and the script_data parameter from Script::(Compile|New).
This feature makes it possible to associate data with a script and get it back
when the script is compiled or when an event is handled. It was historically
used by Chromium Dev Tools, but not any more. It is not used by node.js.

Note: this has nothing to do with the preparse data, despite the confusing name.
The preparse data is passed as ScriptData*.

R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/184403002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 13:54:14 +00:00
jochen@chromium.org
2aa5ac9311 A64: fix cctest/test-assembler-a64
The simulator now deletes its decoder in its dtor. Therefore, we must
always allocate the decoder on the heap.

BUG=none
R=ulan@chromium.org, jacob.bramley@arm.com
LOG=n

Review URL: https://codereview.chromium.org/183893005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 10:31:05 +00:00
dcarney@chromium.org
703536eba1 Revert "Better threaded fuzzing for TestFunctionCallOptimization"
This reverts commit 19567.

TBR=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/182893003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 09:48:56 +00:00
dcarney@chromium.org
44da745247 Better threaded fuzzing for TestFunctionCallOptimization
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/182863002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19567 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 09:18:37 +00:00
jochen@chromium.org
597a4b4dc1 A64: Make the Decoder a template
This will allow for replacing the dispatcher with a concrete decoder
visitor.

BUG=none
R=ulan@chromium.org, rodolph.perfetta@arm.com
LOG=n

Review URL: https://codereview.chromium.org/181253002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-26 12:01:05 +00:00
marja@chromium.org
94af17a845 Fix the bit massaging code in CompleteParserRecorder::WriteNumber.
The original code, added by
https://codereview.chromium.org/3384003/diff/7001/src/parser.cc 3.5 years ago,
failed to write numbers which contain a chunk of 7 zeroes in the middle. The
smallest such number is 2^14, so this is a problem if the source file to
preparse contains 16384 or more symbols (which happens in the wild).

This bug went unnoticed because the symbol data was not used by Parser (see
https://codereview.chromium.org/172753002/ for starting to use it again) and
there were no tests.

R=ulan@chromium.org
BUG=346221
LOG=y

Review URL: https://codereview.chromium.org/179433004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 11:51:02 +00:00
marja@chromium.org
3d85b86e23 Lazy preparsing vs. lazy parsing fix.
Preparsing is always maximally lazy (every function that can be lazy is preparsed
lazily), but Parser has more complicated laziness logic.

If we're going to parse eagerly, and we have preparse data from lazy preparsing,
we're gonna have a bad time. The symbol stream won't contain symbols inside lazy
functions, and when the Parser parses them eagerly, it will consume symbols from
the symbol stream, and everything will go wrong.

This bug was hidden because the symbol cache was not used for real (see
https://codereview.chromium.org/172753002/ ).

R=ulan@chromium.org
BUG=346207
LOG=Y

Review URL: https://codereview.chromium.org/177973002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-24 17:48:09 +00:00
m.m.capewell@googlemail.com
0468660b13 A64: Tidy up register use in TaggedToI
Fix bug where input register was potentially corrupted, tidy up register use in
TruncateDoubleToI and rename TryInlineTruncateDoubleToI.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/173663002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-21 11:36:04 +00:00
marja@chromium.org
0a01afda76 Re-enable Parser::symbol_cache_ (after a long time!)
The Parser never used the symbol stream produced by the PreParser for anything
useful, due to a bug introduced 3.5 years ago by
https://codereview.chromium.org/3356010/diff/7001/src/parser.cc.

The bug is that calling Initialize on symbol_cache_ doesn't change its
length. So the length remains 0, and the "if" in Parser::LookupSymbol is always
true, and Parser::LookupCachedSymbol is never called and symbol_cache_ never
filled.

This bug also masked a bug that the symbol stream produced by PreParser doesn't
match what Parser wants to consume. The repro case is the following:

var myo = {if: 4}; print(myo.if);

PreParser doesn't log a symbol for the first "if", but in the corresponding
place, Parser consumes one symbol from the symbol stream. Since the consumed
symbols were never really used, this mismatch went unnoticed.

This CL also fixes that bug.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/172753002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19505 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-20 11:35:37 +00:00
alexandre.rames@arm.com
7d64aab1a1 A64: Introduce 'branch types' that extend the architectural conditions.
The branch types include 'always' and 'never', and types like reg_zero (CBZ) and
reg_bit_clear (TBZ).
This will be used by incoming improvements to the code generated for
deoptimization exit points.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/170783002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 16:13:09 +00:00
rossberg@chromium.org
0d34254f8d Upgrade Symbol implementation to match current ES6 behavior.
Refresh the implementation of Symbols to catch up with what the
specification now mandates:

* The global Symbol() function manufactures new Symbol values,
  optionally with a string description attached.

* Invoking Symbol() as a constructor will now throw.

* ToString() over Symbol values still throws, and
  Object.prototype.toString() stringifies like before.

* A Symbol value is wrapped in a Symbol object either implicitly if
  it is the receiver, or explicitly done via Object(symbolValue) or
  (new Object(symbolValue).)

* The Symbol.prototype.toString() method no longer throws on Symbol
  wrapper objects (nor Symbol values.) Ditto for Symbol.prototype.valueOf().

* Symbol.prototype.toString() stringifies as "Symbol("<description>"),
  valueOf() returns the wrapper's Symbol value.

* ToPrimitive() over Symbol wrapper objects now throws.

Overall, this provides a stricter separation between Symbol values and
wrapper objects than before, and the explicit fetching out of the
description (nee name) via the "name" property is no longer supported
(by the spec nor the implementation.)

Adjusted existing Symbol test files to fit current, adding some extra
tests for new/changed behavior.

LOG=N
R=arv@chromium.org, rossberg@chromium.org, arv, rossberg
BUG=v8:3053

Review URL: https://codereview.chromium.org/118553003

Patch from Sigbjorn Finne <sigbjornf@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 14:19:42 +00:00
mvstanton@chromium.org
73b679cbee Revert "Second attempt at introducing a premonomorphic state in the call"
This reverts commits r19463 and r19457 (includes MIPS port), there was a
Sunspider perf issue and on reflection we can achieve the necessary
result in a new way.

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/172383003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 13:55:25 +00:00
jacob.bramley@arm.com
6d9fcf1198 A64: Tidy up Push and Pop TODOs.
This addresses several TODOs:
  - Push and Pop requests can be queued up so that arrays of Registers
    can be pushed efficiently, with just one PrepareForPush/Pop.
  - PushMultipleTimes now takes an Operand. This allows variable-length
    arguments arrays to be initialized, for example.
  - A NoUseRealAbortsScope has been added to Abort so that
    AssertStackConsistency can be called from PrepareForPush without
    introducing infinite recursion.

BUG=
R=rmcilroy@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/170623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 09:43:45 +00:00
jarin@chromium.org
58d0682f8d Add filler at the new space top when forcing scavenge.
We only seem to force scavenge in our cctest test suite, so this is
expected to fix some flakiness in our tests, but it will not
improve stability of v8 itself.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/167423004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19460 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 16:34:52 +00:00
alph@chromium.org
b4354d6d88 DevTools: Drop kSinTable dependency off the heap profiler ArrayBuffer backing_store test
LOG=N
R=dslomov@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/170253008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 15:57:44 +00:00
mvstanton@chromium.org
5224c3d0f0 Second attempt at introducing a premonomorphic state in the call
target caches.

This time we don't go through the premonomorphic state for
the Array call target caches to avoid losing information from
allocation sites that aren't only used once, but where the
resulting array is used heavily.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/169683003

Patch from Kasper Lund <kasperl@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19457 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 15:33:34 +00:00
alph@chromium.org
1bace575f0 Allow self_size to be larger than 2GB in heap snapshots.
LOG=N
R=dslomov@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/166383002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 13:22:07 +00:00
alexandre.rames@arm.com
62116e2c12 A64: Let the MacroAssembler resolve branches to distant targets.
Code generation would fail when assembling a branch to a label that is bound
outside the immediate range of the instruction. A64 is sensitive to this, as the
various branching instructions have different ranges, going down to +-32KB for
TBZ/TBNZ.  The MacroAssembler is augmented to handle branches to targets that
may exceed the immediate range of instructions.

When branching backward to a label exceeding the instruction range, the
MacroAssembler can simply tweak the generated code to use an unconditional
branch with a longer range. For example instead of
    B(cond, &label);
the MacroAssembler can generate:
    b(InvertCondition(cond), &done);
    b(&label);
    bind(&done);

Since the target is not known when the branch is emitted, forward branches uses
a different mechanism. The MacroAssembler keeps track of forward branches to
unbound labels. When the code generation approaches the end of the range of a
branch, a veneer is generated for the branch.

BUG=v8:3148
LOG=Y
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/169893002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 13:15:32 +00:00
danno@chromium.org
000878d995 A64: fix cctest/test-code-stubs-a64/ConvertDToI.
R=danno@google.com

Review URL: https://codereview.chromium.org/169863002

Patch from Ulan Degenbaev <ulan@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 17:37:55 +00:00
danno@chromium.org
bedf702bcb Revert r19403: "A64: Tidy up Push and Pop TODOs."
Causes a64 debug asserts

TBR=jacob.bramley@arm.com,ulan@chromium.org

Review URL: https://codereview.chromium.org/169303007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 16:08:44 +00:00
dcarney@chromium.org
98d9db7ab3 build fix for 19415
TBR=jochen@chromium.org

BUG=

Review URL: https://codereview.chromium.org/169793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:46:29 +00:00
marja@chromium.org
73c4a61848 (Pre)Parser: Simplify NewExpression handling (fixed).
Notes:
- We use simple recursion to keep track of how many "new" operators we have seen
  and where.
- This makes the self-baked stack class PositionStack in parser.cc unnecessary.
- Now the logic is also unified between Parser and PreParser.
- This is a fixed version of r19386.

R=ulan@chromium.org
BUG=v8:3126
LOG=N

Review URL: https://codereview.chromium.org/168583008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19417 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:40:51 +00:00
alph@chromium.org
429ce41f4b Make a single HeapEntry per single JSArrayBuffer data in heap snapshot.
It turned out that JSArrayBuffer's may share their backing_store so
the backing_store should go through hash map registration just like
other heap objects, so they won't be reported twice.

BUG=341741
LOG=N
R=dslomov@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/166993002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:24:39 +00:00
dcarney@chromium.org
44b1aa4ea8 make a64 compile on mavericks - part 1
R=jochen@chromium.org

BUG=

Review URL: https://codereview.chromium.org/169523005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19415 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:20:54 +00:00
rmcilroy@chromium.org
f6e95dc928 A64 support for DoubleToIStub (truncating).
Added support for truncating DoubleToIStub and reorganize the macro-assembler
dToI operations to do the fast-path inline and the slow path by calling the
stub.

This a port essentially a port of https://codereview.chromium.org/23129003/.

R=jacob.bramley@arm.com, ulan@chromium.org

Review URL: https://codereview.chromium.org/160423002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19414 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:09:46 +00:00
mvstanton@chromium.org
8bcdbc354f Revert "Add a premonomorphic state to the call target cache."
This reverts commit r19402

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/169713002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19412 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 14:22:18 +00:00
jacob.bramley@arm.com
1634631ae4 A64: Tidy up Push and Pop TODOs.
This addresses several TODOs:
  - Push and Pop requests can be queued up so that arrays of Registers
    can be pushed efficiently, with just one PrepareForPush/Pop.
  - PushMultipleTimes now takes an Operand. This allows variable-length
    arguments arrays to be initialized, for example.
  - A NoUseRealAbortsScope has been added to Abort so that
    AssertStackConsistency can be called from PrepareForPush without
    introducing infinite recursion.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/169533002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 12:08:06 +00:00
mvstanton@chromium.org
be731e6c95 Add a premonomorphic state to the call target cache.
From a CL by kasperl: https://codereview.chromium.org/162903004/

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/163413003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 11:59:45 +00:00
marja@chromium.org
0323bf9cd7 Revert "(Pre)Parser: Simplify NewExpression handling."
This reverts revision 19386.

Reason: Mozilla failures.

BUG=
TBR=ulan@chromium.org,marja@chromium.org

Review URL: https://codereview.chromium.org/164183006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 16:08:14 +00:00
marja@chromium.org
c532977da3 (Pre)Parser: Simplify NewExpression handling.
Notes:
- We use simple recursion to keep track of how many "new" operators we have seen
  and where.
- This makes the self-baked stack class PositionStack in parser.cc unnecessary.
- Now the logic is also unified between Parser and PreParser.
- It might have been a copy-paste artifact (ParseLeftHandSideExpression ->
  ParseMemberWithNewPrefixesExpression) that the logic was so complicated
  before.

R=ulan@chromium.org
BUG=v8:3126
LOG=N

Review URL: https://codereview.chromium.org/166943002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 15:33:10 +00:00
dcarney@chromium.org
0c844cc590 api accessor store ics should return passed value
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/166653003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19380 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 14:13:06 +00:00
marja@chromium.org
cd50687b41 (Pre)Parser: Move ParsePrimaryExpression to ParserBase.
Notes:
- To be able to move the recursive descent functions to ParserBase one at a
time, we temporarily need routing functions from traits to Parser/PreParser,
since the recursive descent functions form a cyclic structure.
- PreParser used to always allow intrinsic syntax. After this CL, it depends on
allow_natives_syntax() which was already in ParserBase.
- This CL also decouples (Pre)ParserTraits better from (Pre)Parser, passing more
information as parameters, so that the Traits don't need to get it from
(Pre)Parser.
R=ulan@chromium.org
BUG=v8:3126
LOG=N

Review URL: https://codereview.chromium.org/163333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 11:24:26 +00:00
alph@chromium.org
4aabb8aeec Count ArrayBuffer's backing_store memory in heap snapshot.
BUG=341741
LOG=N
R=dslomov@chromium.org, loislo@chromium.org

Review URL: https://codereview.chromium.org/163593002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19356 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 15:31:39 +00:00
ulan@chromium.org
01b275d989 Enable test-api/SetFunctionEntryHook for a64. It was fixed in r19297.
BUG=v8:3153
LOG=N
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/163243003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19352 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 10:56:10 +00:00
bmeurer@chromium.org
42c57ea94b Allow map check hoisting in GVN for stable maps.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/163263002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 10:47:00 +00:00
yangguo@chromium.org
fb22b7b05e Internalize string keys in Keyed{Store,Load}IC.
R=jkummerow@chromium.org
BUG=v8:3144
LOG=N

Review URL: https://codereview.chromium.org/162983003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19345 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 08:43:53 +00:00