AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9,150 Commits 1 Branch 0 Tags 839 MiB
1007696cdb
Commit Graph

499 Commits

Author SHA1 Message Date
danno@chromium.org
ed5d288ac1 Adjust stack limit again to avoid overflow on 64 bit windows 
Also add additional stack check.

R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10006010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11238 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-05 14:01:39 +00:00
ulan@chromium.org
3861063018 Check for NaN in inlined versions of Math.min, Math.max. 
R=danno@chromium.org
BUG=V8:2056
TEST=mjsunit/regress/regress-2056.js

Review URL: https://chromiumcodereview.appspot.com/10006008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11237 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-05 13:24:52 +00:00
danno@chromium.org
3c6f5774d2 Fix stack overflows on Windows x64. 
R=mstarzinger@chromium.org
TEST=win 64 not red anymore

Review URL: https://chromiumcodereview.appspot.com/10008005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-05 12:32:35 +00:00
danno@chromium.org
7bd1274baa Rollback 11231: Add regression test case for issue 2025. 
TBR=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10006006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-05 08:35:32 +00:00
danno@chromium.org
db34072379 Add regression test case for issue 2025. 
R=ulan@chromium.org
BUG=v8:2056
TEST=test/mjsunit/regress/regress-2056.js

Review URL: https://chromiumcodereview.appspot.com/10006004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-05 08:08:05 +00:00
mstarzinger@chromium.org
47aa3254c2 Fix rewriter to not treat throw as an expression. 
Now we can correctly optimize top level code that contains a throw (or
return) as it's last statement.

R=ulan@chromium.org
BUG=v8:2054
TEST=mjsunit/regress/regress-2054

Review URL: https://chromiumcodereview.appspot.com/9969146

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-04 13:41:05 +00:00
mstarzinger@chromium.org
7b59b1d5ac Fix array boilerplate object transitioning. 
Array literal boilerplate objects can be transitioned while existing
un-transitioned clones are still being populated. This adds a check that
prevents us from performing the same transition twice.

R=danno@chromium.org
BUG=v8:2055
TEST=mjsunit/regress/regress-2055

Review URL: https://chromiumcodereview.appspot.com/9950095

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-03 16:54:28 +00:00
danno@chromium.org
8dc9bc962f Don't crash on stack overflow entering the debugger. 
R=ager@chromium.org, sgjesse@chromium.org
BUG=chromium:119429
TEST= test/mjsunit/regress/regress-119429.js

Review URL: https://chromiumcodereview.appspot.com/9965101

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-03 13:45:56 +00:00
danno@chromium.org
d9437722da Properly support shrinking arrays in CopyDictionaryToObjectElements. 
R=mstarzinger@chromium.org
BUG=chromium:121407
TEST=test/mjsunit/regress/regress-121407.js

Review URL: https://chromiumcodereview.appspot.com/9968056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11214 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-03 08:13:59 +00:00
mstarzinger@chromium.org
5798bc27aa Fix hidden properties to ignore [[Extensible]]. 
The [[Extensible]] property prevented the very first hidden property
from being added. If any hidden property was added to the object before
preventing extension, adding subsequent hidden properties would have
succeed however.

R=svenpanne@chromium.org
BUG=v8:2034
TEST=mjsunit/regress/regress-2034

Review URL: https://chromiumcodereview.appspot.com/9844025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-02 08:26:30 +00:00
vegorov@chromium.org
8360ec877e Ensure that arguments object is materialized when deoptimizing from inlined function. 
Lithium translation rebuilds hydrogen environments from scratch so we have to ensure that arguments object is correctly bound on function entry otherwise deoptimization will not materialize it.

This fix was implemented as part of r11109 and then reverted.

R=danno@chromium.org
BUG=v8:2045
TEST=test/mjsunit/regress/regress-2045.js

Review URL: https://chromiumcodereview.appspot.com/9963008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-30 13:22:39 +00:00
mstarzinger@chromium.org
552393c383 Add missing regression test for r11173. 
R=svenpanne@chromium.org
BUG=chromium:12009
TEST=mjsunit/regress/regress-120099

Review URL: https://chromiumcodereview.appspot.com/9873027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-28 15:17:14 +00:00
mstarzinger@chromium.org
057371da13 Fix polymorphic load on named fields. 
This fixes polymorphic loads to correctly compare in-object offsets
instead of indices, because indices might coincide even though the
actual slot is different because of different instance sizes.

R=danno@chromium.org
BUG=v8:2030
TEST=mjsunit/regress/regress-2030,mjsunit/mirror-array

Review URL: https://chromiumcodereview.appspot.com/9864028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-27 10:42:38 +00:00
erik.corry@gmail.com
6cb333cadf Fix broken test. 
Review URL: https://chromiumcodereview.appspot.com/9865019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-27 09:10:58 +00:00
erik.corry@gmail.com
bfb1e9e702 Fix edge case for case independent regexp character classes. 
http://code.google.com/p/v8/issues/detail?id=2032
Review URL: https://chromiumcodereview.appspot.com/9860029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-27 08:42:37 +00:00
ulan@chromium.org
a47d1c0714 Fix the return type of the date set methods. 
Date set methods (setMinutes, setHours, etc.) should return the time value as a number instead of JSDate.

R=jkummerow@chromium.org
TEST=test/mjsunit/regress/regress-2027.js

Review URL: https://chromiumcodereview.appspot.com/9809010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-26 10:13:03 +00:00
jkummerow@chromium.org
4e405b6945 Fix missing write barrier in CopyObjectToObjectElements. 
Passing the write barrier mode as a parameter does not make sense, as the elements kind specific copiers know best whether a write barrier is needed or not.

BUG=119926
TEST=mjsunit/regress/regress-crbug-119926
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9808111

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11134 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-25 15:16:06 +00:00
danno@chromium.org
8833c99552 Check double array bounds in HasElementImpl. 
R=jkummerow@chromium.org
BUG=chromium:119925
TEST=test/mjsunit/regress/regress-119925.js

Review URL: https://chromiumcodereview.appspot.com/9808110

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-25 14:21:51 +00:00
mstarzinger@chromium.org
79a98de9f7 Fix declarations escaping global strict eval. 
According to ES5 10.4.2(3), eval calls of strict code always require
their own lexical and variable environment. For now we just add a new
scope when we parse the strict mode directive. The clean solution would
be to always have this sope present (even for global eval calls) and
adapt variable binding to cope with that.

R=rossberg@chromium.org
BUG=v8:1624
TEST=mjsunit/regress/regress-1624,test262/S10.4.2.1_A1

Review URL: https://chromiumcodereview.appspot.com/9703021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11057 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-15 13:02:21 +00:00
mstarzinger@chromium.org
2c7f0edd48 Fix wrapping of receiver for non-strict callbacks. 
R=rossberg@chromium.org
BUG=v8:1973
TEST=mjsunit/regress/regress-1973

Review URL: https://chromiumcodereview.appspot.com/9705020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11050 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-14 17:42:19 +00:00
rossberg@chromium.org
46001aa54c Function declarations shall not overwrite read-only global properties. 
R=mstarzinger@chromium.org
BUG=115452
TEST=mjsunit/regress/regress-115452

Review URL: https://chromiumcodereview.appspot.com/9696035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-14 13:51:00 +00:00
kmillikin@chromium.org
7d6fd56fd5 Ensure there is a smi check of the receiver for global load and call ICs. 
There was a comment that, for such ICs specialized to the global object,
they were always contextual loads.  This is very brittle.  It is a
micro-optimization that relies too much on the way that things happen to
work today.

Instead, never omit the smi check because it's safer.

R=vegorov@chromium.org
BUG=117794
TEST=regress-117794.js

Review URL: https://chromiumcodereview.appspot.com/9691038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-13 11:39:30 +00:00
yangguo@chromium.org
7659beafb1 Ensure consistency of Math.sqrt on Intel platforms. 
BUG=
TEST=regress-sqrt.js

Review URL: https://chromiumcodereview.appspot.com/9690010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11012 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-12 14:56:04 +00:00
yangguo@chromium.org
13689a4f13 Set debug break slot at init of loop variable in a for loop. 
BUG=102153
TEST=regress-102153.js

Review URL: https://chromiumcodereview.appspot.com/9625011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10963 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-08 10:21:43 +00:00
yangguo@chromium.org
67540abe08 Fix compile with debuggersupport=off. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9546051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10952 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-07 10:57:36 +00:00
mstarzinger@chromium.org
8c2708de6d Fix Error.prototype.toString to throw TypeError. 
R=rossberg@chromium.org
BUG=v8:1980
TEST=mjsunit/function-call,mjsunit/regress/regress-1980

Review URL: https://chromiumcodereview.appspot.com/9568005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-05 13:57:48 +00:00
yangguo@chromium.org
f2699b66cf Revert r10908 due to flakiness and crashes. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9580007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-02 15:00:52 +00:00
yangguo@chromium.org
12f2099993 Ensure consistent result of transcendental functions. 
BUG=
TEST=regress-transcendental.js

Review URL: https://chromiumcodereview.appspot.com/9572009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10908 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-02 14:33:15 +00:00
mstarzinger@chromium.org
fb8eb04bfd Implement inlining of constructor calls. 
R=vegorov@chromium.org,kmillikin@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9304001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-28 09:05:55 +00:00
yangguo@chromium.org
32e2b0319e Update break points set with partial file name after compile. 
BUG=v8:1853

Review URL: https://chromiumcodereview.appspot.com/9460059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-27 11:52:08 +00:00
yangguo@chromium.org
baabb87dae Fix HConstant's hash function for smis on x64. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9466003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-24 10:59:12 +00:00
yangguo@chromium.org
671084074d Lazy removal of dead HValues in GVN from use lists. 
BUG=v8:1969
TEST=regress/regress-1969

Review URL: https://chromiumcodereview.appspot.com/9455011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-23 13:59:35 +00:00
vegorov@chromium.org
f5c8ac9839 On ia32 LFunctionLiteral instruction should get context from esi register instead of stack slot. 
This makes LFunctionLiteral safe even when it is used from inside inlined function.

All other architectures were implementing LFunctionLiteral correctly.

R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-inlining-function-literal-context.js

Review URL: https://chromiumcodereview.appspot.com/9425061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-21 12:10:04 +00:00
mstarzinger@chromium.org
e423637898 Fix sequence of element access in array builtins. 
R=rossberg@chromium.org
BUG=v8:1790
TEST=mjsunit/regress/regress-1790,test262/15.4.4.22-9-9

Review URL: https://chromiumcodereview.appspot.com/9419044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-17 10:06:26 +00:00
yangguo@chromium.org
cc2780403a Ensure using byte registers for byte instructions on ia32 and x64. 
BUG=v8:1945
TEST=regress-1945.js

Review URL: https://chromiumcodereview.appspot.com/9418005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-16 12:48:02 +00:00
yangguo@chromium.org
01e46b955f Initialize internal arrays with the correct map. 
BUG=v8:1878
TEST=regress-1878.js

Review URL: https://chromiumcodereview.appspot.com/9402009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-15 13:45:42 +00:00
danno@chromium.org
71cd77e22c Fix crashing bugs in store-and-grow IC for double values. 
R=jkummerow@chromium.org
BUG=chromium:113924
TEST=test/mjsunit/regress/regress-113924.js

Review URL: https://chromiumcodereview.appspot.com/9365055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-14 15:09:49 +00:00
yangguo@chromium.org
3e58827710 Fix elements transition bug related to array.concat. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9358018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 09:50:13 +00:00
lrn@chromium.org
f0a87d7c34 Fix handling of 'c: if (0) break c; else ()' where a parser optimization 
leaves a trailing ";" after removing the break.

Review URL: https://chromiumcodereview.appspot.com/9159043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 08:40:11 +00:00
ulan@chromium.org
8093e397e4 Do not ignore an empty context with extension when creating a scope object. 
Runtime_DebugEvaluate creates an empty context which is not correctly handled in FullCodeGenerator::ContextSlotOperandCheckExtensions because the corresponding scope indicates that it has no context.

BUG=crbug.com/107996
TEST=test/mjsunit/regress/regress-crbug-107996.js

Review URL: https://chromiumcodereview.appspot.com/9310027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10582 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-02 09:35:12 +00:00
mstarzinger@chromium.org
5dc4859fa4 Fix test case to correctly check expected result. 
R=vegorov@chromium.org
TEST=mjsunit/regress/regress-1229

Review URL: https://chromiumcodereview.appspot.com/9303032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-31 12:31:24 +00:00
vegorov@chromium.org
67d72eab45 When preparing heap for breakpoints make sure not to flush away non-optimized code for inlined functions. 
Debug::PrepareForBreakPoints was not fully populating active_functions list.

R=erik.corry@gmail.com
TEST=test/mjsunit/regress/regress-debug-code-recompilation.js

Review URL: https://chromiumcodereview.appspot.com/9290013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-25 15:11:59 +00:00
vegorov@chromium.org
04289e8d17 Support inlining at call-sites with mismatched number of arguments. 
Review URL: https://chromiumcodereview.appspot.com/9265004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-24 08:43:12 +00:00
vegorov@chromium.org
704c92ce95 Ensure that LRandom restores rsi after call to the C function on x64. 
R=ulan@chromium.org
BUG=http://crbug.com/110509
TEST=test/mjsunit/regress/regress-110509.js

Review URL: https://chromiumcodereview.appspot.com/9265003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-19 08:43:34 +00:00
yangguo@chromium.org
ddc0144490 Fixing issue 1898 (using HChange outside the insert-representation-changes phase). 
BUG=v8:1898
TEST=mjsunit/regress/regress-1898.js

Review URL: http://codereview.chromium.org/9190047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-13 07:48:44 +00:00
vegorov@chromium.org
c4d3a110a2 Adjust position recorded for call expressions. 
For calls of the form ident(...) record position of the identifier as the position of the call. For other calls record positions of the opening parenthesis.

This guarantees that for expressions of the form function(){}() call position will not intersect with positions recorded for function literal which is used by the debugger for scope chain resolution.

R=kmillikin@chromium.org
BUG=http://crbug.com/109195
TEST=test/mjsunit/regress/regress-109195.js

Review URL: http://codereview.chromium.org/9125001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-06 10:26:17 +00:00
danno@chromium.org
f648626eb9 Reland 10309: Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY 
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/9051014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 14:28:14 +00:00
danno@chromium.org
5d85a04472 Rollback 10309 
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8968042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 13:42:21 +00:00
danno@chromium.org
dff0e36d2d Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY 
BUG=v8:1849
TEST=test/mjsunit/regress/regress-1849.js

Review URL: http://codereview.chromium.org/8968028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 12:54:23 +00:00
danno@chromium.org
aa38094bf0 Ensure that InternalArrays remain InternalArrays regardless of how they are constructed. 
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js

Review URL: http://codereview.chromium.org/9016041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03 Avoid embedding new space objects into code objects in the lithium gap resolver. 
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js

Review URL: http://codereview.chromium.org/8960004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-23 10:39:01 +00:00
mstarzinger@chromium.org
04f0e33229 Fix handling of foreign callbacks in DefineOwnProperty. 
We use foreign callbacks to make some properties shadow internal values
but still behave as data properties from within JavaScript. This means
when a value is passed to Object.defineProperty() on such a property,
it should update the internal value instead of redefinind the property
and destroying the shadowing.

R=rossberg@chromium.org
BUG=v8:1530
TEST=mjsunit/regress/regress-1530,test262/S15.3.3.1_A4

Review URL: http://codereview.chromium.org/8996008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-20 08:49:51 +00:00
jkummerow@chromium.org
91efb313eb Fix crash in d8 when external array ctor hits stack overflow 
BUG=100859
TEST=mjsunit/regress/regress-crbug-100859

Review URL: http://codereview.chromium.org/8898021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-13 13:51:58 +00:00
vegorov@chromium.org
a457040ca6 Ensure that non-optimized code objects are not flushed for inlined functions. 
Collector was flushing them if optimized code was reachable only through the stack (not through the JSFunction object) which happens when you have a pending lazy deoptimization.

Also prevent v8::Script::New from leaking internal objects allocated by the compiler into outer HandleScope.

R=kmillikin@chromium.org
BUG=http://crbug.com/97116
TEST=test/mjsunit/regress/regress-97116.js

Review URL: http://codereview.chromium.org/8888011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-08 16:07:07 +00:00
yangguo@chromium.org
929c619101 Quickfix for DoMathPowHalf. 
TEST=regress-397.js

Review URL: http://codereview.chromium.org/8769037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-02 13:16:49 +00:00
lrn@chromium.org
ebccde15bc Don't preparse large files to find boundaries of lazy functions. 
Instead use the preparser inline to parse only the lazy function
bodies.

This is still disabled for small files.
More measurements are needed to determine if lazy-compiling small
sources is worth it.

Review URL: http://codereview.chromium.org/8662037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-25 09:36:31 +00:00
mstarzinger@chromium.org
330cd2205c Remove hidden prototype for builtin functions. 
This is a deliberate non-conformity introduced more than 2 years ago to
be compatible with JSC. The current state is that all other browsers
perform ES5 conform in that regard.

R=erik.corry@gmail.com
BUG=chromium:1717,chromium:39662
TEST=test262/15.2.3.6-4-6??,mjsunit/undeletable-functions

Review URL: http://codereview.chromium.org/8566009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-15 09:44:57 +00:00
yangguo@chromium.org
53c6077cee Fixing issue 103259. 
BUG=103259
TEST=regress-103259.js

Review URL: http://codereview.chromium.org/8498011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 14:59:40 +00:00
lrn@chromium.org
30465596e6 Make eval consider anything on the form eval(args...) a potential direct cal 
Previously we omitted all cases where the global eval property was shadowed,
even if by a variable holding the same value. ES5 requires us to treat these
as direct calls.

We still throw if calling indirect eval with a detached global object.

BUG=v8:994
TEST=mjsunit/eval.js

Review URL: http://codereview.chromium.org/8343054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-31 09:38:52 +00:00
vegorov@chromium.org
f8c2d3847f Take loop side-effects into account when collecting side-effects on the path between two blocks. 
R=fschneider@chromium.org
BUG=100409
TEST=test/mjsunit/regress/regress-100409.js

Review URL: http://codereview.chromium.org/8395002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 15:39:55 +00:00
mstarzinger@chromium.org
b3eba9e764 Fix handling of non-object receivers for array builtins. 
R=svenpanne@chromium.org
BUG=chromium:100702
TEST=mjsunit/regress/regress-100702

Review URL: http://codereview.chromium.org/8347034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 09:24:37 +00:00
lrn@chromium.org
5152d2e0da Reimplement Function.prototype.bind. 
Make instanceof work correctly.

BUG=v8:893

Review URL: http://codereview.chromium.org/8199004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:44:16 +00:00
lrn@chromium.org
50ef25e0f3 Remove redundant allow-natives flag from CompilationInfo. 
Just use script being native and FLAG_allow_natives_syntax directly.

Review URL: http://codereview.chromium.org/8314018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 09:02:26 +00:00
yangguo@chromium.org
3249530ef0 Fixing issue 1757 (string slices of external strings). 
BUG=v8:1757
TEST=regress-1757.js

Review URL: http://codereview.chromium.org/8217011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 16:09:03 +00:00
kmillikin@chromium.org
fa18fdb206 Add a regression test for an already fixed issue. 
Add a regression test for Chromium issue 99167.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8222002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 10:46:27 +00:00
lrn@chromium.org
9f73eed45f Fix issue 1361 - Implement ES5 Array.prototype.toString. 
BUG=v8:1361
TEST=mjsunit/array-tostring

Review URL: http://codereview.chromium.org/8124025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-05 07:08:23 +00:00
mstarzinger@chromium.org
c034518442 Fix preparation for sorting of external arrays. 
R=rossberg@chromium.org
BUG=98773
TEST=mjsunit/regress/regress-98773

Review URL: http://codereview.chromium.org/8122020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9516 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 13:49:50 +00:00
lrn@chromium.org
4750f0c3cd Fix issue 1415 - allow surrogate pair codes in decodeURIComponent. 
Also some cleanup of uri.js.

BUG=v8:1415
TEST=mjsunit/regress/regress-1415

Review URL: http://codereview.chromium.org/8118004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 07:15:07 +00:00
lrn@chromium.org
4b385d7e8e Fix bug in x64 RegExp detecting start of string. 
Also add missing MIPS case in regexp tracer.

Fixes issues v8:1748 and v8:1746

BUG=v8:1748, v8:1746
TEST=mjsunit/regress/regress-1748.js

Review URL: http://codereview.chromium.org/8116001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-03 10:31:01 +00:00
lrn@chromium.org
165e105ec9 Check enumerability of array indices correctly in propertyIsEnumerable. 
Fix issue 1692.

BUG=v8:1692
TEST=mjsunit/regress/regress-1692

Review URL: http://codereview.chromium.org/8113001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-03 09:15:58 +00:00
lrn@chromium.org
b9d39c48b8 Make the RegExp.prototype object be a RegExp object. 
BUG=v8:1217
TEST=mjsunit/regress/regress-1217

Review URL: http://codereview.chromium.org/8041015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 08:42:01 +00:00
vegorov@chromium.org
bfd048173f Notify collector about lazily deoptimized code objects. 
All slots that were recorded on these objects during incremental marking should be ignored as they are no longer valid.

To filter such invalidated slots out during slots buffers iteration we set all markbits under the invalidated code object to 1 after the code space was swept and before slots buffers are processed.

R=erik.corry@gmail.com
BUG=v8:1713
TEST=test/mjsunit/regress/regress-1713.js

Review URL: http://codereview.chromium.org/7983045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 16:01:35 +00:00
yangguo@chromium.org
7ab81a14fa Reverting r9399. 
Review URL: http://codereview.chromium.org/7989007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 15:55:44 +00:00
yangguo@chromium.org
0c6863a1ef Set RegExp's prototype to RegExp as specified by ES5. 
BUG=v8:1217
TEST=regress-1217.js

Review URL: http://codereview.chromium.org/7995005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 15:11:12 +00:00
mstarzinger@chromium.org
873e4980db Fix transferal of marking bits on array trimming. 
R=vegorov@chromium.org
BUG=v8:1708
TEST=mjsunit/regress/regress-1708

Review URL: http://codereview.chromium.org/7979038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 13:03:22 +00:00
yangguo@chromium.org
b7cac76bae Fixed string.split: always convert non-regexp separator to string. 
BUG=v8:1711
TEST=mjsunit/regress/regress-1711.js

Review URL: http://codereview.chromium.org/7976046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 08:18:58 +00:00
yangguo@chromium.org
fdffe67205 Initialize pre-allocated fields of JSObject with undefined. 
BUG=94873

Review URL: http://codereview.chromium.org/7929001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 10:06:23 +00:00
vegorov@chromium.org
ac36cb4504 Merge experimental/gc branch to the bleeding_edge. 
Review URL: http://codereview.chromium.org/7945009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-19 18:36:47 +00:00
jkummerow@chromium.org
fcc2e65aad Change global const handling to silently ignore redeclarations 
and make window.{Infinity,NaN,undefined} read-only as per ES5

BUG=89490
TEST=mjsunit/const-redecl.js, mjsunit/undeletable-functions.js, es5conform, sputnik

Review URL: http://codereview.chromium.org/7811015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 12:00:30 +00:00
yangguo@chromium.org
48b5328bde Fixing issue 1639, debugger stops stepping outside evaluate. 
BUG=v8:1639

Review URL: http://codereview.chromium.org/7889039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 07:23:31 +00:00
keuchel@chromium.org
96de832c89 Mark variables as being accessed from any inner scope, not only function scopes 
BUG=96523
TEST=mjsunit/regress/regress-96523.js

Review URL: http://codereview.chromium.org/7890031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9281 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 13:51:29 +00:00
kmillikin@chromium.org
63bec78428 Revert "MIPS: port Remove in-loop tracking for call ICs." 
Committed incorrectly.

TBR=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7890026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 08:08:16 +00:00
kmillikin@chromium.org
f9e2922b12 MIPS: port Remove in-loop tracking for call ICs. 
port r9260 (af9cfd83).

Original commit message:
We passed this flag around in a lot of places and had differenc call
ICs based on it, but never did any real specialization based on its
value.

BUG=
TEST=

Review URL: http://codereview.chromium.org/7886028
Patch from Paul Lind <plind44@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 08:04:47 +00:00
rossberg@chromium.org
40880d3206 Fixed spurious character in test case, plus presubmit issues. 
Also addressed Slava's complaint about the personalized comment.

R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7886032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 07:30:51 +00:00
rossberg@chromium.org
28f7136ced Fix for .bind regression. 
R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7892013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 17:14:39 +00:00
yangguo@chromium.org
321bfc549f Fixing r9265: moving test case into correct location. 
Review URL: http://codereview.chromium.org/7889008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 16:11:05 +00:00
danno@chromium.org
df860eda5c Don't allow seal or element property re-definition on external arrays. 
R=ricow@chromium.org
BUG=95920
TEST=test/mjsunit/regress/regress-95920.js

Review URL: http://codereview.chromium.org/7858031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-09 14:30:00 +00:00
kmillikin@chromium.org
8b165d414f Fix a bug in abrupt exit from with or catch inside finally. 
When with or catch is nested inside finally, we were not properly restoring
the context in the stack for the finally code.  Also, as a small
optimization, restore it from the handler block instead of iteratively
unwinding contexts.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7837023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-07 09:21:44 +00:00
jkummerow@chromium.org
09c66d20ce Fix possible crash in FixedDoubleArray::Initialize() 
(this only affected ia32).

BUG=95113
TEST=mjsunit/regress/regress-95113.js passes without crashing.

Review URL: http://codereview.chromium.org/7833040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 14:07:54 +00:00
vegorov@chromium.org
d451878c91 Fix bug in Page::GetRegionMaskForSpan. 
When checking for a wrap take into account offset of the start address in the region.

BUG=http://crbug.com/94425
TEST=test/mjsunit/regress/regress-94425.js
Review URL: http://codereview.chromium.org/7779037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 11:24:48 +00:00
ricow@chromium.org
0fbf8c8854 Add regression test for issue 1215, expand regression test for issue 1447. 
Both these issues has now been closed since they are working on bleeding edge.
Review URL: http://codereview.chromium.org/7739024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 07:43:51 +00:00
yangguo@chromium.org
86a62d0da3 Added check for trailing whitespaces and corrected existing violations. 
Review URL: http://codereview.chromium.org/7826007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:28:10 +00:00
ricow@chromium.org
4e94cd8b08 Make arguments and caller always be null on native functions (fixes issue 1548 and issue 1643). 
With this change we follow Firefox, Safari has a slightly different approach where the property is just not there (at least according to GetOwnProperty). 
Review URL: http://codereview.chromium.org/7792054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:09:11 +00:00
vegorov@chromium.org
e833f91eb3 Do constant function check earlier in TryCallApply and ensure correct environment for deopt. 
R=kmillikin@chromium.org
BUG=v8:1650
TEST=test/mjsunit/regress/regress-1650.js
Review URL: http://codereview.chromium.org/7812033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 10:33:59 +00:00
fschneider@chromium.org
ffc6c7e56b Introduce local function declarations in Crankshaft and fix issue 1647. 
We have to emit code for declarations later into the body block
(and not into the start block) so that the environment contains
the correct values.

In order to capture the environment effect of the declarations
that generate code (function declarations) I inserted a separate
AST id and a HSimulate after the declarations are visited.

Also fixes handling deopt in named function expressions:
BUG=v8:1647
TEST=test/mjsunit/regress/regress-fundecl.js, test/mjsunit/regress/regress-1647.js
Review URL: http://codereview.chromium.org/7776009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-31 13:26:08 +00:00
lrn@chromium.org
d8a123169b Make regexp flag parsing stricter. 
BUG=v8:1628
TEST=mjsunit/regress/regress-219

Review URL: http://codereview.chromium.org/7624045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-19 11:02:41 +00:00
lrn@chromium.org
7939f9acf2 Make scanner handle invalid unicode escapes in identifiers correctly. 
I.e., don't just convert \u to u in identifiers (like in strings and regexps).

Also make the scanning of RegExp flags not interpret the escapes.

(Fix and reapply of r8942)

BUG=v8:1620
TEST=mjsunit/regress/regress-1620

Review URL: http://codereview.chromium.org/7677012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-18 12:47:23 +00:00
ricow@chromium.org
d9c1984fe3 Use InternalArray in Object.defineProperties to avoid issues with overwriten properties on Array.prototype 
TEST=mjsunit/regress/regress-1625
BUG=v8:1625
Review URL: http://codereview.chromium.org/7631039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-18 08:39:06 +00:00
ricow@chromium.org
7f36b52540 Revert 8942 "Make scanner not accept invalid unicode escapes in identifiers" 
This is causing webkit failures, reverting until we figure out if this is a V8 regression or wrong test expectations.
Review URL: http://codereview.chromium.org/7669017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-17 08:22:41 +00:00
lrn@chromium.org
7d17c8d5d3 Make scanner not accept invalid unicode escapes in identifiers. 
BUG=v8:1620
TEST=mjsunit/regress/regress-1620

Review URL: http://codereview.chromium.org/7663005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-16 13:31:08 +00:00