This patch makes String::WriteUtf8 replace invalid code points (i.e. unmatched
surrogates) with the unicode replacement character when REPLACE_INVALID_UTF8 is
set. This is done to avoid creating invalid UTF-8 output which can lead to
compatibility issues with software requiring valid UTF-8 inputs (e.g. the
WebSocket protocol requires valid UTF-8 and terminates connections when invalid
UTF-8 is encountered).
R=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/121173009
Patch from Felix Geisendörfer <haimuiba@gmail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When invoking a setter callback for a property using
JSObject::SetPropertyWithCallback(),the callback arguments includes
a correct pair of receiver and holder objects.
Such a pair of _possibly different_ arguments (receiver, holder) must
also be supplied when invoking the same setter callback from JITed
code, when the setter is invoked through the StoreCallbackProperty
stub.
An example where this matters are the accessor properties kept on the
global scope of Worker (i.e., properties kept on the global object
itself, and not on its prototype.) Conflating the receiver with the
holder leads to general confusion when attempting to fetch out the
wrapper object.
LOG=N
R=dcarney@chromium.org, dcarney
BUG=239669
Review URL: https://codereview.chromium.org/139263008
Patch from Sigbjorn Finne <sigbjornf@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is done similar to weak embedded objects in optimized code (r17102). The
reference from optimized code to a cell is treated weakly in marking visitors
if the cell points to a JSObject. After marking we iterate over all cells
embedded in optimized code. If a cell is not marked but its value is marked,
then we revive the cell by marking it. Otherwise, the cell value is dead, so
we mark the code for deoptimization.
BUG=v8:2073
TEST=cctest/test-heap/CellsInOptimizedCodeAreWeak
LOG=Y
R=hpayer@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/117483002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In Runtime_GetLocalPropertyNames(), the hidden prototypes of an object
are also consulted when deriving the property name set. However, if
given a function object and its template was inherited from the
template of one of its hidden prototypes, that hidden prototype's
property accessors will be present on the object already. Unwanted
duplicates will therefore appear.
Hence, go through the property names that the hidden prototypes
contribute and remove any already occurring ones.
Assumed to be a rare constellation, so the cost of this extra pass is
considered acceptable.
LOG=N
R=dcarney@chromium.org, jochen@chromium.org, rossberg@chromium.org
BUG=269562
Review URL: https://codereview.chromium.org/116533003
Patch from Sigbjorn Finne <sof@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18448 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This patch contains contributions from the following members of the
BlackBerry Web Technologies team:
Eli Fidler <efidler@blackberry.com>
Konrad Piascik <kpiascik@blackberry.com>
Jeff Rogers <jrogers@blackberry.com>
Cosmin Truta <ctruta@blackberry.com>
Peter Wang <peter.wang@torchmobile.com.cn>
Xiaobo Wang <xiaobwang@blackberry.com>
Ming Xie <mxie@blackberry.com>
Leo Yang <leoyang@blackberry.com>
R=bmeurer@chromium.org, jkummerow@chromium.org
Review URL: https://codereview.chromium.org/61153009
Patch from Cosmin Truta <ctruta@blackberry.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18430 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
It's of much use when information about function calls is shown on the Events timeline in DevTools: instead of referencing to v8natives.js where bound functions are created, we'll be able to show real function data (name, resource, script line and column numbers) retrieved from original functions.
BUG=None
LOG=Y
R=yangguo@chromium.org, yurys@chromium.org
Review URL: https://codereview.chromium.org/106763002
Patch from Alexandra Mikhaylova <amikhaylova@google.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The test was broken. V8 currently does not correctly lookup NativeDataProperty accessors attached to the PrototypeTemplate of FunctionTemplate (Issue 3066). As the result while(obj.shouldContinue) loop was immediately exiting and the test would terminate while RequestInterruptTestBase::InterruptThread would be still starting up. As the result later InterruptThread would try to access members of the test object which was destroyed.
The test was fixed:
- instead of attaching accessor to PrototypeTemplate we attach it to InstanceTemplate;
- an assertion was added to verify that we completed the test successfully due to interruptor firing not due to sporadic loop termination due to some unrelated bug.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/109653010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18391 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
We don't use the worker pool yet, however, there are tests. Yay. The
next step is to use the worker pool for parallel sweeping.
I've also started to move the platform related files into a sub
directory. The goal is to eventually build all the platform stuff as
a separate library which is used by d8 and cctest (and other embedders
that wish to use the default implementation) but not by chromium.
BUG=v8:3015
R=hpayer@chromium.org, svenpanne@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/104583003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18380 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Introduce API to temporarily interrupt long running JavaScript code.
It is different from termination API as interrupted JavaScript will continue to execute normally when registered InterruptCallback returns.
/**
* Request V8 to interrupt long running JavaScript code and invoke
* the given |callback| passing the given |data| to it. After |callback|
* returns control will be returned to the JavaScript code.
* At any given moment V8 can remember only a single callback for the very
* last interrupt request.
* Can be called from another thread without acquiring a |Locker|.
* Registered |callback| must not reenter interrupted Isolate.
*/
void RequestInterrupt(InterruptCallback callback, void* data);
/**
* Clear interrupt request created by |RequestInterrupt|.
* Can be called from another thread without acquiring a |Locker|.
*/
void ClearInterrupt();
Fix Hydrogen SCE pass to avoid eliminating stack guards too aggressively. Only normal JavaScript functions are guaranteed to have stack guard in the prologue. If function is a builtin or has a custom call IC it will lack one.
Changes from r18363:
- includes r18364 to fix compilation errors: removes debugging only code;
- makes interrupiton related tests not threaded, because they rely on having exclusive access to the V8 instance and the fact that they can only interrupt themselves, if they are interrupted from the outside they break;
- changes HasStackCheck predicate used during SCE pass to avoid handles dereference to make SCE compatible with parallel recompilation.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/104823008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
It is different from termination API as interrupted JavaScript will continue to execute normally when registered InterruptCallback returns.
/**
* Request V8 to interrupt long running JavaScript code and invoke
* the given |callback| passing the given |data| to it. After |callback|
* returns control will be returned to the JavaScript code.
* At any given moment V8 can remember only a single callback for the very
* last interrupt request.
* Can be called from another thread without acquiring a |Locker|.
* Registered |callback| must not reenter interrupted Isolate.
*/
void RequestInterrupt(InterruptCallback callback, void* data);
/**
* Clear interrupt request created by |RequestInterrupt|.
* Can be called from another thread without acquiring a |Locker|.
*/
void ClearInterrupt();
Fix Hydrogen SCE pass to avoid eliminating stack guards too aggressively. Only normal JavaScript functions are guaranteed to have stack guard in the prologue. If function is a builtin or has a custom call IC it will lack one.
BUG=
R=danno@chromium.org, dcarney@chromium.org
Review URL: https://codereview.chromium.org/102063004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
All methods for accessing collected profiles by index are deprecated. The indexed storage may well be implemented by the embedder should he need it. CpuProfiler's responsibility is just to create CpuProfile object that contains all collected data and whose lifetime can be managed by the embedder.
BUG=chromium:327298
LOG=Y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/117353002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Up till now, external strings may be tracked in the string table
(for internalized strings) or the external string table, depending
on in which order internalize and externalize happened.
The internalized string table should not have to deal with external
strings, all of which should be tracked by the external string table.
R=svenpanne@chromium.org
BUG=326489
LOG=N
Review URL: https://codereview.chromium.org/103663006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Made operator* return reference to the raw type, not pointer. New method 'get()' should be used when raw pointer is needed.
Also removed useless inline modifier from the SmaprtPointer methods and added const modifier to the methods that don't change smart pointer.
Made ~SmartPointerBase protected to avoid accidental calls of the non-virtual base class's destructor.
drive-by: fixed use after free in src/factory.cc
BUG=None
LOG=N
R=alph@chromium.org, svenpanne@chromium.org
Review URL: https://codereview.chromium.org/101763003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The test in question (test-debug/LiveEditEnabled) is expected to fail, and it
failed, but because of the wrong reason (the test asserts that the default
isolate is not initialized, SetLiveEditEnabled initialized the default
isolate because it doesn't get one as param). Now it fails because of the right
reason.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/99043004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Heap allocation reported to AllocationTracker may be later divided into several objects so it is incorrect to put the block as a new HeapObject into the map. We will match allocated block with actual HeapObjects later when iterating Heap (will be addressed in another patch). Since the objects are not assigned an id immediately after creation we need to call FindOrAddEntry when finding id for SharedFunctionInfo during stack crawling.
Removed hooks for tracking creation of AllocationMemento. AllocationMemento is not a HeapObject and should be considered as implementation overhead.
Renamed NewObjectEvent to AllocationEvent which is more precise in case of folded allocations and when a part of the new block becomes AllocationMemento.
BUG=None
LOG=N
R=loislo@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/95283003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
code. By the time we optimize the code, we'll be able to decide on new or old
space based on the number of surviving objects after one or more gcs.
The mechanism is a "memento" placed behind objects in the heap. It's currently
done for array and object literals, with plans to use mementos for constructed
objects as well (in a later CL).
The feature is behind the flag allocation_site_pretenuring, currently off.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/40063002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18104 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This removes tons of architecture-specific code and makes it easy to
experiment with other pseudo-RNG algorithms. The crankshafted code is
extremely good, keeping all things unboxed and doing only minimal
checks, so it is basically equivalent to the handwritten code.
When benchmarks are run without parallel recompilation, we get a few
percent regression on SunSpider's string-validate-input and
string-base64, but these benchmarks run so fast that the overall
SunSpider score is hardly affected and within the usual jitter. Note
that these benchmarks actually run even faster when we don't
crankshaft at all on the main thread (the regression is not caused by
bad code, it is caused by Crankshaft needing a few hundred microsecond
for compilation of a trivial function). Luckily, when parallel
recompilation is enabled, i.e. in the browser, we see no regression at
all!
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/68723002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17955 ce2b1a6d-e550-0410-aec6-3dcde31c8c00