AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jochen@chromium.org	163044e7ba	Revert 20348 - "Fix LoadFieldByIndex to take mutable heap-numbers into account." Reason for revert: crashes benchmarks/sunspider/string-fasta on ia32.debug This also reverts r20350 and r20352 > Fix LoadFieldByIndex to take mutable heap-numbers into account. > > BUG= > R=ishell@chromium.org > > Review URL: https://codereview.chromium.org/213213002 BUG=none LOG=n TBR=verwaest@chromium.org Revert "Use sarq on x64" This reverts commit e2a8ef9321345c6bc091054443bf2b9535ff6b1c. Revert "Don't \| int and bool" This reverts commit c90d713d3a8ceba4fec41933a63beb6e50a3d7c0. Review URL: https://codereview.chromium.org/219393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 13:23:32 +00:00
jochen@chromium.org	b7039334ae	Revert 20313 - "Ship promises and weak collections" > R=mstarzinger@chromium.org > BUG= > > Committed: https://code.google.com/p/v8/source/detail?r=20211 > > Review URL: https://codereview.chromium.org/206163004 R=rossberg@chromium.org TBR=rossberg@chromium.org LOG=y BUG=n Review URL: https://codereview.chromium.org/219303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 12:40:32 +00:00
verwaest@chromium.org	55a6318560	Fix LoadFieldByIndex to take mutable heap-numbers into account. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/213213002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 11:59:29 +00:00
jarin@chromium.org	d65fe51ca0	Add missing lazy deopt point for the TransitionElementsKind instruction. R=mvstanton@chromium.org, yangguo@chromium.org BUG=357105 TEST=test/mjsunit/regress/regress-357105.js LOG=N Review URL: https://codereview.chromium.org/216963002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 11:58:53 +00:00
jarin@chromium.org	9e655afdb4	Reland "Fix property enum cache creation to include only own properties" Reland r20308 (reverted by r20310). TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/216383003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 06:59:20 +00:00
adamk@chromium.org	c2bbd9f9e2	Don't pass the hole to SetElement when creating Array.observe change records Also added comments to remind us why we were using the hole here in the first place (it's used for the case where Object.observe, rather than Array.observe, has been called on Array that's undergoing truncation). BUG=356589 LOG=N R=rossberg@chromium.org Review URL: https://codereview.chromium.org/213823002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20316 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 18:29:07 +00:00
rossberg@chromium.org	826cf64fd3	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Committed: https://code.google.com/p/v8/source/detail?r=20211 Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:42:34 +00:00
jarin@chromium.org	af74f1206e	Revert "Fix property enum cache creation to include only own properties" This reverts commit 4cf47a20b4846cf050ea4844433e9c57654da34e. BUG= Review URL: https://codereview.chromium.org/214893002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:18:42 +00:00
jarin@chromium.org	4608bdeccc	With this fix, we only create the enum cache for own property descriptors (originally we cached all descriptors in the map). The problem was that the size of all descriptors could be trimmed during GC triggered by allocating the storage for the cache, so we could have ended up with a wrong storage size. This is really Toon's fix, I have only created a small repro case. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/212673011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 15:33:06 +00:00
dslomov@chromium.org	4cdfb46a6d	Fix JSObject::SetElement for fixed typed array elements. R=ulan@chromium.org BUG=357108 LOG=N Review URL: https://codereview.chromium.org/214543003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 12:54:26 +00:00
svenpanne@chromium.org	fe58e3d7b8	Removed 'executable' bits from mjsunit tests. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/214413006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 12:32:27 +00:00
jarin@chromium.org	10606aa756	Fix missing representation for the result of HIsSmiAndBranch. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/211273010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20280 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 13:14:08 +00:00
dslomov@chromium.org	f66af4feb4	Refactor optimized in hydrogen only runtime functions. This splits all runtime function into 3 categories: 1) RUNTIME: implemented in runtime and called from both full and optimized code. 2) RUNTIME_HIDDEN: implemented in runtime, never called directly from JS builtins. 3) INLINE: inlined in both full and optimized code 4) INLINE_OPTIMIZED: inlined in optimized code, implemented in runtime for full code. R=yangguo@chromium.org, yannguo@chromium.org Review URL: https://codereview.chromium.org/209353006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:26:55 +00:00
verwaest@chromium.org	c432f7166c	Don't convert dictionary sloppy arguments to fast double mode. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/207683006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:14:58 +00:00
ulan@chromium.org	cb0f49c18a	Add index check in DoAccessArgumentsAt. BUG=355523 LOG=N TEST=mjsunit/regress/regress-355523 R=jarin@chromium.org Review URL: https://codereview.chromium.org/210053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 13:26:41 +00:00
rossberg@chromium.org	2e1b16de2a	Revert "Ship promises and weak collections" Reason: breaks Blink layout tests. R=machenbach@chromium.org BUG= Review URL: https://codereview.chromium.org/210853003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 10:57:52 +00:00
yangguo@chromium.org	793d4cb0b6	Fix issues when changing FLAG_concurrent_recompilation after init. R=jarin@chromium.org BUG=356053 LOG=N Review URL: https://codereview.chromium.org/210363005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:38:48 +00:00
jarin@chromium.org	b765d3cdb9	Revert the (wrong) fix of the argument index check asserion. R=ishell@chromium.org BUG= Review URL: https://codereview.chromium.org/208423017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 21:32:19 +00:00
jarin@chromium.org	56f2006605	Fix to get around an assertion that triggers when generating code that happens to be dead because the assertion is checked a bit earlier at runtime. R=ishell@chromium.org BUG=355486 LOG=N Review URL: https://codereview.chromium.org/201573011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 20:51:36 +00:00
rossberg@chromium.org	33be68c2fa	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:59:04 +00:00
verwaest@chromium.org	e18e650582	Ensure the constant operand for heap-object store-named-field is not a smi. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/210193002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:25:48 +00:00
yangguo@chromium.org	9c0f5be8d1	Correctly convert micro-sign to its upper case. R=dcarney@chromium.org BUG=355485 LOG=N Review URL: https://codereview.chromium.org/209323007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20197 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 14:16:14 +00:00
ulan@chromium.org	fc2563f108	Visit return statement of inlined function in value context. BUG=354357 LOG=N TEST=mjsunit/regress/regress-354357.js R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/206413005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 12:14:44 +00:00
ulan@chromium.org	f20a9473f3	Ensure that lazy deopt sequence does not override calls. BUG=354433 LOG=N TEST=mjsunit/regress/regress-354433.js R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/198463006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 11:02:15 +00:00
jkummerow@chromium.org	2b722b663e	Fix polymorphic hydrogen handling of SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:354391 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/206073008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 16:25:24 +00:00
yangguo@chromium.org	c9d391d87f	Fix assertions wrt concurrent OSR. R=ulan@chromium.org Review URL: https://codereview.chromium.org/206473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 15:23:31 +00:00
ulan@chromium.org	41eab25615	A64: Fix write barrier input in KeyedStoreIC::GenerateSloppyArguments. This fixes flaky crashes in gc-stress bot: > Fatal error in ../src/incremental-marking.cc, line 84 > CHECK(obj->IsHeapObject()) failed BUG=353551 LOG=N TEST=test/mjsunit/regress/regress-353551.js R=m.m.capewell@googlemail.com Review URL: https://codereview.chromium.org/204453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 08:32:58 +00:00
jkummerow@chromium.org	d9b6b6439d	Fix polymorphic keyed loads for SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:350867 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/203303010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-19 15:49:29 +00:00
ulan@chromium.org	487ca9e384	Fix TransitionElementsKindStub to handle non-JSArray objects correctly. BUG=352982 LOG=N TEST=mjsunit/regress/regress-352982.js R=danno@chromium.org Review URL: https://codereview.chromium.org/196343023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 13:29:29 +00:00
dslomov@chromium.org	6c01c3fd56	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Committed: https://code.google.com/p/v8/source/detail?r=20020 Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:55:29 +00:00
dslomov@chromium.org	a6224272fd	Revert "Apply numeric casts correctly in typed arrays and related code." This reverts commit r20020 for breaking Win64 build. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/199523006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20021 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:50:00 +00:00
dslomov@chromium.org	849187eab0	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:23:50 +00:00
rossberg@chromium.org	58d623f228	Stage ES6 promises and weak collections Split collections flag into weak and non-weak. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/201593004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 09:57:14 +00:00
verwaest@chromium.org	5aaa513630	Don't generate keyed store ICs for global proxies. BUG=352983 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/197873025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 17:19:39 +00:00
ulan@chromium.org	e1e4071cbc	Fix date cache in strict mode. BUG=v8:3220 LOG=N TEST=mjsunit/regress/regress-3220.js R=rossberg@chromium.org Review URL: https://codereview.chromium.org/201753002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:47:58 +00:00
ishell@chromium.org	3b257c35e5	Fixed spec violation of storing to length of a frozen object. BUG=chromium:350890 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/196653015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:43:33 +00:00
jkummerow@chromium.org	e4a18df7d1	Fix ASSERT violation when BinaryOpIC::Transition recurses into itself BUG=chromium:352586 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/201313002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 14:51:31 +00:00
rossberg@chromium.org	c3c185c173	Make invalid LHSs a parse-time (reference) error This is required by the spec. It also prevents crashes resulting from the attempt to read type feedback for the RHS of an invalid assignment which full codegen never actually allocated info for. To do: check properly in preparser already. R=marja@chromium.org, mstarzinger@chromium.org BUG=351658 LOG=Y Review URL: https://codereview.chromium.org/200473003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 10:21:01 +00:00
jkummerow@chromium.org	dc458525ad	Fix typo in r19923 (bounds check offset propagation) BUG=chromium:352929 LOG=n R=ulan@chromium.org Review URL: https://codereview.chromium.org/201303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:38:01 +00:00
ishell@chromium.org	f77c51b0a6	Check elimination now sets known successor branch of HCompareObjectEqAndBranch (correctness fix). BUG=chromium:352058 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/196383018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:11:38 +00:00
mvstanton@chromium.org	e3f3f6d98b	Revert "Continued fix for 351257. Reusing the feedback vector is too complex." This reverts commit r19919. TBR=bmeuer@chromium.org Review URL: https://codereview.chromium.org/196343021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 08:31:21 +00:00
verwaest@chromium.org	0f2a324c8a	Fix generalization with callbacks. BUG=352588 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/200173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 14:17:49 +00:00
mvstanton@chromium.org	11df4b8815	Fix for issue 351261. This relands the following fix: "HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included. (bug 347543)" along with additional fixes to KeyedStoreIC. BUG=351261 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/200113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:22:55 +00:00
ulan@chromium.org	2c99cba38b	Propagate updated offsets in BoundsCheckBbData. BUG=350863 LOG=Y TEST=mjsunit/regress/regress-350863.js R=bmeurer@chromium.org, jkummerow@chromium.org Review URL: https://codereview.chromium.org/197823009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:02:25 +00:00
bmeurer@chromium.org	358e176d50	Add regression test for range analysis bug. BUG=v8:3204 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/200103002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:54:26 +00:00
mvstanton@chromium.org	dd28969c1c	Continued fix for 351257. Reusing the feedback vector is too complex. Attempting to re-use the type feedback vector stored in the SharedFunctionInfo turns out to be difficult among the various cases. It will be much easier to do this when deferred type feedback processing is removed, as is in the works. Created bug v8:3212 to track re-introducing the optimization of reusing the type vector on recompile before optimization. The CL also brings back the type vector on the SharedFunctionInfo. BUG=351257 LOG=Y R=bmeurer@chromium.org, bmeuer@chromium.org Review URL: https://codereview.chromium.org/199973004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:28:37 +00:00
yangguo@chromium.org	0f71a24f3a	Correctly retain argument value when deopting from Math.round on x64. R=jkummerow@chromium.org BUG=351624 LOG=N Review URL: https://codereview.chromium.org/199013002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 13:57:21 +00:00
ulan@chromium.org	c64b78f6da	Check that constant is an integer before getting its value in HGraphBuilder::MatchRotateRight. BUG=351263 LOG=N TEST=mjsunit/regress/regress-351263 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/197803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 11:50:50 +00:00
svenpanne@chromium.org	390d3a0b15	Make translation of modulus operation '--stress-opt'-proof. Note that we unconditionally deopt later, anyway, but our compilation pipeline has to survive long enough to reach that place. :-/ LOG=y BUG=352059 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/198833002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 09:37:16 +00:00
jarin@chromium.org	713aa33f2a	Fix of argument materialization of captured heap numbers. The escape analysis calculates the number of slots in an object as no-of-slots = object-size / pointer-size. This gives 3 slots for heap numbers on 32-bit architectures (one slot for the map, two for the double value); however, my argument materialization code assumed just two slots (map + value). Since Hydrogen allocates heap numbers quite rarely, it is hard to produce a more meaningful repro than the one provided by Clusterfuzz. Any suggestions are welcome. The fix is simple - we just read out all extra slots (beyond the map and the double) for heap numbers. R=mstarzinger@chromium.org BUG=351315 LOG=N Review URL: https://codereview.chromium.org/196283004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 07:17:37 +00:00

1 2 3 4 5 ...

960 Commits