erikcorry@chromium.org
3727a10d20
Use WeakCell to handle the script wrapper cache
...
The script wrapper cache used the API weak handles to provide a weak link from Script to ScriptWrapper. We want to change the way API weakness works, and in this context it's best to get rid of users of the API that don't need to be users.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/659513003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-15 10:11:08 +00:00
ulan@chromium.org
dd49272c00
Weak Cells
...
Introduce an object that holds a weak reference.
Design document: http://goo.gl/9dSvvy .
BUG=
R=erik.corry@gmail.com
Review URL: https://codereview.chromium.org/640303006
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-14 14:43:45 +00:00
bmeurer@chromium.org
cb37b6c54e
[turbofan] Fix typed lowering of typed array loads/stores.
...
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/646483003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-10 08:10:29 +00:00
bmeurer@chromium.org
e3294b1f09
[turbofan] Fix lowering of typed loads/stores.
...
Only JSLoadProperty/JSStoreProperty nodes with external typed arrays can
be lowered to LoadElement/StoreElement, because lowering of non-external
typed arrays would require a map check.
TEST=cctest,unittests,mjsunit
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/631093003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-07 07:36:21 +00:00
jarin@chromium.org
f40d582cf1
Revert "[turbofan] Fix lowering of typed loads/stores."
...
This reverts commit r24386 for tanking asm.js benchmarks.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/634473002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-06 08:54:24 +00:00
bmeurer@chromium.org
5899cc8ca7
[turbofan] Fix lowering of typed loads/stores.
...
We can only access to external typed arrays; lowering of internal
typed arrays would require a map check plus eager deoptimization.
Also embed the array buffer reference directly instead of embedding
the typed array.
TEST=cctest,mjsunit,unittests
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/621863002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-02 08:38:37 +00:00
jkummerow@chromium.org
1903e560b0
Non-JSArrays must always have holey elements.
...
Drive-by cleanup: remove unused elements_kind_ field in CallNew.
BUG=chromium:416558
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/595333002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-25 08:25:25 +00:00
verwaest@chromium.org
40bbeef0ee
Make Map::Create always use the Object function, and remove the unused inobject properties
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/584943002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-19 14:59:14 +00:00
verwaest@chromium.org
e2cc4baaf3
Use the initial map of the Object function for empty object literals
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/586673002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24088 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-19 13:40:38 +00:00
mvstanton@chromium.org
9505d5b5ae
Fix gcmole warning.
...
TBR=ishell@chromium.org
Review URL: https://codereview.chromium.org/582033002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24041 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-18 13:24:02 +00:00
mvstanton@chromium.org
200095c3e7
Move state sentinels into TypeFeedbackVector.
...
These sentinels were in the wrong place, living in only tangentially related class TypeFeedbackInfo, but they codify state in the TypeFeedbackVector.
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/579153003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-18 12:31:31 +00:00
mvstanton@chromium.org
134a89b11f
Introduce TypeFeedbackVector, as FixedArray grew constrictive.
...
The TypeFeedbackVector is poised to host significant functionality. While it
remains a FixedArray under the covers, we need a place to hold logic and
definitions unique to its function.
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/581993002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-18 09:59:53 +00:00
arv@chromium.org
477b75f1cb
Arrow functions: Cleanup handling of the prototype property
...
The old code did not work correctly in case of optimizations. I
found this out when implementing concise methods and we now plumb
through the function kind so we know what kind of Map to create for
the function.
BUG=v8:2700
LOG=y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/562253002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-12 15:07:43 +00:00
arv@chromium.org
45d8e74cd6
ES6: Add support for method shorthand in object literals
...
This is governed by the harmony-object-literals flag.
BUG=v8:3516
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/477263002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-10 16:39:42 +00:00
yangguo@chromium.org
4e670fd05e
Rename ascii to one-byte where applicable.
...
R=dcarney@chromium.org , marja@chromium.org
Review URL: https://codereview.chromium.org/559913002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-10 12:38:12 +00:00
verwaest@chromium.org
5941bb4e73
Never skip access checks in the lookup iterator
...
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/536943002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-03 14:05:55 +00:00
bmeurer@chromium.org
7d0d01005c
First step to cleanup the power-of-2 mess.
...
TEST=base-unittests,cctest,mjsunit
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/528993002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-02 13:36:35 +00:00
yangguo@chromium.org
7be66cf5d7
Do not expose termination exceptions to the Exception API.
...
R=verwaest@chromium.org
BUG=403509
LOG=N
Review URL: https://codereview.chromium.org/516913003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-09-01 09:11:44 +00:00
adamk@chromium.org
71fbe7d4ec
Ensure that JSProxy::Fix gives the generated JSObject map a constructor
...
All JSObjects in V8 either have a map()->constructor() field or are
JSFunctions. JSProxy::Fix, however, was not enforcing this, and
Object.observe's use of JSObject::GetCreationContext() exposed this.
Note that this is not Object.observe-specific: the API call
v8::Object::CreationContext() also would have revealed this bug.
This patch chooses Object as a reasonable constructor to put on the
newly-fixed object's map. Note that this has no effect on the "constructor"
property in JS. In doing so, I've also tightened up the code underlying
JSProxy::Fix to only support JSObject and JSFunction as possible output
types.
BUG=405844
LOG=N
R=rossberg@chromium.org , verwaest@chromium.org
Review URL: https://codereview.chromium.org/505303004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-27 15:54:23 +00:00
bmeurer@chromium.org
90c8932596
Replace our homegrown ARRAY_SIZE() with Chrome's arraysize().
...
Our own ARRAY_SIZE() was pretty bad at error checking. If you use
arrasize() in a wrong way, the compiler will issue an error instead of
silently doing the wrong thing. The previous ARRAY_SIZE() macro is still
available as ARRAYSIZE_UNSAFE() similar to Chrome.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/501323002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23389 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-26 09:19:24 +00:00
verwaest@chromium.org
01cfeb1205
Clean up LookupIterator::Configuration naming
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/503663003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23349 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-25 11:34:43 +00:00
yangguo@chromium.org
5f5f8e6724
Make internalized string parser in JSON.parse GC-safe
...
SubStringKey::AsHandle is not GC-safe because the string backing store
may move.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/484703002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-19 08:53:38 +00:00
verwaest@chromium.org
109db3ca12
Rename the configuration flags of the LookupIterator
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/469733002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23167 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-18 14:59:04 +00:00
dslomov@chromium.org
d2fe3e68ea
Add "own" symbols support.
...
"Own" symbols are symbols that can only denote own properties of
objects.
R=hpayer@chromium.org , verwaest@chromium.org
Committed: https://code.google.com/p/v8/source/detail?r=23056
Review URL: https://codereview.chromium.org/464473002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-12 15:28:20 +00:00
dslomov@chromium.org
dc4c277589
Revert "Add "own" symbols support."
...
This reverts commit r23056 for breaking Mac x64 test.
TBR=verwaest@chromium.org
Review URL: https://codereview.chromium.org/460803003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-11 21:44:08 +00:00
dslomov@chromium.org
88f65f2c52
Add "own" symbols support.
...
"Own" symbols are symbols that can only denote own properties of
objects.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/464473002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23056 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-11 18:59:38 +00:00
yangguo@chromium.org
e566c0f4a1
Small clean up of externalizing strings.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/462643002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-11 14:04:37 +00:00
verwaest@chromium.org
d094d0fb44
Tag all prototypes as proto, except those set using __proto__
...
BUG=
R=ishell@chromium.org , yangguo@chromium.org
Review URL: https://codereview.chromium.org/450303003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23042 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-11 14:00:58 +00:00
verwaest@chromium.org
a1f3f02415
Mark as prototype only after instantiating the function
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/447293002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22979 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-07 16:14:22 +00:00
verwaest@chromium.org
356ac42def
Reland "Also mark as prototype when passing in while creating a function."
...
Skip gc-stress for test relying on stable feedback (and hence stable gc timing).
BUG=
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/441873005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22852 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-05 09:24:27 +00:00
hpayer@chromium.org
1ed9516f21
Revert "Also mark as prototype when passing in while creating a function."
...
Breaks GC stress ARM64.
TBR=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/439983002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-05 07:20:57 +00:00
verwaest@chromium.org
10881d87de
Also mark as prototype when passing in while creating a function.
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/422233010
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-04 15:23:29 +00:00
verwaest@chromium.org
f947eff31d
Keep function.prototype fast.
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/437083004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22826 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-04 15:02:07 +00:00
bmeurer@chromium.org
d07a2eb806
Rename ASSERT* to DCHECK*.
...
This way we don't clash with the ASSERT* macros
defined by GoogleTest, and we are one step closer
to being able to replace our homegrown base/ with
base/ from Chrome.
R=jochen@chromium.org , svenpanne@chromium.org
Review URL: https://codereview.chromium.org/430503007
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-04 11:34:54 +00:00
mstarzinger@chromium.org
947740a6d8
Revert "Make --always-opt also optimize toplevel code."
...
TBR=ishell@chromium.org
Review URL: https://codereview.chromium.org/429583002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-29 13:08:51 +00:00
mstarzinger@chromium.org
b8b8cbf26d
Paint the tree green after r22666.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/428903002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-29 12:57:25 +00:00
mstarzinger@chromium.org
34f5edd500
Make --always-opt also optimize toplevel code.
...
R=jacob.bramley@arm.com , titzer@chromium.org , rossberg@chromium.org
Review URL: https://codereview.chromium.org/410153002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-29 11:41:42 +00:00
ishell@chromium.org
1d51e63706
More accurate usages of Heap::AdjustLiveBytes().
...
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/424663004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-28 18:15:35 +00:00
verwaest@chromium.org
3bba0204c0
Support setting named properties on non-JSObjects.
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/407953002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-22 08:28:49 +00:00
yangguo@chromium.org
1bebc5908e
Use 0 instead of undefined for uninitialized stub key.
...
The CPU profiler looks at uninitialized code objects, which triggers an assertion.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/404113003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22507 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-21 13:51:42 +00:00
rossberg@chromium.org
8023c9f564
Implement basic code generation for arrow functions
...
Implements code generation for arrow functions by desugaring them into
a FunctionLiteral. For the moment, a normal FUNCTION_SCOPE is used, so
"this" and "arguments" behave as in normal functions. Implementing the
correct scoping rules is to be done later on.
BUG=v8:2700
LOG=
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/382893003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-21 09:58:01 +00:00
mstarzinger@chromium.org
5874bd08c0
Allow embedding of ConsString objects into code.
...
R=yangguo@chromium.org
BUG=v8:2803
LOG=N
Review URL: https://codereview.chromium.org/395713002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-15 10:51:12 +00:00
verwaest@chromium.org
6466ff39fb
Remove PropertyAttributes from SetProperty
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/390833003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22383 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-14 14:52:24 +00:00
verwaest@chromium.org
cef7b20ec0
Only create arguments-maps in the bootstrapper, remove now obsolete ValueType flag.
...
TBR=dslomov@chromium.org
BUG=
Review URL: https://codereview.chromium.org/375503008
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-07 13:27:37 +00:00
dslomov@chromium.org
7050e6fa06
Revert "Only create arguments-maps in the bootstrapper, remove now obsolete ValueType flag."
...
This reverts commit r22240 for breaking tests on Linux.
Revert "Remove SetOwnPropertyIgnoreAttribute uses from the bootstrapper"
This reverts commit r22241 for breaking tests on Linux.
TBR=verwaest@chromium.org
Review URL: https://codereview.chromium.org/371913002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-07 13:12:29 +00:00
verwaest@chromium.org
1ef7582e7e
Only create arguments-maps in the bootstrapper, remove now obsolete ValueType flag.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/358363003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-07 12:21:01 +00:00
ishell@chromium.org
2c94151e6e
Reland r22082 "Replace HeapNumber as doublebox with an explicit MutableHeapNumber."
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/334323003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 15:02:31 +00:00
verwaest@chromium.org
26eae0c429
Clean up the global object naming madness.
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/352173006
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 12:12:34 +00:00
verwaest@chromium.org
6ff2a77364
Wrap InitializeProperty around SetOwnPropertyIgnoreAttributes and switch over uses
...
This is a step in the direction of disentangling all uses of SetOwnPropertyIgnoreAttributes so we can provide a more specific implementation for those usecases, and reduce the capabilities of those clients, avoiding subtle bugs.
InitializeProperty only supports adding properties to extensible objects that do not contain the property yet. JSGlobalProxies cannot have properties themselves, so are not supported either.
BUG=
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/352813002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 13:48:57 +00:00
ishell@chromium.org
d1190c503d
Revert "Replace HeapNumber as doublebox with an explicit MutableHeapNumber."
...
This reverts commit r22082 for breaking arm64 build.
TBR=verwaest@chromium.org
Review URL: https://codereview.chromium.org/360023003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 10:19:31 +00:00