Commit Graph

1532 Commits

Author SHA1 Message Date
rossberg@chromium.org
670f947a5c Implement set trap for proxies, and revamp class hierarchy in preparation:
- Introduce a class JSReceiver, that is a common superclass of JSObject and
  JSProxy. Use JSReceiver where appropriate (probably lots of places that we
  still have to migrate, but we will find those later with proxy test suite).

- Move appropriate methods to JSReceiver class (SetProperty,
  GetPropertyAttribute, Get/SetPrototype, Lookup, and so on).

- Introduce new JSFunctionProxy subclass of JSProxy. Currently only a stub.

- Overhaul enum InstanceType:
  * Introduce FIRST/LAST_SPEC_OBJECT_TYPE that ranges over all types that
    represent JS objects, and use that consistently to check language types.
  * Rename FIRST/LAST_JS_OBJECT_TYPE and FIRST/LAST_FUNCTION_CLASS_TYPE
    to FIRST/LAST_[NON]CALLABLE_SPEC_OBJECT_TYPE for clarity.
  * Eliminate the overlap over JS_REGEXP_TYPE.
  * Also replace FIRST_JS_OBJECT with FIRST_JS_RECEIVER, but only use it where
    we exclusively talk about the internal representation type.
  * Insert JS_PROXY and JS_FUNCTION_PROXY in the appropriate places.

- Fix all checks concerning classification, especially for functions, to
  use the CALLABLE_SPEC_OBJECT range (that includes funciton proxies).

- Handle proxies in SetProperty (that was the easiest part :) ).

- A few simple test cases.

R=kmillikin@chromium.org

Review URL: http://codereview.chromium.org/6992072

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 16:38:40 +00:00
ager@chromium.org
544191e718 Update apply with arguments optimization for strict mode functions and builtins.
Do not convert to object for values for strict-mode functions and
builtins.

R=ricow@chromium.org
BUG=v8:1412
TEST=mjsunit/regress/regress-1412.js

Review URL: http://codereview.chromium.org/7096006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 10:38:41 +00:00
ager@chromium.org
a01b45df58 Fix a number of tests that incorrectly used assertUnreachable.
Our testing infrastructure uses exceptions to indicate
errors. assertUnreachable therefore throws an exception to indicate
that it was reached. Therefore, it cannot be used to check that an
exception was thrown using the pattern:

try {
  shouldThrow();
  assertUnreachable();
} catch(e) {
}

Such a test will always pass because assertUnreachable will throw an
exception if shouldThrow does not.

R=ricow@chromium.org

Review URL: http://codereview.chromium.org/7053035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 08:08:42 +00:00
ager@chromium.org
bfa2ef1f11 Fix receiver for calls to strict-mode and builtin functions that are
potentially shadowed by eval.

R=sgjesse@chromium.org
TEST=mjsunit/regress/regress-124.js

Review URL: http://codereview.chromium.org/7096004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 07:57:22 +00:00
ager@chromium.org
017935408d Reapply change to Pass undefined to JS builtins when called with
implicit receiver.

A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.

R=fschneider@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js

Review URL: http://codereview.chromium.org/7085034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 13:49:22 +00:00
ager@chromium.org
cc4a2d7e76 Fix a number of IC stubs to correctly set the call kind.
Make the call kind and call wrapper arguments explicit to force
developers to make a choice. This would have avoided the bug in the
first case.

R=fschneider@chromium.org
TEST=mjsunit/strict-mode-implicit-receiver.js

Review URL: http://codereview.chromium.org/7086029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 13:23:17 +00:00
fschneider@chromium.org
5083dec67f Fix timeout and a small bug in a regression test.
Review URL: http://codereview.chromium.org/7085031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 12:48:35 +00:00
fschneider@chromium.org
e0985887bf Simple support for const variables in Crankshaft.
The approach is to handle the common case in the optimizing
compiler and to bailout for the rare corner cases.

This is done by initializing all local const-variables with
the hole value and disallowing any use of the hole value statically.
Review URL: http://codereview.chromium.org/6026006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8104 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 11:31:41 +00:00
sandholm@chromium.org
ba229754ea Fix JSON issue with arrays.
Review URL: http://codereview.chromium.org/7089003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8100 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 10:47:38 +00:00
ricow@chromium.org
7eb6f5c1ba Correctly set the length of string before creating filler object in the json parser (fixes crbug 84186).
Testcase created based on the supplied test case from the bug report, but using json parse directly instead of through the chrome javascript console. 
Review URL: http://codereview.chromium.org/7084023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 06:04:36 +00:00
danno@chromium.org
c2394e0a71 Prevent deopt on double value assignment to typed arrays
Implement truncation of double and tagged values when assigning to an element of a typed arrays in order to avoid depots.

BUG=1313
TEST=test/mjsunit/external-array.js

Review URL: http://codereview.chromium.org/6961019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 12:07:22 +00:00
ager@chromium.org
c832c467a4 Revert "Pass undefined to JS builtins when called with implicit receiver."
Presubmit and failing test.

TBR=lrn@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7071009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8075 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 11:22:29 +00:00
kmillikin@chromium.org
f8b01f369e Add a simple test for inlining of arguments accesses.
R=whesse@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7062018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 11:17:15 +00:00
ager@chromium.org
19b718fe73 Pass undefined to JS builtins when called with implicit receiver.
A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.

R=lrn@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js

Review URL: http://codereview.chromium.org/7068009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 11:07:48 +00:00
lrn@chromium.org
02c4e8bfcb Make RegExp objects not callable.
Review URL: http://codereview.chromium.org/6930006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 07:35:09 +00:00
erik.corry@gmail.com
fbf76fc86a Fix GC-unsafe corner case in bit-not on ARM
Review URL: http://codereview.chromium.org/6987009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8055 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-25 10:35:00 +00:00
ricow@chromium.org
f675db651d Change calls to undefined property setters to not throw (fixes issue 1355).
We currently throw when there is only a getter defined on the
property, but this should only be the case in strict mode.
Review URL: http://codereview.chromium.org/7064027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-25 08:37:38 +00:00
ager@chromium.org
6f775f2fb0 Fix calls of strict mode function with an implicit receiver.
Only IA32 version for now. I'll start porting.

Strict mode functions are to get 'undefined' as the receiver when
called with an implicit receiver. Modes are bad! It forces us to have
checks on all function calls.

This change attempts to limit the cost by passing information about
whether or not a call is with an implicit or explicit receiver in ecx
as part of the calling convention. The cost is setting ecx on all
calls and checking ecx on entry to strict mode functions.

Implicit/explicit receiver state has to be maintained by ICs. Various
stubs have to not clobber ecx or save and restore it.

CallFunction stub needs to check if the receiver is implicit when it
doesn't know from the context.

Review URL: http://codereview.chromium.org/7039036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 14:01:36 +00:00
sgjesse@chromium.org
eff2946b9b Handle changes to the Object prototype in fast handling of arrays
R=ager@chromium.org

BUG=v8:1403
TEST=test/mjsunit/regress/regress-1403.js

Review URL: http://codereview.chromium.org//7067019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 12:28:10 +00:00
ricow@chromium.org
ab67432ed0 Change strict mode poison pill to be the samme type error function (fixes issue 1387).
We are now following the spec, and with regards to the error message we are following firefox (webkit still has different type errors in their nightly)
Review URL: http://codereview.chromium.org/7067017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 11:07:06 +00:00
sgjesse@chromium.org
fbd106d9cd MIPS: arch-independent changes to support mips.
This change supports all non-crankshaft features except serialization.

This must be built after the changes in http://codereview.chromium.org/6966031
are landed.

BUG=
TEST=

Review URL: http://codereview.chromium.org//7039058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 07:56:20 +00:00
danno@chromium.org
780df33019 SMI checks for receiver in KeyedLoad/Store (done right this time)
R=ager@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7059013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7998 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-23 13:42:33 +00:00
sgjesse@chromium.org
825a433900 Add regression test for issue 1401
R=ager@chromium.org

BUG=v8:1401
TEST=test/regress/regress-1401.js

Review URL: http://codereview.chromium.org//7062002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-23 13:03:45 +00:00
ager@chromium.org
98778dc802 Remove execScript from V8. No longer present i neither Firefox nor Safari.
R=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7046002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-19 08:10:27 +00:00
vegorov@chromium.org
7fba506f23 Add regression test for http://crbug.com/82769
Review URL: http://codereview.chromium.org/7034025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-18 12:46:21 +00:00
fschneider@chromium.org
66911961cf Fix bug in optimized compiler's switch-statement.
In the case where the default-clause occurs as the first clause,
the case-blocks were not wired up correctly.

BUG=v8:1394
TEST=mjsunit/compiler/regress-1394.js
Review URL: http://codereview.chromium.org/7037023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-18 11:06:07 +00:00
whesse@chromium.org
0eca2b4fc1 Fix error in postfix ++ in Crankshaft.
Add HForceRepresentation, to represent the implicit ToNumber applied to the input of a count operation.

BUG=v8:1389

TEST=

Review URL: http://codereview.chromium.org/7033008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-17 11:41:59 +00:00
danno@chromium.org
daa1be1226 Support conversion of clamped double values for pixel arrays in Crankshaft.
BUG=1313
TEST=test/mjsunit/external-array.js

Review URL: http://codereview.chromium.org/7014033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-16 14:10:56 +00:00
sgjesse@chromium.org
230a56abda Limit the number of local variables in a function
Review URL: http://codereview.chromium.org//7003030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-16 08:27:52 +00:00
ricow@chromium.org
964dbff40d Only send null or undefined as receiver for es5 natives, not generally
for builtin functions.
Review URL: http://codereview.chromium.org/7012012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-13 07:26:44 +00:00
ager@chromium.org
8a0b1f5bc9 Allow closures to be optimized if outer contexts that call eval are all in strict mode.
R=kmillikin@chromium.org
BUG=
TEST=mjsunit/compiler/eval-introduced-closure.js

Review URL: http://codereview.chromium.org/6993008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-11 11:26:11 +00:00
ricow@chromium.org
7f8a918f08 Allow strict mode flag as extraicstate for keyed external array store ic
We currently hit an assertion in computeflags, but the extra_ic_state is used to pass the strict mode flag in.

BUG: 1383
Review URL: http://codereview.chromium.org/7003022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-11 08:53:46 +00:00
jkummerow@chromium.org
944a388412 Avoid using a register for constant external array indices.
This CL is based on and obsoletes CL 6879037.

TEST=mjsunit/external-array.js

Review URL: http://codereview.chromium.org/6902112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-10 15:25:17 +00:00
jkummerow@chromium.org
1eedd8056d Fix timeout of test regress-1118.js
TEST=mjsunit/regress/regress-1118.js no longer times out when run in the ARM simulator.

Review URL: http://codereview.chromium.org/6994010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-10 15:07:30 +00:00
jkummerow@chromium.org
89c64653bf Expose optimization info via runtime functions
TEST=mjsunit/assert-opt-and-deopt.js

Review URL: http://codereview.chromium.org/6879108

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-09 08:58:57 +00:00
ager@chromium.org
0961b1a936 Check that receiver is JSObject on API calls.
R=sgjesse@chromium.org
BUG=v8:1369
TEST=mjsunit/regress/regress-1369.js

Review URL: http://codereview.chromium.org/6931056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-06 14:14:16 +00:00
karlklose@chromium.org
d43066050a Replace loops by OptimizeFunctionOnNextCall in regress-1085 and regress-1210.
Review URL: http://codereview.chromium.org/6938001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-06 09:10:28 +00:00
ricow@chromium.org
e0eb110130 Reapply 7763, including arm and x64 variants.
The only difference to revision 7763 is the implementation in the
builtins file for arm and x64, plus a move of Array.prototype.toString
and Array.prototype.toLocaleString from should throw on null or
undefined to the non generic test cases in the function-call test (due
to us not currently supporting generic cases with these to functions)
Review URL: http://codereview.chromium.org/6928007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-05 05:21:30 +00:00
ricow@chromium.org
797cbc68b7 Delete empty test/mjsunit/function-call.js file
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 14:20:19 +00:00
karlklose@chromium.org
8b917d4d96 Replace long running loops by OptimizeFunctionOnNextCall in some tests that are often timing out on ARM.
Review URL: http://codereview.chromium.org/6910022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:53:08 +00:00
ricow@chromium.org
4d890da191 Revert 7763, missing implementation on x64 and arm for call and apply with null or undefined.
Review URL: http://codereview.chromium.org/6913024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:45:19 +00:00
ricow@chromium.org
2b730c2bf6 Don't exchange null and undefined with the global object in function.prototype.{call, apply} for natives.
This makes us compatible with firefox in throwing an exception when
call is invoked on a builtin with null as the this argument.
Review URL: http://codereview.chromium.org/6902104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:19:04 +00:00
lrn@chromium.org
569574b7bf Fix implementation of == to correctly convert Date objects to primitives.
Fix issue 1356

BUG=v8:1356
TEST=mjsunit/double-equals

Review URL: http://codereview.chromium.org/6912021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7761 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 12:15:14 +00:00
lrn@chromium.org
d1411602a7 Don't allow whitespace after sign characters in parseInt.
BUG=v8:955
TEST=mjsunit/regress/regress-955

Review URL: http://codereview.chromium.org/6903171

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 07:11:17 +00:00
ager@chromium.org
ccafbca61d Use JSON.parse instead of eval for the debugger JSON protocol.
R=sgjesse@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/6903172

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7748 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-02 14:20:34 +00:00
kmillikin@chromium.org
1af840ad4c Be more discriminating about uses of the arguments object in optimized code.
Because we track the value of the arguments object, we need to check
values whenever plugged into a forbidden value context.  It is not
enough to check at only variable references as we did previously.

R=fschneider@chromium.org
BUG=1351
TEST=regress-1351.js

Review URL: http://codereview.chromium.org/6902202

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-02 11:35:51 +00:00
mmaly@chromium.org
796ac25a4f Strict mode eval declares its locals in its own environment.
BUG=
TEST=strict-mode.js

Review URL: http://codereview.chromium.org/6883200

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-29 15:31:39 +00:00
lrn@chromium.org
f470cf2777 Handle join of sparse arrays with non-empty separator more efficiently.
BUG=v8:1028

Review URL: http://codereview.chromium.org/6902144

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-29 08:53:36 +00:00
vegorov@chromium.org
1c950e04cc Fix missing writebarrier in ArraySplice builtin.
Review URL: http://codereview.chromium.org/6883227

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-28 16:03:40 +00:00
kmillikin@chromium.org
dc28280a82 Fix a bug in a corner case of direct eval detection.
The corner case is calling a function named 'eval' that is looked up at
runtime and found in a non-global context (but not an extension object).
The bug is that we used the function itself as the receiver rather than
using the global object.

R=ager@chromium.org
TEST=has been added to the eval mjsunit test

Review URL: http://codereview.chromium.org/6893057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-28 05:04:48 +00:00
jkummerow@chromium.org
bc8f6943bb Support Float64Arrays
BUG=None
TEST=mjsunit/external-arrays.js; updated cctest; existing unit tests

Review URL: http://codereview.chromium.org/6879009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-21 07:15:43 +00:00
karlklose@chromium.org
3b6fe22c4d Make throw inlineable only if the exception is inlineable.
BUG=1337
TEST=regress-1337

Review URL: http://codereview.chromium.org/6881079

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-20 09:15:52 +00:00
yurys@chromium.org
5d70a291fe Fix debuger evaluation on a breakpoint inside eval
Corresponding Chromium issue: http://code.google.com/p/chromium/issues/detail?id=74412
Review URL: http://codereview.chromium.org/6875005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 14:09:45 +00:00
lrn@chromium.org
7aec228dbb Cleanup of mjsunit.js code and make assertEquals more strict.
Encapsulate the helper functions in mjsunit.js.
Now only exposes the exception class and the assertXXX functions.

Make assertEquals use === instead of ==.
This prevents a lot of possiblefalse positives in tests, and avoids
having to do assertTrue(expected === actual) when you need it.

Fixed some tests that were either buggy or assuming == test.

Review URL: http://codereview.chromium.org/6869007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 11:35:36 +00:00
karlklose@chromium.org
dab8f48ebc ARM: Implement correct rounding in the lithium codegenerator.
This patch provides testing for values that have a fraction part of 0.5 and uses a different rounding method for them. The original method of VFPTruncating the value with round-to-nearest is not correct because it does not round to the larger number in case of a tie.

BUG=http://code.google.com/p/v8/issues/detail?id=958

Review URL: http://codereview.chromium.org/6840051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 11:29:01 +00:00
ricow@chromium.org
cfb5a7ee78 Reapply 7581, Fix tools/test.py to allow CTRL+C to work correctly again.
Buildbot now has python 2.6

Also, remove some semicolons.
Review URL: http://codereview.chromium.org/6871007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 09:41:09 +00:00
lrn@chromium.org
3bbcab1ca9 X64: Use roundsd for DoMathFloor.
TEST=mjsunit/math-floor

Review URL: http://codereview.chromium.org/6835021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-14 09:05:43 +00:00
whesse@chromium.org
98c17a2bf3 Adjust mjsunit.status to account for math-round test passing on ARM when crankshaft is disabled.
Review URL: http://codereview.chromium.org/6840013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-13 14:03:24 +00:00
fschneider@chromium.org
9783526239 Enable inlining functions containing throw.
After Kevin's change to the graph builder to allow aborting graph construction
inside arbitrary expressions this just works.

BUG=v8:1143
Review URL: http://codereview.chromium.org/6839017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7605 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-13 13:09:58 +00:00
lrn@chromium.org
caee8a3ccf Fix Math.round in runtime.cc and x64 optimized code.
Make math-round.js test check both normal and optimized version.
Add some cases to the tests.

BUG=v8:958
TEST=mjsunit/math-round

Review URL: http://codereview.chromium.org/6837018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-13 09:35:56 +00:00
jkummerow@chromium.org
1d774ac5ca Fix load/store of external float arrays on ARM
BUG=1323
TEST=mjsunit/regress/regress-1323.js, run with simulator=arm

Review URL: http://codereview.chromium.org/6822054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-12 15:20:26 +00:00
ricow@chromium.org
6baa8a2bde Revert 7581, you can't have try except finally toghetter until python 2.5
We have some 2.4 versions on the windows buildbots, I will try to have these updated and reapply.
Review URL: http://codereview.chromium.org/6821069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-12 07:46:17 +00:00
ricow@chromium.org
7c0b1af4d7 Fix tools/test.py to allow CTRL+C to work correctly again.
This also changes the AfterRun functions to allow None as the passed in parameter.
Review URL: http://codereview.chromium.org/6824040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-12 06:26:38 +00:00
jkummerow@chromium.org
ed968b1042 Introduce runtime function %OptimizeFunctionOnNextCall to manually trigger optimization.
TEST=existing unit tests still pass

Review URL: http://codereview.chromium.org/6821009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-11 13:24:50 +00:00
mmaly@chromium.org
164e3a4173 Strict mode fixes.
- mutual inlining strict and non-strict functions in crankshaft.
- assignment to undefined variable with eval in scope.
- propagation of strict mode through lazy compilation.

BUG=
TEST=test/mjsunit/strict-mode.js test/mjsunit/strict-mode-opt.js

Review URL: http://codereview.chromium.org/6814012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-08 14:30:10 +00:00
vegorov@chromium.org
8a8d3bbbee In LCodeGen::DoDeferredLInstanceOfKnownGlobal emit safepoint with registers for the call to stub.
Review URL: http://codereview.chromium.org/6793017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-07 13:32:45 +00:00
jkummerow@chromium.org
adf509f159 Make "length" and "BYTES_PER_ELEMENT" properties of typed arrays accessible.
Review URL: http://codereview.chromium.org/6805010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-07 08:24:56 +00:00
yurys@chromium.org
c2e7beb952 Debugger: show local scope before with for functions created inside with block
Review URL: http://codereview.chromium.org/6804015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-06 17:54:39 +00:00
peterhal@chromium.org
e3d788329a 1309 fix
BUG=
TEST=

Review URL: http://codereview.chromium.org/6800018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-06 16:22:06 +00:00
jkummerow@chromium.org
348a4e44f5 Add regression test for overlapping key and value registers.
Review URL: http://codereview.chromium.org/6804007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-06 11:01:07 +00:00
sgjesse@chromium.org
1244225ba8 Extend crankshaft support for global stores
All global stores are now supported in crankshaft by using the normal store IC when other optimizations are not possible due to the state of the global object.

R=fschneider@chromium.org

BUG=
TEST=

Review URL: http://codereview.chromium.org//6693066

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-04 15:03:34 +00:00
sgjesse@chromium.org
1e8079fcc9 Increase coverage of global loads in optimized code
In the cases where a global property cell cannot be used in the optimized code
use standard load ic to get the property instead of bailing out.

This is re-committing r7212 and r7215 which where reverted in r7239 with the addition of recoring the source position in the hydrogen code for the LoadGlobalCell instruction. To record that position an optional position field has been added to the variable proxy AST node.
Review URL: http://codereview.chromium.org/6758007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-01 11:54:04 +00:00
vegorov@chromium.org
ae65366f0b Fix SlotRef::SlotAddress for parameters indices.
Fix %NewObjectFromBound to correctly handle optimized frames (including those with inlined functions).

Fix %_IsConstructCall handling in hydrogen: when called from inlined function return false constant directly instead of emiting HIsConstructCall.

Fix success case in TraceInline.

BUG=v8:1229
TEST=test/mjsunit/regress/regress-1229.js

Review URL: http://codereview.chromium.org/6740023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-01 11:41:36 +00:00
ricow@chromium.org
b4bae54ef2 Decrease number of runs in mjsunit/compiler/pic.js (Test still gets optimized, even without --stress-opt)
Review URL: http://codereview.chromium.org/6731049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7414 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-29 13:20:05 +00:00
sgjesse@chromium.org
1eb224c2a2 ARM: Check for minus zero when converting binary operation result to smi
The result of an Int32 binary operation will be converted to a smi if it fits. However a minus zero check was missing.

BUG=v8:1278
TEST=test/mjsunit/regress/regress-1278.js

R=ager@chromium.org
Review URL: http://codereview.chromium.org/6755009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-29 07:43:27 +00:00
ricow@chromium.org
e0c7d3cf08 Run array-length less times to make the builder green.
We still get this method optimized even without --always-opt flag.
Review URL: http://codereview.chromium.org/6719029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-28 08:51:08 +00:00
ricow@chromium.org
fb6d7e17df Follow jsc on not throwing when trying to add a property to a non-extensible object.
This change makes us compatible with Safari on not throwing when trying to add a property to a non-extensible object. 
Review URL: http://codereview.chromium.org/6712059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-28 06:11:08 +00:00
lrn@chromium.org
40f9a7db8e Fix test that can fail for small denormals.
Review URL: http://codereview.chromium.org/6736027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7373 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-25 14:03:42 +00:00
lrn@chromium.org
1a15a9e6a9 Fix typo in math-sqrt.js
Review URL: http://codereview.chromium.org/6696109

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7372 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-25 13:48:17 +00:00
lrn@chromium.org
0c6fbad874 Add more tests to mul-exhaustive for constant left/right operands.
Make MJSUnit able to distinguish 0 and -0.

Review URL: http://codereview.chromium.org/6688062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-25 13:24:20 +00:00
fschneider@chromium.org
e6cbf659d1 Fix bug that caused invalid code motion for certain loads instructions.
The dependency flags of instructions depending on a previous check have to
be a super-set of the flags of the check instructions.
Review URL: http://codereview.chromium.org/6730025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7343 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-24 11:37:24 +00:00
ager@chromium.org
a7d44c49a5 Add regression test.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-24 11:03:08 +00:00
mmaly@chromium.org
7346fbba81 Implement poison pill for non-strict mode function.caller
when caller is strict mode function.

Review URL: http://codereview.chromium.org/6713059/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-23 03:45:48 +00:00
mikhail.naganov@gmail.com
cbbe713464 Change the way sampler / profiler handle external callbacks.
This should fix test-profile-generator/RecordStackTraceAtStartProfiling flakinness.

R=vitalyr@chromium.org
BUG=1261
TEST=test-profile-generator/RecordStackTraceAtStartProfiling

Review URL: http://codereview.chromium.org/6708056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-21 18:13:27 +00:00
ricow@chromium.org
4bb55fd341 Change cctests to use variant flags as part of the name for the serilization file.
Because we run all tests three times with different variant flags (to
test crankshaft) we might end up in a situation where we try to write
to the same serilization file from two different threads
simultaneously. The patch concats the variant flags at the end of the
serialization file name.
Review URL: http://codereview.chromium.org/6688068

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-21 12:57:25 +00:00
vitalyr@chromium.org
7976ca2cbc Merge isolates to bleeding_edge.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7271 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-18 20:35:07 +00:00
vitalyr@chromium.org
76e226f832 Revert r7268: it borked the history.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-18 19:41:05 +00:00
vitalyr@chromium.org
6ff7fdebd3 Merge isolates to bleeding_edge.
Review URL: http://codereview.chromium.org/6685088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-18 18:49:56 +00:00
mmaly@chromium.org
4cbf3478d8 Implement strict mode ThrowTypeError functions for arguments object.
* Reverse order of arguments in-object fields for length and callee.
* Introduce arguments ThrowTypeError functions (caller/callee).
* Create strict mode arguments boilerplate object.
* Strict mode "new arguments object" stub.
* Runtime arguments object allocation.
* Update es5conform test expectations.

Review URL: http://codereview.chromium.org/6698015/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 20:28:41 +00:00
mmaly@chromium.org
1d1018aec7 Strict mode ThrowTypeError functions for
- function.caller
- function.arguments

Review URL: http://codereview.chromium.org/6694044/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 20:28:17 +00:00
vitalyr@chromium.org
e26ae48786 Remove empty test/mjsunit/compiler/global-accessors.js to make lint happy.
Review URL: http://codereview.chromium.org/6712001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 16:12:13 +00:00
ricow@chromium.org
d6caa8872a Revert revisions 7215 and 7212.
This caueses line positions to be off by one in certain cases, causing webkit http/tests/inspector/console-xhr-logging to fail.
Review URL: http://codereview.chromium.org/6667077

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7239 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 14:30:48 +00:00
vegorov@chromium.org
c83f0a715e Make HDeoptimize to explicitly use environment values.
Otherwise dead phi elimination can actually remove some of the implicitly used phis.

BUG=1257
TEST=test/mjsunit/regress/regress-1257.js

Review URL: http://codereview.chromium.org/6672066

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 12:22:49 +00:00
sgjesse@chromium.org
1a6c821b05 Increase coverage of global loads in optimized code
In the cases where a global property cell cannot be used in the optimized code use standard load ic to get the property instead of bailing out.
Review URL: http://codereview.chromium.org/6665026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 08:16:12 +00:00
erik.corry@gmail.com
5ea0364a6a Fix incorrect assumption on bit-and on ARM
Review URL: http://codereview.chromium.org/6696037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 21:56:12 +00:00
ricow@chromium.org
e8ff324583 Follow Safari on not throwing when __defineGetter__ fails.
In addition, this fixes defineOwnProperty to actually not throw when
the should_throw flag is false (we had no usage of this priorly).

Review URL: http://codereview.chromium.org/6695018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 14:19:18 +00:00
ricow@chromium.org
7cb35bcfa5 Reapply 7143 after fixing issue 1250
Review URL: http://codereview.chromium.org/6698027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7175 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 12:25:13 +00:00
ager@chromium.org
6428822811 Revert "Strict mode ThrowTypeError functions for"
TBR=mmaly@chromium.org

Review URL: http://codereview.chromium.org/6696018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 11:01:21 +00:00
mmaly@chromium.org
80bd958df2 Strict mode ThrowTypeError functions for
- function.caller
- function.arguments

Review URL: http://codereview.chromium.org/6691003/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7168 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-14 17:46:37 +00:00
whesse@chromium.org
f6e1b82fd4 Fix a problem where Object.getOwnPropertyDescriptor and related functions unintentionally called toString on the values of an object's properties. Fixes issue 1233.
Review URL: http://codereview.chromium.org/6677017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 13:57:20 +00:00
ricow@chromium.org
c00631b86e Fix presubmit by deleting regress-1240 not deleted by last patch.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 09:08:52 +00:00
ricow@chromium.org
f2730d2ab8 Revert revision 7143, this causes a number of webkit tests to fail.
This includes a security test. Reverting to investigate further.

Review URL: http://codereview.chromium.org/6673019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 09:02:54 +00:00
ricow@chromium.org
fa9e57e326 Change __defineGetter__ and __defineSetter__ to respect non-configurable.
This makes us compatible with firefox. Earlier on we were somehow
compatible with safari - which will allow defining a getter even when
an existing getter is present and non-configurable. We would, however,
in addition to overwriting the getter also change configurable to
true. The approach used by firefox seems much more sound, i.e., why
should it be possible to use __defineGetter__ or __defineSetter__ to
overwrite a non-configurable getter or setter respectively.

I will file a bug on the webkit bugtracker. 

Review URL: http://codereview.chromium.org/6658037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7143 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 08:05:59 +00:00
whesse@chromium.org
b7d7aa8ad2 Fix error in sin-cos.js test introduced in r7129.
Review URL: http://codereview.chromium.org/6659034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-10 14:04:18 +00:00
whesse@chromium.org
fc8f77e398 X64 Crankshaft: Fix error in computation of sine and cosine.
Review URL: http://codereview.chromium.org/6646047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-10 13:34:23 +00:00
lrn@chromium.org
a8b41a0edd Fix bug in X64 RegExpExec stub.
Used incorrect register for referencing RegExp data, so it always failed
to match the fast case.
When modifiying the object layout, it was possible to make it crash instead.

BUG=v8:1236
TEST=test/mjsunit/regress/regress-1236.js

Review URL: http://codereview.chromium.org/6635041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-08 14:15:25 +00:00
mmaly@chromium.org
927f341d3c Strict mode arguments do not share binding with formal parameters.
Move strict mode flag from TemporaryScope to Scope so that it can be accessed from variable binding code.
Arguments do not alias in strict mode (ia32, x64 and arm, codegen and full codegen).
Hydrogen tolerates null arguments_shadow().
In codegen-<arch> arguments object is allocated eagerly to capture values before they get modified.

Review URL: http://codereview.chromium.org/6625048/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-07 19:23:46 +00:00
kmillikin@chromium.org
4a9056cbce Fix a stack-height mismatch during deoptimization.
When deoptimizing after a conditional expression in an effect context, we
should not see the value of the conditional expression.

BUG=v8:1237

Review URL: http://codereview.chromium.org/6625057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-07 17:01:12 +00:00
mmaly@chromium.org
3c51baa1ac Throw if setting length of a string in strict mode.
BUG=
TEST=test/mjsunit/strict-mode.js

Review URL: http://codereview.chromium.org/6623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-04 21:12:29 +00:00
mmaly@chromium.org
9dc156ac62 Passing strict mode throughout SetElement.
Throw if assigning to read only element.
Adding tests for element assignment in strict mode.

Fix tests for strict mode SetElement.

Review URL: http://codereview.chromium.org/6613005/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-04 00:21:52 +00:00
mmaly@chromium.org
1d040083b0 Assignment to read only properties throws in strict mode.
Review URL: http://codereview.chromium.org/6594037/

Revert "Revert "Assignment to read only properties throws in strict mode.""

This reverts commit aefcd82e1d36d458dd071ebf4777340f08aa67b1.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7007 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-02 04:53:43 +00:00
vitalyr@chromium.org
d9b0c93d23 Allow eval to be overridden with a callable non-function object.
We simply need to remove early checks in the resolve eval runtime
functions. CallFunctionStub that follows will handle non-functions in
the right way.

Review URL: http://codereview.chromium.org/6591075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 19:05:06 +00:00
fschneider@chromium.org
8a72161585 Add lazy deoptimization environment to instanceof by marking it as a call.
This fixes an assert when an exception is thrown inside instanceof.

BUG=v8:1207
TEST=mjsunit/regress/regress-1207.js

Review URL: http://codereview.chromium.org/6588083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 15:37:24 +00:00
sgjesse@chromium.org
7b0f5d4110 ARM: Support inlined version of %_FastAsciiArrayJoin on ARM
Review URL: http://codereview.chromium.org/6594071

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 14:09:23 +00:00
ricow@chromium.org
78a21647b9 Remove exception for mjsunit/regress/regress-deopt-gc on arm and x64.
This was wrongly marked as skip since we do not need to patch reloc info on x64 and arm when doing deoptization (issue 1094).

Review URL: http://codereview.chromium.org/6597067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 11:36:45 +00:00
kmillikin@chromium.org
6b1530ea6d Fix a stack height mismatch when deoptimizing.
When deoptimizing from the key subexpression of a keyed arguments access,
the unoptimized code expects to find the value of the receiver on the
expression stack.  The environment of the optimizing compiler did not
contain this value during evaluation of the key subexpression.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6981 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 09:32:45 +00:00
ricow@chromium.org
c63d9c97cf Do not allow non-configurable global properties to be made configurable (fixes issue 1213).
We do not currently check that a global property is actually
configurable before overwriting it with a new property.


Review URL: http://codereview.chromium.org/6597045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 08:09:17 +00:00
mmaly@chromium.org
749b69853a Revert "Assignment to read only properties throws in strict mode."
This reverts commit 503f2a501e504f330821f247074e731aa649b1f0.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 06:10:41 +00:00
mmaly@chromium.org
98aea3c353 Assignment to read only properties throws in strict mode.
Review URL: http://codereview.chromium.org/6594037/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 01:42:37 +00:00
mmaly@chromium.org
bb0c22f11c Strict mode - allow function only in SourceElements.
Review URL: http://codereview.chromium.org/6598023/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6975 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 19:07:02 +00:00
mmaly@chromium.org
180b6ec6b4 Disable const in strict mode.
Using const in strict mode yields SyntaxError.

Review URL: http://codereview.chromium.org/6592031/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6974 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 18:38:17 +00:00
ager@chromium.org
7c561be519 Remove Error.prototype.toStrings prototype property.
I did not use the helper function for adding this builtin function which meant that I missed the removal of the prototype property.

BUG=
TEST=

Review URL: http://codereview.chromium.org/6588050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 13:29:05 +00:00
vegorov@chromium.org
88b70c8941 When checking number of parameters in MakeCrankshaft code don't forget about receiver.
BUG=v8:1209
TEST=test/mjsunit/regress/regress-1209.js

Review URL: http://codereview.chromium.org/6591042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 13:20:10 +00:00
lrn@chromium.org
485f4ea0d9 Clear exceptions set during attempts to lazily optimize.
Resubmit of patch for issue 1145 with a few additions:
- Now also clears exceptions when calling Runtime_LazyRecompile.
- Sets function where parsing fails to not be optimizable.

BUG=v8:1145
TEST=test/mjsunit/regress/regress-1145.js

Review URL: http://codereview.chromium.org/6469050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6945 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-25 11:17:31 +00:00
antonm@chromium.org
da463ab484 Get property may throw an exception thanks to JS accessors.
Check result before and bail out if exception has been thrown.

BUG=v8:1172
TEST=test/mjsunit/regress/regress-1172-bis.js

Review URL: http://codereview.chromium.org/6580030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6939 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-24 17:42:56 +00:00
lrn@chromium.org
68f1c73a06 Fix array concat to follow the specification in the presence of element getters.
Also fix issue 1175 and 1177.

BUG=v8:1175

Review URL: http://codereview.chromium.org/6568007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-24 14:00:52 +00:00
karlklose@chromium.org
5572d24fc5 ARM: Fix DoubleToI.
BUG=1811
TEST=test/mjsunit/regress/regress-1181.js

Review URL: http://codereview.chromium.org/6573004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6925 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-24 10:07:35 +00:00
ager@chromium.org
ae328e61b0 Properly reset external catcher if exception couldn't be externally caught.
We can wrongly assume that exception which is not intended to be caught
by external try/catch should be caught if this exception inherits
external catcher from some previous exception.  To prevent that,
clear external catcher when processing exceptions which cannot be
externally caught.

BUG=v8:1184
TEST=test/mjsunit/regress/regress-1184.js

Review URL: http://codereview.chromium.org/6538081

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-23 06:55:47 +00:00
mmaly@chromium.org
3ff7aa0ea9 Fix for bug http://code.google.com/p/v8/issues/detail?id=1176.
Review URL: http://codereview.chromium.org/6469083/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6904 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 17:20:25 +00:00
mikhail.naganov@gmail.com
56788625b6 Fix CPU profiling for Crankshaft.
The main issue was due to multiple recompilations of functions.  Now
code objects are grouped by function using SFI object address.
JSFunction objects are no longer tracked, instead we track SFI object
moves. To pick a correct code version, we now sample return addresses
instead of JSFunction addresses.

tools/{linux|mac|windows}-tickprocessor scripts differentiate
between code optimization states for the same function
(using * and ~ prefixes introduced earlier).

DevTools CPU profiler treats all variants of function code as
a single function.

ll_prof treats each optimized variant as a separate entry, because
it can disassemble each one of them.

tickprocessor.py not updated -- it is deprecated and will be removed.

BUG=v8/1087,b/3178160
TEST=all existing tests pass, including Chromium layout tests

Review URL: http://codereview.chromium.org/6551011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 16:31:24 +00:00
ricow@chromium.org
45c63ffa6a Add more generic version of reloc info padding to ensure enough space for reloc patching during deoptimization (fixes issue 1174).
The old version only added extra space when we did indirect calls, but
the problem remains the same with normal calls that can be represented
as a single byte. When doing patching each call will always be at
least 2 bytes long because we use RUNTIME_ENTY as the reloc mode.


Review URL: http://codereview.chromium.org/6541053

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 12:28:33 +00:00
ricow@chromium.org
8162d9029d Fix second half of issue 1151, the first change (r6765) only fixed FunctionGetPrototype, not FunctionSetPrototype.
Review URL: http://codereview.chromium.org/6548008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 12:27:36 +00:00
fschneider@chromium.org
031062d246 Fix bug with input representation of HValueOf.
The class did not correctly implement the RequiredInputRepresentation.
I changed this functions to be abstract so that all hydrogen classes
must implement it.

As a convention instructions with zero input operands return None as input
representation.

Instructions that can handle all input representations without converting before
also have None as required input representation (e.g. HTest)

All other instructions need a proper required input representation.

Review URL: http://codereview.chromium.org/6538088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6891 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 12:14:53 +00:00
mmaly@chromium.org
fb20f7fc75 CallIC and KeyedCallIC not wrapping this for strict mode functions.
Fix CallIC and KeyedCallIC to correctly use Handle<Object>.

Review URL: http://codereview.chromium.org/6523052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 00:39:21 +00:00
kmillikin@chromium.org
123dbb2f5e Change the baseline compiler to match the Hydrogen graph builder.
The Hydrogen graph translation does not build a branch for unary negation in
an effect context, so the baseline compiler should not do so either.

Review URL: http://codereview.chromium.org/6546050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6871 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-21 16:49:39 +00:00
antonm@chromium.org
e79bfcaf3f Use [[DefineOwnProperty]] to put 'constructor' field on the protoype object.
That better follows ECMA-262 (see 13.2 Creating Function Objects) and allows
to ignore nasty JS accessors for 'constructor' property.

BUG=v8:1172
TEST=test/mjsunit/regress/regress-1172.js

Review URL: http://codereview.chromium.org/6531037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-18 10:53:38 +00:00
mmaly@chromium.org
f0df4a6c9e Revert "This is not wrapped for strict mode and builtin functions."
This reverts commit 6845

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 21:56:37 +00:00
ager@chromium.org
963472c516 Change behavior of global declarations in the presence of setters.
Call accessors in the global object prototype when initializing global
variables. Function declarations are special cased for compatibility
with Safari and setters are not called for them. If this special
casing was not done webkit layout tests would fail.

Make the declaration of global const variables in the presence of
callbacks a redeclaration error.

Handle const context slot declarations conflicting with a CALLBACK as
a redeclaration error. That is, unless it is on a context extension
object which is not a real object and therefore conceptually have no
accessors in prototype chains. Accessors in prototype chains of
context extension objects are explicitly ignored in SetProperty.

Review URL: http://codereview.chromium.org/6534029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 21:04:53 +00:00
mmaly@chromium.org
bb7b014988 This is not wrapped for strict mode and builtin functions.
CallIC and KeyedCallIC do not wrap this when calling builtin
and strict mode functions.

Review URL: http://codereview.chromium.org/6523052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6845 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 17:52:03 +00:00
ager@chromium.org
65addc5165 Revert change to const and global variable declarations. It causes
may WebKit layout test failures.

I will look into it tomorrow.
TBR=kmillikin@chromium.org

Review URL: http://codereview.chromium.org/6537021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 16:54:49 +00:00
ager@chromium.org
dc38755aba Call accessors in the global object prototype when initializing global
variables.

Make the declaration of global const variables in the presence of
callbacks a redeclaration error.

Handle const context slot declarations conflicting with a CALLBACK as
a redeclaration error. That is, unless it is on a context extension
object which is not a real object and therefore conceptually have no
accessors in prototype chains. Accessors in prototype chains of
context extension objects are explicitly ignored in SetProperty.

Review URL: http://codereview.chromium.org/6519050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6841 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 16:30:15 +00:00
lrn@chromium.org
246560b902 Revert 6832.
The test contains a syntax error that shouldn't be detected, but it sometimes is.

TBR: kmillikin@chromium.org

Review URL: http://codereview.chromium.org/6519049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 14:13:25 +00:00
kmillikin@chromium.org
b02107284a Fix incorrect deoptimization for logical not in an effect context.
The baseline compiler does not materialize a value for expressions of
the form !expr in an effect context so the graph translation should
not produce such an environment, otherwise we risk targeting it by
deoptimization.

BUG=v8:1167

Review URL: http://codereview.chromium.org/6537018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 13:05:49 +00:00
lrn@chromium.org
cf50c5e27c Handle exceptions thrown while parsing lazy functions for inlining.
We currently leave the exception as pending without returning a Failure::Exception() value. This is either caught immediately if running with --debug-code, or caught later by an assert in debug mode.

This change makes the pending exception be cleared before returning from the failed optimization attempt.

BUG=v8::1145
TEST=test/mjsunit/regress/regress-1145.js

Review URL: http://codereview.chromium.org/6524039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 12:23:18 +00:00
kmillikin@chromium.org
82cdd48b2f Fix a bug in deoptimization after logical expressions in an effect context.
When deoptimizing to after an expression of the form (expr0 || expr1)
or (expr0 && expr1) in an effect context, the unoptimized code could
incorrectly see the value of the expression.

Handle the short-circuit binary operators specially in effect contexts.
This fixes the issue and will generate better code when the left
subexpression is boolean-valued.

BUG=v8:1166

Review URL: http://codereview.chromium.org/6519046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 11:06:50 +00:00
ager@chromium.org
a0364d795d Handle indexed properties on value objects correctly.
As with named properties, search the value wrapper prototypes for properties.

Review URL: http://codereview.chromium.org/6526046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6810 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-16 12:10:48 +00:00
lrn@chromium.org
9ec16dfe68 Fix bug 1137. No longer allow the RegExp /(*)/.
BUG=v8:1137
TEST=test/mjsunit/regexp.js

Review URL: http://codereview.chromium.org/6499016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6802 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-16 08:10:47 +00:00
mmaly@chromium.org
582cf097e9 Strict mode "this" transformation in Function.call/Function.apply.
In strict mode the transformation of "this" is skipped.

Code review feedback.
Testing memory operand against 8 bit IMM on ia32 and x64.

Review URL: http://codereview.chromium.org/6524006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 18:57:37 +00:00
vitalyr@chromium.org
4143e4c097 Fix issue 1160: check array elements in ArrayJoin.
Review URL: http://codereview.chromium.org/6529020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 15:12:51 +00:00
ricow@chromium.org
a8d4360d65 Make sure we always have room for patching the reloc info during lazy deoptimization (fixes issue 1156).
Before we could have calls to builtins that would not be in the
relocation info since this used a register as target. Whenever we have
this case (from lithium codegen) we now emit a comment in the reloc
info.

Review URL: http://codereview.chromium.org/6499015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6795 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 14:36:12 +00:00
ricow@chromium.org
0648103e8c x64: Port OSR to the x64 platform.
Review URL: http://codereview.chromium.org/6515012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 13:37:10 +00:00
mmaly@chromium.org
9adaeb6a17 Strict mode delete of non-configurable property.
Strict mode flag is passed to runtime DELETE function
and then to JSObject::Delete(Property/Element) as STRICT_DELETION enum.
When deleting non-configurable property/eleemnt, TypeError is thrown.
Adding mozilla test to .gitignore.
Incorporate CR feedback.

Review URL: http://codereview.chromium.org/6515005/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 23:41:47 +00:00
mmaly@chromium.org
7e6bbab2c8 Strict mode delete of unqualified identifier.
SyntaxError is reported in strict mode when deleting
an unqualified identifier. (11.4.1 of Ecma-262 5th ed)

Review URL: http://codereview.chromium.org/6516003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 18:44:26 +00:00
antonm@chromium.org
186d832c79 Introduce new runtime function to make join with lower memory usage.
Do not use generic StringBuilderConcat which requires array passed
to keep both elements and separator (which roughly double size
of the array).  That should be faster as well.

BUG=crbug.com/54580

Review URL: http://codereview.chromium.org/6520004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 17:25:12 +00:00
whesse@chromium.org
1e4800b918 X64 Crankshaft: Fix error in pushed register indices for safepoints. Fixes issue 1153.
BUG=1153
TEST=mjsunit/date-parse

Review URL: http://codereview.chromium.org/6518007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 16:02:02 +00:00
whesse@chromium.org
7233a930b5 X64 Crankshaft: Add test that fails on x64 Crankshaft build to list of skipped mjsunit tests. Fix comments and remove unused function from date.js.
BUG=1153
TEST=mjsunit/date-parse
Review URL: http://codereview.chromium.org/6516011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 13:57:15 +00:00
fschneider@chromium.org
ad70b7de39 Fix a potential crash bug in keyed calls for non-string keys.
BUG=v8:1146

Review URL: http://codereview.chromium.org/6517010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 13:13:41 +00:00
kmillikin@chromium.org
c73ce4f126 Fix a duplicate AST ID recorded for for/in.
Avoid visiting the subexpressions of a variable that rewrites to a property
when occurring as the 'left-hand side' of for/in.

BUG=v8:1149

Review URL: http://codereview.chromium.org/6475009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 12:51:25 +00:00
karlklose@chromium.org
e0552d77cf ARM: Implement PatchStackCheckCodeAt and RevertStackCheckCode.
Remove a failing test expectation from mjsunit.status.

Review URL: http://codereview.chromium.org/6410029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 12:07:48 +00:00
ricow@chromium.org
34eeb88ee4 Use ForceSetObjectProperty in DefineOrRedefineDataProperty (fixes crbug 72736).
The current version uses SetObjectProperty which will not set the
value in case this is a readonly property. The spec explictly says
that a configurable but non writable property can have its value
changed with Object.defineProperty (because the same thing can be
accomplished by doing 3 calls (set writable to true, update the value,
set writable to false).


Review URL: http://codereview.chromium.org/6518004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 10:43:21 +00:00
ricow@chromium.org
6d9fde492c Do not allow calls to SetProtoType on functions that should not have a prototype (fixes issue 1151)
Review URL: http://codereview.chromium.org/6518003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 09:37:56 +00:00
ricow@chromium.org
46bde305b5 Add support for the global object in Object.keys (fixes issue 1150)
We do not currently handle the case where the JSGlobalProxy is passed
as argument to LocalKeys in runtime.cc.

Review URL: http://codereview.chromium.org/6516008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 07:49:13 +00:00
mmaly@chromium.org
e0be3072b5 Implement assignment to undefined reference in ES5 Strict Mode.
Strict mode assignment to undefined reference.
Simple assignments (x = <value>) use CODE_TARGET_CONTEXT.
StoreIC stores its own strictness in extra_ic_state.
The strcitness is propagated as further ic stubs are generated.

Details:
* ReferenceError on assignment to non-resolvable reference in strict mode.
* Fix es5conform test expectation file.
* Add es5conform test suite into .gitignore.
* Fix Xcode project.
* Change implemented in virtual frame code generator, as well as full-codegen
  for all architectures.
* Fix debugger test.
* Fix comment for CODE_TARGET_CONTEXT
* Implement remaining StoreIC stubs to be strict mode aware.
* Trace extra_ic_state() for ic code stubs.

Code Review URL: http://codereview.chromium.org/6474026/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-13 16:19:53 +00:00
mmaly@chromium.org
3f4701df7f Revert r6756. Check failed on V8 arm - debug - crankshaft.
Need to investigate.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 23:25:07 +00:00
mmaly@chromium.org
fd6338bdda Implement assignment to undefined reference in ES5 Strict Mode.
Strict mode assignment to undefined reference.
Simple assignments (x = <value>) use CODE_TARGET_CONTEXT.
StoreIC stores its own strictness in extra_ic_state.
The strcitness is propagated as further ic stubs are generated.

Details:
* ReferenceError on assignment to non-resolvable reference in strict mode.
* Fix es5conform test expectation file.
* Add es5conform test suite into .gitignore.
* Fix Xcode project.
* Change implemented in virtual frame code generator, as well as full-codegen
  for all architectures.
* Fix debugger test.
* Fix comment for CODE_TARGET_CONTEXT
* Implement remaining StoreIC stubs to be strict mode aware.
* Trace extra_ic_state() for ic code stubs.

Code Review URL: http://codereview.chromium.org/6474026/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 21:39:59 +00:00
antonm@chromium.org
e96c24bf03 Properly treat exceptions thrown while compiling.
BUG=v8:1132
TEST=test/mjsunit/regress/regress-1132.js

Review URL: http://codereview.chromium.org/6487021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 14:26:56 +00:00
lrn@chromium.org
fdfbdfbcf5 Fix typo in ASSERT in object-verifier for RegExp.
BUG=v8::1129
TEST=test/mjsunit/regress/regress-1129.js

Review URL: http://codereview.chromium.org/6476027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 16:43:01 +00:00
antonm@chromium.org
ab24485760 Bypass JS accessors when building error array.
In the presence of JS accessors for elements on Object.prototype JSArray::SetFastElement
may throw or its behaviour can be altered.  Instead operate on plain FixedArrays and
turn them into JSArry later.

BUG=v8:1130
TEST=test/mjsunit/regress/regress-1130.js

Review URL: http://codereview.chromium.org/6481001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 15:02:13 +00:00
fschneider@chromium.org
5b753cecb6 Check holder before optimizing calls to global functions.
In the case where the function is not found in the global object,
we have to generate a generic call.

BUG=v8:1106
TEST=mjsunit/regress/regress-1106.js

Review URL: http://codereview.chromium.org/6483010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 12:33:51 +00:00
vegorov@chromium.org
49adfd0f0a Bailout from PrepareSlowElementsForSort when hiting a key outside of smi-range.
BUG=v8:1131
TEST=test/mjsunit/regress/regress-1131.js

Review URL: http://codereview.chromium.org/6469006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6726 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 12:33:34 +00:00
mikhail.naganov@gmail.com
12e62e7154 Shorten constructor names in JS tickprocessor.
As they are no more used in DevTools profiler, there is no
need to prefix them with "devtools.profiler" namespace.

Review URL: http://codereview.chromium.org/6456025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 07:47:28 +00:00
kmillikin@chromium.org
dc91c4218b Make optimized Function.prototype.apply safe for non-JSObject first arguments.
If we have a property access of the form this.x, where the access site sees
the global object, we can specialize the IC stub so that it performs a map
check without first performing a heap object check.

Ensure that we do not get in JS code with a non-JSObject this value by
deoptimizing at Function.prototype.apply if the first argument is not a
JSObject.

BUG=v8:1128

Review URL: http://codereview.chromium.org/6463025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 16:43:23 +00:00
whesse@chromium.org
0fb5a1fd1a Add a regression test for issue 1106, optimized access to the prototype chain of the global object.
Review URL: http://codereview.chromium.org/6459023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 15:50:39 +00:00
lrn@chromium.org
d358e2ecd3 Fix incorrect asserts in scanner.
BUG=v8::1126
TEST=test/mjsunit/regress/regress-1126.js

Review URL: http://codereview.chromium.org/6459021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 14:16:25 +00:00
whesse@chromium.org
afec61e870 Fix typo in r6697: Use assertThrows correctly in the added test regress-1122.js.
Review URL: http://codereview.chromium.org/6460030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 13:16:40 +00:00
whesse@chromium.org
602d5cf427 Fix a bug that occurs when functions are defined with more than 16,382 parameters.
Review URL: http://codereview.chromium.org/6447007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 12:46:22 +00:00
kmillikin@chromium.org
991a1cae12 Fix an assertion failure in stack trace construction.
When constructing stack traces we interpret the deoptimization data for
optimized frames to find the receiver value.  This value could sometimes be
eliminated from the deoptimization data if we though it was unused.

BUG=v8:1118

Review URL: http://codereview.chromium.org/6465023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 11:45:50 +00:00
antonm@chromium.org
d724993138 Use GC-safe version when setting elements.
BUG=1125
TEST=test/mjsunit/regress/regress-1125.js

Review URL: http://codereview.chromium.org/6463001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 11:38:10 +00:00
antonm@chromium.org
cf30cefda7 Check if Array.prototype.__proto__ has been reset to null.
BUG=v8:1121
TEST=test/mjsunit/regress/regress-1121.js

Review URL: http://codereview.chromium.org/6454004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 19:56:44 +00:00
antonm@chromium.org
0273e8185b Propagate exceptions thrown when setting elements.
Plus use more robust path when formatting messages---work
directly with fixed arrays.

BUG=v8:1107
TEST=test/mjsunit/getter-in-prototype.js,test/mjsunit/regress/regress-1107.js

Review URL: http://codereview.chromium.org/6451004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 19:42:14 +00:00
antonm@chromium.org
da8b72f2b8 1) Return failure if any of property sets failed;
2) We cannot assert the declared property will go to the extension in the presence of callbacks and interceptors.

BUG=1119
TEST=test/mjsunit/regress/regress-1119.js

Review URL: http://codereview.chromium.org/6454011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 19:04:17 +00:00
ager@chromium.org
096c21522b Fix wrong assumption in parser that parsing a function literal cannot throw an exception.
Review URL: http://codereview.chromium.org/6453009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 18:46:13 +00:00
ager@chromium.org
8c6c273236 Fix issues with using defineProperty on the global proxy object.
Review URL: http://codereview.chromium.org/6452004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 16:31:58 +00:00
ricow@chromium.org
f64966085e x64: Add MulI and DivI to lithium instructions.
Review URL: http://codereview.chromium.org/6448001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:37:50 +00:00
lrn@chromium.org
2f32f27e8f Correct propagation of exceptions from setters.
BUG=v8:1105
TEST=test/mjsunit/regress/regress-1105.js

Review URL: http://codereview.chromium.org/6451003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:04:27 +00:00
kmillikin@chromium.org
bf3c3eb9cb Fix a possible duplicate AST ID for deoptimization.
For redeclarations of variables that alias the parameters in functions
using arguments, we need to avoid re-visiting the shared variable
rewrite.

BUG=v8:1104

Review URL: http://codereview.chromium.org/6453004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:00:22 +00:00
ricow@chromium.org
20f2c1c98a Make sure that we do not call is_extensible on the global proxy.
When calling Object.isExtensible we did not do a check for the global
js proxy. This caused the check on the extensible bit on the map to
return true, even when the bit was set to false on the global js
object.


Review URL: http://codereview.chromium.org/6450003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 13:09:07 +00:00
ricow@chromium.org
81787f986b Make sure that we never call prevent extension on the global proxy,
but instead call this on the global object.

BUG: 1103

Review URL: http://codereview.chromium.org/6454001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 12:41:16 +00:00
lrn@chromium.org
48fadffcc4 Fix bug in JSON.parse for objects containing "__proto__" as key.
It added the __proto__ key as a normal key, which made it visible
in enumeration, while reading still hit the hard-coded accessor.

Review URL: http://codereview.chromium.org/6451002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 11:38:15 +00:00
peterhal@chromium.org
39957aa741 Issue 117 - strict mode and future reserved words
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6653 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 18:36:37 +00:00
mmaly@chromium.org
87233c49c8 Pass strict mode to eval.
Code review feedback.

Code Review URL: http://codereview.chromium.org/6286043/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 18:15:49 +00:00
vegorov@chromium.org
10f715e3ff Restore context after LApplyArguments.
BUG=v8:1099
TEST=test/mjsunit/regress/regress-1099.js

Review URL: http://codereview.chromium.org/6246106

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 15:42:02 +00:00
peterhal@chromium.org
c894b1f317 Fix bugs 992, 1083 and 1092
My previous patch added an assert which uncovered 1092 in the sputnik tests.
This patch adds the fix for 1092, which is to ensure that NormalizeProperties
does not get called for a JSGlobalProxy along all code paths.

Add sputnik tests to .gitignore.

BUG=
TEST=

Review URL: http://codereview.chromium.org/6286060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 19:29:10 +00:00
ricow@chromium.org
a2aa84873e Add regression test for the deoptimizer immediately followed by gc bug.
In addition to the regression test I changed the gc-extension to take
a boolean flag specifying if compaction should be used (default is
false, existing tests will not change behaviour)

The regression test is disabled on arm and x64 with crankshaft
enabled. I made a bug to track this:
http://code.google.com/p/v8/issues/detail?id=1094


Review URL: http://codereview.chromium.org/6312118

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 13:47:27 +00:00
danno@chromium.org
a2fb4a12bb Create specialized code stubs for PixelArray loads.
Review URL: http://codereview.chromium.org/6287030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 12:50:50 +00:00
antonm@chromium.org
0da3dc3e43 Properly process getOwnPropertyDescriptor for elements on global proxy object.
We need to go down to actual global object to perform those operations.

Review URL: http://codereview.chromium.org/6246054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 10:19:41 +00:00
kmillikin@chromium.org
ca936dae9e More of the fix for V8 issue 1079.
The arguments property of functions, if we find an optimized frame for
the function, is always a freshly allocated object.  We never try to
find an existing arguments object.

Review URL: http://codereview.chromium.org/6349050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 15:08:29 +00:00
erik.corry@gmail.com
0097f005fd Fix code generation bug on ARM in classic codegen.
Review URL: http://codereview.chromium.org/6246045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 14:14:55 +00:00
lrn@chromium.org
2d15eb9a90 Fix bug in object literals with large array indexes as strings.
Review URL: http://codereview.chromium.org/6410028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 14:02:58 +00:00
kmillikin@chromium.org
f1149734fc Partial fix for V8 issue 1079.
Record a safepoint with a deoptimization id for throw in optimized code.  We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw).  For
hygiene we use the actual ID of the throw expression.  Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit.  This is required to insert a simulate between the throw and the exit.

Make our optimized treatment of Function.prototype.apply act like a call and
have side effects.  This ensures that it will get a lazy deoptimization
environment.  Use that deoptimization ID in the safepoint for the call.

Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction.  Record the
environment and use the deoptimization ID at the safepoint.

Review URL: http://codereview.chromium.org/6250105

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 13:55:29 +00:00
whesse@chromium.org
a5f94a4862 Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5). These are not equal to sqrt(-0) and 1/sqrt(-0). Add tests for these cases. Fixes V8 issue 1088.
BUG=1088
TEST=test/mjsunit/math-pow.js

Review URL: http://codereview.chromium.org/6368050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 12:54:58 +00:00
vegorov@chromium.org
6751627615 Require typed input representation for HTypeof hydrogen instruction.
BUG=http://code.google.com/p/chromium/issues/detail?id=71647
TEST=test/mjsunit/regress/regress-71647.js

Review URL: http://codereview.chromium.org/6410025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 09:52:57 +00:00
peterhal@chromium.org
5ca89179d7 Revert "Fix bugs 992 and 1083"
This reverts commit 6561 as the new assert caused failures in sputnik.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 20:08:01 +00:00
peterhal@chromium.org
9c89aa6dd9 Fix bugs 992 and 1083
Fixes JS portion of DefineOwnProperty when there is
an existing property and the new descriptor is generic.

Makes code follow spec steps more closely.

Fixes typo for check for unchanged enumerable in step 6.

Adds regression tests.
Fixes errors in object-define-property test

Don't normalize the JSGlobalProxy. Gets webkit http/tests/security/xss-DENIED-defineProperty.html working.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 17:08:14 +00:00
ager@chromium.org
471c0d2983 Avoid callbacks to user code during error formatting in a couple of
other situations.

Do not use overwritten Object.prototype.hasOwnProperty and
Array.prototype.pop. Do not use split and join in the error formatting
implementation. They are too big to control and their generality is
not needed.

Review URL: http://codereview.chromium.org/6287041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6552 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 12:31:16 +00:00
mmaly@chromium.org
aa779b3842 Fix V8 bug 1084: allow "\0" in strict mode as valid escape sequence.
http://code.google.com/p/v8/issues/detail?id=1084

Code Review URL: http://codereview.chromium.org/6386014/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 22:35:27 +00:00
antonm@chromium.org
a38a8ffab0 ArraySplice builtin should return empty array and not alter receiver if invoked with no arguments.
Review URL: http://codereview.chromium.org/6357025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 14:54:53 +00:00
fschneider@chromium.org
4e7ddab6dc Fix a bug in the placement of minus-zero checks and in GVN.
1. The placement of checks for negative zero has to be computed after
all conversion instructions have been inserted. I separated the code
into its own phase.

2. GVN need to take instruction flags into account when comparing
instructions for redundancy.

Review URL: http://codereview.chromium.org/6260035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 12:36:54 +00:00
ager@chromium.org
f8b74a1541 Avoid using Function.prototype.call in a number of places in our
builtins files. We should always use %_CallFunction for a couple of
reasons: it cannot be overwritten and it does not wrap basic types in
wrapper objects.

Review URL: http://codereview.chromium.org/6349018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6524 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-28 10:33:10 +00:00
ager@chromium.org
dc61921bbf Fix reintroduction of global variables that have been deleted.
Deletion of global properties puts 'the hole' in the global property
cell and updates the property details in the property dictionary with
the information that the property has been deleted. When setting
global properties that have been deleted in generated code we just
store the new value in the global property cell. This does not update
the property details in the property dictionary. Therefore, it looks
like the property is not there eventhough it was just reintroduced.

Perform 'the hole' checks in generated code for global property stores
and bail out of ICs and optimized code if storing to a property cell
that contains 'the hole'.

Review URL: http://codereview.chromium.org/6306014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6508 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-27 08:35:39 +00:00
mmaly@chromium.org
d07f1d62ff Strict mode eval/arguments LHS.
Review URL: http://codereview.chromium.org/6335013/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-26 19:21:46 +00:00
mmaly@chromium.org
55400c2454 Strict mode: function constructor tests.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-26 18:10:26 +00:00
mmaly@chromium.org
2b47762e3a Strict mode object property validation.
Review URL: http://codereview.chromium.org/6335010/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 18:42:35 +00:00
mmaly@chromium.org
f5a2860534 Strict mode parameter validation.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 17:21:45 +00:00
kmillikin@chromium.org
9cfbb240a0 Update regression test.
With SVN r6465 (reverting changes to scopes), a regression test for
deleting parameter variables has to change to reflect a semantic
change.  It is now again possible to delete parameters from a function
that uses 'with' or 'try...catch'.

Review URL: http://codereview.chromium.org/6307014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 13:32:36 +00:00
kmillikin@chromium.org
013860d42e Revert "Reapply change to with/arguments interaction."
Revert this change again.  Somewhat mysteriously we sometimes get empty
contexts that we do not expect in the context chain.

Review URL: http://codereview.chromium.org/6372013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6465 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 13:01:45 +00:00
vitalyr@chromium.org
331b482332 Fix bug 1070: set correct holder for primitive checks.
Code generated for checks starting with primitive receivers skips one step
in the usual prototype checking algorithm, so the holder must always be set.

Not setting the holder did not cause an immediate failure because our
primitives have additional hidden prototypes before the real prototypes.
These extra objects in the chain usually contain no properties and so
allowed the right holders to be selected.

Review URL: http://codereview.chromium.org/6353014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 12:21:03 +00:00
ricow@chromium.org
d5cab38a33 Add support for deoptimization on x64.
I did not take out the code relating to osr from the generate method
since this makes it easier to compare to ia32 (we will abort anyway when we hit the osr code so there should be no issues with having this in)
 

Review URL: http://codereview.chromium.org/6390001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6449 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 07:57:56 +00:00
mmaly@chromium.org
8d79f3a788 Strict mode octal literals.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6446 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-24 18:13:18 +00:00
kmillikin@chromium.org
9c2d52eb0e Fix a bug in delete for lookup slots.
The function Runtime_LookupContext searches the context chain for a
LOOKUP slot and returns the object holding the slot.  It returned the
global context if the slot was not found or if it was found in a
function's context or arguments object.  This is not the correct
object to use for 'delete'.

Since this lookup function is only ever used when deleting LOOKUP
slots (those that have to go through a with or a scope with eval), it
is simply replaced with a Runtime_DeleteContextSlot function that does
the appropriate thing for all kinds of context lookups.

This fixes Chromium bug 70066.
http://code.google.com/p/chromium/issues/detail?id=70066

Review URL: http://codereview.chromium.org/6280013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6442 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-24 14:03:30 +00:00
ager@chromium.org
bb9c9fe92c Change recursive error printing to just replace recursively
encountered error objects with the empty string. This actually does
match the Safari behaviour.

Review URL: http://codereview.chromium.org/6259010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6430 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 14:11:35 +00:00
ager@chromium.org
ca14680556 Return the empty string when formatting recursive error messages. This
matches the behavior of Safari and Firefox. Our old behavior was to
throw a stack overflow exception.

BUG=crbug.com/70334
TEST=mjsunit/cyclic-error-to-string.js

Review URL: http://codereview.chromium.org/6261018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 11:44:29 +00:00
kmillikin@chromium.org
8a9eeaf8da Reapply change to with/arguments interaction.
This is svn r6415 with a bugfix.

The bug was that we can have scopes with 0 heap slots (functions with
such scopes do not need a local context) and scopes with at least
Context::MIN_CONTEXT_SLOTS.  The code generator only allocated a local
context if there were strictly more than Context::MIN_CONTEXT_SLOTS.
Before the change to with/arguments, it was impossible to actually get
a function scope with exactly Context::MIN_CONTEXT_SLOTS because every
such scope included a heap-allocated arguments (and arguments shadow)
slot.

Review URL: http://codereview.chromium.org/6248014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 11:28:35 +00:00
vitalyr@chromium.org
7d96f2d40f Fix Smi::IsValid assert in StringCharCodeAt deferred code.
Review URL: http://codereview.chromium.org/6303013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6424 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 08:30:13 +00:00
mmaly@chromium.org
4cb51b51e6 First part of strict mode.
- var eval | arguments
- catch (eval | arguments)
- 'with' is disabled
- function can't be named eval or arguments

Add FLAG_strict_mode

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-20 18:51:47 +00:00
kmillikin@chromium.org
6b89b5975f Revert "Make 'with' mark only variables occurring in the body as used."
This reverts SVN revision 6415 due to layout test failures.

TBR=ricow

Review URL: http://codereview.chromium.org/6374006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-20 12:58:57 +00:00
kmillikin@chromium.org
7f43cf0539 Make 'with' mark only variables occurring in the body as used.
Before, we conservatively marked every variable in a scope as used if the
scope contained 'with'.  Instead, just mark the variables occurring in the
body of the with.  This avoids marking 'arguments' as used whenever 'with'
occurs, which incurs an extra performance penalty (a use of arguments is
seen as an instruction to redirect all parameter accesses to the arguments
object).

Review URL: http://codereview.chromium.org/6357007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6415 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-20 12:32:43 +00:00
kmillikin@chromium.org
70910af7a0 Fix an assertion failure in the full code generator.
We hit an assertion failure when we tried to record the AST ID of
the (shared) .arguments variable proxy more than once.  This was hit
when we had multiple calls to the same parameter in a function that
used the arguments object.  The fix is to not visit the subexpressions
of the (shared) property access expression.

BUG=1060

Review URL: http://codereview.chromium.org/6368007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6404 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-19 15:26:54 +00:00
antonm@chromium.org
49144ee6b6 Properly create variables to access outer arguments and function names.
Review URL: http://codereview.chromium.org/6266007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6380 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-19 08:16:17 +00:00
mmaly@chromium.org
d6f88b6688 Revert strict mode (Mozilla test failure).
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-18 23:01:50 +00:00
mmaly@chromium.org
b4c88d5de4 First part of ES5 strict mode.
- var eval | arguments
- catch (eval | arguments)
- 'with' is disabled
- function can't be named eval or arguments
- function parameter name cannot be eval or arguments
- no duplicate parameter names allowed

Add FLAG_strict_mode

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-18 16:43:53 +00:00
ricow@chromium.org
3d245133a3 Enable compilation of very simple functions in x64 crankshaft.
This change includes support for safepointtables and adding deoptimization info (but not for deoptimizing).

Implemented crankshaft functions:
CallCode
GenerateSafepointTable
RegisterEnvironmentForDeoptimization
EmitGoto


This change allows us to compile very simple functions with crankshaft:
An empty function
A function returning a constant.
A function returning a parameter.

There is 6 disabled tests that require us to be able to deoptimize
which is currently not supported.


Review URL: http://codereview.chromium.org/6310009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 13:11:39 +00:00
lrn@chromium.org
f09705ab9b Make invalid break/continue statements an early syntax error.
Previously we delayed the throwing of syntax errors until runtime, so
unreachable errors didn't get reported.
To match a change in JSC, we now stop parsing and report the error immediately.

BUG=69736
TEST=

Review URL: http://codereview.chromium.org/6355006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 09:36:10 +00:00
antonm@chromium.org
fae90d4f32 Make closures optimizable by Crankshaft compiler.
Currently only closures which only read from the context are supported.

Review URL: http://codereview.chromium.org/5753005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 08:11:03 +00:00
ager@chromium.org
c1306244a6 Make the 'name' property on error prototypes read-only and dont-delete
to avoid leaking of error objects to accessor methods when formatting
error messages internally.

Also, do not call overwritten toString methods on error objects when
formatting messages internally.

Review URL: http://codereview.chromium.org/6272004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6322 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-14 12:51:04 +00:00
podivilov@chromium.org
ee9fd1d922 Unreviewed. Fix whitespaces for r6314.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-14 12:01:57 +00:00
podivilov@chromium.org
beb16ce681 Tests for setting break points by script id and position.
Review URL: http://codereview.chromium.org/6261009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6314 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-14 11:56:14 +00:00
ager@chromium.org
48acf77389 Do not allow accessors to intercept getting/setting properties on
error objects under construction and string conversions.

Review URL: http://codereview.chromium.org/6146009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6291 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-13 06:56:54 +00:00
peter.rybin@gmail.com
7c468e53c4 Add fine-grained diff implementation to LiveEdit engine.
BUG=1013
TEST=

Review URL: http://codereview.chromium.org/6017008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6274 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-11 14:55:47 +00:00
antonm@chromium.org
a0bc9eb040 Add more bailouts for Array.slice over arguments.
Unfortunately, arguments is pretty much the normal JS object.  For now
I am adding more sanity checks (in hope that typically arguments
list is rather short.)  However it probably requires more systematic
treatment, for example, we could optimistically copy elements until
we meet first hole and in this case resort to JS builtin.

Review URL: http://codereview.chromium.org/6062006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-11 11:23:40 +00:00
ricow@chromium.org
b4ea8c7f5e Enable sharding of individual testsuites in tools/test.py
This patch enables two new flags for the tools/test.py script;
--shard-count - giving the ability to split the tests to be run
into shard-count chunks.
--shard-run - giving the ability to specify which of the shards to actually run.

Example
  tools/test.py -j15 --shard-count=2 --shard-run=1 mozilla
would split the mozilla tests into two chunks and run the tests in the first chunk

Running:
  tools/test.py -j15 --shard-count=2 --shard-run=1 mozilla
  tools/test.py -j15 --shard-count=2 --shard-run=2 mozilla
is equivalent (in terms of test coverage) of just running:
  tools/test.py -j15 mozilla

In addition, tests are now sorted before they are returned from the
test specific ListTests methods (sputnik and mozilla tests where
already sorted before they where returned).

This change is needed to split a single test suite over two slaves on
the waterfall.


Review URL: http://codereview.chromium.org/6127003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6248 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 13:54:42 +00:00
ricow@chromium.org
cd6bd8c4fa Revert 6220 (generic descriptor support in Object.defineOwnProperty)
This change caused a webkit failure in http/tests/security/xss-DENIED-defineProperty.html.

 I will look into this and reapply when I find a solution.




Review URL: http://codereview.chromium.org/6134005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 07:20:54 +00:00
ricow@chromium.org
22d1249b68 Disable flaky test on x64 when running with --crankshaft.
mjsunit/compiler/simple-osr is flaky.

Disabling for now until we get osr in place on the x64 port.

Bug 1026 created to track this:
http://code.google.com/p/v8/issues/detail?id=1026


Review URL: http://codereview.chromium.org/6176001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-07 13:53:20 +00:00
whesse@chromium.org
50eaaf4be4 Speed up a regression test regress-3249650.js so it does not timeout.
Review URL: http://codereview.chromium.org/6175001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-07 13:52:36 +00:00
lrn@chromium.org
90fd0ee897 Change interpretation of malformed \c? escapes in RegExp to match JSC.
Review URL: http://codereview.chromium.org/6171001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-07 12:35:42 +00:00
sgjesse@chromium.org
cce04b9071 Added a few new debugger tests.
Patch by Mark Lam from Hewlett-Packard Development Company, LP

Review URL: http://codereview.chromium.org/6035016


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-07 11:59:41 +00:00
ricow@chromium.org
08cd803827 Landing for Peter Hallam
First cut at bug 992 

Fixes JS portion of DefineOwnProperty when there is 
an existing property and the new descriptor is generic. 

Makes code follow spec steps more closely. 

Fixes typo for check for unchanged enumerable in step 6. 

Adds regression test. 

Codereview url: http://codereview.chromium.org/6035014/




git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-07 11:49:09 +00:00
whesse@chromium.org
f39ff5c679 X64 Crankshaft: Implement some methods in LInstruction, update mjsunit test expectations.
Review URL: http://codereview.chromium.org/6118002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-07 09:47:16 +00:00
lrn@chromium.org
a50e69bda5 Avoid calling inherited setters when creating object literals and their boilerplates.
Fix issue 1015.

Review URL: http://codereview.chromium.org/6118001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-06 14:00:50 +00:00
sgjesse@chromium.org
9bc3a16af0 Fix bug in instanceof stub
If the instanceof stub was requested to deliver true/false objects as the result instead of 0/1 then 0/1 was actually returned if the builtin INSTANCE_OF ended up being called. This is now fixed.

BUG=v8:1020
TEST=test/mjsunit/regress/regress-1020.js
Review URL: http://codereview.chromium.org/6014013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-05 14:19:12 +00:00
ricow@chromium.org
aa396c5779 Allow getters and setters on JSArray elements.
This fixes bug 900 

Review URL: http://codereview.chromium.org/5959009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-04 13:59:34 +00:00
lrn@chromium.org
d8fb09a030 Fix tab in javascript file.
Review URL: http://codereview.chromium.org/6004009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6156 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-04 13:14:39 +00:00
lrn@chromium.org
e7ecb74b8a Don't let JSON parsed objects hit inherited setters.
Review URL: http://codereview.chromium.org/6101001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6154 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-04 12:19:55 +00:00
lrn@chromium.org
59aea66dfa Fix bug that happens when the first non-ASCII character of a literal is at a power-of-two position.
Review URL: http://codereview.chromium.org/6044009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-04 11:25:59 +00:00
lrn@chromium.org
5741575327 Tweak quicksort loop to reduce number of compares slightly.
Review URL: http://codereview.chromium.org/6039002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-20 14:57:51 +00:00
antonm@chromium.org
ae476ecd6c Teach C++ ArraySlice builtin to deal with arguments object.
Array.prototype.slice.call(arguments, ...) idiom is pretty common (up to 97% of invocations
in GMail), so we'd better handle it efficiently too.

Review URL: http://codereview.chromium.org/6034003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6085 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-20 14:41:41 +00:00
ager@chromium.org
06ac3b18a0 When setting property on a context extension object do not inherit the
attributes from an existing property on a prototype object.

Review URL: http://codereview.chromium.org/5995002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-17 13:04:53 +00:00
ricow@chromium.org
717153274f Reduce number of iterations in new regression test, this times out on arm and the regression is hit with an order of magnitude less iterations.
Review URL: http://codereview.chromium.org/5963001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6058 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-17 07:23:06 +00:00
fschneider@chromium.org
73737fcdb6 Fix bugs in the range analysis for integers.
The overflow conditions were not correctly detected for 
certain add, sub and mul instructions.

I replaced the previous code by using 64-bit arithmetic
to correctly identify overflows for *, + and -.

Review URL: http://codereview.chromium.org/5860009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6055 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 18:01:36 +00:00
ager@chromium.org
6e30a77ab5 A number of instructions use GVN but do not provide a comparison
function for the data. This leads to wrong results where operations
are wrongly assumed to have the same value as a previous (different)
operation.

Provide the data comparison functions.

BUG=995

Review URL: http://codereview.chromium.org/5898003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6052 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 15:40:02 +00:00
ager@chromium.org
1b67320800 Perform more aggressive time to NaN conversions. Our internal date
methods rely on the time values passed in being within a certain range
- not significantly larger than the the ECMA 262 specified time
range. When creating a time, always make it NaN if there is no way
that it can be within range even after UTC conversion.

Review URL: http://codereview.chromium.org/5905003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6048 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 13:02:09 +00:00
lrn@chromium.org
b20f0968fa Change DefaultString and DefaultNumber to match the spec required behavior.
Previously it did two reads of the .toString and .valueOf properties where
only one was allowed.

Review URL: http://codereview.chromium.org/5950001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6047 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 12:49:55 +00:00
ricow@chromium.org
357afa385b Change Object.defineProperty to accept undefined as getters and setters and to correctly accept overriding an accessor with a data property.
In the past we only accepted functions as argument for setting an
accessor. Since one should be able to set an accessor to undefined
this had to be changed to take either.

In addition, we did not lookup properties in the prototype chain,
causing us to call the setter of an existing accessor up the prototype
chain when trying to replace an existing accessor (that was not local)
with a data property.


Review URL: http://codereview.chromium.org/5861006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6045 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 12:21:08 +00:00
peter.rybin@gmail.com
e9c989b8fa Fix evaluate with context debug protocol
Review URL: http://codereview.chromium.org/5866002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6039 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 19:55:51 +00:00
vegorov@chromium.org
ed59e77256 Fix several register allocation issues revealed by fuzzer:
- LIsObject had incorrect contraint for value input;
- Temporaries had incorrect lifetime intervals;
- Live ranges for live_out values was not covering the whole block.

Review URL: http://codereview.chromium.org/5899002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6038 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 18:13:02 +00:00
kmillikin@chromium.org
ace6290452 Fix issue 974.
When entering a finally block in unoptimized code, we unconditionally
save the accumulator register in the stack in case it holds a return
value or an exception.  In the case of a break, continue, or falling
off the end of the try or catch block, this value is unpredictable and
not necessarily safe for GC.

Review URL: http://codereview.chromium.org/5883003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6035 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 16:14:29 +00:00
vegorov@chromium.org
655b30858d Fix issue 982.
When splitting at the beginning of a use interval assign coinciding position to the split child instead of leaving it to parent.

BUG=v8:982

Review URL: http://codereview.chromium.org/5898001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 14:35:46 +00:00
karlklose@chromium.org
88dfadd090 Fix presubmit error.
Review URL: http://codereview.chromium.org/5891001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6024 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 11:43:35 +00:00
karlklose@chromium.org
5f962f2eb2 Add array bound checks to code generated for SwapElements. This fixes a bug that lead to a segfault when an array was modified while it was sorted.
Review URL: http://codereview.chromium.org/5686006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 09:52:58 +00:00
lrn@chromium.org
f118f44130 Fix regression in JSON serialization of RegExps.
Tweaks to the serialization.

Review URL: http://codereview.chromium.org/5676005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6018 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 09:31:05 +00:00
ager@chromium.org
5dc1d7a126 Update test expectations for ARM crankshaft build.
Review URL: http://codereview.chromium.org/5813002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6014 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 07:46:22 +00:00
ricow@chromium.org
cd2f41f7dd Don't run mjsunit/compiler/regress-funcaller in debug mode.
This test takes 12+ minutes to run on the windows slaves. In addition,
the regression is hit in release mode on the code prior to the fix for
this.

Review URL: http://codereview.chromium.org/5701006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6009 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-14 13:15:28 +00:00
ricow@chromium.org
60f07139aa Disable mjsunit/regress/regress-create-exception in debug mode.
This test takes a very long time to run in debug mode. This test alone
is causing 10+ minutes of cycle time on the windows debug bots (and the
same in CPU runtime on all slaves!).


Review URL: http://codereview.chromium.org/5748006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6002 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-14 08:55:57 +00:00
ricow@chromium.org
f89d4f39e6 mjsunit/regress/regress-3247124 takes a long time to run, and the original regression is hit
with two orders of magnitude less iterations.

Review URL: http://codereview.chromium.org/5822001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-14 08:29:33 +00:00
ricow@chromium.org
3b1152aed4 Change the number of iterations in mjsunit/regress-962
This test causes the arm simulator to timeout, and the test reveals
the original problem with three orders of magnitude less iterations.


Review URL: http://codereview.chromium.org/5678007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-14 07:57:14 +00:00
peter.rybin@gmail.com
8c3e13cad8 Introduce additional context to evaluate operations
Review URL: http://codereview.chromium.org/5733001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5997 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-14 00:07:44 +00:00
kmillikin@chromium.org
b1c71408d7 Rename regression test and reenable disabled test.
The regression test for v8 issue 969 was committed with the wrong file
name.  Also reenable a test that was disabled due to that issue.

Review URL: http://codereview.chromium.org/5707008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5992 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-13 16:52:04 +00:00
kmillikin@chromium.org
49f4c39d6d Deoptimize to the proper target after assignment side effects.
This fixes V8 issue 989.

Before, assignments used the AST ID of the assignment expression to
mark the side effect of the store, which became a target for
deoptimization bailout for code after the assignment.  In effect
contexts this environment included the value of the assignment, which
was unexpected by the unoptimized code.

Now we introduce a new assignment ID for AST node types that include
an assignment (Assignment, CountOperation, and ForInStatement) and use
it for the side effect of the store.

Review URL: http://codereview.chromium.org/5682010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-13 16:29:47 +00:00
ricow@chromium.org
ad0401174a Temporarily disable mjsunit/array-splice (issue 969)
Disabling this to get the waterfall green, Kevin knows what the issue
is and is working on a fix.


Review URL: http://codereview.chromium.org/5752005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5980 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-13 12:10:41 +00:00
lrn@chromium.org
94bb378ee5 Make RegExp character class match JSC.
See http://trac.webkit.org/changeset/73594

Review URL: http://codereview.chromium.org/5723002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5974 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-13 08:33:32 +00:00
vegorov@chromium.org
65f98b1e7a Fix issue 962.
SplitBetween (formely known as Split with 3 arguments) should select split position from [start, end] instead of [start, end[. This should also improve allocation quality (remove certain redundant move patterns).

Also some minor renaming and refactoring to make register allocator code more readable.

BUG=v8:962
TEST=test/mjsunit/regress/regress-962.js

Review URL: http://codereview.chromium.org/5720001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-10 14:25:10 +00:00
ager@chromium.org
eb8e1d9d0e Change test script to make it easy to run crankshaft tests on ARM and
x64 where crankshaft is not the default. Add ability to add custom
expectations for running in this special crankshaft mode.

The expectations are not updated in this change. There are a couple of
bugs that I would like to fix before doing that. Otherwise the lists
will be very long. :)

Review URL: http://codereview.chromium.org/5787001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5962 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-10 12:05:28 +00:00
lrn@chromium.org
c0df3f0a23 Fix issue 965.
Review URL: http://codereview.chromium.org/5773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-10 11:27:15 +00:00
lrn@chromium.org
6691d531ab Revert 5911 (RegExp fail on invalid range syntax).
Review URL: http://codereview.chromium.org/5703001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5953 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-09 12:07:52 +00:00
mikhail.naganov@gmail.com
670aea0218 Remove log compression support.
This is no longer used in Chromium, and only pollutes code.

BUG=859

Review URL: http://codereview.chromium.org/5575006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 13:24:22 +00:00
kmillikin@chromium.org
e0d3f6afdf Be more careful about exiting inlined functions in a test context.
When falling off the end of a function inlined in a test context, we cannot
constant fold the test of undefined away. The graph builder assumes that
control flow always reaches both branches of a test.

Instead, explicitly test and branch on "undefined". Introduce a pair of
empty blocks to hold the necessary LeaveInlined instructions.

Review URL: http://codereview.chromium.org/5566005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 12:07:40 +00:00
kasperl@chromium.org
90b3370374 Update V8 to version 3.0 (re-land r5920).
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 11:31:57 +00:00
kasperl@chromium.org
51b494d096 Revert r5920. Will re-land shortly.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 11:01:02 +00:00
kasperl@chromium.org
e5860bd6a8 Update V8 to version 3.0.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 09:11:56 +00:00
sandholm@chromium.org
209eb1c219 Improved JSON stringify.
Review URL: http://codereview.chromium.org/5578004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-06 15:41:07 +00:00
lrn@chromium.org
be20c55b3e Change RegExp syntax to fail on invalid ranges like [\d-x], [x-\d] and [\d-\d].
The previous behavior was to treat the "-" as verbatim if the range was invalid.
This change matches the JSC changeset http://trac.webkit.org/changeset/72813/

Review URL: http://codereview.chromium.org/5464001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5911 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-02 08:02:37 +00:00
lrn@chromium.org
7be18f702b make DateParser::TimeComposer handle 1-2 digits millisecond values
see http://code.google.com/p/v8/issues/detail?id=944
This patch makes DateParser::TimeComposer process times that have
millisecond values with only 1 or 2 digits.

Without this patch, Date.parse("2010-11-25T22:02:30.5") returns
1290690150005 and
Date.parse("2010-11-25T22:02:30.5") == Date.parse("2010-11-25T22:02:30.005")
evaluates to true.

With this patch, Date.parse("2010-11-25T22:02:30.5") returns
1290690150500 instead, and
Date.parse("2010-11-25T22:02:30.5") == Date.parse("2010-11-25T22:02:30.005")
evaluates to false.

Review URL: http://codereview.chromium.org/5336005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-26 11:48:35 +00:00
lrn@chromium.org
ecf0d85a8e Fix off-by-one in hex-parsing.
Review URL: http://codereview.chromium.org/5129002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-18 13:50:21 +00:00
sgjesse@chromium.org
010f35f478 Change the order of evaluation of sub-expressions for keyed call
The expression of the key is now evaluated before the arguments, so all expressions in a keyed call are evaluared from left to right.

BUG=http://code.google.com/p/v8/issues/detail?id=931
TEST=test/mjsunit/regress/regress-931.js
Review URL: http://codereview.chromium.org/5161002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-17 13:59:07 +00:00
lrn@chromium.org
0464b33625 Fix bug in parser that allows "(foo):42" as a labeled statement.
Fixes issue 918.

Review URL: http://codereview.chromium.org/5044003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-16 12:10:48 +00:00
vitalyr@chromium.org
87834f8cf0 Make String.prototype.split honor limit when separator is empty.
BUG=929

Review URL: http://codereview.chromium.org/4750003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5806 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-10 12:34:28 +00:00
vegorov@chromium.org
20d3aad5ae Add check for overflow after MUL operations in side-effect free int32 expressions.
BUG=http://code.google.com/p/v8/issues/detail?id=927
TEST=test/mjsunit/regress/regress-927.js

Review URL: http://codereview.chromium.org/4746001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-09 19:32:49 +00:00
vegorov@chromium.org
746d72420c Improve positions recording for calls.
Review URL: http://codereview.chromium.org/4469002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5768 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-04 15:12:03 +00:00
lrn@chromium.org
62302a533d Fix issue 924 - splitting the empty string.
Review URL: http://codereview.chromium.org/4483001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-04 10:24:17 +00:00
erik.corry@gmail.com
7fc68c0399 Stop running some liveedit tests (see issue 915).
Plug tiny memory leaks in test-lock.cc.
Review URL: http://codereview.chromium.org/4161005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-29 07:10:14 +00:00
erik.corry@gmail.com
a448c13cdb Add gc() calls to some tests to please valgrind.
Review URL: http://codereview.chromium.org/4116005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5724 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-28 08:43:47 +00:00
karlklose@chromium.org
1b0e2597e8 Fix a bug that prevents constants from overwriting function values in object literals.
BUG=http://code.google.com/p/v8/issues/detail?id=907

Review URL: http://codereview.chromium.org/4004006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-27 11:37:59 +00:00
lrn@chromium.org
938d88e193 Separate JSON parsing from the JavaScript parser.
Switch JSON parsing to creating the value directly instead of createing
code to create the value.

Review URL: http://codereview.chromium.org/4135004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-27 09:19:43 +00:00
vitalyr@chromium.org
e197c930e1 Faster ascii string case conversion.
Review URL: http://codereview.chromium.org/4189001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-26 18:14:45 +00:00
erik.corry@gmail.com
0dcaac1939 Make Failure inherit from MaybeObject instead of Object.
Review URL: http://codereview.chromium.org/3970005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-25 15:22:03 +00:00
erik.corry@gmail.com
963cc2e49c Fix GC error in ES5 read-only properties implementation.
Review URL: http://codereview.chromium.org/3920005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-20 13:19:03 +00:00
erik.corry@gmail.com
852016c118 Fix the --noinline-new flag on ARM so that it forces us into C++ code
on every allocation.  Fix three places where the generated code couldn't
cope with an unlucky GC.
Review URL: http://codereview.chromium.org/3872003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-20 12:01:17 +00:00
lrn@chromium.org
484b9df414 Limit end-anchored regexps to testing end of string where possible.
Review URL: http://codereview.chromium.org/3844006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-19 14:00:01 +00:00
lrn@chromium.org
00e23b719d Revert revision 5657.
TBR: erik.corry

Review URL: http://codereview.chromium.org/3812012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-19 10:37:54 +00:00
lrn@chromium.org
f80da64d36 Use finite-length end-anchored regexps to reduce part of regexp that is searched.
Review URL: http://codereview.chromium.org/3850005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-19 09:42:40 +00:00
whesse@chromium.org
e08e43691a Fix bug in comparison of two smis that differ by MIN_SMI on full compiler on all platforms.
Review URL: http://codereview.chromium.org/3767016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-18 14:04:28 +00:00
whesse@chromium.org
a8455f0424 Do not return the constant singleton float -0.0 from UnaryOpStub, because it may be overwritten, on X64 platform.
Review URL: http://codereview.chromium.org/3748007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-15 14:50:49 +00:00
erik.corry@gmail.com
759a87b520 Fix new-space-too-small test crash on 64 bit VM.
Review URL: http://codereview.chromium.org/3778009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-15 10:45:18 +00:00
erik.corry@gmail.com
d22965c49d Fix creation of an exception to avoid rare GC corner case.
Review URL: http://codereview.chromium.org/3782009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-15 07:54:20 +00:00
lrn@chromium.org
d5ac565882 Restructure RegExp exec cache code.
Review URL: http://codereview.chromium.org/3778004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-14 12:54:00 +00:00
lrn@chromium.org
6c0cde67bc Fix bug in cache handling of lastIndex on global regexps.
Review URL: http://codereview.chromium.org/3745005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-14 08:51:20 +00:00
lrn@chromium.org
a556a16f0f Fix bad cast in string-search.h.
Review URL: http://codereview.chromium.org/3530004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-01 09:08:52 +00:00
erik.corry@gmail.com
d46fb9d454 New attempt to make the allocation routines 64 bit clean.
This one has been approved by the 64 bit compiler in MSVC
2005 so I hope it also passes the 2008 version.

The --max-new-space-size option is now in kBytes.
The --max-old-space-size option is now in MBytes.

Some issues remain with 64 bit heaps and the counters.  See
http://code.google.com/p/v8/issues/detail?id=887
Review URL: http://codereview.chromium.org/3573005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5559 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-30 07:22:53 +00:00
erik.corry@gmail.com
2d0c23bc82 Revert attempt to make heap size 32/64 clean. This change needs to
be done from Windows where the compiler is stricter about truncating
changes.
Review URL: http://codereview.chromium.org/3454035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-28 12:49:25 +00:00
erik.corry@gmail.com
28d7064856 More correctness around PrintF and 32/64 bit values.
Fix test after 64 bit heap size change.
Review URL: http://codereview.chromium.org/3432032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-28 11:44:30 +00:00
erik.corry@gmail.com
f1635606df Use intptr_t instead of int for heap sizes. This is a step towards
removing the 1Gbyte limit.
Review URL: http://codereview.chromium.org/3418035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5542 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-28 10:35:47 +00:00
vitalyr@chromium.org
1982f9d257 Custom call IC for Math.abs.
Review URL: http://codereview.chromium.org/3446024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-27 23:41:41 +00:00
vitalyr@chromium.org
48fd3dcaf9 Fix copy-on-write assert by setting the new array map early.
BUG=876

Review URL: http://codereview.chromium.org/3466013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-23 12:23:35 +00:00
vegorov@chromium.org
622351fedd Fix getOwnPropertyDescriptor() support for index properties.
Add support for index properties with getters, setters or indexed interceptors.

For indexed interceptor case only fix crashes, do not guarantee any semantic soundness. Separate issue opened for this http://code.google.com/p/v8/issues/detail?id=877

BUG=http://code.google.com/p/v8/issues/detail?id=874

Review URL: http://codereview.chromium.org/3462005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-23 11:25:01 +00:00
lrn@chromium.org
0dece535d9 RegExp: Fix caching to correctly set lastIndex.
BUG: 52801

Review URL: http://codereview.chromium.org/3389022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-22 11:22:57 +00:00
vitalyr@chromium.org
a6bbe9820e Custom call IC for Math.floor.
Review URL: http://codereview.chromium.org/3327022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-21 12:54:12 +00:00
yurys@chromium.org
b2f444f6e6 Use //@ sourceURL when formatting stack trace
BUG=672
Review URL: http://codereview.chromium.org/3444011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5498 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-20 15:55:28 +00:00
lrn@chromium.org
3b8235b306 Make some runtime arguments checks be RUNTIME_ASSERT, not ASSERT.
Review URL: http://codereview.chromium.org/3411013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-17 08:34:53 +00:00
kaznacheev@chromium.org
eef3bd7c04 Prevent inline constructor generation when duplicate properties are present in the constructor.
Currenly the constructor like this:
function f() {
  this.a = 0;
  this.a = 1;
  this.a = 2;
}
creates a map with duplicate desciptors which is bad in many ways.


Review URL: http://codereview.chromium.org/3434004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5476 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-16 10:55:37 +00:00
fschneider@chromium.org
e91a352d02 Fix a regression in character-at stub when doing a keyed load on a string.
Loading from out-of-range has to go to the runtime system to check if there
exists a property with that index in the prototype.

Review URL: http://codereview.chromium.org/3410011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-16 09:18:08 +00:00
lrn@chromium.org
84d8115ecf Fix bug in Array.prototype.indexOf/lastIndexOf when called on non-sparse non-arrays.
Review URL: http://codereview.chromium.org/3358025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5439 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-10 08:21:01 +00:00
lrn@chromium.org
ac2ae05f85 make Date.parse properly handle TZ offsets
This makes, e.g., Date.parse("2010-08-31T22:35:36-09:00") work as
expected. Without this change, the "-9:00" timezone-offset portion
causes V8 to fail to properly parse that string into a date.
BUG=http://code.google.com/p/v8/issues/detail?id=857
TEST=Try Date.parse("2010-08-31T22:35:36-09:00") and make sure
that it gets parsed without errors and does not return NaN.

Review URL: http://codereview.chromium.org/3318017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5436 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-10 07:00:28 +00:00
vitalyr@chromium.org
624b13a804 Custom call IC for String.fromCharCode.
Review URL: http://codereview.chromium.org/3291015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-09 13:38:01 +00:00
lrn@chromium.org
d1a674f7c1 Add sparse array handling to Array.protoype.indexOf/lastIndexOf.
Review URL: http://codereview.chromium.org/3132046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5432 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-09 12:57:32 +00:00
kaznacheev@chromium.org
73c02394bf Avoid pushing arguments twice in GenericBinaryOpStub.
Under some conditions (ADD, non-number arguments passed in registers)
GenerateRegisterArgumentsPush was called twice and the stack broke.

Review URL: http://codereview.chromium.org/3290012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-07 13:33:40 +00:00
serya@chromium.org
e54ad9ee86 Removing a wrong check.
A strings which represents an array index with length 8 and 9 digits do not pass this check. However generated hash is valid.

Review URL: http://codereview.chromium.org/3295017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-07 11:32:20 +00:00
vitalyr@chromium.org
62f7cd8500 Handle argument conversion in StringAddStub.
In case one of the arguments is known to be a string we emit a few
fast conversion attempts for the other.  This allows using the
StringAddStub instead of STRING_ADD_{LEFT,RIGHT} builtins.

Review URL: http://codereview.chromium.org/3338007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5405 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-03 12:10:44 +00:00
lrn@chromium.org
6670c0ad38 Make JSON.stringify not quote non-ASCII characters. Fix bug 855.
Review URL: http://codereview.chromium.org/3336001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5398 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-09-02 07:09:28 +00:00
erik.corry@gmail.com
663f378da5 Get gcc to check that we don't ignore return values of functions that can
fail to allocate because we need a GC.
Review URL: http://codereview.chromium.org/3274008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-31 08:05:42 +00:00
ager@chromium.org
d955b212b5 Follow Safari and Firefox in returning empty array from array splice
with no arguments.

Review URL: http://codereview.chromium.org/3277005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-30 18:08:50 +00:00
vegorov@chromium.org
3d60cc34af Fix regress-851.js to use assertNull instead of assertFalse.
Review URL: http://codereview.chromium.org/3232002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5365 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-27 13:23:14 +00:00
vegorov@chromium.org
f059093562 Check result of JSObject::NormalizeElements() in JSObject::PreventExtensions().
Normalization requires allocation so Failure object can be returned.

BUG=http://code.google.com/p/v8/issues/detail?id=851
TEST=test/mjsunit/regress/regress-851.js

Review URL: http://codereview.chromium.org/3262001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5364 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-27 13:06:50 +00:00
serya@chromium.org
71548e969b Using array index hash code for string-to-number conversion.
Review URL: http://codereview.chromium.org/3141022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-27 11:47:12 +00:00
ricow@chromium.org
7672338bc9 Fixes bug in Object.freeze and Object.seal causing them to misbehave when Array.prototype has changed.
Object.freeze and Object.seal uses GetOwnPropertyNames which
returns an array with local property names. This array will also have
the additional properties defined on Array.prototype or
Object.prototype.

Note that, the implementation of GetOwnPropertyNames (when used as
Object.getOwnPropertyNames) is correct, since the spec says to create
a new Array (which would also have these properties).

Review URL: http://codereview.chromium.org/3137041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-26 08:35:49 +00:00
ricow@chromium.org
3543dd53a4 Refactor the tools/test.py script and related testcfg.py files.
This makes it possible to run several variants of the tests (with different flags that is) by adding extra lists to the VARIANT_FLAGS list. In addition, there is a number of smaller refactorings. 


Review URL: http://codereview.chromium.org/3164023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5329 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-24 13:34:59 +00:00
erik.corry@gmail.com
8682804746 Fix an issue in the ARM port where a left shift was predicted to have a Smi result when it had an int32 result. This is a commit of http://codereview.chromium.org/3195004 for Rodolph Perfetta. Part 2
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5316 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-23 09:04:31 +00:00
lrn@chromium.org
0210df5848 Use Copy-on-write arrays for cached regexp results.
Review URL: http://codereview.chromium.org/3158020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-20 09:37:22 +00:00
erik.corry@gmail.com
702780ee9a Make the Integer32 type info only cover the signed 32 bit integers.
Fix some bit op bugs introduced last week on IA32:
http://code.google.com/p/chromium/issues/detail?id=52096
Review URL: http://codereview.chromium.org/3151017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-16 15:08:32 +00:00
erik.corry@gmail.com
e18d07b604 ARM: Ensure that we are not in a spilled scope when calling
Load() or constructing a reference.
Review URL: http://codereview.chromium.org/3125011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-16 11:43:30 +00:00
peter.rybin@gmail.com
6fa44eb979 LiveEdit: implement stack manipulations for x64
Review URL: http://codereview.chromium.org/3120011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-13 13:54:28 +00:00
sgjesse@chromium.org
56e0221754 Handle accessors when generating Error.stack
BUG=http://code.google.com/p/v8/issues/detail?id=798
TEST=test/mjsunit/regress/regress-798.js
Review URL: http://codereview.chromium.org/3082012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-13 08:31:52 +00:00
sgjesse@chromium.org
5cd4a9b78d Remove runtime function from fuzzing
Don't do fuzzing of _IsStringWrapperSafeForDefaultValueOf as it expects a non-smi as its first argument.
Review URL: http://codereview.chromium.org/3109010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5253 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-12 14:38:50 +00:00
sgjesse@chromium.org
8e0cd6db8a Handle overwriting valueOf on String objects correctly when adding
This adds a check to the fast case string add to ensure that the String object still have the default valueOf function. The default valueOf is sitting on a hidden prototype of String.prototype.

Before using the fast case valueOf the object is checked for a local valueOf property. For slow case objects this check always reports true (the dictionary is not probed, so valueOf might be there) and for fast case objects the descriptor array is checked for the valueOf symbol (just liniar scan). After that the prototype is checked for beeing the initial value of String.prototype. If this all pass (that is the default valueOf is still in place) this result is cached on the map making the check fast the next time.

This is only implemented in the optimizing compiler, as the two usages of %_IsStringWrapperSafeForDefaultValueOf is never hit by the full compiler.

I will port to x64 and ARM when this has been reviewed for ia32.

I will remove the performance counters prior to final commit.

BUG=http://code.google.com/p/v8/issues/detail?id=760
TEST=test/mjsunit/regress/regress-760-1.js
TEST=test/mjsunit/regress/regress-760-2.js

Review URL: http://codereview.chromium.org/3117006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-12 13:43:08 +00:00
sgjesse@chromium.org
fcfe6d74d9 Minor change to for-in
Return (smi) 0 instead of object null from the FILTER_KEY builtin.

Add a test which tests keys being deleted during for-in.
Review URL: http://codereview.chromium.org/3170004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-11 13:46:10 +00:00
lrn@chromium.org
6267578925 Removed support for object literal get/set with number/string property name.
It doesn't work correctly for array indices.

Review URL: http://codereview.chromium.org/3109002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-10 12:44:13 +00:00
erik.corry@gmail.com
bdfdf8bee9 Fix fuzzer-found error where left and right were the same register in bitops.
Review URL: http://codereview.chromium.org/3115004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-10 12:30:14 +00:00
ricow@chromium.org
44425bcc03 Change dos line endings to unix line endings in a number of mjsunit test files.
Review URL: http://codereview.chromium.org/3072031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-09 12:21:50 +00:00
lrn@chromium.org
53e22e386c Create a new RegExp object for every evaluation of a RegExp literal.
Changes necessary to following ES5 semantics and matching Safari - in ES3
the same RegExp object was generated by each evaluation of the RegExp literal.
Fixes bug 704.

Review URL: http://codereview.chromium.org/3034060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5198 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-06 13:04:27 +00:00
sgjesse@chromium.org
88b19a9d0c Re-apply r5165 (Added support for ES5's propertyname production)
TBR=lrn@chromium.org
Review URL: http://codereview.chromium.org/3073031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-06 08:03:44 +00:00
sgjesse@chromium.org
1844e149ab Revert r5165 (Added support for ES5's propertyname production)
This is to test in Chromium without this change.

TBR=lrn@chromium.org
Review URL: http://codereview.chromium.org/3027043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5182 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-05 14:46:34 +00:00
sgjesse@chromium.org
a1a3aa46a2 Object.seal(obj) and Object.freeze(obj) should return the input obj.
BUG=http://code.google.com/p/v8/issues/detail?id=809
TEST=Seal/freeze an object and check if Object.seal and Object.freeze returns the given object.

Burcu Dogan <burcujdogan@gmail.com>

Review URL: http://codereview.chromium.org/3056049


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-05 10:56:15 +00:00
lrn@chromium.org
24cf5459f5 Added support for ES5's propertyname production.
Object initialisers and dot-notation property access allows keywords in ES5.
Also allowed non-identifiers after "get" or "set" in an object initialiser.

Review URL: http://codereview.chromium.org/3047038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-02 12:09:10 +00:00
vegorov@chromium.org
4a2f05ce35 Fix issue 806.
Ensure that we are not using r12 as a receiver in inlined NamedStore code.

Review URL: http://codereview.chromium.org/3081007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5162 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-08-02 09:14:44 +00:00
podivilov@chromium.org
c115a39942 Add debugger protocol request for setting global flags.
Review URL: http://codereview.chromium.org/2880011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5148 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-28 15:50:05 +00:00
podivilov@chromium.org
52762e4c59 Breakpoint position should be inside function body.
Review URL: http://codereview.chromium.org/2883042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-28 13:02:03 +00:00
whesse@chromium.org
3607a9e78e Fix error in optimized x.apply(y, arguments) code generation on ARM. Fixes issue 784. Adds regression test.
Review URL: http://codereview.chromium.org/3048035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-28 12:50:27 +00:00
peter.rybin@gmail.com
30b85b3962 Fix break position not to be outside of the script
Review URL: http://codereview.chromium.org/3017021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5131 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-23 17:21:55 +00:00
ricow@chromium.org
e084e56129 Implement Function.prototype.bind (ES5 15.3.4.5).
Please note that we do not implement correctly the setting of caller
and arguments on the returned objects, since we already have these
properties on function objects (and they are non-configurable).

Also corrects indention in DefineOwnProperty.

Review URL: http://codereview.chromium.org/3046010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5124 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-23 10:08:55 +00:00
whesse@chromium.org
9991a4b226 Fix issue 785. For-in now works on strings: for (var i in "asdf") now works
all the time, not just the first time it is run.
Review URL: http://codereview.chromium.org/3037008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-19 12:45:21 +00:00
ricow@chromium.org
f5f0b80363 Implement ES5 Object.seal and Object.isSealed.
This change adds the ES5 Object.seal 15.2.3.8 and Object.isSealed 15.2.3.11 methods.

Review URL: http://codereview.chromium.org/2993006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5072 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-15 07:51:14 +00:00
serya@chromium.org
1b9391be7a Fix GenerateNegativeLookup to work with non-symbols as a dictionary key.
Review URL: http://codereview.chromium.org/2928009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-15 06:17:45 +00:00
whesse@chromium.org
cb1eedd269 Fix error in x64 fast smi loops, change 4998.
Review URL: http://codereview.chromium.org/2925012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-14 13:22:47 +00:00
ricow@chromium.org
e2fab5fd9f Fix bug in Object.isFrozen which always classifies non-extensible objects as frozen.
Since out internal representation of a property descriptor does not have configurable and writable 
attributes Object.isFrozen returns true whenever an object is not extensible.
This change makes use of the right method calls on our internal representation (isWritable() and 
isConfigurable()). Tests added directly to the mjsunit test.


Review URL: http://codereview.chromium.org/2904015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-14 13:15:43 +00:00
ricow@chromium.org
325fd42c3f Add ES5 Object.freeze and Object.isFrozen methods.
This change adds ES5 15.2.3.9 Object.freeze and 
15.2.3.12 Object.isFrozen

Review URL: http://codereview.chromium.org/2944016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5055 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-13 12:58:02 +00:00
ager@chromium.org
0f4a330508 Fix JSON.parse typo which causes the input not to be string converted.
Review URL: http://codereview.chromium.org/2981004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-13 10:57:45 +00:00
ager@chromium.org
f6e049b0ce Remove the special error message for overflows when using
Function.prototype.apply.  This avoids having more than one error
message for stack overflow situations which makes testing a pain.

Review URL: http://codereview.chromium.org/2967003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5045 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-12 15:29:25 +00:00
whesse@chromium.org
f7c85755ba Prevent invalid pre-parsing data passed in through the API from crashing V8.
Review URL: http://codereview.chromium.org/2876046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5030 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-07 10:28:22 +00:00
erik.corry@gmail.com
118a421067 Simplify the transitions in the Binary Op ICs. Now a single call
to the runtime will both patch in the more specialized binary op
stub and calculate the answer.  This eliminates the need to call
both the rest of the binary op and the patching runtime call.  The
runtime routines are altered to be more agressive in returning
Smis so we don't get spurious heap numbers as inputs to binary ops
while we are patching the binary op ICs.
Review URL: http://codereview.chromium.org/2843049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-06 12:56:55 +00:00
vitalyr@chromium.org
7b521af105 Fix crash: handle all flat string types in regexp replace.
Review URL: http://codereview.chromium.org/2868046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-06 12:22:19 +00:00
peter.rybin@gmail.com
6563b3a2fc Describe LiveEdit changes and support preview mode
Review URL: http://codereview.chromium.org/2883020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5015 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-02 20:46:04 +00:00
ager@chromium.org
06a28cbe57 Fix bug in date code (issue 736) where -0 was not mapped to 0. This caused the
runtime system to throw an exception because it expected smi arguments.


Review URL: http://codereview.chromium.org/2848038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5013 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-02 20:09:33 +00:00
ricow@chromium.org
eed4ed99c8 Add ES5 Object.isExtensible and Object.preventExtensions.
Review URL: http://codereview.chromium.org/2819034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-02 14:36:34 +00:00
serya@chromium.org
c56b92d65d This change allows generating call-stubs for objects with normal (non-fast) objects in the prototype chain. StubCompiler::CheckPrototypes does ne
If the top level object is a normal object the stub is stored in its prototype map.

Lookup result of type NORMAL is not covered (since the normal stub currently doesn't check the prototype chain).
Review URL: http://codereview.chromium.org/2801018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5010 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-07-02 14:15:04 +00:00
sgjesse@chromium.org
97ecc50377 ARM: Correctness fix to Math.pow optimization
The change in r4990 contained a bug in Math.pow when then exponent was a large negative smi. In that case calculating 1/Math.pow(x,-y) did not provide the correct result as Math.pow(x,-y) would overflow ti infinity. This was caught by Sputnik test S8.5_A13_T1.
Review URL: http://codereview.chromium.org/2815039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-30 15:19:06 +00:00
ager@chromium.org
6044b33766 Implement IC for storing to dictionary case objects.
The IC stub is completely generic, so there will only be one such stub
in the system.

Added a new overloaded version of the macro assembler RecordWrite
method for cases where we have the address we store to computed up
front.

Review URL: http://codereview.chromium.org/2804029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4991 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-30 12:27:49 +00:00
sgjesse@chromium.org
ff6c4fe680 ARM: Special code for raising to the power of an integer
When calculating Math.pow where the exponent is a smi use a simple loop to calculate the result.

Added support for the vmov instruction moving from one doubleword extension register to another.

Added some Math.pow tests which partially covers what is in the Sputnik tests.
Review URL: http://codereview.chromium.org/2804033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-30 12:22:15 +00:00
sgjesse@chromium.org
65018d9123 ARM: Use the vsqrt instruction when available
vsqrt is used to calculate Math.sqrt(x), Math.pow(x, 0.5) and Math.pow(x, -0.5). Code size doesn't matter, as %_MathSqrt and %_MathPow are only called in one place each.
Review URL: http://codereview.chromium.org/2885002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4974 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-29 09:40:36 +00:00
ricow@chromium.org
eff34b9952 Update JSON.stringify to floor the space parameter (fixes issue 753).
Review URL: http://codereview.chromium.org/2877004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-29 07:22:40 +00:00
whesse@chromium.org
363060ca23 Ensure that ToPrimitive is called on all objects involved in comparisons <, <=, >, >=. Ensures that ToPrimitive is called when comparing an object to undefined. Fixes bugs on all platforms.
Review URL: http://codereview.chromium.org/2834022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-29 06:47:19 +00:00
podivilov@chromium.org
b2b140a525 Provide actual breakpoints locations in response to setBreakpoint and listBreakpoints requests.
Review URL: http://codereview.chromium.org/2799037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4965 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-28 12:09:29 +00:00
erik.corry@gmail.com
bcfaba24c1 Do integer mod via sum-of-digits technique. This benefits the date
code.
Review URL: http://codereview.chromium.org/2876011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-28 11:47:23 +00:00
ricow@chromium.org
faaf524445 Fixes bug in Array.prototype.lastIndexOf when called with null or undefined as fromIndex argument. (fixes issue 754).
Review URL: http://codereview.chromium.org/2840021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4950 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-25 09:28:38 +00:00
ager@chromium.org
b71fe5b61e Fix bug in JSON.stringify where Boolean objects are incorrectly
unwrapped.

This fixes issue 752.
Review URL: http://codereview.chromium.org/2845023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4946 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-25 07:45:52 +00:00
lrn@chromium.org
7b46a1f49d Fix bug in regexp exec with global regexps.
Review URL: http://codereview.chromium.org/2826020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4945 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-25 07:00:29 +00:00
whesse@chromium.org
d0a9f76261 Fix error in for-in on x64 platform using full compiler with keyed store IC.
BUG=v8:748

http://code.google.com/p/v8/issues/detail?id=748

Review URL: http://codereview.chromium.org/2810027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-24 14:02:36 +00:00
erik.corry@gmail.com
ca8298273a ARM: Fix bug introduced in 4783 (2.2.15) that caused the
result of 1 << x to be miscalculated for some inputs.
Review URL: http://codereview.chromium.org/2848021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-23 13:44:11 +00:00
ricow@chromium.org
be531accc0 Add regression test for the code flushing in issue 474 (which was
fixed in revision 4921).

This also enables codeflushing by default.

Review URL: http://codereview.chromium.org/2829020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-23 08:02:06 +00:00
lukezarko
aade86e044 Make the apply.js unit test more resilient to differing stack positions.
More information is at http://code.google.com/p/v8/issues/detail?id=742

Review URL: http://codereview.chromium.org/2835014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-22 22:20:58 +00:00
vitalyr@chromium.org
3cafa65462 Track ascii-ness of data in externalized strings.
If a two-byte string only contains ascii characters, then we can save
memory when flattening a cons string containing it. Similarly we can
use this in Array.prototype.join implementation. To track this a new
bit is added to instance type. This bit is used as a hint in generated
code and in runtime functions.

To enable testing a new V8 extension is added controlled by
--expose-externalize-string flag.

Review URL: http://codereview.chromium.org/2762008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-17 16:19:28 +00:00
podivilov@chromium.org
7808d45af5 Fix a bug when top level break points fall into the last function in script.
Review URL: http://codereview.chromium.org/2824007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-17 12:47:08 +00:00
podivilov@chromium.org
f5fdef253b Save actual break point location to script break point object.
Review URL: http://codereview.chromium.org/2864003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-16 14:50:07 +00:00
kaznacheev@chromium.org
b251f14782 Port KeyedCallIC implementation to x64 and ARM.
Also edited ic-ia32.cc for clarity and better formatting.

Review URL: http://codereview.chromium.org/2853003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-16 10:03:47 +00:00
ricow@chromium.org
de512af068 Add support for elements and array indices in Object.defineProperty
(fixes bug 619).

This also fixes a bug in GetOwnProperty in runtime.cc discovered by
the new test cases. That part of the code was not testable before
since we had no way of correctly defining properties on elements.

Review URL: http://codereview.chromium.org/2832001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4862 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-14 13:55:38 +00:00
sgjesse@chromium.org
e045ca6898 Better handling of stepping out of a function
With the change in r4820 all return statements are now breakable like any statement, so stepping will stop before the return statement actually returning from a function. With this change the position when breaking in the function return (after executing the return statement) will be the actual end of the function. At this point the return value is available as it saved to the stack by the debug break at return handling. Added information on the actual value returned from the function to the debugger.
Review URL: http://codereview.chromium.org/2783002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-10 09:02:16 +00:00
kaznacheev@chromium.org
1dec9199ca Add logic from KeyedLoadIC generic stub to KeyedCallIC megamorphic stub.
This should make access faster for arrays of functions.

Review URL: http://codereview.chromium.org/2754003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-10 05:06:39 +00:00
sgjesse@chromium.org
634fb9152c More precise break points and stepping when debugging
Added support for more precise break points when debugging and stepping. To achieve that additional nop instructions are inserted where breaking would otherwise be impossible. The number of nop instructions inserted are sufficient to make place for patching with a call to a debug break code stub. On Intel that is 5 nop's for 32-bit and 13 for 64-bit. Om ARM 3 nop instructions (12 bytes) are required.

In order to avoid inserting nop's in to many places a simple ast checker have been added to check whether there are breakable code in a statement or expression. If it is possible to break in an expression no additional break enabeling code is inserted.

Added break locations to the true and false part of a conditional expression.

Added stepping tests to cover more constructs.

These changes are only in the full compiler.

Changed the default value for the option --debugger in teh d8 shell from true to false. The reason for this is that with --debugger turned on the full compiler will be used for all code in when running d8, which can be unexpeceted.

Review URL: http://codereview.chromium.org/2693002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-08 12:04:49 +00:00
ricow@chromium.org
e0bbcf1e6e Fix bug in mjsunit/const-eval-init causing objects to be initialized to undefined.
In mjsunit/const-eval-init - testInitSlowCaseExtension a range of objects are initialized to undefined instead of a value because the variable i is within quotes (i.e., the source becommes "a1 = i" instead of "a1 = 1".

This should have no impact on the test, I just stumbled over this on
an unrelated matter.

Review URL: http://codereview.chromium.org/2758002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-08 11:20:36 +00:00
vegorov@chromium.org
1d932dcc6e Add regression tests for issues 728, 732
TBR=lrn@chromium.org

Review URL: http://codereview.chromium.org/2698004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4807 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-07 10:54:42 +00:00
kaznacheev@chromium.org
ff61618c4b Extend CallIC to support non-constant names.
This speeds up constructs like this: 
var zz='replace'; '123'[zz]('3','4');

Review URL: http://codereview.chromium.org/2280007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-07 08:27:32 +00:00
ager@chromium.org
723bed3105 Optimize calls to evals. Most of the time there is no reason to
perform a context lookup in the runtime system for the 'eval'
function. Instead load the 'eval' function from the global context in
generated code if it is not shadowed.

Will port to other platforms as a separate change.

Review URL: http://codereview.chromium.org/2666001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-04 10:19:19 +00:00
vitalyr@chromium.org
6c74d30f83 Fix double to integer conversions in runtime string indexing.
Review URL: http://codereview.chromium.org/2577001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-03 11:31:19 +00:00
vitalyr@chromium.org
3ec0b86495 Make StringCharCodeAt runtime function do what it name implies and not
just indexed string access.

The difference is that String.prototype.charCodeAt accepts any number
as an index, whereas string[] only accepts array indices.

Review URL: http://codereview.chromium.org/2467006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-03 09:32:07 +00:00
whesse@chromium.org
019b8c4511 Change the interface of LoadIC on the x64 platform to take its arguments in registers.
Review URL: http://codereview.chromium.org/2330003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-31 13:26:12 +00:00
ricow@chromium.org
5058db86c4 Add support for getOwnPropertyDescriptor on array indices (fixes issue 599).
This fix adds support for retriving a property descriptor on elements. The
new version supports both fast and slow case elements. In the fast case
we always default configurable, writable, enumerable to true (we don't have
PropertyDetails for fast elements).

A few new tests are added to get-own-property-descriptor.js, I will
add a lot more to object-define-property when I add support for indices in
Object.defineProperty.


Review URL: http://codereview.chromium.org/2278002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4738 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-27 07:43:43 +00:00
vitalyr@chromium.org
64bc39a726 Fix: make string indexing work with Infinity.
NumberToUint32 that I was trying to use maps -0 to +0 (as desired) but
also maps +/-Infinity to +0, which made +/-Infinity a valid string
index. I fixed it by introducing a new runtime function with the right
semantics.

TEST=LayoutTests/fast/js/char-at.html,mjsunit/string-charat.js

Review URL: http://codereview.chromium.org/2223003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-26 16:11:30 +00:00
vitalyr@chromium.org
ad0e38909f Custom call IC-s for String.prototype.{charAt,charCodeAt}.
These string methods can be composed from two basic blocks: charCodeAt
and fromCharCode, both of which have fast cases for certain types of
inputs. In this patch these two blocks are refactored to allow
generating the fast cases without having to jump around the slow
cases. In the slow cases since they can now be invoked both from
inline runtime functions and from IC stubs we either have to
save/restore state of the current frame or enter/leave a new internal
frame. This is handled by new RuntimeCallHelper interface. Its
implementation for virtual frame is based on FrameRegisterState class
extracted from DeferredCode class.

Review URL: http://codereview.chromium.org/2087009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-26 14:23:19 +00:00
ricow@chromium.org
95939ada29 Fix issue 720 making Object.defineProperty handle existing writable flags correctly.
The existing version will overwrite the existing writable flag with
false even in the case where no new value is given and the existing
writable flag is true.

The reason for the issue is that there is no check to see if the
provided descriptor actually has a writable attribute. This causes us
to use the default value (false) even in the case where nothing was
provided. In addition, the existing tests makes wrong assumptions (that writable is always set to false if not provided) and has been changed to follow the specification.

Review URL: http://codereview.chromium.org/2271001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4720 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-26 08:31:57 +00:00
ricow@chromium.org
7bbfc8fc53 Refactor the samevalue internal method and add tests for this method.
Noticing that the only difference between samevalue and strict equality is on
numbers we can simplify SameValue.

The old version did not return a correct answer if called on two strings since 
StringEquals (from runtime.cc) returns an answer that is the negated value 
(if treated as a boolean).


Review URL: http://codereview.chromium.org/2136024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-25 10:35:55 +00:00
ricow@chromium.org
fb58bc06c6 Fixes issue 712 causing non-configurable accessors to be overwritable by using
Object.defineProperty with empty property descriptor.

The issue is fixed by implementing step 5 and 6 from DefineOwnProperty in the
specification (ES5 8.12.9).

This also fixes a bug in SameValue when used on boolean values (it
would priorly return a number - not a boolean).

Review URL: http://codereview.chromium.org/2131019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-25 06:25:27 +00:00
whesse@chromium.org
ac60f498d2 Change keyed store IC interface on x64 to take value, key, and receiver in registers rather than on the stack.
Review URL: http://codereview.chromium.org/2111011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-20 15:09:21 +00:00
vitalyr@chromium.org
3260fb9465 Add stack traces to mjsunit tests.
Review URL: http://codereview.chromium.org/2094005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-14 10:00:24 +00:00
peter.rybin@gmail.com
07f95278e7 Apply "Update mjsunit.status rules for LiveEdit test" again
Review URL: http://codereview.chromium.org/2015017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-12 14:46:09 +00:00
antonm@chromium.org
e8e35eccac Properly process arrays with overridden prototype in various Array's functions.
Bailout to JS Array builtins if array's prototype is different from
Array.prototype.  Otherwise there might be inherited elements coming
from this prototype.

Review URL: http://codereview.chromium.org/2037008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-12 12:22:09 +00:00
peter.rybin@gmail.com
b49b954d32 Revert "Update mjsunit.status rules for LiveEdit test"
Review URL: http://codereview.chromium.org/2019007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-10 17:57:42 +00:00
peter.rybin@gmail.com
0b9fb1e0aa Update mjsunit.status rules for LiveEdit test
Review URL: http://codereview.chromium.org/1952001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-10 17:09:38 +00:00
ager@chromium.org
f54b7767c6 Implement fast load and call of arguments in the presence of eval.
Load the arguments object from the context if there are no extensions
objects on the way. Then load the argument with a keyed load ic.

Review URL: http://codereview.chromium.org/2033004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-10 12:20:06 +00:00
ricow@chromium.org
8d51195778 Fixed issue 619 allowing Object.create to be called with a function.
This change allows Object.create to take a function as input in the
proto argument. The spec says that Type(O) for the proto argument
should be true but our IS_OBJECT does not check for this. I will make a
IS_SPEC_OBJECT in macros.py and refactor v8natives in another CL.

Review URL: http://codereview.chromium.org/2051001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-09 08:43:59 +00:00
ricow@chromium.org
fb3e01a306 Correct issue 696 with Date.parse returning a value when called on a non date string.
The error was introduced in revision 4557 where support was added for
ES5 date time format strings. Because there was no check for a valid
year a random string starting with a non-digit character would be
parsed.

This change disallows ES5 formatted dates where there is no date
fraction (i.e., with only a timestamp). Since none of the other
browsers support Date.parse on only timestamps I have disabled this
totally instead of just correcting the parser.


Review URL: http://codereview.chromium.org/2017005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-07 11:53:20 +00:00
ager@chromium.org
856135af42 Implement fast calls of functions in the presence of eval (if the eval
calls do not introduce new bindings).

The infrastructure is already in place for fast loads from context
slots in the presence of eval.  This change simply uses that
infrastructure for calls as well as loads.

Review URL: http://codereview.chromium.org/2027002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-07 10:25:11 +00:00
erik.corry@gmail.com
d18b73c2fe Add a single-element global positive and negative cache to
the implementation of instanceof.
Review URL: http://codereview.chromium.org/1765012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-06 09:35:18 +00:00
whesse@chromium.org
1f13b58b97 Correct bug with left shift on X64 platform from change 4571 (http://code.google.com/p/v8/source/detail?r=4571). Speed up left shift with a constant left hand side on X64 platform. Add unit test for this bug. Remove unused failure target argument from MacroAssembler::SmiShiftLeft and MacroAssembler::SmiShiftLeftConstant.
Review URL: http://codereview.chromium.org/1934004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4598 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-06 08:15:15 +00:00
lrn@chromium.org
4fdf57ace0 X64: Faster push/pop implementation.
Also snuck in an intended optimization for fast api call preparation and a few indentation fixes.

Review URL: http://codereview.chromium.org/1689010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-04 13:23:58 +00:00
peter.rybin@gmail.com
5435396701 Make LiveEdit natives fuzzy
Review URL: http://codereview.chromium.org/1687022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-04 13:07:36 +00:00
ricow@chromium.org
6ceb02e6eb Added support for ES5 date time string format to Date.parse.
Review URL: http://codereview.chromium.org/1704016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4557 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-05-03 06:43:25 +00:00
antonm@chromium.org
55e32d2f3b Introduce faster swapping primitives.
Keyed store stub sits high in sorting profiles.

Swapping allows to save us additional type checks as we could both read and
write elmenets (on fast path) without them.

Review URL: http://codereview.chromium.org/1709008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4551 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-29 15:14:39 +00:00
dgozman@chromium.org
a0c1310479 Make Empty function to have no prototype and use it as __proto__ for all functions without prototype.
Review URL: http://codereview.chromium.org/1769013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-29 10:39:36 +00:00
podivilov@chromium.org
1872574f4d Port string keyed load IC improvements (r4444) to x64.
http://compute1.aar:9013/golem/r4502-v8-podivilov-string-char-at2-x64-vs-4502-v8-x64.html
Review URL: http://codereview.chromium.org/1750017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4542 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-28 17:16:51 +00:00
peter.rybin@gmail.com
6f099e4ce6 LiveEdit: clean JS sources a bit
Review URL: http://codereview.chromium.org/1697016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-28 13:29:07 +00:00
dgozman@chromium.org
8fee5e810a Added ability to remove prototype from function. In this case, [[Construct]] from function will not be allowed.
Added runtime function %FunctionRemovePrototype for this.
Removed prototypes from all builtin functions.
Some sputnik tests marked as fixed.
Added test to check builtins behavior.

Review URL: http://codereview.chromium.org/1722003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4536 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-28 12:05:40 +00:00
peter.rybin@gmail.com
80453231fe LiveEdit: breakpoints updates and fixes for related problems
Review URL: http://codereview.chromium.org/1800007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-28 11:38:43 +00:00
erik.corry@gmail.com
3206d70dec Fix search-for-string and replace global to avoid hangs
and spurious exceptions.
Review URL: http://codereview.chromium.org/1687013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-27 11:45:08 +00:00
lrn@chromium.org
1a0bb51069 Fix bug in word-boundary-lookahead followed by end-of-input assertion.
Review URL: http://codereview.chromium.org/1712013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-26 15:10:42 +00:00
antonm@chromium.org
6acdd84a61 Current custom call generators cannot cope with the case when receiver is not a JSArray.
Add a support for bailout from custom call generators (just return undefined).

BUG=684

Review URL: http://codereview.chromium.org/1699005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-26 15:08:07 +00:00
ricow@chromium.org
f066a9af40 Added regression test for crbug 40931 http://crbug.com/40931
Review URL: http://codereview.chromium.org/1756013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-26 13:26:11 +00:00
ricow@chromium.org
457d9024c6 Double max-new-space-size to 2^18 in binary-op-newspace to make the test run on linux 64 with snapshots on.
Review URL: http://codereview.chromium.org/1735014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4496 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-26 13:25:17 +00:00
ricow@chromium.org
1f5e78073a Change max-new-space-size to 2^17 (from 2^16) to make binary-op-newspace test run on linux 64.
Review URL: http://codereview.chromium.org/1780003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4494 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-26 12:58:20 +00:00
erik.corry@gmail.com
ed6817d58c Fix a bug where a GC at an unlucky moment caused a wrong
calculation on ARM.
Review URL: http://codereview.chromium.org/1733016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4491 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-26 11:06:37 +00:00
ager@chromium.org
c0f1f18f80 Fix bug in KeyedLoadIC generic stub where signed instead of unsigned
comparison was used.

Review URL: http://codereview.chromium.org/1769005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4485 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-23 12:57:41 +00:00
whesse@chromium.org
5db2af4873 Fix error in static type information computation for bitwise shift.
Review URL: http://codereview.chromium.org/1756007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-22 09:02:10 +00:00
sgjesse@chromium.org
968a524432 Add inlining of property load on ARM
Generate inlined named property load for in-object properties. This uses the same mechanism as on the Intel platforms with the map check and load instruction of the inlined code being	patched by the inline cache code. The map check is patched through the normal constant pool patching and the load instruction is patched in place.
Review URL: http://codereview.chromium.org/1715003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4468 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-22 07:18:30 +00:00
peter.rybin@gmail.com
af63e61605 Support multi-chunk differences
Review URL: http://codereview.chromium.org/1672006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4467 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-21 16:59:58 +00:00
antonm@chromium.org
0710de75c0 Fix one off error.
Proper condition to start eviction is when next possible index is equal
to cache length.

Review URL: http://codereview.chromium.org/1709001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4460 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-21 11:13:53 +00:00
lrn@chromium.org
0adfe842a5 Fix incorrect handling of global RegExp properties for nested replace-regexp-with-function.
Review URL: http://codereview.chromium.org/1695002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-21 08:33:04 +00:00
vitalyr@chromium.org
b8ba4deacc Reapply: Inline fast cases in string keyed load IC.
(Fixed handling of out-of-bounds keys.)

String keyed load used to call STRING_CHAR_AT builtin that performs
two steps (get a char code, construct a one-char string from the
code), both of which have fast cases implemented as inline runtime
functions. In this chage most of the code from these functions is
extracted to a set of common generator functions in StringStubBase and
the fast cases are grouped together in the IC code.

Review URL: http://codereview.chromium.org/1582041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4450 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-20 17:33:14 +00:00
ager@chromium.org
c678e44805 Add missing smi check in IC for nonexistent properties.
Add regression test.

BUG=v8:681
Review URL: http://codereview.chromium.org/1673005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4446 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-20 10:20:39 +00:00
peter.rybin@gmail.com
8fdc7a5ae1 LiveEdit: calculate a real script difference
Review URL: http://codereview.chromium.org/1652008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-19 16:08:26 +00:00
ager@chromium.org
afc15bb48f Reapply load ICs for nonexistent properties.
We need to be careful to check global property cells for the property
encountered during lookup.  Therefore, the ICs have to be specific to
the name of the property if global objects are involved.  In
principle, this means that we could get a large number of monomorphic
ICs for the same map if there is a global object in the prototype
chain.  However, since this is only done for normal load ICs and not
for keyed load ICs I do not expect this to be a problem.  I will
experiment with it once this goes in.

BUG=675
Review URL: http://codereview.chromium.org/1559033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-15 11:25:41 +00:00
peter.rybin@gmail.com
0e9149c543 Make a namespace for LiveEdit
Review URL: http://codereview.chromium.org/1549041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-14 14:53:00 +00:00
antonm@chromium.org
a713b27428 Introduce fast native caches and use it in String.search.
Review URL: http://codereview.chromium.org/1563005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-14 14:46:15 +00:00
lrn@chromium.org
285d5bc48a Native construction of RegExp result objects, with in-object index and input.
Avoid cloning using CloneRegExpResult for results that are just arrays.
Made a more direct path for string.match with string argument.

Review URL: http://codereview.chromium.org/1645001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4395 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-13 09:31:03 +00:00
antonm@chromium.org
400b1be449 Faster invocation of custom comparator function.
Review URL: http://codereview.chromium.org/1623004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-12 07:05:24 +00:00
peter.rybin@gmail.com
be5bb26e38 LiveEdit: implement frame dropping
Review URL: http://codereview.chromium.org/1118007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-06 17:58:28 +00:00
vitalyr@chromium.org
9b54227cc7 Land patch by Pavel Podivilov (podivilov@chromium.org).
Port string stub for keyed loads to x64 and ARM.

BUG=566
TBR=ager@chromium.org
TEST=test/mjsunit/string-index.js

Original code review: http://codereview.chromium.org/1628003

Review URL: http://codereview.chromium.org/1567024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-06 14:16:39 +00:00
peter.rybin@gmail.com
560baa5eb4 Let LiveEdit accept a full new script source (rather than diff)
Review URL: http://codereview.chromium.org/1584008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-02 11:03:49 +00:00
mikhail.naganov@gmail.com
c2df9cc8c8 Support setting brekpoint by script name set in //@ scriptURL= comment,
in case script name is missing.

BUG=http://crbug.com/39290

Author: Andrey Kosyakov (caseq@chromium.org)
Original issue: http://codereview.chromium.org/1303003

TBR=sgjesse@chromium.org

Review URL: http://codereview.chromium.org/1527007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-04-01 16:25:07 +00:00
serya@chromium.org
93477c22d3 StringToInt rewritten. This version doesn't allocate memory for long decimals and uses percise rounding if radix 10 or a power of 2 (in other cases rounding error still may occur). Handling special values moved from Runtime_StringParseInt into StringToInt in order to make it consistent with StringToDouble.
Committed: http://code.google.com/p/v8/source/detail?r=4329
Review URL: http://codereview.chromium.org/1529004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4333 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-31 17:19:05 +00:00
serya@chromium.org
704eca9aca Reverting r4329 due to failure in webkit tests.
Review URL: http://codereview.chromium.org/1579004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-31 11:13:42 +00:00
serya@chromium.org
dcd96d1fa0 StringToInt rewritten. This version doesn't allocate memory for long decimals and uses percise rounding if radix 10 or a power of 2 (in other cases rounding error still may occur). Handling special values moved from Runtime_StringParseInt into StringToInt in order to make it consistent with StringToDouble.
Review URL: http://codereview.chromium.org/1529004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4329 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-31 10:11:33 +00:00
lrn@chromium.org
ce1d3ca80a Fix bug in string replace with nonparticipating captures.
Review URL: http://codereview.chromium.org/1565004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4322 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-30 13:26:13 +00:00
lrn@chromium.org
17eece5748 Fix bug in string replace regexp with function when returning non-string.
Review URL: http://codereview.chromium.org/1528005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-29 21:12:54 +00:00
serya@chromium.org
9e76d99fb9 Percise rounding parsing octal and hexadecimal strings.
Rounding happens when the number exceeds 53 bits of floating point mantissa. Current implemetation ignores digits after some limits. 0x1000000000000081 was rounded to 0x1000000000000100 while 0x100000000000008000001 was rounded to 0x100000000000000000000.

Review URL: http://codereview.chromium.org/1374005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-29 15:46:58 +00:00
serya@chromium.org
0b42d25c72 Optimization for parsing integers of limited length (in digits).
Review URL: http://codereview.chromium.org/1367004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4304 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-29 11:17:34 +00:00
lrn@chromium.org
845fd15dd6 Pre-create properties on JSRegExp objects
Initialize properties in single runtime call.

Review URL: http://codereview.chromium.org/1350003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-26 14:19:47 +00:00
serya@chromium.org
203ba181ad StringToDouble rewritten not using String::Get and memory allocations.
It converts the number to "canonical" form removing insignificant digits,
leading zerroes and spaces what guarantees to fit a fixed size buffer and
does not changes result of strtod.
Review URL: http://codereview.chromium.org/1216005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4282 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-25 14:39:39 +00:00
sgjesse@chromium.org
6a63910650 Re-apply "Inline floating point compare"
This re-applies r4220 and r4233, which was reverted in r4254 due to a bug. This bug has now been fixed, with the only change being line 2884 changed from

  __ SmiTag(left_side->reg());

to

  __ SmiTag(operand->reg());

Added a regression test.

BUG=http://crbug.com/39160
TEST=test/mjsunit/regress/regress-crbug-39160.js

Review URL: http://codereview.chromium.org/1251009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4261 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-25 12:04:34 +00:00
whesse@chromium.org
244513555c Avoid calling ToRegister(register) when result is in register already, and register is shared.
Review URL: http://codereview.chromium.org/1325004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-25 11:52:42 +00:00
ager@chromium.org
71e792a82c Revert revisions 4241, 4243 and 4247 because of Windows build errors
and test failures.

TBR=serya@chromium.org
Review URL: http://codereview.chromium.org/1269003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-24 11:48:01 +00:00
serya@chromium.org
b5127faa57 Fix conform test.
Review URL: http://codereview.chromium.org/1217007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4247 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-24 11:11:33 +00:00
serya@chromium.org
2bd9919788 StringToDouble rewritten not using String::Get and memory allocations.
It converts the number to "canonical" form removing insignificant digits,
leading zerroes and spaces what guarantees to fit a fixed size buffer and
does not changes result of strtod.

Review URL: http://codereview.chromium.org/1096002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-24 08:51:03 +00:00
oleg@chromium.org
2b5c05ed79 Make the new Date test independent of the timezone in which it is run.
Review URL: http://codereview.chromium.org/1084018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-23 15:28:58 +00:00
whesse@chromium.org
c3b5e22764 Fix an error in optimized modulus operator, add unit test.
Review URL: http://codereview.chromium.org/1118008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4235 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-23 15:18:00 +00:00
oleg@chromium.org
fe6522e80d Fix bug http://code.google.com/p/v8/issues/detail?id=659. Move the limits check for date before the time zone offset is applied.
Review URL: http://codereview.chromium.org/1075016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-23 14:47:02 +00:00
kasperl@chromium.org
7d6a3b433f Merge the partial_snapshots branch back into bleeding_edge. For
now, the custom call generator stuff is disabled.
Review URL: http://codereview.chromium.org/1094014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4217 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-23 11:40:38 +00:00
fschneider@chromium.org
03089b6644 Fix code generation for fast smi loops to support parameters as well.
This change fixes an assert we hit when we recognized a fast smi loop
with a parameter as the loop variable.

BUG=650


Review URL: http://codereview.chromium.org/1138003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-22 11:55:12 +00:00
fschneider@chromium.org
ec974ddb50 Fix bug when generating a fast smi loop.
We may encounter an invalid frame after generating code
for the loop body in case the loop body ends in an unconditional
return. Before setting the type information for the loop variable
we need to check for a valid frame.

Review URL: http://codereview.chromium.org/1106002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4182 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-18 14:32:02 +00:00
oleg@chromium.org
825a5d741f Improve Math.round(). Fix the bug in r4146. Further improve performance by checking the exponent instead of comparing doubles. Add several tests for numbers near the limits of SMI and several tests from WebKit.
Review URL: http://codereview.chromium.org/1008004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-18 13:00:57 +00:00
fschneider@chromium.org
34faea85db Add test cases for fast smi loops.
Review URL: http://codereview.chromium.org/1014007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-18 09:08:24 +00:00
fschneider@chromium.org
e090f46a55 Fix type propagation rules for count operation.
Also treat const-variables as not side-effect free.

Review URL: http://codereview.chromium.org/982009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4172 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-17 16:39:29 +00:00
sgjesse@chromium.org
1963ffba99 Don't generate inline constructors if this.__proto__ is assigned.
BUG=http://code.google.com/p/v8/issues/detail?id=646
TEST=test/mjsunit/regress/regress-646.js
Review URL: http://codereview.chromium.org/1023008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4167 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-17 13:23:53 +00:00
erik.corry@gmail.com
889cbe55b8 Fix a bug in the regexp caching. Also add a few more places to
cache.  We now cache most of the places where Opera cache and
one or two where they do not cache for some reason.  Since
these optimizations aren't necessarily useful on real code we
may remove them if and when the Dromaeo website makes the
benchmarks harder to game.
Review URL: http://codereview.chromium.org/995005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4157 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-17 10:23:06 +00:00
fschneider@chromium.org
9202e05016 Fix bug in the count operation where we statically know the input is a smi.
Even if we know that the input to a count operation is a smi we still need to check if the result overflowed (and becomes a heap number).

Also fix the smi loop analysis to take two border cases correctly into account.

Review URL: http://codereview.chromium.org/1040002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-16 16:03:40 +00:00
peter.rybin@gmail.com
ad876956c0 LiveEdit: patch positions in function
Review URL: http://codereview.chromium.org/914003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4139 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-15 21:06:51 +00:00
antonm@chromium.org
14547ef434 Just grow elements if they happen to be at the edge of new space.
Review URL: http://codereview.chromium.org/945002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-15 15:16:04 +00:00
antonm@chromium.org
7f1eda50cc Implement a custom call compiler for Array.pop.
Review URL: http://codereview.chromium.org/870007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-12 13:45:31 +00:00
fschneider@chromium.org
d0908674fa Fix bug in assigned variables analysis.
Property stores were not visited correctly by the visitor.
I fixed this issue by visiting property stores by visiting 
receiver and key directly (and not calling visit on the lhs property
 ast node)

Review URL: http://codereview.chromium.org/903003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-12 13:12:08 +00:00
fschneider@chromium.org
d896e4f6f2 Fix treatment of const variables in assigned variable analysis.
Const variables are not considered as trivial sub-expressions since
we have the check for the hole value as a side-effect.

Review URL: http://codereview.chromium.org/849003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4112 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-12 10:20:31 +00:00
antonm@chromium.org
de070ccfa6 First take on custom call generators.
Review URL: http://codereview.chromium.org/669061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4108 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-11 16:24:31 +00:00
sgjesse@chromium.org
e5f27966dc Add fuzzing support for inline runtime functions
The inline runtime functions are now included in the fuzzing of the natives. The chack for the expected number of arguments passed have been moved to the parser which will generate a syntax error if a runtime function (either C++ or inline) is called with a different number of arguments than expected.
Review URL: http://codereview.chromium.org/573056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-11 09:27:12 +00:00
sgjesse@chromium.org
b0c9738f77 Fix code cache lookup for keyed IC's
For keyed IC's the name is not necessarily a string.

BUG=http://crbug.com/37853
TEST=test/mjsunit/regress/regress-crbug-37853.js
Review URL: http://codereview.chromium.org/872001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-11 08:52:31 +00:00
serya@chromium.org
4fd99d23cc Math.abs rewrited to not use Runtime.
Review URL: http://codereview.chromium.org/799006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-11 08:31:15 +00:00
erik.corry@gmail.com
f6df326714 Add 1-element caches to RegExp.exec and String.replace. We
probably want to remove this again if and when Dromaeo is
fixed so this strategy doesn't pay off.
Review URL: http://codereview.chromium.org/817001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-10 12:21:00 +00:00
peter.rybin@gmail.com
9c9451eff3 Check that function being patched has no activations on any thread stack
Review URL: http://codereview.chromium.org/668246

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-09 21:45:24 +00:00
sgjesse@chromium.org
800b6df2a6 Correct handling of adding a string and a smal integer
The fast case of looking up the string convertion of the smi did not handle the case where left/reghe operands could be in eax/edx instead of edx/eax which is the default.

Also got rid of creating an internal frame for calling string and instead patched the argument on the stack and performed a tail call.

BUG=http://code.google.com/p/v8/issues/detail?id=636
TEST=test/mjsunit/regress/regress-636.js
Review URL: http://codereview.chromium.org/720001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-09 09:40:35 +00:00
ricow@chromium.org
b60eba5fc5 Inline Math.sqrt().
Also changed name of GeneratePow and the %_ call name to follow convention based on MathSin and MathCos. Moved GeneratePow down to the other methods. 

Review URL: http://codereview.chromium.org/661179

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-08 13:23:54 +00:00
peter.rybin@gmail.com
a934eb1523 Quick fix for r4045
Review URL: http://codereview.chromium.org/668203

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4047 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-06 01:21:34 +00:00
peter.rybin@gmail.com
77d63cc29e Basic implementation of liveedit feature
Review URL: http://codereview.chromium.org/652027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4045 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-05 22:08:58 +00:00
antonm@chromium.org
08a5332a55 Try to help the builder with the conflict.
TBR=sgjesse@chromium.org

Review URL: http://codereview.chromium.org/668160

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-05 15:23:30 +00:00
antonm@chromium.org
1bc04768a9 An attempt to fix the tests.
TBR=sgjesse@chromium.org

Review URL: http://codereview.chromium.org/669162

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4042 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-05 15:07:53 +00:00
antonm@chromium.org
bdee05b3ce Better diagnostic of tests.
Review URL: http://codereview.chromium.org/669160

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4041 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-05 14:51:24 +00:00
sgjesse@chromium.org
df4471c8f3 Fix stack tweaking in array allocation
When Array(0) or new Array(0) is handled by the generated code it is handled
by the same code as Array() and new Array(). For this to work the stack is
tweaked to remove the argument of value 0. However the argc was still passed
as 1 if a call to the runtime system was made.

When the stack is tweaked argc is also changed to 0.

BUG=634
TEST=test/mjsunittest/mjsunit/regress/regress-634.js
Review URL: http://codereview.chromium.org/668155

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4038 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-05 13:43:53 +00:00
vitalyr@chromium.org
48cc7ed3b0 Fixed filling of char array in StringToArray.
Review URL: http://codereview.chromium.org/669159

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4036 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-05 13:33:33 +00:00
kasperl@chromium.org
5c7fd0e59b Fix weird issue with test case where certain global function
names were being reused.
Review URL: http://codereview.chromium.org/669148

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-05 07:05:26 +00:00
antonm@chromium.org
61d2ebde63 Fix invalid fast return in splice when returned array is empty.
TBR=vitalyr@chromium.org

Review URL: http://codereview.chromium.org/669101

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-04 22:16:58 +00:00
antonm@chromium.org
56eb46e096 Fix a special case (zero length result array).
Review URL: http://codereview.chromium.org/669075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-04 21:29:33 +00:00
sgjesse@chromium.org
bc890ec279 Added tests for issue 618
Review URL: http://codereview.chromium.org/668055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-04 15:04:04 +00:00
oleg@chromium.org
d49a5db0a4 Fix broken test in WebKit test suite and add the test in question to V8 tests.
Review URL: http://codereview.chromium.org/661466

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4009 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-03 14:19:04 +00:00
antonm@chromium.org
d4cb1ba3c5 Faster moving FixedArray elements around.
Review URL: http://codereview.chromium.org/660245

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3987 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-01 15:33:30 +00:00
vitalyr@chromium.org
dd7b55eb9f Implemented one-char cache lookup in generated code.
This speeds up string,charAt(n) and string[n].

Review URL: http://codereview.chromium.org/660184

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3980 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-26 20:14:20 +00:00
antonm@chromium.org
0c77912aaf Return length passed instead of receiver to allow chained assignments like
foo = a.length = 7

BUG=crbug.com/36854

Review URL: http://codereview.chromium.org/660174

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3979 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-26 16:12:39 +00:00
yurys@chromium.org
a47746d209 Add maxStrinLength argument to debugger requests
Review URL: http://codereview.chromium.org/647022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-19 14:33:08 +00:00
ricow@chromium.org
27eaf97350 Added test for bug 619 - we should move this to object-define-property when the bug has been corrected.
Review URL: http://codereview.chromium.org/651028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-19 13:27:43 +00:00
sgjesse@chromium.org
17e80e76e7 Add a test case for issue 618
Review URL: http://codereview.chromium.org/647014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-18 13:01:58 +00:00
whesse@chromium.org
b9a250d2e6 Fix error in compound assignment to keyed load by making platform-independent full compiler code platform dependent, add test of compound assignments.
Review URL: http://codereview.chromium.org/646009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3897 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-18 12:59:41 +00:00
sgjesse@chromium.org
97d842fa1e Fix issues with commit r3839
Fix broken condition.
Fixe some style issues.
Re-enabel part of a test which was turned off.

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/647007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-18 09:41:47 +00:00
sgjesse@chromium.org
ecf4b9fc76 Refactor the check for generating inline constructors
Moved all the logic to a function on SharedFunctionInfo (including the flag check) to make things more readable.

Changed the check for setter to do a lookup for a named setter for each of the properties assigned in the constructor.

Added tests using accessors and interseptors set through the API.

Added fast case objects to the mjsunit test.

TEST=test/mjsunit/setter-on-constructor-prototype.js
TEST=test/cctest/test-api/SetterOnConstructorPrototype
TEST=test/cctest/test-api/InterceptorOnConstructorPrototype
Review URL: http://codereview.chromium.org/619006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-18 09:07:03 +00:00
antonm@chromium.org
a346644121 Adding checks for the cases when array grows too big.
Review URL: http://codereview.chromium.org/601092

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3887 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-17 13:04:30 +00:00
antonm@chromium.org
be21c71584 Introduce Array.splice builtin.
Review URL: http://codereview.chromium.org/618002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3885 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-17 10:54:49 +00:00
antonm@chromium.org
210e02442e Renaming test/mjsunit/array-splice.js to test/mjsunit/array-functions-prototype-misc.js.
The test array-splice.js following array-shift, array-slice etc would be added in
next commit.

Review URL: http://codereview.chromium.org/618005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-17 10:48:29 +00:00
kmillikin@chromium.org
3c0d77f32e Fix stack corruption when calling non-function.
Fix for issue 603.

Revision r3484 removed the property name from the call stack for
call ICs.  When a non-function was called via a call IC and
Function.prototype.call, an extra value was left on the stack that the
caller could not know to clean up.

Fix is to change the JS builtin used for calling non-functions.  It
now gets the callee as receiver, rather than iterating stack frames
and finding it on the expression stack of its JS caller.

Review URL: http://codereview.chromium.org/604064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-17 08:26:50 +00:00
antonm@chromium.org
087fedeae8 Normalize the object before updating getter/setter info.
BUG=612

Review URL: http://codereview.chromium.org/608014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3880 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-17 06:53:19 +00:00
sgjesse@chromium.org
1c2b2ac9c6 Fix construction of simple objects with setters on prototype
Simple objects which are constructed without calling the actual constructor function did not take setters defined on prototype chain of the new object into account.

Constructing objects this way is now not done if there are setters involved on the prototype chain of the new object.

This only fixes the case where the setter is found when the first object from a constructor is created. If the prototype chain is changed new objects will on take any change to setters into account.

TEST=test/mjsunit/setter-on-constructor-prototype.js
Review URL: http://codereview.chromium.org/606062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-17 06:28:33 +00:00
antonm@chromium.org
ea1b4f0eb1 Introduce builtin for Array.slice function.
Review URL: http://codereview.chromium.org/604059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3871 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-16 12:14:23 +00:00
yurys@chromium.org
0630b1fd9f Object.getOwnPropertyNames should return string names for indexed properties
Land original change by pfeldman: http://codereview.chromium.org/596117
Review URL: http://codereview.chromium.org/596124

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3866 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-16 10:08:39 +00:00
antonm@chromium.org
e02a5aa602 Introduce builtin for Array.unshift function.
Review URL: http://codereview.chromium.org/600124

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-15 13:25:06 +00:00
antonm@chromium.org
976ab7d7b5 Elaborating test for Array.shift a bit.
Review URL: http://codereview.chromium.org/596116

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-15 12:01:46 +00:00
antonm@chromium.org
01b1176e08 Introduce builtin for Array.shift function.
Review URL: http://codereview.chromium.org/606017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-15 09:17:38 +00:00
yurys@chromium.org
f5eb70e411 Land 598061(Process //@ scriptURL=url comment for scripts that don't have name set)
Review URL: http://codereview.chromium.org/596088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-12 17:17:13 +00:00
lrn@chromium.org
2e6ab729ef Added optimization for div/mod by constant power of 2.
Review URL: http://codereview.chromium.org/597059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-12 13:37:10 +00:00
fschneider@chromium.org
4a2c81d3b0 Add last use data flow information to the fast code generator.
This change add simple local live variable information to 
the fast code generator.  It supports only AST nodes that 
are accepted by the syntax checker.

Each variable use points to a variable definition structure
which contains the last use of the definition.

To determine whether a variable is live after a certain point
we can check whether its last use occurs later in the evaluation
order defined by the AST labeling number.

The new information is currently only printed out together with
the IR and not yet used for code generation.

Review URL: http://codereview.chromium.org/603004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-12 10:16:30 +00:00
kmillikin@chromium.org
29776256ab Add a regression test for chromium issue 35344.
Review URL: http://codereview.chromium.org/600069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-12 08:10:25 +00:00
kmillikin@chromium.org
b04a26dc31 Harden global variable accesses in the fast code generator.
Explicitly check that global variables do not have accessors or
interceptors in the fast code generator syntax checker.

Review URL: http://codereview.chromium.org/595022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3828 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-10 13:46:15 +00:00
kmillikin@chromium.org
30cf88af6b Restrict the syntax that we aggressively optimize.
Do not use the speculative compiler for functions with other than one
statement in the body, and do not use it if subexpressions can have
side effects.  Bailing out to the beginning of the full code is not
sound if side effects have already occurred.

Add tests that would fail without the restrictions.

Review URL: http://codereview.chromium.org/598016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3826 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-10 09:18:55 +00:00
kmillikin@chromium.org
9b5c312bfc Initial implementation of fast path operation for bitwise OR.
Support a binary operation (bitwise OR) so long as it's not nested in
the left subexpression.  This ensures that the expression stack never
has height greater than two and so can be kept fully in registers.

The bounded expression stack height and the absence of any side
effects on the fast path allows us to still bailout out to the very
beginning of the function if any of our fast-path checks fail.

Review URL: http://codereview.chromium.org/594008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3822 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-09 13:44:43 +00:00
ricow@chromium.org
df1df78c48 Changed fuzzer to randomly remove half of the arguments when running
on functions that takes five or more arguments. Original version runs
for a long time when there is 5 arguments in a runtime function (45+
seconds). The fuzzer can be run with all arguments on all functions
regardless of the number of arguments by setting
RUN_WITH_ALL_ARGUMENT_ENTRIES to true in fuzz-natives.js


Review URL: http://codereview.chromium.org/598011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3819 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-09 12:15:34 +00:00
mikhail.naganov@gmail.com
5ebc1a68ef Fix tests after r3811.
TBR=sgjesse@chromium.org

Review URL: http://codereview.chromium.org/574027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-08 08:55:01 +00:00
fschneider@chromium.org
2f0f6face1 Fast compiler: Load globals variables directly from property cells.
This is a first step towards loading globals directly from property cells instead
of going through a load IC.

This change supports only properties with the DontDelete attribute since
we are only able to bailout into the generic code generated by the secondary 
code generator the beginning of a function. The resulting fast-case code is 
specialized for a specific context. When invoked with a different global object, 
it will always bailout to the secondary code.

When loading a property that does not exist at compile-time or a property
that is deleteable we still generate the generic load IC.

Review URL: http://codereview.chromium.org/565034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-05 13:57:18 +00:00
sgjesse@chromium.org
a6a7c75ae0 MIPS port initial commit
This is the first step in the MIPS port of V8. It adds assembler, disassembler and simulator for the MIPS32 architecture.

Contains stubbed out implementation of all the compiler/code generator infrastructure to make it all build.

Patch by Alexandre Rames from Sigma Designs Inc.

This is the landing of http://codereview.chromium.org/543161.
Review URL: http://codereview.chromium.org/561072

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-04 20:36:58 +00:00
ricow@chromium.org
a28143c77c Added extra tests to the DefineOrRedefineAccessorProperty and
DefineOrRedefineDataProperty to avoid invalid input.

Added tests to object-define-property.js to test that it does not crash 
on invalid input. 


Review URL: http://codereview.chromium.org/572005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-04 19:43:56 +00:00
ricow@chromium.org
4f179b09ba Added IsProperty() check to result in DefineOrRedefineAccessor - if no check
this causes the debug check to fails since type() asserts that the 
lookup_type != NOT_FOUND. This does not change any functionality since we 
explicitly checked if it was one of the three types that we need to delete.
Also changed defineProperties in v8natives to actually return the object
being defined (as specified by spec)

Review URL: http://codereview.chromium.org/572003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-04 11:28:03 +00:00
lrn@chromium.org
f0ef4d7bac ARM: Implement native substring copying.
Review URL: http://codereview.chromium.org/552186

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-04 09:11:43 +00:00