Commit Graph

5368 Commits

Author SHA1 Message Date
dslomov@chromium.org
79e817aac4 Revert "Implement PersistentValueMap, a map that stores UniquePersistent values."
and "Win64 fix for r19833."

This reverts commits r19833 and r19837 for breaking Windows tests
(test-api/PersistentValueMap).

TBR=vogelheim@chromium.org,dcarney@chromium.org

Review URL: https://codereview.chromium.org/197173002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 11:40:40 +00:00
dcarney@chromium.org
3aac1d3c07 Win64 fix for r19833.
R=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/197083002

Patch from Daniel Vogelheim <vogelheim@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 10:33:40 +00:00
jkummerow@chromium.org
105c1e08b7 Fix HIsSmiAndBranch::KnownSuccessorBlock() by deleting it
Constants can still change their representation, so we cannot determine reachability of blocks based on their Smi-ness

BUG=chromium:351320
LOG=y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/196943002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 10:14:29 +00:00
danno@chromium.org
ae1669b501 Fix handling of polymorphic array accesses with constant index
R=jkummerow@chromium.org
BUG=chromium:351319
LOG=Y

Review URL: https://codereview.chromium.org/196353004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 10:11:38 +00:00
jkummerow@chromium.org
8a1812f252 Fix lazy deopt after tagged binary ops
Also add policing code to ensure that optimized frames can in fact lazily deopt
at their respective current PC when we patch them for lazy bailout.

BUG=chromium:350434
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/194703008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 09:59:36 +00:00
dcarney@chromium.org
25468478e3 Implement PersistentValueMap, a map that stores UniquePersistent values.
This is preparatory work to get rid of UnsafePersistent in blink.

Related blink changes are here: https://codereview.chromium.org/180363004/

This patch is largely based on https://codereview.chromium.org/175503003/, with some methods added to support the blink change mentioned above.

BUG=
R=dcarney@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/189463019

Patch from Daniel Vogelheim <vogelheim@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 09:11:25 +00:00
rmcilroy@chromium.org
fadc74ec04 Clean up ARM mov 32bit immediate code in preparation for out of line constant pool.
R=rodolph.perfetta@arm.com, ulan@chromium.org

Review URL: https://codereview.chromium.org/138503002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 20:17:02 +00:00
dslomov@chromium.org
8af219477a Revert "Reland "Enable Object.observe by default""
This reverts commit r19736 for breaking browser_tests on ChromiumOS.

TBR=rossberg@chromium.org,rafaelw@chromium.org

Review URL: https://codereview.chromium.org/195603002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19819 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 18:36:15 +00:00
dslomov@chromium.org
f6dac13dcb Revert "Enable Object.observe by default"
This reverts commit r19734 for breeaking ChromiumOS browser tests.
'OpenSpecialTypes/FileManagerBrowserTest.Test/3' started to time out,
bisecting the roll led to this change.
http://build.chromium.org/p/chromium.chromiumos/builders/Linux%20ChromiumOS%20Tests%20%282%29/builds/22224

TBR=rafaelw@chromium.org,rossberg@chromium.org
BUG=v8:2409
LOG=Y

Review URL: https://codereview.chromium.org/195123005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 18:15:44 +00:00
rossberg@chromium.org
85800eff3f Fix issue with getOwnPropertySymbols and hidden properties
When getting the symbols of an object we need to ignore the hidden
properties of the prototype object since the hidden properties are
represented by a single string key and we will not include that hidden
string in the found names.

BUG=350864
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/192883005

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 16:46:35 +00:00
marja@chromium.org
534245c9a5 Move ParseArguments to ParserBase and add tests.
Notes:
- PreParser didn't produce "too_many_arguments"; now it does.
- The argument count in the error message was wrong; fixed it.

BUG=v8:3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/194503004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 16:30:47 +00:00
rossberg@chromium.org
94b5180db0 API support for promises
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/194663003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 16:17:20 +00:00
dcarney@chromium.org
62fc099334 fix bad access check check
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/195163002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 15:12:47 +00:00
rossberg@chromium.org
8e3f3cee9e Eliminate extended mode, and other modes clean-up
- Merge LanguageMode and StrictModeFlag enums
- Make harmony-scoping depend only on strict mode
- Free some bits on the way
- Plus additional clean-up and renaming

R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/181543002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 14:41:22 +00:00
rossberg@chromium.org
3f702d4bf9 Mode clean-up pt 1: rename classic/non-strict mode to sloppy mode
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/177683002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 14:39:08 +00:00
yangguo@chromium.org
6e1507331e Fix bug in constant folding object comparisons.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/195063002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 13:34:01 +00:00
hpayer@chromium.org
d9090c0284 Do not run AddInstructionChangesNewSpacePromotion test in release mode.
BUG=
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/194663004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 11:53:40 +00:00
yangguo@chromium.org
dda0aa88b0 Revert "Mark mjsunit/string-case as flaky."
This reverts r19760 since the issue has been fixed in r19755.

R=dslomov@google.com, dslomov@chromium.org
BUG=v8:3208
LOG=N

Review URL: https://codereview.chromium.org/194823002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 11:38:53 +00:00
hpayer@chromium.org
9819cfd29c Make sure tagged binary op instructions change new space promotion.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/194883003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 11:36:55 +00:00
mvstanton@chromium.org
819d9f62d0 Fix for 350887: CHECK failure on new_length->IsSmi()
In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to
optimize setting array length if the new length is a smi. However, we
refuse to set an array length to less than the index of the highest
non-configurable array element. This index may be outside of smi range.

Handle this case accordingly.

BUG=350887
LOG=N
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/194803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 10:30:10 +00:00
rossberg@chromium.org
9abfab09fa Types: cache lub bitset to avoid heap access
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/186743002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 10:28:38 +00:00
jochen@chromium.org
00ba711658 Use a per-isolate cache for the date object JS bits
The old per-context cache made it difficult for the embedder to notify
v8 of date/time configuration changes. The embedder had to enter all
contexts for the isolate and notify v8 for each context.

With the new per-isolate cache, the embedder only needs to notify v8
once per isolate.

BUG=348856
LOG=y
R=dcarney@chromium.org, ulan@chromium.org
TEST=cctest/test-date

Review URL: https://codereview.chromium.org/189913023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19784 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 09:04:14 +00:00
titzer@chromium.org
91a2aa6a2c Add MacroAssembler::Move(reg, immediate) on IA32.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/188463003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 08:52:48 +00:00
rmcilroy@chromium.org
a199ba80ef Differentate between code target pointers and heap pointers in constant pools.
Separate out code target pointers from normal heap pointer entries in constant
pool arrays so that the GC can correctly relocate these pointers using the
appropriate mechanism.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/183883011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 19:05:43 +00:00
jacob.bramley@arm.com
19a04c3a69 A64: Use a scope utility to allocate scratch registers.
This replaces Tmp0() and Tmp1() with a more flexible scratch register
pool. A scope-based utility can temporarily acquire registers from this
pool as needed.

We no longer have to worry about whether to use Tmp0(), Tmp1() or
something else; the scope can just get the next available scratch
register.

BUG=
R=jochen@chromium.org, rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/164793003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19768 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 16:25:15 +00:00
yangguo@chromium.org
1634e7de38 Fix assertion in RegExp parser to correctly expect stack overflow.
Advance() always checks for stack overflow. If stack indeed overflowed,
current() would hold the kEndMarker. ParseOctalLiteral does not expect
this in the assertion, which causes assertion failure.

R=mvstanton@chromium.org
BUG=350865
LOG=N

Review URL: https://codereview.chromium.org/192773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 15:52:10 +00:00
yangguo@chromium.org
e25d51cc85 Fix constant folding of %_IsMinusZero.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/190793015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 15:06:54 +00:00
dslomov@chromium.org
9eefbda27f Mark mjsunit/string-case as flaky.
BUG=v8:3208
LOG=N
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/192573004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 14:52:05 +00:00
yangguo@chromium.org
78d23e5662 Implement KnownSuccessor method to some control instructions.
R=jkummerow@chromium.org
BUG=v8:3118
LOG=N

Review URL: https://codereview.chromium.org/174863002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 14:50:01 +00:00
rossberg@chromium.org
2d48e06e52 Import Blink layout tests for Promises.
Import Blink layout tests for Promises.
We omitted some tests (for example workers tests).
We fixed some wrong test expectations.

BUG=347095
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/182713002

Patch from Yutaka Hirano <yhirano@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:30:47 +00:00
verwaest@chromium.org
1180803953 Reland and fix "Allow ICs to be generated for own global proxy."
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/176793003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:23:05 +00:00
rossberg@chromium.org
710ee827b5 Promise.all and Promise.race should reject non-array parameter.
Promise.all and Promise.race should reject the returned Promise if an
invalid parameter is given.
Since they don't support iterable now, they should reject the Promise
if a non-array parameter is given.

BUG=347453
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/182613003

Patch from Yutaka Hirano <yhirano@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:01:06 +00:00
marja@chromium.org
8bd37cb7c3 Refactor script compilation / running & use of helper funcs in test-api.cc.
The tests were using different kind of constructs for achieving the same
thing. This makes refactoring the compilation API more difficult than it should
be.

cctest.h already contained helpers for compiling and running scripts, but they
were not used consistently.

For example, all these were used for running scripts:

v8::Script::Compile(v8_str("foo"))->Run();
v8::Script::Compile(v8::String::NewFromUtf8(isolate, "foo))->Run();
CompileRun(v8_str("foo"));
CompileRun(v8::String::NewFromUtf8(some_way_to_get_isolate(), "foo"));
v8::Local<v8::Script> script = any_of_the_above; script->Run();

Most of the tests just want to run a script (which is in const char*) and don't
care about how the v8::String is constructed or passed to the compiler API. Using
the helpers makes the test more readable and reduces boilerplate code which is
unrelated to what the test is testing.

R=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/190503002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 11:58:56 +00:00
marja@chromium.org
1b7055cf54 Unify (Pre)Parser::ParseObjectLiteral and add tests.
Notes:
- The regexp in the ParseObjectLiteralComment was wrong, made it less wrong (
it's still wrong since trailing commas are not required / allowed).
- Change in logic: In case we have "get somekeyword() { }", the "somekeyword"
was not logged as a symbol by PreParser and not expected in the preparser data
by Parser. This is unnecessary complication; in other contexts where keywords
are allowed as identifiers, they are logged as symbols (see
ParseIdentifierName).

BUG=v8:3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/173273006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 11:42:17 +00:00
bmeurer@chromium.org
bf86e624d4 Reland "Handle non-power-of-2 divisors in division-like operations".
Fixed the flooring div bug and added a test case.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/191293012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 10:39:17 +00:00
yangguo@chromium.org
d3a16a2e2a Add support for allowing an embedder to get the V8 profile timer event logs.
Contributed by fmeawad@chromium.org

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/186163002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19745 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 08:56:48 +00:00
dcarney@chromium.org
2c74163f59 initialize v8::Private with v8::String
R=rossberg@chromium.org

BUG=

Review URL: https://codereview.chromium.org/179983002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19741 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 08:20:56 +00:00
dcarney@chromium.org
7d8cda6ea0 Allow Object::InternalFieldCount and Object::GetAlignedPointerFromInternalField to be called from Persistent classes
R=svenpanne@chromium.org

BUG=

Review URL: https://codereview.chromium.org/177343002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19740 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 08:18:57 +00:00
jarin@chromium.org
b83b8b9ed4 Atomic ops: Sync with Chromium and add unit test.
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/129813008

Patch from Cosmin Truta <ctruta@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19738 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 06:43:21 +00:00
rafaelw@chromium.org
6503dfb72b Reland "Enable Object.observe by default"
Original Issue: https://codereview.chromium.org/183683022/

TBR=rossberg
BUG=v8:2409
LOG=Y

Review URL: https://codereview.chromium.org/189513010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 04:41:06 +00:00
rafaelw@chromium.org
0cc44c14e5 Revert "Enable Object.observe by default"
TBR=rossberg
BUG=

Review URL: https://codereview.chromium.org/190853007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 03:54:42 +00:00
rafaelw@chromium.org
dcf9842e07 Enable Object.observe by default
R=rossberg@chromium.org, rossberg
BUG=v8:2409
LOG=Y

Review URL: https://codereview.chromium.org/183683022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 02:47:53 +00:00
yurys@chromium.org
e18b575c6e Fix compiler warning on Win64
BUG=None
LOG=N
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/191153002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19731 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 17:20:03 +00:00
yurys@chromium.org
74546c03ad AllocationTracker now maintains a map from address range to stack trace that allocated the range. When snapshot is generated the map is used to find construction stack trace for an object using its address.
BUG=chromium:277984
LOG=Y
R=alph@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/177983003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 16:13:22 +00:00
alexandre.rames@arm.com
33a46be689 A64: Handle a few TODOs.
Notes about a few TODOs handled in this patch:

* In ProfileEntryHookStub::Generate:
    Stubs are always called with relocation.

* In CreateArrayDispatchOneArgument:
    The branches to registers can't be conditional. We could use a jump table, but
    there are only 6 different kinds so it is likely not worth it.

* In Builtins::Generate_StringConstructCode:
    Rename the argc register (x0) after its meaning changes.
    Remove a TODO: using a macro would not make the code clearer.

* In Generate_JSEntryTrampolineHelper:
    Remove the TODO and raise an internal issue to investigate this.

* In Disassembler::SubstituteBranchTargetField:
    Print the target address, but we don't have more info on the target.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/185793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19724 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 15:20:32 +00:00
yangguo@chromium.org
4f15fd2977 Reland "Introduce intrinsics for double values in Javascript."
This relands r19704 with a fix to the test case.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/189823003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 14:58:41 +00:00
yurys@chromium.org
49cd3d8a65 Allocation tracker: add separate entry for allocations via V8 API
When object is creating via native V8 API calls JS callstack is empty and the allocation is indistinguishable from say compiler allocations. This change adds a separate entry for such allocations.

Since FunctionInfo not necessarily corresponds to a heap object they are now referred to using their index in the list of all FunctionInfos.

BUG=chromium:277984
LOG=N
R=loislo@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/177203002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:32:01 +00:00
ulan@chromium.org
06af80d42d Introduce Runtime_GetAllScopesDetails to get all scopes at once for a frame.
This will reduce heavy ScopeIterator instantiations.
Once incorporated into chromium, will give 30% speed boost.

BUG=chromium:340285
LOG=Y
R=ulan@chromium.org, Yang, rossberg, ulan

Review URL: https://codereview.chromium.org/181063008

Patch from Andrey Adaykin <aandrey@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:03:35 +00:00
mvstanton@chromium.org
f19e15c388 Test FeedbackVectorPreservedAcrossRecompiles needs crankshaft
The new test didn't recognize that non-sse2 builds on ia32 would
disable crankshaft.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/189263007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:01:03 +00:00
mvstanton@chromium.org
1812f63fd2 Moved type feedback vector to SharedFunctionInfo.
Type Vector followup: the type vector currently lives off the code object. This CL moves it to the SharedFunctionInfo, facilitating re-use and continued use in crankshafted code if desired.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/178463007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 10:12:17 +00:00
yangguo@chromium.org
143902bebf Revert "Introduce intrinsics for double values in Javascript."
This reverts r19704.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/189533008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:49:28 +00:00
verwaest@chromium.org
8a3d715250 Revert "Use Representation::Integer32() for smi types on 32-bit-tagged systems."
Due to performance regression.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/189843006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:29:07 +00:00
mvstanton@chromium.org
1d3652ebe6 Symbols for type cells. We can make more efficient code to check against type cells in the future if we use symbols, guaranteed not to conflict with user code. Currently, the "symbols" are the hole and undefined. Undefined may come in from the outside.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/181283003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:10:18 +00:00
yangguo@chromium.org
2aefde4443 Introduce intrinsics for double values in Javascript.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/178583006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:05:10 +00:00
marja@chromium.org
bd1fb97d5c Remove Script::SetData and the script_data parameter from Script::(Compile|New).
This feature makes it possible to associate data with a script and get it back
when the script is compiled or when an event is handled. It was historically
used by Chromium Dev Tools, but not any more. It is not used by node.js.

Note: this has nothing to do with the preparse data, despite the confusing name.
The preparse data is passed as ScriptData*.

Note 2: This is the same as r19616 ( https://codereview.chromium.org/184403002/ )
with a unused variable fix in bootstrapper.cc.

R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/185533014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 08:43:54 +00:00
yangguo@chromium.org
ea8368f471 Use fast path for sliced and external strings in ConvertCase.
R=dcarney@chromium.org
BUG=v8:3180
LOG=N

Review URL: https://codereview.chromium.org/180063002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 08:36:18 +00:00
ishell@chromium.org
997ce05289 Fix for failing asserts in HBoundsCheck code generation on x64: use proper cmp operation width instead of asserting that Integer32 values should be zero extended. Similar to chromium:345820.
BUG=349465
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/188703002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 16:22:47 +00:00
jkummerow@chromium.org
1cc0bafc07 Fix HConstants with Smi-ranged HeapNumber values
BUG=chromium:349878
LOG=y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/186123003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 16:21:09 +00:00
ulan@chromium.org
5af7d10af5 Mark mjsunit/whitespaces as slow and timeout for a64.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/182253008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 14:15:40 +00:00
mvstanton@chromium.org
6115a006fd Bugfix for 349874: we incorrectly believe we saw a growing store
When we set an out of bounds array index, the index might be so large that
it causes the array to go to dictionary mode. It's better to avoid
"learning" that this was a growing store in that case.

This fix also partially reverts a fix for bug 347543, as this fix is
comprehensive and satisfies that repro case as well (partial revert of
v19591).

BUG=349874
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/188643002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 13:07:51 +00:00
verwaest@chromium.org
cd6f3ef088 Only use the non-strict-arguments-stub if the store site is non-strict.
BUG=349874
LOG=N
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/176843018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:19:06 +00:00
jkummerow@chromium.org
5ea3f0004a Let HTransitionElementsKind take part in RestoreActualValues phase
BUG=chromium:349853
LOG=n
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/183753005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:13:49 +00:00
yangguo@chromium.org
285f253af1 Remove outdated assertion scope.
R=jkummerow@chromium.org
BUG=349870
LOG=N

Review URL: https://codereview.chromium.org/182003004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 11:51:53 +00:00
yangguo@chromium.org
e2e2f4050d Fix issues with JSON stringify replacer array
If the replacer array contains a property key we should include the
property even if the property is non enumerable or if it is a non own
property.

String and Number wrappers in the replacer array should be treated as
string and number values.

R=yangguo@chromium.org
BUG=v8:3200, v8:3201
LOG=Y

Review URL: https://codereview.chromium.org/187053003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:50:53 +00:00
verwaest@chromium.org
7bf33c53eb Use Representation::Integer32() for smi types on 32-bit-tagged systems.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/187353005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:49:10 +00:00
verwaest@chromium.org
f913c3b492 Also delete force representations that have no uses.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/187773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:47:27 +00:00
jarin@chromium.org
52fd520c96 Fix materialization of captured objects in adapted arguments.
R=mstarzinger@chromium.org
BUG=348512
LOG=N

Review URL: https://codereview.chromium.org/183063006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:57:18 +00:00
jarin@chromium.org
7ac668f753 Deoptimization fix for HPushArgument.
HPushArgument should never be used in a simulation environment
because the slot addresses for the arguments can be off (e.g.,
due to on-stack arguments object of an inlined caller).

R=mstarzinger@chromium.org
BUG=v8:3183
LOG=N

Review URL: https://codereview.chromium.org/178193026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:45:46 +00:00
yangguo@chromium.org
26e4f4cc1c Handle exception when retrieving toJSON function in JSON.stringify.
R=mvstanton@chromium.org
BUG=349335
LOG=N

Review URL: https://codereview.chromium.org/187603002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 10:54:35 +00:00
rossberg@chromium.org
758a688bb6 Add --es-staging flag
...and remove some obsolete ones.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/165723008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 10:07:07 +00:00
jkummerow@chromium.org
3df5573195 x64: Fix LMathMinMax for constant Smi right-hand operands
BUG=chromium:349079
LOG=y
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/186593003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 09:49:07 +00:00
mstarzinger@chromium.org
9ab32061ed Print properly signed displacement in disassembler.
R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/178193028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19667 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 09:28:26 +00:00
mstarzinger@chromium.org
ee8cbc4fc8 Fix issue with setting __proto__ on a value
LOG=N
BUG=v8:3172
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/174113003

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 08:58:38 +00:00
verwaest@chromium.org
1aeaeb2b90 Allow objects with "" properties to stay fast.
R=danno@chromium.org

Review URL: https://codereview.chromium.org/184453003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 12:43:05 +00:00
yangguo@chromium.org
b1a271a02c Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique.
R=titzer@chromium.org
BUG=348280
LOG=N

Review URL: https://codereview.chromium.org/183383006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 08:08:08 +00:00
ulan@chromium.org
b9e0b87a5a Clear optimized code cache in shared function info when code gets deoptimized.
This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info.

This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js).

This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache.

BUG=343609
LOG=Y
TEST=mjsunit/regress/regress-343609.js
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/184923002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-03 11:11:39 +00:00
rossberg@chromium.org
5543263c19 Move all Harmony-only tests to harmony/
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/178583005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:26:32 +00:00
jochen@chromium.org
227cac3bf1 Update README about where the test262 files are downloaded from.
BUG=none
TBR=jkummerow@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/184573003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:16:50 +00:00
ishell@chromium.org
c2601aea8a Check elimination did not mark some dead blocks.
R=danno@chromium.org

Review URL: https://codereview.chromium.org/180483003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:16:38 +00:00
marja@chromium.org
40ffba58a4 Revert "Remove Script::SetData and the script_data parameter from Script::(Compile|New)."
This reverts revision 19616.

BUG=
TBR=marja@chromium.org,svenpanne@chromium.org

Review URL: https://codereview.chromium.org/181113008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:09:52 +00:00
marja@chromium.org
55750b1c62 Remove Script::SetData and the script_data parameter from Script::(Compile|New).
This feature makes it possible to associate data with a script and get it back
when the script is compiled or when an event is handled. It was historically
used by Chromium Dev Tools, but not any more. It is not used by node.js.

Note: this has nothing to do with the preparse data, despite the confusing name.
The preparse data is passed as ScriptData*.

R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/184403002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 13:54:14 +00:00
svenpanne@chromium.org
e9273332ef Fixed constant folding for Math.clz32.
LOG=y
BUG=347906
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/184353002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 13:07:10 +00:00
jochen@chromium.org
ba981e58d5 Make a64.release a quickcheck target
I marked all tests as slow that take more than a minute on my machine.
With this, a64.release.quickcheck takes two minutes which is about as
fast as arm.optdebug.quickcheck.

BUG=none
R=ulan@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/183763008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:46:13 +00:00
jochen@chromium.org
6b23cd07a5 Update test262 to get test data from github
BUG=none
R=jkummerow@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/184223002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:34:12 +00:00
jochen@chromium.org
9d515242e8 When upgrading the test data twice, don't bail out because of an existing backup
BUG=none
R=jkummerow@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/183853004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19605 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:32:54 +00:00
mvstanton@chromium.org
b1ffc7901f A JSArray may have a filler map in the elements pointer.
We already have code that expects this, but incorrectly asserted that the
filler map case would never happen when allocation folding is turned on.
However, even folding has it's limits, bailing out of continued folding
when the object size grows too large. Therefore, it's a general problem
when verifying JSArray objects, that we might encounter a filler map
in elements().

Discovered by ClusterFuzz crbug 347903.

R=hpayer@chromium.org
LOG=N
BUG=347903

Review URL: https://codereview.chromium.org/184493002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:29:19 +00:00
yangguo@chromium.org
5c186bb197 Evict from optimized code map in sync with removing from optimized functions list.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/184443002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:27:31 +00:00
bmeurer@chromium.org
70242fe3bb Fix JSObject::PrintTransitions.
BUG=347912
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/183683005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:41:07 +00:00
hpayer@chromium.org
38ca2629be Fix representation generalization for doubles.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/184393002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:07:10 +00:00
jochen@chromium.org
2aa5ac9311 A64: fix cctest/test-assembler-a64
The simulator now deletes its decoder in its dtor. Therefore, we must
always allocate the decoder on the heap.

BUG=none
R=ulan@chromium.org, jacob.bramley@arm.com
LOG=n

Review URL: https://codereview.chromium.org/183893005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 10:31:05 +00:00
dcarney@chromium.org
98d1cedac4 Get array_function from NativeContext
R=mvstanton@chromium.org
LOG=N
BUG=347528

Review URL: https://codereview.chromium.org/184173003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 10:01:27 +00:00
bmeurer@chromium.org
5945f9ebb9 Fix handling of constant global variable assignments.
BUG=347904
LOG=y
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/184303003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 09:40:12 +00:00
svenpanne@chromium.org
c4e90c15b8 Removed bogus ASSERT.
LOG=y
BUG=347542
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/183763007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 08:45:07 +00:00
ishell@chromium.org
2ab83cf192 HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included.
BUG=347543
LOG=N
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/180803005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 17:33:25 +00:00
rafaelw@chromium.org
d9a66ad941 Runtime::RunMicrotask should silent return if no pending microtask work (rather than asserting)
R=rossberg@chromium.org, rossberg
BUG=347532

Review URL: https://codereview.chromium.org/181013008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 16:49:55 +00:00
verwaest@chromium.org
aa14020bc7 Fix putting of prototype transitions. The length is also subject to GC, just like entry.
BUG=347536
LOG=n
R=danno@chromium.org

Review URL: https://codereview.chromium.org/183193003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 16:07:44 +00:00
jarin@chromium.org
05b98492a4 Handle arguments objects in frame when materializing arguments
R=mstarzinger@chromium.org
BUG=347262

Review URL: https://codereview.chromium.org/177293009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 15:12:12 +00:00
yangguo@chromium.org
6912a248ca Fix bogus assertion in SetFastDoubleElements.
R=danno@chromium.org
BUG=347530
LOG=N

Review URL: https://codereview.chromium.org/181433016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 14:45:53 +00:00
mvstanton@chromium.org
b8f8cfabca Fix for Clusterfuzz issue 343928.
The problem was that the debugger didn't expect that a JSFunction could
have a GlobalContext, which it can with harmony scoping.

BUG=343928
R=yangguo@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/183103003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 13:25:05 +00:00
dcarney@chromium.org
703536eba1 Revert "Better threaded fuzzing for TestFunctionCallOptimization"
This reverts commit 19567.

TBR=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/182893003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 09:48:56 +00:00
dcarney@chromium.org
44da745247 Better threaded fuzzing for TestFunctionCallOptimization
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/182863002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19567 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 09:18:37 +00:00
jochen@chromium.org
597a4b4dc1 A64: Make the Decoder a template
This will allow for replacing the dispatcher with a concrete decoder
visitor.

BUG=none
R=ulan@chromium.org, rodolph.perfetta@arm.com
LOG=n

Review URL: https://codereview.chromium.org/181253002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-26 12:01:05 +00:00
ishell@chromium.org
1ae7e8a1e5 Fix for failing asserts in HBoundsCheck code generation on x64: index register should be zero extended.
BUG=345820
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/180013002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 16:33:54 +00:00
verwaest@chromium.org
d5caecccc5 Revert "Use stability to only conditionally flush information from the CheckMaps table."
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/180023002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 16:11:58 +00:00
jkummerow@chromium.org
e7e93cd433 Mark HCompareMap as having Tagged representation
BUG=chromium:346636
LOG=y
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/176923013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 15:09:47 +00:00
rossberg@chromium.org
63f1970c6c Fix crasher in Object.getOwnPropertySymbols
R=arv@chromium.org, mstarzinger@chromium.org
BUG=346141
LOG=Y

Review URL: https://codereview.chromium.org/177883002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 12:01:34 +00:00
marja@chromium.org
94af17a845 Fix the bit massaging code in CompleteParserRecorder::WriteNumber.
The original code, added by
https://codereview.chromium.org/3384003/diff/7001/src/parser.cc 3.5 years ago,
failed to write numbers which contain a chunk of 7 zeroes in the middle. The
smallest such number is 2^14, so this is a problem if the source file to
preparse contains 16384 or more symbols (which happens in the wild).

This bug went unnoticed because the symbol data was not used by Parser (see
https://codereview.chromium.org/172753002/ for starting to use it again) and
there were no tests.

R=ulan@chromium.org
BUG=346221
LOG=y

Review URL: https://codereview.chromium.org/179433004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 11:51:02 +00:00
bmeurer@chromium.org
77f597d387 Don't eliminate loads with incompatible types or representations.
BUG=346343
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/179553002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19536 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:55:50 +00:00
ishell@chromium.org
6c1659becf Fix for a smi stores optimization on x64 with a regression test.
BUG=345715
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/178833002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:55:02 +00:00
dcarney@chromium.org
cb05cff594 negative bounds checking on realm calls
R=rossberg@chromium.org

LOG=N

BUG=344285

Review URL: https://codereview.chromium.org/169393002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:15:05 +00:00
marja@chromium.org
3d85b86e23 Lazy preparsing vs. lazy parsing fix.
Preparsing is always maximally lazy (every function that can be lazy is preparsed
lazily), but Parser has more complicated laziness logic.

If we're going to parse eagerly, and we have preparse data from lazy preparsing,
we're gonna have a bad time. The symbol stream won't contain symbols inside lazy
functions, and when the Parser parses them eagerly, it will consume symbols from
the symbol stream, and everything will go wrong.

This bug was hidden because the symbol cache was not used for real (see
https://codereview.chromium.org/172753002/ ).

R=ulan@chromium.org
BUG=346207
LOG=Y

Review URL: https://codereview.chromium.org/177973002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-24 17:48:09 +00:00
jkummerow@chromium.org
37b6fd07c1 Fix optimistic BCE to back off after deopt
BUG=v8:3176
LOG=n
R=danno@chromium.org

Review URL: https://codereview.chromium.org/177523002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-24 13:15:31 +00:00
m.m.capewell@googlemail.com
0468660b13 A64: Tidy up register use in TaggedToI
Fix bug where input register was potentially corrupted, tidy up register use in
TruncateDoubleToI and rename TryInlineTruncateDoubleToI.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/173663002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-21 11:36:04 +00:00
verwaest@chromium.org
84b366516e Don't turn objects with empty-string properties into fast-mode.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/165743003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-20 16:11:48 +00:00
marja@chromium.org
0a01afda76 Re-enable Parser::symbol_cache_ (after a long time!)
The Parser never used the symbol stream produced by the PreParser for anything
useful, due to a bug introduced 3.5 years ago by
https://codereview.chromium.org/3356010/diff/7001/src/parser.cc.

The bug is that calling Initialize on symbol_cache_ doesn't change its
length. So the length remains 0, and the "if" in Parser::LookupSymbol is always
true, and Parser::LookupCachedSymbol is never called and symbol_cache_ never
filled.

This bug also masked a bug that the symbol stream produced by PreParser doesn't
match what Parser wants to consume. The repro case is the following:

var myo = {if: 4}; print(myo.if);

PreParser doesn't log a symbol for the first "if", but in the corresponding
place, Parser consumes one symbol from the symbol stream. Since the consumed
symbols were never really used, this mismatch went unnoticed.

This CL also fixes that bug.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/172753002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19505 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-20 11:35:37 +00:00
alexandre.rames@arm.com
7d64aab1a1 A64: Introduce 'branch types' that extend the architectural conditions.
The branch types include 'always' and 'never', and types like reg_zero (CBZ) and
reg_bit_clear (TBZ).
This will be used by incoming improvements to the code generated for
deoptimization exit points.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/170783002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 16:13:09 +00:00
rossberg@chromium.org
0d34254f8d Upgrade Symbol implementation to match current ES6 behavior.
Refresh the implementation of Symbols to catch up with what the
specification now mandates:

* The global Symbol() function manufactures new Symbol values,
  optionally with a string description attached.

* Invoking Symbol() as a constructor will now throw.

* ToString() over Symbol values still throws, and
  Object.prototype.toString() stringifies like before.

* A Symbol value is wrapped in a Symbol object either implicitly if
  it is the receiver, or explicitly done via Object(symbolValue) or
  (new Object(symbolValue).)

* The Symbol.prototype.toString() method no longer throws on Symbol
  wrapper objects (nor Symbol values.) Ditto for Symbol.prototype.valueOf().

* Symbol.prototype.toString() stringifies as "Symbol("<description>"),
  valueOf() returns the wrapper's Symbol value.

* ToPrimitive() over Symbol wrapper objects now throws.

Overall, this provides a stricter separation between Symbol values and
wrapper objects than before, and the explicit fetching out of the
description (nee name) via the "name" property is no longer supported
(by the spec nor the implementation.)

Adjusted existing Symbol test files to fit current, adding some extra
tests for new/changed behavior.

LOG=N
R=arv@chromium.org, rossberg@chromium.org, arv, rossberg
BUG=v8:3053

Review URL: https://codereview.chromium.org/118553003

Patch from Sigbjorn Finne <sigbjornf@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 14:19:42 +00:00
mvstanton@chromium.org
73b679cbee Revert "Second attempt at introducing a premonomorphic state in the call"
This reverts commits r19463 and r19457 (includes MIPS port), there was a
Sunspider perf issue and on reflection we can achieve the necessary
result in a new way.

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/172383003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 13:55:25 +00:00
yangguo@chromium.org
139134acc2 Harmony: optimize Math.clz32.
R=svenpanne@chromium.org
BUG=v8:2938
LOG=N

Review URL: https://codereview.chromium.org/172133003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19487 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 13:51:49 +00:00
yangguo@chromium.org
84cf85598d Harmony: implement Math.cbrt, Math.expm1 and Math.log1p.
BUG=v8:2938
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/163563003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 13:49:59 +00:00
ishell@chromium.org
1342cb8b00 Bugfix in check elimination with a regression test.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/172173003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 12:34:50 +00:00
rossberg@chromium.org
13d99fe778 ES6: Tighten up Object.prototype.__proto__
The spec requires that we throw under certain conditions.

BUG=v8:3064
LOG=y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/103853006

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 11:59:05 +00:00
jkummerow@chromium.org
6e3b81a7b2 Fix Hydrogen bounds check elimination
When combining bounds checks, they must all be moved before the first load/store
that they are guarding.

BUG=chromium:344186
LOG=y
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/172093002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 10:30:39 +00:00
jacob.bramley@arm.com
6d9fcf1198 A64: Tidy up Push and Pop TODOs.
This addresses several TODOs:
  - Push and Pop requests can be queued up so that arrays of Registers
    can be pushed efficiently, with just one PrepareForPush/Pop.
  - PushMultipleTimes now takes an Operand. This allows variable-length
    arguments arrays to be initialized, for example.
  - A NoUseRealAbortsScope has been added to Abort so that
    AssertStackConsistency can be called from PrepareForPush without
    introducing infinite recursion.

BUG=
R=rmcilroy@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/170623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 09:43:45 +00:00
jarin@chromium.org
58d0682f8d Add filler at the new space top when forcing scavenge.
We only seem to force scavenge in our cctest test suite, so this is
expected to fix some flakiness in our tests, but it will not
improve stability of v8 itself.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/167423004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19460 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 16:34:52 +00:00
alph@chromium.org
b4354d6d88 DevTools: Drop kSinTable dependency off the heap profiler ArrayBuffer backing_store test
LOG=N
R=dslomov@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/170253008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 15:57:44 +00:00
mvstanton@chromium.org
5224c3d0f0 Second attempt at introducing a premonomorphic state in the call
target caches.

This time we don't go through the premonomorphic state for
the Array call target caches to avoid losing information from
allocation sites that aren't only used once, but where the
resulting array is used heavily.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/169683003

Patch from Kasper Lund <kasperl@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19457 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 15:33:34 +00:00
alph@chromium.org
1bace575f0 Allow self_size to be larger than 2GB in heap snapshots.
LOG=N
R=dslomov@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/166383002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 13:22:07 +00:00
alexandre.rames@arm.com
62116e2c12 A64: Let the MacroAssembler resolve branches to distant targets.
Code generation would fail when assembling a branch to a label that is bound
outside the immediate range of the instruction. A64 is sensitive to this, as the
various branching instructions have different ranges, going down to +-32KB for
TBZ/TBNZ.  The MacroAssembler is augmented to handle branches to targets that
may exceed the immediate range of instructions.

When branching backward to a label exceeding the instruction range, the
MacroAssembler can simply tweak the generated code to use an unconditional
branch with a longer range. For example instead of
    B(cond, &label);
the MacroAssembler can generate:
    b(InvertCondition(cond), &done);
    b(&label);
    bind(&done);

Since the target is not known when the branch is emitted, forward branches uses
a different mechanism. The MacroAssembler keeps track of forward branches to
unbound labels. When the code generation approaches the end of the range of a
branch, a veneer is generated for the branch.

BUG=v8:3148
LOG=Y
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/169893002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 13:15:32 +00:00
verwaest@chromium.org
60c08a8bf2 Directly store the transition target on LookupResult in TransitionResult.
BUG=chromium:343964
LOG=N
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/170343003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 12:19:32 +00:00
yangguo@chromium.org
be7b023a5c Harmony: implement Math.clz32
R=dslomov@chromium.org, svenpanne@chromium.org
BUG=v8:2938
LOG=N

Review URL: https://codereview.chromium.org/169783002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:49:35 +00:00
svenpanne@chromium.org
dbce27047e Fixed and improved code for integral division. Fixed and extended tests.
Arithmetic right shifting is *not* division in two's complement
representation, only in one's complement. So we convert to one's
complement, shift, and go back to two's complement. By permutating the
last steps, one can get efficient branch-free code. This insight comes
from the paleozoic era of computer science, see the paper from 1976:

   Guy Lewis Steele Jr.: "Arithmetic Shifting Considered Harmful"
   ftp://publications.ai.mit.edu/ai-publications/pdf/AIM-378.pdf

This results in better and more correct code than our previous
"neg/shift/neg" dance.

LOG=y
BUG=v8:3151
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/166793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:45:27 +00:00
yangguo@chromium.org
9ffe004ae4 Harmony: implement Math.fround.
R=jarin@chromium.org
BUG=v8:2938
LOG=N

Review URL: https://codereview.chromium.org/169513002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:43:06 +00:00
danno@chromium.org
000878d995 A64: fix cctest/test-code-stubs-a64/ConvertDToI.
R=danno@google.com

Review URL: https://codereview.chromium.org/169863002

Patch from Ulan Degenbaev <ulan@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 17:37:55 +00:00
danno@chromium.org
bedf702bcb Revert r19403: "A64: Tidy up Push and Pop TODOs."
Causes a64 debug asserts

TBR=jacob.bramley@arm.com,ulan@chromium.org

Review URL: https://codereview.chromium.org/169303007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 16:08:44 +00:00
dcarney@chromium.org
98d9db7ab3 build fix for 19415
TBR=jochen@chromium.org

BUG=

Review URL: https://codereview.chromium.org/169793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:46:29 +00:00
marja@chromium.org
73c4a61848 (Pre)Parser: Simplify NewExpression handling (fixed).
Notes:
- We use simple recursion to keep track of how many "new" operators we have seen
  and where.
- This makes the self-baked stack class PositionStack in parser.cc unnecessary.
- Now the logic is also unified between Parser and PreParser.
- This is a fixed version of r19386.

R=ulan@chromium.org
BUG=v8:3126
LOG=N

Review URL: https://codereview.chromium.org/168583008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19417 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:40:51 +00:00
alph@chromium.org
429ce41f4b Make a single HeapEntry per single JSArrayBuffer data in heap snapshot.
It turned out that JSArrayBuffer's may share their backing_store so
the backing_store should go through hash map registration just like
other heap objects, so they won't be reported twice.

BUG=341741
LOG=N
R=dslomov@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/166993002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:24:39 +00:00
dcarney@chromium.org
44b1aa4ea8 make a64 compile on mavericks - part 1
R=jochen@chromium.org

BUG=

Review URL: https://codereview.chromium.org/169523005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19415 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:20:54 +00:00
rmcilroy@chromium.org
f6e95dc928 A64 support for DoubleToIStub (truncating).
Added support for truncating DoubleToIStub and reorganize the macro-assembler
dToI operations to do the fast-path inline and the slow path by calling the
stub.

This a port essentially a port of https://codereview.chromium.org/23129003/.

R=jacob.bramley@arm.com, ulan@chromium.org

Review URL: https://codereview.chromium.org/160423002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19414 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 15:09:46 +00:00
mvstanton@chromium.org
8bcdbc354f Revert "Add a premonomorphic state to the call target cache."
This reverts commit r19402

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/169713002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19412 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 14:22:18 +00:00
jacob.bramley@arm.com
1634631ae4 A64: Tidy up Push and Pop TODOs.
This addresses several TODOs:
  - Push and Pop requests can be queued up so that arrays of Registers
    can be pushed efficiently, with just one PrepareForPush/Pop.
  - PushMultipleTimes now takes an Operand. This allows variable-length
    arguments arrays to be initialized, for example.
  - A NoUseRealAbortsScope has been added to Abort so that
    AssertStackConsistency can be called from PrepareForPush without
    introducing infinite recursion.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/169533002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 12:08:06 +00:00
mvstanton@chromium.org
be731e6c95 Add a premonomorphic state to the call target cache.
From a CL by kasperl: https://codereview.chromium.org/162903004/

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/163413003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 11:59:45 +00:00
jarin@chromium.org
4c7ed144e1 Comparison in effect context lazy deopt fix.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/163623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-16 05:51:10 +00:00
marja@chromium.org
0323bf9cd7 Revert "(Pre)Parser: Simplify NewExpression handling."
This reverts revision 19386.

Reason: Mozilla failures.

BUG=
TBR=ulan@chromium.org,marja@chromium.org

Review URL: https://codereview.chromium.org/164183006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 16:08:14 +00:00
ulan@chromium.org
6744ff61ae Fix dictionary element load to pass correct elements kind.
Using FAST_SMI_ELEMENTS triggers optimization on 64-bit architectures that load
only the higher 32 bits of the element. If the element is a pointer to undefined
that has 0 in the higher half than it is erroneously treated as SMI 0.

BUG=v8:3158
LOG=N
TEST=mjsunit/sparse-array-reverse,mjsunit/regress/regress-3158.js
R=danno@chromium.org, ishell@chromium.org

Review URL: https://codereview.chromium.org/166653005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 15:52:24 +00:00
marja@chromium.org
c532977da3 (Pre)Parser: Simplify NewExpression handling.
Notes:
- We use simple recursion to keep track of how many "new" operators we have seen
  and where.
- This makes the self-baked stack class PositionStack in parser.cc unnecessary.
- Now the logic is also unified between Parser and PreParser.
- It might have been a copy-paste artifact (ParseLeftHandSideExpression ->
  ParseMemberWithNewPrefixesExpression) that the logic was so complicated
  before.

R=ulan@chromium.org
BUG=v8:3126
LOG=N

Review URL: https://codereview.chromium.org/166943002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 15:33:10 +00:00
dcarney@chromium.org
0c844cc590 api accessor store ics should return passed value
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/166653003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19380 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 14:13:06 +00:00
yangguo@chromium.org
68c7523e63 Fix assignment of function name constant.
If it's shadowed by a variable of the same name and both are forcibly
context-allocated, the function is assigned to the wrong context slot.

R=rossberg@chromium.org
BUG=v8:3138
LOG=Y

Review URL: https://codereview.chromium.org/159903008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 12:40:47 +00:00
jarin@chromium.org
8acefb33fe Test and fix for polymorphic named call deoptimization.
The fix removes wrong simulates from the number branch of polymorphic
call/field access handling.

The change also fixes the same thing for polymorphic named field
access even thourgh the field access is probably safe in practice
(because it cannot deoptimize). It is better to keep all our simulates
in sync with full codegen.

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/166503002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 12:02:39 +00:00
marja@chromium.org
cd50687b41 (Pre)Parser: Move ParsePrimaryExpression to ParserBase.
Notes:
- To be able to move the recursive descent functions to ParserBase one at a
time, we temporarily need routing functions from traits to Parser/PreParser,
since the recursive descent functions form a cyclic structure.
- PreParser used to always allow intrinsic syntax. After this CL, it depends on
allow_natives_syntax() which was already in ParserBase.
- This CL also decouples (Pre)ParserTraits better from (Pre)Parser, passing more
information as parameters, so that the Traits don't need to get it from
(Pre)Parser.
R=ulan@chromium.org
BUG=v8:3126
LOG=N

Review URL: https://codereview.chromium.org/163333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 11:24:26 +00:00
yangguo@chromium.org
a676bc1bbf Fix typed array error message.
R=dslomov@chromium.org
BUG=v8:3159
LOG=N

Review URL: https://codereview.chromium.org/163293002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 09:33:03 +00:00
verwaest@chromium.org
e0960e19aa Fix polymorphic inlining of accessors in a test-context.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/164003002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 16:55:38 +00:00
m.m.capewell@googlemail.com
028ff21445 A64: Fix some int32 accesses in lithium
This fixes mjsunit/sin-cos. There are further int32 accesses being investigated.

BUG=
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/163553005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 15:49:01 +00:00
alph@chromium.org
4aabb8aeec Count ArrayBuffer's backing_store memory in heap snapshot.
BUG=341741
LOG=N
R=dslomov@chromium.org, loislo@chromium.org

Review URL: https://codereview.chromium.org/163593002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19356 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 15:31:39 +00:00
ishell@chromium.org
6bb57517c0 Restore of compare-objeq-elim test accidentally removed in r19229.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/162903005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 12:22:24 +00:00
ulan@chromium.org
01b275d989 Enable test-api/SetFunctionEntryHook for a64. It was fixed in r19297.
BUG=v8:3153
LOG=N
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/163243003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19352 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 10:56:10 +00:00
bmeurer@chromium.org
42c57ea94b Allow map check hoisting in GVN for stable maps.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/163263002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 10:47:00 +00:00
yangguo@chromium.org
fb22b7b05e Internalize string keys in Keyed{Store,Load}IC.
R=jkummerow@chromium.org
BUG=v8:3144
LOG=N

Review URL: https://codereview.chromium.org/162983003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19345 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 08:43:53 +00:00
rafaelw@chromium.org
6b5a4cdef2 V8 Microtask Queue & API
This patch generalizes Object.observe callbacks and promise resolution into a FIFO queue called a "microtask queue".

It also exposes new V8 API which exposes the microtask queue to the embedder. In particular, it allows the embedder to

-schedule a microtask (EnqueueExternalMicrotask)
-run the microtask queue (RunMicrotasks)
-control whether the microtask queue is run automatically within V8 when the last script exits (SetAutorunMicrotasks).

R=dcarney@chromium.org, rossberg@chromium.org, dcarney, rossberg, svenpanne
BUG=

Review URL: https://codereview.chromium.org/154283002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 22:04:19 +00:00
verwaest@chromium.org
161b2f689a Reland: "Use stability to only conditionally flush information from the CheckMaps table."
BUG=
R=ishell@chromium.org

Original CL: https://codereview.chromium.org/153823003

Review URL: https://codereview.chromium.org/153653007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:48:12 +00:00
verwaest@chromium.org
7b7e3658f7 Don't propagate information through phis in loop headers.
To properly do this, we'd have to iterate over CompareMaps (and their bodies) handling phis, until we have learned enough to decide which paths can be taken. For now, just disable learning from phis in loop headers.

BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/147023005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:30:41 +00:00
rmcilroy@chromium.org
26e8009997 [a64]: Disable failing sparse-array-reverse on a64 debug builds.
BUG=v8:3158
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/160633002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:22:28 +00:00
yangguo@chromium.org
6c4133a309 Fix test-heap/OptimizedPretenuringAllocationFolding wrt concurrent recompilation delay.
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/148063008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 16:18:18 +00:00
alph@chromium.org
887bd2850d Stack trace string should use dynamic script sourceURL if present.
BUG=v8:2342
R=dcarney@chromium.org, yurys@chromium.org, yurys
LOG=N

Review URL: https://codereview.chromium.org/143283015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19333 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:50:23 +00:00
verwaest@chromium.org
75432b7696 Revert "Use stability to only conditionally flush information from the CheckMaps table."
R=ishell@chromium.org

BUG=

Review URL: https://codereview.chromium.org/137863005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:38:42 +00:00
verwaest@chromium.org
2b7d33572a Use stability to only conditionally flush information from the CheckMaps table.
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/153823003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:07:41 +00:00
jarin@chromium.org
af29e31a11 Fix for (One|Two)ByteSeqStringSetChar evaluation order/deopt.
This makes the evaluation order consistent between full codegen
and Hydrogen (so that deopt does not screw up stack).

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/159983008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 13:31:24 +00:00
rmcilroy@chromium.org
6ef556bdff Clean up some A64 specific code in common code that was introduced by A64 merge
- Remove arch specific check macros
 - Remove duplicate code in code-stubs.h
 - Remove flag check in bootstrap.cc which was introduced for A64 bringup
 - Remove A64 specific test message expectations

R=rodolph.perfetta@arm.com, ulan@chromium.org

Review URL: https://codereview.chromium.org/134333011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19325 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 13:27:13 +00:00
jochen@chromium.org
b0fcc801e9 A64: Skip tests failing on gc stress bots
BUG=none
TBR=ulan@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/160353002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 12:18:36 +00:00
jochen@chromium.org
96a1886637 A64: Skip more known failures
TBR=ulan@chromium.org
BUG=none
LOG=n

Review URL: https://codereview.chromium.org/160073007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19318 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 11:57:50 +00:00
jochen@chromium.org
c2c9228c8a A64: Skip cctests failing in debug mode
TBR=ulan@chromium.org
BUG=none
LOG=n

Review URL: https://codereview.chromium.org/160303003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19314 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 10:29:18 +00:00
ulan@chromium.org
e95bc7eec8 Merge experimental/a64 to bleeding_edge.
BUG=v8:3113
LOG=Y
R=jochen@chromium.org, rmcilroy@chromium.org, rodolph.perfetta@arm.com

Review URL: https://codereview.chromium.org/148293020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 09:19:30 +00:00
marja@chromium.org
a4ea70009c Disable test-api/PreCompileInvalidPreparseDataError for NaCl.
More information: https://code.google.com/p/v8/issues/detail?id=3150

R=machenbach@chromium.org

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 08:20:07 +00:00
jarin@chromium.org
21bf99e53e Fix environment of the optimized version of the _SetValueOf intrinsic.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/158723006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 16:11:53 +00:00
ishell@chromium.org
994f0f6dda Fix for a smi stores optimization on x64 with a test case.
BUG=338425
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/152923006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19288 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 16:02:18 +00:00
dcarney@chromium.org
ce789e8890 Add more test cases for api function inlining
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/154283003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19278 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 12:49:15 +00:00
marja@chromium.org
f59ac1cba5 Move ParseRegexpLiteral to ParserBase.
R=ulan@chromium.org
BUG=v8:3126
LOG=N

Review URL: https://codereview.chromium.org/156423005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 11:51:01 +00:00
yangguo@chromium.org
0870702436 Harmony: fix spec violation in Math.cosh.
R=jarin@chromium.org
BUG=v8:3141
LOG=N

Review URL: https://codereview.chromium.org/159353003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19272 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 11:48:32 +00:00
yangguo@chromium.org
ab2aaac110 Disable concurrent osr for test-mark-compact/BootUpMemoryUse.
If --concurrent-osr is on, it will imply --concurrent-recompilation, even
though it's expected to be disabled.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/143183006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19271 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 11:47:38 +00:00
yangguo@chromium.org
f78bfaa857 Fix spec violations in JSON.stringify wrt replacer array.
R=verwaest@chromium.org
BUG=v8:3135
LOG=Y

Review URL: https://codereview.chromium.org/146623009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 10:45:39 +00:00
marja@chromium.org
d74fd20fca Traitify ParserBase and move functions there.
(Second try, with fixes. First try: https://codereview.chromium.org/149913006/ )

The long-term goal is to move all recursive descent functions from Parser and
PreParser into ParserBase, but first they need to be unified.

Notes:
- The functions moved in this CL: ParseIdentifier, ParseIdentifierName,
ParseIdentifierNameOrGetOrSet, ParseIdentifierOrStrictReservedWord.
- IOW, this CL removes Parser::ParseIdentifier and PreParser::ParseIdentifier
and adds ParserBase::ParseIdentifier, etc.
- Error reporting used to require virtual funcs; now error reporting is moved to
the Traits too, and ParserBase no longer needs to be virtual.
- I had to move PreParser::Identifier out of the PreParser class, because
otherwise PreParserTraits cannot use it in a typedef.

BUG=v8:3126
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/158913003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 09:35:32 +00:00
mvstanton@chromium.org
95ad971d0f Fix gcstress test failure
Map collection complicates a test that wants to assert on code opt/deopt
because of prototype-chain changes. It can happen that a gc occurs
in the stack guard at the start of optimized function foo that deopts
function foo because of a map being collected and deoptimizing it's
dependent code.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/159653002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 09:06:13 +00:00
mvstanton@chromium.org
516ed9fa90 Adding a type vector to replace type cells.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/137403009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 21:38:17 +00:00
plind44@gmail.com
8920f345c7 MIPS: Add NaN test to cctest/test-macro-assembler-mips.
NaN value is different on MIPS and x86 architectures, and TEST(NaNx)
tests checks the case where a x86 NaN value is serialized into the snapshot
on the simulator during cross compilation.

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/144473008

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 19:46:34 +00:00
marja@chromium.org
d8b8628f39 Revert "Traitify ParserBase and move functions there."
This reverts commit r19230.

Reason: Build failures on NaCl.

BUG=
TBR=marja@chromium.org,mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/158873006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19234 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 16:21:11 +00:00
marja@chromium.org
71a6d70d97 Traitify ParserBase and move functions there.
The long-term goal is to move all recursive descent functions from Parser and
PreParser into ParserBase, but first they need to be unified.

Notes:
- The functions moved in this CL: ParseIdentifier, ParseIdentifierName,
ParseIdentifierNameOrGetOrSet, ParseIdentifierOrStrictReservedWord.
- IOW, this CL removes Parser::ParseIdentifier and PreParser::ParseIdentifier
  and adds ParserBase::ParseIdentifier, etc.
- Error reporting used to require virtual funcs; now error reporting is moved to
  the Traits too, and ParserBase no longer needs to be virtual.
- I had to move PreParser::Identifier out of the PreParser class, because
otherwise PreParserTraits cannot use it in a typedef.

BUG=v8:3126
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/149913006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 15:35:39 +00:00
ishell@chromium.org
f46da9d43b Reland of r19102: Check elimination improvement: propagation of state through phis is supported, CheckMap narrowing implemented with tests.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/146623006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 15:32:54 +00:00
yangguo@chromium.org
b618d2a42a Fix inconsistencies wrt whitespaces.
This relands r19196 with fixes.

BUG=v8:3109
LOG=Y
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/141323007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 12:43:10 +00:00
mstarzinger@chromium.org
23bfeabcfd Remove duplicate third-party test cases.
Some of the third-party test cases in the mjsunit test suite were
originally taken from WebKit and are now fully covered by the equally
named test suite.

Mapping of test cases:
 - array-isarray.js -> test/webkit/Array-isArray.js
 - array-splice-webkit.js -> test/webkit/array-splice.js

R=machenbach@chromium.org
BUG=

Review URL: https://codereview.chromium.org/158803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 11:29:59 +00:00
marja@chromium.org
ff1c294cf9 Unify (Pre)Parser::ParseTryStatement.
Notes:
- This makes Parser and PreParser produce the same errors with the added test
cases (this was not the case before).
- ParseBlock already does Expect(Token::LBRACE), so no need to check it twice.

BUG=v8:3126
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/148233011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 08:45:13 +00:00
rossberg@chromium.org
e8175a3e9f Revert "Make Function.length and Function.name configurable properties."
Plenty of test failures on test262, Mozilla, Webkit. Will have to investigate.

TBR=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/139983003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 15:29:18 +00:00
rossberg@chromium.org
7317b71f02 Make Function.length and Function.name configurable properties.
ES6 makes the Function object properties "length" and "name"
configurable; switch the implementation over to follow that.

Doing so exposed a problem in the handling of non-writable, but
configurable properties backed by foreign callback accessors
internally. As an optimization, if such an accessor property is
re-defined with a new value, its setter was passed the new value
directly, keeping the property as an accessor property. However, this
is not correct should the property be non-writable, as its setter will
then simply ignore the updated value. Adjust the enabling logic for
this optimization accordingly, along with adding a test.

LOG=N
R=rossberg@chromium.org, rossberg
BUG=v8:3045

Review URL: https://codereview.chromium.org/116083006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 14:55:30 +00:00
yangguo@chromium.org
db1a685b8f Revert "Fix inconsistencies wrt whitespaces."
This reverts r19196.

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/147443008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 14:13:00 +00:00
marja@chromium.org
caa727711f Unify function parameter checking in PreParser and Parser.
This also makes the "delayed strict mode violations" mechanism in PreParser
unnecessary.

The attached tests didn't pass before this CL but now they do.

BUG=v8:3126
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/157453003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19197 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 12:44:45 +00:00
yangguo@chromium.org
d0f57e1195 Fix inconsistencies wrt whitespaces.
\u0085 (NEL) is now considered a whitespace in accordance to http://www.unicode.org/Public/6.3.0/ucd/PropList.txt

R=mstarzinger@chromium.org
BUG=v8:3109
LOG=Y

Review URL: https://codereview.chromium.org/146983007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 12:34:45 +00:00
svenpanne@chromium.org
5f8105af3c Make LeakSanitizer happy, part 3.
Fixed a few more cctests and removed some which were broken for ages
and/or tested nothing useful anymore.

Note that cctests are now fully LeakSanitized (at least on x64)!

R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/157463002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 12:17:45 +00:00
marja@chromium.org
7a53841cd1 Add regression tests for PrePreparser.
These tests ensure that PreParser doesn't start producing less data when it's
getting refactored.

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/157373002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 10:28:00 +00:00
marja@chromium.org
5b890419f5 Unify PreParser::ParseIdentifierName and Parser::ParseIdentifierName.
No special handling for keywords is needed, since the literal ascii strings for
them work too (see how Parser did it).

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/152853006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19184 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 08:45:28 +00:00
svenpanne@chromium.org
cb6e1b4536 Win64 fixes.
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/157243004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 07:44:19 +00:00
svenpanne@chromium.org
bda84eaf23 Make LeakSanitizer happy, part 2. Fixed register usage on the way.
Note that according to the System V ABI for AMD64, rbx must be
preserved across calls. We actually crash with clang in the x64
assembler tests without that fix, we were lucky with GCC.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/144313017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 07:06:13 +00:00
rafaelw@chromium.org
41039c4f13 Revert "Implement Microtask Delivery Queue"
TBR=adamk,rossberg
BUG=

Review URL: https://codereview.chromium.org/150103012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 01:08:50 +00:00
rossberg@chromium.org
01f5601129 ES6: Remove __proto__ setter poison pill
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-set-object.prototype.__proto__

The __proto__ setter should be reusable on other objects.

BUG=v8:2804
LOG=y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/103343005

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 16:09:45 +00:00
marja@chromium.org
42ea494cd6 Redo r19140 with better efficiency.
Still relevant parts of the original commit message:

Unify paren handling in Parser and PreParser.

It is only needed in (Pre)Parser::ParseExpressionOrLabelledStatement for not
recognizing parenthesized identifiers as labels and in
(Pre)Parser::ParseSourceElements for not recognizing a parenthesized string as
directive prologue.

Parser Expressions don't keep track of whether they're parenthesized, so
PreParser Expressions shouldn't either.

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/148323011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 13:12:10 +00:00
jarin@chromium.org
476881ce5b Test and fix for _CallFunction intrinsic deoptimization.
I have also cleaned up HOptimizedGraphBuilder::GenerateCallFunction
to use IfBuilder.

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/131343013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 12:42:26 +00:00
marja@chromium.org
e6bc60c98d Revert "Unify paren handling in Parser and PreParser."
This reverts r19140.

Reason: Octane regression.

BUG=
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/156673002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 11:59:16 +00:00
dcarney@chromium.org
12039c97c6 swap in global proxy on accessors
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/156623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 10:50:07 +00:00
marja@chromium.org
76646e88ed Unify paren handling in Parser and PreParser.
It is only needed in (Pre)Parser::ParseExpressionOrLabelledStatement for not
recognizing parenthesized identifiers as labels and in
(Pre)Parser::ParseSourceElements for not recognizing a parenthesized string as
directive prologue.

Parser Expressions don't keep track of whether they're parenthesized, so
PreParser Expressions shouldn't either.

In addition, add helper funcs for checking if an Expression is identifier or a
given identifier. (PreParser Expressions can do this.)

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/150103004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 10:30:02 +00:00
jarin@chromium.org
eb502fe599 Binary operation deoptimization fix.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/132453009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 09:36:55 +00:00
dcarney@chromium.org
6df537d631 inline api setters in crankshaft
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/155913002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 07:31:08 +00:00
svenpanne@chromium.org
f0bf110448 Make LeakSanitizer happy, part 1.
Bumped an assembler buffer on the way, it is necessary for some combinations of debugging flags.

Note that the allocation profiler still leaks, this is handled in a separate CL.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/152643006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19128 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 07:16:41 +00:00
marja@chromium.org
8150464209 Make strict more error messages about "eval" and "arguments" less specific.
We used to have error messages which provide context, like "Variable name may
not be eval or arguments in strict mode", but for other illegal words we only
have non-context specific error messages like "Unexpected reserved word".

Providing the context makes the code unnecessarily complex, since every
individual place must remember to check for eval or arguments. This CL produces
a unified error message ("Unexpected eval or arguments in strict mode"), and puts
the error reporting to (Pre)Parser::ParseIdentifier.

Notes:

- The module feature is so experimental, that I decided to not allow "eval" or
"arguments" as module-related identifiers in the strict mode (even though this
check wasn't there before).

- Unfortunately, there were some inconsistencies, since it was the
responsibility of the caller of ParseIdentifier to check "eval" and "arguments"
and some places didn't have the check for no good reason. This CL is supposed to
keep backward compatibility and *not* introduce any new errors.

- ECMA allows "eval" and "arguments" as labels even in strict mode. (Syntax:
"LabelledStatement: Identifier : Statement", and no strict mode restrictions on
Identifier are listed.)

- Tests which compare error message strings will fail, and need to be updated.

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/152813005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19112 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-05 16:26:48 +00:00
dcarney@chromium.org
5028ebaa8b inline api getters in crankshaft
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/146023004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-05 15:52:31 +00:00
marja@chromium.org
14a90fcc57 Better tests for the Parser / Preparser unification.
We need a way to assert that for a given source code snippet, an error *is*
produced or *is not* produced. Otherwise we might accidentally create new
errors or start accepting code which was previously not accepted. Just checking
that Parser and PreParser produce the same result doesn't cut it.

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/154243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19107 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-05 15:30:01 +00:00
verwaest@chromium.org
7dc05b57fd Move failing ASSERT on ARM to a more sane place.
Objects can actually be stored into themselves. This fails when no write
barrier is needed (eg, the object was just allocated).

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/148733005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-05 10:12:14 +00:00
yangguo@chromium.org
f6d1a4fef1 Allow externalizing strings in old pointer space.
This is what I think is a better solution to the "external strings in
old pointer space" problem. Basically, it is an issue because GC scans
all fields of objects in old pointer space and if the cached address
of the backing store is unaligned, it looks like a heap object, boom.

The solution here is to use short external strings when we externalize
a string in old pointer space, and when the address is unaligned.
Short external strings don't cache the address, so GC has no issues.

BUG=268686
LOG=Y
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/146183006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-05 09:29:04 +00:00
marja@chromium.org
dd539775d7 Test for miscellaneous (pre)parse errors.
BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/154133002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19092 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-05 08:38:26 +00:00
rafaelw@chromium.org
7de9fc0a12 Implement Microtask Delivery Queue
R=rossberg@chromium.org, rossberg
BUG=

Review URL: https://codereview.chromium.org/131413008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 19:58:49 +00:00
marja@chromium.org
23cbf27e12 Tests for (pre)parse errors when "yield" is found in inappropriate places.
In addition:
- Fix: PreParser used to report an unexpected token one token too late when
ParsePrimaryExpression failed.
- Unified identifier handling (PreParser::GetIdentifier is now like Parser::GetIdentifier).
- Fix: PreParser used to produce "unexpected_token YIELD" errors when Parser
produced "unexpected_token_identifier"; fixed PreParser to match Parser.

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/151103006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 18:16:45 +00:00
marja@chromium.org
35354cb9b7 Tests and fixes for (pre)parse errors related to future reserved words.
This contains the following fixes:
- PreParser was using an error "reserved_word" which doesn't exist in
messages.js. Changed it to "unexpected_reserved".

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/153793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 16:38:47 +00:00
palfia@homejinni.com
5859e4d488 MIPS: Fix test-assembler-mips/MIPS10 test.
cvt_l_d() and cvt_d_l() instructions are replaced to cvt_w_d() and ctv_d_w() because kernel FPU emulator generates illegal instruction for double <-> long conversions.

BUG=
R=jkummerow@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/133363005

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 14:05:46 +00:00
svenpanne@chromium.org
c270bad71e Don't access stack-allocated variable when it is out of scope. Enable Isolate cleanup in cctests again.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/146973005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 12:23:30 +00:00
marja@chromium.org
443e645a2d Tests and fixes for (pre)parse errors related to strict reserved words.
This contains the following fixes:

- We had strict_reserved_word and unexpected_strict_reserved, which one to use
was totally mixed in Parser and PreParser. Removed strict_reserved_word.
- When we saw a strict future reserved word when expecting something completely
different (such as "(" in "function foo interface"), Parser reports unexpected
identifier, whereas PreParser used to report unexpected strict reserved
word. Fixed PreParser to report unexpected identifier too.
- Unified parser and preparser error locations when the name of a function is a
strict reserved word. Now both point to the name.

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/149253010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19067 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 12:19:53 +00:00
hpayer@chromium.org
e5c7f4eff1 Added a test which installs a poisonous memento right after the new space top pointer.
BUG=
R=bmeurer@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/152813003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 12:10:30 +00:00
alph@chromium.org
efee3b8608 Add Box object to heap profiler.
LOG=Y
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/143343006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19063 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 11:43:19 +00:00
marja@chromium.org
2794955852 Tests for (pre)parse errors when "eval" and "arguments" are found in inappropriate places.
In addition:
- Fix a bug in parser discovered by the tests (prefix and postfix confused in an
error message); the preparser had it right.
- Unify the parser and preparser error locations when the name of a function is
"eval" or "arguments. Now both point to the name.

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/153693002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19062 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 11:26:19 +00:00
marja@chromium.org
f62ef25c08 Revert "Tests for (pre)parse errors when "eval" and "arguments" are found in inappropriate places."
Reason: The fixed error message broke some tests.

This reverts r19050.

BUG=
TBR=ulan@chromium.org

Review URL: https://codereview.chromium.org/153673002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 10:00:36 +00:00
jkummerow@chromium.org
a550a188e0 Add per-file OWNERS for MIPS-specific cctests
R=danno@chromium.org

Review URL: https://codereview.chromium.org/148923003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19052 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 09:53:26 +00:00
dslomov@chromium.org
a03d31394c Check the offset argument of TypedArray.set for fitting into Smi.
R=jkummerow@chromium.org
BUG=340125
LOG=Y

Review URL: https://codereview.chromium.org/145623009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 09:53:05 +00:00
marja@chromium.org
9aa05b0997 Tests for (pre)parse errors when "eval" and "arguments" are found in inappropriate places.
In addition:
- Fix a bug in parser discovered by the tests (prefix and postfix confused in an
  error message); the preparser had it right.
- Unify the parser and preparser error locations when the name of a function is
  "eval" or "arguments. Now both point to the name.

BUG=3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/140543003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19050 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 09:47:30 +00:00
svenpanne@chromium.org
681289e0d6 Revert "Dispose Isolate at end of cctest."
Things work locally, only the waterfall is unhappy for some arcane reason.
Investigating...

TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/133193006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19049 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 09:41:21 +00:00
svenpanne@chromium.org
4a4e64d6c7 Dispose Isolate at end of cctest.
No measurable change in test running time, we clean up only trivial
known things at disposal time and do not walk the heap, run real
finalizers, etc.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/135153007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19047 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 08:30:35 +00:00
yangguo@chromium.org
9e70f6a4e7 Fix short-circuiting logical and/or in HOptimizedGraphBuilder.
R=jkummerow@chromium.org
BUG=336148
LOG=Y

Review URL: https://codereview.chromium.org/143263022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 14:29:34 +00:00
verwaest@chromium.org
db7124dc28 Return a valid map for PropertyAccessInfos with Boolean type.
BUG=340064
LOG=N
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/152603002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 10:20:32 +00:00
yangguo@chromium.org
6f95c0b11b [x64] add disasm for two fp instructions
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/146583002

Patch from Weiliang Lin <weiliang.lin@intel.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 08:13:12 +00:00
svenpanne@chromium.org
16bcd43187 More cctest fixes regarding lifetime/ownership.
* Avoid double-free in cctest/test-api/RegExpInterruption.

   * Avoid incorrect zone fiddling in cctest/test-strings.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/144533005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 07:29:23 +00:00
machenbach@chromium.org
d34938fe34 Fix expectations for new regression test.
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/150853004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19013 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-01 09:56:20 +00:00
verwaest@chromium.org
eab6854faa Adjust test expectations to new error on method not found
BUG=
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/151483004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 17:39:59 +00:00
verwaest@chromium.org
ae7a209e71 Remove CallICs
BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/148223002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:52:17 +00:00
machenbach@chromium.org
30fb7b83b3 [Sheriff] Mark new regression test flaky on linux 32.
BUG=
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/148483004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:47:52 +00:00
jarin@chromium.org
3c2363f4b4 Simpler repro for bug 2989.
We do not correctly handle accesses to f.arguments after one
of the argument has changed (where f is crankshafted).

R=machenbach@chromium.org
BUG=v8:2989
LOG=n

Review URL: https://codereview.chromium.org/151403003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:12:58 +00:00
machenbach@chromium.org
5d14639576 Migrate crashing tests from blink repository.
TBR=bmeurer@chromium.org
BUG=237872
LOG=n

Review URL: https://codereview.chromium.org/144533006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18996 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 14:31:43 +00:00
machenbach@chromium.org
275437023f [Sheriff] Mark new regression test as flaky.
BUG=336820
LOG=n
R=bmeurer@chromium.org
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/139923007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 13:56:00 +00:00
bmeurer@chromium.org
3214cf11ff Don't crash in Array.join() if the resulting string exceeds the max string length.
LOG=y
BUG=336820
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/144533003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18986 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:21:17 +00:00
ishell@chromium.org
2aa17c6e62 Load elimination fix: load should not be replaced with another load if the former is not dominated by the latter.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/151333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18985 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:03:32 +00:00
svenpanne@chromium.org
2daf43ac13 Once again: Fixed some lifetime/ownership issues in cctest
* Fixed lifetime issue in cctest/test-heap-profiler/HeapSnapshotJSONSerialization.

   * Fixed ownership issue in cctest/test-api/ContainsOnlyOneByte.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/142553005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:59:50 +00:00
hpayer@chromium.org
27c385bf69 Revert "[Sheriff] Mark profviz flaky on GC stress."
This reverts commit f70687c1e5ef15254887e0619939e25a834e936e.

BUG=
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/148493006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:59:22 +00:00
svenpanne@chromium.org
0cb5fd3d3e Implements ES6 String.prototype.normalize method.
BUG=v8:2943
LOG=Y
TEST=Unit tests for "real life" use cases, edge cases, various types of normalization.

==========================

This is identical to the previous CL
   https://codereview.chromium.org/40133004/
with two differences:
 * Added a dummy implementation of String.prototype.normalize to be used when v8 is compiled without intl support
 * Rebased the the test files for webkit. That was the only reason for the previous failure (and revert).

Thank you,
Mihai

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/68133016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 08:09:17 +00:00
svenpanne@chromium.org
39d1534d66 Fixed a few lifetime/ownership issues in cctest/test-api.
* Fixed CompileExternalTwoByteSource: Registered resources should
     better still be alive when they are accessed.

   * Fixed ownership in cctest/test-api/VisitExternalStrings.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/139923003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 07:29:25 +00:00
verwaest@chromium.org
bef13f739c Fix regression caused by supporting inlining accesses to non-JSObjects
TBR=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/150983002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 00:29:04 +00:00
plind44@gmail.com
51107bad1c Skip webkit/function-apply-aliased.js when running on simulators.
The webkit/function-apply-aliased.js test fails on simulators (both MIPS
and ARM) as the printed output does not match to the expected. The
failing test forces a stack overflow exception and the ToString()
operation of the exception object fails because of an other stack
overflow and returns an empty string.

The problem is that on hardware a common JS and C stack is used so the
stack overflow can be caught in C functions also while on simulator
separated JS and C stacks are used.

This patch adds a "sim" condition to test .status files to skip tests
only on simulator.

LOG=N
BUG=v8:3124
R=jkummerow@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/139233005

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18959 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 18:04:33 +00:00
dcarney@chromium.org
5c589640bf crankshaft support for api method calls
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/148333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18946 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 13:18:41 +00:00
machenbach@chromium.org
c3c064360d Disable unsuitable tests in ASAN mode.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/148963010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 12:52:22 +00:00
alph@chromium.org
9e3af5a4db Add global_context field to GlobalObject in heap profiler.
LOG=N
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/143263015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 12:17:21 +00:00
verwaest@chromium.org
73529a7d14 Support loads from primitive values.
This also changes load computation to use HeapTypes rather than Maps.
TODO: move conversion between maps and heaptypes earlier in the process, already in the oracle.

BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/147763006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 11:30:38 +00:00
svenpanne@chromium.org
0c2c9ece90 Make sure we delete[] what we got from new[], not one byte after it.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/150213002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18937 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 10:53:20 +00:00
jarin@chromium.org
99ce5a2484 The current
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).

The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.

Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function.  This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).

We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once.  The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address.  Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones.  Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).

Concerns:

- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)

- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.

- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer.  However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.

Thanks for any feedback.

R=danno@chromium.org, mstarzinger@chromium.org
LOG=N
BUG=

Committed: https://code.google.com/p/v8/source/detail?r=18918

Review URL: https://codereview.chromium.org/103243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 10:33:53 +00:00
machenbach@chromium.org
32f45eb7df Fix test expectations for cctest/test-debug.
BUG=v8:3125
R=bmeurer@chromium.org
TBR=verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/150173003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 10:16:54 +00:00
machenbach@chromium.org
f815198288 [Sheriff] Mark profviz flaky on GC stress.
BUG=
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/149763002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 20:50:51 +00:00
alph@chromium.org
c911ec3322 Do not overwrite builtin code names in heap profiler
Make sure builtin code objects get their builtin tags
first. Otherwise a particular JSFunction object could set
its custom name to a generic builtin.

LOG=N
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/145973006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 17:03:13 +00:00
machenbach@chromium.org
953470bdf8 [Sheriff] Mark test-debug/* as flaky on Mac.
Now including release mode.

BUG=v8:3125
LOG=n
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/149623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18925 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 16:59:50 +00:00
jarin@chromium.org
ec51f26b9e Revert "Captured arguments object materialization"
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/130803009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:49:48 +00:00
machenbach@chromium.org
1f346769c1 Don't parallelize tests that register extensions.
These tests register extensions on the isolate and the configuration of the extensions runs out of scope. If run in parallel, other tests access the isolate's state and read the registered extensions.

BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/149413005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:29:58 +00:00
machenbach@chromium.org
2eb89824b5 [Sheriff] Mark test-debug/* as flaky on Mac.
BUG=v8:3125
LOG=n
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/135183015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:15:37 +00:00
jarin@chromium.org
868ad01ecb This is a preview of the captured arguments object materialization,
mostly to make sure that it is going in the right direction. The current
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).

The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.

Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function.  This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).

We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once.  The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address.  Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones.  Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).

Concerns:

- Is there a simpler/more correct way to store the already-materialized
objects? (At the moment there is a custom root reference to JSArray
containing frames' FixedArrays with their captured objects.)

- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)

- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.

- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer.  However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.

Thanks for any feedback.

R=mstarzinger@chromium.org, danno@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/103243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:14:15 +00:00
machenbach@chromium.org
3b8b18c39c Skip Mozilla tests with timeouts.
- Let Mozilla tests with timeouts always run in no-variants mode. Otherwise the stress-run causes a 16 minutes timeout in debug mode and 32 minutes on arm debug.
- Four test cases with exponentially long running regular expressions are skipped entirely.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/148913006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18916 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:13:45 +00:00
alph@chromium.org
5a2fe0a670 Mark next_code_link as weak in heap profiler.
LOG=N
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/136113007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 13:45:41 +00:00
svenpanne@chromium.org
abe807db7f ES6: Map and Set needs to normalize minus zero
BUG=v8:3069
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/147143003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 07:27:05 +00:00
ishell@chromium.org
d330d4801d Load elimination fix with a test case.
R=titzer@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/143413019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-28 16:45:04 +00:00
mvstanton@chromium.org
371d6f6a98 We shouldn't throw under FLAG_debug_code, rather abort.
Throwing under FLAG_debug_code confuses the rest of our infrastructure
which expects a safe point at the site of call into the runtime
for throw. We were doing that to make a clusterfuzz test happy, but
the better solution is to assert/abort under debug_code, and prevent
clusterfuzz from fuzzing on internal APIs that crash on incorrect
values.

We'll need to alter the fuzzer to turn off fuzzing for:

string-natives.js
lithium/SeqStringSetChar.js
regress/regress-seqstrsetchar-ex3.js
regress/regress-seqstrsetchar-ex1.js
regress/regress-crbug-320922.js

So as to prevent the fuzzer from running
%_OneByteSeqStringSetChar() and
%_TwoByteSeqStringSetChar().

BUG=
R=hpayer@chromium.org, machenbach@chromium.org

Review URL: https://codereview.chromium.org/139903005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18878 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-28 11:53:11 +00:00
ishell@chromium.org
1776dffa56 Make String.prototype.{starts,ends}With throw when passing a regular expression
Contributed by Mathias Bynens <mathiasb@opera.com>.

TEST=mjsunit/harmony
BUG=v8:3070
LOG=Y
R=arv@chromium.org, ishell@chromium.org

Review URL: https://codereview.chromium.org/120683002

Patch from Mathias Bynens <mathiasb@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18870 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-28 10:31:05 +00:00
hpayer@chromium.org
9e462504fb Turn off global pretenuring when allocation site pretenuring is in use.
BUG=
R=mstarzinger@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/133803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18868 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-28 09:47:03 +00:00
machenbach@chromium.org
fd4a006eb3 [Sheriff] Fix status file entry.
BUG=
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/148183007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18861 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 16:46:16 +00:00
hpayer@chromium.org
e624346e68 Skip regression test 320948 temporarily.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/131503008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 15:59:10 +00:00
hpayer@chromium.org
86cf9ca690 Enable concurrent sweeping.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/146833012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 14:37:22 +00:00
dcarney@chromium.org
d2a4bd32fb don't anger clang
R=svenpanne@chromium.org

BUG=

Review URL: https://codereview.chromium.org/141433016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18848 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 10:06:37 +00:00
alph@chromium.org
89ffd30537 Allow arbitrary names for weak references in heap snapshots.
LOG=N
BUG=
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/146843003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 09:37:02 +00:00
dcarney@chromium.org
1b30de8b55 Fix issue with context not being saved on x64 introduced in 144543004
TBR=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/143333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18845 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 08:12:59 +00:00
bmeurer@chromium.org
361095d397 Revert "Allow arbitrary names for weak references in heap snapshots."
This reverts commit r18838 for breaking build with clang. Errors are:

../../src/heap-snapshot-generator.cc:1217:53: error: empty macro arguments were standardized in C99 [-Werror,-pedantic]
    EXTRACT_CONTEXT_FIELD(OPTIMIZED_FUNCTIONS_LIST, , optimized_functions_list);
../../src/heap-snapshot-generator.cc:1218:48: error: empty macro arguments were standardized in C99 [-Werror,-pedantic]
    EXTRACT_CONTEXT_FIELD(OPTIMIZED_CODE_LIST, , optimized_code_list);
../../src/heap-snapshot-generator.cc:1219:50: error: empty macro arguments were standardized in C99 [-Werror,-pedantic]
    EXTRACT_CONTEXT_FIELD(DEOPTIMIZED_CODE_LIST, , deoptimized_code_list);
../../src/heap-snapshot-generator.cc:1220:46: error: empty macro arguments were standardized in C99 [-Werror,-pedantic]
    EXTRACT_CONTEXT_FIELD(NEXT_CONTEXT_LINK, , next_context_link);

TBR=alph@chromium.org

Review URL: https://codereview.chromium.org/145583003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 06:47:42 +00:00
alph@chromium.org
f4a470d5bb Allow arbitrary names for weak references in heap snapshots.
LOG=N
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/145353003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 17:18:34 +00:00
dslomov@chromium.org
1a67b7f86a External Array renaming and boilerplate scrapping
Replaced symbolic names with correct JS name (byte -> int8, unsigned int -> uint32 etc).
Using macros to scrap the boilerplate
BUG=
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/145133013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 16:01:15 +00:00
alph@chromium.org
01a6c8ae35 Mark weak fields of JSArrayBuffer and JSArrayBufferView as weak in heap snapshot.
BUG=337144
LOG=N
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/138443009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 15:10:09 +00:00
rossberg@chromium.org
fa0f929fee Use rand not random
Should make VS happier.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/145173012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:58:11 +00:00
verwaest@chromium.org
21532ddfdc Reland ArrayPop / ArrayPush.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/138443012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:47:53 +00:00
rossberg@chromium.org
2311b678ae Type representation converter
R=danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/145083007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:47:47 +00:00
machenbach@chromium.org
cde3ed1fe3 Speed up some mjsunit test cases and clean up test expectations for arm and mips.
Many skipped test cases already run very fast. Removing the corresponding expectations.

BUG=
R=jkummerow@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/138503008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:36:45 +00:00
jkummerow@chromium.org
ee4e034d70 Revert broken ArrayPop changes
This reverts:
r18749 "Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."",
r18790 "Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.", and
r18798 "MIPS: Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft."

For causing crashes on Canary.

BUG=chromium:337686
LOG=N
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/146003006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 08:32:50 +00:00
machenbach@chromium.org
ca0d99196d Disable SetAllocationTimeout in fuzz-natives test since it has varargs.
BUG=
R=mstarzinger@chromium.org
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/145803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 16:33:35 +00:00
verwaest@chromium.org
6b60546b16 Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/137693003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 16:20:25 +00:00
hpayer@chromium.org
83a1df2354 Remove Heap::MaxRegularSpaceAllocationSize and use Page::MaxRegularHeapObjectSize instead.
BUG=
R=mstarzinger@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/141653016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 13:02:27 +00:00
hpayer@chromium.org
a92e87e100 Make the full object memory size of a page available for a single allocation.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/145493004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 12:13:20 +00:00
machenbach@chromium.org
c159485fb1 [Sheriff] Temporarily mark test as flaky.
BUG=
TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/145593002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 10:54:30 +00:00
dslomov@chromium.org
2f005e1384 Fix clang build.
See http://blog.llvm.org/2009/12/dreaded-two-phase-name-lookup.html.

TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/134643025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 15:06:36 +00:00
verwaest@chromium.org
c478b6dc60 Ensure we don't overwrite transitions in SetPropertyIgnoreAttributes.
BUG=326155
LOG=y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/134733011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 14:02:00 +00:00
palfia@homejinni.com
787aa693e3 MIPS: Add missing cctests of DoubleToIStub (r16322).
BUG=
R=jkummerow@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/143453003

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 13:44:00 +00:00
verwaest@chromium.org
f30330325e Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/144913003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 13:22:58 +00:00
hpayer@chromium.org
1474d0510f Increase the number of allocations in OptimizedPretenuringdoubleArrayLiterals test to make sure that pretenuring decisions are not flaky on the tests bots.
BUG=

Review URL: https://codereview.chromium.org/129783006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 12:59:25 +00:00
dslomov@chromium.org
33d7e64b51 ES6: Implement Object.setPrototypeOf
This reverts commit bdc89ae76c15f3ef2626f8849744500248aec3ba.

This is a revert of the revert with test/webkit updated as needed.

Original CL Description:

http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.setprototypeof

This just exposes the internal %SetPrototype and adds all the required
type checks as specified.

BUG=v8:2675
LOG=Y
R=dslomov@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/144193005

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 12:15:57 +00:00
svenpanne@chromium.org
b4949cfd62 Fixed floor-of-div optimization.
We removed an HDiv by hand which was still used by an HChange. The
solution is letting dead code removal do the cleanup.

Removed a fragile "optimization" (looking through an HChange), too,
this obviously never triggered and is hard to get right given all our
global invariants and state/type/... changes.

The repro is a bit tricky, because you need inlining to make our
representations and types disagree in this case.

LOG=y
BUG=334708
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/143903016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 11:54:51 +00:00
rossberg@chromium.org
0d906a8bdb Zonify types in compiler frontend
Clean up some zone/isolate handling in AST and its visitors on the way.

(Based on https://codereview.chromium.org/103743004/)

R=jkummerow@chromium.org, titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/102563004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 16:22:52 +00:00