AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jkummerow@chromium.org	1903e560b0	Non-JSArrays must always have holey elements. Drive-by cleanup: remove unused elements_kind_ field in CallNew. BUG=chromium:416558 LOG=n R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/595333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-25 08:25:25 +00:00
mvstanton@chromium.org	b0b59073ac	Fix IC cache confusion on String.prototype.length BUG=416416 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/587363002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-24 09:33:04 +00:00
jarin@chromium.org	9ef343c18d	[Turbofan] Insert nops for lazy bailout patching, fix translation of literals. The code for EnsureSpaceForLazyDeopt is taken from lithium-codegen-*. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/562033003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-23 08:46:18 +00:00
verwaest@chromium.org	83f64e8c1f	Fix escaped index JSON parsing BUG=416449 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/592813002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-22 15:21:19 +00:00
mstarzinger@chromium.org	429924b780	Fix typed lowering to number comparison. R=titzer@chromium.org TEST=mjsunit/regress/regress-3564 BUG=v8:3564 LOG=N Review URL: https://codereview.chromium.org/574653002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-16 11:33:30 +00:00
mstarzinger@chromium.org	d313551a3e	Disable lowering to StringAdd due to various issues. R=titzer@chromium.org Review URL: https://codereview.chromium.org/566303003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-16 08:29:46 +00:00
yangguo@chromium.org	7cb82a76b4	Reland "Remove V8_HOST_CAN_READ_UNALIGNED and its uses." BUG=chromium:412967 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/571903002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-15 10:54:49 +00:00
jarin@chromium.org	00e90b7e6e	Remove deoptimization by patching the call stack. We go back to patching the code for lazy deoptimization because ICs need the on-stack return address to read/update the IC address/state. The change also fixes bunch of tests, mostly by adding more deoptimization points. (We still need to add code to ensure lazy deopt patching does not overwrite ICs and other lazy deopts; this is coming next.) BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/568783002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-15 09:21:39 +00:00
jarin@chromium.org	e401262400	Reland "Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic." This relands commit r23899. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/565093002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23910 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 10:58:43 +00:00
jarin@chromium.org	bc0674d0a7	Revert "Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic." This reverts commit r23899. TBR=ulan@chromium.org Review URL: https://codereview.chromium.org/552253003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:49:22 +00:00
jkummerow@chromium.org	b4375b77ec	Fix Smi vs. HeapObject confusion in HConstants. Representation and HType should agree with each other. BUG=chromium:412215 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/556563005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:44:14 +00:00
jarin@chromium.org	91e97f8371	Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic. This makes the syntactic order consistent with the evaluation order. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/561133005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:18:29 +00:00
rossberg@chromium.org	fc71f7fdb3	Fix inaccurate type condition in Hydrogen R=bmeurer@chromium.org BUG=chromium:412210 LOG=Y Review URL: https://codereview.chromium.org/550453003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 12:13:34 +00:00
jkummerow@chromium.org	bd97fcaed0	Fix regress-crbug-412203.js R=ulan@chromium.org Review URL: https://codereview.chromium.org/563733002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23869 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 11:47:39 +00:00
jkummerow@chromium.org	11f7584d0a	Fix ElementsKind handling of prototypes in Array.concat Double elements, typed elements, and sloppy arguments elements were all erroneously marked UNREACHABLE. BUG=chromium:412203 LOG=n R=ulan@chromium.org Review URL: https://codereview.chromium.org/560463002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 10:04:13 +00:00
ulan@chromium.org	d66ed1176f	Don't inline Array functions if receiver map is not extensible. BUG=405517 LOG=N TEST=mjsunit/regress/regress-crbug-405517.js R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/552333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23828 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 09:22:13 +00:00
ulan@chromium.org	99301fc8c5	Fix regress-411210 after r23824. BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/559863004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 08:48:40 +00:00
hpayer@chromium.org	ed37edc5c0	Remove guard page mechanism from promotion queue. BUG=chromium:411210 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/557243002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 07:51:29 +00:00
jarin@chromium.org	01d63e43b2	Handle non-object constants in HConstant::GetMonomorphicJSObjectMap. R=ulan@chromium.org BUG=chromium:412162 LOG=N Review URL: https://codereview.chromium.org/552243002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 12:58:34 +00:00
jkummerow@chromium.org	fd3e505fb6	Hydrogen: bailout when there is a throw statement in a non-effect context. This mirrors the behavior of the compilation pipeline before recent OptimizeFunctionOnNextCall changes. BUG=chromium:412208 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/558593002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 12:16:33 +00:00
yangguo@chromium.org	4b0c076052	Turn old space cons strings into regular external strings (not short). R=hpayer@chromium.org BUG=v8:3530 LOG=N Review URL: https://codereview.chromium.org/368223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 11:41:56 +00:00
jarin@chromium.org	83af12c21b	Harden OptimizeFunctionOnNextCall. BUG=411237 LOG=N R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/547553003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 15:13:44 +00:00
verwaest@chromium.org	1dddf69fdc	Allocate a new empty number dictionary when resetting elements BUG=410332 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/545773003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 11:38:22 +00:00
jarin@chromium.org	b74fae5511	Fix EvacuateJSFunction to obtain the target address from the forwarding pointer. R=mstarzinger@chromium.org BUG=410912 LOG=N Review URL: https://codereview.chromium.org/541353003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 09:38:04 +00:00
titzer@chromium.org	4923810a68	Remove redundant --always-full-compiler flag. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/538613006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 16:29:47 +00:00
jarin@chromium.org	1afada8d04	Ignore numbers as values of --expose-natives-as flag. R=yangguo@chromium.org BUG=408036 LOG=N Review URL: https://codereview.chromium.org/534943004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 15:05:06 +00:00
bmeurer@chromium.org	0baf275e20	Enforce correct number comparisons when inlining Array.indexOf. TEST=mjsunit/regress/regress-crbug-407946 BUG=407946 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/536393003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 12:25:57 +00:00
jarin@chromium.org	7572e779d0	Exclude LoadMutableDouble and FunctionBindArguments from fuzzing. BUG=409542,410262 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/535153002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-03 14:28:46 +00:00
verwaest@chromium.org	03b0237e1d	Fix loading non-configurable non-writable value from a constant with mismatching type feedback BUG=410209 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/534093003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-03 12:13:46 +00:00
jarin@chromium.org	a668cd6fc8	Context deoptimization and removal of the deoptimization block in Turbofan This adds context deoptimization to Turbofan and Crankshaft (also submitted separately as https://codereview.chromium.org/515723004/). The second patchset removes the deoptimization/continuation block from calls. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/522873002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23547 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-01 09:31:14 +00:00
jarin@chromium.org	73da434b8e	Fix manual allocation folding of RegExpConstructResult. R=mstarzinger@chromium.org BUG=409533 LOG=N Review URL: https://codereview.chromium.org/532453003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-01 08:08:31 +00:00
verwaest@chromium.org	2a37ab79ad	Fixed inlining of constant values Use CopyToRepresentation to elide HForceRepresentation of HConstant BUG=v8:3529 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/507613002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-26 11:34:25 +00:00
yangguo@chromium.org	ba09fa35fd	Handle null receiver in sloppy mode in %GetFrameDetails. R=jarin@chromium.org BUG=405922 LOG=N Review URL: https://codereview.chromium.org/492303006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-22 12:55:23 +00:00
bmeurer@chromium.org	0142786cea	Don't inline Array.shift() if receiver map is not extensible. TEST=mjsunit/regress/regress-crbug-405517 BUG=405517 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/491863002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-21 06:23:44 +00:00
yangguo@chromium.org	f7947b8ec4	Fix --expose-debug-as with number as argument. R=jkummerow@chromium.org BUG=405491 LOG=N Review URL: https://codereview.chromium.org/468803004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-20 11:52:22 +00:00
hpayer@chromium.org	91599ffc6c	Do not install fillers when right trimming large objects. BUG= R=jarin@chromium.org Review URL: https://codereview.chromium.org/487703002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-19 08:35:39 +00:00
jkummerow@chromium.org	dacca11cb9	Correctly handle holes when concat()ing double arrays BUG=chromium:403409 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/468863003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-18 08:51:35 +00:00
dslomov@chromium.org	eebb61a3f9	Fix OrderedHashTabelIterator accessors. They might be undefined for uninitialized iterators. The rest of the code is ready for this eventuality. R=arv@chromium.org, adamk@chromium.org BUG=403292 LOG=N Review URL: https://codereview.chromium.org/468813003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-14 10:24:19 +00:00
yangguo@chromium.org	413b20b6c1	Make %DebugPushPromise more robust wrt fuzzing. If %DebugPushPromise and throwing is called outside its intended context, we may encounter assertion failures. R=hpayer@chromium.org BUG=401915 LOG=N Review URL: https://codereview.chromium.org/453933002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-11 07:59:10 +00:00
adamk@chromium.org	bcf8b05072	Enable ES6 Map and Set by default In doing so also remove all references to the --harmony-collections flag. Due to the way context snapshotting works, it's not possible to simply enable the flag by default. Depends on ES6 Symbols: https://codereview.chromium.org/421313004 BUG=v8:1622 LOG=Y R=arv@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/427723002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-05 19:37:32 +00:00
adamk@chromium.org	d8c30bd8e7	Enable ES6 Symbols by default In doing so also remove all references to the --harmony-symbols flag. Due to the way context snapshotting works, it's not possible to simply enable the flag by default. BUG=v8:2158 LOG=Y R=dslomov@chromium.org Review URL: https://codereview.chromium.org/421313004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-04 18:17:54 +00:00
mstarzinger@chromium.org	57c315d0b3	Fix handling of potential string additions in hydrogen. R=titzer@chromium.org TEST=mjsunit/regress/regress-3476 BUG=v8:3476 LOG=N Review URL: https://codereview.chromium.org/423083004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 14:53:11 +00:00
verwaest@chromium.org	f08d2690c6	Fix Object.freeze with field type tracking. Keep the descriptor properly intact while update the field type. BUG=v8:3458 LOG=y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/424093002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 13:30:29 +00:00
mvstanton@chromium.org	6980c4277c	CallIC customization stubs must accept that a vector slot is cleared. The CallIC Array custom IC stub read from the type vector, expecting to get an AllocationSite. But there are paths in the system where a type vector can be re-created with default values, even though we currently grant an exception to clearing of vector slots with AllocationSites in them at gc time. BUG=392114 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/418023002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 11:53:30 +00:00
danno@chromium.org	afcfa7d2b7	Keep new arrays allocated with 'new Array(N)' in fast mode (revisited) Also explicit length setting with a.length = N should remain in fast mode. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/416403002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-28 13:12:26 +00:00
verwaest@chromium.org	60df9dabad	In GrowMode, force the value to the right representation to avoid deopts between storing the length and storing the value. BUG=16459193 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/419683004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-25 11:48:25 +00:00
verwaest@chromium.org	77a37e44f6	Fix issue with setters and their holders in accessors.cc BUG=3462 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/417793002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 16:42:54 +00:00
danno@chromium.org	b5a5148260	Revert 22595: "Keep new arrays allocated with 'new Array(N)' in fast mode" Due to failures in mjsunit/array-functions-prototype-misc TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/417953004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 13:38:05 +00:00
danno@chromium.org	ac89b17813	Keep new arrays allocated with 'new Array(N)' in fast mode Also explicit length setting with a.length = N should remain in fast mode. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/397593008 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 12:08:23 +00:00
verwaest@chromium.org	6798779031	Fix ArrayLengthSetter to not throw on non-extensible receivers. BUG=v8:3460 LOG=n R=ishell@chromium.org Review URL: https://codereview.chromium.org/411983003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-23 20:27:32 +00:00
danno@chromium.org	1d2a4b8333	Remove experimental flags that are now required R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/397253002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-18 07:17:21 +00:00
rodolph.perfetta@arm.com	56ec59bd26	ARM64: always restore regexp register cache after a C function call. BUG=v8:3444 TEST=mjsunit/regress/regress-regexp-nocase.js LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/392403002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22443 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-17 09:55:48 +00:00
yangguo@chromium.org	49ae3081d2	Error.captureStackTrace should define "stack" property as configurable. R=verwaest@chromium.org BUG=393988 LOG=N Review URL: https://codereview.chromium.org/396063008 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-16 07:55:05 +00:00
verwaest@chromium.org	1d55a634a9	Replace AddProperty by AddNamedProperty to speed up the common case BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/384003003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-14 14:05:30 +00:00
verwaest@chromium.org	aa7198dfdd	This CL simplifies var / const by ensuring the behavior is consistent in itself, and with regular JS semantics; between regular var/const and eval-ed var/const. Legacy const is changed so that a declaration declares a configurable, but non-writable, slot, and the initializer reconfigures it (when possible) to non-configurable non-writable. This avoids the need for "the hole" as marker value in JSContextExtensionObjects and GlobalObjects. Undefined is used instead. BUG= R=rossberg@chromium.org Review URL: https://codereview.chromium.org/379893002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-14 14:01:04 +00:00
jarin@chromium.org	457de26330	Fix arm64 deoptimization from double registers (reverts r20613). This reverts "ARM64: Use pair memory access in deoptimizer entry", r20613. It does not really make sense to micro-optimize the deoptimizer as it is the ultra-slow path. Moreover, the original code was easier to read (in addition to being correct). BUG=391313 LOG=N R=ulan@chromium.org Review URL: https://codereview.chromium.org/389583003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-11 19:30:09 +00:00
mstarzinger@chromium.org	50beec9738	Follow-up to a pre-existing regression test. R=yangguo@chromium.org BUG=v8:1530,v8:1872 TEST=mjsunit/regress/regress-1530 LOG=N Review URL: https://codereview.chromium.org/378233006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-09 10:23:58 +00:00
verwaest@chromium.org	ad6202d989	Fix computed properties on object literals with a double as propertyname. BUG=390732 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/371973002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-07 17:08:54 +00:00
yangguo@chromium.org	a0c10d119a	Revert "Turn old space cons strings into regular external strings (not short)." This reverts commits r22192 and r22194. TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/367113003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-03 12:24:41 +00:00
yangguo@chromium.org	6574f33d2a	Turn old space cons strings into regular external strings (not short). R=hpayer@chromium.org Review URL: https://codereview.chromium.org/368223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-03 11:46:31 +00:00
ishell@chromium.org	2fba190240	One of the fast cases in JSObject::MigrateFastToFast() should not be taken if the number of fields did not change. BUG=chromium:390918 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/363073002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 19:10:19 +00:00
yangguo@chromium.org	f353ff668a	Harden Runtime_LiveEditCheckAndDropActivations against unsafe args. R=jarin@chromium.org BUG=390925 LOG=N Review URL: https://codereview.chromium.org/362983004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 15:09:44 +00:00
yangguo@chromium.org	44d6ef37ab	Reland "Fix stack trace accessor behavior." BUG=v8:3404 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/349033007 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 14:18:10 +00:00
yangguo@chromium.org	5d408ee73d	Revert "Fix stack trace accessor behavior." This reverts r22089. TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/360033002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-30 13:16:42 +00:00
yangguo@chromium.org	e1d80e2858	Fix stack trace accessor behavior. R=verwaest@chromium.org BUG=v8:3404 LOG=N Review URL: https://codereview.chromium.org/343563009 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-30 11:48:20 +00:00
verwaest@chromium.org	8945c69855	Don't leak the global object in the Function constructor. BUG= R=dcarney@chromium.org Review URL: https://codereview.chromium.org/359713005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 13:50:37 +00:00
verwaest@chromium.org	63431b23d1	Split SetProperty(...attributes, strictmode) into DefineProperty(...attributes) and SetProperty(...strictmode) BUG= R=rossberg@chromium.org Review URL: https://codereview.chromium.org/351853005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 13:48:37 +00:00
yangguo@chromium.org	0133d96be3	Remove script collected debug event. R=yurys@chromium.org Review URL: https://codereview.chromium.org/358873005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22063 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 12:10:43 +00:00
yangguo@chromium.org	58bf19e9d5	Remove bogus assertions in HCompareObjectEqAndBranch. R=jkummerow@chromium.org, danno@chromium.org BUG=387636 LOG=Y Review URL: https://codereview.chromium.org/331863015 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21959 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-24 09:33:05 +00:00
yangguo@chromium.org	438f49a322	Do not eagerly update allow_osr_at_loop_nesting_level. Having debug break points prevents OSR. That causes allow_osr_at_loop_nesting_level and the actually patched state to go out of sync. R=jkummerow@chromium.org BUG=387599 LOG=Y Review URL: https://codereview.chromium.org/346223007 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-24 09:31:30 +00:00
yangguo@chromium.org	2411bc9447	Harden %FunctionBindArguments wrt optimized code cache. R=jkummerow@chromium.org BUG=387627 LOG=N Review URL: https://codereview.chromium.org/345463005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 13:17:42 +00:00
mvstanton@chromium.org	c0179a50da	Re-land "Clusterfuzz identified overflow check needed in dehoisting." BUG=380092 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/335063005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 09:09:05 +00:00
jarin@chromium.org	e56faa9909	Add missing map check to optimized f.apply(...) This is a cutdown version of https://codereview.chromium.org/346473002/, which aimed to fix f.call and f.apply. Optimized f.call was removed by r21887, this is what was left. BUG=386034 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/348623002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 05:50:06 +00:00
jkummerow@chromium.org	1d35d6d871	Array.concat: properly go to dictionary mode when required BUG=chromium:387031 LOG=y R=danno@chromium.org Review URL: https://codereview.chromium.org/342333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-20 15:40:21 +00:00
yangguo@chromium.org	11368af66d	Interrupts must not mask stack overflow. R=jarin@chromium.org BUG=385002 LOG=N Review URL: https://codereview.chromium.org/339883002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-17 13:54:49 +00:00
jarin@chromium.org	f69bb7fcc3	Do not eliminate bounds checks for "<const> - x". Before this change, bounds check elimination treated "<const> - x" as "x - <const>". R=yangguo@chromium.org BUG=385054 TEST=test/mjsunit/regress/regress-385054.js LOG=N Review URL: https://codereview.chromium.org/339583003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:43:50 +00:00
bmeurer@chromium.org	2591003da5	Add unit test for regression in GVN caused by field type tracking. BUG=v8:3347 LOG=n R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/333273004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:21:42 +00:00
bmeurer@chromium.org	4642c2e18c	Revert "GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same." This reverts commit r21830 for tanking performance on Deltablue. TBR=ishell@chromium.org Review URL: https://codereview.chromium.org/336223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:03:59 +00:00
jkummerow@chromium.org	aae24ae40b	Fix representation of Phis for mutable-heapnumber-in-object-literal properties BUG=v8:3392 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/328343004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 08:41:29 +00:00
ishell@chromium.org	41e9d916c4	GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/331493006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-13 07:51:45 +00:00
svenpanne@chromium.org	2931f09144	Fix unsigned comparisons. Instead of marking the comparison instruction itself as Uint32, we look at its arguments. This is more consistent what HChange does. BUG=v8:3380 TEST=mjsunit/regress/regress-3380 LOG=y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/325133004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-11 09:09:15 +00:00
bmeurer@chromium.org	0fcd89161b	Fix invalid attributes when generalizing because of incompatible map change. BUG=382143 LOG=y TEST=mjsunit/regress/regress-382143 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/324933003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 12:24:54 +00:00
ishell@chromium.org	6dc967e2e0	Bugfix in inlined versions of Array.indexOf() and Array.lastIndexOf() with a regression test. BUG=chromium:381534 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/319343002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 09:01:45 +00:00
bmeurer@chromium.org	7eea77bc5c	Fix missing smi check in inlined indexOf/lastIndexOf. BUG=382513 LOG=y R=danno@chromium.org Review URL: https://codereview.chromium.org/313233005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 04:26:15 +00:00
mvstanton@chromium.org	2714fd2399	Revert "Re-land Clusterfuzz identified overflow check needed in dehoisting." This reverts commit r21712 TBR=danno@chromium.org Review URL: https://codereview.chromium.org/315843005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 13:16:24 +00:00
mvstanton@chromium.org	c0cb82274c	Re-land Clusterfuzz identified overflow check needed in dehoisting. Overflow check needs to be smarter. BUG=380092 R=danno@google.com, danno@chromium.org LOG=N Review URL: https://codereview.chromium.org/317963004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 13:00:07 +00:00
mvstanton@chromium.org	35933119fe	Revert "Clusterfuzz identified overflow check needed in dehoisting." This reverts commit r21708, due to ASAN-reported issue. TBR=danno@chromium.org Review URL: https://codereview.chromium.org/318073002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 09:47:14 +00:00
mvstanton@chromium.org	7d2d0839ad	Clusterfuzz identified overflow check needed in dehoisting. BUG=380092 R=danno@chromium.org LOG=N Review URL: https://codereview.chromium.org/315593002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 09:12:16 +00:00
bmeurer@chromium.org	9244429707	Fix invalid loop condition for Array.lastIndexOf(). BUG=380512 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/313073003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-04 08:21:39 +00:00
mvstanton@chromium.org	d19aaa2b1c	Revert "Reland "Make 'name' property on functions configurable."" This reverts commit r21609 due to browser test failures. TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/313583002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 11:52:07 +00:00
mvstanton@chromium.org	848a9af6b4	%ObjectFreeze needs to exclude non-fast-path objects. ClusterFuzz will call it with sloppy arguments and similar cases. BUG=380049 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/315533002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 07:59:36 +00:00
mvstanton@chromium.org	adeaedf547	When flag --nouse-osr is set, don't allow osr from hidden runtime calls. BUG=379770 R=yangguo@chromium.org LOG=N Review URL: https://codereview.chromium.org/310773003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 07:45:40 +00:00
adamk@chromium.org	509a1a405c	ES6: Add support for values/keys/entries for Map and Set This allows code like this: var map = new Map(); map.set(1, 'One'); ... var iter = map.values(); var res; while (!(res = iter.next()).done) { print(res.value); } BUG=v8:1793 LOG=Y R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/259883002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 00:34:01 +00:00
mstarzinger@chromium.org	d6500b6cf7	Reland "Make 'name' property on functions configurable." R=rossberg@chromium.org BUG=v8:3333 LOG=N Review URL: https://codereview.chromium.org/303463006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-02 13:35:26 +00:00
bmeurer@chromium.org	5cd009a004	HRor and HSar can deoptimize. BUG=v8:3359 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/309483002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-30 16:12:25 +00:00
mvstanton@chromium.org	8c54a373dd	Changing the attributes of a data property implemented with ExecutableAccessorInfo turns the property into a field. Better to keep it as a callback, and correctly deal with the changed property attributes. R=ulan@chromium.org Review URL: https://codereview.chromium.org/262053011 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-28 09:58:27 +00:00
mstarzinger@chromium.org	6b33e50701	Revert "Make 'name' property on functions configurable." R=danno@google.com, danno@chromium.org Review URL: https://codereview.chromium.org/297163009 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-27 15:00:26 +00:00
yangguo@chromium.org	94b4aef7d6	Fix arm64 gc stress issue. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/306483002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-27 06:35:45 +00:00
mvstanton@chromium.org	d755611e93	Reland "Customized support for feedback on calls to Array." and follow-up fixes. Comparing one CallIC::State to another was not done correctly, leading to a failure to patch a CallIC when transitioning from monomorphic Array to megamorphic. BUG=chromium:377198,chromium:377290 LOG=Y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/305493003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-26 13:59:24 +00:00
mstarzinger@chromium.org	82b3b2a367	Make 'name' property on functions configurable. R=rossberg@chromium.org BUG=v8:3333 LOG=N Review URL: https://codereview.chromium.org/296413003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-26 11:42:56 +00:00

1 2 3 4 5 ...

1183 Commits