AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
verwaest@chromium.org	22d7a85519	Unify Count Operation assignment with other assignments This relands 15578, disables 1 test in harmony observe re bug v8:2774 R=dslomov@chromium.org Review URL: https://chromiumcodereview.appspot.com/18452013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-10 12:02:18 +00:00
yangguo@chromium.org	5b70a58ad2	Fix plot script. The script for the time line plot has been broken since r15484, which changed the format of tick entries in v8.log. To prevent this from happening in the future, I added a test case. R=hpayer@chromium.org BUG= Review URL: https://codereview.chromium.org/18826008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-10 07:53:27 +00:00
dslomov@chromium.org	cfa91762ac	Allow parameterless typed array constructors. ES6 spec tacitly allows them, and they are allowed in Firefox and in WebKit/Blink. R=bmeurer@chromium.org,rossberg@chromium.org Review URL: https://codereview.chromium.org/18769005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-09 19:34:21 +00:00
yangguo@chromium.org	b99ca1ab12	Do not implicitly convert receivers for builtin functions when inspecting frames. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/18900004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-09 13:58:11 +00:00
mvstanton@chromium.org	c1e19bfc35	Bugfix: The general array constructor stub did not handle the case properly when it is called with a function pointer in the type cell, instead assuming that an AllocationSite object should be present. The case where this can happen is if the cell is uninitialized, then the first constructor call made is to the Array function of a different context. In that case, we'll store the function pointer in the cell, and then go ahead and call the array constructor stub too. The bug is fixed by checking for the AllocationSite object map. If not found, the constructor stub goes forward with a default ElementsKind, just as in several other cases. A test in allocation-site-info.js was beefed up to make sure the state chain described above is traversed. BUG= R=hpayer@chromium.org, hpayer@google.com Review URL: https://codereview.chromium.org/18277006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-08 14:41:54 +00:00
jkummerow@chromium.org	ed6d2d5c44	Add a test case for Phi representations BUG=chromium:167394 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/18838002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-08 13:43:43 +00:00
jkummerow@chromium.org	f0811f4e6f	Fix and cleanup can_be_minus_zero computation R=rossberg@chromium.org Review URL: https://codereview.chromium.org/18434004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15546 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-08 11:15:24 +00:00
mvstanton@chromium.org	faaa90d13c	Allocation-site-info test, removed TODOs. Some code was commented out earlier as a todo. Now the code can be reenabled, because allocation site feedback is working there again. BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/18753005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-08 09:11:56 +00:00
danno@chromium.org	bd50e6d38f	Refactoring and cleanup of control instructions R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/18331004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-05 10:40:14 +00:00
danno@chromium.org	345cc98a25	Generate StoreGlobal stubs with Hydrogen - Constants globals are inlined into Hydrogen code using code dependencies that invalidate the Crankshafted code when global PropertyCells or the global object change. - The more general case generates code that is just as good as the hand-written assembly stubs on all platforms. R=rossberg@chromium.org, ulan@chromium.org Committed: http://code.google.com/p/v8/source/detail?r=15419 Review URL: https://codereview.chromium.org/16925008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-05 10:34:02 +00:00
rossberg@chromium.org	929e193fc2	Tweak error message R=yangguo@chromium.org BUG=v8:2758 Review URL: https://codereview.chromium.org/18759002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-05 08:34:31 +00:00
yurys@chromium.org	9ef762b683	Do not store fp and sp values in TickSample Their values are not used neither by the tick processor nor by CpuProfiler so it is just a waste of space. TickSample used to be a transport for grabbed register values to TickSample::Trace, now they are passed in a special structure RegisterState which is allocated on the stack for the sampling period. Some common pieces were moved from platform-dependent code into Sampler::SampleStack and TickSample::Init. BUG=None R=jkummerow@chromium.org, loislo@chromium.org Review URL: https://codereview.chromium.org/18620002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-03 16:20:59 +00:00
jkummerow@chromium.org	dd37adc4f1	Change mjsunit tests to work with and without the i18n extension BUG=v8:2745 R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/18187006 Patch from Jochen Eisinger <jochen@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-03 15:33:11 +00:00
ulan@chromium.org	74d147a25d	Enable weak embedded maps in optimized code. If the top optimized code in call stack is at the point that does not support deoptimization, then treat the maps in the code as strong pointers. Note that other optimized code in call stack must support deoptimization because of the call instruction with side-effects. BUG=217858,v8:2073 R=mstarzinger@chromium.org Review URL: https://chromiumcodereview.appspot.com/16955008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15452 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-02 15:15:58 +00:00
danno@chromium.org	77c20c30a3	Revert r15419: "Generate StoreGlobal stubs with Hydrogen" TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/18357004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15427 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-01 15:12:21 +00:00
mstarzinger@chromium.org	493d1f1c21	Implement WeakMap.prototype.clear function. R=rossberg@chromium.org BUG=v8:2753 TEST=mjsunit/harmony/collections Review URL: https://codereview.chromium.org/18352002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-01 13:56:48 +00:00
prybin@chromium.org	488da00542	Debug: support breakpoints set in the middle of statement (try #2 after rollback) Review URL: https://codereview.chromium.org/18349004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-01 13:44:10 +00:00
danno@chromium.org	a3bce19868	Generate StoreGlobal stubs with Hydrogen - Constants globals are inlined into Hydrogen code using code dependencies that invalidate the Crankshafted code when global PropertyCells or the global object change. - The more general case generates code that is just as good as the hand-written assembly stubs on all platforms. R=ulan@chromium.org Review URL: https://codereview.chromium.org/16925008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-01 13:22:13 +00:00
prybin@chromium.org	fe22b45965	Revert "Debug: support breakpoints set in the middle of statement" Review URL: https://codereview.chromium.org/18326007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-01 13:05:21 +00:00
prybin@chromium.org	f997bacb16	Debug: support breakpoints set in the middle of statement R=yangguo@chromium.org Review URL: https://codereview.chromium.org/16093040 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-01 12:54:13 +00:00
mvstanton@chromium.org	4aed3b8e84	Test fix - array-feedback.js has a test that only make sense when running crankshaft. Allow the test to tolerate --nocrankshaft. BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/18328002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-07-01 09:00:14 +00:00
jkummerow@chromium.org	05b94f13c8	Add %_DebugBreakInOptimizedCode() pseudo function call to insert int3/stop instructions into optimized code R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/17870002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15392 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-28 15:48:38 +00:00
mvstanton@chromium.org	83519ec87a	Hydrogen array constructor cleanup and improvements * Cleanup of LCallNewArray::PrintDataTo() method * Created HCallNewArray::PrintDataTo() * Created many more tests in array-constructor-feedback.js * Removed redundant instructions in GenerateRecordCallTarget * Bugfix in CreateArrayDispatchOneArgument: on a call to new Array(0), we'd like to set the type feedback cell to a packed elements kind, but we shouldn't do it if the cell contains the megamorphic sentinel. * When used from crankshaft, ArrayConstructorStubs can avoid verifying that the function being called is the array function from the current native context, relying instead on the fact that crankshaft issues an HCheckFunction to protect the constructor call. (this new minor key is used in LCodeGen::DoCallNewArray(), and influences code generation in CodeStubGraphBuilderBase::BuildArrayConstructor()). * Optimization: the array constructor specialized for FAST_SMI_ELEMENTS can save some instructions by looking up the correct map on the passed in constructor, rather than indexing into the array of cached maps per element kind. BUG= R=danno@chromium.org Review URL: https://codereview.chromium.org/17091002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15383 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-28 13:16:14 +00:00
yangguo@chromium.org	85d7a36ee0	Abort optimization when debugger is turned on. BUG=v8:2751 R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/18198003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-28 11:34:51 +00:00
titzer@chromium.org	98f3dab73b	Fix elements-kind test to disable optimization of important functions under test; add simpler versions of elements kind test. Review URL: https://codereview.chromium.org/17872002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-27 08:46:46 +00:00
dslomov@chromium.org	ef189ecd82	Do not allow invocation of ArrayBuffer and array buffer views' constructors as functions. ES6 bug 695 (https://bugs.ecmascript.org/show_bug.cgi?id=695). This never worked in WebKit, so no compatibility issues. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/17904007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-27 07:42:08 +00:00
titzer@chromium.org	bfa9fe95dc	Change PC for OSR entries to point to something more sensible (i.e. the first UnknownOsrValue), removing the need to record spilled OSR values and the need for duplicate deopt entries. Review URL: https://codereview.chromium.org/16381006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-26 08:43:27 +00:00
mvstanton@chromium.org	081134ecd1	Removed flag optimize-constructed-arrays. This eliminates a large amount of hand-written assembly in the platforms. BUG= R=danno@chromium.org, mstarzinger@chromium.org Review URL: https://codereview.chromium.org/16453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-25 16:31:07 +00:00
peter.rybin@gmail.com	42a10a9dfe	Allow debugger evaluate expressions to mute local variables R=yangguo@chromium.org Review URL: https://codereview.chromium.org/17636007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-25 13:48:43 +00:00
dslomov@chromium.org	e6e0ee0708	Update typed arrays behavior to match ES6 rev 15. Remove TO_POSITIVE_INTEGER and throw on negative length arguments. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/17572009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-24 13:58:52 +00:00
dslomov@chromium.org	91eb5f8d25	DataView implementation. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/17153011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-21 13:02:38 +00:00
yangguo@chromium.org	b7b92bd9ac	Short-circuit embedded cons strings. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/17418003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-21 09:24:30 +00:00
yangguo@chromium.org	928cbcdc8d	Skip parallel recompilation tests if parallel recompilation is disabled. Parallel recompilation is usually disabled on single-core systems. R=jkummerow@chromium.org BUG=v8:2733 Review URL: https://codereview.chromium.org/17261021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-20 11:01:33 +00:00
wingo@igalia.com	f7ba3a7bb1	Fix stack frame reconstruction for generators with formal arguments The formal parameter count was always being treated as an untagged integer, but it is actually a Smi on ia32 and arm. R=mstarzinger@chromium.org BUG=v8:2355 TEST=mjsunit/harmony/generators-iteration Review URL: https://codereview.chromium.org/17485002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-20 10:48:34 +00:00
verwaest@chromium.org	2ca5c6cd03	Fix using monomorphic store instruction for polymorphic stores. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/16875008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15214 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-19 18:07:35 +00:00
mvstanton@chromium.org	7f0f022792	Bugfix in hydrogen array literal code generation. If an array literal contains some non-constant elements, is of type SMI, and then the boilerplate transitions to double or fast sometime after we've crankshafted the code, then we could incorrectly store smis in double arrays. BUG= R=yangguo@chromium.org Review URL: https://codereview.chromium.org/17334004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15207 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-19 13:48:50 +00:00
svenpanne@chromium.org	010d9aba16	Avoid relying on monkey-patchable things in String.prototype.split. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/17391016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15206 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-19 12:25:40 +00:00
yangguo@chromium.org	1be45275c6	Fix test for bots that force --parallel-recompilation as shell flag. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/16914006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-19 09:32:05 +00:00
mvstanton@chromium.org	c70b41684d	Use type feedback for Array (non-constructor) call sites. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/17155010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15201 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-19 09:25:24 +00:00
yangguo@chromium.org	627872ec67	Do not modify FLAG_parallel_recompilation after start up. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/17202006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-18 14:25:24 +00:00
mstarzinger@chromium.org	0524263a27	Remove obsolete elements kind check for array literals. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/17378005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-18 13:32:06 +00:00
svenpanne@chromium.org	fb7310b1fd	Fixed read-only attribute of Function.length in strict mode. R=cira@chromium.org Review URL: https://codereview.chromium.org/17006006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-18 07:51:50 +00:00
palfia@homejinni.com	f8fc5c443e	Allow running mjsunit/manual-parallel-recompile on single-core systems. - Add an %IsParallelSupported() builtin function to make possible to check support of parallel processing from JavaScripts. - Change the test script that if parallel recompilation is forced on a single core CPU, expect that it won't be recompiled in parallel. - Change the JSFunction::MarkForParallelRecompilation() to fall back gracefully if parallel recompilation is not supported. BUG=v8:2733 TEST=mjsunit/manual-parallel-recompile Review URL: https://codereview.chromium.org/17277002 Patch from Balazs Kilvady <kilvadyb@homejinni.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15184 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-17 16:27:18 +00:00
palfia@homejinni.com	93609033e1	MIPS: Optimise Math.floor(x/y) to use integer division for MIPS. Use div instruction if some divisors do not have magic number. Based on commit r11427 (318a9598). This commit also ports commit r15161 (554d45c1). BUG= Review URL: https://codereview.chromium.org/16951016 Patch from Dusan Milosavljevic <Dusan.Milosavljevic@rt-rk.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15181 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-17 15:06:41 +00:00
mvstanton@chromium.org	5b2c1a50d9	HCheckFunction is needed to protect new array constructors in crankshafted code. BUG= R=danno@chromium.org Review URL: https://codereview.chromium.org/16944006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-13 14:29:01 +00:00
wingo@igalia.com	d73dace0f5	Delegating yield does not re-box result objects Delegating yield (yield*) should just pass on the iterator results it receives instead of re-boxing them. R=rossberg@chromium.org TEST=mjsunit/harmony/generators-iteration BUG= Review URL: https://codereview.chromium.org/16695006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15113 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-13 10:57:11 +00:00
wingo@igalia.com	09fcac5e39	Use keyed-call inline caches in delegating yield Since we can't assume anything about the shape of the iterator in a yield* (delegating yield), use an IC to do the next() and throw() iterator method calls. BUG=v8:2691 R=rossberg@chromium.org TEST=mjsunit/regress/regress-2691 Review URL: https://codereview.chromium.org/15455002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15111 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-13 10:18:28 +00:00
mvstanton@chromium.org	75afb8ce79	Fix for bug 245480. Calling new Array(a) with a single argument could result in creating a holey array with a packed elements kind. BUG=245480 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/16341004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-12 18:04:16 +00:00
mstarzinger@chromium.org	93ab1864ea	Allow the deoptimizer translation to track de-materialized objects. This allows the deoptimizer to materialize objects (e.g. the arguments object) while deopting without having a consective stack area holding the object values. The LEnvironment explicitly tracks locations for these values and preserves them in the translation. R=svenpanne@chromium.org TEST=mjsunit/compiler/inline-arguments Review URL: https://codereview.chromium.org/16779004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-12 14:22:49 +00:00
wingo@igalia.com	cc27c4c41b	GeneratorFunction() makes generator instances The current specification has GeneratorFunction() be like Function(), except that it makes generator instances. This commit implements that behavior. It also fills in a piece of the implementation where otherwise calling GeneratorFunction or GeneratorFunctionPrototype would cause an abort because they have no code. R=mstarzinger@chromium.org TEST=mjsunit/harmony/generators-iteration TEST=mjsunit/harmony/generators-runtime BUG=v8:2355,v8:2680 Review URL: https://codereview.chromium.org/15218004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-12 12:52:16 +00:00
wingo@igalia.com	1fb2f4b358	For-of statements do not permit initializers. R=rossberg@chromium.org BUG=v8:2720 Review URL: https://codereview.chromium.org/16739008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-12 12:37:44 +00:00
wingo@igalia.com	418ddc800a	Allocate generator result objects before unwinding try handlers When a generator suspends, it saves its state out to the heap and unwinds try handlers but doesn't pop anything off the stack. Instead it relies on no GC happening between the suspend and the return from the generator. However this was not the case: boxing the result object could cause GC, which would try to traverse the stack but would misinterpret words from unwound try handlers as heap objects. This CL changes to allocate the result objects before the suspend. It also removes the generators-iteration skip introduced in r15065. R=mstarzinger@chromium.org TEST=mjsunit/harmony/generators-iteration BUG= Review URL: https://codereview.chromium.org/16801006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15079 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-12 11:02:51 +00:00
yangguo@chromium.org	74556569d1	Reland "Enable map dependency to in-flight compilation info." BUG=248076 R=ulan@chromium.org Review URL: https://chromiumcodereview.appspot.com/16782004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-12 09:43:22 +00:00
wingo@igalia.com	5760c7b598	Disable --harmony -> --harmony-generators implication A GC-related bug has started showing up after r15060 that unfortunately I haven't been able to reproduce. Disable generators by default for the Canary push. R=danno@chromium.org BUG= Review URL: https://codereview.chromium.org/16638011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-11 14:45:17 +00:00
yangguo@chromium.org	6da97b1d4a	Revert "Enable map dependency to in-flight compilation info." This includes r15032, r15030 and r15005. R=ulan@chromium.org BUG=248076 Review URL: https://chromiumcodereview.appspot.com/16482004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-11 11:55:56 +00:00
jkummerow@chromium.org	9447014780	Skip some conditional deopts for Div/Mul when all uses are truncating. - set "can be minus zero" flag properly so minus-zero checks are skipped - skip "integer result?" check in division code when uses are truncating - drive-by cleanup: consolidated computation of kCanOverflow flag for Add/Sub into range inference phase BUG=v8:2132 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/16741002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-11 11:43:57 +00:00
wingo@igalia.com	f68d6a10f8	Fix crasher when checking for "of", but next token has no literal buffer Also fix a typo in an assertion in scanner.h. R=mstarzinger@chromium.org BUG=248025 TEST=mjsunit/regress/regress-crbug-248025.js Review URL: https://codereview.chromium.org/16549003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-11 11:30:03 +00:00
wingo@igalia.com	29a1044409	Keep native fuzzing blacklists in sync R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/16436005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15036 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-10 12:25:31 +00:00
wingo@igalia.com	093492f01c	Don't fuzz _GeneratorNext The previous patch that renamed _GeneratorSend to _GeneratorNext missed the blacklist in fuzz-natives-part4. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/16339008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15035 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-10 12:06:13 +00:00
mstarzinger@chromium.org	ecc41e30c0	Fix re-initialization of existing double field. R=verwaest@chromium.org BUG=v8:2717 TEST=mjsunit/regress/regress-2717 Review URL: https://codereview.chromium.org/16735003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-10 11:55:47 +00:00
yangguo@chromium.org	b0afb77731	Fix parallel recompilation wrt transition maps dependency. R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/15896038 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-10 11:33:23 +00:00
yangguo@chromium.org	1594eca8ed	Fix parallel recompilation wrt initial object/array map dependency. R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/16641002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15030 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-10 11:17:48 +00:00
wingo@igalia.com	f88bca9576	Generator object "next" method takes optional send value Update the generators implementation to make "next" also do the job of what was previously called "send" by taking an optional argument. Remove send, and do a bunch of renamings. R=rossberg@chromium.org BUG=v8:2355, v8:2715 Review URL: https://codereview.chromium.org/16136011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-10 09:26:18 +00:00
verwaest@chromium.org	3588aa45cd	Take all uses into account to clear int32 truncation. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/16656002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-07 17:28:46 +00:00
yangguo@chromium.org	17cfe68015	Enable map dependency to in-flight compilation info. R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/16542003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-07 13:27:03 +00:00
wingo@igalia.com	b29a78fb02	Baseline for-of implementation Add full-codegen support for the ES6 for-of iteration statement. R=mstarzinger@chromium.org, rossberg@chromium.org TEST=mjsunit/harmony/iteration-semantics BUG=v8:2214 Review URL: https://codereview.chromium.org/15288011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15002 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-07 11:12:21 +00:00
wingo@igalia.com	cb0d146862	Add initial parser support for harmony iteration This commit adds initial parser support for harmony iteration. Specifically, it will parse: for (x of y) {} for (let x of y) {} for (var x of y) {} The semantics are still unimplemented. TEST=mjsunit/harmony/for-of-syntax BUG=v8:2214 R=rossberg@chromium.org Review URL: https://codereview.chromium.org/15300018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-06 14:38:26 +00:00
verwaest@chromium.org	16199c63d8	Initialized representations of computed values to None. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/14721009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14982 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-06 14:21:35 +00:00
mvstanton@chromium.org	701f356bac	Move runtime array constructor functions from builtins.cc to runtime.cc. Not only is runtime.cc a better location, but situations arise soon where we'll want to make runtime calls to these functions. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/16399007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-06 13:22:42 +00:00
mvstanton@chromium.org	a9a80fb422	Allocation type info advice consumed in bailout path leads to assert failure. If the runtime is taken for a constructor like "new Array(100000)", where allocation site info already led to an elements kind of DOUBLE, then the runtime would fail to transition the array to dictionary mode. Better to recognize this case and avoid wasting time by following the advice. Furthermore, it offers a way to recognize that the array should be in dictionary mode (though a future checkin will capitalize on that). BUG= R=danno@chromium.org Review URL: https://codereview.chromium.org/15993012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-06 09:26:30 +00:00
verwaest@chromium.org	5e8679beea	Remove the optimized construct stub. R=mstarzinger@chromium.org Review URL: https://chromiumcodereview.appspot.com/15993016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14946 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-05 08:43:25 +00:00
adamk@chromium.org	de92d0b0e0	Array.observe emit splices for array length change and update index >= length R=adamk@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/15504002 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-04 23:58:49 +00:00
jkummerow@chromium.org	20cedf9a4b	Liveness analysis for environment slots in Hydrogen R=titzer@chromium.org Review URL: https://codereview.chromium.org/15533004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-04 16:41:24 +00:00
mvstanton@chromium.org	3d3c6b1599	Special Array constructor type feedback erroneously recorded when Array was called as a function. Issue was found with optimize_constructed_array turned on. This patch makes the fix, and turns the flag back on. BUG=244461 R=danno@chromium.org Review URL: https://codereview.chromium.org/16057005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-03 14:46:23 +00:00
jkummerow@chromium.org	b4058a3bd4	Fast literals: fixed initialization of non-copied in-object property fields BUG=chromium:245424 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/16190008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14906 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-31 15:50:19 +00:00
verwaest@chromium.org	5b08a1a119	Fix DeferredTaggedToINoSSE2 to not unconditionally untag undefined to 0. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/16228002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-31 08:37:34 +00:00
verwaest@chromium.org	1a4a904bef	Replace DeoptimizeOnUndefined with whitelisting AllowUndefinedAsNan R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/15952007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-30 09:11:06 +00:00
adamk@chromium.org	09c489ea93	Re-land: Implement ObservedArrayPop, ObservedArrayShift, ObservedArrayUnshift & ObservedArraySplice Original issue: https://codereview.chromium.org/15331002/ Broke mozilla/js1_5/Array/regress-451483.js, which ends up attempting to call %IsObserved() on a non-object. IsObserved now checks for JSReceiver and returns false rather than crashing. R=adamk@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/15777007 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14888 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-29 17:26:05 +00:00
yurys@chromium.org	09959efe41	Add support for //# sourceURL similar to deprecated //@ sourceURL one. BUG=v8:2702 R=yangguo@chromium.org, yurys@chromium.org Review URL: https://codereview.chromium.org/15859010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-29 12:40:21 +00:00
mstarzinger@chromium.org	26e7936e27	Re-enable allocation-site-info test case. R=svenpanne@chromium.org TEST=mjsunit/allocation-site-info Review URL: https://codereview.chromium.org/16192002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-29 08:29:25 +00:00
svenpanne@chromium.org	116fe61f5e	Disabled broken test TBR=mvstanton@chromium.org Review URL: https://codereview.chromium.org/15951006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14866 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-29 07:32:10 +00:00
mstarzinger@chromium.org	3b114cdd64	Fix IfBuilder::Deopt to clear the current block. R=jkummerow@chromium.org BUG=chromium:243868 TEST=mjsunit/regress/regress-crbug-243868 Review URL: https://codereview.chromium.org/16155003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14854 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-28 15:30:49 +00:00
rossberg@chromium.org	ecb6bd2718	Revert "Implement ObservedArrayPop, ObservedArrayShift, ObservedArrayUnshift & ObservedArraySplice" This reverts commit r14846. Broke Mozilla test (see http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/3608/steps/Mozilla/logs/stdio), e.g.: === mozilla/js1_5/Array/regress-451483 === --- stdout --- BUGNUMBER: 451483 STATUS: [].splice.call(0) == [] /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/js1_5/Array/regress-451483.js:57: illegal access var result = [].splice.call(0); ^ Command: /mnt/data/b/build/slave/v8-linux-shared/build/v8/out/Release/d8 --test --nobreak-on-abort --nodead-code-elimination --nofold-constants --expose-gc /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/mozilla-shell-emulation.js /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/shell.js /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/js1_5/shell.js /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/js1_5/Array/shell.js /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/js1_5/Array/regress-451483.js TBR=rafaelw@chromium.org BUG= Review URL: https://codereview.chromium.org/16150003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-28 13:00:53 +00:00
rossberg@chromium.org	6fa987193e	Make (Object.)observed Arrays use SafeRemoveArrayHoles during sort R=adamk,rossberg BUG= Review URL: https://codereview.chromium.org/15837006 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-28 11:23:59 +00:00
rossberg@chromium.org	c06dc9d010	Implement ObservedArrayPop, ObservedArrayShift, ObservedArrayUnshift & ObservedArraySplice R=rossberg,adamk,arv BUG= Review URL: https://codereview.chromium.org/15331002 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-28 11:16:02 +00:00
verwaest@chromium.org	aa2444269b	Fix the hole loading optimization. - Holes are only ever loaded as double or tagged. - Change to tagged has to deoptimize on undefined (no implicit conversions from double the hole NaN -> tagged undefined). BUG= R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/16099006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-27 17:33:14 +00:00
verwaest@chromium.org	9d3e7e5b81	Fix Object.freeze for objects with mixed accessors and data properties The bug in the existing code was that it modified the \|attributes\| local variable on its way through the loop in CopyUpToAddAttributes. But that affected any properties updated after an accessor property. The code now sets up a mask each time and applies that instead of mutating \|attributes\|. R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/16051002 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14818 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-27 10:56:27 +00:00
yangguo@chromium.org	3e41834721	Regexp parser: reset flag after scanning ahead for capture groups. When the regexp pattern parser encounters an unbound reference to a capturing group, it needs to scan ahead to decide whether it really is a reference. The scan advances to the end of the pattern string and sets has_more_ to false, but fails to reset it to true so that later on, parsing a character class wrongly fails. R=ulan@chromium.org BUG=v8:2690 Review URL: https://chromiumcodereview.appspot.com/15712006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-27 10:53:37 +00:00
yangguo@chromium.org	7c2a1346d6	Fix edge case in stack trace formatting. Bug description: in strict mode, null as receiver is not implicitly converted to the global object, so that when formatting the stack trace, the receiver of the stack frame is null. The IS_OBJECT check returns true for null, but %GetDataProperty expected a JSObject, which results in a failed RUNTIME_ASSERT. R=mvstanton@chromium.org BUG=237617 Review URL: https://chromiumcodereview.appspot.com/15670003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-24 11:33:46 +00:00
yangguo@chromium.org	1d39355405	Add belated test for the SeqStringSetChar bug. R=titzer@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/15849003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-24 08:37:27 +00:00
mstarzinger@chromium.org	8fb2086847	Fix embedded new-space pointer in LCmpObjectEqAndBranch. R=mvstanton@chromium.org BUG=chromium:240032 TEST=mjsunit/regress/regress-crbug-240032 Review URL: https://codereview.chromium.org/15779004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 14:06:28 +00:00
mvstanton@chromium.org	1a4482ab3f	Missing type cell on ia32 from bindings. Javascript constructors called from C++ code didn't have a type cell properly filled in on ia32. This showed up as a bug in webkit bindings. Re-enabled flag optimize-constructed-arrays. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/15870002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 13:45:33 +00:00
yangguo@chromium.org	a1e18bdf3c	Improve SeqStringSetChar implementation. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/15743006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 09:51:06 +00:00
verwaest@chromium.org	308e69755b	Implement HChange support for Smis and use it in Load/StoreNameField BUG= R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/15303004 Patch from Daniel Clifford <danno@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 08:32:07 +00:00
verwaest@chromium.org	36e91242fd	Make Object.freeze fast This patch both speeds up the freeze operation itself, but also allows properties to remain in fast mode. Objects with non-empty elements backing stores still end up with slow elements. Relanding r14758 and r14759 with fix for Test262: only mark properties and elements READ_ONLY if they are not JS setter/getters. Tightened up tests to assert frozen-ness, and added targeted tests for the new code (covering accessors). BUG=v8:1858, 115960 R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/15691007 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 07:05:58 +00:00
adamk@chromium.org	4d48bb832f	Revert "Make Object.freeze fast" and "Fix Object.freeze on dictionary-backed arrays to properly freeze elements" This reverts r14758 and r14759 due to introducing failures in Test262 TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/15681004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 21:27:00 +00:00
adamk@chromium.org	3ebccb7aae	Fix Object.freeze on dictionary-backed arrays to properly freeze elements Follow-up to r14758: slightly rearranges JSObject::Freeze() to avoid duplicating code while still retaining proper dictionary elements storage behavior. Also fix a lint error. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/15737018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 20:40:04 +00:00
adamk@chromium.org	648e99e308	Make Object.freeze fast This patch both speeds up the freeze operation itself, but also allows properties to remain in fast mode. Objects with non-empty elements backing stores still end up with slow elements. BUG=v8:1858, 115960 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/14888005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 18:53:58 +00:00
mstarzinger@chromium.org	b704cb9139	Fix bogus deopt in BuildEmitDeepCopy for holey arrays. R=verwaest@chromium.org BUG=chromium:242924 TEST=mjsunit/regress/regress-crbug-242924 Review URL: https://codereview.chromium.org/15735012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 17:58:21 +00:00
verwaest@chromium.org	b353b1d131	Don't allow copying holes to fields. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/15745006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 15:33:53 +00:00

1 2 3 4 5 ...

2201 Commits