Commit Graph

1684 Commits

Author SHA1 Message Date
mmaly@chromium.org
2b47762e3a Strict mode object property validation.
Review URL: http://codereview.chromium.org/6335010/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 18:42:35 +00:00
mmaly@chromium.org
f5a2860534 Strict mode parameter validation.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 17:21:45 +00:00
kmillikin@chromium.org
9cfbb240a0 Update regression test.
With SVN r6465 (reverting changes to scopes), a regression test for
deleting parameter variables has to change to reflect a semantic
change.  It is now again possible to delete parameters from a function
that uses 'with' or 'try...catch'.

Review URL: http://codereview.chromium.org/6307014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 13:32:36 +00:00
kmillikin@chromium.org
013860d42e Revert "Reapply change to with/arguments interaction."
Revert this change again.  Somewhat mysteriously we sometimes get empty
contexts that we do not expect in the context chain.

Review URL: http://codereview.chromium.org/6372013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6465 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 13:01:45 +00:00
vitalyr@chromium.org
331b482332 Fix bug 1070: set correct holder for primitive checks.
Code generated for checks starting with primitive receivers skips one step
in the usual prototype checking algorithm, so the holder must always be set.

Not setting the holder did not cause an immediate failure because our
primitives have additional hidden prototypes before the real prototypes.
These extra objects in the chain usually contain no properties and so
allowed the right holders to be selected.

Review URL: http://codereview.chromium.org/6353014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 12:21:03 +00:00
lrn@chromium.org
43d7951677 X64 Crankshaft: Added a bunch of operations.
Review URL: http://codereview.chromium.org/6366010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 11:30:47 +00:00
ager@chromium.org
d69ef26f7d Another fix for leaking error objects. User code can overwrite
ReferenceError.prototype.__proto__ which will make "error instanceof
Error" fail. However, the ReferenceError.prototype object itself
cannot be modified. Therefore, the error checks must check for
concrete error instances instead of only checking for Error.

Review URL: http://codereview.chromium.org/6388003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6450 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 08:48:59 +00:00
ricow@chromium.org
d5cab38a33 Add support for deoptimization on x64.
I did not take out the code relating to osr from the generate method
since this makes it easier to compare to ia32 (we will abort anyway when we hit the osr code so there should be no issues with having this in)
 

Review URL: http://codereview.chromium.org/6390001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6449 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 07:57:56 +00:00
mmaly@chromium.org
8d79f3a788 Strict mode octal literals.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6446 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-24 18:13:18 +00:00
kmillikin@chromium.org
e01336c3dc Change conformance test expectations.
We now conform to ES5 by not deleting variables that occur in a scope
shadowed by with or eval.

Review URL: http://codereview.chromium.org/6376009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-24 15:18:49 +00:00
kmillikin@chromium.org
9c2d52eb0e Fix a bug in delete for lookup slots.
The function Runtime_LookupContext searches the context chain for a
LOOKUP slot and returns the object holding the slot.  It returned the
global context if the slot was not found or if it was found in a
function's context or arguments object.  This is not the correct
object to use for 'delete'.

Since this lookup function is only ever used when deleting LOOKUP
slots (those that have to go through a with or a scope with eval), it
is simply replaced with a Runtime_DeleteContextSlot function that does
the appropriate thing for all kinds of context lookups.

This fixes Chromium bug 70066.
http://code.google.com/p/chromium/issues/detail?id=70066

Review URL: http://codereview.chromium.org/6280013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6442 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-24 14:03:30 +00:00
ager@chromium.org
b5151d118d Avoid calling overwritten toString methods for internal error
formatting. I missed a couple of places. Extracting the error object
check to a separate function.

Review URL: http://codereview.chromium.org/6304015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-24 07:59:40 +00:00
kbr@chromium.org
cbc1c0fca6 Truncate rather than round to nearest when performing float-to-integer
conversions for external array types, which implement the Typed Array
spec. (Revision of http://codereview.chromium.org/6315004 .)

Prefer SSE2 code path on x86 processors. Non-SSE2 processors now make
a slow runtime call for float-to-int conversions. Use SSE3 for 32-bit
signed and unsigned int array types where possible.

The movement of code from ic-arm.cc to stub-cache-arm.cc caused the
VFP3 code path to be tested for the first time. Fixed bugs in the
register usage and in the constant value stored into integer arrays
for NaN and +/-Infinity.

Added new truncation test to test-api.cc. Storage of NaN and +/-Inf
was already covered. Ran unit tests on x86, x64 and ARM simulator.
Tested ia32 and x64 code in Chromium on Mac and Linux respectively
with Typed Array unit tests and WebGL content.

BUG=http://code.google.com/p/chromium/issues/detail?id=50972
TEST=test-api/ExternalArrays

Review URL: http://codereview.chromium.org/6303012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 23:58:00 +00:00
ager@chromium.org
bb9c9fe92c Change recursive error printing to just replace recursively
encountered error objects with the empty string. This actually does
match the Safari behaviour.

Review URL: http://codereview.chromium.org/6259010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6430 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 14:11:35 +00:00
ricow@chromium.org
7e423ec8b9 Mark mozilla/ecma_3/RegExp/regress-85721 as flaky.
This tests is flaky in debug mode (especially on mac)



Review URL: http://codereview.chromium.org/6275012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6429 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 11:47:02 +00:00
ager@chromium.org
ca14680556 Return the empty string when formatting recursive error messages. This
matches the behavior of Safari and Firefox. Our old behavior was to
throw a stack overflow exception.

BUG=crbug.com/70334
TEST=mjsunit/cyclic-error-to-string.js

Review URL: http://codereview.chromium.org/6261018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 11:44:29 +00:00
kmillikin@chromium.org
8a9eeaf8da Reapply change to with/arguments interaction.
This is svn r6415 with a bugfix.

The bug was that we can have scopes with 0 heap slots (functions with
such scopes do not need a local context) and scopes with at least
Context::MIN_CONTEXT_SLOTS.  The code generator only allocated a local
context if there were strictly more than Context::MIN_CONTEXT_SLOTS.
Before the change to with/arguments, it was impossible to actually get
a function scope with exactly Context::MIN_CONTEXT_SLOTS because every
such scope included a heap-allocated arguments (and arguments shadow)
slot.

Review URL: http://codereview.chromium.org/6248014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 11:28:35 +00:00
vitalyr@chromium.org
7d96f2d40f Fix Smi::IsValid assert in StringCharCodeAt deferred code.
Review URL: http://codereview.chromium.org/6303013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6424 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-21 08:30:13 +00:00
mmaly@chromium.org
4cb51b51e6 First part of strict mode.
- var eval | arguments
- catch (eval | arguments)
- 'with' is disabled
- function can't be named eval or arguments

Add FLAG_strict_mode

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-20 18:51:47 +00:00
kmillikin@chromium.org
6b89b5975f Revert "Make 'with' mark only variables occurring in the body as used."
This reverts SVN revision 6415 due to layout test failures.

TBR=ricow

Review URL: http://codereview.chromium.org/6374006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-20 12:58:57 +00:00
kmillikin@chromium.org
7f43cf0539 Make 'with' mark only variables occurring in the body as used.
Before, we conservatively marked every variable in a scope as used if the
scope contained 'with'.  Instead, just mark the variables occurring in the
body of the with.  This avoids marking 'arguments' as used whenever 'with'
occurs, which incurs an extra performance penalty (a use of arguments is
seen as an instruction to redirect all parameter accesses to the arguments
object).

Review URL: http://codereview.chromium.org/6357007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6415 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-20 12:32:43 +00:00
kmillikin@chromium.org
70910af7a0 Fix an assertion failure in the full code generator.
We hit an assertion failure when we tried to record the AST ID of
the (shared) .arguments variable proxy more than once.  This was hit
when we had multiple calls to the same parameter in a function that
used the arguments object.  The fix is to not visit the subexpressions
of the (shared) property access expression.

BUG=1060

Review URL: http://codereview.chromium.org/6368007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6404 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-19 15:26:54 +00:00
antonm@chromium.org
b0abe13ed2 Using unsigned shifts and masks when dealing with 64-bit addresses.
BUG=v8:1037

Review URL: http://codereview.chromium.org/6242005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-19 11:16:23 +00:00
lrn@chromium.org
e66ceb9079 X64 Crank: Implemented DoBranch and all *AndBranch comparisons.
Review URL: http://codereview.chromium.org/6374002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-19 10:17:18 +00:00
antonm@chromium.org
49144ee6b6 Properly create variables to access outer arguments and function names.
Review URL: http://codereview.chromium.org/6266007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6380 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-19 08:16:17 +00:00
mmaly@chromium.org
d6f88b6688 Revert strict mode (Mozilla test failure).
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-18 23:01:50 +00:00
mmaly@chromium.org
b4c88d5de4 First part of ES5 strict mode.
- var eval | arguments
- catch (eval | arguments)
- 'with' is disabled
- function can't be named eval or arguments
- function parameter name cannot be eval or arguments
- no duplicate parameter names allowed

Add FLAG_strict_mode

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-18 16:43:53 +00:00
ager@chromium.org
5cc7b5c2db Clean up test lists. I cannot reproduce any of these locally. My guess
is that the mozilla ones were caused by the safe-point table problem
and the deoptimization ones are fixed by adding support for mod and
div.

Let's see if the buildbot agrees.
Review URL: http://codereview.chromium.org/6260007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 13:27:16 +00:00
ricow@chromium.org
3d245133a3 Enable compilation of very simple functions in x64 crankshaft.
This change includes support for safepointtables and adding deoptimization info (but not for deoptimizing).

Implemented crankshaft functions:
CallCode
GenerateSafepointTable
RegisterEnvironmentForDeoptimization
EmitGoto


This change allows us to compile very simple functions with crankshaft:
An empty function
A function returning a constant.
A function returning a parameter.

There is 6 disabled tests that require us to be able to deoptimize
which is currently not supported.


Review URL: http://codereview.chromium.org/6310009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 13:11:39 +00:00
ager@chromium.org
ac320205b9 ARM: Fix ARM safepoint tables by ensuring that constant pools are not
emitted as part of the safepoint tables.

Always emit the constant pool as part of generating deferred code
(whether or not there actually is any deferred code) and ASSERT that
there is no pending relocation info while using db and dd to write
tables.

Review URL: http://codereview.chromium.org/6360003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 12:45:39 +00:00
lrn@chromium.org
f09705ab9b Make invalid break/continue statements an early syntax error.
Previously we delayed the throwing of syntax errors until runtime, so
unreachable errors didn't get reported.
To match a change in JSC, we now stop parsing and report the error immediately.

BUG=69736
TEST=

Review URL: http://codereview.chromium.org/6355006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 09:36:10 +00:00
antonm@chromium.org
fae90d4f32 Make closures optimizable by Crankshaft compiler.
Currently only closures which only read from the context are supported.

Review URL: http://codereview.chromium.org/5753005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 08:11:03 +00:00
ager@chromium.org
ea7dde421e Unthread message handling test. Changing the MessageHandler in a
threaded test is not a good idea as it has an effect on other tests.

Review URL: http://codereview.chromium.org/6273004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-14 13:14:26 +00:00
ager@chromium.org
c1306244a6 Make the 'name' property on error prototypes read-only and dont-delete
to avoid leaking of error objects to accessor methods when formatting
error messages internally.

Also, do not call overwritten toString methods on error objects when
formatting messages internally.

Review URL: http://codereview.chromium.org/6272004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6322 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-14 12:51:04 +00:00
podivilov@chromium.org
ee9fd1d922 Unreviewed. Fix whitespaces for r6314.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-14 12:01:57 +00:00
podivilov@chromium.org
beb16ce681 Tests for setting break points by script id and position.
Review URL: http://codereview.chromium.org/6261009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6314 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-14 11:56:14 +00:00
antonm@chromium.org
8805509f28 Wrap external pointers more carefully.
On 32-bit platforms any pointer with 0 as LSB can be wrapped into Smi.  However, on 64-bit
platforms it's currently not the case as x64 Smis must have 0s in lower 32 bit word.
Even worse, macroassembler Move instruction will try to fetch integer value from Smi
and will shift by 32 bits to the right rendering stored pointer incorrect.

BUG=v8:1037

Review URL: http://codereview.chromium.org/6119009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-13 15:56:33 +00:00
ager@chromium.org
48acf77389 Do not allow accessors to intercept getting/setting properties on
error objects under construction and string conversions.

Review URL: http://codereview.chromium.org/6146009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6291 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-13 06:56:54 +00:00
ricow@chromium.org
215a313086 Add a few more mozilla exceptions under BUG(1032).
These test crashes occasionally as well:
ecma/Date/15.9.3.1-2
ecma/Date/15.9.3.1-3
ecma/Date/15.9.3.1-5


Review URL: http://codereview.chromium.org/6131007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6282 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-12 12:27:39 +00:00
sgjesse@chromium.org
b522211a0f ARM: Allow Mozilla test js1_5/GC/regress-203278-2 to tiemout
BUG=v8:1040
TEST=Mozilla test js1_5/GC/regress-203278-2
Review URL: http://codereview.chromium.org/6204005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6278 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-12 08:10:09 +00:00
peter.rybin@gmail.com
7c468e53c4 Add fine-grained diff implementation to LiveEdit engine.
BUG=1013
TEST=

Review URL: http://codereview.chromium.org/6017008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6274 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-11 14:55:47 +00:00
vitalyr@chromium.org
404fbb5b0b SSE2 truncating double-to-i.
Review URL: http://codereview.chromium.org/6049008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-11 13:48:49 +00:00
antonm@chromium.org
a0bc9eb040 Add more bailouts for Array.slice over arguments.
Unfortunately, arguments is pretty much the normal JS object.  For now
I am adding more sanity checks (in hope that typically arguments
list is rather short.)  However it probably requires more systematic
treatment, for example, we could optimistically copy elements until
we meet first hole and in this case resort to JS builtin.

Review URL: http://codereview.chromium.org/6062006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-11 11:23:40 +00:00
ricow@chromium.org
476cacad0f Disable crashing mozilla test from bug 1032 on arm with crankshaft
Review URL: http://codereview.chromium.org/6127004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-11 07:55:23 +00:00
sgjesse@chromium.org
bd208976d7 Update the bits reserved for the gap size in the depotimization table
On ARM the a constant pool can be emitted during the gap code generation which leads to larger gap code size

BUG=v8:1018
Review URL: http://codereview.chromium.org/6125004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 19:43:38 +00:00
ricow@chromium.org
b4ea8c7f5e Enable sharding of individual testsuites in tools/test.py
This patch enables two new flags for the tools/test.py script;
--shard-count - giving the ability to split the tests to be run
into shard-count chunks.
--shard-run - giving the ability to specify which of the shards to actually run.

Example
  tools/test.py -j15 --shard-count=2 --shard-run=1 mozilla
would split the mozilla tests into two chunks and run the tests in the first chunk

Running:
  tools/test.py -j15 --shard-count=2 --shard-run=1 mozilla
  tools/test.py -j15 --shard-count=2 --shard-run=2 mozilla
is equivalent (in terms of test coverage) of just running:
  tools/test.py -j15 mozilla

In addition, tests are now sorted before they are returned from the
test specific ListTests methods (sputnik and mozilla tests where
already sorted before they where returned).

This change is needed to split a single test suite over two slaves on
the waterfall.


Review URL: http://codereview.chromium.org/6127003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6248 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 13:54:42 +00:00
sgjesse@chromium.org
16336d5a68 ARM: Set status for flaky test
BUG=v8:1032
TEST=Mozila ecma/Date/15.9.3.1-1.js
Review URL: http://codereview.chromium.org/6212002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 12:01:28 +00:00
sgjesse@chromium.org
cb6a070629 ARM: Mozilla test is now passing after r6236
BUG=Mozilla ecma/TypeConversion/9.2
TEST=v8:1023
Review URL: http://codereview.chromium.org/6210002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 10:22:26 +00:00
sgjesse@chromium.org
09628fc97c Add failing test to expectations to get the bot greener
BUG=v8:1031
TEST=mozilla ecma/TypeConversion/9.2
Review URL: http://codereview.chromium.org/6146006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 07:37:55 +00:00
ricow@chromium.org
cd6bd8c4fa Revert 6220 (generic descriptor support in Object.defineOwnProperty)
This change caused a webkit failure in http/tests/security/xss-DENIED-defineProperty.html.

 I will look into this and reapply when I find a solution.




Review URL: http://codereview.chromium.org/6134005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 07:20:54 +00:00