AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
rossberg@chromium.org	2e1b16de2a	Revert "Ship promises and weak collections" Reason: breaks Blink layout tests. R=machenbach@chromium.org BUG= Review URL: https://codereview.chromium.org/210853003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 10:57:52 +00:00
yangguo@chromium.org	793d4cb0b6	Fix issues when changing FLAG_concurrent_recompilation after init. R=jarin@chromium.org BUG=356053 LOG=N Review URL: https://codereview.chromium.org/210363005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:38:48 +00:00
jarin@chromium.org	b765d3cdb9	Revert the (wrong) fix of the argument index check asserion. R=ishell@chromium.org BUG= Review URL: https://codereview.chromium.org/208423017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 21:32:19 +00:00
jarin@chromium.org	56f2006605	Fix to get around an assertion that triggers when generating code that happens to be dead because the assertion is checked a bit earlier at runtime. R=ishell@chromium.org BUG=355486 LOG=N Review URL: https://codereview.chromium.org/201573011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 20:51:36 +00:00
rossberg@chromium.org	33be68c2fa	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:59:04 +00:00
verwaest@chromium.org	e18e650582	Ensure the constant operand for heap-object store-named-field is not a smi. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/210193002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:25:48 +00:00
yangguo@chromium.org	9c0f5be8d1	Correctly convert micro-sign to its upper case. R=dcarney@chromium.org BUG=355485 LOG=N Review URL: https://codereview.chromium.org/209323007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20197 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 14:16:14 +00:00
ulan@chromium.org	fc2563f108	Visit return statement of inlined function in value context. BUG=354357 LOG=N TEST=mjsunit/regress/regress-354357.js R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/206413005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 12:14:44 +00:00
ulan@chromium.org	f20a9473f3	Ensure that lazy deopt sequence does not override calls. BUG=354433 LOG=N TEST=mjsunit/regress/regress-354433.js R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/198463006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 11:02:15 +00:00
jkummerow@chromium.org	2b722b663e	Fix polymorphic hydrogen handling of SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:354391 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/206073008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 16:25:24 +00:00
yangguo@chromium.org	c9d391d87f	Fix assertions wrt concurrent OSR. R=ulan@chromium.org Review URL: https://codereview.chromium.org/206473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 15:23:31 +00:00
ulan@chromium.org	41eab25615	A64: Fix write barrier input in KeyedStoreIC::GenerateSloppyArguments. This fixes flaky crashes in gc-stress bot: > Fatal error in ../src/incremental-marking.cc, line 84 > CHECK(obj->IsHeapObject()) failed BUG=353551 LOG=N TEST=test/mjsunit/regress/regress-353551.js R=m.m.capewell@googlemail.com Review URL: https://codereview.chromium.org/204453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 08:32:58 +00:00
jkummerow@chromium.org	d9b6b6439d	Fix polymorphic keyed loads for SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:350867 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/203303010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-19 15:49:29 +00:00
ulan@chromium.org	487ca9e384	Fix TransitionElementsKindStub to handle non-JSArray objects correctly. BUG=352982 LOG=N TEST=mjsunit/regress/regress-352982.js R=danno@chromium.org Review URL: https://codereview.chromium.org/196343023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 13:29:29 +00:00
dslomov@chromium.org	6c01c3fd56	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Committed: https://code.google.com/p/v8/source/detail?r=20020 Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:55:29 +00:00
dslomov@chromium.org	a6224272fd	Revert "Apply numeric casts correctly in typed arrays and related code." This reverts commit r20020 for breaking Win64 build. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/199523006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20021 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:50:00 +00:00
dslomov@chromium.org	849187eab0	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:23:50 +00:00
rossberg@chromium.org	58d623f228	Stage ES6 promises and weak collections Split collections flag into weak and non-weak. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/201593004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 09:57:14 +00:00
verwaest@chromium.org	5aaa513630	Don't generate keyed store ICs for global proxies. BUG=352983 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/197873025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 17:19:39 +00:00
ulan@chromium.org	e1e4071cbc	Fix date cache in strict mode. BUG=v8:3220 LOG=N TEST=mjsunit/regress/regress-3220.js R=rossberg@chromium.org Review URL: https://codereview.chromium.org/201753002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:47:58 +00:00
ishell@chromium.org	3b257c35e5	Fixed spec violation of storing to length of a frozen object. BUG=chromium:350890 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/196653015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:43:33 +00:00
jkummerow@chromium.org	e4a18df7d1	Fix ASSERT violation when BinaryOpIC::Transition recurses into itself BUG=chromium:352586 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/201313002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 14:51:31 +00:00
rossberg@chromium.org	c3c185c173	Make invalid LHSs a parse-time (reference) error This is required by the spec. It also prevents crashes resulting from the attempt to read type feedback for the RHS of an invalid assignment which full codegen never actually allocated info for. To do: check properly in preparser already. R=marja@chromium.org, mstarzinger@chromium.org BUG=351658 LOG=Y Review URL: https://codereview.chromium.org/200473003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 10:21:01 +00:00
jkummerow@chromium.org	dc458525ad	Fix typo in r19923 (bounds check offset propagation) BUG=chromium:352929 LOG=n R=ulan@chromium.org Review URL: https://codereview.chromium.org/201303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:38:01 +00:00
ishell@chromium.org	f77c51b0a6	Check elimination now sets known successor branch of HCompareObjectEqAndBranch (correctness fix). BUG=chromium:352058 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/196383018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:11:38 +00:00
mvstanton@chromium.org	e3f3f6d98b	Revert "Continued fix for 351257. Reusing the feedback vector is too complex." This reverts commit r19919. TBR=bmeuer@chromium.org Review URL: https://codereview.chromium.org/196343021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 08:31:21 +00:00
verwaest@chromium.org	0f2a324c8a	Fix generalization with callbacks. BUG=352588 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/200173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 14:17:49 +00:00
mvstanton@chromium.org	11df4b8815	Fix for issue 351261. This relands the following fix: "HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included. (bug 347543)" along with additional fixes to KeyedStoreIC. BUG=351261 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/200113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:22:55 +00:00
ulan@chromium.org	2c99cba38b	Propagate updated offsets in BoundsCheckBbData. BUG=350863 LOG=Y TEST=mjsunit/regress/regress-350863.js R=bmeurer@chromium.org, jkummerow@chromium.org Review URL: https://codereview.chromium.org/197823009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:02:25 +00:00
bmeurer@chromium.org	358e176d50	Add regression test for range analysis bug. BUG=v8:3204 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/200103002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:54:26 +00:00
mvstanton@chromium.org	dd28969c1c	Continued fix for 351257. Reusing the feedback vector is too complex. Attempting to re-use the type feedback vector stored in the SharedFunctionInfo turns out to be difficult among the various cases. It will be much easier to do this when deferred type feedback processing is removed, as is in the works. Created bug v8:3212 to track re-introducing the optimization of reusing the type vector on recompile before optimization. The CL also brings back the type vector on the SharedFunctionInfo. BUG=351257 LOG=Y R=bmeurer@chromium.org, bmeuer@chromium.org Review URL: https://codereview.chromium.org/199973004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:28:37 +00:00
yangguo@chromium.org	0f71a24f3a	Correctly retain argument value when deopting from Math.round on x64. R=jkummerow@chromium.org BUG=351624 LOG=N Review URL: https://codereview.chromium.org/199013002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 13:57:21 +00:00
ulan@chromium.org	c64b78f6da	Check that constant is an integer before getting its value in HGraphBuilder::MatchRotateRight. BUG=351263 LOG=N TEST=mjsunit/regress/regress-351263 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/197803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 11:50:50 +00:00
svenpanne@chromium.org	390d3a0b15	Make translation of modulus operation '--stress-opt'-proof. Note that we unconditionally deopt later, anyway, but our compilation pipeline has to survive long enough to reach that place. :-/ LOG=y BUG=352059 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/198833002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 09:37:16 +00:00
jarin@chromium.org	713aa33f2a	Fix of argument materialization of captured heap numbers. The escape analysis calculates the number of slots in an object as no-of-slots = object-size / pointer-size. This gives 3 slots for heap numbers on 32-bit architectures (one slot for the map, two for the double value); however, my argument materialization code assumed just two slots (map + value). Since Hydrogen allocates heap numbers quite rarely, it is hard to produce a more meaningful repro than the one provided by Clusterfuzz. Any suggestions are welcome. The fix is simple - we just read out all extra slots (beyond the map and the double) for heap numbers. R=mstarzinger@chromium.org BUG=351315 LOG=N Review URL: https://codereview.chromium.org/196283004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 07:17:37 +00:00
jkummerow@chromium.org	f9ee4f19b4	Use intrinsics for builtin ArrayBuffer property accesses BUG=chromium:351787 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/197793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19862 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 19:25:40 +00:00
verwaest@chromium.org	8735adb2c4	Don't fast RemoveArrayHoles in case of arguments arrays. BUG=351645 LOG=n R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/197043004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19848 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 13:42:18 +00:00
mvstanton@chromium.org	7477bc39ca	350884: KeyedStoreIC miss didn't handle a transitioning case. It's possible to get a transitioned map with no links to the origin map if it's a shared map. Code in KeyedStoreIC::StoreElementStub assumes it can check if two maps are in the same family by traversing the transition array. Long term, the "family" relationship should be recognized with the Normalized Map Cache. For now, allow the IC to remain monomorphic in this case if the receiver map and the previous receiver map are the same. Filed V8 issue 3210 (https://code.google.com/p/v8/issues/detail?id=3210) to track the issue with the Normalized Map Cache. BUG=350884 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/194623005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 13:35:40 +00:00
jkummerow@chromium.org	105c1e08b7	Fix HIsSmiAndBranch::KnownSuccessorBlock() by deleting it Constants can still change their representation, so we cannot determine reachability of blocks based on their Smi-ness BUG=chromium:351320 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/196943002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 10:14:29 +00:00
danno@chromium.org	ae1669b501	Fix handling of polymorphic array accesses with constant index R=jkummerow@chromium.org BUG=chromium:351319 LOG=Y Review URL: https://codereview.chromium.org/196353004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 10:11:38 +00:00
jkummerow@chromium.org	8a1812f252	Fix lazy deopt after tagged binary ops Also add policing code to ensure that optimized frames can in fact lazily deopt at their respective current PC when we patch them for lazy bailout. BUG=chromium:350434 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/194703008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 09:59:36 +00:00
rossberg@chromium.org	85800eff3f	Fix issue with getOwnPropertySymbols and hidden properties When getting the symbols of an object we need to ignore the hidden properties of the prototype object since the hidden properties are represented by a single string key and we will not include that hidden string in the found names. BUG=350864 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/192883005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 16:46:35 +00:00
dcarney@chromium.org	62fc099334	fix bad access check check R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/195163002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 15:12:47 +00:00
rossberg@chromium.org	3f702d4bf9	Mode clean-up pt 1: rename classic/non-strict mode to sloppy mode R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/177683002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 14:39:08 +00:00
yangguo@chromium.org	6e1507331e	Fix bug in constant folding object comparisons. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/195063002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 13:34:01 +00:00
mvstanton@chromium.org	819d9f62d0	Fix for 350887: CHECK failure on new_length->IsSmi() In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to optimize setting array length if the new length is a smi. However, we refuse to set an array length to less than the index of the highest non-configurable array element. This index may be outside of smi range. Handle this case accordingly. BUG=350887 LOG=N R=dslomov@chromium.org Review URL: https://codereview.chromium.org/194803002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 10:30:10 +00:00
yangguo@chromium.org	1634e7de38	Fix assertion in RegExp parser to correctly expect stack overflow. Advance() always checks for stack overflow. If stack indeed overflowed, current() would hold the kEndMarker. ParseOctalLiteral does not expect this in the assertion, which causes assertion failure. R=mvstanton@chromium.org BUG=350865 LOG=N Review URL: https://codereview.chromium.org/192773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 15:52:10 +00:00
verwaest@chromium.org	1180803953	Reland and fix "Allow ICs to be generated for own global proxy." BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/176793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 12:23:05 +00:00
verwaest@chromium.org	8a3d715250	Revert "Use Representation::Integer32() for smi types on 32-bit-tagged systems." Due to performance regression. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/189843006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 09:29:07 +00:00
ishell@chromium.org	997ce05289	Fix for failing asserts in HBoundsCheck code generation on x64: use proper cmp operation width instead of asserting that Integer32 values should be zero extended. Similar to chromium:345820. BUG=349465 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/188703002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 16:22:47 +00:00

1 2 3 4 5 ...

945 Commits