AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9,909 Commits 1 Branch 0 Tags 839 MiB
2f5c768534
Commit Graph

3307 Commits

Author SHA1 Message Date
rossberg@chromium.org
348736efaa Find a stack limit for the test that works on both Win32 and Linux64. 
R=mstarzinger@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/11086073

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 13:10:24 +00:00
rossberg@chromium.org
ddbd426821 Increase stack size for test to work on x64. 
R=jkummerow@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/11098070

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 12:11:46 +00:00
rossberg@chromium.org
00132da734 Bump variable limit further to 2^17. 
R=jkummerow@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/11099063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 11:40:10 +00:00
verwaest@chromium.org
dde1cdfb8e Fix transition conversion from CONSTANT_FUNCTION to FIELD. 
Review URL: https://chromiumcodereview.appspot.com/11094044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-10 12:31:50 +00:00
verwaest@chromium.org
55e924c595 Fix CNLT regression. 
This happens when a map A with no descriptors in fast_holey_elements
mode first gets some properties, making it share descriptor arrays with
a map B to which it transitions. Then map A transitions elements kind to
dictionary_elements in map C. C stores the empty_descriptor_array in its
own transition array. When adding a property to C, C transitions to D
and shares the descriptors. If D dies, a CNLT clears the transition
array of C, making the descriptor array of A (and thus also of B) shine
through. If a property is now added to an object in state C, it'll inherit
all the properties of A (and B). If those properties had high field indices,
we do not have a large enough backing store for the single newly added
property, and we'll write out of bounds.

BUG=chromium:151749

Review URL: https://chromiumcodereview.appspot.com/11017054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-10 12:29:44 +00:00
svenpanne@chromium.org
5d11c5ee69 Fixed Accessors::FunctionGetPrototype's proto chain traversal. 
Actually it didn't traverse that far... ;-) Did some cleanup on the way.

R=rossberg@chromium.org
BUG=chrome:143967
TEST=regress/regress-143967.js

Review URL: https://codereview.chromium.org/11087004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-08 12:58:46 +00:00
rossberg@chromium.org
329cf12363 Make sure that names of temporaries do not clash with real variables. 
R=mstarzinger@chromium.org
BUG=v8:2322

Review URL: https://codereview.chromium.org/11035054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 12:47:34 +00:00
rossberg@chromium.org
b07f38a46b Reject local module declarations. 
R=mstarzinger@chromium.org
BUG=150628

Review URL: https://codereview.chromium.org/11033025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 09:14:08 +00:00
rossberg@chromium.org
3f7b5c338a Reject uses of lexical for-loop variable on the RHS. 
R=mstarzinger@chromium.org
BUG=v8:2322

Review URL: https://codereview.chromium.org/11031045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12664 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 09:07:53 +00:00
jkummerow@chromium.org
ecc7f4baad Replacing circular queue by single buffer in CPU Profiler. 
BUG=None

Review URL: https://codereview.chromium.org/10871039
Patch from Sergey Rogulenko <rogulenko@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-02 10:51:00 +00:00
jkummerow@chromium.org
dfb4218a04 Moving cpu profiling into its own thread. 
BUG=None

Review URL: https://codereview.chromium.org/10857035
Patch from Sergey Rogulenko <rogulenko@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-02 09:58:11 +00:00
verwaest@chromium.org
efe955587e Allow optimistically hoisting elements transitions over accesses. 
Review URL: https://chromiumcodereview.appspot.com/10972011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-01 16:22:43 +00:00
jkummerow@chromium.org
22d3864a0a Fix cctests using Sockets to be able to run in parallel 
BUG=v8:945

Review URL: https://codereview.chromium.org/11015008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12636 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-01 09:41:18 +00:00
mmassi@chromium.org
8fbfad63cd Avoid wrong imul deopt on ia32 and x64 (fixes v8 bug 2339). 
BUG=v8:2339

Review URL: https://chromiumcodereview.appspot.com/10963032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-26 09:57:30 +00:00
erik.corry@gmail.com
72e9f1bea1 x64 and ARM: Fix issue 2346 (order of operations in keyed store 
on arrays) and turn get-own-property-descriptor.js test into
a regression test.
Review URL: https://chromiumcodereview.appspot.com/10985017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-25 13:35:42 +00:00
rossberg@chromium.org
20b1c426cf Bump number of allowed variables per scope to 65535, to address GWT. 
R=jkummerow@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/10965063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12600 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 16:22:17 +00:00
jkummerow@chromium.org
43f038d4cd Split test/mjsunit/debug-stepout-scope into smaller chunks 
Review URL: https://codereview.chromium.org/10969061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 11:18:29 +00:00
jkummerow@chromium.org
8a3ec89824 Delete test/mjsunit/regress-1969. 
It was flaky, and its usefulness was doubtful.

Review URL: https://codereview.chromium.org/10961075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:48:14 +00:00
jkummerow@chromium.org
cc6fe90b2b Remove trailing whitespace 
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/10969064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:44:04 +00:00
jkummerow@chromium.org
1e1470fca0 Speed up test/mjsunit/compiler/regress-or 
Review URL: https://codereview.chromium.org/10969063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12593 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:08:01 +00:00
jkummerow@chromium.org
6dc2af06dc Speed up test/mjsunit/compiler/regress-gvn 
Review URL: https://codereview.chromium.org/10956059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:07:09 +00:00
jkummerow@chromium.org
d600358e6d Split test/mjsunit/numops-fuzz into smaller chunks 
Review URL: https://codereview.chromium.org/10961065

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:06:06 +00:00
jkummerow@chromium.org
fbf5965db4 Split test/mjsunit/mul-exhaustive into smaller chunks 
Review URL: https://codereview.chromium.org/10958064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:04:58 +00:00
jkummerow@chromium.org
a2fc134169 Split test/mjsunit/fuzz-natives into smaller chunks 
Review URL: https://codereview.chromium.org/10970058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:03:49 +00:00
jkummerow@chromium.org
1bfbfc34ad Split test/mjsunit/math-floor into smaller chunks 
Review URL: https://codereview.chromium.org/10967064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:02:44 +00:00
jkummerow@chromium.org
bafa150f99 Speed up test/mjsunit/greedy.js 
Review URL: https://codereview.chromium.org/10969062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:01:35 +00:00
jkummerow@chromium.org
d88069821c Speed up test/mjsunit/debug-multiple-breakpoints 
Review URL: https://codereview.chromium.org/10961064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:00:25 +00:00
jkummerow@chromium.org
6a617a7b23 Speed up test/mjsunit/d8-os by reducing sleep times 
Review URL: https://codereview.chromium.org/10973003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 09:57:16 +00:00
jkummerow@chromium.org
cf0cae7eb1 Speed up test/mjsunit/regress/regress-crbug-119926 
Review URL: https://codereview.chromium.org/10958063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 09:56:11 +00:00
jkummerow@chromium.org
975d6e2170 First commit of new tools/run-tests.py 
Review URL: https://codereview.chromium.org/10919265

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 09:38:46 +00:00
yurys@chromium.org
26721b7dc0 This issue is for landing patch by vsevik: http://codereview.chromium.org/10966011/ 
SourceURL comments for scripts having a name. 

sourceURL comment is now preferred script name for all scripts except 
for those with non zero start position (e.g. inline scripts in HTML). 


BUG=v8:2342
Review URL: https://codereview.chromium.org/10959038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-21 08:09:34 +00:00
verwaest@chromium.org
083ee63a83 Fix CNLT for enum indices. 
Review URL: https://chromiumcodereview.appspot.com/10958015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 15:18:00 +00:00
verwaest@chromium.org
ea31f868e8 Deopt on storing undefined into double elements. 
Review URL: https://chromiumcodereview.appspot.com/10963010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12568 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 13:41:00 +00:00
ulan@chromium.org
a0dfdfc273 Revert r12530 "Tentatively reenable previous failing test." 
BUG=v8:2341
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10964015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 11:28:33 +00:00
mstarzinger@chromium.org
84935fb23a Fix missing slot recodring during clearing of CallICs. 
This fixes a rare corner case that was caused by missing recording of
relocation slots when the uninitialized CallIC stub happenes to land on
an evacuation candidate and the IC is cleared via the shared function.

R=ulan@chromium.org
BUG=chromium:144230
TEST=cctest/test-heap/Regression144230

Review URL: https://codereview.chromium.org/10963005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12563 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 10:45:38 +00:00
jkummerow@chromium.org
a8e502fe60 Fix LBoundsCheck on x64 to handle (stack slot + constant) correctly 
BUG=150729

Review URL: https://codereview.chromium.org/10959009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 09:56:24 +00:00
jkummerow@chromium.org
83da019a46 Move regress-2286.js where it belongs 
Review URL: https://codereview.chromium.org/10957013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 09:55:19 +00:00
mmassi@chromium.org
9dc822ca13 Fixed minus zero test (fixes v8:2133). 
BUG=v8:2133

Review URL: https://chromiumcodereview.appspot.com/10937013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 12:48:49 +00:00
mstarzinger@chromium.org
c012afb6d4 Fix setting array length to zero for slow elements. 
R=verwaest@chromium.org
BUG=chromium:146910
TEST=mjsunit/regress/regress-crbug-146910

Review URL: https://codereview.chromium.org/10937026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12547 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 11:52:33 +00:00
mstarzinger@chromium.org
f0dcaf9a19 Fix lost arguments dropping in HLeaveInlined. 
This fixes HleaveInlined to correctly drop pushed arguments on all code
paths and addresses a corner case where the arguments stack height
mismatched at an OSR entry point.

R=jkummerow@chromium.org
BUG=chromium:150545
TEST=mjsunit/regress/regress-crbug-150545

Review URL: https://codereview.chromium.org/10938016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 08:13:46 +00:00
verwaest@chromium.org
5bf15c5d6c Preallocate space in descriptor arrays. 
Review URL: https://chromiumcodereview.appspot.com/10916336

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-18 13:25:12 +00:00
mstarzinger@chromium.org
86fd161fdc Fix casting error for receiver of interceptors. 
This fixes a casting error that occured when the receiver of a missed
or uninitialized CallIC is a Smi and there is an interceptor installed
on the prototype chain.

R=yangguo@chromium.org
BUG=chromium:149912
TEST=cctest/test-api/Regress149912

Review URL: https://codereview.chromium.org/10914317

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-17 14:39:10 +00:00
yangguo@chromium.org
783d10197a Tentatively reenable previous failing test. 
R=mstarzinger@chromium.org
BUG=v8:2261

Review URL: https://chromiumcodereview.appspot.com/10907254

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-17 14:19:11 +00:00
yangguo@chromium.org
73462594ea Change regress-2318 to trigger more quickly and reliably. 
BUG=v8:2336

Review URL: https://chromiumcodereview.appspot.com/10913294

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-17 13:21:59 +00:00
erik.corry@gmail.com
bafcfe5427 Fix misplaced assert in heap.cc. 
Bug=2336
Review URL: https://chromiumcodereview.appspot.com/10911334

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-17 11:38:24 +00:00
ulan@chromium.org
4bd4fb1aa4 Throw a more descriptive exception when blocking 'eval' via CSP. 
BUG=140191

R=svenpanne@chromium.org,mkwst@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10837358

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12525 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-17 09:58:22 +00:00
yangguo@chromium.org
cb72bf5735 Fix debugger's eval when close to stack overflow. 
R=verwaest@chromium.org
BUG=v8:2318

Review URL: https://chromiumcodereview.appspot.com/10914290

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 13:40:32 +00:00
verwaest@chromium.org
ad4746c8a3 CNLT with descriptors but no valid enum fields has to clear the EnumCache. 
Review URL: https://chromiumcodereview.appspot.com/10928204

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 13:15:43 +00:00
yangguo@chromium.org
8d04c8c89f Replace r12503. Explicitly check toString() for exception in d8's print(). 
R=jkummerow@chromium.org
BUG=v8:2317

Review URL: https://chromiumcodereview.appspot.com/10911305

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12507 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 11:43:46 +00:00
erik.corry@gmail.com
5a8d1764bc Refactoring of snapshots. This simplifies and improves 
the speed of deserializing code.  The current startup
time improvement for V8 is around 6%, but code deserialization
is speeded up disproportionately, and we will soon have more
code in the snapshot.
* Removed support for deserializing into large object space.
  The regular pages are 1Mbyte now and that is plenty.  This
  is a big simplification.
* Instead of reserving space for the snapshot we actually
  allocate it now.  This removes some special casing from
  the memory management and simplifies deserialization since
  we are just bumping a pointer rather than calling the
  normal allocation routines during deserialization.
* Record in the snapshot how much we need to boot up and
  allocate it instead of just assuming that allocations in
  a new VM will always be linear.
* In the snapshot we always address an object as a negative
  offset from the current allocation point.  We used to
  sometimes address from the start of the deserialized data,
  but this is less useful now that we have good support for
  roots and repetitions in the deserialization data.
* Code objects were previously deserialized (like other
  objects) by alternating raw data (deserialized with memcpy)
  and pointers (to external references, other objects, etc.).
  Now we deserialize code objects with a single memcpy,
  followed by a series of skips and pointers that partially
  overwrite the code we memcopied out of the snapshot.
  The skips are sometimes merged into the following
  instruction in the deserialization data to reduce dispatch
  time.
* Integers in the snapshot were stored in a variable length
  format that gives a compact representation for small positive
  integers.  This is still the case, but the new encoding can
  be decoded without branches or conditional instructions,
  which is faster on a modern CPU.
Review URL: https://chromiumcodereview.appspot.com/10918067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12505 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 11:16:56 +00:00
mstarzinger@chromium.org
77a7d9f539 Fix caching of optimized code for OSR. 
This makes sure we do not share optimized code across closures that were
optimized using OSR (for a particular OSR entry AST id) even if caching
of optimized code kicks in.

R=danno@chromium.org
BUG=v8:2326
TEST=mjsunit/regress/regress-2326

Review URL: https://codereview.chromium.org/10933088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 10:41:31 +00:00
yangguo@chromium.org
4fe330c055 Not mask exception thrown by toString in String::UtfValue etc. 
R=jkummerow@chromium.org
BUG=v8:2317

Review URL: https://chromiumcodereview.appspot.com/10917236

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 08:13:57 +00:00
yangguo@chromium.org
4f47e68a08 Fix printf formatting in test-compiler. 
R=jkummerow@chromium.org
BUG=v8:2319

Review URL: https://chromiumcodereview.appspot.com/10928182

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-13 15:06:15 +00:00
mstarzinger@chromium.org
8db2000615 Fix API check for length of external arrays. 
R=jkummerow@chromium.org
BUG=chromium:148896
TEST=cctest/test-api/ExternalArrayLimits

Review URL: https://codereview.chromium.org/10914257

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-13 09:36:56 +00:00
verwaest@chromium.org
1d1adaf9d3 Ensure correct enumeration indices in the dict 
BUG=chromium:148376

Review URL: https://chromiumcodereview.appspot.com/10908216

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12494 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-13 08:52:55 +00:00
mmassi@chromium.org
22aed1cddd Fixed bounds check removal by restricting it to int32 indexes (and reenabled both ABCR and index dehoisting). 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10905232

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-12 17:00:25 +00:00
verwaest@chromium.org
ebd3241b05 Sharing of descriptor arrays. 
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore, but rather do so via an indirect pointer (a JSGlobalPropertyCell).

An ownership bit is added to maps indicating whether it owns its own descriptor array or not.

Maps owning a descriptor array can pass on ownership if a transition from that map is generated; but only if the descriptor array stays exactly the same; or if a descriptor is added.

Maps that don't have ownership get ownership back if their direct child to which ownership was passed is cleared in ClearNonLiveTransitions.

To detect which descriptors in an array are valid, each map knows its own NumberOfOwnDescriptors. Since the descriptors are sorted in order of addition, if we search and find a descriptor with index bigger than this number, it is not valid for the given map.

We currently still build up an enumeration cache (although this may disappear). The enumeration cache is always built for the entire descriptor array, even if not all descriptors are owned by the map. Once a descriptor array has an enumeration cache for a given map; this invariant will always be true, even if the descriptor array was extended. The extended array will inherit the enumeration cache from the smaller descriptor array. If a map with more descriptors needs an enumeration cache, it's EnumLength will still be set to invalid, so it will have to recompute the enumeration cache. This new cache will also be valid for smaller maps since they have their own enumlength; and use this to loop over the cache. If the EnumLength is still invalid, but there is already a cache present that is big enough; we just initialize the EnumLength field for the map.

When we apply ClearNonLiveTransitions and descriptor ownership is passed back to a parent map, the descriptor array is trimmed in-place and resorted. At the same time, the enumeration cache is trimmed in-place.

Only transition arrays contain descriptor arrays. If we transition to a map and pass ownership of the descriptor array along, the child map will not store the descriptor array it owns. Rather its parent will keep the pointer. So for every leaf-map, we find the descriptor array by following the back pointer, reading out the transition array, and fetching the descriptor array from the JSGlobalPropertyCell. If a map has a transition array, we fetch it from there. If a map has undefined as its back-pointer and has no transition array; it is considered to have an empty descriptor array.

When we modify properties, we cannot share the descriptor array. To accommodate this, the child map will get its own transition array; even if there are not necessarily any transitions leaving from the child map. This is necessary since it's the only way to store its own descriptor array.

Review URL: https://chromiumcodereview.appspot.com/10909007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-12 16:43:57 +00:00
yangguo@chromium.org
67d0506622 Correctly initialize regexp global cache. 
R=ulan@chromium.org
BUG=148378

Review URL: https://chromiumcodereview.appspot.com/10905239

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12491 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-12 15:26:43 +00:00
mstarzinger@chromium.org
f37f504de5 Fix arguments object materialization during deopt. 
This fixes materialization of arguments objects for strict mode functions during
deoptimization. We materialize arguments from the stack area where optimized
code pushes the arguments when entering the inlined environment. For adapted
invocations we use the arguments adaptor frame for materialization.

R=svenpanne@chromium.org
BUG=v8:2261
TEST=mjsunit/regress/regress-2261,mjsunit/compiler/inline-arguments

Review URL: https://chromiumcodereview.appspot.com/10908194

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12489 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-12 12:28:42 +00:00
yangguo@chromium.org
6a9e4048aa Introduce new API to expose external string resource regardless of encoding. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10917211

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-12 11:29:50 +00:00
yangguo@chromium.org
59b9a32b34 Fix edge case of extension with NULL as source string. 
BUG=144649

Review URL: https://chromiumcodereview.appspot.com/10914201

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12485 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-11 14:16:56 +00:00
ulan@chromium.org
a9162af1af Fix delta computation in DoDeferredInstanceOfKnownGlobal() for ARM. 
BUG=v8:2314

R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10908195

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12478 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-11 11:36:48 +00:00
peter.rybin@gmail.com
bda5ce9cd6 Introduce InternalProperty type and expose internal properties for bound functions 
Committed: https://code.google.com/p/v8/source/detail?r=12346

Review URL: https://chromiumcodereview.appspot.com/10834376

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-10 23:17:04 +00:00
mstarzinger@chromium.org
f6cd2403e3 Fix deoptimizer for shared optimized code. 
The deoptimizer searched the stack for activations of the same function to
determine whether to trigger lazy deopting. Since we share optimized code we
actually need to search for activations of the same code (but potentially
different functions).

R=jkummerow@chromium.org
BUG=chromium:147475
TEST=mjsunit/regress/regress-crbug-147475

Review URL: https://chromiumcodereview.appspot.com/10917162

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12473 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-10 11:05:17 +00:00
yangguo@chromium.org
bf229e93eb Enable/disable LiveEdit using the (C++) debug API. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10875072

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-10 09:24:17 +00:00
yangguo@chromium.org
1a0c14f12c Add checks to runtime functions. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10915062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-10 08:35:26 +00:00
svenpanne@chromium.org
7af6883098 Fixed deoptimization of inlined getters. 
It is necessary to explicitly handle the internal frame lying between the caller
of the getter and the getter itself in the deoptimizer: When the getter is
inlined, leaving the internal frame restores the correct context.

BUG=http://crbug/134609
TEST=mjsunit/regress/regress-crbug-134609

Review URL: https://chromiumcodereview.appspot.com/10910110

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-07 09:01:54 +00:00
erik.corry@gmail.com
03e4ddcfcf Loosen up code logging test that was sensitive to GC timing. 
Review URL: https://chromiumcodereview.appspot.com/10918096

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12463 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-06 11:05:40 +00:00
erik.corry@gmail.com
9ff7ec1c4a Fix binding in new Function(). 
Review URL: https://chromiumcodereview.appspot.com/10916114

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12442 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-05 11:45:58 +00:00
erik.corry@gmail.com
e5df02834b Fix some corner cases in skipping native methods using caller. 
Review URL: https://chromiumcodereview.appspot.com/10911063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12439 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-05 08:19:49 +00:00
yangguo@chromium.org
5ac2a5d22e Revert r12430, r12432, r12433 (basic support for Latin1). 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10905075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12438 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-04 12:23:22 +00:00
verwaest@chromium.org
0c24942be7 Fixed test expectation. 
Review URL: https://chromiumcodereview.appspot.com/10913062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-04 09:54:36 +00:00
verwaest@chromium.org
a8638c1570 Support register as right operand in min/max support. 
R=jkummerow@chromium.org
BUG=chromium:145961
TEST=mjsunit/regress/regress-crbug-145961.js

Review URL: https://chromiumcodereview.appspot.com/10914072

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-04 09:35:43 +00:00
yangguo@chromium.org
37c1c06108 Fix more windows build warnings. 
TBR=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10917065

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-03 15:50:24 +00:00
yangguo@chromium.org
74f06b1f99 Add basic support for Latin1 to the API. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10857030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12430 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-03 15:06:36 +00:00
mstarzinger@chromium.org
74aa15bfa0 Fix FindSharedFunctionInfoInScript to not optimize. 
This prevents a corner case in FindSharedFunctionInfoInScript that would cause
functions to be optimized because an intermittent GC would clear the flag
indicating whether breakpoints are present. Above method was also moved into the
Debug class because it is only used by the debugger.

R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10914065

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-03 14:23:00 +00:00
yangguo@chromium.org
ddfae013a6 Disable test that triggers known bug. 
BUG=v8:2261

Review URL: https://chromiumcodereview.appspot.com/10910029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-31 12:02:02 +00:00
yangguo@chromium.org
5dd51bafef Cache results in SearchRegExpMultiple. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10837290

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-31 09:28:01 +00:00
verwaest@chromium.org
90db487390 Elements load depends on the type of the receiver. 
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10918005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12413 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-30 17:31:32 +00:00
yangguo@chromium.org
5419ee7ba0 Release stack trace data after firing Error.stack accessor. 
BUG=v8:2308

Review URL: https://chromiumcodereview.appspot.com/10886012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-29 07:51:48 +00:00
jkummerow@chromium.org
f9d4856289 Add a new API V8::SetJitCodeEventHandler to push code name and location to users such as profilers. 
BUG=None
TEST=Included in CL.

Committed: https://code.google.com/p/v8/source/detail?r=12389

Review URL: https://chromiumcodereview.appspot.com/10795074
Patch from Sigurður Ásgeirsson <siggi@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-28 14:43:28 +00:00
rossberg@chromium.org
b0067e9cd5 Disable test that triggers known bug. 
R=verwaest@chromium.org
BUG=v8:2261

Review URL: https://chromiumcodereview.appspot.com/10896005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-28 14:17:55 +00:00
rossberg@chromium.org
ccc827a6f8 Allocate block-scoped global bindings to global context. 
- The global object has a reference to the current global scope chain.
  Running a script adds to the chain if it contains global lexical declarations.
- Scripts are executed relative to a global, not a native context.
- Harmony let and const bindings are allocated to the innermost global context;
  var and function still live on the global object.
  (Lexical bindings are not reflected on the global object at all,
  but that will probably change later using accessors, as for modules.)
- Compilation of scripts now needs a (global) context (previously only eval did).
- The global scope chain represents one logical scope, so collision tests take
  the chain into account.

R=svenpanne@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10872084

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12398 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-28 11:25:08 +00:00
rossberg@chromium.org
1dbf670713 Index script compilation cache over context, too, 
in preparation for global lexical scope.

R=ulan@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10878007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-28 10:49:23 +00:00
yangguo@chromium.org
7cbca775ee Reland regexp global optimizations. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10872010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-28 09:37:41 +00:00
verwaest@chromium.org
a713f82aa6 Revert "Add a new API V8::SetJitCodeEventHandler to push code name and location to users such as profilers." 
This reverts commit r12389.

TBR=jkummerow@chromium.org, CC=siggi@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10870108

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-27 19:47:02 +00:00
jkummerow@chromium.org
0a6493b5a8 Add a new API V8::SetJitCodeEventHandler to push code name and location to users such as profilers. 
BUG=None
TEST=Included in CL.

Review URL: https://chromiumcodereview.appspot.com/10795074
Patch from Sigurður Ásgeirsson <siggi@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12389 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-27 18:03:38 +00:00
ulan@chromium.org
7b1d13affc Revert r12342 "Flush monomorphic ICs on context disposal instead of context exit." because of canary channel crashes. 
BUG=144230
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10868068

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-27 16:08:27 +00:00
danno@chromium.org
3544e2e875 Disable speculative LICM when it may lead to unnecessary deopts 
BUG=v8:2250
R=vegorov@chromium.org
TEST=tests/mjsunit/regress/regress-2250.js

Review URL: https://chromiumcodereview.appspot.com/10867033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-23 21:08:58 +00:00
rossberg@chromium.org
6d579f430e Test case for conflicting global declarations across multiple scripts. 
R=ulan@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10872037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-23 16:38:15 +00:00
vegorov@chromium.org
106a83252d Fix DoDeferredNumberTagU to keep the value in xmm1 instead of xmm0 on x64. 
xmm0 is not saved across runtime call on x64 because MacroAssembler::EnterExitFrameEpilogue preserves only allocatable XMM registers unlike on ia32 where it preserves all registers.

Cleanup handling of shifts: SHR can deoptimize only when its a shift by 0, all other shift never deoptimize.

Fix type inference for i-to-t change instruction. On X64 this ensures that write-barrier is generated correctly.

R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10868032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12373 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-23 16:14:01 +00:00
erikcorry
c6094f5237 Fix semaphore on MacOS. This is a commit of https://chromiumcodereview.appspot.com/10867009/ for Fedor Indutny 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-23 11:15:06 +00:00
vegorov@chromium.org
f476d4d431 Allow uint32 value on optimized frames if they are consumed by safe operations. 
Safe operations are those that either do not observe unsignedness or have special support for uint32 values:

- all binary bitwise operations: they perform ToInt32 on inputs;
- >> and << shifts: they perform ToInt32 on left hand side and ToUint32 on right hand side;
- >>> shift: it performs ToUint32 on both inputs;
- stores to integer external arrays (not pixel, float or double ones): these stores are "bitwise";
- HChange: special support added for conversions of uint32 values to double and tagged values;
- HSimulate: special support added for deoptimization with uint32 values in registers and stack slots;
- HPhi: phis that have only safe uses and only uint32 operands are uint32 themselves.

BUG=v8:2097
TEST=test/mjsunit/compiler/uint32.js

Review URL: https://chromiumcodereview.appspot.com/10778029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12367 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-22 15:44:17 +00:00
ulan@chromium.org
efc26f9b2b Fix rounding in Uint8ClampedArray setter. 
According to Web IDL spec, we should round to
the nearest integer, choosing the even integer
if it lies halfway between two.

R=yangguo@chromium.org,kbr@chromium.org
BUG=v8:2294

Review URL: https://chromiumcodereview.appspot.com/10831409

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12364 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-22 14:27:11 +00:00
verwaest@chromium.org
5df5eea066 Check that index and length are Smi in bounds check. 
BUG=chromium:142218
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10829456

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-21 16:46:25 +00:00
yangguo@chromium.org
2b2f28cd2a Revert r12346 (Introduce InternalProperty type and expose internal properties for bound functions) 
Original CL: https://chromiumcodereview.appspot.com/10834376

BUG=

Review URL: https://chromiumcodereview.appspot.com/10834428

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-21 09:48:26 +00:00
yangguo@chromium.org
01d8e3d4f5 Revert r12258, r12300 and r12302 (global regexp). 
R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10825472

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-21 09:46:23 +00:00
peter.rybin@gmail.com
cfc4c37768 Introduce InternalProperty type and expose internal properties for bound functions 
Review URL: https://chromiumcodereview.appspot.com/10834376

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-20 21:49:19 +00:00
svenpanne@chromium.org
f7ed521fce Handle native callbacks without getters. 
TEST=cctest/test-api/SetterOnly,cctest/test-api/NoAccessors

Review URL: https://chromiumcodereview.appspot.com/10831388

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-20 14:32:32 +00:00
ulan@chromium.org
bac8e56f8d Fix test failures introduced by r12342. 
Add missing context disposed notifications in test-api.
Move send-idle-notification flag to d8 options so that it is available in d8
when v8 is build as a shared libarary.

R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10834405

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12343 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-20 13:19:52 +00:00
ulan@chromium.org
27fb8c2cf6 Flush monomorphic ICs on context disposal instead of context exit. 
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10836189

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-20 12:09:03 +00:00
yangguo@chromium.org
3a1c290b2c Add input check to %DebugSetScriptSource. 
R=verwaest@chromium.org
BUG=v8:2296

Review URL: https://chromiumcodereview.appspot.com/10837308

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-17 15:21:15 +00:00
rossberg@chromium.org
984d0b0925 Rename Context::global to Context::global_object, 
in preparation for global lexical scope.

R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10832365

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-17 12:59:00 +00:00
svenpanne@chromium.org
b10d5d7f08 Deoptimization support for accessors. 
Highlights of this CL:

 * Introduced a new opcode in the deoptimizer for a setter stub frame.

 * Added a global setter stub for returning after deoptimizing a setter.

 * We do not need special deopt support for getters, although the getter stub creates an internal frame. The normal machinery works just right for this case, although we generate a stack that can never occur during normal fullcode execution. If this hurts us one day, we can parameterize and reuse the setter deopt machinery.

Review URL: https://chromiumcodereview.appspot.com/10855098

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-17 10:43:32 +00:00
rossberg@chromium.org
42552808ab Rename "global context" to "native context", 
in anticipation of the upcoming lexical global scope.

Mostly automatised as:

for FILE in `egrep -ril "global[ _]?context" src test/cctest`
do
  echo $FILE
  sed "s/Global context/Native context/g" <$FILE >$FILE.0
  sed "s/global context/native context/g" <$FILE.0 >$FILE.1
  sed "s/global_context/native_context/g" <$FILE.1 >$FILE.2
  sed "s/GLOBAL_CONTEXT/NATIVE_CONTEXT/g" <$FILE.2 >$FILE.3
  sed "s/GlobalContext/NativeContext/g" <$FILE.3 >$FILE
  rm $FILE.[0-9]
done

R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10832342

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12325 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-17 09:03:08 +00:00
verwaest@chromium.org
61d11f99c4 Show map -> transition array -> descriptor array to the heap profiler. 
BUG=chromium:142625

Review URL: https://chromiumcodereview.appspot.com/10830309

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-16 14:25:55 +00:00
svenpanne@chromium.org
f5f8ebd4ed Fix accessor lookup in crankshaft. 
Seeing monomorphic type feedback plus an AccessorPair does not necessarily imply
that the corresponding getter/setter is really there, so we have to check for
this explictly.

TEST=mjsunit/object-define-property

Review URL: https://chromiumcodereview.appspot.com/10825384

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-16 10:35:39 +00:00
mstarzinger@chromium.org
886c0fa4f7 Extend constructor inlining test case. 
This makes sure that deoptimization really happens in each hydrogen
context by not using binary operations but loads instead. This is
needed because we cannot clear BinaryOpICs explicitly.

R=svenpanne@chromium.org
TEST=mjsunit/compiler/inline-construct

Review URL: https://chromiumcodereview.appspot.com/10825382

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-16 09:13:25 +00:00
erik.corry@gmail.com
ee3a66b273 Fix bug in compare IC. BUG=2291 
Review URL: https://chromiumcodereview.appspot.com/10830334

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-15 15:08:42 +00:00
svenpanne@chromium.org
1ee6c0e30b Improved constructor inlining unit tests. 
Currently we inline functions with different contexts only on ia32, so we have
to move the helper functions for the various contexts to the top level. Further
more, "new Object()" seems to prevent inlining, too, so we us a simple object
literal.

Although things get consistently inlined now, something strange seems to happen
in test/effect contexts: The DEOPT output seems to contain too few frames, and
we don't get any DEOPT ouput after the first time for those contexts. This has
to be investigated...

TBR=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10836258

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-15 09:39:13 +00:00
mstarzinger@chromium.org
15589fe22a Fix improved LoadICs for dictionaries with callbacks. 
This fixes the positive lookup performed by these LoadICs, to use the
holder instead of the receiver to perfrom the lookup on. It also extends
this improvement to KeyedLoadICs. And it fixes a bug introduced for the
JavaScript getter case of a LoadIC.

R=erik.corry@gmail.com
BUG=chromium:142088
TEST=cctest/test-api/Regress142088,cctest/test-api/Regress137002b

Review URL: https://chromiumcodereview.appspot.com/10828303

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-14 13:17:47 +00:00
yangguo@chromium.org
28c892938e Ensure capacity when adding parts in String.replace. 
R=ulan@chromium.org
BUG=v8:2289
TEST=regress-2289.js

Review URL: https://chromiumcodereview.appspot.com/10830304

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-14 11:33:12 +00:00
yangguo@chromium.org
d3733ce1e3 Prevent segfault on undefined inline runtime call. 
R=mstarzinger@chromium.org
BUG=v8:2286

Review URL: https://chromiumcodereview.appspot.com/10828282

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-14 10:06:34 +00:00
yangguo@chromium.org
3605fcbe63 Fix indexing bug in regexp, part 2. 
The previous fix initialized the start index incorrectly.

BUG=

Review URL: https://chromiumcodereview.appspot.com/10834291

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12302 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-13 15:53:40 +00:00
mstarzinger@chromium.org
e77f24f44e Remove prototype of global builtins object. 
R=yangguo@chromium.org
BUG=v8:2284
TEST=mjsunit/regress/regress-2284

Review URL: https://chromiumcodereview.appspot.com/10854116

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-13 15:34:49 +00:00
yangguo@chromium.org
960b1af12f Fix wrong indexing in global regexp. 
R=ulan@chromium.org
BUG=142087

Review URL: https://chromiumcodereview.appspot.com/10824278

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-13 15:26:46 +00:00
yangguo@chromium.org
f30099dacf Check for function in %_CallFunction. 
R=mstarzinger@chromium.org
BUG=v8:2285

Review URL: https://chromiumcodereview.appspot.com/10854115

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-13 12:11:26 +00:00
verwaest@chromium.org
d53de0590a Swapped transition array and descriptor array. 
Now a map points to a transition array which contains the descriptor array. The descriptor array is now immutable. The next step is to share the descriptor array with all back-pointed maps as long as there is a single line of extension. Maps that require a descriptor array but don't need transitions will still need a pseudo-empty transition array to contain the descriptor array.

Review URL: https://chromiumcodereview.appspot.com/10816005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-13 08:43:16 +00:00
yangguo@chromium.org
bc9df090c7 Fix array-iteration test case. 
R=verwaest@chromium.org
BUG=v8:2282

Review URL: https://chromiumcodereview.appspot.com/10827295

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12297 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-13 08:32:17 +00:00
yangguo@chromium.org
cd5ee62692 Allow multiple lines of custom flags in javascript tests. 
R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10855099

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-10 12:26:33 +00:00
svenpanne@chromium.org
f9aea9fcef Inline simple setter calls. 
Currently only simple setter calls are handled (i.e. no calls in count
operations or compound assignments), and deoptimization in the setter is not
handled at all. Because of the latter, we temporarily hide this feature behind
the --inline-accessors flag, just like inlining getters.

We now use an enum everywhere we depend on the handling of a return value,
passing around several boolean would be more confusing.

Made VisitReturnStatement and the final parts of TryInline more similar, so
matching them visually is a bit easier now.

Simplified the signature of AddLeaveInlined, the target of the HGoto can simply
be retrieved from the function state.

Review URL: https://chromiumcodereview.appspot.com/10836133

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12286 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-10 09:05:42 +00:00
mstarzinger@chromium.org
bd054d3df0 Temporary skip failure on simulators due to r12270. 
R=ulan@chromium.org
TEST=test262/S13.2.1_A1_T1

Review URL: https://chromiumcodereview.appspot.com/10825243

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-08 09:19:55 +00:00
yangguo@chromium.org
120c82b156 Fix mozilla test expectations. 
R=svenpanne@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10837162

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12274 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-08 08:44:29 +00:00
yangguo@chromium.org
5d35b1851b Fix parseInt's octal parsing behavior (ECMA-262 Annex E 15.1.2.2). 
R=svenpanne@chromium.org
BUG=v8:1645
TEST=test262, parse-int-float.js

Review URL: https://chromiumcodereview.appspot.com/10836151

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-08 07:44:17 +00:00
erik.corry@gmail.com
ac4b44297b Add checks for interceptors to negative lookup code in Crankshaft. 
BUG=140473
Review URL: https://chromiumcodereview.appspot.com/10837141

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12271 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-07 14:48:19 +00:00
mstarzinger@chromium.org
fa2287fa96 Force eager compilation of parenthesized functions. 
This makes the compiler use eager compilation for function literals that
are parenthesized. We consider this to be a hint that the function will
be called immediatly and hence try to avoid parsing it twice. The parser
already respects this heuristic.

R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10836132

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-07 14:47:36 +00:00
erik.corry@gmail.com
92f30d1df5 Improve load IC so it can call a native accessor even if the holder is 
in dictionary mode.  Add a flag to all maps to indicate whether they are
used for dictionary (normalized) objects or fast mode objects.
Review URL: https://chromiumcodereview.appspot.com/10831153

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-06 14:25:19 +00:00
mstarzinger@chromium.org
182b0bfb87 Factor out SimulateIncrementalMarking in test-heap. 
R=ulan@chromium.org
TEST=cctest/test-heap

Review URL: https://chromiumcodereview.appspot.com/10824178

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-06 11:04:40 +00:00
mstarzinger@chromium.org
81a43b5607 Make incremental marking clear ICs. 
This extends the existing clearing of ICs during GC to incremental
marking in order to prevent cross-context retention that would last
until the next non-incremental GC.

R=erik.corry@gmail.com
TEST=cctest/test-heap/IncrementalMarkingClears[Mono,Poly]morhpicIC

Review URL: https://chromiumcodereview.appspot.com/10831123

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-06 10:35:48 +00:00
yangguo@chromium.org
e0954ca592 Take advantage of batched results when matching global regexp. 
BUG=
TEST=regexp-global.js

Review URL: https://chromiumcodereview.appspot.com/10831126

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-06 09:06:27 +00:00
yangguo@chromium.org
4e82c3fb1a Allow SetHiddenValue to accept empty value. 
R=mstarzinger@chromium.org
BUG=v8:2274

Review URL: https://chromiumcodereview.appspot.com/10825196

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-06 07:55:05 +00:00
svenpanne@chromium.org
83fc4205f6 Fixed compound/count operations with getter-only accessor properties. 
The underlying problem is that for compound/count operations we use the *load*
type feedback for storing, too. For normal properties this doesn't matter, but
for accessor properties we should better use the *store* type feedback, which
would be available, too. This consistent feedback usage could be guaranteed if
we removed the heavy copy-n-paste in the crankshaft code generation for
compound/count operations and assignments/property loads.

To be on the safe side, we postpone this refactoring and do a quick and easily
mergeable fix.

BUG=140083
TEST=mjsunit/regress/regress-crbug-140083.js

Review URL: https://chromiumcodereview.appspot.com/10828146

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-03 09:45:08 +00:00
mstarzinger@chromium.org
680c4a7a13 Make test-heap resilient against --stress-compaction. 
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10843052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-02 14:20:38 +00:00
ulan@chromium.org
c6d4094e44 Android: increase default test timeout and skip time sensitive mjsunit/regress/regress-1969. 
R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10836049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-01 13:06:08 +00:00
erik.corry@gmail.com
5c6db6d081 Fix the 137002 fix (Don't generate ICs for accessors on slow 
case objects).  We should be testing the holder for dictionary
mode, not the receiver.
Review URL: https://chromiumcodereview.appspot.com/10827113

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12247 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-01 12:35:33 +00:00
mstarzinger@chromium.org
7dd2e9777c Make incremental marking clear type feedback cells. 
This extends the existing clearing of type feedback cells during GC to
incremental marking in order to prevent cross-context retention that
would last until the next non-incremental GC.

R=erik.corry@gmail.com
TEST=cctest/test-heap/IncrementalMarkingClearsTypeFeedbackCells

Review URL: https://chromiumcodereview.appspot.com/10823082

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-01 11:24:14 +00:00
mstarzinger@chromium.org
3bb994c4e4 Make test-serialize resilient against --gc-interval. 
R=erik.corry@gmail.com
TEST=cctest/test-serialize (--gc-interval=100)

Review URL: https://chromiumcodereview.appspot.com/10829097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-08-01 09:43:05 +00:00
erik.corry@gmail.com
1d0f872ef9 Fix full code generator to not use --debug-code if it is in 
mksnapshot or a VM that is booted from a snapshot.  --debug-code
can still have an effect on stub and optimized code and it still
works on the full code generator when running without snapshots.

The deoptimizer generates full-code-generator code and relies on it having
the same layout as last time.  This means that the code the full code
generator makes for the snapshot should be the same as the code it makes
later.  This change makes the full code generator create more consistent
code between mksnapshot time and run time.

This is a bug fix and a step towards making the snapshot code more robust.
Review URL: https://chromiumcodereview.appspot.com/10834085

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12239 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-31 14:59:32 +00:00
erik.corry@gmail.com
b3e2440580 Speed up quicksort test to avoid timeouts on simulators. 
Review URL: https://chromiumcodereview.appspot.com/10830093

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12237 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-31 13:36:24 +00:00
yangguo@chromium.org
1094c8f17c Fix regression test on x64. 
R=verwaest@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10827084

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-30 13:48:52 +00:00
yangguo@chromium.org
514fc74a47 Limit initial size of hidden properties and store identity hashes inline. 
BUG=v8:2211
TEST=test-heap/Regress2211

Review URL: https://chromiumcodereview.appspot.com/10827040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-30 13:09:09 +00:00
mstarzinger@chromium.org
249f29f22b Make AlwaysAllocateScope imply DisallowAllocationFailure. 
R=erik.corry@gmail.com
TEST=cctest/test-api,cctest/test-heap (--gc-interval=100)

Review URL: https://chromiumcodereview.appspot.com/10824082

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-30 13:07:29 +00:00
yangguo@chromium.org
cfc5cf0b76 Fix build errors. 
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10832061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12217 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-30 08:54:51 +00:00
yangguo@chromium.org
0acc9e13af Make sure double to int conversion is correct. 
R=svenpanne@chromium.org
BUG=v8:2260
TEST=test-utils/Utils1

Review URL: https://chromiumcodereview.appspot.com/10820047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12216 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-30 08:34:26 +00:00
yangguo@chromium.org
b58cfd485e Avoid GC when printing shared function info. 
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10828048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12210 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-27 09:54:56 +00:00
jkummerow@chromium.org
80c35c6522 Always set the callee's context when calling a function from optimized code. 
This is necessary even for recursive calls because we're sharing optimized code among closures, which could call each other and have distinct contexts.

BUG=138887
TEST=mjsunit/regress/regress-crbug-138887

Review URL: https://chromiumcodereview.appspot.com/10834031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12201 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-26 12:49:08 +00:00
yangguo@chromium.org
59f212e7eb Relax requirement from VFP3 to VFP2 where possible. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10818026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-25 15:26:16 +00:00
mstarzinger@chromium.org
806fb8be96 Fix bootstrapping without snapshot and low GC interval. 
R=yangguo@chromium.org
BUG=v8:2249
TEST=mjsunit/regress/regress-2249 (snapshot=off)

Review URL: https://chromiumcodereview.appspot.com/10818005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-23 16:18:25 +00:00
yangguo@chromium.org
6b489d9753 Improve String::WriteAscii and add PRESERVE_ASCII_NULL option. 
The PRESERVE_ASCII_NULL option prevents WriteAscii from converting
\0 to white space.

R=verwaest@chromium.org
BUG=v8:2252
TEST=test-api/StringWrite

Review URL: https://chromiumcodereview.appspot.com/10810056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-23 14:22:46 +00:00
danno@chromium.org
3667f92cbb Add dependency to HLoadKeyed* instructions to prevent invalid hoisting 
BUG=chromium:137768
TEST=test/mjsunit/regress/regress-137768.js

Review URL: https://chromiumcodereview.appspot.com/10802038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-07-23 13:59:24 +00:00