Commit Graph

78 Commits

Author SHA1 Message Date
verwaest@chromium.org
8bc9d98786 Implement IC support for Constant Function transitions.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16826016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15124 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-13 15:01:25 +00:00
verwaest@chromium.org
16199c63d8 Initialized representations of computed values to None.
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14721009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14982 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-06 14:21:35 +00:00
verwaest@chromium.org
6f5d9f9af2 Move field index into property details, freeing up the value slot of fields.
BUG=
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15941016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-31 19:11:09 +00:00
verwaest@chromium.org
52008429b7 Use mutable heapnumbers to store doubles in fields.
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14850006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14597 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 15:02:08 +00:00
verwaest@chromium.org
0b1a9c9e3d Free up 11 bits in fast-mode PropertyDetails by removing the enumeration-index.
The descriptors are nowadays ordered in order of addition, so that info was
duplicated.

Review URL: https://chromiumcodereview.appspot.com/14622005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 13:09:23 +00:00
verwaest@chromium.org
99e17bb12a Track storage types of instance variables.
Review URL: https://chromiumcodereview.appspot.com/14146005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-04-26 15:30:41 +00:00
verwaest@chromium.org
a8b3215afa Change LookupForWrite to always do a full lookup and check the result.
If we find a property in the prototype-chain that we can overwrite, and
we have a transition, keep the holder in the lookup-result as the actual
holder. We will need it for the consistency-check in GenerateStoreField.

By directly checking the entire chain we avoid having to lazily bail out
to a copy of the miss stub while generating the Field Store IC.

Currently this CL disallows a normal non-receiver holder, given that
that would require a positive lookup + details verification to ensure
the property did not become read-only. This fixes the regressions in the
attached tests.

Review URL: https://chromiumcodereview.appspot.com/12810006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-25 12:55:27 +00:00
rossberg@chromium.org
5c93b18eb2 ES6 symbols: Allow symbols as property names
Since symbols and strings share a common representation, most of this change is about consistently replacing 'String' with 'Name' in all places where property names are expected. In particular, no new logic at all is necessary for maps, property dictionaries, or transitions. :) The only places where an actual case distinction is needed have to do with generated type checks, and with conversions of names to strings (especially in logger and profiler).

Left in some TODOs wrt to the API: interceptors and native getters don't accept symbols as property names yet, because that would require extending the external v8.h.

(Baseline CL: https://codereview.chromium.org/12296026/)

R=verwaest@chromium.org,mstarzinger@chromium.org
BUG=v8:2158

Review URL: https://codereview.chromium.org/12330012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-04 15:00:57 +00:00
verwaest@chromium.org
590a3f8811 Polymorphism support for load IC.
Review URL: https://chromiumcodereview.appspot.com/12340112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-04 14:03:27 +00:00
rossberg@chromium.org
55f93b5532 Renamed "symbols" to "internalized strings" throughout the code base,
in preparation of the introduction of ES6 'symbols' (aka private/unique names).

The SymbolTable became the StringTable. I also made sure to adapt all comments. The only remaining use of the term "symbol" (other than unrelated uses in the parser and such) is now 'NewSymbol' in the API and the 'V8.KeyedLoadGenericSymbol' counter, changing which might break embedders.

The one functional change in this CL is that I removed the former 'empty_string' constant, since it is redundant given the 'empty_symbol' constant that we also had (and both were used inconsistently).

R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12210083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-28 17:03:34 +00:00
svenpanne@chromium.org
c26d100b10 Avoid TLS accesses in Object::Lookup and Object::GetPrototype.
Both methods were among the top causes for TLS accesses.

BUG=v8:2487

Review URL: https://codereview.chromium.org/12319144

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-27 13:22:29 +00:00
mstarzinger@chromium.org
ce1e10f5fc Make __proto__ a foreign callback on Object.prototype.
This moves the __proto__ property to Object.prototype and turns it into
a callback property actually present in the descriptor array as opposed
to a hack in the properties lookup. For now it still is a "magic" data
property using foreign callbacks and not an accessor property visible to
JavaScript.

The second effect of this change is that JSON.parse() no longer treats
the __proto__ property specially, it will be defined as any other data
property. Note that object literals still have their special handling.

R=rossberg@chromium.org
BUG=v8:621,v8:1949,v8:2441
TEST=mjsunit,cctest,test262

Review URL: https://codereview.chromium.org/12212011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-26 10:46:00 +00:00
rossberg@chromium.org
fb5a5e22ec Object.observe: Make array length and other magic data properties work correctly.
Also, disable TestFastElementsLength test for now, since it flakes on buildbots for yet unknown reasons.

R=mstarzinger@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11554019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-13 09:31:44 +00:00
mmassi@chromium.org
ce682a2489 Allow property indexes to refer to slots inside the object header.
BUG=

Review URL: https://chromiumcodereview.appspot.com/11365221

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-11-13 11:07:04 +00:00
rossberg@chromium.org
e059e64c98 Object.observe: include oldValue in change records,
plus more accurate distinction of different change types.

Required handlifying more code.

Also fixed a handlification bug in JSProxy::GetElementAttributeWithHandler.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11362115

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12888 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-11-07 14:14:50 +00:00
verwaest@chromium.org
ebd3241b05 Sharing of descriptor arrays.
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore, but rather do so via an indirect pointer (a JSGlobalPropertyCell).

An ownership bit is added to maps indicating whether it owns its own descriptor array or not.

Maps owning a descriptor array can pass on ownership if a transition from that map is generated; but only if the descriptor array stays exactly the same; or if a descriptor is added.

Maps that don't have ownership get ownership back if their direct child to which ownership was passed is cleared in ClearNonLiveTransitions.

To detect which descriptors in an array are valid, each map knows its own NumberOfOwnDescriptors. Since the descriptors are sorted in order of addition, if we search and find a descriptor with index bigger than this number, it is not valid for the given map.

We currently still build up an enumeration cache (although this may disappear). The enumeration cache is always built for the entire descriptor array, even if not all descriptors are owned by the map. Once a descriptor array has an enumeration cache for a given map; this invariant will always be true, even if the descriptor array was extended. The extended array will inherit the enumeration cache from the smaller descriptor array. If a map with more descriptors needs an enumeration cache, it's EnumLength will still be set to invalid, so it will have to recompute the enumeration cache. This new cache will also be valid for smaller maps since they have their own enumlength; and use this to loop over the cache. If the EnumLength is still invalid, but there is already a cache present that is big enough; we just initialize the EnumLength field for the map.

When we apply ClearNonLiveTransitions and descriptor ownership is passed back to a parent map, the descriptor array is trimmed in-place and resorted. At the same time, the enumeration cache is trimmed in-place.

Only transition arrays contain descriptor arrays. If we transition to a map and pass ownership of the descriptor array along, the child map will not store the descriptor array it owns. Rather its parent will keep the pointer. So for every leaf-map, we find the descriptor array by following the back pointer, reading out the transition array, and fetching the descriptor array from the JSGlobalPropertyCell. If a map has a transition array, we fetch it from there. If a map has undefined as its back-pointer and has no transition array; it is considered to have an empty descriptor array.

When we modify properties, we cannot share the descriptor array. To accommodate this, the child map will get its own transition array; even if there are not necessarily any transitions leaving from the child map. This is necessary since it's the only way to store its own descriptor array.

Review URL: https://chromiumcodereview.appspot.com/10909007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 16:43:57 +00:00
verwaest@chromium.org
efb53e1499 Make order of addition the primary order of descriptor arrays.
The order by name is maintained as secondary order by using unused bits in the property details.

This is preliminary work towards sharing descriptors arrays.

The change allows us
- to get rid of the LastAdded bits in the map, binding it to the number of valid descriptors for the given map
- to avoid resorting by enumeration index to create the cache
- (maybe in the future, depending on performance) to get rid of the enumeration cache altogether.

Although generally the number_of_descriptors equals the NumberOfOwnDescriptors in the current version, this is preliminary work towards sharing    descriptors, where maps may have more descriptors than are valid for the map.

Review URL: https://chromiumcodereview.appspot.com/10879013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-08-27 13:47:34 +00:00
verwaest@chromium.org
90c7cb1397 When following an accessor transition for an already existing accessor, don't load the last added descriptor but the same descriptor as we already found previously.
BUG=137689
TEST=test/mjsunit/regress/regress-crbug-137689.js

Review URL: https://chromiumcodereview.appspot.com/10808005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12115 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-07-18 09:20:57 +00:00
verwaest@chromium.org
11e5c9e281 Removed transitions from the accessor pair descriptors.
AccessorPair related transitions are now also stored as single map links, simplifying the code that handles transitions. AccessorPairs can now be shared between descriptor arrays, since they can only be mutated after another transition anyway; during which the pair is copied before writing.

Review URL: https://chromiumcodereview.appspot.com/10784014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12097 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-07-16 14:02:50 +00:00
verwaest@chromium.org
70a618307a Renamed ConvertDescriptorToFieldAndMapTransition to ConvertTransitionToMapTransition, and let it replace the transition in-place rather than copy the transition array.
Review URL: https://chromiumcodereview.appspot.com/10694155

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-07-12 16:36:10 +00:00
verwaest@chromium.org
812bc1db26 Couple the enumeration index of a property to the size of the descriptor array where it first appeared.
Review URL: https://chromiumcodereview.appspot.com/10692185

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-07-12 15:14:54 +00:00
verwaest@chromium.org
b008d99b11 Ensure that all descriptors have a valid enumeration index, and replace NextEnumIndex with LastAdded.
The LastAdded points to the descriptor that was last added to the array. From the descriptor we can deduce the NextEnumerationIndex. This allows us to quickly find the property that we are transitioning to, which is necessary for transition-intensive code, eg JSON parsing.

Review URL: https://chromiumcodereview.appspot.com/10695120

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12042 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-07-11 14:26:42 +00:00
svenpanne@chromium.org
482a0e3196 Added LookupResult::GetValueFromMap.
This is needed later for crankshafted accessors and reduces copy-n-paste a bit.

Review URL: https://chromiumcodereview.appspot.com/10702108

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11996 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-07-06 08:11:10 +00:00
verwaest@chromium.org
d7a5b7d5e2 Separating transitions from descriptors.
In this design maps contain descriptor arrays, which in turn can contain transition arrays. If transitions are needed when no descriptor array is present, a descriptor array without real descriptors is inserted just so it can point at the transition array.

The transition array does not contain details about the field it transitions to. In order to weed out transitions to FIELDs from CONSTANT_FUNCTION (what used to be MAP_TRANSITION vs CONSTANT_TRANSITION), the transition needs to be followed and the details need to be looked up in the target map. CALLBACKS transitions are still easy to recognize since the transition targets are stored as an AccessorPair containing the maps, rather than the maps directly.

Currently AccessorPairs containing a transition and an accessor are shared between the descriptor array and the transition array. This simplifies lookup since we only have to look in one of both arrays. This will change in subsequent revisions, when descriptor arrays will become shared between multiple maps, since transitions cannot be shared.

Review URL: https://chromiumcodereview.appspot.com/10697015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-07-05 13:54:20 +00:00
verwaest@chromium.org
68c944c265 In-place shrinking of descriptor arrays with non-live transitions.
Instead of overwriting non-live transitions with NULL_DESCRIPTORs, we remove them from the array by compacting the array (shifting live values to the left) and in-place trimming the array. If the final descriptor array contains no live values (only contained transitions which are now all cleared), we move bit_field3 back from the descriptor array to the map. The descriptor array itself will be collected in the next GC.

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10575032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-25 13:10:54 +00:00
verwaest@chromium.org
41560e9f5f Separate stub types from property types.
Review URL: https://chromiumcodereview.appspot.com/10656018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-25 11:35:23 +00:00
verwaest@chromium.org
1cff0c498e Cleaning up usage of lookup results.
- Ensure that IsFound() is only used when not in combination with other
  checks. To do so, the default type is NONEXISTENT rather than NORMAL;
  and NotFound() also resets the type to NONEXISTENT.
- Use test methods rather than .type() == A_PROPERTY_TYPE.

Review URL: https://chromiumcodereview.appspot.com/10626004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-21 15:32:52 +00:00
verwaest@chromium.org
2b574ef580 Promoting elements transitions to their own field.
This is a first step towards separating all transitions from the property descriptions. If we link the property descriptions from the transition object, this will in allow the descriptor array (property descriptions) to become immutable.

Review URL: https://chromiumcodereview.appspot.com/10444055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-11 06:59:56 +00:00
svenpanne@chromium.org
999fb73bc6 Tiny DescriptorArray cleanup.
Removed 2 useless functions, nuked a simple helper function with a single caller, and simplified things by changing a signature.

Review URL: https://chromiumcodereview.appspot.com/10066046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11343 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-17 07:16:19 +00:00
svenpanne@chromium.org
7c7baf3255 Refactorings only: More uses of "To" template and comment fixes.
Review URL: https://chromiumcodereview.appspot.com/9594018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10932 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-06 09:19:25 +00:00
svenpanne@chromium.org
5033b9b6d1 Re-land CL 9466047.
Main change from the original CL: Call::ComputeTarget does not use IsProperty
anymore, because this would potentially need a holder, which we don't have
here. Using Map::LookupInDescriptors with a NULL holder is a bit fishy in
general, because one has to be *extremely* careful when using its LookupResult.

The original CL made Chrome's NetInternalsTest.netInternalsTourTabs browser test
fail, but it's a mystery how this could happen: We should never reach
Call::ComputeTarget via Call::RecordTypeFeedback with a CALLBACKS property,
because we never consider calls to them monomorphic, which is in turn because of
the stub cache leaving them in the pre-monomorphic state. Therefore, I don't
have a clue how to write a regression test for this...

As an additional tiny bonus, the --trace-opt output for deoptimizations has been
improved.

Review URL: https://chromiumcodereview.appspot.com/9584003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10906 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-02 14:03:59 +00:00
jkummerow@chromium.org
ea62dca70e Revert "Handle CALLBACKS correctly in IsProperty functions."
This reverts r10847.

Review URL: https://chromiumcodereview.appspot.com/9536010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10868 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-29 13:29:17 +00:00
svenpanne@chromium.org
18ba22168e Handle CALLBACKS correctly in IsProperty functions.
With transitions in AccessorPairs, it is not enough to look at the PropertyType
alone to decide whether we look at a property or not: For objects with
JavaScript accessors, we have to look into the AccessorPair itself and see if
one of its 2 parts is actually a JavaScript accessor. Therefore, a predicate
with a PropertyType argument alone doesn't make sense anymore, we might need the
associated value, too.

Things are complicated by the fact that the holder in a LookupResult can be
NULL, so we must be careful to retrieve its value only when it is really
needed. To achieve the needed call-by-name semantics, a new Entry is introduced,
which is basically a closure over a DescriptorArray and an index into this array
(C++0x to the rescue!). GCC is clever enough to inline this class, so we pay no
runtime penalty for this abstraction.

It's all a bit ugly, but this is caused by the current structure of Descriptor,
DescriptorArray and LookupResult: Things would be much easier if DescriptorArray
were, well, an array of Descriptors, and LookupResult were a 'Maybe Descriptor'
(in Haskell-terms).

Review URL: https://chromiumcodereview.appspot.com/9466047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-28 07:16:50 +00:00
svenpanne@chromium.org
ba6825012c Removed PropertyDetails::IsProperty.
This is just an intermediate step to remove IsRealProperty.

Review URL: https://chromiumcodereview.appspot.com/9325060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10610 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-06 12:11:40 +00:00
svenpanne@chromium.org
b34e202b20 Removed IsTransitionType predicate.
With the upcoming changes to CALLBACKS properties, a predicate on the transition
type alone doesn't make sense anymore: For CALLBACKS one has to look into the
property's value to decide, and there is even the possibility of having a an
accessor function *and* a transition in the same property.

I am not completely happy with some parts of this CL, because they contain
redundant code, but given the various representations we currently have for
property type/value pairs, I can see no easy way around that. Perhaps one can
improve this a bit in a different CL, the current diversity really, really hurts
productivity...

As a bonus, this CL includes a few minor things:

 * CaseClause::RecordTypeFeedback has been cleaned up and it handles the
   NULL_DESCRIPTOR case correctly now. Under some (very unlikely) circumstances,
   we previously missed some opportunities for monomorphic calls. In general, it
   is rather unfortunate that NULL_DESCRIPTOR "shines through", it is just a
   hack for the inability to remove a descriptor entry during GC, something
   callers shouldn't have to be aware of.

 * DescriptorArray::CopyInsert has been cleaned up a bit, preparing it for later
   CALLBACKS-related changes.

 * LookupResult::Print is now more informative for CONSTANT_TRANSITION.

Review URL: https://chromiumcodereview.appspot.com/9320066

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10600 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-03 13:37:13 +00:00
svenpanne@chromium.org
ed4343d982 Removed IsPropertyOrTransition method.
It had only 2 uses: One use could be rewritten in a simpler way, and the other
is actually more readable after inlining and fixing the comments.

Review URL: https://chromiumcodereview.appspot.com/9233006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-20 15:10:35 +00:00
svenpanne@chromium.org
b16e02e823 Made PropertyType handling even more explicit.
Replaced FIRST_PHANTOM_PROPERTY_TYPE by a predicate. Removed the (hopefully)
last default cases for switches on PropertyType. Benchmarks show that both
changes are performace-neutral.

Now every value of PropertyType should either be handled by an explicit case in
a switch or by an equality operator. Therefore, the C++ compiler should finally
be able to tell us which places to touch when changing PropertyType.

Review URL: http://codereview.chromium.org/8506004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9930 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-09 12:47:15 +00:00
svenpanne@chromium.org
36b715b1bd Refactoring only: Make the handling of PropertyType more explicit.
Do not rely on 'default' clauses or 'if's when analysing a PropertyType, because
this makes it hard to find the relevant places when a new type is added. Note
that the detection of "phantom property types" is left untouched, because this
might have a performance impact, especially for the GC (to be investigated).

This is a preliminary step for introducing a new kind of map transition.

Review URL: http://codereview.chromium.org/8491016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 08:42:13 +00:00
kmillikin@chromium.org
56c763f023 Make the GC aware of JSReceiver pointers in LookupResults.
The LookupResult utility class is used in handlified code, but it can
contain a raw pointer to the lookup's holder object.  Create a per-thread
stack of live LookupResults and iterate all the live ones on GC.

R=vegorov@chromium.org,erik.corry@gmail.com
BUG=
TEST=

Review URL: http://codereview.chromium.org/8341009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-18 11:18:55 +00:00
danno@chromium.org
d21902b25e Cache multiple ElementsKind map transition per map.
R=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8017003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9417 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-23 15:09:00 +00:00
rossberg@chromium.org
42f0a73a96 Make proxies work as prototypes.
Fix a couple of other proxy bugs along the way.
Refactor trap invocation in native code.

R=kmillikin@chromium.org
BUG=v8:1543
TEST=

Review URL: http://codereview.chromium.org/7799026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-16 13:38:30 +00:00
danno@chromium.org
ab26d8356c Key external array map transitions on ElementsKind instead of ExternalArrayType
R=jkummrow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7787007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9214 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-09 14:47:37 +00:00
rossberg@chromium.org
ddb782dcb8 Implement Object.getOwnPropertyDescriptor for proxies.
Fix bug in compilation of calls with proxy receivers.

R=kmillikin@chromium.org,ager@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7237050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8630 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-13 11:57:15 +00:00
rossberg@chromium.org
abd77ad439 Rename Proxy class to Foreign, to avoid confusion with Harmony proxies.
Also fix grokdump, which was off by one after intro of JSProxy type.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7959 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-19 11:47:34 +00:00
rossberg@chromium.org
05fd779dd3 Implement get trap for proxies.
TODO: reflective Object methods not handled yet.

BUG=
TEST=

Review URL: http://codereview.chromium.org/7035007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-16 16:33:58 +00:00
svenpanne@chromium.org
5cd715cbc3 A tiny contribution for the IWYU day: Include allocation.h in every
header which uses BASE_EMBEDDED and/or AllStatic. Note that still only
45 out of 135 headers in src/ can be used stand-alone, but at least
this is a little bit more than before...
Review URL: http://codereview.chromium.org/6931031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-06 06:50:20 +00:00
mikhail.naganov@gmail.com
690093effe Mark single-argument inline constructors as 'explicit'.
There is currently a bug in cpplint.py hiding this problem.

R=sgjesse@chromium.org
BUG=1304
TEST=none

Review URL: http://codereview.chromium.org/6820028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7567 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-11 11:38:34 +00:00
danno@chromium.org
88854cd712 Remember and reuse derived map for external arrays
Ensure that all objects that had the same map before attaching an external array have the same map once the external array is attached.

BUG=75639
TEST=fast/canvas/webgl/uninitialized-test.html

Review URL: http://codereview.chromium.org/6685073

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7318 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-23 09:57:12 +00:00
vitalyr@chromium.org
7976ca2cbc Merge isolates to bleeding_edge.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7271 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-18 20:35:07 +00:00
vitalyr@chromium.org
76e226f832 Revert r7268: it borked the history.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-18 19:41:05 +00:00