Commit Graph

1013 Commits

Author SHA1 Message Date
hpayer@chromium.org
3dd05f8fc7 Limit old space size in test which require a large new space.
BUG=

Review URL: https://codereview.chromium.org/265673003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21103 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 18:57:25 +00:00
mvstanton@chromium.org
5e2ee2bac2 A new test needs to exit early on non-internationalization builds.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/265513003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 09:04:17 +00:00
mstarzinger@chromium.org
129c58c47d Fix some more missing ToObject on Array.prototype.
R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/254103002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 08:52:00 +00:00
mvstanton@chromium.org
0c3e70a3b6 Bugfix: internationalization routines fail on monkeypatching.
Calls to Object.defineProperty() and Object.apply() are not safe.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/253903003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 07:36:12 +00:00
yangguo@chromium.org
1a9649ae13 Error stack getter should not overwrite itself with a data property.
R=ulan@chromium.org
BUG=v8:3294
LOG=Y

Review URL: https://codereview.chromium.org/258933007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 12:14:36 +00:00
jarin@chromium.org
ff884e06ae Fix materialization of accessor frames with captured receivers
I have fixed skipping of the receiver object to materialize captured
objects. This is done with a new DoTranslateSkip method.

We should consider unifying DoTranslateSkip, DoTranslateObject and
DoTranslateCommand as they do the almost the same thing - they only
differ in where they store the result.

The change also turns bunch of ASSERTs into CHECKs.

R=mstarzinger@chromium.org
BUG=359441
TEST=test/mjsunit/regress/regress-359441.js
LOG=N

Review URL: https://codereview.chromium.org/225283006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 12:58:15 +00:00
jarin@chromium.org
d557425a0c Preserve Smi representation of non-escaping fields.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/251493004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 11:29:02 +00:00
verwaest@chromium.org
d2179f2062 Don't adopt the AST id from previous if id is none, since previous may have mismatching expected stack height.
Additionally, harden merging of simulates after instructions with side effects and ensure there's a simulate before HEnterInlined.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/252583004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 09:52:11 +00:00
hpayer@chromium.org
20107bf2d8 Remove lazy sweeping.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/254603002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 09:50:42 +00:00
verwaest@chromium.org
a55821eef2 Mark the simulate before EnterInlined with BailoutId::None(), and set ReturnId on EnterInlined. When merging simulates into the simulate before enter-inlined, adopt the last AST id that gets merged into it.
BUG=v8:3282
LOG=n
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/257583004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 15:20:53 +00:00
bmeurer@chromium.org
052f9e9b6d Make DescriptorArray::IsMoreGeneralThan() and DescriptorArray::Merge() compatible again.
BUG=365172
LOG=y
TEST=mjsunit/regress/regress-365172-[1-3]
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/255513005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 08:07:14 +00:00
jarin@chromium.org
8c57b45042 Fix C++ type of Factory::NewFixedDoubleArray.
The change fixes the C++ type of Factory::NewFixedDoubleArray to
reflect the empty array case, where we return an empty
FixedArray (rather than FixedDoubleArray).

R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/249593002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 05:29:00 +00:00
wingo@igalia.com
2194f3f858 Move bug 3280 regression test to mjsunit/harmony
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/248483004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 15:01:30 +00:00
mstarzinger@chromium.org
66ec299808 Fix ToObject and Object.isSealed in four Array builtins.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-builtinbust-6

Review URL: https://codereview.chromium.org/240223006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 12:48:32 +00:00
jarin@chromium.org
783eb25a8c Avoid setting transitions in-place for cached maps when observed
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/246523004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 09:21:24 +00:00
adamk@chromium.org
71750f7be8 Fix issue with Map/SetIterator and types
BUG=v8:3281
LOG=N
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/246993003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-22 18:14:46 +00:00
wingo@igalia.com
a2ac40aca7 Context-allocate all parameters in generators
Generator function scopes have forced context allocation.  Ensure that
all variables in such scopes get context allocation -- even unused
variables.

This fixes an assertion when reifying generator scopes in the debugger.

R=yangguo@chromium.org
LOG=Y
BUG=v8:3280

Review URL: https://codereview.chromium.org/246733003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-22 11:34:16 +00:00
bmeurer@chromium.org
63a477b29b Clear invalid field maps in PropertyAccessInfo.
BUG=363956
TEST=mjsunit/regress/regress-363956
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/239623005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 09:48:32 +00:00
mstarzinger@chromium.org
e51d6462a7 Fix bogus call to Object.hasOwnProperty in Array builtin.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-builtinbust-5

Review URL: https://codereview.chromium.org/239033002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 12:52:41 +00:00
mstarzinger@chromium.org
39137c81e6 Fix bogus Object.isSealed check in some Array builtins.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/237253002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 08:25:42 +00:00
ulan@chromium.org
8b445aaa5f Fix result of LCodeGen::DoWrapReceiver for strict functions and builtins.
BUG=362128
LOG=Y
TEST=mjsunit/regress/regress-362128
R=jacob.bramley@arm.com

Review URL: https://codereview.chromium.org/226363007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:58:18 +00:00
mstarzinger@chromium.org
b280ad6c44 Try to switch Array builtins into strict mode.
R=rossberg@chromium.org
TEST=mjsunit,test262,webkit

Review URL: https://codereview.chromium.org/233083003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:24:40 +00:00
ulan@chromium.org
4268ce0abd Check stack limit in ArgumentAdaptorTrampoline.
BUG=353058
LOG=N
TEST=mjsunit/regress/regress-353058
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/215853005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:39:19 +00:00
ulan@chromium.org
49d951d043 Do not call user defined getter of Error.stackTraceLimit.
Handlify GetNormalizedProperty.

BUG=360733
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/233243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:16:36 +00:00
jarin@chromium.org
166ec11e43 Avoid type assertion on object comparison in Hydrogen - the comparison is unreachable because of previous checks.
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/232053004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:45:24 +00:00
jarin@chromium.org
fd988331ea There is no definition for HArgumentsObject, so LDummyUse confuses the register allocator. I have recently made similar fix for HCapturedObject (see https://codereview.chromium.org/222283002/).
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/226613007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:29:51 +00:00
svenpanne@chromium.org
5bddec047d Do not use ranges after range analysis.
Due to the SSA vs. SSI difference, we are only allowed to use the
flags computed during range analysis, not the ranges themselves. For
the case at hand, there is no such flag, so the condition is simply
remvoed.

BUG=361608
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/232553004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:40:17 +00:00
jarin@chromium.org
008a70c47b Revert "Make new space iterable when transitioning double array to objects"
This reverts r20603.

BUG=

Review URL: https://codereview.chromium.org/230863003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:39:03 +00:00
jarin@chromium.org
57d70c149c Avoid hydrogen compare-objects-equal assertions in dead code
ClusterFuzz test is triggering assertions for dead code. This fix issues
HDeoptimize instruction when it finds out that the compare instruction
is dead (because of previous checks).

R=yangguo@chromium.org
BUG=359491
LOG=N

Review URL: https://codereview.chromium.org/228883005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:08:28 +00:00
yangguo@chromium.org
4df132a878 Fix argument expectation Runtime_StringParseInt.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/230693002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:33:51 +00:00
jarin@chromium.org
69d5b3c155 Make new space iterable when transitioning double array to objects
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/228643002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 09:50:08 +00:00
mstarzinger@chromium.org
e3aec7a587 Fix return value of push() and unshift() on Array.prototype.
R=ulan@chromium.org
TEST=mjsunit/regress/regress-builtinbust-3

Review URL: https://codereview.chromium.org/230453002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 09:14:56 +00:00
jarin@chromium.org
05670b63bf Add stack overflow check for inlined property getter
We should check for overflow for each inlined property getter;
otherwise, we can get an overflow from inlining property getter while
still having pending overflow exception from some previous inlined
getter (in the same polymorphic access).

R=verwaest@chromium.org
TEST=test/mjsunit/regress/regress-inline-getter-near-stack-limit.js

Review URL: https://codereview.chromium.org/220813003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 07:35:12 +00:00
bmeurer@chromium.org
48e0d81205 Fix invalid local property lookup for transitions.
BUG=361025
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/224903023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 09:36:04 +00:00
jarin@chromium.org
c19764595f Dead code elimination of inlined arguments objects causes wrong deopt info to be generated - instead of materializing the arguments, we get 'undefined'.
Golem says the change is perf-neutral.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/208683006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 08:42:34 +00:00
svenpanne@chromium.org
814be9b1b6 Yet another regression test for range analysis.
BUG=v8:3204
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/224723016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 08:04:25 +00:00
mvstanton@chromium.org
eaacd968f1 Fix for v8:3255 Grow KeyedStoreIC doesn't respect String value wrappers
BUG=v8:3255
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/226053002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 07:52:24 +00:00
hpayer@chromium.org
5230d8d330 Make sure value is a heap number when reusing the double box in BinaryOpICStub.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/216823005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-04 08:46:49 +00:00
mstarzinger@chromium.org
775d9b022f Use premordial Object.isSealed/isFrozen in builtins.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/223473002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 12:23:35 +00:00
jarin@chromium.org
fe37026116 When freezing global object, go through the property cell
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/223613002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20469 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 10:43:56 +00:00
jarin@chromium.org
42d2d3cb9d Do not generate LDummyUse instruction for HCapturedObject
LDummyUse confuses the register allocator (since there is no definition
for the use).

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/222283002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 07:35:13 +00:00
jarin@chromium.org
0b53ed2d2b Check in Lithium that allocation size in Smi range.
This is to avoid triggering an assertion from Smi::FromInt. The
generated code is unreachable, so it is not a real bug.

R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/221743005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 07:04:46 +00:00
jkummerow@chromium.org
511edabed2 Fix HGraphBuilder::BuildAddStringLengths
length == String::kMaxLength is fine and should not bail out.

BUG=chromium:357052
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/222113002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-02 12:24:42 +00:00
dslomov@chromium.org
19c354b7b0 Support typed arrays in IsMoreGeneralElementsKindTransition.
R=verwaest@chromium.org
BUG=357054
LOG=Y

Review URL: https://codereview.chromium.org/220403004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20410 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 16:41:35 +00:00
yangguo@chromium.org
64901004be Smi immediates are not supported on x64. Do not use it.
R=jkummerow@chromium.org
BUG=358059
LOG=N

Review URL: https://codereview.chromium.org/217083003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 15:32:06 +00:00
mvstanton@chromium.org
d93c906acc Monomorphic prototype failures should be reserved for already-seen keys.
We incorrectly mark a KeyedStoreIC miss as a monomorphic prototype
failure even though it's the first time a particular (string) key has
been seen.

BUG=358088
R=verwaest@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/219313002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 14:16:54 +00:00
yangguo@chromium.org
10abff3498 Remove internalized cons string types.
Currently, internalizing a cons string could result in either an
in-place converted internalized cons string or a newly created
internalized sequential string, depending on allocation success.

The former could end up being embedded into an IC, which is not
supported.

R=mstarzinger@chromium.org
BUG=357103
LOG=N

Review URL: https://codereview.chromium.org/218993011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 11:30:31 +00:00
jarin@chromium.org
5607582f3b We should perform the illegal redeclaration check earlier so that we do not confuse the AST typer with missing type feedback nodes.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/218493007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 16:45:46 +00:00
rossberg@chromium.org
282a7ca14e Fix Type::Intersect to skip uninhabited bitsets
R=verwaest@chromium.org, bmeurer@chromium.org
BUG=chromium:357330
LOG=Y

Review URL: https://codereview.chromium.org/219333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 15:53:21 +00:00
dslomov@chromium.org
b3148d921e Fix PrepareKeyedOperand on arm.
When additional_offset is specified, the 'key' operand can be negative
and still pass the bounds check. Therefore, when converting key from
Smi, arithmetic and not logical shift must be used.

R=verwaest@chromium.org
BUG=358057
LOG=Y

Review URL: https://codereview.chromium.org/219473002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 15:14:28 +00:00