hpayer@chromium.org
3dd05f8fc7
Limit old space size in test which require a large new space.
...
BUG=
Review URL: https://codereview.chromium.org/265673003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21103 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 18:57:25 +00:00
mvstanton@chromium.org
5e2ee2bac2
A new test needs to exit early on non-internationalization builds.
...
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/265513003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 09:04:17 +00:00
mstarzinger@chromium.org
129c58c47d
Fix some more missing ToObject on Array.prototype.
...
R=mvstanton@chromium.org
BUG=
Review URL: https://codereview.chromium.org/254103002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 08:52:00 +00:00
mvstanton@chromium.org
0c3e70a3b6
Bugfix: internationalization routines fail on monkeypatching.
...
Calls to Object.defineProperty() and Object.apply() are not safe.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/253903003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 07:36:12 +00:00
yangguo@chromium.org
1a9649ae13
Error stack getter should not overwrite itself with a data property.
...
R=ulan@chromium.org
BUG=v8:3294
LOG=Y
Review URL: https://codereview.chromium.org/258933007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 12:14:36 +00:00
jarin@chromium.org
ff884e06ae
Fix materialization of accessor frames with captured receivers
...
I have fixed skipping of the receiver object to materialize captured
objects. This is done with a new DoTranslateSkip method.
We should consider unifying DoTranslateSkip, DoTranslateObject and
DoTranslateCommand as they do the almost the same thing - they only
differ in where they store the result.
The change also turns bunch of ASSERTs into CHECKs.
R=mstarzinger@chromium.org
BUG=359441
TEST=test/mjsunit/regress/regress-359441.js
LOG=N
Review URL: https://codereview.chromium.org/225283006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 12:58:15 +00:00
jarin@chromium.org
d557425a0c
Preserve Smi representation of non-escaping fields.
...
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/251493004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 11:29:02 +00:00
verwaest@chromium.org
d2179f2062
Don't adopt the AST id from previous if id is none, since previous may have mismatching expected stack height.
...
Additionally, harden merging of simulates after instructions with side effects and ensure there's a simulate before HEnterInlined.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/252583004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 09:52:11 +00:00
hpayer@chromium.org
20107bf2d8
Remove lazy sweeping.
...
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/254603002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 09:50:42 +00:00
verwaest@chromium.org
a55821eef2
Mark the simulate before EnterInlined with BailoutId::None(), and set ReturnId on EnterInlined. When merging simulates into the simulate before enter-inlined, adopt the last AST id that gets merged into it.
...
BUG=v8:3282
LOG=n
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/257583004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 15:20:53 +00:00
bmeurer@chromium.org
052f9e9b6d
Make DescriptorArray::IsMoreGeneralThan() and DescriptorArray::Merge() compatible again.
...
BUG=365172
LOG=y
TEST=mjsunit/regress/regress-365172-[1-3]
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/255513005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 08:07:14 +00:00
jarin@chromium.org
8c57b45042
Fix C++ type of Factory::NewFixedDoubleArray.
...
The change fixes the C++ type of Factory::NewFixedDoubleArray to
reflect the empty array case, where we return an empty
FixedArray (rather than FixedDoubleArray).
R=mvstanton@chromium.org
BUG=
Review URL: https://codereview.chromium.org/249593002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 05:29:00 +00:00
wingo@igalia.com
2194f3f858
Move bug 3280 regression test to mjsunit/harmony
...
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/248483004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 15:01:30 +00:00
mstarzinger@chromium.org
66ec299808
Fix ToObject and Object.isSealed in four Array builtins.
...
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-builtinbust-6
Review URL: https://codereview.chromium.org/240223006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 12:48:32 +00:00
jarin@chromium.org
783eb25a8c
Avoid setting transitions in-place for cached maps when observed
...
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/246523004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 09:21:24 +00:00
adamk@chromium.org
71750f7be8
Fix issue with Map/SetIterator and types
...
BUG=v8:3281
LOG=N
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/246993003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-22 18:14:46 +00:00
wingo@igalia.com
a2ac40aca7
Context-allocate all parameters in generators
...
Generator function scopes have forced context allocation. Ensure that
all variables in such scopes get context allocation -- even unused
variables.
This fixes an assertion when reifying generator scopes in the debugger.
R=yangguo@chromium.org
LOG=Y
BUG=v8:3280
Review URL: https://codereview.chromium.org/246733003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-22 11:34:16 +00:00
bmeurer@chromium.org
63a477b29b
Clear invalid field maps in PropertyAccessInfo.
...
BUG=363956
TEST=mjsunit/regress/regress-363956
LOG=y
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/239623005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 09:48:32 +00:00
mstarzinger@chromium.org
e51d6462a7
Fix bogus call to Object.hasOwnProperty in Array builtin.
...
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-builtinbust-5
Review URL: https://codereview.chromium.org/239033002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 12:52:41 +00:00
mstarzinger@chromium.org
39137c81e6
Fix bogus Object.isSealed check in some Array builtins.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/237253002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 08:25:42 +00:00
ulan@chromium.org
8b445aaa5f
Fix result of LCodeGen::DoWrapReceiver for strict functions and builtins.
...
BUG=362128
LOG=Y
TEST=mjsunit/regress/regress-362128
R=jacob.bramley@arm.com
Review URL: https://codereview.chromium.org/226363007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:58:18 +00:00
mstarzinger@chromium.org
b280ad6c44
Try to switch Array builtins into strict mode.
...
R=rossberg@chromium.org
TEST=mjsunit,test262,webkit
Review URL: https://codereview.chromium.org/233083003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:24:40 +00:00
ulan@chromium.org
4268ce0abd
Check stack limit in ArgumentAdaptorTrampoline.
...
BUG=353058
LOG=N
TEST=mjsunit/regress/regress-353058
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/215853005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:39:19 +00:00
ulan@chromium.org
49d951d043
Do not call user defined getter of Error.stackTraceLimit.
...
Handlify GetNormalizedProperty.
BUG=360733
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/233243005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:16:36 +00:00
jarin@chromium.org
166ec11e43
Avoid type assertion on object comparison in Hydrogen - the comparison is unreachable because of previous checks.
...
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/232053004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:45:24 +00:00
jarin@chromium.org
fd988331ea
There is no definition for HArgumentsObject, so LDummyUse confuses the register allocator. I have recently made similar fix for HCapturedObject (see https://codereview.chromium.org/222283002/ ).
...
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/226613007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:29:51 +00:00
svenpanne@chromium.org
5bddec047d
Do not use ranges after range analysis.
...
Due to the SSA vs. SSI difference, we are only allowed to use the
flags computed during range analysis, not the ranges themselves. For
the case at hand, there is no such flag, so the condition is simply
remvoed.
BUG=361608
LOG=y
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/232553004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:40:17 +00:00
jarin@chromium.org
008a70c47b
Revert "Make new space iterable when transitioning double array to objects"
...
This reverts r20603.
BUG=
Review URL: https://codereview.chromium.org/230863003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:39:03 +00:00
jarin@chromium.org
57d70c149c
Avoid hydrogen compare-objects-equal assertions in dead code
...
ClusterFuzz test is triggering assertions for dead code. This fix issues
HDeoptimize instruction when it finds out that the compare instruction
is dead (because of previous checks).
R=yangguo@chromium.org
BUG=359491
LOG=N
Review URL: https://codereview.chromium.org/228883005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:08:28 +00:00
yangguo@chromium.org
4df132a878
Fix argument expectation Runtime_StringParseInt.
...
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/230693002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:33:51 +00:00
jarin@chromium.org
69d5b3c155
Make new space iterable when transitioning double array to objects
...
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/228643002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 09:50:08 +00:00
mstarzinger@chromium.org
e3aec7a587
Fix return value of push() and unshift() on Array.prototype.
...
R=ulan@chromium.org
TEST=mjsunit/regress/regress-builtinbust-3
Review URL: https://codereview.chromium.org/230453002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 09:14:56 +00:00
jarin@chromium.org
05670b63bf
Add stack overflow check for inlined property getter
...
We should check for overflow for each inlined property getter;
otherwise, we can get an overflow from inlining property getter while
still having pending overflow exception from some previous inlined
getter (in the same polymorphic access).
R=verwaest@chromium.org
TEST=test/mjsunit/regress/regress-inline-getter-near-stack-limit.js
Review URL: https://codereview.chromium.org/220813003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 07:35:12 +00:00
bmeurer@chromium.org
48e0d81205
Fix invalid local property lookup for transitions.
...
BUG=361025
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/224903023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 09:36:04 +00:00
jarin@chromium.org
c19764595f
Dead code elimination of inlined arguments objects causes wrong deopt info to be generated - instead of materializing the arguments, we get 'undefined'.
...
Golem says the change is perf-neutral.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/208683006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 08:42:34 +00:00
svenpanne@chromium.org
814be9b1b6
Yet another regression test for range analysis.
...
BUG=v8:3204
LOG=y
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/224723016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 08:04:25 +00:00
mvstanton@chromium.org
eaacd968f1
Fix for v8:3255 Grow KeyedStoreIC doesn't respect String value wrappers
...
BUG=v8:3255
LOG=N
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/226053002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 07:52:24 +00:00
hpayer@chromium.org
5230d8d330
Make sure value is a heap number when reusing the double box in BinaryOpICStub.
...
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/216823005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-04 08:46:49 +00:00
mstarzinger@chromium.org
775d9b022f
Use premordial Object.isSealed/isFrozen in builtins.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/223473002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 12:23:35 +00:00
jarin@chromium.org
fe37026116
When freezing global object, go through the property cell
...
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/223613002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20469 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 10:43:56 +00:00
jarin@chromium.org
42d2d3cb9d
Do not generate LDummyUse instruction for HCapturedObject
...
LDummyUse confuses the register allocator (since there is no definition
for the use).
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/222283002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 07:35:13 +00:00
jarin@chromium.org
0b53ed2d2b
Check in Lithium that allocation size in Smi range.
...
This is to avoid triggering an assertion from Smi::FromInt. The
generated code is unreachable, so it is not a real bug.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/221743005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 07:04:46 +00:00
jkummerow@chromium.org
511edabed2
Fix HGraphBuilder::BuildAddStringLengths
...
length == String::kMaxLength is fine and should not bail out.
BUG=chromium:357052
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/222113002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-02 12:24:42 +00:00
dslomov@chromium.org
19c354b7b0
Support typed arrays in IsMoreGeneralElementsKindTransition.
...
R=verwaest@chromium.org
BUG=357054
LOG=Y
Review URL: https://codereview.chromium.org/220403004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20410 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 16:41:35 +00:00
yangguo@chromium.org
64901004be
Smi immediates are not supported on x64. Do not use it.
...
R=jkummerow@chromium.org
BUG=358059
LOG=N
Review URL: https://codereview.chromium.org/217083003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 15:32:06 +00:00
mvstanton@chromium.org
d93c906acc
Monomorphic prototype failures should be reserved for already-seen keys.
...
We incorrectly mark a KeyedStoreIC miss as a monomorphic prototype
failure even though it's the first time a particular (string) key has
been seen.
BUG=358088
R=verwaest@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/219313002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 14:16:54 +00:00
yangguo@chromium.org
10abff3498
Remove internalized cons string types.
...
Currently, internalizing a cons string could result in either an
in-place converted internalized cons string or a newly created
internalized sequential string, depending on allocation success.
The former could end up being embedded into an IC, which is not
supported.
R=mstarzinger@chromium.org
BUG=357103
LOG=N
Review URL: https://codereview.chromium.org/218993011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 11:30:31 +00:00
jarin@chromium.org
5607582f3b
We should perform the illegal redeclaration check earlier so that we do not confuse the AST typer with missing type feedback nodes.
...
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/218493007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 16:45:46 +00:00
rossberg@chromium.org
282a7ca14e
Fix Type::Intersect to skip uninhabited bitsets
...
R=verwaest@chromium.org , bmeurer@chromium.org
BUG=chromium:357330
LOG=Y
Review URL: https://codereview.chromium.org/219333003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 15:53:21 +00:00
dslomov@chromium.org
b3148d921e
Fix PrepareKeyedOperand on arm.
...
When additional_offset is specified, the 'key' operand can be negative
and still pass the bounds check. Therefore, when converting key from
Smi, arithmetic and not logical shift must be used.
R=verwaest@chromium.org
BUG=358057
LOG=Y
Review URL: https://codereview.chromium.org/219473002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 15:14:28 +00:00