Commit Graph

2632 Commits

Author SHA1 Message Date
verwaest@chromium.org
93f2ed48d9 Handle all object types (minus smi) in load/store ICs
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/62953007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 16:25:31 +00:00
machenbach@chromium.org
eef8694a7e [Sheriff] Revert "Add support for keyed-call on arrays of fast elements"
This reverts commit r17746 for breaking layout tests.

TBR=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/72753002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 15:00:13 +00:00
verwaest@chromium.org
607a175cbc Add support for keyed-call on arrays of fast elements
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23537067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 13:46:18 +00:00
mvstanton@chromium.org
3cf157b43b Inline zero argument array constructor.
patch from issue 54583003 (dependent code).

Zero arguments - very easy

1 argument - three special cases:
  a) If length is a constant in valid array length range,
     no need to check it at runtime.
  b) respect DoNotInline feedback on the AllocationSite for
     cases that the argument is not a smi or is an integer
     with a length that should create a dictionary.
  c) if kind feedback is non-holey, and length is non-constant,
     we'd have to generate a lot of code to be correct.
     Don't inline this case.

N arguments - one special case:
  a) If a deopt ever occurs because an input argument isn't
     compatible with the elements kind, then set the
     DoNotInline flag.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/55933002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17741 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 12:05:09 +00:00
danno@chromium.org
28ed69b8fb Fix overflow in TypedArray initialization function
BUG=chromium:319120
TEST=test/mjsunit/regress/regress-319120.js
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/61753013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17711 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 06:20:48 +00:00
rossberg@chromium.org
cec8383cff Provide private symbols through internal APIs
Adds a notion of private symbols, mainly intended for internal use, especially, self-hosting of built-in types that would otherwise require new C++ classes.

On the JS side (i.e., in built-ins), private properties can be created and accessed through a set of macros:

  NEW_PRIVATE(print_name)
  HAS_PRIVATE(obj, sym)
  GET_PRIVATE(obj, sym)
  SET_PRIVATE(obj, sym, val)
  DELETE_PRIVATE(obj, sym)

In the V8 API, they are accessible via a new class Private, and respective HasPrivate/Get/Private/SetPrivate/DeletePrivate methods on calss Object.

These APIs are designed and restricted such that their implementation can later be replaced by whatever ES7+ will officially provide.

R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/48923002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-13 10:34:06 +00:00
yangguo@chromium.org
e83fd01ce6 Reland "Implement Math.sin, cos and tan using table lookup and spline interpolation."
This relands r17594 with necessary fixes.

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/70003004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 14:43:18 +00:00
yangguo@chromium.org
df9665032e Introduce %_IsMinusZero.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/63423004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 11:53:13 +00:00
bmeurer@chromium.org
6f75e92902 Add initial hydrogenized NewStringAddStub.
The new stub is enabled via the --new-string-add flag, which is
disabled by default. For now, it's only a stripped down version
of the native StringAddStub, it's still work-in-progress.

BUG=v8:2990
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/61893009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 10:21:08 +00:00
mstarzinger@chromium.org
d5cb83f4aa Fix invalid reuse of weak global handle in GetScriptWrapper.
This fixes a direct usage of a weak global handle in GetScriptWrapper
that just casted it to a strong local handle, while a subsequent GC
might clear it. Handlepocalypse anyone?

R=machenbach@chromium.org
BUG=v8:2988
TEST=mjsunit/regress/regress-2988

Review URL: https://codereview.chromium.org/67273004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-11 16:27:36 +00:00
mstarzinger@chromium.org
c6841f1180 Tame mjsunit/fast-literal after fixing allocations.
Not that allocations go through Heap::AllocateRaw and actually respect
the allocation timeout, the runtime of this test spiked. This adjusts
the limit to sane values now that the values are actually respected.

R=mvstanton@chromium.org
TEST=mjsunit/fast-literal

Review URL: https://codereview.chromium.org/63603009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-11 10:22:46 +00:00
ulan@chromium.org
bc4ad49b25 Do not add values to HGraph in Lithium.
Lithium uses indexes after the maximium value ID in the HGraph as indexes
of virtual registers and assumes that the maximum value ID does not change.

The IsStandardConstant and GetConstantXX functions could add constants to
HGraph, which aliased virtual registers with real values. This could confuse
the register allocator to think that a value in a virtual register is tagged
and to incorrectly set it in the pointer map.

BUG=298269
TEST=mjsunit/regress/regress-298269.js
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/66693002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 14:16:34 +00:00
yangguo@chromium.org
9f104a1a3e Revert "Implement Math.sin, cos and tan using table lookup and spline interpolation."
This reverts commit r17594.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/59153007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 13:44:27 +00:00
yangguo@chromium.org
063b7c4ebb Implement Math.sin, cos and tan using table lookup and spline interpolation.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/50563003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 13:10:39 +00:00
mstarzinger@chromium.org
59536de77d Make HCapturedObjects non-deletable for DCE.
R=jkummerow@chromium.org
BUG=v8:2987
TEST=mjsunit/regress/regress-2987

Review URL: https://codereview.chromium.org/64433002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 16:07:19 +00:00
verwaest@chromium.org
dccc06e132 Disable stress-gc for memento-related test.
R=mvstanton@chromium.org

Review URL: https://chromiumcodereview.appspot.com/64003004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17559 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 12:20:45 +00:00
yangguo@chromium.org
eb550c6da4 Fix y-umlaut to uppercase.
R=dcarney@chromium.org
BUG=v8:2984

Review URL: https://codereview.chromium.org/59853006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 09:08:34 +00:00
mvstanton@chromium.org
cec8548d0e Correct handling of arrays with callbacks in the prototype chain.
Our generic KeyedStoreIC doesn't handle the case when a callback is
set on array elements in the prototype chain of the object, nor do
we recognize that we need to avoid the monomorphic case if these
callbacks exist.

This CL addresses the issue by looking for dictionary elements in
the prototype chain on IC misses and crankshaft element store
instructions. When found, the generic IC is used. The generic IC is
changed to go to the runtime in this case too.

In general, keyed loads are immune from this problem because they
won't return the hole: discovery of the hole goes to the runtime where
the callback will be found in the prototype chain. Double array loads
in crankshaft can return the hole but only if the prototype chain is
unaltered (we will catch such alterations).

Includes the following patch as well (already reviewed by bmeurer):
Performance regression found in test regress-2185-2.js. The problem was
that the bailout method for TransitionAndStoreStub was not performing
the appropriate transition.

(Review URL for the ElementsTransitionAndStoreIC_Miss change:
https://codereview.chromium.org/26911007)

R=danno@chromium.org

Review URL: https://codereview.chromium.org/35413006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17525 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 15:45:43 +00:00
bmeurer@chromium.org
980739a29c Improve implementation of HSeqStringSetChar.
This improves the generated code for HSeqStringSetChar across
all platforms, taking advantage of constant operands whenever
possible. It also drops the unused DefineSameAsFirst constraint
for the register allocator on x64 and ia32, where it caused
unnecessary spills when the string operand was live across the
HSeqStringSetChar instruction.

A new GVN flag StringChars is introduced to express dependencies
between HSeqStringSetChar, HStringCharCodeAt and the upcoming
HSeqStringGetChar (the GVNFlags type is now 64bit in size).

Also improves the test case.

TEST=mjsunit/string-natives
R=mstarzinger@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/57383004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17521 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 13:09:22 +00:00
rafaelw@chromium.org
13f722cae4 [Object.observe] rename intrinsic change record types for consitency.
Note the spec now reflects the updated naming:

http://wiki.ecmascript.org/doku.php?id=harmony:observe_spec_changes

R=rossberg@chromium.org, rossberg
BUG=v8:2940

Review URL: https://codereview.chromium.org/46043020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 12:14:24 +00:00
machenbach@chromium.org
4539c6ba5f [Sheriff] Mark flaky test on windows.
It was marked as flaky on linux nosnap, arm and nacl before. Now it's marked universally flaky since windows joined the list.

BUG=v8:2921
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/54713002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 19:29:58 +00:00
yangguo@chromium.org
371265eec4 Revert "Handlify concat string and substring."
This reverts r17490.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/59973004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 15:36:15 +00:00
yangguo@chromium.org
23d085c691 Handlify concat string and substring.
R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/50073005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 14:07:07 +00:00
yangguo@chromium.org
a5ed9a71c8 Correctly load message from an Error object.
R=mstarzinger@chromium.org
BUG=306220

Review URL: https://codereview.chromium.org/46593010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 13:04:51 +00:00
rafaelw@chromium.org
e78081ca1c Make Object.freeze/seal/preventExtensions observable
Note: spec has been updated here: http://wiki.ecmascript.org/doku.php?id=harmony:observe_spec_changes.

R=rossberg@chromium.org, rossberg
BUG=v8:2975,v8:2941

Review URL: https://codereview.chromium.org/47703003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 12:25:32 +00:00
rafaelw@chromium.org
4a8319c7c6 [Object.observe] Implement implicit notification from performChange
R=arv@chromium.org, rossberg@chromium.org, rossberg
BUG=v8:2942

Review URL: https://codereview.chromium.org/36313002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17476 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 11:23:08 +00:00
jkummerow@chromium.org
2ebfd6e90e Add missing negative dictionary lookup to NonexistentHandlerFrontend
BUG=v8:2980
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/57433003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-04 14:14:09 +00:00
machenbach@chromium.org
3e6044d3f3 [Sheriff] Mark failing test for nacl port.
BUG=v8:2978
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/50333005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-31 11:51:59 +00:00
machenbach@chromium.org
230b47a63b [Sheriff] Mark flaky test.
BUG=v8:2921
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/54423002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-31 11:48:31 +00:00
jkummerow@chromium.org
316271fc35 Fix uint32-to-smi conversion in Lithium
BUG=chromium:309623
R=vegorov@google.com, yangguo@chromium.org

Review URL: https://codereview.chromium.org/54393002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-31 10:18:51 +00:00
yangguo@chromium.org
3f1a833524 Do not remove HAdd with zero if the other operand is a double.
The other operand might be minus zero, and -0 + 0 = +0

R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/52173003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17432 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-30 10:22:52 +00:00
jkummerow@chromium.org
9e88c23cbf ia32: Fix comparisons of two constant double operands when exactly one of them is in new space.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/46883008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-29 14:34:07 +00:00
svenpanne@chromium.org
acb06df0e9 Tune mjsunit/compiler/expression-trees.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/43703002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17404 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-28 07:24:19 +00:00
svenpanne@chromium.org
ee87c867e9 Tune mjsunit/array-functions-prototype-misc
Again, this brings testing times down quite a bit without losing test
coverage.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/44143003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-28 07:23:27 +00:00
mvstanton@chromium.org
a85c825bb9 The Elements pointer in a JSObject can have a filler map instead of a
valid fixed array, iff a gc occurred while allocating a fixed array as
part of array construction. Heap verification needs protection against
examining the elements object in this case.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/43383004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-25 12:26:47 +00:00
yangguo@chromium.org
7dd2d6c590 Reland "Make Array.prototype.pop throw if the last element is not configurable."
This relands r17346.

R=machenbach@chromium.org
BUG=311164

Review URL: https://codereview.chromium.org/43923002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-25 11:55:56 +00:00
svenpanne@chromium.org
2e2579da1b Tune mjsunit/regexp-global.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/42993004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-25 08:57:50 +00:00
svenpanne@chromium.org
c2596a257c Temporarily disable mjsunit/regress/regress-2612 to make our tree green again.
TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/40203002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 13:30:40 +00:00
svenpanne@chromium.org
7fb61a78d4 Tune mjsunit/regress/regress-2612.
Lower the bounds to something bearable which would still timeout if we
used a quadratic algorithm.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/39863003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 13:07:16 +00:00
bmeurer@chromium.org
56a46e591b Add performance.now() to the d8 shell.
TEST=mjsunit/d8-performance-now
R=hpayer@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=17366

Committed: https://code.google.com/p/v8/source/detail?r=17368

Review URL: https://codereview.chromium.org/32433010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 12:25:40 +00:00
bmeurer@chromium.org
bef9819190 Revert "Fix shared library build after r17368." and "Add performance.now() to the d8 shell.".
This reverts commit r17372 and r17368 for breaking the shared
library build.

TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/40043002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 12:16:00 +00:00
bmeurer@chromium.org
0a90cab56a Add performance.now() to the d8 shell.
TEST=mjsunit/d8-performance-now
R=hpayer@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=17366

Review URL: https://codereview.chromium.org/32433010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 10:48:18 +00:00
bmeurer@chromium.org
67b4eb9ac1 Revert "Add window.performance.now() to the d8 shell."
This reverts commit r17366 for breaking the mozilla tests.

TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/38753006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17367 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 10:42:02 +00:00
bmeurer@chromium.org
d07231021e Add window.performance.now() to the d8 shell.
TEST=mjsunit/d8-performance-now
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/32433010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 09:27:17 +00:00
svenpanne@chromium.org
f2122438e0 Removed long-running obselete test case.
The test was the 2nd longest-running test case in debug mode, and the
stuff it tests has already been moved long ago to some other place,
which is in turn heavily tested by far simpler and faster things
(%TruncateString etc.).

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/39233003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 08:09:32 +00:00
yangguo@chromium.org
0f564cb1b0 Revert "Make Array.prototype.pop throw if the last element is not configurable."
This reverts commit r17346.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/39593002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 07:48:23 +00:00
yangguo@chromium.org
e25920da19 Make Array.prototype.pop throw if the last element is not configurable.
Popping an element from an array should call [[Delete]] internal method
and pass true as the second argument (ECMA-262/5.1/#sec-15.4.4.6).
When the last element can't be deleted, throw a Type Error.
Not throwing the error would result in endless loop in the following test.

TEST=var a=[];Object.defineProperty(a,0,{});while(a.length)a.pop();

By the way fix another bug, or else i can't post any issues.
"presubmit.py" throw a "missing a correct copyright header" on windows.
Both the slash and the backslash are valid path separator on windows.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/29513004

Patch from Yanagi <admin@web-tinker.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 16:19:24 +00:00
jkummerow@chromium.org
8259439ae8 Fix HObjectAccess for loads from migrating prototypes
BUG=chromium:305309
R=danno@chromium.org

Review URL: https://codereview.chromium.org/35173005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17345 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 15:15:15 +00:00
hpayer@chromium.org
fbaf016b6d Add a soft-deopt in keyed element access when current IC is pre-monomorphic and no type feedback was collected.
BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/32643004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 10:41:21 +00:00
mstarzinger@chromium.org
be3ed75ff3 Fix materialization of captured objects with field tracking.
R=titzer@chromium.org
BUG=chromium:298990
TEST=mjsunit/compiler/escape-analysis-representation

Review URL: https://codereview.chromium.org/35133003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-22 13:48:54 +00:00
svenpanne@chromium.org
d65cc1e21b Temporarily deactive regress-2185-2 until our array handling is in good shape again.
BUG=v8:2950
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/30443005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-22 13:02:04 +00:00
svenpanne@chromium.org
dd74f5aa08 Removed obsolete unit tests.
As discussed offline, these tests don't test what they were supposed to
test anymore and were the longest running ones.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/32433009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-22 11:26:07 +00:00
titzer@chromium.org
a255312491 Handle misaligned loads and stores in load elimination. Do not track misaligned loads and be conservative about invalidating misaligned stores. Add more tests for number conversion to string (NumberToStringStub exhibits misaligned loads)
BUG=v8:2934
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/28383003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-21 13:33:03 +00:00
yangguo@chromium.org
2d6dab1f2e Harmony: implement Math.trunc.
BUG=v8:2938
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/28793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17286 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-21 11:15:11 +00:00
yangguo@chromium.org
575438518c Harmony: implement Math.sign.
R=dslomov@chromium.org
BUG=v8:2938

Review URL: https://codereview.chromium.org/28723002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-21 09:16:31 +00:00
titzer@chromium.org
4d0f2cdd3b Implement global load elimination based on flow engine.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/27148004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-18 14:28:24 +00:00
rafaelw@chromium.org
ce2c9b1db1 Prevent changes to hidden properties from being observable via Object.observe
This addresses the leak that mstarzinger points out (https://codereview.chromium.org/26390003/) and includes the test.

Note that this adds a test that observing changes to the empty-string property remains possible.

BUG=
R=mstarzinger@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/26592012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-17 20:49:45 +00:00
svenpanne@chromium.org
882778bf09 Make it possible to run a test only in the standard variant.
Use this for mjsunit/unicode-case-overoptimization, which is not
related to Crankshaft at all and takes ages.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/27704002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-17 13:09:28 +00:00
mstarzinger@chromium.org
0a2b4ecdcc Add regression test for optimized count operation.
This is a regression test for a bug with handling of count operations
that target a JavaScript accessor on the prototype chain in Crankshaft.

R=jkummerow@chromium.org
BUG=chromium:306851
TEST=mjsunit/regress/regress-crbug-306851

Review URL: https://codereview.chromium.org/27702002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-17 12:48:28 +00:00
mstarzinger@chromium.org
3e0f828b8f Revert "TransitionAndStoreStub bailout needs to transition (and store)."
This reverts commit r17216 breaking fast/js/cross-frame-bad-time.html test.

R=mvstanton@chromium.org
TEST=webkit:fast/js/cross-frame-bad-time.html

Review URL: https://codereview.chromium.org/27516002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-16 14:17:31 +00:00
mvstanton@chromium.org
8f9f192f6e AllocationSites for all literals
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/24250005


Review URL: https://codereview.chromium.org/27366003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-16 08:10:36 +00:00
mvstanton@chromium.org
f4edc076d8 Revert "AllocationSites for all literals"
This reverts commit r17219 due to WebKit failures.

R=mstarzinger@chromium.org
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/26539010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 15:35:23 +00:00
mvstanton@chromium.org
362c0cfbca AllocationSites for all literals
BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/24250005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 14:52:58 +00:00
mvstanton@chromium.org
3769a2d24d TransitionAndStoreStub bailout needs to transition (and store).
Performance regression found in test regress-2185-2.js. The problem was
that the bailout method for TransitionAndStoreStub was not performing
the appropriate transition.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/26911007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17216 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 12:42:03 +00:00
dslomov@chromium.org
5ccd697875 Do not look up ArrayBuffer on global object in typed array constructor.
BUG=v8:2931
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/27238009

Patch from Ben Noordhuis <info@bnoordhuis.nl>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 11:27:12 +00:00
yangguo@chromium.org
71ba8c5fb4 Retire concurrent recompilation delay for non-stress testing.
Instead, we block concurrent recompilation until unblocked. This makes
affected tests more predictable and run shorter.

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/26758003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-14 14:15:22 +00:00
olivf@chromium.org
93d4fbd2ee Truncate booleans to 0/1 in truncating t-to-i.
Thanks to weiliang.lin2@gmail.com for discovering the issue.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/26824002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-11 15:13:12 +00:00
mstarzinger@chromium.org
f878c1c359 Fix pre-parsing of 'use strict' directive after string literals.
R=ulan@chromium.org
TEST=mjsunit/regress/regress-parse-use-strict

Review URL: https://codereview.chromium.org/27025002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-11 14:03:54 +00:00
olivf@chromium.org
4b6d0e33f2 Only set binary operation side effects flags, when observable.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/26712002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 16:49:25 +00:00
mstarzinger@chromium.org
63d8abb6c6 Unify and fix checkers for duplicate object literal properties.
R=ulan@chromium.org
TEST=preparser/duplicate-property,mjsunit/regress/regress-parse-object-literal

Review URL: https://codereview.chromium.org/26375004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 11:58:16 +00:00
mvstanton@chromium.org
59c8d36c00 Revert "Debug: Allow stepping into on a given call frame."
This reverts commit r17095.
There were test failures (flaky).

BUG=chromium:296963
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/26703009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 09:05:28 +00:00
dslomov@chromium.org
380d0ca582 Implement ArrayBuffer.isView.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/25700010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17121 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 08:36:44 +00:00
yurys@chromium.org
ce61a704e3 Debug: Allow stepping into on a given call frame.
BUG=chromium:296963
R=yangguo@chromium.org, yurys

Review URL: https://codereview.chromium.org/25605005

Patch from Andrey Adaikin <aandrey@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-03 07:42:44 +00:00
olivf@chromium.org
24c2336d75 Inline some more compare operations.
BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/25009003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-02 18:15:57 +00:00
bmeurer@chromium.org
81e4550796 Always use timeGetTime() for TimeTicks::Now() on Windows.
This way, we also ensure that timeGetTime() is used for Time::Now(),
and thereby Date.now() even if GetTickCount64() is available.

Also add test coverage for Time::Now(), TimeTicks::Now() and
TimeTicks::HighResNow().

BUG=chromium:288924
TEST=cctest/test-timer
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/25468003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17080 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-02 13:30:31 +00:00
verwaest@chromium.org
7e0ea6ab46 Only fold polymorphic into monomorphic load if all load from either receiver or same prototype.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/25718002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-02 13:24:08 +00:00
mvstanton@chromium.org
81557f21fc Use a walking visitor to traverse JSObject structure. The purpose is to prepare for more complex context-dependent walks of the structure, needed for allocation site and pretenuring work. Different visitors can be created that annotate the object in various ways.
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/25025002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-30 11:36:50 +00:00
hpayer@chromium.org
8f60f65bdf Disable gc stress mode for mjsunit timer test.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/24979002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-27 11:04:16 +00:00
mstarzinger@chromium.org
9c3ffc4f58 Fix replaying of HCapturedObject for nested objects.
R=titzer@chromium.org
TEST=mjsunit/compiler/property-refs,mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/24561002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-26 15:28:46 +00:00
machenbach@chromium.org
7c0c861e7a Fix comment in test case.
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/24643002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-25 18:53:33 +00:00
machenbach@chromium.org
9fd455872c Let timer test retry for 20ms to reduce flakiness.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/24484003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-25 16:47:56 +00:00
verwaest@chromium.org
3ee82ddc3f Special handle for mul/div minus one when kAllUsesTruncatingToInt32
BUG=
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/24521002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16943 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-25 15:10:48 +00:00
hpayer@chromium.org
77000f2d59 Disable timer mjsunit test on Windows.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/24485004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-25 12:46:45 +00:00
hpayer@chromium.org
f59bcf2f3b Revert OS::TimeCurrentMillis on Windows introduced in r16413.
BUG=chromium:288924
R=danno@chromium.org, jkummerow@chromium.org

Review URL: https://codereview.chromium.org/24529002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-25 09:50:48 +00:00
olivf@chromium.org
d268078ce0 Fix flaky parallel recompilation test.
On very rare circumstances parallel recompilation would install
the optimized method earlier than expected and the test would fail.

BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/24495005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-25 08:23:14 +00:00
jkummerow@chromium.org
e7130a1e2b Migrate to new test status file syntax
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/23498058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-24 12:08:33 +00:00
mstarzinger@chromium.org
e48a09896d Disable GC stress for mjsunit/opt-elements.kind test.
R=mvstanton@chromium.org
TEST=mjsunit/opt-elements-kind (in GC stress mode)

Review URL: https://codereview.chromium.org/23889043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16916 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-24 11:35:57 +00:00
rodolph.perfetta@gmail.com
6d8f4d52bf ARM: Tweak Math.exp.
Avoid corrupting the input and small assembly tuning.

BUG=none
TEST=test/mjsunit/lithium/MathExp.js
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/24278004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-24 10:40:03 +00:00
olivf@chromium.org
42ce84134f Revert "Allow control intructions to have side effects."
Breaks arm build.

BUG=
TBR=titzer@chromium.org

Review URL: https://codereview.chromium.org/24255015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-23 18:57:32 +00:00
olivf@chromium.org
3e13af46e4 Allow control intructions to have side effects.
As a first application convert HCompareGeneric to a control Instruction, thus avoid materializing a boolean result value.

BUG=
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/23710070

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-23 16:56:34 +00:00
prybin@chromium.org
f536eb164f LiveEdit to mark more closure functions for re-instantiation when scope layout changes
BUG=v8:2872
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23783007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16868 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-20 13:15:31 +00:00
olivf@chromium.org
6fc2875d51 Fix Environment size mismatch in r6849.
TBR=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23983043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-20 08:34:23 +00:00
mvstanton@chromium.org
16f73f525b Turn off GcStress for another mjsunit test that asserts heavily on array
ElementsKind.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/23983041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-20 07:26:11 +00:00
mvstanton@chromium.org
53194b44ba Allocation site tests aren't compatible with GcStress mode.
They make assumptions about elementskind of arrays based on allocation site
feedback. This feedback is highly dependent on mementos, unrooted objects
placed behind arrays in the heap meant to live until the next scavenge.

GcStress does many more gcs than normal, and wrecks havoc with this kind
of test.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/23449042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-19 13:32:00 +00:00
jochen@chromium.org
98477e3880 Collect garbage before running mjsunit/fast-prototype
When not using a snapshot, after turning on i18n, there's just enough
garbage after creating a context to trigger gc at the wrong moment.
Since the test uses natives syntax to access information that would
otherwise be hidden from javascript, this makes the test fail

BUG=none
R=mstarzinger@chromium.org
TEST=mjsunit/fast-prototype passes on ia32.release with no snapshot

Review URL: https://codereview.chromium.org/23452047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-19 13:11:57 +00:00
mvstanton@chromium.org
59c32b6481 Transitions from DOUBLE to FAST were not checking for allocation site info.
This creates a confusing result. It's better to let allocation sites
transition to their end state than artificially stop tracking at the
double/fast boundary.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22868004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-19 09:48:50 +00:00
titzer@chromium.org
957a6da2a2 Dynamically align OSR frames on ia32.
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23619076

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-18 16:05:39 +00:00
prybin@chromium.org
2974f8e3bb Support stepin for combination of apply and bound function
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23513023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-17 17:35:36 +00:00
titzer@chromium.org
05797e77fd Implement local load/store elimination on basic blocks.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/24117004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-17 15:32:21 +00:00
rodolph.perfetta@gmail.com
87d0659e76 ARM: Tweak StoreKeyed.
Avoid corrupting its input in some cases.

BUG=none
TEST=test/mjsunit/lithium/StoreKeyed*.js
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/23600054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16771 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-17 12:37:31 +00:00
svenpanne@chromium.org
8ed9b08e31 In the case of shift amounts with two constants and if their sum is equal 32, then shift can also be replaced with bit rotate.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/24095002

Patch from Bangfu Tao <bangfu.tao@samsung.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-16 13:51:14 +00:00
rodolph.perfetta@gmail.com
39f0ccc2b3 ARM: Tweak the integer division operation.
BUG=none
TEST=test/mjsunit/lithium/DivI.js
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23536045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-16 11:28:18 +00:00
bmeurer@chromium.org
8540129339 ARM: Improve SeqStringSetChar implementation.
TEST=/test/mjsunit/lithium/SeqStringSetChar.js
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23890007

Patch from Rodolph Perfetta <rodolph.perfetta@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-13 09:13:58 +00:00
rossberg@chromium.org
94c4c596e0 Array "splice" changeRecords should be emitted after the performChange has completed (per spec)
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23434008

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-13 08:13:02 +00:00
rossberg@chromium.org
f99298bf5d Allow implicit conversion of acceptList values to string during Object.observe
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23464058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-13 08:09:39 +00:00
yangguo@chromium.org
cb10ceb19d Reland "Clean up after r16292 (disable optimization for StringWrappers)."
BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/23619036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 16:17:58 +00:00
jochen@chromium.org
c5b3ce0671 Snapshot i18n Javascript code
The previous attempt used Boolean instead of $Boolean.

BUG=v8:2745
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23622028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 13:50:38 +00:00
yangguo@chromium.org
151e514930 Simplify installing concurrently recompiled code.
Instead of overwriting the code entry of the function, we trigger
an interrupt to install the code on the main thread.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23542029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 11:30:56 +00:00
yangguo@chromium.org
ad25a2969d Revert "Clean up after r16292 (disable optimization for StringWrappers)."
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23600040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 11:15:12 +00:00
yangguo@chromium.org
996813cca2 Clean up after r16292 (disable optimization for StringWrappers).
R=jochen@chromium.org
BUG=v8:2855

Review URL: https://codereview.chromium.org/22891028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 10:55:57 +00:00
rossberg@chromium.org
efd71c9999 performChange no longer takes a |receiver| argument.
The spec omits the receiver arg with the idea arrow functions with lexical |this| will obviate the need for it.

BUG=
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/23727006

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16644 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 10:52:20 +00:00
titzer@chromium.org
49d9555a97 Generate a custom OSR entrypoint for OSR compiles on all platforms, and transition to optimized code using the special entrypoint, instead of through the deoptimizer. Do not install the OSR compiled code as _the_ optimized code for a function.
Remove OSR-related stuff from deoptimizer.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21340002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-09 16:34:40 +00:00
mstarzinger@chromium.org
ba48f3bd8c Consider out-of-bounds accesses as escaping uses.
R=titzer@chromium.org
TEST=mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/23892007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-09 09:53:58 +00:00
prybin@chromium.org
48cae75df8 Debug: parameterize 'step over' action with a frame where the step must be performed
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23533015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-08 19:05:29 +00:00
jkummerow@chromium.org
daee0d83db Fix bitwise negation on x64
BUG=chromium:285355
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/24037003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-06 15:21:38 +00:00
rodolph.perfetta@gmail.com
82f0649c76 ARM: Improve integer multiplication.
TEST=test/mjsunit/lithium/MulI.js
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23452022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-06 13:12:46 +00:00
yangguo@chromium.org
d9659da6f4 Fix bug in regexp result object construction.
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23548018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-05 14:32:49 +00:00
verwaest@chromium.org
b41a7b9cea Properly close the CountOperation value/effect context after leaving the store effect context.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23897003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-05 12:33:14 +00:00
verwaest@chromium.org
6f358946ac Disable map-check relying on cache behavior sensitive to GC-timing
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23892005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-05 08:36:10 +00:00
yangguo@chromium.org
070e3b0af4 Introduce concurrent on-stack replacement.
Currently disabled behind --concurrent-osr.

R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23710014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-04 12:55:59 +00:00
mstarzinger@chromium.org
fa8a182208 Fix OSR to ignore phis without merge index in loop entry.
This fixes a corner case introduced by escape analysis where phis are
introduced in OSR loop entry blocks that don't have a merge index and
hence cannot contain OSR values.

R=titzer@chromium.org
TEST=mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/23503025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-02 16:51:44 +00:00
verwaest@chromium.org
3f70c3b07b Allow uncacheable identifiers to go generic.
BUG=v8:2867
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23453019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-02 16:32:11 +00:00
prybin@chromium.org
1e44c36cdc In reporting step-in positions be more accurate with a position the debugger paused at
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23264015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-02 12:24:41 +00:00
olivf@chromium.org
78df13d0d5 Move ToI conversions to the MacroAssembler
+ Replace DeferredTaggedToINoSSE2 by DoubleToIStub and a fpu version.

+ Prevent truncating TaggedToI from bailing out.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22290005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-02 09:30:54 +00:00
jkummerow@chromium.org
9efb5cd23b Make VisitStatements() consistent among all AstVisitor implementations
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23441018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16443 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-30 10:51:37 +00:00
jkummerow@chromium.org
2c9ac9c7e1 Always visit branches during HGraph building
even if constant values indicate that they are unreachable.

BUG=chromium:280333
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23623009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-29 14:55:45 +00:00
hpayer@chromium.org
95c7ae8149 Simplified BuildFastLiteral by eliminating manual allocation folding.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23030002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-29 12:06:45 +00:00
jkummerow@chromium.org
3747b5bc6d Delete HAbnormalExit. It does more harm than good.
BUG=v8:2843
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23462007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 15:00:30 +00:00
mstarzinger@chromium.org
57ac971a78 Implement proper map checks of captured objects.
R=verwaest@chromium.org
TEST=mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/23697002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 14:16:57 +00:00
verwaest@chromium.org
652b174cfc Merge verbatim descriptors from other (the descriptor of the map being updated) rather than this (descriptors of the most updated map found in the transition tree).
BUG=v8:2863
R=svenpanne@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23676003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 12:37:14 +00:00
hpayer@chromium.org
4d7375ca98 Clear next map word when folding allocations into js arrays.
BUG=
R=mstarzinger@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/22915007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 08:39:43 +00:00
plind44@gmail.com
b45fa06231 MIPS: Fix return-value from Array.push stub when pushing non-SMI value
Load and update the arrays length in v0 to make sure the length gets
returned correctly when leaving the function.

Add new testcase.

TEST=mjsunit/array-push-non-smi-value

BUG=130022
R=jkummerow@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/23589002

Patch from fs <fs@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 05:23:51 +00:00
verwaest@chromium.org
788811244e Eliminate intentional conversion from Smi to Int32 in HMul
If not all uses of arithmetic binary operation can be truncated to Smi, check if they can be truncated to Int32 which could avoid minus zero check

Fixed DoMulI on X64 to adopt correct operand size when the representation is Smi

Fixed DoMulI on ARM. Constant right operand optimization is based on Integer 32 instead of its representation.

BUG=
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22600005

Patch from Weiliang Lin <weiliang.lin2@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-27 13:55:00 +00:00
jkummerow@chromium.org
da037f9872 H-BuildIncrement should make use of available type feedback
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22611009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-27 11:44:45 +00:00
jkummerow@chromium.org
caba24c813 Revert "Snapshot i18n Javascript code" and "Fix mjsunit/debug-script after r16298".
This reverts r16298 and r16303 due to ChromeOS browser_tests failures ("Uncaught ReferenceError: Boolean is not defined" in --gtest_filter="FileDisplay/FileManagerBrowserTest.Test/0" and others)

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23414008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 17:00:58 +00:00
mstarzinger@chromium.org
e146b6e148 Fix replaying of captured objects during chunk building.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/22819011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16334 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 16:43:19 +00:00
jkummerow@chromium.org
11fd577261 Lower kInitialMaxFastElementArray constant to 95K
to work around erroneous "illegal access" error on x64.

BUG=v8:2790
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/22877039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16324 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 13:04:05 +00:00
mvstanton@chromium.org
c9591f005e Store mode for keyed stores should be passed in from type feedback
regardless of the map used in polymorphic stores.

BUG=
R=jkummerow@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/21058003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 12:28:08 +00:00
dcarney@chromium.org
ad9cc8e716 js accessor creation on Template
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/22903012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 11:59:14 +00:00
jochen@chromium.org
885c88e4d5 Fix mjsunit/debug-script after r16298
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/23102015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16303 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-23 13:45:24 +00:00
jochen@chromium.org
064c91be57 Snapshot i18n Javascript code
BUG=v8:2745
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23304005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-23 13:24:48 +00:00
jochen@chromium.org
de7352db92 Temporarily disable optimization for StringWrappers to use native valueOf
V8 stores this information directly in the map of the wrapper, however,
it is not invalidated when the prototype of the wrapper is changed, so
once the bit is set, it is no longer possible to override valueOf.

This bug is currently hidden in Chrome since the i18n extension always
modifies the String.prototype, and so the optimization never kicks in.
Disabling the optimization temporarily allows for snapshotting i18n now.

BUG=v8:2855
R=yangguo@chromium.org
TEST=mjsunit/regress/regress-2855.js

Review URL: https://codereview.chromium.org/23060030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16292 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-23 11:31:18 +00:00
rossberg@chromium.org
971df386b3 Fix scoping of function declarations in eval inside non-trivial local scope
R=mstarzinger@chromium.org
BUG=v8:2594

Review URL: https://codereview.chromium.org/22901010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16286 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-23 09:25:37 +00:00
yangguo@chromium.org
be48c5ae26 Rename "parallel recompilation" to "concurrent recompilation".
Also introduced macros for flag aliases for temporary backwards compatibility.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23014007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16280 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-22 16:14:37 +00:00
mstarzinger@chromium.org
0ecd03ab4c Fix hidden properties on object with frozen prototype.
This fixes a corner-case where a frozen prototype with existing hidden
properties might prevent setting hidden properties on another object.

R=rossberg@chromium.org
BUG=v8:2829

Review URL: https://codereview.chromium.org/22799021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16276 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-22 13:51:32 +00:00
titzer@chromium.org
6f3169e571 Fix deoptimization bug, where recursive call can frighten and confuse the unwitting, simple, poor caveman that is Runtime_NotifyDeoptimized.
BUG=274164
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23201016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-22 13:03:40 +00:00
verwaest@chromium.org
eb6cbe1486 Never clear debug-stub call ICs. Make a clear distinction between is_debug_stub
used everywhere but the debugger, and IsDebugBreak, used by the debugger.

R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23361014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-22 12:16:00 +00:00
jkummerow@chromium.org
e814a9b96b Fix "Hole" leak in TryBuildConsolidatedElementLoad
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23361007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16262 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-21 15:31:03 +00:00
jkummerow@chromium.org
dea98eee53 Fix a bug in Div when all uses are truncating
Refine the related test cases to cover truncating cases

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/22964004

Patch from Weiliang Lin <weiliang.lin2@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-20 13:57:01 +00:00
olivf@chromium.org
383a167279 Add X87 implementations for Integer32ToDouble, DoubleToI, DoubleToSmi
Additionally refactor the X87Stack tracking

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20781007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16246 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-20 13:01:54 +00:00
verwaest@chromium.org
d81af53131 Store copied value rather than the original double.
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23262002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-16 15:43:42 +00:00
mstarzinger@chromium.org
3e4fbd0e85 Mark HStringCompareAndBranch as potentially causing GCs.
This also adds a %SetAllocationTimout runtime function which helps to
write regression tests that need to trigger a GC at a certain point in
program execution.

R=hpayer@chromium.org
BUG=chromium:274438
TEST=mjsunit/regress/regress-crbug-274438

Review URL: https://codereview.chromium.org/22933006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-16 15:10:07 +00:00
danno@chromium.org
7aa3fedaab Fix Crankshafted CompareNil of constant values
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/23198002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16193 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-14 16:13:58 +00:00
jkummerow@chromium.org
e71a91ca08 Fix Math.round/floor that had bogus Smi representation
BUG=chromium:272564
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23022005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-14 12:14:08 +00:00
verwaest@chromium.org
169f5a9d7b Never hchange nan-hole to hole or hole to nan-hole.
Only allow changing hole to nan if all uses allow undefined as nan.

R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22152003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-14 08:54:27 +00:00
jkummerow@chromium.org
6f800f90ee Fix overflow check computation for Smi Phis
BUG=v8:2836
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22629011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 18:18:24 +00:00
jkummerow@chromium.org
b3b99969b0 Fix overwriting order of object literal properties for MATERIALIZED_LITERALs
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22982005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 17:27:58 +00:00
yangguo@chromium.org
415b61e12e Fix bug in HPhi::SimplifyConstantInput
R=jkummerow@chromium.org
BUG=269679

Review URL: https://codereview.chromium.org/23075003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 16:47:27 +00:00
verwaest@chromium.org
145f240060 Store doubles before calling into the elements transition stub on ARM
BUG=
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22854011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16172 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 15:06:17 +00:00
yangguo@chromium.org
c52b7bba05 Fix regressions triggered by map invalidation during graph creation.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/22807003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16150 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-12 14:10:25 +00:00
yangguo@chromium.org
c0d1ba2ede Do not materialize uninitialized const for debug evaluate.
R=prybin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/22822002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16148 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-12 13:35:46 +00:00
machenbach@chromium.org
cfb7ef44ca Ignore an unsuitable test under deopt fuzz.
That test relies on certain optimization/deoptimization points and is therefore not useful for the deopt fuzzer.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22475011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-12 08:59:42 +00:00
verwaest@chromium.org
ee53b0a5ed Make all load-named-fields depend on their map-check, unless explicitly ignored.
BUG=
R=titzer@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22555004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16139 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 18:40:10 +00:00
verwaest@chromium.org
3715358145 Replace LoadNamedFieldPolymorphic with explicit branches.
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22213002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 14:04:47 +00:00
verwaest@chromium.org
19659646ca Fix smi-based math floor.
BUG=chromium:270268
R=svenpanne@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22623007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16128 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 11:21:03 +00:00
verwaest@chromium.org
e5afd32129 Fix Object.freeze, Object.observe wrt CountOperation and CompoundAssignment.
BUG=2774,2779
R=adamk@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22562004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16111 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 18:45:41 +00:00
jkummerow@chromium.org
371ac893f9 Check for empty handle in JSON stringifier
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/22420004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 16:34:13 +00:00
prybin@chromium.org
29bb553b1d Fix step in positions (include various calls and exclude current pc point), add a test
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/22198002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16100 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 12:27:22 +00:00
mstarzinger@chromium.org
63defee477 First implementation of allocation elimination in Hydrogen.
This change implements a simple data-flow analysis pass over captured
objects to the existing escape analysis. It tracks the state of values
in the Hydrogen graph through CapturedObject marker instructions that
are used to construct an appropriate translation for the deoptimizer to
be able to materialize these objects again.

This can be considered a combination of scalar replacement of loads and
stores on captured objects and sinking of unused allocations.

R=titzer@chromium.org
TEST=mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/21055011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 11:24:14 +00:00
yangguo@chromium.org
ef8d394f12 Re-reland "Flush parallel recompilation queues on context dispose notification"
BUG=
R=hpayer@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22379002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 09:33:09 +00:00
ulan@chromium.org
3511f7a428 Fix Array index dehoisting.
BUG=264203
TEST=test/mjsunit/regress/regress-264203
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22314012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 16:38:39 +00:00
rossberg@chromium.org
5e121882c6 Remove test that causes illegal access now
TBR=mstarzinger@chromium.org
BUG=265369

Review URL: https://codereview.chromium.org/22428002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 14:34:25 +00:00
rossberg@chromium.org
f56ad9cab7 Turn assert into runtime assertion to make fuzzer happy
R=mstarzinger@chromium.org
BUG=265369

Review URL: https://codereview.chromium.org/22284009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 14:19:13 +00:00
rossberg@chromium.org
92bd4d1f2d I found this working on
https://codereview.chromium.org/19541010/

The main problem is that if you called Object.getNotifier(obj) on an object, %SetObserved(object) would never get called on it, and thus it would be unobservable (new test added for this).

Additionally, Runtime::SetObserved was asserting obj->IsJSObject() which would fail if called on a proxy.

It just happens that our existing test always called getNotifier() before Object.observe on proxies, and thus we never previously attempted to transition the map of a proxy.

Both issues are now fixed and properly tested.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/21891008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 13:49:10 +00:00
dslomov@chromium.org
45f4b685bf Update Array Iterator to use numeric indexes
At the last face-to-face meeting it was decided that we should use
numeric indexes for the Array Iterator values.

https://github.com/rwldrn/tc39-notes/blob/master/es6/2013-07/july-24.md#514-keys-entries-return-numbers-for-array-index-properties

BUG=v8:2818
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/21180008

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16072 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 13:10:07 +00:00
jkummerow@chromium.org
232a2c0d88 Regression test for issue 2813 / r16008
BUG=v8:2813
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/21806002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16030 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 12:17:19 +00:00
svenpanne@chromium.org
bf71023ba5 Replaced unary negation by multiplication with -1.
This fixes a deopt loop in the Epic Citadel demo and removes some code. Apart from that, this change is performance-neutral.

When we do something similar for BIT_NOT, the whole UnaryOp stuff can go away.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/21782002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16029 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 11:56:35 +00:00
mstarzinger@chromium.org
c87abd1117 Add new Harmony methods to Array.prototype object.
Array.prototype.find
Array.prototype.findIndex

http://people.mozilla.org/~jorendorff/es6-draft.html

BUG=v8:2776,v8:2777
TEST=mjsunit/harmony/array-find,mjsunit/harmony/array-findindex
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21079003

Patch from Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 10:57:48 +00:00
jkummerow@chromium.org
a47705644e Avoid redundant smi check for Math.abs
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/21180004

Patch from Weiliang Lin <weiliang.lin2@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16021 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 08:59:02 +00:00
hpayer@chromium.org
286fc963b2 Disable test in object observe because of bug 2774.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/21495004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 06:40:50 +00:00
dslomov@chromium.org
f62ffeef31 Calling Map etc without new should throw TypeError
Even though we do not yet allow Map, Set, WeakMap and WeakSet to be
subclassed we need to ensure that we do not allow them to be [[Call]]ed
to allow them to be subclassed in the future.

BUG=v8:2819
R=dslomov@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21400002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-01 09:18:28 +00:00
verwaest@chromium.org
2af164f4d9 Mark maps as unstable if their instances potentially transition away.
Use this as a prerequisite for adding code dependencies.

R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/21095005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 16:33:58 +00:00
mstarzinger@chromium.org
0627d433b0 Add new Harmony methods to String.prototype object.
String.prototype.repeat
String.prototype.startsWith
String.prototype.endsWith
String.prototype.contains

http://people.mozilla.org/~jorendorff/es6-draft.html

BUG=v8:2796,v8:2797,v8:2798,v8:2799
TEST=mjsunit/string-repeat,mjsunit/string-startswith,mjsunit/string-endswith,mjsunit/string-contains
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21014007

Patch from Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 16:33:08 +00:00
titzer@chromium.org
45d4afbde5 Fix many tests that try to force an OSR by checking OptimizationStatus() to instead check OptimizationCount().
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21221003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15951 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 09:28:55 +00:00
machenbach@chromium.org
7696139437 Run some skipped tests again after resolved issue.
BUG=2795
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/21220002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 08:52:26 +00:00
mstarzinger@chromium.org
3202e1d795 Re-revert "Flush parallel recompilation queues on context dispose notification" (r15883).
R=danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/21156009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 08:35:48 +00:00
titzer@chromium.org
37ee4a0369 Fix IsDeletable() for HStringAdd, HStringCharCodeAt, HStringCharFromCode.
BUG=
R=mstarzinger@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/20241005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 12:35:43 +00:00
mvstanton@chromium.org
43e35a87e2 Fix: Need to remove function type feedback between stress stages in
release build

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20987005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 12:22:34 +00:00
mvstanton@chromium.org
e9cc78af7e Fix for V8 issue 2795: Check fails with deopt for mjsunit/array-store-and-grow
(https://code.google.com/p/v8/issues/detail?id=2795)

The reason is when allocating and building arrays in hydrogen we need to ensure
we do any int32-to-smi conversions BEFORE the allocation. These conversions can
at least theoretically deoptimize. If this happens before all the fields of the
newly allocated object are filled in, we will have a corrupted heap.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20726002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 11:50:39 +00:00
bmeurer@chromium.org
709012021a The compiled_transitions flag was enabled for quite some time now and seems to work out quite well, so time has come to remove the obsolete code paths and remove the unused methods.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/18034024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 09:12:16 +00:00
jkummerow@chromium.org
3619dcf868 Add regression test for recently fixed bug
BUG=chromium:258519
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/20732002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15912 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 14:58:30 +00:00
machenbach@chromium.org
53c95353c9 Disable mjsunit test when parallel recompilation is not available.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/20573003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 12:34:46 +00:00
verwaest@chromium.org
565699669e Fix Smi-based MathMinMax on x64, and reenable smi mode.
BUG=
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/20706002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 12:06:22 +00:00
yangguo@chromium.org
372763897d Lazy call to custom stack trace formatting using Error.prepareStackTrace.
This enables custom stack trace formatting for stack overflow.
A consequence is that stack trace formatting is now easily observable,
but we already established that the default stack trace formatting can
be observed anyways. It is only triggered by the .stack getter, and
it has to be explicitly called, (e.g. not implicitly after GC).

R=mstarzinger@chromium.org
BUG=v8:2559

Review URL: https://codereview.chromium.org/20692002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 11:28:08 +00:00
jkummerow@chromium.org
32e2e37230 Fix JSArray-specific length lookup in polymorphic array handling
BUG=chromium:263276
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/20295005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-25 15:04:21 +00:00
yangguo@chromium.org
14e205e9cf Reland "Flush parallel recompilation queues on context dispose notification."
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/19500022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-25 15:01:23 +00:00
dslomov@chromium.org
a418b36b75 Make DataView setters throw when only offset is provided.
Also fix typo in error message id.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/20030004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15865 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-24 17:35:15 +00:00
yangguo@chromium.org
eaedafad4b Restore test and behavior prior to deferred stack trace formatting.
R=mstarzinger@chromium.org
TEST=stack-traces-overflow.js

Review URL: https://codereview.chromium.org/19805003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-24 12:16:02 +00:00
machenbach@chromium.org
a0734ba3af Add deopt fuzzer tool.
Can be run as a stand-alone script like run-tests.

Executes first all tests of a given test suite to collect the maximum number of possible deopt points. Runs then a fuzzing phase with artificial deoptimizations triggered during testing.

Works for now with mjsunit and ia32 only.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/19931005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-24 12:04:29 +00:00
hpayer@chromium.org
6c83b7d6c1 Support double allocations when folding allocation.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/19956002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-23 19:27:00 +00:00
verwaest@chromium.org
7e08f81e6d Also eliminate map checks with transitions.
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19888006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15821 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-23 10:01:06 +00:00
verwaest@chromium.org
babce318d1 Eliminate map checks of constant values.
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19954005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15819 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-23 09:18:42 +00:00
mstarzinger@chromium.org
232c55854f Add test case for issue 2793 about experimental natives.
R=yangguo@chromium.org
BUG=v8:2793

Review URL: https://codereview.chromium.org/19948002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15810 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-22 18:18:55 +00:00
ulan@chromium.org
b2dd5c67f7 ARM: Ensure space for lazy deoptimization before calling IC.
If IC triggers deoptimization, then subsequent patching might get invalid
target address that was overwritten.

R=verwaest@chromium.org
BUG=247688
TEST=mjsunit/regress/regress-247688.js

Review URL: https://chromiumcodereview.appspot.com/19972002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-22 17:21:41 +00:00
yangguo@chromium.org
cd41cb9b6d Turn on parallel recompilation for tests that assert optimization status.
R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/19807002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-22 09:16:33 +00:00
mstarzinger@chromium.org
ce81b0d3a8 ES6: Implement WeakSet
WeakSets work similar to ordinary Sets but the value (which must be an
object) is held weakly.

This is available under --harmony-collections

BUG=v8:2785
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/19678023

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15792 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-22 08:32:24 +00:00
rossberg@chromium.org
ac2b8c04f3 Proxies: Make 'with' work, plus minor other fixes
Also fixes internal exception handling in several places of the runtime.

R=yangguo@chromium.org
BUG=v8:1543

Review URL: https://codereview.chromium.org/19384004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-19 14:07:23 +00:00
ulan@chromium.org
88a4b0d6ca Fix deopt in store with effect context.
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19693004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-19 13:45:26 +00:00
rossberg@chromium.org
83d9e6e7ee Add support for explicit octal and binary integer literals
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-7.8.3

ES6 extends the numeric literals to support explicit support
for binary and octal literals using the following syntax:

  0b10101
  0o777

This is currently behind the flag, --harmony-numeric-literals

BUG=2783
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/19300002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-19 09:57:35 +00:00
verwaest@chromium.org
be472d82fd Fix wrong bailout id in polymorphic stores.
BUG=chromium:259787
R=titzer@chromium.org, ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19528005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-19 08:45:47 +00:00
mstarzinger@chromium.org
3eded2c06c Fix %NeverOptimizeFunction runtime call.
The current usage of this runtime function is broken as it does not
prevent inlining of the affected function but rather bails out from the
whole unit of compilation after trying to inline affected functions.
This simplifies said runtime function to avoid accidental misuse.

R=titzer@chromium.org
TEST=mjsunit/never-optimize

Review URL: https://codereview.chromium.org/19776006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-19 08:25:44 +00:00
machenbach@chromium.org
0288214530 Disable some tests for nacl runs.
These tests fail with the nacl/v8 builders.

Patch from bradchen@chromium.org.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/19769002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15745 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-18 12:21:46 +00:00
svenpanne@chromium.org
b951f03cee Fixed type feedback in presence of negative lookups.
To fix the issue at hand regarding constant function calls and perhaps
other hidden issues regarding negative lookups, we basically add a
"marker instruction", just for harvesting purposes. Our type feedback
oracle is really, really fragile, we should better switch to some more
explicit and robust scheme soon.

BUG=chromium:252797
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/19588002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15741 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-18 09:12:44 +00:00
yangguo@chromium.org
9d6445cf32 Do not materialize context-allocated values for debug-evaluate.
BUG=259300
R=ulan@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/19569003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-17 15:29:00 +00:00
jkummerow@chromium.org
22f2fd8397 Synchronize Compare-Literal behavior in FullCodegen and Hydrogen
BUG=chromium:260345
R=danno@chromium.org

Review URL: https://codereview.chromium.org/19582002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-17 13:13:38 +00:00
mvstanton@chromium.org
7632a311aa Some tests involving AllocationSites are failing in GcStress test mode.
The reason is that an AllocationMemento associated with an array only
lives for one gc (it is unrooted). So an excess of garbage collections
in these tests cause the Memento to be lost, and expected behavior
can't be guaranteed.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/19544002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15714 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-17 11:42:32 +00:00
bmeurer@chromium.org
410b4b2db4 Reland "Turn ElementsTransitionAndStore stub into a HydrogenCodeStub".
Fix the invalid array length check, replacing it with a check of
the elements pointer similar to TransitionElementsKindStub.
Refactor common code from ElementsTransitionAndStoreStub and TransitionElementsKindStub into BuildTransitionElementsKind() helper method.
Add test case for the MD5 computation that used to crash before,
and a small test case for the specific issue.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/19367003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-17 11:37:20 +00:00
dslomov@chromium.org
517cbe4dd3 Add BYTES_PER_ELEMENT property to constructors of typed arrays.
ES6 does not prescribe it, but both Blink and Firefox have it.

Also does a small rename of parameter in test.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/19562002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-17 11:16:07 +00:00
bmeurer@chromium.org
a72b5d6c4d Fix invalid array length check in TransitionElementsKindStub.
The stub used to check the length of the JS array to see if
there's a need to duplicate the elements backing store. This
way it will not duplicate the elements array when going from
double to object even if the elements array is not the empty
fixed array. Later on it will then store pointers into a
FixedDoubleArray.

The native code stub used to check whether elements points to
the empty_fixed_array singleton instead of testing the length.
The Hydrogen stub does that as well now.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/19289009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-17 08:32:28 +00:00
dslomov@chromium.org
11a38ed875 Throw if first argument to TypedArray.set is a number.
Further refinement to semantics that I have missed in previous change.
Both Blink and Firefox are permissive with arguments to .set method.
However, when first argument to "set" is a number, all implementations
throw, so that users know that
   a.set(0,27)
does not assign 27 to 0th element of a, not 0 to 27th element of a.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/19210002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-16 08:11:30 +00:00
rossberg@chromium.org
db76aa2717 Fix sloppy-mode 'const' under Harmony flag.
R=yangguo@chromium.org
BUG=173361

Review URL: https://codereview.chromium.org/19199002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-15 14:12:20 +00:00
dslomov@chromium.org
1c2d005b3c Use corerct conversions for DataView accessors.
We now use DoubleTo(U)Int32 that follows ES specification.

R=titzer@chromium.org,rossberg@chromium.org

Review URL: https://codereview.chromium.org/18703007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-15 09:32:15 +00:00
dslomov@chromium.org
a6419e3e47 This does not match ES6 spec but is the behavior in both Firefox and WebKit/Blink.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/19086003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-15 07:43:46 +00:00
danno@chromium.org
c65f4f7f7b Don't use StoreIC_ArrayLength on frozen arrays
The code previously assumed that an array with fast properties must have
a writable length property. But Object.freeze() now exposes a way to make
length read-only without moving the object into slow mode. This patch
simply adds a !is_frozen check to the IC code. Any future optimizations
to attribute-setting on JSArrays will need to make similar accomodations.

R=danno
BUG=v8:2711,259548

Review URL: https://chromiumcodereview.appspot.com/19115002
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-14 22:03:46 +00:00
hpayer@chromium.org
f5ab1b2a4a Collect side effects on paths to dominated block including the dominator.
BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/18254008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-12 15:06:50 +00:00
danno@chromium.org
48b65f8cd5 Implement truncated d-to-i as a stub on x86
- Added a general DoubleToIStub so that it's possible to extend to other platforms and non-truncating case.
- This version handles all cases of truncation (previous code deopted in some cases) and all source/destination register combinations without clobbering any temps.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/18612005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-12 12:28:32 +00:00
titzer@chromium.org
9e7819fac4 Added %NeverOptimize runtime call that can disable optimizations for a method for tests.
BUG=

Review URL: https://codereview.chromium.org/18214005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-11 14:17:56 +00:00
mvstanton@chromium.org
10615aef7b AllocationSites: when updating allocation site transition information,
be careful to merge feedback appropriately. For example, one array may
have gone holey, and then another allocated at the same place instead
went DOUBLE but remained packed. In this case the ElementsKind
ultimately stored in the AllocationSite should be HOLEY_DOUBLE.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/18531007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-11 13:08:36 +00:00
rossberg@chromium.org
3d9586c431 This adds the following array iterator methods:
Array.prototype.values
Array.prototype.keys
Array.prototype.entries

These all return an Array Iterator object which has a next
method.

http://people.mozilla.org/~jorendorff/es6-draft.html#sec-15.4.5

BUG=v8:2722
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/16848004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-11 11:20:54 +00:00
mvstanton@chromium.org
b61dfd4a82 A bug in AllocationSite::GetMode(from, to) meant that we didn't update
boilerplates for SMI to SMI_HOLEY transitions.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/18917003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-11 09:39:22 +00:00
dslomov@chromium.org
5eb63e483d Change DataView accessors behavior for insufficient args.
ES6 spec for DataView is not fully finished, but Blink, WebKit and
Firefox agree in that for DataView use of getters/setters with no
arguments should result in exceptions, while undefined offset argument
is the same as zero.

R=bmeurer@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/18313007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15607 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-10 16:18:59 +00:00
verwaest@chromium.org
22d7a85519 Unify Count Operation assignment with other assignments
This relands 15578, disables 1 test in harmony observe re bug v8:2774

R=dslomov@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18452013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-10 12:02:18 +00:00
yangguo@chromium.org
5b70a58ad2 Fix plot script.
The script for the time line plot has been broken since r15484, which
changed the format of tick entries in v8.log.

To prevent this from happening in the future, I added a test case.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/18826008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-10 07:53:27 +00:00
dslomov@chromium.org
cfa91762ac Allow parameterless typed array constructors.
ES6 spec tacitly allows them, and they are allowed in Firefox and in
WebKit/Blink.

R=bmeurer@chromium.org,rossberg@chromium.org

Review URL: https://codereview.chromium.org/18769005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-09 19:34:21 +00:00
yangguo@chromium.org
b99ca1ab12 Do not implicitly convert receivers for builtin functions when inspecting frames.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/18900004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-09 13:58:11 +00:00
mvstanton@chromium.org
c1e19bfc35 Bugfix: The general array constructor stub did not handle the case
properly when it is called with a function pointer in the type cell,
instead assuming that an AllocationSite object should be present. The
case where this can happen is if the cell is uninitialized, then the
first constructor call made is to the Array function of a different
context. In that case, we'll store the function pointer in the cell,
and then go ahead and call the array constructor stub too. The bug is
fixed by checking for the AllocationSite object map. If not found, the
constructor stub goes forward with a default ElementsKind, just as in
several other cases.

A test in allocation-site-info.js was beefed up to make sure the state
chain described above is traversed.

BUG=
R=hpayer@chromium.org, hpayer@google.com

Review URL: https://codereview.chromium.org/18277006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-08 14:41:54 +00:00
jkummerow@chromium.org
ed6d2d5c44 Add a test case for Phi representations
BUG=chromium:167394
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/18838002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-08 13:43:43 +00:00
jkummerow@chromium.org
f0811f4e6f Fix and cleanup can_be_minus_zero computation
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/18434004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15546 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-08 11:15:24 +00:00
mvstanton@chromium.org
faaa90d13c Allocation-site-info test, removed TODOs.
Some code was commented out earlier as a todo. Now the code can be reenabled,
because allocation site feedback is working there again.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/18753005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-08 09:11:56 +00:00
danno@chromium.org
bd50e6d38f Refactoring and cleanup of control instructions
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/18331004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-05 10:40:14 +00:00
danno@chromium.org
345cc98a25 Generate StoreGlobal stubs with Hydrogen
- Constants globals are inlined into Hydrogen code using code dependencies that invalidate the Crankshafted code when global PropertyCells or the global object change.
- The more general case generates code that is just as good as the hand-written assembly stubs on all platforms.

R=rossberg@chromium.org, ulan@chromium.org

Committed: http://code.google.com/p/v8/source/detail?r=15419

Review URL: https://codereview.chromium.org/16925008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-05 10:34:02 +00:00
rossberg@chromium.org
929e193fc2 Tweak error message
R=yangguo@chromium.org
BUG=v8:2758

Review URL: https://codereview.chromium.org/18759002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-05 08:34:31 +00:00
yurys@chromium.org
9ef762b683 Do not store fp and sp values in TickSample
Their values are not used neither by the tick processor nor by CpuProfiler so it is just a waste of space.

TickSample used to be a transport for grabbed register values to TickSample::Trace, now they are passed in a special structure RegisterState which is allocated on the stack for the sampling period.

Some common pieces were moved from platform-dependent code into Sampler::SampleStack and TickSample::Init.

BUG=None
R=jkummerow@chromium.org, loislo@chromium.org

Review URL: https://codereview.chromium.org/18620002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-03 16:20:59 +00:00
jkummerow@chromium.org
dd37adc4f1 Change mjsunit tests to work with and without the i18n extension
BUG=v8:2745
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/18187006

Patch from Jochen Eisinger <jochen@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-03 15:33:11 +00:00
ulan@chromium.org
74d147a25d Enable weak embedded maps in optimized code.
If the top optimized code in call stack is at the point that does not support
deoptimization, then treat the maps in the code as strong pointers.

Note that other optimized code in call stack must support deoptimization
because of the call instruction with side-effects.

BUG=217858,v8:2073
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16955008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15452 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-02 15:15:58 +00:00
danno@chromium.org
77c20c30a3 Revert r15419: "Generate StoreGlobal stubs with Hydrogen"
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/18357004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15427 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-01 15:12:21 +00:00
mstarzinger@chromium.org
493d1f1c21 Implement WeakMap.prototype.clear function.
R=rossberg@chromium.org
BUG=v8:2753
TEST=mjsunit/harmony/collections

Review URL: https://codereview.chromium.org/18352002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-01 13:56:48 +00:00
prybin@chromium.org
488da00542 Debug: support breakpoints set in the middle of statement (try #2 after rollback)
Review URL: https://codereview.chromium.org/18349004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-01 13:44:10 +00:00
danno@chromium.org
a3bce19868 Generate StoreGlobal stubs with Hydrogen
- Constants globals are inlined into Hydrogen code using code dependencies that invalidate the Crankshafted code when global PropertyCells or the global object change.
- The more general case generates code that is just as good as the hand-written assembly stubs on all platforms.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/16925008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-01 13:22:13 +00:00
prybin@chromium.org
fe22b45965 Revert "Debug: support breakpoints set in the middle of statement"
Review URL: https://codereview.chromium.org/18326007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-01 13:05:21 +00:00
prybin@chromium.org
f997bacb16 Debug: support breakpoints set in the middle of statement
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/16093040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-01 12:54:13 +00:00
mvstanton@chromium.org
4aed3b8e84 Test fix - array-feedback.js has a test that only make sense when
running crankshaft. Allow the test to tolerate --nocrankshaft.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/18328002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-01 09:00:14 +00:00
jkummerow@chromium.org
05b94f13c8 Add %_DebugBreakInOptimizedCode() pseudo function call to insert int3/stop instructions into optimized code
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/17870002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15392 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-28 15:48:38 +00:00
mvstanton@chromium.org
83519ec87a Hydrogen array constructor cleanup and improvements
* Cleanup of LCallNewArray::PrintDataTo() method
* Created HCallNewArray::PrintDataTo()
* Created many more tests in array-constructor-feedback.js
* Removed redundant instructions in
  GenerateRecordCallTarget
* Bugfix in CreateArrayDispatchOneArgument: on a call to
  new Array(0), we'd like to set the type feedback cell to
  a packed elements kind, but we shouldn't do it if the
  cell contains the megamorphic sentinel.
* When used from crankshaft, ArrayConstructorStubs can
  avoid verifying that the function being called is the
  array function from the current native context, relying
  instead on the fact that crankshaft issues an
  HCheckFunction to protect the constructor call. (this
  new minor key is used in LCodeGen::DoCallNewArray(), and
  influences code generation in
  CodeStubGraphBuilderBase::BuildArrayConstructor()).
* Optimization: the array constructor specialized for
  FAST_SMI_ELEMENTS can save some instructions by looking
  up the correct map on the passed in constructor, rather
  than indexing into the array of cached maps per element
  kind.

BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/17091002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15383 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-28 13:16:14 +00:00
yangguo@chromium.org
85d7a36ee0 Abort optimization when debugger is turned on.
BUG=v8:2751
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/18198003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-28 11:34:51 +00:00
titzer@chromium.org
98f3dab73b Fix elements-kind test to disable optimization of important functions under test; add simpler versions of elements kind test.
Review URL: https://codereview.chromium.org/17872002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-27 08:46:46 +00:00
dslomov@chromium.org
ef189ecd82 Do not allow invocation of ArrayBuffer and array buffer views' constructors as functions.
ES6 bug 695 (https://bugs.ecmascript.org/show_bug.cgi?id=695).
This never worked in WebKit, so no compatibility issues.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/17904007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-27 07:42:08 +00:00
titzer@chromium.org
bfa9fe95dc Change PC for OSR entries to point to something more sensible (i.e. the first UnknownOsrValue), removing the need to record spilled OSR values and the need for duplicate deopt entries.
Review URL: https://codereview.chromium.org/16381006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-26 08:43:27 +00:00
mvstanton@chromium.org
081134ecd1 Removed flag optimize-constructed-arrays.
This eliminates a large amount of hand-written assembly in the platforms.

BUG=
R=danno@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/16453002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-25 16:31:07 +00:00
peter.rybin@gmail.com
42a10a9dfe Allow debugger evaluate expressions to mute local variables
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/17636007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-25 13:48:43 +00:00
dslomov@chromium.org
e6e0ee0708 Update typed arrays behavior to match ES6 rev 15. Remove TO_POSITIVE_INTEGER and throw on negative length arguments.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/17572009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-24 13:58:52 +00:00
dslomov@chromium.org
91eb5f8d25 DataView implementation.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/17153011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-21 13:02:38 +00:00
yangguo@chromium.org
b7b92bd9ac Short-circuit embedded cons strings.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/17418003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-21 09:24:30 +00:00
yangguo@chromium.org
928cbcdc8d Skip parallel recompilation tests if parallel recompilation is disabled.
Parallel recompilation is usually disabled on single-core systems.

R=jkummerow@chromium.org
BUG=v8:2733

Review URL: https://codereview.chromium.org/17261021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-20 11:01:33 +00:00
wingo@igalia.com
f7ba3a7bb1 Fix stack frame reconstruction for generators with formal arguments
The formal parameter count was always being treated as an untagged
integer, but it is actually a Smi on ia32 and arm.

R=mstarzinger@chromium.org
BUG=v8:2355
TEST=mjsunit/harmony/generators-iteration

Review URL: https://codereview.chromium.org/17485002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-20 10:48:34 +00:00
verwaest@chromium.org
2ca5c6cd03 Fix using monomorphic store instruction for polymorphic stores.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16875008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15214 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-19 18:07:35 +00:00
mvstanton@chromium.org
7f0f022792 Bugfix in hydrogen array literal code generation.
If an array literal contains some non-constant elements, is of type SMI, and
then the boilerplate transitions to double or fast sometime after we've
crankshafted the code, then we could incorrectly store smis in double arrays.

BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/17334004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15207 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-19 13:48:50 +00:00
svenpanne@chromium.org
010d9aba16 Avoid relying on monkey-patchable things in String.prototype.split.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/17391016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15206 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-19 12:25:40 +00:00
yangguo@chromium.org
1be45275c6 Fix test for bots that force --parallel-recompilation as shell flag.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16914006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-19 09:32:05 +00:00
mvstanton@chromium.org
c70b41684d Use type feedback for Array (non-constructor) call sites.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/17155010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15201 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-19 09:25:24 +00:00
yangguo@chromium.org
627872ec67 Do not modify FLAG_parallel_recompilation after start up.
R=jkummerow@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/17202006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-18 14:25:24 +00:00
mstarzinger@chromium.org
0524263a27 Remove obsolete elements kind check for array literals.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/17378005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-18 13:32:06 +00:00
svenpanne@chromium.org
fb7310b1fd Fixed read-only attribute of Function.length in strict mode.
R=cira@chromium.org

Review URL: https://codereview.chromium.org/17006006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-18 07:51:50 +00:00
palfia@homejinni.com
f8fc5c443e Allow running mjsunit/manual-parallel-recompile on single-core systems.
- Add an %IsParallelSupported() builtin function to  make possible to check support of parallel processing from JavaScripts.
- Change the test script that if parallel recompilation is forced on a single core CPU, expect that it won't be recompiled in parallel.
- Change the  JSFunction::MarkForParallelRecompilation() to fall back gracefully if parallel recompilation is not supported.

BUG=v8:2733
TEST=mjsunit/manual-parallel-recompile

Review URL: https://codereview.chromium.org/17277002
Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15184 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-17 16:27:18 +00:00
palfia@homejinni.com
93609033e1 MIPS: Optimise Math.floor(x/y) to use integer division for MIPS.
Use div instruction if some divisors do not have magic number.

Based on commit r11427 (318a9598).

This commit also ports commit r15161 (554d45c1).

BUG=

Review URL: https://codereview.chromium.org/16951016
Patch from Dusan Milosavljevic <Dusan.Milosavljevic@rt-rk.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15181 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-17 15:06:41 +00:00
mvstanton@chromium.org
5b2c1a50d9 HCheckFunction is needed to protect new array constructors in
crankshafted code.

BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/16944006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-13 14:29:01 +00:00
wingo@igalia.com
d73dace0f5 Delegating yield does not re-box result objects
Delegating yield (yield*) should just pass on the iterator results it
receives instead of re-boxing them.

R=rossberg@chromium.org
TEST=mjsunit/harmony/generators-iteration
BUG=

Review URL: https://codereview.chromium.org/16695006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15113 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-13 10:57:11 +00:00
wingo@igalia.com
09fcac5e39 Use keyed-call inline caches in delegating yield
Since we can't assume anything about the shape of the iterator in a
yield* (delegating yield), use an IC to do the next() and throw()
iterator method calls.

BUG=v8:2691
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-2691

Review URL: https://codereview.chromium.org/15455002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15111 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-13 10:18:28 +00:00
mvstanton@chromium.org
75afb8ce79 Fix for bug 245480. Calling new Array(a) with a single argument could result in creating a holey array with a packed elements kind.
BUG=245480
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/16341004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-12 18:04:16 +00:00
mstarzinger@chromium.org
93ab1864ea Allow the deoptimizer translation to track de-materialized objects.
This allows the deoptimizer to materialize objects (e.g. the arguments
object) while deopting without having a consective stack area holding
the object values. The LEnvironment explicitly tracks locations for
these values and preserves them in the translation.

R=svenpanne@chromium.org
TEST=mjsunit/compiler/inline-arguments

Review URL: https://codereview.chromium.org/16779004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-12 14:22:49 +00:00
wingo@igalia.com
cc27c4c41b GeneratorFunction() makes generator instances
The current specification has GeneratorFunction() be like Function(),
except that it makes generator instances.  This commit implements that
behavior.  It also fills in a piece of the implementation where
otherwise calling GeneratorFunction or GeneratorFunctionPrototype would
cause an abort because they have no code.

R=mstarzinger@chromium.org
TEST=mjsunit/harmony/generators-iteration
TEST=mjsunit/harmony/generators-runtime
BUG=v8:2355,v8:2680

Review URL: https://codereview.chromium.org/15218004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-12 12:52:16 +00:00
wingo@igalia.com
1fb2f4b358 For-of statements do not permit initializers.
R=rossberg@chromium.org
BUG=v8:2720

Review URL: https://codereview.chromium.org/16739008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-12 12:37:44 +00:00
wingo@igalia.com
418ddc800a Allocate generator result objects before unwinding try handlers
When a generator suspends, it saves its state out to the heap and
unwinds try handlers but doesn't pop anything off the stack.  Instead it
relies on no GC happening between the suspend and the return from the
generator.  However this was not the case: boxing the result object
could cause GC, which would try to traverse the stack but would
misinterpret words from unwound try handlers as heap objects.

This CL changes to allocate the result objects before the suspend.  It
also removes the generators-iteration skip introduced in r15065.

R=mstarzinger@chromium.org
TEST=mjsunit/harmony/generators-iteration
BUG=

Review URL: https://codereview.chromium.org/16801006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15079 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-12 11:02:51 +00:00
yangguo@chromium.org
74556569d1 Reland "Enable map dependency to in-flight compilation info."
BUG=248076
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16782004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-12 09:43:22 +00:00
wingo@igalia.com
5760c7b598 Disable --harmony -> --harmony-generators implication
A GC-related bug has started showing up after r15060 that unfortunately
I haven't been able to reproduce.  Disable generators by default for the
Canary push.

R=danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16638011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-11 14:45:17 +00:00
yangguo@chromium.org
6da97b1d4a Revert "Enable map dependency to in-flight compilation info."
This includes r15032, r15030 and r15005.

R=ulan@chromium.org
BUG=248076

Review URL: https://chromiumcodereview.appspot.com/16482004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-11 11:55:56 +00:00
jkummerow@chromium.org
9447014780 Skip some conditional deopts for Div/Mul when all uses are truncating.
- set "can be minus zero" flag properly so minus-zero checks are skipped
- skip "integer result?" check in division code when uses are truncating
- drive-by cleanup: consolidated computation of kCanOverflow flag for Add/Sub into range inference phase

BUG=v8:2132
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/16741002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-11 11:43:57 +00:00
wingo@igalia.com
f68d6a10f8 Fix crasher when checking for "of", but next token has no literal buffer
Also fix a typo in an assertion in scanner.h.

R=mstarzinger@chromium.org
BUG=248025
TEST=mjsunit/regress/regress-crbug-248025.js

Review URL: https://codereview.chromium.org/16549003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-11 11:30:03 +00:00
wingo@igalia.com
29a1044409 Keep native fuzzing blacklists in sync
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16436005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15036 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-10 12:25:31 +00:00
wingo@igalia.com
093492f01c Don't fuzz _GeneratorNext
The previous patch that renamed _GeneratorSend to _GeneratorNext missed
the blacklist in fuzz-natives-part4.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16339008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15035 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-10 12:06:13 +00:00
mstarzinger@chromium.org
ecc41e30c0 Fix re-initialization of existing double field.
R=verwaest@chromium.org
BUG=v8:2717
TEST=mjsunit/regress/regress-2717

Review URL: https://codereview.chromium.org/16735003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-10 11:55:47 +00:00
yangguo@chromium.org
b0afb77731 Fix parallel recompilation wrt transition maps dependency.
R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/15896038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-10 11:33:23 +00:00
yangguo@chromium.org
1594eca8ed Fix parallel recompilation wrt initial object/array map dependency.
R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/16641002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15030 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-10 11:17:48 +00:00
wingo@igalia.com
f88bca9576 Generator object "next" method takes optional send value
Update the generators implementation to make "next" also do the job of
what was previously called "send" by taking an optional argument.
Remove send, and do a bunch of renamings.

R=rossberg@chromium.org
BUG=v8:2355, v8:2715

Review URL: https://codereview.chromium.org/16136011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-10 09:26:18 +00:00
verwaest@chromium.org
3588aa45cd Take all uses into account to clear int32 truncation.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16656002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-07 17:28:46 +00:00
yangguo@chromium.org
17cfe68015 Enable map dependency to in-flight compilation info.
R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/16542003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-07 13:27:03 +00:00
wingo@igalia.com
b29a78fb02 Baseline for-of implementation
Add full-codegen support for the ES6 for-of iteration statement.

R=mstarzinger@chromium.org, rossberg@chromium.org
TEST=mjsunit/harmony/iteration-semantics
BUG=v8:2214

Review URL: https://codereview.chromium.org/15288011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15002 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-07 11:12:21 +00:00
wingo@igalia.com
cb0d146862 Add initial parser support for harmony iteration
This commit adds initial parser support for harmony iteration.
Specifically, it will parse:

  for (x of y) {}
  for (let x of y) {}
  for (var x of y) {}

The semantics are still unimplemented.

TEST=mjsunit/harmony/for-of-syntax
BUG=v8:2214
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/15300018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-06 14:38:26 +00:00
verwaest@chromium.org
16199c63d8 Initialized representations of computed values to None.
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14721009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14982 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-06 14:21:35 +00:00
mvstanton@chromium.org
701f356bac Move runtime array constructor functions from builtins.cc to runtime.cc.
Not only is runtime.cc a better location, but situations arise soon where we'll
want to make runtime calls to these functions.

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/16399007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-06 13:22:42 +00:00