AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jarin	da90aabc07	Always emit bailout id for inlining property access (even for keyed access). R=ulan@chromium.org BUG=chromium:453805 LOG=n Review URL: https://codereview.chromium.org/887023003 Cr-Commit-Position: refs/heads/master@{#26359}	2015-01-30 14:35:43 +00:00
ishell	32fe247d91	Layout descriptor sharing issue fixed. BUG=chromium:437713, v8:3832 LOG=Y Review URL: https://codereview.chromium.org/885003002 Cr-Commit-Position: refs/heads/master@{#26354}	2015-01-30 12:55:25 +00:00
aperez	91b87e7a28	Do not create unresolved variables when parsing arrow functions lazily Arrow function parameter lists are parsed as expressions. When an identifier is found a VariableProxy is created and added to the list of unresolved variables for the scope. When parsing a function lazily, the scope has been already resolved, so with this patch only the VariableProxy is created, without adding it as an unresolved variable in the scope. BUG=v8:3501 LOG=Y Review URL: https://codereview.chromium.org/880253004 Cr-Commit-Position: refs/heads/master@{#26328}	2015-01-29 15:53:15 +00:00
mstarzinger	c5833e8596	Add missing FrameState to JSToName nodes. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-451770 BUG=chromium:451770 LOG=N Review URL: https://codereview.chromium.org/880963002 Cr-Commit-Position: refs/heads/master@{#26305}	2015-01-28 11:40:02 +00:00
yangguo	1e905469be	Land test case for RegExp.source. BUG=chromium:447561 LOG=N TBR=mvstanton@chromium.org Review URL: https://codereview.chromium.org/878033003 Cr-Commit-Position: refs/heads/master@{#26297}	2015-01-27 15:17:37 +00:00
ishell	7f9b2fa699	Do not generalize field representations when making elements kind or observed transition. BUG=chromium:448711 LOG=y Review URL: https://codereview.chromium.org/861173004 Cr-Commit-Position: refs/heads/master@{#26289}	2015-01-27 11:19:06 +00:00
titzer	7c81161b97	[turbofan] Simplify reduction if IfTrue and IfFalse and fix bugs. R=mstarzinger@chromium.org BUG=chromium:451958 LOG=Y Review URL: https://codereview.chromium.org/880533002 Cr-Commit-Position: refs/heads/master@{#26276}	2015-01-26 16:11:24 +00:00
mstarzinger	00f3f99221	Add missing FrameState for Runtime_CreateArrayLiteral. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-451013 BUG=chromium:451013 LOG=N Review URL: https://codereview.chromium.org/873973003 Cr-Commit-Position: refs/heads/master@{#26268}	2015-01-26 12:45:34 +00:00
svenpanne	a7d67a64f1	Fixed Hydrogen environment handling for mul-i on ARM and ARM64. The whole logic in DoMul makes me cry, so I made only the minimal change to fix the issue... BUG=v8:451322 LOG=y Review URL: https://codereview.chromium.org/873703002 Cr-Commit-Position: refs/heads/master@{#26261}	2015-01-26 08:35:58 +00:00
mstarzinger	d2e424afb8	Avoid unintentional optimization of hot builtins by TurboFan. R=titzer@chromium.org TEST=mjsunit/regress/regress-crbug-451016 BUG=chromium:451016 LOG=N Review URL: https://codereview.chromium.org/817293005 Cr-Commit-Position: refs/heads/master@{#26229}	2015-01-22 18:52:15 +00:00
ishell	8ccc696bf6	Support concatenating with zero-size arrays with DICTIONARY_ELEMENTS in Runtime_ArrayConcat. BUG=chromium:450895 LOG=y Review URL: https://codereview.chromium.org/849693003 Cr-Commit-Position: refs/heads/master@{#26219}	2015-01-22 11:15:30 +00:00
mstarzinger	558efe21f0	Add missing BailoutId and FrameState to with statements. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-450642 BUG=chromium:450642 LOG=N Review URL: https://codereview.chromium.org/865833002 Cr-Commit-Position: refs/heads/master@{#26218}	2015-01-22 10:57:42 +00:00
bmeurer	0381acf7b3	Double field values need sNaN -> qNaN canonicalization. Also fix mjsunit/regress/regress-undefined-nan to ensure that we are testing transfer via xmm registers by forcing the transfer to be in an optimized function. BUG=v8:3839 LOG=n R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/863153002 Cr-Commit-Position: refs/heads/master@{#26213}	2015-01-22 08:36:12 +00:00
Benedikt Meurer	ee86227600	[arm] Fix sNaN quietening in the ARM simulator on IA-32. TEST=msjunit/regress/regress-undefined-nan2 R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/802243004 Cr-Commit-Position: refs/heads/master@{#26185}	2015-01-21 13:01:23 +00:00
Benedikt Meurer	9eace97bba	Use signaling NaN for holes in fixed double arrays. TEST=mjsunit,cctest,unittests R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/863633002 Cr-Commit-Position: refs/heads/master@{#26180}	2015-01-21 08:52:25 +00:00
ishell	33994b4a22	Massive renaming of PropertyType values and other implied stuff. PropertyKind: DATA -> kData ACCESSOR -> kAccessor PropertyType: FIELD -> DATA CONSTANT -> DATA_CONSTANT ACCESSOR_FIELD -> ACCESSOR CALLBACKS -> ACCESSOR_CONSTANT PropertyLocation: IN_OBJECT -> kField IN_DESCRIPTOR -> kDescriptor StoreMode: FORCE_IN_OBJECT -> FORCE_FIELD FieldDescriptor -> DataDescriptor ConstantDescriptor -> DataConstantDescriptor CallbacksDescriptor -> AccessorConstantDescriptor Review URL: https://codereview.chromium.org/856503002 Cr-Commit-Position: refs/heads/master@{#26146}	2015-01-19 17:49:22 +00:00
mvstanton	173b69f041	ClusterFuzz fix: %NormalizeElements shouldn't process the global proxy. BUG=449070 R=yangguo@chromium.org LOG=N Review URL: https://codereview.chromium.org/859713002 Cr-Commit-Position: refs/heads/master@{#26126}	2015-01-19 09:31:19 +00:00
Sven Panne	e5184734b3	Another attempt to fix regress-crbug-178790. This time we simply undo the change introduced by the PPC port for this test. No idea why it should be necessary, and Windows XP obviously doesn't give us that much stack, anyway. TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/826833003 Cr-Commit-Position: refs/heads/master@{#26093}	2015-01-16 10:12:15 +00:00
Sven Panne	54570cfa74	PPC aftermath: Fix regress-crbug-178790. The test fails on XP only, so let's tentatively raise the stack limit more. We probably need to investigate what a tighter limit might be and (more importantly) what the underlying reason for the failure is. Hopefully 1800kB is enough, we can't test this via try jobs, because we don't have XP try bots. :-/ R=machenbach@chromium.org Review URL: https://codereview.chromium.org/791693005 Cr-Commit-Position: refs/heads/master@{#26092}	2015-01-16 09:45:31 +00:00
Sven Panne	e4c5b84652	Contribution of PowerPC port (continuation of 422063005) Contribution of PowerPC port (continuation of 422063005). The inital patch covers the core changes to the common files. Subsequent patches will cover changes to common files to support AIX and to update the ppc directories so they are current with the changes in the rest of the project. This is based off of the GitHub repository https://github.com/andrewlow/v8ppc BUG= R=svenpanne@chromium.org, danno@chromium.org, sevnpanne@chromium.org Review URL: https://codereview.chromium.org/817143002 Cr-Commit-Position: refs/heads/master@{#26091}	2015-01-16 07:42:15 +00:00
bmeurer	e1d878d16f	Add proper support for proxies to HType. TEST=mjsunit/regress/regress-crbug-448730 BUG=chromium:448730 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/847373002 Cr-Commit-Position: refs/heads/master@{#26056}	2015-01-14 13:57:09 +00:00
dslomov	a4124b3bfc	Map -0 to integer 0 for typed array constructors. R=bmeurer@chromium.org BUG=chromium:447756 LOG=Y Review URL: https://codereview.chromium.org/790813005 Cr-Commit-Position: refs/heads/master@{#26021}	2015-01-12 11:42:57 +00:00
titzer	7e98658e31	[turbofan] Fix control reducer for degenerate cases of self-loop branches. R=jarin@chromium.org BUG=chromium:447526 Review URL: https://codereview.chromium.org/828823006 Cr-Commit-Position: refs/heads/master@{#26009}	2015-01-09 12:28:14 +00:00
Yang Guo	2050994d80	Correctly parse line ends for debugging. Instead of using only \n as line terminator, we now use the definition in http://www.ecma-international.org/ecma-262/5.1/#sec-7.3 R=marja@chromium.org BUG=v8:2825 LOG=Y Review URL: https://codereview.chromium.org/821383009 Cr-Commit-Position: refs/heads/master@{#25989}	2015-01-08 10:46:13 +00:00
ishell	0d6785805c	Correct handling of exceptions occured during getting of exception stack trace. BUG=chromium:444805 LOG=Y Review URL: https://codereview.chromium.org/793333003 Cr-Commit-Position: refs/heads/master@{#25978}	2015-01-07 14:50:16 +00:00
titzer	d77d3ba9a3	Fix bug in Runtime_CompileOptimized resulting from stack overflow. R=jarin@chromium.org BUG=chromium:446389 LOG=Y Review URL: https://codereview.chromium.org/844503002 Cr-Commit-Position: refs/heads/master@{#25974}	2015-01-07 13:43:44 +00:00
svenpanne	cbf3b0bcc7	More -fsanitize=vptr fixes. This actually fixes 3 different issues when accessing Operand1: * Object vs. HeapObject * Wrong defaults for equals/hash * silently dropping const TEST=test/mjsunit/regress/regress-441099.js BUG=chromium:441099 LOG=y Review URL: https://codereview.chromium.org/812563002 Cr-Commit-Position: refs/heads/master@{#25843}	2014-12-16 14:20:28 +00:00
marja	978f41a1da	RegExpParser: Fix Reset()ting to the end. The bug would occur when we try to Reset() to a position already at the end. This happens e.g., when the regexp ends with \u. What used to happen in that case: 1) Advance past \ and u (to the end) (which wouldn't increase next_pos_ enough) 2) Try to parse 4 hex digits 3) When that failed, Reset() to the position which should've been at the end but wasn't. To be able to properly Reset() to a position at the end, we need to allow next_pos_ to move beyond the end (since position() is next_pos_ - 1). Minimal repro case: var r = /foo\u/ r.test("foou") // should be true, was false. (Note that \u not followed by 4 hex didits should be interpreted as an identity escape. It already worked unless \u was at the end of the regexp.) BUG=v8:3756 LOG=NO Review URL: https://codereview.chromium.org/802313003 Cr-Commit-Position: refs/heads/master@{#25838}	2014-12-16 12:14:19 +00:00
jkummerow	c060f4e26c	Internalize strings being stored into uninitialized property cells Review URL: https://codereview.chromium.org/804993002 Cr-Commit-Position: refs/heads/master@{#25822}	2014-12-15 15:46:11 +00:00
dslomov	e6198a0fed	Update tests in preparation for shipping classes. R=arv@chromium.org BUG=v8:3330 LOG=N Review URL: https://codereview.chromium.org/788773003 Cr-Commit-Position: refs/heads/master@{#25783}	2014-12-11 15:54:09 +00:00
ishell	7d13ca278a	Reland of "TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name." Review URL: https://codereview.chromium.org/793453004 Cr-Commit-Position: refs/heads/master@{#25750}	2014-12-10 15:18:52 +00:00
svenpanne	c16b8f6cbb	Fixed environment handling for LFlooringDivI on ARM. Beautiful code... :-} BUG=chromium:437765 LOG=y Review URL: https://codereview.chromium.org/775613002 Cr-Commit-Position: refs/heads/master@{#25613}	2014-12-02 13:47:19 +00:00
ishell	1a2e4b265a	Map::CopyGeneralizeAllRepresentations() left incorrect layout descriptor in a new map. BUG=chromium:436820 LOG=N Review URL: https://codereview.chromium.org/759823004 Cr-Commit-Position: refs/heads/master@{#25530}	2014-11-26 17:37:05 +00:00
titzer	9da4998204	Abort optimization in corner case. The %OptimizeFunctionOnNextCall sledgehammer can cause a function to be marked for optimization before it's ever been compiled by fullcode. This can lead to the situation where a function doesn't have optimization disabled until we try to compile it optimized. Basically, the assert should just handle this case more gracefully. R=yangguo@chromium.org BUG=436893 LOG=Y Review URL: https://codereview.chromium.org/760063002 Cr-Commit-Position: refs/heads/master@{#25528}	2014-11-26 16:57:52 +00:00
jarin	97cab985b8	Do not try to inline if the function has an illegal redeclaration. R=mvstanton@chromium.org BUG=chromium:436896 LOG=n Review URL: https://codereview.chromium.org/755333003 Cr-Commit-Position: refs/heads/master@{#25527}	2014-11-26 16:32:46 +00:00
dslomov	626f110f0b	Introduce legacy const slots in correct context. R=rossberg@chromium.org BUG=chromium:410030 LOG=Y Review URL: https://codereview.chromium.org/756293004 Cr-Commit-Position: refs/heads/master@{#25519}	2014-11-26 12:16:30 +00:00
dslomov	6ac4de87a8	harmony-scoping: make assignment to 'const' a late error. Per TC39 Nov 2014 decision. This patch also changes behavior for "legacy const": assignments to sloppy const in strict mode is now also a type error. This fixes v8:2243 and also brings us in compliance with other engines re assignment to function names (see updated webkit test), but might have bigger implications. That change can easily be reverted by changing Variable::IsSignallingAssignmentToConst. BUG=v8:3713,v8:2243 LOG=N Review URL: https://codereview.chromium.org/749633002 Cr-Commit-Position: refs/heads/master@{#25516}	2014-11-26 11:21:23 +00:00
jarin	d9cabb9b22	[turbofan] Fix matching of the lea instruction. Resets the scaled exponent to 0 when the scaling match fails. BUG= Review URL: https://codereview.chromium.org/756643002 Cr-Commit-Position: refs/heads/master@{#25491}	2014-11-24 17:45:33 +00:00
yangguo	270dccf6db	Correctly find shared function info for debugging when compiling eagerly. R=ulan@chromium.org BUG=v8:3717 LOG=N Review URL: https://codereview.chromium.org/758523004 Cr-Commit-Position: refs/heads/master@{#25486}	2014-11-24 15:43:35 +00:00
yangguo	14a3b9188d	Fix RegExp.source for uncompiled regexp. R=jkummerow@chromium.org BUG=435825 LOG=N Review URL: https://codereview.chromium.org/753983002 Cr-Commit-Position: refs/heads/master@{#25476}	2014-11-24 11:21:52 +00:00
yangguo	5414c39974	Slightly improve tests that rely on lazy compilation. R=rossberg@chromium.org BUG=v8:3712 LOG=N Review URL: https://codereview.chromium.org/743843003 Cr-Commit-Position: refs/heads/master@{#25463}	2014-11-21 12:41:06 +00:00
yangguo	61bee5c898	Correctly escape RegExp source. R=ulan@chromium.org BUG=v8:3229 LOG=N Review URL: https://codereview.chromium.org/736003002 Cr-Commit-Position: refs/heads/master@{#25457}	2014-11-21 10:50:24 +00:00
Michael Stanton	cf572694fe	Assert to protect against polymorphic string loads fires on valid stores. BUG=435477 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/751513002 Cr-Commit-Position: refs/heads/master@{#25456}	2014-11-21 10:29:08 +00:00
Michael Stanton	3d58b82add	Fix for 435073: CHECK failure in CHECK(p->IsSmi()) failed. The bug was an error when copying arrays in crankshaft. If it's a holey smi array, the copy must be done as FAST_HOLEY_ELEMENTS to prevent representation changes from being inserted that deopt on encountering the hole. Also, prevent inlining array pop() and shift() if the length is read-only. BUG=435073 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/737383002 Cr-Commit-Position: refs/heads/master@{#25455}	2014-11-21 10:14:19 +00:00
ulan	dc88962350	Do not bailout from optimizing functions that use f(x, arguments) if there is not enough type-feedback to detect that f is Function.prototype.apply. BUG=v8:3709 LOG=N TEST=mjsunit/regress/regress-3709 Review URL: https://codereview.chromium.org/736043002 Cr-Commit-Position: refs/heads/master@{#25447}	2014-11-20 17:07:44 +00:00
Andreas Rossberg	4f63564700	Fix lower bound violation R=jarin@chromium.org BUG=433332 LOG=N Review URL: https://codereview.chromium.org/739563002 Cr-Commit-Position: refs/heads/master@{#25436}	2014-11-20 11:22:49 +00:00
yangguo	5bea77f786	Fix disabling all break points from within the debug event callback. BUG=chromium:432493 LOG=Y Review URL: https://codereview.chromium.org/728103008 Cr-Commit-Position: refs/heads/master@{#25400}	2014-11-18 14:57:48 +00:00
Jakob Kummerow	bf22724e0d	Fix one more missing c0_ < 0 check in scanner BUG=chromium:433766 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/731953003 Cr-Commit-Position: refs/heads/master@{#25371}	2014-11-17 09:43:31 +00:00
Jaroslav Sevcik	c3af691e72	[turbofan] Remove int32 narrowing during typed lowering. With Int32Add we lose the int/uint distinction, so later, in simplified lowering we can make a wrong decision. E.g., see the attached test case, where we lower NumberAdd -> Int32Add because inputs are Uint32, but during simplified lowering we change the inputs to Int32, so we get a wrong result. Simplified lowering will lower the NumberAdd operations anyway, so we should lose performance. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/721723004 Cr-Commit-Position: refs/heads/master@{#25368}	2014-11-17 09:04:52 +00:00
ishell@chromium.org	2e38f33911	Revert "TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name." Revert "Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136." This revert is made in order to revert r25099 which potentially causes renderer hangs. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/722873004 Cr-Commit-Position: refs/heads/master@{#25332}	2014-11-13 15:31:04 +00:00
ishell@chromium.org	bc8c41c08d	Avoid fast short-cut in Map::GeneralizeRepresentation() for literals with non-simple transitions. It started showing after r25253. BUG=v8:3687 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/715313003 Cr-Commit-Position: refs/heads/master@{#25324}	2014-11-13 10:56:31 +00:00
Jaroslav Sevcik	2d075e2298	Reland "[turbofan] Weakening of types must weaken ranges inside unions." This relands commit `4c1f4b796d`. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/723023002 Cr-Commit-Position: refs/heads/master@{#25317}	2014-11-13 09:02:14 +00:00
Yang Guo	b96309b776	Move public symbols to the root set. This allows serializing public symbols that are embedded in code. BUG=v8:3689 LOG=N R=rossberg@chromium.org Review URL: https://codereview.chromium.org/722723002 Cr-Commit-Position: refs/heads/master@{#25315}	2014-11-13 08:48:08 +00:00
Jaroslav Sevcik	c513297f9f	Revert "[turbofan] Weakening of types must weaken ranges inside unions." This reverts commit `4c1f4b796d`. TBR=rossberg@chromium.org Review URL: https://codereview.chromium.org/722943003 Cr-Commit-Position: refs/heads/master@{#25312}	2014-11-13 06:10:42 +00:00
Jaroslav Sevcik	4c1f4b796d	[turbofan] Weakening of types must weaken ranges inside unions. BUG= R=rossberg@chromium.org Review URL: https://codereview.chromium.org/712623002 Cr-Commit-Position: refs/heads/master@{#25311}	2014-11-13 05:31:47 +00:00
dslomov@chromium.org	0e2f7e3c35	Re-enable serialization under harmony-scoping. R=yangguo@chromium.org BUG=v8:3689 LOG=N Review URL: https://codereview.chromium.org/717153002 Cr-Commit-Position: refs/heads/master@{#25294} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-12 13:12:50 +00:00
yangguo@chromium.org	1dbd6369b1	Correctly compute line numbers in functions from the function constructor. R=aandrey@chromium.org BUG=chromium:109362 LOG=Y Review URL: https://codereview.chromium.org/701093003 Cr-Commit-Position: refs/heads/master@{#25289} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-12 10:06:47 +00:00
adamk@chromium.org	1386257c55	Correctly handle Array unshift/splices that move elements past the max length of an Array BUG=v8:2615 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/679113003 Cr-Commit-Position: refs/heads/master@{#25270} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-11 19:08:14 +00:00
jkummerow@chromium.org	3b3929fdc7	Reland "Avoid some unnecessary fast-properties map creations." This relands commit `ea74f0f85a`. The revert was due to failures in cctest/test-heap/ReleaseOverReservedPages, caused by apparent changes to memory layout and fragmentation of the first page. Eliminating a situation in messages.js where this CL has had an effect on map transitions seems to solve the issue. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/714883003 Cr-Commit-Position: refs/heads/master@{#25266} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-11 15:41:30 +00:00
jkummerow@chromium.org	d3b68cf370	Fix has_constant_parameter_count() confusion in LReturn BUG=chromium:431602 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/714663002 Cr-Commit-Position: refs/heads/master@{#25249} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-10 15:25:50 +00:00
arv@chromium.org	c24ebcd387	Revert "Avoid some unnecessary fast-properties map creations." This reverts commit e1f23eab4255d63344011dfb885b8e8962cb60e2. Broke cctest/test-heap/ReleaseOverReservedPages on a bunch of builders http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/928/steps/Check/logs/ReleaseOverReservedPa.. BUG=None LOG=N TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/709123002 Cr-Commit-Position: refs/heads/master@{#25224} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-07 18:49:45 +00:00
jkummerow@chromium.org	ea74f0f85a	Avoid some unnecessary fast-properties map creations. (1) When we have just normalized and re-fastified a map, we don't need to copy it again to set the is_prototype bit. (2) When defining accessors causes a non-prototype object to go slow, don't force re-fastification. BUG=v8:3267 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/706243002 Cr-Commit-Position: refs/heads/master@{#25221} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-07 16:33:47 +00:00
marja@chromium.org	2b026851ac	Scanner: disallow unicode escapes in regexp flags. The spec explicitly forbids them. V8 never handled them properly either, just the Scanner accepted them (it had code to add them literally to the LiteralBuffer) and later on, Regexp constructor disallowed them. According to the spec, unicode escapes in regexp flags should be an early error ("It is a Syntax Error if IdentifierPart contains a Unicode escape sequence."). Note that Scanner is still more relaxed about regexp flags than the spec. Especially, it accepts any identifier parts (not just a small set of letters) and doesn't check for duplicates. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/700373003 Cr-Commit-Position: refs/heads/master@{#25215} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-07 14:32:19 +00:00
ishell@chromium.org	e1f93a82f2	Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136. BUG=chromium:430846 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/704183002 Cr-Commit-Position: refs/heads/master@{#25185} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-06 11:50:33 +00:00
jarin@chromium.org	91eeae5849	[turbofan] Fix deopt for assignments in non-effect context. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/701853002 Cr-Commit-Position: refs/heads/master@{#25151} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-05 13:09:14 +00:00
ishell@chromium.org	33dde8d92c	TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/661133002 Cr-Commit-Position: refs/heads/master@{#25136} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-05 09:26:48 +00:00
rossberg@chromium.org	357882a8e5	`1..isPrototypeOf.call(null)` should return false, not throw TypeError. BUG=v8:3483 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/433413002 Cr-Commit-Position: refs/heads/master@{#25116} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-04 16:14:18 +00:00
mstarzinger@chromium.org	cd3273b562	Properly handle stack overflows in the AST graph builder. R=jarin@chromium.org BUG=chromium:429159 TEST=mjsunit/regress/regress-crbug-429159 LOG=N Review URL: https://codereview.chromium.org/697473006 Cr-Commit-Position: refs/heads/master@{#25037} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-31 14:02:46 +00:00
yangguo@chromium.org	76292d2daf	Fix assertion scope in Runtime_GetScript. The HeapIterator implies DisallowHeapAllocation, but Script::GetWrapper may allocate. LOG=N R=jkummerow@chromium.org BUG=chromium:410033 Review URL: https://codereview.chromium.org/680283002 Cr-Commit-Position: refs/heads/master@{#25001} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-30 07:25:43 +00:00
yangguo@chromium.org	64cef0b2e9	Reland "In PrepareForBreakPoints, also purge shared function info not referenced by functions." BUG=chromium:424142 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/692453002 Cr-Commit-Position: refs/heads/master@{#24970} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24970 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-29 10:19:44 +00:00
yangguo@chromium.org	67b76ebaea	Revert "In PrepareForBreakPoints, also purge shared function info not referenced by functions." This reverts commit r24964. TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/687163002 Cr-Commit-Position: refs/heads/master@{#24966} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-29 09:23:10 +00:00
yangguo@chromium.org	7668c4c29a	In PrepareForBreakPoints, also purge shared function info not referenced by functions. R=ulan@chromium.org BUG=chromium:424142 LOG=N Review URL: https://codereview.chromium.org/685753002 Cr-Commit-Position: refs/heads/master@{#24964} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-29 08:11:41 +00:00
yangguo@chromium.org	0dfbf83468	Use shared function info for eval cache key. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/678843004 Cr-Commit-Position: refs/heads/master@{#24927} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-28 10:01:44 +00:00
yangguo@chromium.org	efc01f4736	Prevent recursion in the debug event listener. R=ulan@chromium.org BUG=chromium:409614 LOG=N Review URL: https://codereview.chromium.org/684573005 Cr-Commit-Position: refs/heads/master@{#24924} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24924 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-28 09:44:43 +00:00
adamk@chromium.org	f1954232b0	SimpleMove now calls [[Has]] before [[Get]] when moving elements BUG=v8:3643 LOG=n R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/678753002 Cr-Commit-Position: refs/heads/master@{#24907} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-27 13:05:13 +00:00
jarin@chromium.org	23df66ee24	Add more missing deopts BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/639883002 Cr-Commit-Position: refs/heads/master@{#24886} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-26 10:25:48 +00:00
adamk@chromium.org	c9ea8d6512	SimpleSlice now calls [[Get]] before [[Has]] when generating copy SparseSlice does not need this (non-optimal) reordering since its callers guarantee that [[Get]] has no side effects on the passed-in array. BUG=v8:3643 LOG=n R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/674003002 Cr-Commit-Position: refs/heads/master@{#24884} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-24 18:08:13 +00:00
adamk@chromium.org	02d37b8f10	Widen definition of %HasComplexElements() to include non-enumerability This avoids using the Sparse methods on objects with non-enumerable elements, which can cause the 'enumerable: false' bit to get lost in the operation. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/672323003 Cr-Commit-Position: refs/heads/master@{#24883} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-24 18:04:13 +00:00
adamk@chromium.org	0ef073d556	Fix sparse versions of Array slice/splice to use [[DefineOwnProperty]] to generate return value BUG=chromium:423633 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/673893002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 21:13:29 +00:00
adamk@chromium.org	5f1ae66d56	Narrow cases where Sparse/Smart versions of Array methods are used Added a new %HasComplexElements runtime function (meaning elements that are non-writable, non-configurable, or have getters and setters) and use it in UseSparseVariant to filter out cases where the sparse optimizations can cause V8 to fall out of spec compliance. Renamed SmartMove/SmartSlice to SparseMove/SparseSlice and guarded them with the new and improved UseSparseVariant. These two changes combine let us pass nearly every test in bug-2615.js, as well as fixing reverse and join on sparse arrays. Note that there are various test changes in this patch that correct existing tests to match the correct-by-spec behavior. This patch depends on https://codereview.chromium.org/666883009, which better-aligns the behavior of SmartMove with SimpleMove. BUG=v8:2615,v8:3612,v8:3621 LOG=y R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/656423004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 18:21:50 +00:00
ishell@chromium.org	5509cc2c07	Fixed mutable heap numbers leak in JSON parser. BUG=chromium:423687 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/669403002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 14:41:39 +00:00
dslomov@chromium.org	96105a90fc	harmony-scoping: Allow 'const' iteration variables in strict mode. R=rossberg@chromium.org BUG=v8:2506 LOG=N Committed: https://code.google.com/p/v8/source/detail?r=24834 Review URL: https://codereview.chromium.org/671913002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 12:30:20 +00:00
dslomov@chromium.org	707ed29a51	Revert "harmony-scoping: Allow 'const' iteration variables in strict mode." This reverts commit r24834 for breaking debug tests. TBR=bmeurer@chromium.org Review URL: https://codereview.chromium.org/672193002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 11:55:19 +00:00
dslomov@chromium.org	b54f7d3c46	harmony-scoping: Allow 'const' iteration variables in strict mode. R=rossberg@chromium.org BUG=v8:2506 LOG=N Review URL: https://codereview.chromium.org/671913002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 11:18:50 +00:00
rodolph.perfetta@arm.com	ecbfc43f37	ARM64: Fix stack manipulation. Builtins::Generate_StringConstructCode was claiming stack space instead of giving it back. BUG=chromium:425585 LOG=Y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/672623003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-22 18:24:20 +00:00
dslomov@chromium.org	b664c12235	Flatten the string in StringToDouble function. R=yangguo@chromium.org BUG=chromium:425551 LOG=N Review URL: https://codereview.chromium.org/654763003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-22 08:19:05 +00:00
adamk@chromium.org	b6d0113abc	Array.prototype.{slice,splice} should use [[DefineOwnProperty]] to generate return value BUG=chromium:423633 LOG=N R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/649063003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24784 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-21 17:46:42 +00:00
mvstanton@chromium.org	8330178b4c	The issue is that by handling strings with map/handler pairs instead of a special version of the keyed load stub (https://code.google.com/p/v8/source/detail?r=24661), I allowed polymorphism between string and non-string types in the IC. Before, the IC would go generic. Then, at crankshaft time, we special case when we only saw strings. The error here is that crankshaft can't emit code that handles polymorphism between string and non-string types. The choice is either to get that to happen (I don't deem this necessary from a performance point of view, an IC with such type feedback before would have gone generic), or simply check for the case of "polymorphic with some string maps" and require crankshaft to go generic. I'll do the latter. BUG=425519 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/667923004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-21 13:04:51 +00:00
yangguo@chromium.org	83ddaa0df7	Fix break location calculation. R=ulan@chromium.org BUG=chromium:419663 LOG=Y Review URL: https://codereview.chromium.org/658723005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-17 14:11:01 +00:00
adamk@chromium.org	ae7161e4cb	Revert "Remove SmartMove, bringing Array methods further into spec compliance" This reverts https://code.google.com/p/v8/source/detail?r=24647 It caused test failures in Array methods in Linux64 OptimizeForSize. BUG=v8:2615 TBR=verwaest@chromium.org LOG=N Review URL: https://codereview.chromium.org/656683003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-15 23:53:02 +00:00
adamk@chromium.org	bb885a79db	Remove SmartMove, bringing Array methods further into spec compliance This is one step towards a single codepath for each method in array.js. This patch is based on rafaelw's https://codereview.chromium.org/349073002 BUG=v8:2615 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/455933002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24647 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-15 23:36:58 +00:00
adamk@chromium.org	a6ff3f7f4a	Handle exceptions thrown by Array.observe machinery BUG=chromium:417709 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/651323003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-15 18:22:20 +00:00
verwaest@chromium.org	23868b419c	Optimize Function.prototype.call BUG= R=verwaest@chromium.org, jarin@chromium.org, jkummerow@chromium.org Review URL: https://codereview.chromium.org/588573002 Patch from Petka Antonov <p.antonov@partner.samsung.com>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-15 12:22:15 +00:00
yangguo@chromium.org	9a21ba499c	Catch exceptions thrown when enqueuing change records. R=ishell@chromium.org BUG=chromium:417709 LOG=N Review URL: https://codereview.chromium.org/653593002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-14 14:46:11 +00:00
ulan@chromium.org	29296d7e50	Fix computation of UTC time from local time at DST change points. This also reverts r23606, which was an incorrect fix. BUG=v8:3116,chromium:417640,chromium:415424 LOG=Y TEST=mjsunit/regress/regress-3116.js R=yangguo@chromium.org Review URL: https://codereview.chromium.org/639383002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-09 14:17:33 +00:00
jkummerow@chromium.org	1bb52d0da8	Fix Hydrogen's BuildStore() BUG=chromium:417508 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/612423002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-01 13:17:34 +00:00
jarin@chromium.org	5b742b356d	Adding more missing deoptimization points in Turbofan. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/595863002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-29 13:37:58 +00:00
jarin@chromium.org	b11c925142	Disable merging simulates across captured objects. BUG=chromium:416730 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/607453002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-25 12:16:32 +00:00
yangguo@chromium.org	86b3c3eea7	Insert materialized context at the right place in DebugEvaluate. R=aandrey@chromium.org, ulan@chromium.org BUG=chromium:323936 LOG=N Review URL: https://codereview.chromium.org/599113002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-25 09:33:40 +00:00
jkummerow@chromium.org	1903e560b0	Non-JSArrays must always have holey elements. Drive-by cleanup: remove unused elements_kind_ field in CallNew. BUG=chromium:416558 LOG=n R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/595333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-25 08:25:25 +00:00
mvstanton@chromium.org	b0b59073ac	Fix IC cache confusion on String.prototype.length BUG=416416 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/587363002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-24 09:33:04 +00:00
jarin@chromium.org	9ef343c18d	[Turbofan] Insert nops for lazy bailout patching, fix translation of literals. The code for EnsureSpaceForLazyDeopt is taken from lithium-codegen-*. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/562033003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-23 08:46:18 +00:00
verwaest@chromium.org	83f64e8c1f	Fix escaped index JSON parsing BUG=416449 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/592813002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-22 15:21:19 +00:00
mstarzinger@chromium.org	429924b780	Fix typed lowering to number comparison. R=titzer@chromium.org TEST=mjsunit/regress/regress-3564 BUG=v8:3564 LOG=N Review URL: https://codereview.chromium.org/574653002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-16 11:33:30 +00:00
mstarzinger@chromium.org	d313551a3e	Disable lowering to StringAdd due to various issues. R=titzer@chromium.org Review URL: https://codereview.chromium.org/566303003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-16 08:29:46 +00:00
yangguo@chromium.org	7cb82a76b4	Reland "Remove V8_HOST_CAN_READ_UNALIGNED and its uses." BUG=chromium:412967 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/571903002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-15 10:54:49 +00:00
jarin@chromium.org	00e90b7e6e	Remove deoptimization by patching the call stack. We go back to patching the code for lazy deoptimization because ICs need the on-stack return address to read/update the IC address/state. The change also fixes bunch of tests, mostly by adding more deoptimization points. (We still need to add code to ensure lazy deopt patching does not overwrite ICs and other lazy deopts; this is coming next.) BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/568783002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-15 09:21:39 +00:00
jarin@chromium.org	e401262400	Reland "Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic." This relands commit r23899. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/565093002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23910 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 10:58:43 +00:00
jarin@chromium.org	bc0674d0a7	Revert "Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic." This reverts commit r23899. TBR=ulan@chromium.org Review URL: https://codereview.chromium.org/552253003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:49:22 +00:00
jkummerow@chromium.org	b4375b77ec	Fix Smi vs. HeapObject confusion in HConstants. Representation and HType should agree with each other. BUG=chromium:412215 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/556563005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:44:14 +00:00
jarin@chromium.org	91e97f8371	Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic. This makes the syntactic order consistent with the evaluation order. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/561133005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:18:29 +00:00
rossberg@chromium.org	fc71f7fdb3	Fix inaccurate type condition in Hydrogen R=bmeurer@chromium.org BUG=chromium:412210 LOG=Y Review URL: https://codereview.chromium.org/550453003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 12:13:34 +00:00
jkummerow@chromium.org	bd97fcaed0	Fix regress-crbug-412203.js R=ulan@chromium.org Review URL: https://codereview.chromium.org/563733002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23869 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 11:47:39 +00:00
jkummerow@chromium.org	11f7584d0a	Fix ElementsKind handling of prototypes in Array.concat Double elements, typed elements, and sloppy arguments elements were all erroneously marked UNREACHABLE. BUG=chromium:412203 LOG=n R=ulan@chromium.org Review URL: https://codereview.chromium.org/560463002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 10:04:13 +00:00
ulan@chromium.org	d66ed1176f	Don't inline Array functions if receiver map is not extensible. BUG=405517 LOG=N TEST=mjsunit/regress/regress-crbug-405517.js R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/552333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23828 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 09:22:13 +00:00
ulan@chromium.org	99301fc8c5	Fix regress-411210 after r23824. BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/559863004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 08:48:40 +00:00
hpayer@chromium.org	ed37edc5c0	Remove guard page mechanism from promotion queue. BUG=chromium:411210 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/557243002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 07:51:29 +00:00
jarin@chromium.org	01d63e43b2	Handle non-object constants in HConstant::GetMonomorphicJSObjectMap. R=ulan@chromium.org BUG=chromium:412162 LOG=N Review URL: https://codereview.chromium.org/552243002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 12:58:34 +00:00
jkummerow@chromium.org	fd3e505fb6	Hydrogen: bailout when there is a throw statement in a non-effect context. This mirrors the behavior of the compilation pipeline before recent OptimizeFunctionOnNextCall changes. BUG=chromium:412208 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/558593002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 12:16:33 +00:00
yangguo@chromium.org	4b0c076052	Turn old space cons strings into regular external strings (not short). R=hpayer@chromium.org BUG=v8:3530 LOG=N Review URL: https://codereview.chromium.org/368223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 11:41:56 +00:00
jarin@chromium.org	83af12c21b	Harden OptimizeFunctionOnNextCall. BUG=411237 LOG=N R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/547553003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 15:13:44 +00:00
verwaest@chromium.org	1dddf69fdc	Allocate a new empty number dictionary when resetting elements BUG=410332 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/545773003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 11:38:22 +00:00
jarin@chromium.org	b74fae5511	Fix EvacuateJSFunction to obtain the target address from the forwarding pointer. R=mstarzinger@chromium.org BUG=410912 LOG=N Review URL: https://codereview.chromium.org/541353003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 09:38:04 +00:00
titzer@chromium.org	4923810a68	Remove redundant --always-full-compiler flag. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/538613006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 16:29:47 +00:00
jarin@chromium.org	1afada8d04	Ignore numbers as values of --expose-natives-as flag. R=yangguo@chromium.org BUG=408036 LOG=N Review URL: https://codereview.chromium.org/534943004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 15:05:06 +00:00
bmeurer@chromium.org	0baf275e20	Enforce correct number comparisons when inlining Array.indexOf. TEST=mjsunit/regress/regress-crbug-407946 BUG=407946 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/536393003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 12:25:57 +00:00
jarin@chromium.org	7572e779d0	Exclude LoadMutableDouble and FunctionBindArguments from fuzzing. BUG=409542,410262 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/535153002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-03 14:28:46 +00:00
verwaest@chromium.org	03b0237e1d	Fix loading non-configurable non-writable value from a constant with mismatching type feedback BUG=410209 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/534093003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-03 12:13:46 +00:00
jarin@chromium.org	a668cd6fc8	Context deoptimization and removal of the deoptimization block in Turbofan This adds context deoptimization to Turbofan and Crankshaft (also submitted separately as https://codereview.chromium.org/515723004/). The second patchset removes the deoptimization/continuation block from calls. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/522873002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23547 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-01 09:31:14 +00:00
jarin@chromium.org	73da434b8e	Fix manual allocation folding of RegExpConstructResult. R=mstarzinger@chromium.org BUG=409533 LOG=N Review URL: https://codereview.chromium.org/532453003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-01 08:08:31 +00:00
verwaest@chromium.org	2a37ab79ad	Fixed inlining of constant values Use CopyToRepresentation to elide HForceRepresentation of HConstant BUG=v8:3529 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/507613002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-26 11:34:25 +00:00
yangguo@chromium.org	ba09fa35fd	Handle null receiver in sloppy mode in %GetFrameDetails. R=jarin@chromium.org BUG=405922 LOG=N Review URL: https://codereview.chromium.org/492303006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-22 12:55:23 +00:00
bmeurer@chromium.org	0142786cea	Don't inline Array.shift() if receiver map is not extensible. TEST=mjsunit/regress/regress-crbug-405517 BUG=405517 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/491863002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-21 06:23:44 +00:00
yangguo@chromium.org	f7947b8ec4	Fix --expose-debug-as with number as argument. R=jkummerow@chromium.org BUG=405491 LOG=N Review URL: https://codereview.chromium.org/468803004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-20 11:52:22 +00:00
hpayer@chromium.org	91599ffc6c	Do not install fillers when right trimming large objects. BUG= R=jarin@chromium.org Review URL: https://codereview.chromium.org/487703002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-19 08:35:39 +00:00
jkummerow@chromium.org	dacca11cb9	Correctly handle holes when concat()ing double arrays BUG=chromium:403409 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/468863003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-18 08:51:35 +00:00
dslomov@chromium.org	eebb61a3f9	Fix OrderedHashTabelIterator accessors. They might be undefined for uninitialized iterators. The rest of the code is ready for this eventuality. R=arv@chromium.org, adamk@chromium.org BUG=403292 LOG=N Review URL: https://codereview.chromium.org/468813003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-14 10:24:19 +00:00
yangguo@chromium.org	413b20b6c1	Make %DebugPushPromise more robust wrt fuzzing. If %DebugPushPromise and throwing is called outside its intended context, we may encounter assertion failures. R=hpayer@chromium.org BUG=401915 LOG=N Review URL: https://codereview.chromium.org/453933002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-11 07:59:10 +00:00
adamk@chromium.org	bcf8b05072	Enable ES6 Map and Set by default In doing so also remove all references to the --harmony-collections flag. Due to the way context snapshotting works, it's not possible to simply enable the flag by default. Depends on ES6 Symbols: https://codereview.chromium.org/421313004 BUG=v8:1622 LOG=Y R=arv@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/427723002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-05 19:37:32 +00:00
adamk@chromium.org	d8c30bd8e7	Enable ES6 Symbols by default In doing so also remove all references to the --harmony-symbols flag. Due to the way context snapshotting works, it's not possible to simply enable the flag by default. BUG=v8:2158 LOG=Y R=dslomov@chromium.org Review URL: https://codereview.chromium.org/421313004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-04 18:17:54 +00:00
mstarzinger@chromium.org	57c315d0b3	Fix handling of potential string additions in hydrogen. R=titzer@chromium.org TEST=mjsunit/regress/regress-3476 BUG=v8:3476 LOG=N Review URL: https://codereview.chromium.org/423083004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 14:53:11 +00:00
verwaest@chromium.org	f08d2690c6	Fix Object.freeze with field type tracking. Keep the descriptor properly intact while update the field type. BUG=v8:3458 LOG=y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/424093002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 13:30:29 +00:00
mvstanton@chromium.org	6980c4277c	CallIC customization stubs must accept that a vector slot is cleared. The CallIC Array custom IC stub read from the type vector, expecting to get an AllocationSite. But there are paths in the system where a type vector can be re-created with default values, even though we currently grant an exception to clearing of vector slots with AllocationSites in them at gc time. BUG=392114 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/418023002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 11:53:30 +00:00
danno@chromium.org	afcfa7d2b7	Keep new arrays allocated with 'new Array(N)' in fast mode (revisited) Also explicit length setting with a.length = N should remain in fast mode. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/416403002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-28 13:12:26 +00:00
verwaest@chromium.org	60df9dabad	In GrowMode, force the value to the right representation to avoid deopts between storing the length and storing the value. BUG=16459193 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/419683004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-25 11:48:25 +00:00
verwaest@chromium.org	77a37e44f6	Fix issue with setters and their holders in accessors.cc BUG=3462 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/417793002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 16:42:54 +00:00
danno@chromium.org	b5a5148260	Revert 22595: "Keep new arrays allocated with 'new Array(N)' in fast mode" Due to failures in mjsunit/array-functions-prototype-misc TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/417953004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 13:38:05 +00:00
danno@chromium.org	ac89b17813	Keep new arrays allocated with 'new Array(N)' in fast mode Also explicit length setting with a.length = N should remain in fast mode. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/397593008 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 12:08:23 +00:00
verwaest@chromium.org	6798779031	Fix ArrayLengthSetter to not throw on non-extensible receivers. BUG=v8:3460 LOG=n R=ishell@chromium.org Review URL: https://codereview.chromium.org/411983003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-23 20:27:32 +00:00
danno@chromium.org	1d2a4b8333	Remove experimental flags that are now required R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/397253002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-18 07:17:21 +00:00
rodolph.perfetta@arm.com	56ec59bd26	ARM64: always restore regexp register cache after a C function call. BUG=v8:3444 TEST=mjsunit/regress/regress-regexp-nocase.js LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/392403002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22443 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-17 09:55:48 +00:00
yangguo@chromium.org	49ae3081d2	Error.captureStackTrace should define "stack" property as configurable. R=verwaest@chromium.org BUG=393988 LOG=N Review URL: https://codereview.chromium.org/396063008 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-16 07:55:05 +00:00
verwaest@chromium.org	1d55a634a9	Replace AddProperty by AddNamedProperty to speed up the common case BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/384003003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-14 14:05:30 +00:00
verwaest@chromium.org	aa7198dfdd	This CL simplifies var / const by ensuring the behavior is consistent in itself, and with regular JS semantics; between regular var/const and eval-ed var/const. Legacy const is changed so that a declaration declares a configurable, but non-writable, slot, and the initializer reconfigures it (when possible) to non-configurable non-writable. This avoids the need for "the hole" as marker value in JSContextExtensionObjects and GlobalObjects. Undefined is used instead. BUG= R=rossberg@chromium.org Review URL: https://codereview.chromium.org/379893002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-14 14:01:04 +00:00
jarin@chromium.org	457de26330	Fix arm64 deoptimization from double registers (reverts r20613). This reverts "ARM64: Use pair memory access in deoptimizer entry", r20613. It does not really make sense to micro-optimize the deoptimizer as it is the ultra-slow path. Moreover, the original code was easier to read (in addition to being correct). BUG=391313 LOG=N R=ulan@chromium.org Review URL: https://codereview.chromium.org/389583003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-11 19:30:09 +00:00
mstarzinger@chromium.org	50beec9738	Follow-up to a pre-existing regression test. R=yangguo@chromium.org BUG=v8:1530,v8:1872 TEST=mjsunit/regress/regress-1530 LOG=N Review URL: https://codereview.chromium.org/378233006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-09 10:23:58 +00:00
verwaest@chromium.org	ad6202d989	Fix computed properties on object literals with a double as propertyname. BUG=390732 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/371973002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-07 17:08:54 +00:00
yangguo@chromium.org	a0c10d119a	Revert "Turn old space cons strings into regular external strings (not short)." This reverts commits r22192 and r22194. TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/367113003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-03 12:24:41 +00:00
yangguo@chromium.org	6574f33d2a	Turn old space cons strings into regular external strings (not short). R=hpayer@chromium.org Review URL: https://codereview.chromium.org/368223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-03 11:46:31 +00:00
ishell@chromium.org	2fba190240	One of the fast cases in JSObject::MigrateFastToFast() should not be taken if the number of fields did not change. BUG=chromium:390918 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/363073002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 19:10:19 +00:00
yangguo@chromium.org	f353ff668a	Harden Runtime_LiveEditCheckAndDropActivations against unsafe args. R=jarin@chromium.org BUG=390925 LOG=N Review URL: https://codereview.chromium.org/362983004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 15:09:44 +00:00
yangguo@chromium.org	44d6ef37ab	Reland "Fix stack trace accessor behavior." BUG=v8:3404 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/349033007 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 14:18:10 +00:00
yangguo@chromium.org	5d408ee73d	Revert "Fix stack trace accessor behavior." This reverts r22089. TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/360033002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-30 13:16:42 +00:00
yangguo@chromium.org	e1d80e2858	Fix stack trace accessor behavior. R=verwaest@chromium.org BUG=v8:3404 LOG=N Review URL: https://codereview.chromium.org/343563009 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-30 11:48:20 +00:00
verwaest@chromium.org	8945c69855	Don't leak the global object in the Function constructor. BUG= R=dcarney@chromium.org Review URL: https://codereview.chromium.org/359713005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 13:50:37 +00:00
verwaest@chromium.org	63431b23d1	Split SetProperty(...attributes, strictmode) into DefineProperty(...attributes) and SetProperty(...strictmode) BUG= R=rossberg@chromium.org Review URL: https://codereview.chromium.org/351853005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 13:48:37 +00:00
yangguo@chromium.org	0133d96be3	Remove script collected debug event. R=yurys@chromium.org Review URL: https://codereview.chromium.org/358873005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22063 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 12:10:43 +00:00
yangguo@chromium.org	58bf19e9d5	Remove bogus assertions in HCompareObjectEqAndBranch. R=jkummerow@chromium.org, danno@chromium.org BUG=387636 LOG=Y Review URL: https://codereview.chromium.org/331863015 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21959 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-24 09:33:05 +00:00
yangguo@chromium.org	438f49a322	Do not eagerly update allow_osr_at_loop_nesting_level. Having debug break points prevents OSR. That causes allow_osr_at_loop_nesting_level and the actually patched state to go out of sync. R=jkummerow@chromium.org BUG=387599 LOG=Y Review URL: https://codereview.chromium.org/346223007 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-24 09:31:30 +00:00
yangguo@chromium.org	2411bc9447	Harden %FunctionBindArguments wrt optimized code cache. R=jkummerow@chromium.org BUG=387627 LOG=N Review URL: https://codereview.chromium.org/345463005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 13:17:42 +00:00
mvstanton@chromium.org	c0179a50da	Re-land "Clusterfuzz identified overflow check needed in dehoisting." BUG=380092 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/335063005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 09:09:05 +00:00
jarin@chromium.org	e56faa9909	Add missing map check to optimized f.apply(...) This is a cutdown version of https://codereview.chromium.org/346473002/, which aimed to fix f.call and f.apply. Optimized f.call was removed by r21887, this is what was left. BUG=386034 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/348623002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 05:50:06 +00:00
jkummerow@chromium.org	1d35d6d871	Array.concat: properly go to dictionary mode when required BUG=chromium:387031 LOG=y R=danno@chromium.org Review URL: https://codereview.chromium.org/342333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-20 15:40:21 +00:00
yangguo@chromium.org	11368af66d	Interrupts must not mask stack overflow. R=jarin@chromium.org BUG=385002 LOG=N Review URL: https://codereview.chromium.org/339883002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-17 13:54:49 +00:00
jarin@chromium.org	f69bb7fcc3	Do not eliminate bounds checks for "<const> - x". Before this change, bounds check elimination treated "<const> - x" as "x - <const>". R=yangguo@chromium.org BUG=385054 TEST=test/mjsunit/regress/regress-385054.js LOG=N Review URL: https://codereview.chromium.org/339583003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:43:50 +00:00
bmeurer@chromium.org	2591003da5	Add unit test for regression in GVN caused by field type tracking. BUG=v8:3347 LOG=n R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/333273004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:21:42 +00:00
bmeurer@chromium.org	4642c2e18c	Revert "GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same." This reverts commit r21830 for tanking performance on Deltablue. TBR=ishell@chromium.org Review URL: https://codereview.chromium.org/336223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:03:59 +00:00
jkummerow@chromium.org	aae24ae40b	Fix representation of Phis for mutable-heapnumber-in-object-literal properties BUG=v8:3392 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/328343004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 08:41:29 +00:00
ishell@chromium.org	41e9d916c4	GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/331493006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-13 07:51:45 +00:00
svenpanne@chromium.org	2931f09144	Fix unsigned comparisons. Instead of marking the comparison instruction itself as Uint32, we look at its arguments. This is more consistent what HChange does. BUG=v8:3380 TEST=mjsunit/regress/regress-3380 LOG=y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/325133004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-11 09:09:15 +00:00
bmeurer@chromium.org	0fcd89161b	Fix invalid attributes when generalizing because of incompatible map change. BUG=382143 LOG=y TEST=mjsunit/regress/regress-382143 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/324933003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 12:24:54 +00:00
ishell@chromium.org	6dc967e2e0	Bugfix in inlined versions of Array.indexOf() and Array.lastIndexOf() with a regression test. BUG=chromium:381534 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/319343002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 09:01:45 +00:00
bmeurer@chromium.org	7eea77bc5c	Fix missing smi check in inlined indexOf/lastIndexOf. BUG=382513 LOG=y R=danno@chromium.org Review URL: https://codereview.chromium.org/313233005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 04:26:15 +00:00
mvstanton@chromium.org	2714fd2399	Revert "Re-land Clusterfuzz identified overflow check needed in dehoisting." This reverts commit r21712 TBR=danno@chromium.org Review URL: https://codereview.chromium.org/315843005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 13:16:24 +00:00
mvstanton@chromium.org	c0cb82274c	Re-land Clusterfuzz identified overflow check needed in dehoisting. Overflow check needs to be smarter. BUG=380092 R=danno@google.com, danno@chromium.org LOG=N Review URL: https://codereview.chromium.org/317963004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 13:00:07 +00:00
mvstanton@chromium.org	35933119fe	Revert "Clusterfuzz identified overflow check needed in dehoisting." This reverts commit r21708, due to ASAN-reported issue. TBR=danno@chromium.org Review URL: https://codereview.chromium.org/318073002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 09:47:14 +00:00
mvstanton@chromium.org	7d2d0839ad	Clusterfuzz identified overflow check needed in dehoisting. BUG=380092 R=danno@chromium.org LOG=N Review URL: https://codereview.chromium.org/315593002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 09:12:16 +00:00
bmeurer@chromium.org	9244429707	Fix invalid loop condition for Array.lastIndexOf(). BUG=380512 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/313073003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-04 08:21:39 +00:00
mvstanton@chromium.org	d19aaa2b1c	Revert "Reland "Make 'name' property on functions configurable."" This reverts commit r21609 due to browser test failures. TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/313583002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 11:52:07 +00:00
mvstanton@chromium.org	848a9af6b4	%ObjectFreeze needs to exclude non-fast-path objects. ClusterFuzz will call it with sloppy arguments and similar cases. BUG=380049 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/315533002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 07:59:36 +00:00
mvstanton@chromium.org	adeaedf547	When flag --nouse-osr is set, don't allow osr from hidden runtime calls. BUG=379770 R=yangguo@chromium.org LOG=N Review URL: https://codereview.chromium.org/310773003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 07:45:40 +00:00
adamk@chromium.org	509a1a405c	ES6: Add support for values/keys/entries for Map and Set This allows code like this: var map = new Map(); map.set(1, 'One'); ... var iter = map.values(); var res; while (!(res = iter.next()).done) { print(res.value); } BUG=v8:1793 LOG=Y R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/259883002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 00:34:01 +00:00
mstarzinger@chromium.org	d6500b6cf7	Reland "Make 'name' property on functions configurable." R=rossberg@chromium.org BUG=v8:3333 LOG=N Review URL: https://codereview.chromium.org/303463006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-02 13:35:26 +00:00
bmeurer@chromium.org	5cd009a004	HRor and HSar can deoptimize. BUG=v8:3359 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/309483002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-30 16:12:25 +00:00
mvstanton@chromium.org	8c54a373dd	Changing the attributes of a data property implemented with ExecutableAccessorInfo turns the property into a field. Better to keep it as a callback, and correctly deal with the changed property attributes. R=ulan@chromium.org Review URL: https://codereview.chromium.org/262053011 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-28 09:58:27 +00:00
mstarzinger@chromium.org	6b33e50701	Revert "Make 'name' property on functions configurable." R=danno@google.com, danno@chromium.org Review URL: https://codereview.chromium.org/297163009 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-27 15:00:26 +00:00
yangguo@chromium.org	94b4aef7d6	Fix arm64 gc stress issue. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/306483002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-27 06:35:45 +00:00
mvstanton@chromium.org	d755611e93	Reland "Customized support for feedback on calls to Array." and follow-up fixes. Comparing one CallIC::State to another was not done correctly, leading to a failure to patch a CallIC when transitioning from monomorphic Array to megamorphic. BUG=chromium:377198,chromium:377290 LOG=Y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/305493003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-26 13:59:24 +00:00
mstarzinger@chromium.org	82b3b2a367	Make 'name' property on functions configurable. R=rossberg@chromium.org BUG=v8:3333 LOG=N Review URL: https://codereview.chromium.org/296413003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-26 11:42:56 +00:00
yangguo@chromium.org	32f433c12e	Fix leak in debug mirror cache. When fetching loaded scripts, mirror objects are created and cached. If the cache is not cleared, it holds script objects alive. This also fixes a minor issue with script unloading. R=ulan@chromium.org BUG=376534 LOG=N Review URL: https://codereview.chromium.org/296953005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-26 07:05:56 +00:00
mstarzinger@chromium.org	cf448aa15f	Fix representation inference for mutable double boxes. R=jarin@chromium.org BUG=v8:3307 TEST=mjsunit/regress/regress-3307 LOG=N Review URL: https://codereview.chromium.org/298723014 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21467 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-23 14:02:08 +00:00
jarin@chromium.org	3d0bf69cd8	Attempt no. 3 to fix Heap::IsHeapIterable and HeapIterator. Now we remember new space's top pointer after the last GC to find out if there was a new space allocation since the last GC. Unfortunately, this not completely safe - the debugger has a callback hook (that can call to JS) at the end of the GC epilogue that can in theory allocate and possibly make the heap non-iterable. We can only hope this does not happen. BUG=373283 R=hpayer@chromium.org LOG=N Review URL: https://codereview.chromium.org/291193005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-22 11:13:37 +00:00
jarin@chromium.org	02f1a1b987	Revert "Fix Heap::IsHeapIterable." (again) This reverts commit r21397. TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/299813002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21404 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-21 09:49:18 +00:00
jkummerow@chromium.org	58661c150f	Fix ArrayShift hydrogen support BUG=chromium:374838 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/299713003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-21 08:51:29 +00:00
jarin@chromium.org	58a130da6e	Reland "Fix Heap::IsHeapIterable." This relands r21388 (+ handlification of an offending function). BUG=373283 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/294903003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-21 06:44:38 +00:00
jarin@chromium.org	014bf8b407	Revert "Fix Heap::IsHeapIterable." This reverts commit r21387. TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/291193002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-20 14:03:38 +00:00
jarin@chromium.org	dd4c82bbb3	Fix Heap::IsHeapIterable. We only consider heap iterable if the new space is empty (in addition to the exisiting old space check). The change also moves the iterability forcing + allocation prevention gadgets to HeapIterator so that it is impossible to miss them when iterating the heap. R=hpayer@chromium.org BUG=373283 LOG=N Review URL: https://codereview.chromium.org/285693006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-20 13:19:21 +00:00
jarin@chromium.org	c3cd2f0301	Fix %SetFlags("--stress-compaction") BUG=369943 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/261253006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 10:39:08 +00:00
jarin@chromium.org	cbf8c3f460	Make escape analysis preserve all representations required by HCompareNumericAndBranch. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/257803012 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 08:43:18 +00:00
adamk@chromium.org	fb70df076b	Object.observe: avoid accessing acceptList properties more than once BUG=v8:3315 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/270763003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 18:22:28 +00:00
jarin@chromium.org	3976ebef93	Make new space iterable for --log-gc and --heap-stats options R=hpayer@chromium.org BUG=370827 TEST=test/mjsunit/regress/regress-370827.js LOG=N Review URL: https://codereview.chromium.org/272503005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21209 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 09:23:10 +00:00
hpayer@chromium.org	de21c8a245	Simplify ConfigureHeap and change --max_new_space_size to --max_semi_space_size. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/271843005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21204 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 08:38:27 +00:00
ulan@chromium.org	8999a006be	Fix index register assignment in LoadFieldByIndex for arm, arm64, and mips. This instruciton clobbers the index register. BUG=368243 LOG=N TEST=mjsunit/regress/regress-368243 R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/269273003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-08 08:51:51 +00:00
rossberg@chromium.org	ae0a36ee32	Re^3-land "Ship promises and weak collections" R=jochen@chromium.org BUG= Review URL: https://codereview.chromium.org/266243003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-06 14:48:34 +00:00
ishell@chromium.org	9be0c4d378	Fixed jump in non-SSE4.1 implementation of LMathFloor instruction on x64. BUG=chromium:370384 LOG=N R=ulan@chromium.org Review URL: https://codereview.chromium.org/261853009 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-06 14:20:46 +00:00
hpayer@chromium.org	dde49c9dc3	Set max new space size in tests to proper MB value. Revert "Limit old space size in test which require a large new space." This reverts commit r21103. Revert "Remove max space limits in tests." This reverts commit r21104. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/263103006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-05 16:48:33 +00:00
ishell@chromium.org	b4c1eda032	Checks for empty array case added before casting elements to FixedDoubleArray. BUG=chromium:369450 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/264973008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-02 11:30:24 +00:00
svenpanne@chromium.org	7bfc426fc9	Object.defineProperty shouldn't be a hint that we're constructing a dictionary. BUG=362870 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/261583004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-02 06:02:00 +00:00
hpayer@chromium.org	56d0b9757e	Remove max space limits in tests. BUG= Review URL: https://codereview.chromium.org/263703003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21104 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 19:32:47 +00:00
hpayer@chromium.org	3dd05f8fc7	Limit old space size in test which require a large new space. BUG= Review URL: https://codereview.chromium.org/265673003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21103 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 18:57:25 +00:00
mvstanton@chromium.org	5e2ee2bac2	A new test needs to exit early on non-internationalization builds. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/265513003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 09:04:17 +00:00
mstarzinger@chromium.org	129c58c47d	Fix some more missing ToObject on Array.prototype. R=mvstanton@chromium.org BUG= Review URL: https://codereview.chromium.org/254103002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 08:52:00 +00:00
mvstanton@chromium.org	0c3e70a3b6	Bugfix: internationalization routines fail on monkeypatching. Calls to Object.defineProperty() and Object.apply() are not safe. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/253903003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 07:36:12 +00:00
yangguo@chromium.org	1a9649ae13	Error stack getter should not overwrite itself with a data property. R=ulan@chromium.org BUG=v8:3294 LOG=Y Review URL: https://codereview.chromium.org/258933007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-28 12:14:36 +00:00
jarin@chromium.org	ff884e06ae	Fix materialization of accessor frames with captured receivers I have fixed skipping of the receiver object to materialize captured objects. This is done with a new DoTranslateSkip method. We should consider unifying DoTranslateSkip, DoTranslateObject and DoTranslateCommand as they do the almost the same thing - they only differ in where they store the result. The change also turns bunch of ASSERTs into CHECKs. R=mstarzinger@chromium.org BUG=359441 TEST=test/mjsunit/regress/regress-359441.js LOG=N Review URL: https://codereview.chromium.org/225283006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 12:58:15 +00:00
jarin@chromium.org	d557425a0c	Preserve Smi representation of non-escaping fields. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/251493004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 11:29:02 +00:00
verwaest@chromium.org	d2179f2062	Don't adopt the AST id from previous if id is none, since previous may have mismatching expected stack height. Additionally, harden merging of simulates after instructions with side effects and ensure there's a simulate before HEnterInlined. R=jarin@chromium.org Review URL: https://codereview.chromium.org/252583004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 09:52:11 +00:00
hpayer@chromium.org	20107bf2d8	Remove lazy sweeping. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/254603002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 09:50:42 +00:00
verwaest@chromium.org	a55821eef2	Mark the simulate before EnterInlined with BailoutId::None(), and set ReturnId on EnterInlined. When merging simulates into the simulate before enter-inlined, adopt the last AST id that gets merged into it. BUG=v8:3282 LOG=n R=titzer@chromium.org Review URL: https://codereview.chromium.org/257583004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 15:20:53 +00:00
bmeurer@chromium.org	052f9e9b6d	Make DescriptorArray::IsMoreGeneralThan() and DescriptorArray::Merge() compatible again. BUG=365172 LOG=y TEST=mjsunit/regress/regress-365172-[1-3] R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/255513005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 08:07:14 +00:00
jarin@chromium.org	8c57b45042	Fix C++ type of Factory::NewFixedDoubleArray. The change fixes the C++ type of Factory::NewFixedDoubleArray to reflect the empty array case, where we return an empty FixedArray (rather than FixedDoubleArray). R=mvstanton@chromium.org BUG= Review URL: https://codereview.chromium.org/249593002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 05:29:00 +00:00
wingo@igalia.com	2194f3f858	Move bug 3280 regression test to mjsunit/harmony R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/248483004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 15:01:30 +00:00
mstarzinger@chromium.org	66ec299808	Fix ToObject and Object.isSealed in four Array builtins. R=mvstanton@chromium.org TEST=mjsunit/regress/regress-builtinbust-6 Review URL: https://codereview.chromium.org/240223006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 12:48:32 +00:00
jarin@chromium.org	783eb25a8c	Avoid setting transitions in-place for cached maps when observed R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/246523004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 09:21:24 +00:00
adamk@chromium.org	71750f7be8	Fix issue with Map/SetIterator and types BUG=v8:3281 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/246993003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-22 18:14:46 +00:00
wingo@igalia.com	a2ac40aca7	Context-allocate all parameters in generators Generator function scopes have forced context allocation. Ensure that all variables in such scopes get context allocation -- even unused variables. This fixes an assertion when reifying generator scopes in the debugger. R=yangguo@chromium.org LOG=Y BUG=v8:3280 Review URL: https://codereview.chromium.org/246733003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-22 11:34:16 +00:00
bmeurer@chromium.org	63a477b29b	Clear invalid field maps in PropertyAccessInfo. BUG=363956 TEST=mjsunit/regress/regress-363956 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/239623005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-16 09:48:32 +00:00
mstarzinger@chromium.org	e51d6462a7	Fix bogus call to Object.hasOwnProperty in Array builtin. R=mvstanton@chromium.org TEST=mjsunit/regress/regress-builtinbust-5 Review URL: https://codereview.chromium.org/239033002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-15 12:52:41 +00:00
mstarzinger@chromium.org	39137c81e6	Fix bogus Object.isSealed check in some Array builtins. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/237253002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-15 08:25:42 +00:00
ulan@chromium.org	8b445aaa5f	Fix result of LCodeGen::DoWrapReceiver for strict functions and builtins. BUG=362128 LOG=Y TEST=mjsunit/regress/regress-362128 R=jacob.bramley@arm.com Review URL: https://codereview.chromium.org/226363007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-14 11:58:18 +00:00
mstarzinger@chromium.org	b280ad6c44	Try to switch Array builtins into strict mode. R=rossberg@chromium.org TEST=mjsunit,test262,webkit Review URL: https://codereview.chromium.org/233083003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-14 11:24:40 +00:00
ulan@chromium.org	4268ce0abd	Check stack limit in ArgumentAdaptorTrampoline. BUG=353058 LOG=N TEST=mjsunit/regress/regress-353058 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/215853005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 13:39:19 +00:00
ulan@chromium.org	49d951d043	Do not call user defined getter of Error.stackTraceLimit. Handlify GetNormalizedProperty. BUG=360733 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/233243005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 13:16:36 +00:00
jarin@chromium.org	166ec11e43	Avoid type assertion on object comparison in Hydrogen - the comparison is unreachable because of previous checks. BUG= R=yangguo@chromium.org Review URL: https://codereview.chromium.org/232053004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 06:45:24 +00:00
jarin@chromium.org	fd988331ea	There is no definition for HArgumentsObject, so LDummyUse confuses the register allocator. I have recently made similar fix for HCapturedObject (see https://codereview.chromium.org/222283002/). BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/226613007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 06:29:51 +00:00
svenpanne@chromium.org	5bddec047d	Do not use ranges after range analysis. Due to the SSA vs. SSI difference, we are only allowed to use the flags computed during range analysis, not the ranges themselves. For the case at hand, there is no such flag, so the condition is simply remvoed. BUG=361608 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/232553004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-10 09:40:17 +00:00
jarin@chromium.org	008a70c47b	Revert "Make new space iterable when transitioning double array to objects" This reverts r20603. BUG= Review URL: https://codereview.chromium.org/230863003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 13:39:03 +00:00
jarin@chromium.org	57d70c149c	Avoid hydrogen compare-objects-equal assertions in dead code ClusterFuzz test is triggering assertions for dead code. This fix issues HDeoptimize instruction when it finds out that the compare instruction is dead (because of previous checks). R=yangguo@chromium.org BUG=359491 LOG=N Review URL: https://codereview.chromium.org/228883005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 13:08:28 +00:00
yangguo@chromium.org	4df132a878	Fix argument expectation Runtime_StringParseInt. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/230693002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 12:33:51 +00:00
jarin@chromium.org	69d5b3c155	Make new space iterable when transitioning double array to objects R=hpayer@chromium.org BUG= Review URL: https://codereview.chromium.org/228643002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 09:50:08 +00:00
mstarzinger@chromium.org	e3aec7a587	Fix return value of push() and unshift() on Array.prototype. R=ulan@chromium.org TEST=mjsunit/regress/regress-builtinbust-3 Review URL: https://codereview.chromium.org/230453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 09:14:56 +00:00
jarin@chromium.org	05670b63bf	Add stack overflow check for inlined property getter We should check for overflow for each inlined property getter; otherwise, we can get an overflow from inlining property getter while still having pending overflow exception from some previous inlined getter (in the same polymorphic access). R=verwaest@chromium.org TEST=test/mjsunit/regress/regress-inline-getter-near-stack-limit.js Review URL: https://codereview.chromium.org/220813003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 07:35:12 +00:00
bmeurer@chromium.org	48e0d81205	Fix invalid local property lookup for transitions. BUG=361025 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/224903023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-08 09:36:04 +00:00
jarin@chromium.org	c19764595f	Dead code elimination of inlined arguments objects causes wrong deopt info to be generated - instead of materializing the arguments, we get 'undefined'. Golem says the change is perf-neutral. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/208683006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-07 08:42:34 +00:00
svenpanne@chromium.org	814be9b1b6	Yet another regression test for range analysis. BUG=v8:3204 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/224723016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-07 08:04:25 +00:00
mvstanton@chromium.org	eaacd968f1	Fix for v8:3255 Grow KeyedStoreIC doesn't respect String value wrappers BUG=v8:3255 LOG=N R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/226053002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-07 07:52:24 +00:00
hpayer@chromium.org	5230d8d330	Make sure value is a heap number when reusing the double box in BinaryOpICStub. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/216823005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-04 08:46:49 +00:00
mstarzinger@chromium.org	775d9b022f	Use premordial Object.isSealed/isFrozen in builtins. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/223473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-03 12:23:35 +00:00
jarin@chromium.org	fe37026116	When freezing global object, go through the property cell R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/223613002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20469 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-03 10:43:56 +00:00
jarin@chromium.org	42d2d3cb9d	Do not generate LDummyUse instruction for HCapturedObject LDummyUse confuses the register allocator (since there is no definition for the use). R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/222283002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-03 07:35:13 +00:00
jarin@chromium.org	0b53ed2d2b	Check in Lithium that allocation size in Smi range. This is to avoid triggering an assertion from Smi::FromInt. The generated code is unreachable, so it is not a real bug. R=ulan@chromium.org BUG= Review URL: https://codereview.chromium.org/221743005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-03 07:04:46 +00:00
jkummerow@chromium.org	511edabed2	Fix HGraphBuilder::BuildAddStringLengths length == String::kMaxLength is fine and should not bail out. BUG=chromium:357052 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/222113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-02 12:24:42 +00:00
dslomov@chromium.org	19c354b7b0	Support typed arrays in IsMoreGeneralElementsKindTransition. R=verwaest@chromium.org BUG=357054 LOG=Y Review URL: https://codereview.chromium.org/220403004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20410 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 16:41:35 +00:00
yangguo@chromium.org	64901004be	Smi immediates are not supported on x64. Do not use it. R=jkummerow@chromium.org BUG=358059 LOG=N Review URL: https://codereview.chromium.org/217083003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 15:32:06 +00:00
mvstanton@chromium.org	d93c906acc	Monomorphic prototype failures should be reserved for already-seen keys. We incorrectly mark a KeyedStoreIC miss as a monomorphic prototype failure even though it's the first time a particular (string) key has been seen. BUG=358088 R=verwaest@chromium.org LOG=N Review URL: https://codereview.chromium.org/219313002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 14:16:54 +00:00
yangguo@chromium.org	10abff3498	Remove internalized cons string types. Currently, internalizing a cons string could result in either an in-place converted internalized cons string or a newly created internalized sequential string, depending on allocation success. The former could end up being embedded into an IC, which is not supported. R=mstarzinger@chromium.org BUG=357103 LOG=N Review URL: https://codereview.chromium.org/218993011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 11:30:31 +00:00
jarin@chromium.org	5607582f3b	We should perform the illegal redeclaration check earlier so that we do not confuse the AST typer with missing type feedback nodes. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/218493007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 16:45:46 +00:00
rossberg@chromium.org	282a7ca14e	Fix Type::Intersect to skip uninhabited bitsets R=verwaest@chromium.org, bmeurer@chromium.org BUG=chromium:357330 LOG=Y Review URL: https://codereview.chromium.org/219333003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:53:21 +00:00
dslomov@chromium.org	b3148d921e	Fix PrepareKeyedOperand on arm. When additional_offset is specified, the 'key' operand can be negative and still pass the bounds check. Therefore, when converting key from Smi, arithmetic and not logical shift must be used. R=verwaest@chromium.org BUG=358057 LOG=Y Review URL: https://codereview.chromium.org/219473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:14:28 +00:00
jarin@chromium.org	d02e1f2c25	Fix left trimming check for large objects BUG=358090 TEST=test/mjsunit/regress/regress-358090.js LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/213833008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:01:46 +00:00
verwaest@chromium.org	019e27d8db	Reland and fix "Fix LoadFieldByIndex to take mutable heap-numbers into account."" BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/218663005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 14:21:04 +00:00
yangguo@chromium.org	c0fa861726	Do not check for interrupt when allocating stack locals. R=dcarney@chromium.org BUG=357137 LOG=N Review URL: https://codereview.chromium.org/219373004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20357 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 14:14:54 +00:00
jochen@chromium.org	163044e7ba	Revert 20348 - "Fix LoadFieldByIndex to take mutable heap-numbers into account." Reason for revert: crashes benchmarks/sunspider/string-fasta on ia32.debug This also reverts r20350 and r20352 > Fix LoadFieldByIndex to take mutable heap-numbers into account. > > BUG= > R=ishell@chromium.org > > Review URL: https://codereview.chromium.org/213213002 BUG=none LOG=n TBR=verwaest@chromium.org Revert "Use sarq on x64" This reverts commit e2a8ef9321345c6bc091054443bf2b9535ff6b1c. Revert "Don't \| int and bool" This reverts commit c90d713d3a8ceba4fec41933a63beb6e50a3d7c0. Review URL: https://codereview.chromium.org/219393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 13:23:32 +00:00
jochen@chromium.org	b7039334ae	Revert 20313 - "Ship promises and weak collections" > R=mstarzinger@chromium.org > BUG= > > Committed: https://code.google.com/p/v8/source/detail?r=20211 > > Review URL: https://codereview.chromium.org/206163004 R=rossberg@chromium.org TBR=rossberg@chromium.org LOG=y BUG=n Review URL: https://codereview.chromium.org/219303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 12:40:32 +00:00
verwaest@chromium.org	55a6318560	Fix LoadFieldByIndex to take mutable heap-numbers into account. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/213213002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 11:59:29 +00:00
jarin@chromium.org	d65fe51ca0	Add missing lazy deopt point for the TransitionElementsKind instruction. R=mvstanton@chromium.org, yangguo@chromium.org BUG=357105 TEST=test/mjsunit/regress/regress-357105.js LOG=N Review URL: https://codereview.chromium.org/216963002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 11:58:53 +00:00
jarin@chromium.org	9e655afdb4	Reland "Fix property enum cache creation to include only own properties" Reland r20308 (reverted by r20310). TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/216383003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 06:59:20 +00:00
adamk@chromium.org	c2bbd9f9e2	Don't pass the hole to SetElement when creating Array.observe change records Also added comments to remind us why we were using the hole here in the first place (it's used for the case where Object.observe, rather than Array.observe, has been called on Array that's undergoing truncation). BUG=356589 LOG=N R=rossberg@chromium.org Review URL: https://codereview.chromium.org/213823002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20316 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 18:29:07 +00:00
rossberg@chromium.org	826cf64fd3	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Committed: https://code.google.com/p/v8/source/detail?r=20211 Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:42:34 +00:00
jarin@chromium.org	af74f1206e	Revert "Fix property enum cache creation to include only own properties" This reverts commit 4cf47a20b4846cf050ea4844433e9c57654da34e. BUG= Review URL: https://codereview.chromium.org/214893002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:18:42 +00:00
jarin@chromium.org	4608bdeccc	With this fix, we only create the enum cache for own property descriptors (originally we cached all descriptors in the map). The problem was that the size of all descriptors could be trimmed during GC triggered by allocating the storage for the cache, so we could have ended up with a wrong storage size. This is really Toon's fix, I have only created a small repro case. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/212673011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 15:33:06 +00:00
dslomov@chromium.org	4cdfb46a6d	Fix JSObject::SetElement for fixed typed array elements. R=ulan@chromium.org BUG=357108 LOG=N Review URL: https://codereview.chromium.org/214543003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 12:54:26 +00:00
svenpanne@chromium.org	fe58e3d7b8	Removed 'executable' bits from mjsunit tests. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/214413006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 12:32:27 +00:00
jarin@chromium.org	10606aa756	Fix missing representation for the result of HIsSmiAndBranch. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/211273010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20280 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 13:14:08 +00:00
dslomov@chromium.org	f66af4feb4	Refactor optimized in hydrogen only runtime functions. This splits all runtime function into 3 categories: 1) RUNTIME: implemented in runtime and called from both full and optimized code. 2) RUNTIME_HIDDEN: implemented in runtime, never called directly from JS builtins. 3) INLINE: inlined in both full and optimized code 4) INLINE_OPTIMIZED: inlined in optimized code, implemented in runtime for full code. R=yangguo@chromium.org, yannguo@chromium.org Review URL: https://codereview.chromium.org/209353006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:26:55 +00:00
verwaest@chromium.org	c432f7166c	Don't convert dictionary sloppy arguments to fast double mode. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/207683006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:14:58 +00:00
ulan@chromium.org	cb0f49c18a	Add index check in DoAccessArgumentsAt. BUG=355523 LOG=N TEST=mjsunit/regress/regress-355523 R=jarin@chromium.org Review URL: https://codereview.chromium.org/210053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 13:26:41 +00:00
rossberg@chromium.org	2e1b16de2a	Revert "Ship promises and weak collections" Reason: breaks Blink layout tests. R=machenbach@chromium.org BUG= Review URL: https://codereview.chromium.org/210853003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 10:57:52 +00:00
yangguo@chromium.org	793d4cb0b6	Fix issues when changing FLAG_concurrent_recompilation after init. R=jarin@chromium.org BUG=356053 LOG=N Review URL: https://codereview.chromium.org/210363005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:38:48 +00:00
jarin@chromium.org	b765d3cdb9	Revert the (wrong) fix of the argument index check asserion. R=ishell@chromium.org BUG= Review URL: https://codereview.chromium.org/208423017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 21:32:19 +00:00
jarin@chromium.org	56f2006605	Fix to get around an assertion that triggers when generating code that happens to be dead because the assertion is checked a bit earlier at runtime. R=ishell@chromium.org BUG=355486 LOG=N Review URL: https://codereview.chromium.org/201573011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 20:51:36 +00:00
rossberg@chromium.org	33be68c2fa	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:59:04 +00:00
verwaest@chromium.org	e18e650582	Ensure the constant operand for heap-object store-named-field is not a smi. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/210193002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:25:48 +00:00
yangguo@chromium.org	9c0f5be8d1	Correctly convert micro-sign to its upper case. R=dcarney@chromium.org BUG=355485 LOG=N Review URL: https://codereview.chromium.org/209323007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20197 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 14:16:14 +00:00
ulan@chromium.org	fc2563f108	Visit return statement of inlined function in value context. BUG=354357 LOG=N TEST=mjsunit/regress/regress-354357.js R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/206413005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 12:14:44 +00:00
ulan@chromium.org	f20a9473f3	Ensure that lazy deopt sequence does not override calls. BUG=354433 LOG=N TEST=mjsunit/regress/regress-354433.js R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/198463006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 11:02:15 +00:00
jkummerow@chromium.org	2b722b663e	Fix polymorphic hydrogen handling of SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:354391 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/206073008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 16:25:24 +00:00
yangguo@chromium.org	c9d391d87f	Fix assertions wrt concurrent OSR. R=ulan@chromium.org Review URL: https://codereview.chromium.org/206473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 15:23:31 +00:00
ulan@chromium.org	41eab25615	A64: Fix write barrier input in KeyedStoreIC::GenerateSloppyArguments. This fixes flaky crashes in gc-stress bot: > Fatal error in ../src/incremental-marking.cc, line 84 > CHECK(obj->IsHeapObject()) failed BUG=353551 LOG=N TEST=test/mjsunit/regress/regress-353551.js R=m.m.capewell@googlemail.com Review URL: https://codereview.chromium.org/204453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 08:32:58 +00:00
jkummerow@chromium.org	d9b6b6439d	Fix polymorphic keyed loads for SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:350867 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/203303010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-19 15:49:29 +00:00
ulan@chromium.org	487ca9e384	Fix TransitionElementsKindStub to handle non-JSArray objects correctly. BUG=352982 LOG=N TEST=mjsunit/regress/regress-352982.js R=danno@chromium.org Review URL: https://codereview.chromium.org/196343023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 13:29:29 +00:00
dslomov@chromium.org	6c01c3fd56	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Committed: https://code.google.com/p/v8/source/detail?r=20020 Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:55:29 +00:00
dslomov@chromium.org	a6224272fd	Revert "Apply numeric casts correctly in typed arrays and related code." This reverts commit r20020 for breaking Win64 build. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/199523006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20021 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:50:00 +00:00
dslomov@chromium.org	849187eab0	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:23:50 +00:00
rossberg@chromium.org	58d623f228	Stage ES6 promises and weak collections Split collections flag into weak and non-weak. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/201593004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 09:57:14 +00:00
verwaest@chromium.org	5aaa513630	Don't generate keyed store ICs for global proxies. BUG=352983 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/197873025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 17:19:39 +00:00
ulan@chromium.org	e1e4071cbc	Fix date cache in strict mode. BUG=v8:3220 LOG=N TEST=mjsunit/regress/regress-3220.js R=rossberg@chromium.org Review URL: https://codereview.chromium.org/201753002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:47:58 +00:00
ishell@chromium.org	3b257c35e5	Fixed spec violation of storing to length of a frozen object. BUG=chromium:350890 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/196653015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:43:33 +00:00
jkummerow@chromium.org	e4a18df7d1	Fix ASSERT violation when BinaryOpIC::Transition recurses into itself BUG=chromium:352586 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/201313002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 14:51:31 +00:00
rossberg@chromium.org	c3c185c173	Make invalid LHSs a parse-time (reference) error This is required by the spec. It also prevents crashes resulting from the attempt to read type feedback for the RHS of an invalid assignment which full codegen never actually allocated info for. To do: check properly in preparser already. R=marja@chromium.org, mstarzinger@chromium.org BUG=351658 LOG=Y Review URL: https://codereview.chromium.org/200473003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 10:21:01 +00:00
jkummerow@chromium.org	dc458525ad	Fix typo in r19923 (bounds check offset propagation) BUG=chromium:352929 LOG=n R=ulan@chromium.org Review URL: https://codereview.chromium.org/201303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:38:01 +00:00
ishell@chromium.org	f77c51b0a6	Check elimination now sets known successor branch of HCompareObjectEqAndBranch (correctness fix). BUG=chromium:352058 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/196383018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:11:38 +00:00
mvstanton@chromium.org	e3f3f6d98b	Revert "Continued fix for 351257. Reusing the feedback vector is too complex." This reverts commit r19919. TBR=bmeuer@chromium.org Review URL: https://codereview.chromium.org/196343021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 08:31:21 +00:00
verwaest@chromium.org	0f2a324c8a	Fix generalization with callbacks. BUG=352588 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/200173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 14:17:49 +00:00
mvstanton@chromium.org	11df4b8815	Fix for issue 351261. This relands the following fix: "HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included. (bug 347543)" along with additional fixes to KeyedStoreIC. BUG=351261 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/200113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:22:55 +00:00
ulan@chromium.org	2c99cba38b	Propagate updated offsets in BoundsCheckBbData. BUG=350863 LOG=Y TEST=mjsunit/regress/regress-350863.js R=bmeurer@chromium.org, jkummerow@chromium.org Review URL: https://codereview.chromium.org/197823009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:02:25 +00:00
bmeurer@chromium.org	358e176d50	Add regression test for range analysis bug. BUG=v8:3204 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/200103002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:54:26 +00:00
mvstanton@chromium.org	dd28969c1c	Continued fix for 351257. Reusing the feedback vector is too complex. Attempting to re-use the type feedback vector stored in the SharedFunctionInfo turns out to be difficult among the various cases. It will be much easier to do this when deferred type feedback processing is removed, as is in the works. Created bug v8:3212 to track re-introducing the optimization of reusing the type vector on recompile before optimization. The CL also brings back the type vector on the SharedFunctionInfo. BUG=351257 LOG=Y R=bmeurer@chromium.org, bmeuer@chromium.org Review URL: https://codereview.chromium.org/199973004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:28:37 +00:00
yangguo@chromium.org	0f71a24f3a	Correctly retain argument value when deopting from Math.round on x64. R=jkummerow@chromium.org BUG=351624 LOG=N Review URL: https://codereview.chromium.org/199013002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 13:57:21 +00:00
ulan@chromium.org	c64b78f6da	Check that constant is an integer before getting its value in HGraphBuilder::MatchRotateRight. BUG=351263 LOG=N TEST=mjsunit/regress/regress-351263 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/197803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 11:50:50 +00:00
svenpanne@chromium.org	390d3a0b15	Make translation of modulus operation '--stress-opt'-proof. Note that we unconditionally deopt later, anyway, but our compilation pipeline has to survive long enough to reach that place. :-/ LOG=y BUG=352059 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/198833002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 09:37:16 +00:00
jarin@chromium.org	713aa33f2a	Fix of argument materialization of captured heap numbers. The escape analysis calculates the number of slots in an object as no-of-slots = object-size / pointer-size. This gives 3 slots for heap numbers on 32-bit architectures (one slot for the map, two for the double value); however, my argument materialization code assumed just two slots (map + value). Since Hydrogen allocates heap numbers quite rarely, it is hard to produce a more meaningful repro than the one provided by Clusterfuzz. Any suggestions are welcome. The fix is simple - we just read out all extra slots (beyond the map and the double) for heap numbers. R=mstarzinger@chromium.org BUG=351315 LOG=N Review URL: https://codereview.chromium.org/196283004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 07:17:37 +00:00
jkummerow@chromium.org	f9ee4f19b4	Use intrinsics for builtin ArrayBuffer property accesses BUG=chromium:351787 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/197793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19862 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 19:25:40 +00:00
verwaest@chromium.org	8735adb2c4	Don't fast RemoveArrayHoles in case of arguments arrays. BUG=351645 LOG=n R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/197043004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19848 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 13:42:18 +00:00
mvstanton@chromium.org	7477bc39ca	350884: KeyedStoreIC miss didn't handle a transitioning case. It's possible to get a transitioned map with no links to the origin map if it's a shared map. Code in KeyedStoreIC::StoreElementStub assumes it can check if two maps are in the same family by traversing the transition array. Long term, the "family" relationship should be recognized with the Normalized Map Cache. For now, allow the IC to remain monomorphic in this case if the receiver map and the previous receiver map are the same. Filed V8 issue 3210 (https://code.google.com/p/v8/issues/detail?id=3210) to track the issue with the Normalized Map Cache. BUG=350884 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/194623005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 13:35:40 +00:00
jkummerow@chromium.org	105c1e08b7	Fix HIsSmiAndBranch::KnownSuccessorBlock() by deleting it Constants can still change their representation, so we cannot determine reachability of blocks based on their Smi-ness BUG=chromium:351320 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/196943002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 10:14:29 +00:00
danno@chromium.org	ae1669b501	Fix handling of polymorphic array accesses with constant index R=jkummerow@chromium.org BUG=chromium:351319 LOG=Y Review URL: https://codereview.chromium.org/196353004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 10:11:38 +00:00
jkummerow@chromium.org	8a1812f252	Fix lazy deopt after tagged binary ops Also add policing code to ensure that optimized frames can in fact lazily deopt at their respective current PC when we patch them for lazy bailout. BUG=chromium:350434 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/194703008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 09:59:36 +00:00
rossberg@chromium.org	85800eff3f	Fix issue with getOwnPropertySymbols and hidden properties When getting the symbols of an object we need to ignore the hidden properties of the prototype object since the hidden properties are represented by a single string key and we will not include that hidden string in the found names. BUG=350864 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/192883005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 16:46:35 +00:00
dcarney@chromium.org	62fc099334	fix bad access check check R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/195163002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 15:12:47 +00:00
rossberg@chromium.org	3f702d4bf9	Mode clean-up pt 1: rename classic/non-strict mode to sloppy mode R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/177683002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 14:39:08 +00:00
yangguo@chromium.org	6e1507331e	Fix bug in constant folding object comparisons. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/195063002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 13:34:01 +00:00
mvstanton@chromium.org	819d9f62d0	Fix for 350887: CHECK failure on new_length->IsSmi() In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to optimize setting array length if the new length is a smi. However, we refuse to set an array length to less than the index of the highest non-configurable array element. This index may be outside of smi range. Handle this case accordingly. BUG=350887 LOG=N R=dslomov@chromium.org Review URL: https://codereview.chromium.org/194803002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 10:30:10 +00:00
yangguo@chromium.org	1634e7de38	Fix assertion in RegExp parser to correctly expect stack overflow. Advance() always checks for stack overflow. If stack indeed overflowed, current() would hold the kEndMarker. ParseOctalLiteral does not expect this in the assertion, which causes assertion failure. R=mvstanton@chromium.org BUG=350865 LOG=N Review URL: https://codereview.chromium.org/192773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 15:52:10 +00:00
verwaest@chromium.org	1180803953	Reland and fix "Allow ICs to be generated for own global proxy." BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/176793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 12:23:05 +00:00
verwaest@chromium.org	8a3d715250	Revert "Use Representation::Integer32() for smi types on 32-bit-tagged systems." Due to performance regression. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/189843006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 09:29:07 +00:00
ishell@chromium.org	997ce05289	Fix for failing asserts in HBoundsCheck code generation on x64: use proper cmp operation width instead of asserting that Integer32 values should be zero extended. Similar to chromium:345820. BUG=349465 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/188703002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 16:22:47 +00:00
jkummerow@chromium.org	1cc0bafc07	Fix HConstants with Smi-ranged HeapNumber values BUG=chromium:349878 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/186123003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 16:21:09 +00:00
mvstanton@chromium.org	6115a006fd	Bugfix for 349874: we incorrectly believe we saw a growing store When we set an out of bounds array index, the index might be so large that it causes the array to go to dictionary mode. It's better to avoid "learning" that this was a growing store in that case. This fix also partially reverts a fix for bug 347543, as this fix is comprehensive and satisfies that repro case as well (partial revert of v19591). BUG=349874 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/188643002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 13:07:51 +00:00
jkummerow@chromium.org	5ea3f0004a	Let HTransitionElementsKind take part in RestoreActualValues phase BUG=chromium:349853 LOG=n R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/183753005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 12:13:49 +00:00
yangguo@chromium.org	285f253af1	Remove outdated assertion scope. R=jkummerow@chromium.org BUG=349870 LOG=N Review URL: https://codereview.chromium.org/182003004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 11:51:53 +00:00
yangguo@chromium.org	e2e2f4050d	Fix issues with JSON stringify replacer array If the replacer array contains a property key we should include the property even if the property is non enumerable or if it is a non own property. String and Number wrappers in the replacer array should be treated as string and number values. R=yangguo@chromium.org BUG=v8:3200, v8:3201 LOG=Y Review URL: https://codereview.chromium.org/187053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:50:53 +00:00
verwaest@chromium.org	7bf33c53eb	Use Representation::Integer32() for smi types on 32-bit-tagged systems. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/187353005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:49:10 +00:00
verwaest@chromium.org	f913c3b492	Also delete force representations that have no uses. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/187773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:47:27 +00:00
jarin@chromium.org	52fd520c96	Fix materialization of captured objects in adapted arguments. R=mstarzinger@chromium.org BUG=348512 LOG=N Review URL: https://codereview.chromium.org/183063006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 12:57:18 +00:00
jarin@chromium.org	7ac668f753	Deoptimization fix for HPushArgument. HPushArgument should never be used in a simulation environment because the slot addresses for the arguments can be off (e.g., due to on-stack arguments object of an inlined caller). R=mstarzinger@chromium.org BUG=v8:3183 LOG=N Review URL: https://codereview.chromium.org/178193026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 12:45:46 +00:00
jkummerow@chromium.org	3df5573195	x64: Fix LMathMinMax for constant Smi right-hand operands BUG=chromium:349079 LOG=y R=titzer@chromium.org Review URL: https://codereview.chromium.org/186593003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 09:49:07 +00:00
yangguo@chromium.org	b1a271a02c	Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique. R=titzer@chromium.org BUG=348280 LOG=N Review URL: https://codereview.chromium.org/183383006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-04 08:08:08 +00:00
ulan@chromium.org	b9e0b87a5a	Clear optimized code cache in shared function info when code gets deoptimized. This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info. This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js). This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache. BUG=343609 LOG=Y TEST=mjsunit/regress/regress-343609.js R=yangguo@chromium.org Review URL: https://codereview.chromium.org/184923002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-03 11:11:39 +00:00
rossberg@chromium.org	5543263c19	Move all Harmony-only tests to harmony/ R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/178583005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 14:26:32 +00:00

... 5 6 7 8 9 ...

1532 Commits