ager@chromium.org
544191e718
Update apply with arguments optimization for strict mode functions and builtins.
...
Do not convert to object for values for strict-mode functions and
builtins.
R=ricow@chromium.org
BUG=v8:1412
TEST=mjsunit/regress/regress-1412.js
Review URL: http://codereview.chromium.org/7096006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 10:38:41 +00:00
ager@chromium.org
a01b45df58
Fix a number of tests that incorrectly used assertUnreachable.
...
Our testing infrastructure uses exceptions to indicate
errors. assertUnreachable therefore throws an exception to indicate
that it was reached. Therefore, it cannot be used to check that an
exception was thrown using the pattern:
try {
shouldThrow();
assertUnreachable();
} catch(e) {
}
Such a test will always pass because assertUnreachable will throw an
exception if shouldThrow does not.
R=ricow@chromium.org
Review URL: http://codereview.chromium.org/7053035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 08:08:42 +00:00
ager@chromium.org
bfa2ef1f11
Fix receiver for calls to strict-mode and builtin functions that are
...
potentially shadowed by eval.
R=sgjesse@chromium.org
TEST=mjsunit/regress/regress-124.js
Review URL: http://codereview.chromium.org/7096004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 07:57:22 +00:00
ager@chromium.org
017935408d
Reapply change to Pass undefined to JS builtins when called with
...
implicit receiver.
A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.
R=fschneider@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js
Review URL: http://codereview.chromium.org/7085034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 13:49:22 +00:00
ricow@chromium.org
7eb6f5c1ba
Correctly set the length of string before creating filler object in the json parser (fixes crbug 84186).
...
Testcase created based on the supplied test case from the bug report, but using json parse directly instead of through the chrome javascript console.
Review URL: http://codereview.chromium.org/7084023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 06:04:36 +00:00
ager@chromium.org
c832c467a4
Revert "Pass undefined to JS builtins when called with implicit receiver."
...
Presubmit and failing test.
TBR=lrn@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7071009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8075 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 11:22:29 +00:00
ager@chromium.org
19b718fe73
Pass undefined to JS builtins when called with implicit receiver.
...
A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.
R=lrn@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js
Review URL: http://codereview.chromium.org/7068009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 11:07:48 +00:00
lrn@chromium.org
02c4e8bfcb
Make RegExp objects not callable.
...
Review URL: http://codereview.chromium.org/6930006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 07:35:09 +00:00
ricow@chromium.org
f675db651d
Change calls to undefined property setters to not throw (fixes issue 1355).
...
We currently throw when there is only a getter defined on the
property, but this should only be the case in strict mode.
Review URL: http://codereview.chromium.org/7064027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-25 08:37:38 +00:00
sgjesse@chromium.org
eff2946b9b
Handle changes to the Object prototype in fast handling of arrays
...
R=ager@chromium.org
BUG=v8:1403
TEST=test/mjsunit/regress/regress-1403.js
Review URL: http://codereview.chromium.org//7067019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 12:28:10 +00:00
ricow@chromium.org
ab67432ed0
Change strict mode poison pill to be the samme type error function (fixes issue 1387).
...
We are now following the spec, and with regards to the error message we are following firefox (webkit still has different type errors in their nightly)
Review URL: http://codereview.chromium.org/7067017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 11:07:06 +00:00
sgjesse@chromium.org
825a433900
Add regression test for issue 1401
...
R=ager@chromium.org
BUG=v8:1401
TEST=test/regress/regress-1401.js
Review URL: http://codereview.chromium.org//7062002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-23 13:03:45 +00:00
ager@chromium.org
98778dc802
Remove execScript from V8. No longer present i neither Firefox nor Safari.
...
R=ricow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7046002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-19 08:10:27 +00:00
vegorov@chromium.org
7fba506f23
Add regression test for http://crbug.com/82769
...
Review URL: http://codereview.chromium.org/7034025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-18 12:46:21 +00:00
whesse@chromium.org
0eca2b4fc1
Fix error in postfix ++ in Crankshaft.
...
Add HForceRepresentation, to represent the implicit ToNumber applied to the input of a count operation.
BUG=v8:1389
TEST=
Review URL: http://codereview.chromium.org/7033008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-17 11:41:59 +00:00
ricow@chromium.org
964dbff40d
Only send null or undefined as receiver for es5 natives, not generally
...
for builtin functions.
Review URL: http://codereview.chromium.org/7012012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-13 07:26:44 +00:00
ricow@chromium.org
7f8a918f08
Allow strict mode flag as extraicstate for keyed external array store ic
...
We currently hit an assertion in computeflags, but the extra_ic_state is used to pass the strict mode flag in.
BUG: 1383
Review URL: http://codereview.chromium.org/7003022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-11 08:53:46 +00:00
jkummerow@chromium.org
1eedd8056d
Fix timeout of test regress-1118.js
...
TEST=mjsunit/regress/regress-1118.js no longer times out when run in the ARM simulator.
Review URL: http://codereview.chromium.org/6994010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-10 15:07:30 +00:00
ager@chromium.org
0961b1a936
Check that receiver is JSObject on API calls.
...
R=sgjesse@chromium.org
BUG=v8:1369
TEST=mjsunit/regress/regress-1369.js
Review URL: http://codereview.chromium.org/6931056
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-06 14:14:16 +00:00
karlklose@chromium.org
d43066050a
Replace loops by OptimizeFunctionOnNextCall in regress-1085 and regress-1210.
...
Review URL: http://codereview.chromium.org/6938001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-06 09:10:28 +00:00
ricow@chromium.org
e0eb110130
Reapply 7763, including arm and x64 variants.
...
The only difference to revision 7763 is the implementation in the
builtins file for arm and x64, plus a move of Array.prototype.toString
and Array.prototype.toLocaleString from should throw on null or
undefined to the non generic test cases in the function-call test (due
to us not currently supporting generic cases with these to functions)
Review URL: http://codereview.chromium.org/6928007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-05 05:21:30 +00:00
karlklose@chromium.org
8b917d4d96
Replace long running loops by OptimizeFunctionOnNextCall in some tests that are often timing out on ARM.
...
Review URL: http://codereview.chromium.org/6910022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:53:08 +00:00
ricow@chromium.org
4d890da191
Revert 7763, missing implementation on x64 and arm for call and apply with null or undefined.
...
Review URL: http://codereview.chromium.org/6913024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:45:19 +00:00
ricow@chromium.org
2b730c2bf6
Don't exchange null and undefined with the global object in function.prototype.{call, apply} for natives.
...
This makes us compatible with firefox in throwing an exception when
call is invoked on a builtin with null as the this argument.
Review URL: http://codereview.chromium.org/6902104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:19:04 +00:00
lrn@chromium.org
d1411602a7
Don't allow whitespace after sign characters in parseInt.
...
BUG=v8:955
TEST=mjsunit/regress/regress-955
Review URL: http://codereview.chromium.org/6903171
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 07:11:17 +00:00
kmillikin@chromium.org
1af840ad4c
Be more discriminating about uses of the arguments object in optimized code.
...
Because we track the value of the arguments object, we need to check
values whenever plugged into a forbidden value context. It is not
enough to check at only variable references as we did previously.
R=fschneider@chromium.org
BUG=1351
TEST=regress-1351.js
Review URL: http://codereview.chromium.org/6902202
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-02 11:35:51 +00:00
vegorov@chromium.org
1c950e04cc
Fix missing writebarrier in ArraySplice builtin.
...
Review URL: http://codereview.chromium.org/6883227
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-28 16:03:40 +00:00
karlklose@chromium.org
3b6fe22c4d
Make throw inlineable only if the exception is inlineable.
...
BUG=1337
TEST=regress-1337
Review URL: http://codereview.chromium.org/6881079
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-20 09:15:52 +00:00
lrn@chromium.org
7aec228dbb
Cleanup of mjsunit.js code and make assertEquals more strict.
...
Encapsulate the helper functions in mjsunit.js.
Now only exposes the exception class and the assertXXX functions.
Make assertEquals use === instead of ==.
This prevents a lot of possiblefalse positives in tests, and avoids
having to do assertTrue(expected === actual) when you need it.
Fixed some tests that were either buggy or assuming == test.
Review URL: http://codereview.chromium.org/6869007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 11:35:36 +00:00
jkummerow@chromium.org
1d774ac5ca
Fix load/store of external float arrays on ARM
...
BUG=1323
TEST=mjsunit/regress/regress-1323.js, run with simulator=arm
Review URL: http://codereview.chromium.org/6822054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-12 15:20:26 +00:00
jkummerow@chromium.org
ed968b1042
Introduce runtime function %OptimizeFunctionOnNextCall to manually trigger optimization.
...
TEST=existing unit tests still pass
Review URL: http://codereview.chromium.org/6821009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-11 13:24:50 +00:00
vegorov@chromium.org
8a8d3bbbee
In LCodeGen::DoDeferredLInstanceOfKnownGlobal emit safepoint with registers for the call to stub.
...
Review URL: http://codereview.chromium.org/6793017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-07 13:32:45 +00:00
peterhal@chromium.org
e3d788329a
1309 fix
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/6800018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-06 16:22:06 +00:00
vegorov@chromium.org
ae65366f0b
Fix SlotRef::SlotAddress for parameters indices.
...
Fix %NewObjectFromBound to correctly handle optimized frames (including those with inlined functions).
Fix %_IsConstructCall handling in hydrogen: when called from inlined function return false constant directly instead of emiting HIsConstructCall.
Fix success case in TraceInline.
BUG=v8:1229
TEST=test/mjsunit/regress/regress-1229.js
Review URL: http://codereview.chromium.org/6740023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-01 11:41:36 +00:00
sgjesse@chromium.org
1eb224c2a2
ARM: Check for minus zero when converting binary operation result to smi
...
The result of an Int32 binary operation will be converted to a smi if it fits. However a minus zero check was missing.
BUG=v8:1278
TEST=test/mjsunit/regress/regress-1278.js
R=ager@chromium.org
Review URL: http://codereview.chromium.org/6755009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-29 07:43:27 +00:00
ricow@chromium.org
fb6d7e17df
Follow jsc on not throwing when trying to add a property to a non-extensible object.
...
This change makes us compatible with Safari on not throwing when trying to add a property to a non-extensible object.
Review URL: http://codereview.chromium.org/6712059
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-28 06:11:08 +00:00
ager@chromium.org
a7d44c49a5
Add regression test.
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-24 11:03:08 +00:00
vegorov@chromium.org
c83f0a715e
Make HDeoptimize to explicitly use environment values.
...
Otherwise dead phi elimination can actually remove some of the implicitly used phis.
BUG=1257
TEST=test/mjsunit/regress/regress-1257.js
Review URL: http://codereview.chromium.org/6672066
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 12:22:49 +00:00
ricow@chromium.org
e8ff324583
Follow Safari on not throwing when __defineGetter__ fails.
...
In addition, this fixes defineOwnProperty to actually not throw when
the should_throw flag is false (we had no usage of this priorly).
Review URL: http://codereview.chromium.org/6695018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 14:19:18 +00:00
ricow@chromium.org
7cb35bcfa5
Reapply 7143 after fixing issue 1250
...
Review URL: http://codereview.chromium.org/6698027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7175 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 12:25:13 +00:00
whesse@chromium.org
f6e1b82fd4
Fix a problem where Object.getOwnPropertyDescriptor and related functions unintentionally called toString on the values of an object's properties. Fixes issue 1233.
...
Review URL: http://codereview.chromium.org/6677017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 13:57:20 +00:00
ricow@chromium.org
c00631b86e
Fix presubmit by deleting regress-1240 not deleted by last patch.
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 09:08:52 +00:00
ricow@chromium.org
f2730d2ab8
Revert revision 7143, this causes a number of webkit tests to fail.
...
This includes a security test. Reverting to investigate further.
Review URL: http://codereview.chromium.org/6673019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 09:02:54 +00:00
ricow@chromium.org
fa9e57e326
Change __defineGetter__ and __defineSetter__ to respect non-configurable.
...
This makes us compatible with firefox. Earlier on we were somehow
compatible with safari - which will allow defining a getter even when
an existing getter is present and non-configurable. We would, however,
in addition to overwriting the getter also change configurable to
true. The approach used by firefox seems much more sound, i.e., why
should it be possible to use __defineGetter__ or __defineSetter__ to
overwrite a non-configurable getter or setter respectively.
I will file a bug on the webkit bugtracker.
Review URL: http://codereview.chromium.org/6658037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7143 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 08:05:59 +00:00
lrn@chromium.org
a8b41a0edd
Fix bug in X64 RegExpExec stub.
...
Used incorrect register for referencing RegExp data, so it always failed
to match the fast case.
When modifiying the object layout, it was possible to make it crash instead.
BUG=v8:1236
TEST=test/mjsunit/regress/regress-1236.js
Review URL: http://codereview.chromium.org/6635041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-08 14:15:25 +00:00
kmillikin@chromium.org
4a9056cbce
Fix a stack-height mismatch during deoptimization.
...
When deoptimizing after a conditional expression in an effect context, we
should not see the value of the conditional expression.
BUG=v8:1237
Review URL: http://codereview.chromium.org/6625057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-07 17:01:12 +00:00
fschneider@chromium.org
8a72161585
Add lazy deoptimization environment to instanceof by marking it as a call.
...
This fixes an assert when an exception is thrown inside instanceof.
BUG=v8:1207
TEST=mjsunit/regress/regress-1207.js
Review URL: http://codereview.chromium.org/6588083
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 15:37:24 +00:00
kmillikin@chromium.org
6b1530ea6d
Fix a stack height mismatch when deoptimizing.
...
When deoptimizing from the key subexpression of a keyed arguments access,
the unoptimized code expects to find the value of the receiver on the
expression stack. The environment of the optimizing compiler did not
contain this value during evaluation of the key subexpression.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6981 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 09:32:45 +00:00
ricow@chromium.org
c63d9c97cf
Do not allow non-configurable global properties to be made configurable (fixes issue 1213).
...
We do not currently check that a global property is actually
configurable before overwriting it with a new property.
Review URL: http://codereview.chromium.org/6597045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 08:09:17 +00:00
ager@chromium.org
7c561be519
Remove Error.prototype.toStrings prototype property.
...
I did not use the helper function for adding this builtin function which meant that I missed the removal of the prototype property.
BUG=
TEST=
Review URL: http://codereview.chromium.org/6588050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 13:29:05 +00:00