AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9,650 Commits 1 Branch 0 Tags 839 MiB
55e924c595
Commit Graph

1710 Commits

Author SHA1 Message Date
verwaest@chromium.org
55e924c595 Fix CNLT regression. 
This happens when a map A with no descriptors in fast_holey_elements
mode first gets some properties, making it share descriptor arrays with
a map B to which it transitions. Then map A transitions elements kind to
dictionary_elements in map C. C stores the empty_descriptor_array in its
own transition array. When adding a property to C, C transitions to D
and shares the descriptors. If D dies, a CNLT clears the transition
array of C, making the descriptor array of A (and thus also of B) shine
through. If a property is now added to an object in state C, it'll inherit
all the properties of A (and B). If those properties had high field indices,
we do not have a large enough backing store for the single newly added
property, and we'll write out of bounds.

BUG=chromium:151749

Review URL: https://chromiumcodereview.appspot.com/11017054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-10 12:29:44 +00:00
svenpanne@chromium.org
5d11c5ee69 Fixed Accessors::FunctionGetPrototype's proto chain traversal. 
Actually it didn't traverse that far... ;-) Did some cleanup on the way.

R=rossberg@chromium.org
BUG=chrome:143967
TEST=regress/regress-143967.js

Review URL: https://codereview.chromium.org/11087004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-08 12:58:46 +00:00
rossberg@chromium.org
329cf12363 Make sure that names of temporaries do not clash with real variables. 
R=mstarzinger@chromium.org
BUG=v8:2322

Review URL: https://codereview.chromium.org/11035054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 12:47:34 +00:00
rossberg@chromium.org
b07f38a46b Reject local module declarations. 
R=mstarzinger@chromium.org
BUG=150628

Review URL: https://codereview.chromium.org/11033025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 09:14:08 +00:00
rossberg@chromium.org
3f7b5c338a Reject uses of lexical for-loop variable on the RHS. 
R=mstarzinger@chromium.org
BUG=v8:2322

Review URL: https://codereview.chromium.org/11031045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12664 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 09:07:53 +00:00
verwaest@chromium.org
efe955587e Allow optimistically hoisting elements transitions over accesses. 
Review URL: https://chromiumcodereview.appspot.com/10972011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-01 16:22:43 +00:00
mmassi@chromium.org
8fbfad63cd Avoid wrong imul deopt on ia32 and x64 (fixes v8 bug 2339). 
BUG=v8:2339

Review URL: https://chromiumcodereview.appspot.com/10963032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-26 09:57:30 +00:00
erik.corry@gmail.com
72e9f1bea1 x64 and ARM: Fix issue 2346 (order of operations in keyed store 
on arrays) and turn get-own-property-descriptor.js test into
a regression test.
Review URL: https://chromiumcodereview.appspot.com/10985017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-25 13:35:42 +00:00
rossberg@chromium.org
20b1c426cf Bump number of allowed variables per scope to 65535, to address GWT. 
R=jkummerow@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/10965063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12600 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 16:22:17 +00:00
jkummerow@chromium.org
43f038d4cd Split test/mjsunit/debug-stepout-scope into smaller chunks 
Review URL: https://codereview.chromium.org/10969061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 11:18:29 +00:00
jkummerow@chromium.org
8a3ec89824 Delete test/mjsunit/regress-1969. 
It was flaky, and its usefulness was doubtful.

Review URL: https://codereview.chromium.org/10961075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:48:14 +00:00
jkummerow@chromium.org
cc6fe90b2b Remove trailing whitespace 
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/10969064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:44:04 +00:00
jkummerow@chromium.org
1e1470fca0 Speed up test/mjsunit/compiler/regress-or 
Review URL: https://codereview.chromium.org/10969063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12593 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:08:01 +00:00
jkummerow@chromium.org
6dc2af06dc Speed up test/mjsunit/compiler/regress-gvn 
Review URL: https://codereview.chromium.org/10956059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:07:09 +00:00
jkummerow@chromium.org
d600358e6d Split test/mjsunit/numops-fuzz into smaller chunks 
Review URL: https://codereview.chromium.org/10961065

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:06:06 +00:00
jkummerow@chromium.org
fbf5965db4 Split test/mjsunit/mul-exhaustive into smaller chunks 
Review URL: https://codereview.chromium.org/10958064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:04:58 +00:00
jkummerow@chromium.org
a2fc134169 Split test/mjsunit/fuzz-natives into smaller chunks 
Review URL: https://codereview.chromium.org/10970058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:03:49 +00:00
jkummerow@chromium.org
1bfbfc34ad Split test/mjsunit/math-floor into smaller chunks 
Review URL: https://codereview.chromium.org/10967064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:02:44 +00:00
jkummerow@chromium.org
bafa150f99 Speed up test/mjsunit/greedy.js 
Review URL: https://codereview.chromium.org/10969062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:01:35 +00:00
jkummerow@chromium.org
d88069821c Speed up test/mjsunit/debug-multiple-breakpoints 
Review URL: https://codereview.chromium.org/10961064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 10:00:25 +00:00
jkummerow@chromium.org
6a617a7b23 Speed up test/mjsunit/d8-os by reducing sleep times 
Review URL: https://codereview.chromium.org/10973003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 09:57:16 +00:00
jkummerow@chromium.org
cf0cae7eb1 Speed up test/mjsunit/regress/regress-crbug-119926 
Review URL: https://codereview.chromium.org/10958063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 09:56:11 +00:00
jkummerow@chromium.org
975d6e2170 First commit of new tools/run-tests.py 
Review URL: https://codereview.chromium.org/10919265

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 09:38:46 +00:00
verwaest@chromium.org
083ee63a83 Fix CNLT for enum indices. 
Review URL: https://chromiumcodereview.appspot.com/10958015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 15:18:00 +00:00
verwaest@chromium.org
ea31f868e8 Deopt on storing undefined into double elements. 
Review URL: https://chromiumcodereview.appspot.com/10963010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12568 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 13:41:00 +00:00
ulan@chromium.org
a0dfdfc273 Revert r12530 "Tentatively reenable previous failing test." 
BUG=v8:2341
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10964015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 11:28:33 +00:00
jkummerow@chromium.org
a8e502fe60 Fix LBoundsCheck on x64 to handle (stack slot + constant) correctly 
BUG=150729

Review URL: https://codereview.chromium.org/10959009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 09:56:24 +00:00
jkummerow@chromium.org
83da019a46 Move regress-2286.js where it belongs 
Review URL: https://codereview.chromium.org/10957013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-20 09:55:19 +00:00
mmassi@chromium.org
9dc822ca13 Fixed minus zero test (fixes v8:2133). 
BUG=v8:2133

Review URL: https://chromiumcodereview.appspot.com/10937013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 12:48:49 +00:00
mstarzinger@chromium.org
c012afb6d4 Fix setting array length to zero for slow elements. 
R=verwaest@chromium.org
BUG=chromium:146910
TEST=mjsunit/regress/regress-crbug-146910

Review URL: https://codereview.chromium.org/10937026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12547 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 11:52:33 +00:00
mstarzinger@chromium.org
f0dcaf9a19 Fix lost arguments dropping in HLeaveInlined. 
This fixes HleaveInlined to correctly drop pushed arguments on all code
paths and addresses a corner case where the arguments stack height
mismatched at an OSR entry point.

R=jkummerow@chromium.org
BUG=chromium:150545
TEST=mjsunit/regress/regress-crbug-150545

Review URL: https://codereview.chromium.org/10938016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 08:13:46 +00:00
yangguo@chromium.org
783d10197a Tentatively reenable previous failing test. 
R=mstarzinger@chromium.org
BUG=v8:2261

Review URL: https://chromiumcodereview.appspot.com/10907254

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-17 14:19:11 +00:00
yangguo@chromium.org
73462594ea Change regress-2318 to trigger more quickly and reliably. 
BUG=v8:2336

Review URL: https://chromiumcodereview.appspot.com/10913294

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-17 13:21:59 +00:00
erik.corry@gmail.com
bafcfe5427 Fix misplaced assert in heap.cc. 
Bug=2336
Review URL: https://chromiumcodereview.appspot.com/10911334

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-17 11:38:24 +00:00
yangguo@chromium.org
cb72bf5735 Fix debugger's eval when close to stack overflow. 
R=verwaest@chromium.org
BUG=v8:2318

Review URL: https://chromiumcodereview.appspot.com/10914290

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 13:40:32 +00:00
verwaest@chromium.org
ad4746c8a3 CNLT with descriptors but no valid enum fields has to clear the EnumCache. 
Review URL: https://chromiumcodereview.appspot.com/10928204

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 13:15:43 +00:00
mstarzinger@chromium.org
77a7d9f539 Fix caching of optimized code for OSR. 
This makes sure we do not share optimized code across closures that were
optimized using OSR (for a particular OSR entry AST id) even if caching
of optimized code kicks in.

R=danno@chromium.org
BUG=v8:2326
TEST=mjsunit/regress/regress-2326

Review URL: https://codereview.chromium.org/10933088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-14 10:41:31 +00:00
verwaest@chromium.org
1d1adaf9d3 Ensure correct enumeration indices in the dict 
BUG=chromium:148376

Review URL: https://chromiumcodereview.appspot.com/10908216

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12494 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-13 08:52:55 +00:00
mmassi@chromium.org
22aed1cddd Fixed bounds check removal by restricting it to int32 indexes (and reenabled both ABCR and index dehoisting). 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10905232

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-12 17:00:25 +00:00
yangguo@chromium.org
67d0506622 Correctly initialize regexp global cache. 
R=ulan@chromium.org
BUG=148378

Review URL: https://chromiumcodereview.appspot.com/10905239

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12491 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-12 15:26:43 +00:00
mstarzinger@chromium.org
f37f504de5 Fix arguments object materialization during deopt. 
This fixes materialization of arguments objects for strict mode functions during
deoptimization. We materialize arguments from the stack area where optimized
code pushes the arguments when entering the inlined environment. For adapted
invocations we use the arguments adaptor frame for materialization.

R=svenpanne@chromium.org
BUG=v8:2261
TEST=mjsunit/regress/regress-2261,mjsunit/compiler/inline-arguments

Review URL: https://chromiumcodereview.appspot.com/10908194

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12489 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-12 12:28:42 +00:00
ulan@chromium.org
a9162af1af Fix delta computation in DoDeferredInstanceOfKnownGlobal() for ARM. 
BUG=v8:2314

R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10908195

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12478 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-11 11:36:48 +00:00
peter.rybin@gmail.com
bda5ce9cd6 Introduce InternalProperty type and expose internal properties for bound functions 
Committed: https://code.google.com/p/v8/source/detail?r=12346

Review URL: https://chromiumcodereview.appspot.com/10834376

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-10 23:17:04 +00:00
mstarzinger@chromium.org
f6cd2403e3 Fix deoptimizer for shared optimized code. 
The deoptimizer searched the stack for activations of the same function to
determine whether to trigger lazy deopting. Since we share optimized code we
actually need to search for activations of the same code (but potentially
different functions).

R=jkummerow@chromium.org
BUG=chromium:147475
TEST=mjsunit/regress/regress-crbug-147475

Review URL: https://chromiumcodereview.appspot.com/10917162

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12473 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-10 11:05:17 +00:00
yangguo@chromium.org
1a0c14f12c Add checks to runtime functions. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10915062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-10 08:35:26 +00:00
svenpanne@chromium.org
7af6883098 Fixed deoptimization of inlined getters. 
It is necessary to explicitly handle the internal frame lying between the caller
of the getter and the getter itself in the deoptimizer: When the getter is
inlined, leaving the internal frame restores the correct context.

BUG=http://crbug/134609
TEST=mjsunit/regress/regress-crbug-134609

Review URL: https://chromiumcodereview.appspot.com/10910110

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-07 09:01:54 +00:00
erik.corry@gmail.com
9ff7ec1c4a Fix binding in new Function(). 
Review URL: https://chromiumcodereview.appspot.com/10916114

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12442 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-05 11:45:58 +00:00
erik.corry@gmail.com
e5df02834b Fix some corner cases in skipping native methods using caller. 
Review URL: https://chromiumcodereview.appspot.com/10911063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12439 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-05 08:19:49 +00:00
verwaest@chromium.org
0c24942be7 Fixed test expectation. 
Review URL: https://chromiumcodereview.appspot.com/10913062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-04 09:54:36 +00:00
verwaest@chromium.org
a8638c1570 Support register as right operand in min/max support. 
R=jkummerow@chromium.org
BUG=chromium:145961
TEST=mjsunit/regress/regress-crbug-145961.js

Review URL: https://chromiumcodereview.appspot.com/10914072

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-04 09:35:43 +00:00