fschneider@chromium.org
2e3e770ab9
Add a regression test that exposes a stack corruption problem.
...
See http://code.google.com/p/chromium/issues/detail?id=27227
Review URL: http://codereview.chromium.org/385092
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3303 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-13 13:58:48 +00:00
ager@chromium.org
f0e8525083
Remove passing test from ARM test expectations.
...
Review URL: http://codereview.chromium.org/386019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3288 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-12 11:31:46 +00:00
christian.plesner.hansen@gmail.com
5d4d5944dd
Remove special-case for arguments.toString to match ES5
...
Patch by Jan de Mooij <jandemooij@gmail.com>
Review: http://codereview.chromium.org/273073
Review URL: http://codereview.chromium.org/389008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-11 11:28:37 +00:00
sgjesse@chromium.org
3445dfe827
Split long running test
...
Split a long running test into two parts. The second part still takes most of the time and is skipped on ARM in debug mode.
BUG=http://code.google.com/p/v8/issues/detail?id=500
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3278 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-11 10:28:20 +00:00
ager@chromium.org
2252cc1bc9
Fix inline constructor code bailout.
...
Remove variable that is currently unused.
BUG=http://code.google.com/p/v8/issues/detail?id=502
Review URL: http://codereview.chromium.org/392001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-11 09:00:09 +00:00
sgjesse@chromium.org
0b0d4efdb4
Test mjsunit/string-indexof times out on ARM simulator
...
Removal of string slices made this test time out on the ARM simulator. Temporaly mark this as pass or timeout.
BUG=http://code.google.com/p/v8/issues/detail?id=500
TBR=christian.plesner.hansen@gmail.com
Review URL: http://codereview.chromium.org/390002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-10 15:50:23 +00:00
sgjesse@chromium.org
91cc4c7ebb
Modify test using string slices
...
With slices string string type removed generating a large amount of sub-strings takes more time. Change a test to avoid timeout in debug mode.
Review URL: http://codereview.chromium.org/385006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-10 14:41:53 +00:00
christian.plesner.hansen@gmail.com
7d47dde4cb
Marked cyrillic as expected to fail.
...
Review URL: http://codereview.chromium.org/388002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-10 12:19:36 +00:00
erik.corry@gmail.com
b068a9f755
* Fix regexp benchmark regression where we were doing work to
...
make standard regexps like \s and . case independent.
* Make use of the fact that the subject string is ASCII only
when making character classes case independent.
* Avoid spending time making large ideogram or punctuation
ranges case independent when there is no case mapping anyway.
Review URL: http://codereview.chromium.org/378024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-09 10:01:23 +00:00
erik.corry@gmail.com
57c919e414
Fix bug 486, Cyrillic character ranges in case independent regexps.
...
http://code.google.com/p/v8/issues/detail?id=486
Review URL: http://codereview.chromium.org/361033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-06 11:15:20 +00:00
kmillikin@chromium.org
debb5f8b48
Change the special handling of typeof comparisons to strings for
...
regular expressions to be consistent with typeof in other contexts.
Typeof regular expressions should now be 'function' in all contexts.
In the JS natives, IS_FUNCTION, IS_OBJECT, and IS_REGEXP return the
same answers as before.
Review URL: http://codereview.chromium.org/360053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-05 16:08:48 +00:00
ager@chromium.org
f39fbb206e
Fix case where we treat an unaliased call to eval as an aliased call
...
to eval.
BUG=http://code.google.com/p/v8/issues/detail?id=496
Review URL: http://codereview.chromium.org/366027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-05 11:19:37 +00:00
sgjesse@chromium.org
77a71c90c7
Fix issue 491: constantpool dump violates ARM debugger assertion for return point
...
The generation of the return sequence is now protected from having the constant pool emitted inside of it in both compilers.
BUG=http://code.google.com/p/v8/issues/detail?id=491
TEST=test/mjsunit/regress/regress-491.js
Review URL: http://codereview.chromium.org/362003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-04 14:45:50 +00:00
kmillikin@chromium.org
34dee0319c
Remove the typeof state threaded through the code generator. It was
...
used to signal that an expression was the immediate subexpression of
typeof, or (?) in the arm of a conditional expression itself in the
typeof state.
It was inconsistently consulted. It was not used for property loads,
but only for slot loads. This means that we matched the Webkit JSC
(not Spidermonkey) behavior for:
typeof(true ? x : y) // throws ReferenceError
and we matched the SpiderMonkey behavior (not JSC) for:
with ({}) { typeof(true ? x : y) } // ==> "undefined"
Now we are expected to match the JSC behavior in all cases.
Review URL: http://codereview.chromium.org/362004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-04 13:56:41 +00:00
sgjesse@chromium.org
54ec6c031a
Fix xssue 492: ARM debug crash: mozilla/ecma/FunctionObjects/15.3.1.1-3
...
When the number of parameters times 4 (kPointerSize) to a function cannot be encoded in 12 bits the return sequence gets one more instruction. Changed the assertion to check for this case.
BUG=http://code.google.com/p/v8/issues/detail?id=492
TEST=test/mjsunit/regress/regress-492.js
Review URL: http://codereview.chromium.org/354028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-04 10:04:22 +00:00
christian.plesner.hansen@gmail.com
a1b2f47600
Reverting 3174. Aka reapplying 3150, 3151 and 3159. Aka api accessor
...
ics.
Review URL: http://codereview.chromium.org/341082
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3209 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-04 08:51:48 +00:00
christian.plesner.hansen@gmail.com
b14018b7e1
Marked mjsunit/apply as expected to fail on mac debug.
...
Review URL: http://codereview.chromium.org/351021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-03 12:53:30 +00:00
kmillikin@chromium.org
1affb78938
Add support for for loops to the toplevel code generator.
...
Review URL: http://codereview.chromium.org/340059
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-02 14:12:48 +00:00
sgjesse@chromium.org
b4c11d0816
Don't use string slices when processing RexExp replace (re-apply r3153)
...
Re-apply r3153 with a fix for issue 490. Except for the change in line 1756 and the added test this change is identical to http://codereview.chromium.org/342015 .
BUG=490
TEST=test/mjsunit/regress/regress-490.js
Review URL: http://codereview.chromium.org/341064
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3197 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-02 12:21:43 +00:00
fschneider@chromium.org
e38cd233c3
Support for function calls on an arbitrary expression that returns
...
a function in the top-level compiler.
e.g.
function f() { return (function() { return true; }) }
f()()
Review URL: http://codereview.chromium.org/346029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-02 12:04:35 +00:00
fschneider@chromium.org
a07146c0cb
Support for post-fix count operations (x++, x--) where x is a global
...
variable for the top-level compiler.
Review URL: http://codereview.chromium.org/342058
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-11-02 10:22:22 +00:00
fschneider@chromium.org
07cd399b5c
Support for calls on named and keyed properties in the fast compiler of the form:
...
o.x() and o[expr]()
other changes:
- Fix missing relocation info for StoreIC on global object.
- Generate only one common return sequence instead of always appending
"return <undefined>" at the end of each function: The first JS
return-statement will generate the common return sequence. All
other return-statements will generate a unconditional branch to the common
return sequence.
Review URL: http://codereview.chromium.org/340037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-30 10:22:31 +00:00
sgjesse@chromium.org
be769f6a24
Reverting 3159, 3151 and 3150
...
TBR=christian.plesner.hansen@gmail.com
Review URL: http://codereview.chromium.org/343035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-29 13:17:11 +00:00
lrn@chromium.org
0aecc29024
Issue 485: Fix leak of builtins object through call and apply functions.
...
Review URL: http://codereview.chromium.org/345007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-28 13:51:30 +00:00
christian.plesner.hansen@gmail.com
b5dd1e3a82
Marking test as expected to flake.
...
Review URL: http://codereview.chromium.org/343016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-28 12:23:35 +00:00
fschneider@chromium.org
64e1d3205f
Support for property access (named, keyed) in the fast compiler.
...
The generated code is similar to the existing code, but we never
inline any IC code in the fast compiler.
Review URL: http://codereview.chromium.org/337045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3152 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-27 16:11:12 +00:00
christian.plesner.hansen@gmail.com
895f1d22e5
Implemented specialized stubs for API getters. This includes a number
...
of individual changes:
- Added infrastructure for custom stub caching.
- Push the code object onto the stack in exit calls instead of a
debug/non-debug marker.
- Remove the DEBUG_EXIT frame type.
- Add a new exit stub generator for API getters.
Committed: http://code.google.com/p/v8/source/detail?r=3130
Review URL: http://codereview.chromium.org/330017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3150 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-27 15:38:49 +00:00
christian.plesner.hansen@gmail.com
2880be71ea
Reverted 3130-3131 since they don't work on mac.
...
Review URL: http://codereview.chromium.org/335027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-26 15:16:42 +00:00
christian.plesner.hansen@gmail.com
53b93464d1
Implemented specialized stubs for API getters. This includes a number
...
of individual changes:
- Added infrastructure for custom stub caching.
- Push the code object onto the stack in exit calls instead of a
debug/non-debug marker.
- Remove the DEBUG_EXIT frame type.
- Add a new exit stub generator for API getters.
Review URL: http://codereview.chromium.org/330017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-26 13:54:47 +00:00
fschneider@chromium.org
9445079c51
Support for object literals in fast compiler.
...
I also added more unit tests for literals.
Right now, the fast compiler produces code very similar to
the existing code generator. We may consider different ways to
further compact the generated code for top-level code.
ARM always goes through a runtime function to initialize computed
properties in an object literal whereas IA32 and x64 use StoreIC.
Review URL: http://codereview.chromium.org/316009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-26 13:21:48 +00:00
sgjesse@chromium.org
7a509f2101
Fix issue with running some constructors having only this.x = ... assignments.
...
If we had compiled the comment instead of the code it would have worked.
BUG=483
TEST=mjsunit/regress/regress-483.js
Review URL: http://codereview.chromium.org/332007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-23 12:18:47 +00:00
lrn@chromium.org
6f1d641fb6
X64/Win64: Alternative implementation of fmod in general.
...
Review URL: http://codereview.chromium.org/303034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-23 09:18:19 +00:00
kmillikin@chromium.org
bb2f8c038c
The runtime function DeclareGlobals is not called from JavaScript.
...
Add it to the exclusions list in the fuzz-natives test.
Review URL: http://codereview.chromium.org/306047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3112 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-22 11:32:12 +00:00
kmillikin@chromium.org
fbc0eaa13d
Added support for array literals to the toplevel compiler. They are
...
currently compiled the same as with the optimizing compiler: they are
cloned from a boilerplate object and the boilerplate objects are
lazily constructed.
Also changed argument pushing on ARM to use stm (store multiple),
which required changing the order of arguments to the runtime
functions DeclareGlobals and NewClosure. They were only used from
generated code.
Finally, changed the toplevel code generator so that stack pops to
discard a temporary became addition to the stack pointer on ia32 and
x64.
Review URL: http://codereview.chromium.org/303021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-22 10:07:45 +00:00
peter.rybin@gmail.com
d8f7b36624
Add "Version" command
...
Review URL: http://codereview.chromium.org/274080
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3108 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-21 17:07:43 +00:00
kmillikin@chromium.org
61363d83ba
Add support for global variable references in toplevel code. We use
...
the normal named load IC mechanism for now. Generated code is similar
to the case for global variable assignments.
Review URL: http://codereview.chromium.org/294021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3101 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-21 09:38:21 +00:00
kmillikin@chromium.org
4dfd44479d
Added support for assignments to global variables in the toplevel code
...
generator. We use the normal store IC mechanism with the global
object as the receiver. The following code is generated for 'x=true'
at toplevel.
======== IA32:
27 mov eax,0xf5d06161 ;; object: 0xf5d06161 <true>
32 mov ecx,0xf5d09c35 ;; object: 0xf5d09c35 <String[1]: x>
37 push [esi+0x17]
40 call StoreIC_Initialize (0xf5ce75c0) ;; code: STORE_IC, UNINITIALIZED
45 mov [esp],eax
======== X64:
25 movq rax,0x7f867a7b6199 ;; object: 0x7f867a7b6199 <true>
35 movq rcx,0x7f867a7bae71 ;; object: 0x7f867a7bae71 <String[1]: x>
45 push [rsi+0x2f]
49 call StoreIC_Initialize (0x7f8655929ac0) ;; code: STORE_IC, UNINITIALIZED
54 movq [rsp],rax
======== ARM:
32 e59f0054 ldr r0, [pc, #+84] ;; object: 0xf5b78161 <true>
36 e59f2054 ldr r2, [pc, #+84] ;; object: 0xf5b7bc35 <String[1]: x>
40 e598c017 ldr ip, [r8, #+23]
44 e52dc004 str ip, [sp, #-4]!
48 e1a0e00f mov lr, pc
52 e59ff048 ldr pc, [pc, #+72] ;; debug: statement 0
;; code: STORE_IC, UNINITIALIZED
56 e58d0000 str r0, [sp, #+0]
Review URL: http://codereview.chromium.org/305005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-20 13:37:26 +00:00
sgjesse@chromium.org
a637f45385
Fix issue 475
...
The check for arguments in registers in one of the three versions of GenericBinaryOpStub::GenerateCall was plain wrong.
BUG=475
TEST=mjsunit/regress/regress-475.js
Review URL: http://codereview.chromium.org/307002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3092 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-20 12:13:31 +00:00
peter.rybin@gmail.com
3b955790a0
Redo "running" field in debug-delay.js and support "suspend" command
...
It also fixes "backtrace" command so that it didn't give away random stack if we are running
Review URL: http://codereview.chromium.org/242034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-15 20:06:08 +00:00
fschneider@chromium.org
d0dc31afab
New mjsunit tests for the new compiler infrastructure. They
...
are in a separate subdirectory called 'compiler' in the mjsunit directory.
Review URL: http://codereview.chromium.org/273039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-14 10:24:50 +00:00
christian.plesner.hansen@gmail.com
d6409e35a2
Implement ES5 Array.isArray
...
Patch by Jan de Mooij <jandemooij@gmail.com>
Review at http://codereview.chromium.org/271072
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-14 09:42:13 +00:00
yurys@chromium.org
a2549c96e8
Check that constructor is a FunctionMirror before calling .name(), otherwise we may end up calling name method on a mirror object that doesn't have it.
...
Review URL: http://codereview.chromium.org/271053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3057 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-13 14:28:09 +00:00
christian.plesner.hansen@gmail.com
cd3a47b6d2
Fixed trim test failure.
...
Review URL: http://codereview.chromium.org/273033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-13 08:29:19 +00:00
christian.plesner.hansen@gmail.com
f1354a299e
Add trim, trimLeft and trimRight methods to String
...
Based on a recent patch for Webkit.
trim is defined in ES 5 section 15.5.4.20.
Author: Jan de Mooij <jandemooij@gmail.com>
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3052 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-13 08:13:45 +00:00
lrn@chromium.org
aed6a37c10
X64: Convert smis to holding 32 bits of payload.
...
Review URL: http://codereview.chromium.org/196139
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-08 12:36:12 +00:00
christian.plesner.hansen@gmail.com
2c51696fc3
Changed Object.keys to return strings for element indices.
...
Review URL: http://codereview.chromium.org/246077
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3012 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-02 13:43:16 +00:00
ager@chromium.org
e9acdc7a00
Follow the spec in disallowing function declarations without a name. We
...
used to allow these for compatibility, but both Safari and Firefox now
disallow them.
Review URL: http://codereview.chromium.org/242124
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3009 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-10-02 12:47:15 +00:00
kmillikin@chromium.org
fb038bf146
Two changes, one a refactoring and one that affects V8's JS semantics.
...
1. Change the AST node type CallNew to be a subclass of Expression
rather than Call. It's not really a call but it just happens to
have the same fields.
2. Change our error reporting for invalid left-hand sides in for-in
statements, pre- and postfix count expressions, and assignments.
Before we signaled a syntax error at compile time *unless* the LHS
was a function call or 'new' expression, in which case we signaled
a reference error at runtime. Now we signal a reference error at
runtime in all cases. This matches the JSC behavior in Safari 4.
Review URL: http://codereview.chromium.org/249039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-09-30 09:49:36 +00:00
sgjesse@chromium.org
40471b41da
Fix GC bug and ARM simulator timeout.
...
In the Runtime_DebugGetPropertyDetails the raw object pointers from a LookupResult could be used after a GC might have happened. Fixed the bug and restructured the code to make it less likely for changes to the code to re-introduce the bug.
Skipped a long running test from the ARM simulator in debug mode (and renamed the test).
Review URL: http://codereview.chromium.org/204039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-09-16 13:09:26 +00:00
whesse@chromium.org
412a146825
X64: Ensure that unary subtraction returns a zero-extended smi, if it returns a smi.
...
Review URL: http://codereview.chromium.org/195101
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-09-16 12:40:15 +00:00