AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
7,109 Commits 1 Branch 0 Tags 839 MiB
610281f4ee
Commit Graph

1216 Commits

Author SHA1 Message Date
lrn@chromium.org
610281f4ee Fix calculation of live-bytes in pages. 
The "live bytes" count is *really* a "marked black" count - i.e., the count of bytes *known* to be live.

Fix aggravating bug on X64 where assembler code used a value that was off
by a factor of 2^31.

Ensure that sweeping clears live-bytes. Added other missing increments.

Added print statements to trace live-byte modifications, under a flag.

Still a few cases of undercounting left.

(New issue to merge from GC branch to bleeding_edge)

Review URL: http://codereview.chromium.org/7970009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 11:20:00 +00:00
fschneider@chromium.org
76c869434d Fix a bug with uninitialized const variables in the optimizing compiler. 
We have to check for uninitialized uses before phi-elimination. Otherwise we
may miss such a use and result in using the hole value instead. This
causes a NULL-dereference or assertion failure.

BUG=96989
TEST=mjsunit/compiler/regress-96989.js
Review URL: http://codereview.chromium.org/7974009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 10:26:01 +00:00
yangguo@chromium.org
fdffe67205 Initialize pre-allocated fields of JSObject with undefined. 
BUG=94873

Review URL: http://codereview.chromium.org/7929001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 10:06:23 +00:00
fschneider@chromium.org
403a022272 Skip crashing Harmony proxies unit test until underlying issue is fixed. 
BUG=v8:1698
Review URL: http://codereview.chromium.org/7974006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 07:00:59 +00:00
vegorov@chromium.org
ac36cb4504 Merge experimental/gc branch to the bleeding_edge. 
Review URL: http://codereview.chromium.org/7945009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-19 18:36:47 +00:00
rossberg@chromium.org
42f0a73a96 Make proxies work as prototypes. 
Fix a couple of other proxy bugs along the way.
Refactor trap invocation in native code.

R=kmillikin@chromium.org
BUG=v8:1543
TEST=

Review URL: http://codereview.chromium.org/7799026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-16 13:38:30 +00:00
rossberg@chromium.org
07469fa5ae Make function proxies work as constructors. 
R=kmillikin@chromium.org
BUG=v8:1543
TEST=

Review URL: http://codereview.chromium.org/7628021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-16 12:26:29 +00:00
yangguo@chromium.org
3439ab60f7 Correcting a bogus assert outdated since r9295. 
Review URL: http://codereview.chromium.org/7909002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 12:47:06 +00:00
jkummerow@chromium.org
fcc2e65aad Change global const handling to silently ignore redeclarations 
and make window.{Infinity,NaN,undefined} read-only as per ES5

BUG=89490
TEST=mjsunit/const-redecl.js, mjsunit/undeletable-functions.js, es5conform, sputnik

Review URL: http://codereview.chromium.org/7811015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 12:00:30 +00:00
yangguo@chromium.org
327eb48ce6 Enable slices of external strings (in the tentative implementation). 
TEST=cctest test-strings/SliceFromExternal, mjsunit/string-slices.js

Review URL: http://codereview.chromium.org/7832002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 11:10:01 +00:00
fschneider@chromium.org
9e4663a8d9 Enable inlining of functions that reference context slots. 
Review URL: http://codereview.chromium.org/7887038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 10:57:47 +00:00
yangguo@chromium.org
48b5328bde Fixing issue 1639, debugger stops stepping outside evaluate. 
BUG=v8:1639

Review URL: http://codereview.chromium.org/7889039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 07:23:31 +00:00
keuchel@chromium.org
96de832c89 Mark variables as being accessed from any inner scope, not only function scopes 
BUG=96523
TEST=mjsunit/regress/regress-96523.js

Review URL: http://codereview.chromium.org/7890031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9281 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 13:51:29 +00:00
keuchel@chromium.org
a392f5bf70 Fix scope iteration when debugging global code. 
TEST=mjsunit/debug-scopes.js

Review URL: http://codereview.chromium.org/7890007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 11:20:31 +00:00
kmillikin@chromium.org
63bec78428 Revert "MIPS: port Remove in-loop tracking for call ICs." 
Committed incorrectly.

TBR=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7890026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 08:08:16 +00:00
kmillikin@chromium.org
f9e2922b12 MIPS: port Remove in-loop tracking for call ICs. 
port r9260 (af9cfd83).

Original commit message:
We passed this flag around in a lot of places and had differenc call
ICs based on it, but never did any real specialization based on its
value.

BUG=
TEST=

Review URL: http://codereview.chromium.org/7886028
Patch from Paul Lind <plind44@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 08:04:47 +00:00
rossberg@chromium.org
40880d3206 Fixed spurious character in test case, plus presubmit issues. 
Also addressed Slava's complaint about the personalized comment.

R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7886032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 07:30:51 +00:00
rossberg@chromium.org
28f7136ced Fix for .bind regression. 
R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7892013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 17:14:39 +00:00
yangguo@chromium.org
321bfc549f Fixing r9265: moving test case into correct location. 
Review URL: http://codereview.chromium.org/7889008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 16:11:05 +00:00
yangguo@chromium.org
fc2c22dd2b Adding test case for issue 1639, fixed by r9264. 
BUG=v8:1639

Review URL: http://codereview.chromium.org/7889006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 15:08:36 +00:00
rossberg@chromium.org
ff5c242a47 Test (and fix) all exception paths that can occur with proxies. 
R=kmillikin@chromium.org
BUG=v8:1543
TEST=

Review URL: http://codereview.chromium.org/7623013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9261 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 13:07:20 +00:00
rossberg@chromium.org
e645597aa7 Implement function proxies (except for their use as constructors). 
Introduce new %Apply native.

Extend Execution::Call to optionally handle receiver rewriting (needed for %Apply).

Fix Function.prototype.bind for functions that have .apply modified.

R=kmillikin@chromium.org
BUG=v8:1543
TEST=

Review URL: http://codereview.chromium.org/7623011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 11:42:57 +00:00
mstarzinger@chromium.org
aae949ba10 Fix parent of the WeakMap prototype. 
R=rossberg@chromium.org
BUG=v8:1565
TEST=mjsunit/harmony/weakmaps

Review URL: http://codereview.chromium.org/7890003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 09:45:10 +00:00
sgjesse@chromium.org
81df4a42e4 Support for precise stepping in functions compiled before debugging was started (step 1) 
This change will ensure that all non-optimized code will be compiled
with debug break slots when debugging is initiated. This is handled by
scanning the heap for non-optimized functions without debug break slots and setting their code to be lazy recomplied. When the lazy recompilation happens the code will ge generated with debug break slots (if debugging is still active at that point in time).

R=svenpanne@chromium.org
Currently this is only implemented for functions which do not have activations on the stack.

BUG=
TEST=

Review URL: http://codereview.chromium.org//7839030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 08:31:21 +00:00
jkummerow@chromium.org
3ec371690c d8 external array c'tors: allow parameters that can be converted to numbers 
BUG=v8:1681
TEST=d8 accepts: var a = new Int32Array("2");

Review URL: http://codereview.chromium.org/7867036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-12 12:42:05 +00:00
mikhail.naganov@gmail.com
57b9e9d968 Revert accidental r9229 and r9230 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-12 10:50:40 +00:00
mikhail.naganov@gmail.com
03d325da08 add test 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-12 10:42:25 +00:00
danno@chromium.org
df860eda5c Don't allow seal or element property re-definition on external arrays. 
R=ricow@chromium.org
BUG=95920
TEST=test/mjsunit/regress/regress-95920.js

Review URL: http://codereview.chromium.org/7858031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-09 14:30:00 +00:00
yangguo@chromium.org
f877f7bda2 Fixing presubmit error. 
Review URL: http://codereview.chromium.org/7839031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9181 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-07 16:15:48 +00:00
lrn@chromium.org
2c8680cc46 Avoid size increase of snapshot. 
The prototype of builtin functions is already unwritable, so we don't
have to make it so (the default map for functions changes after builtins
are initialized).

We no longer need to make the prototype non-extensible, since all properties
that are ever read by the bultins code has been added and frozen already.
Adding properties to the prototype, or changing its __proto__, cannot affect
code.

Removing these two pieces of initialization code reduces the snapshot size
by a few Kb.

Review URL: http://codereview.chromium.org/7839028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-07 11:56:06 +00:00
kmillikin@chromium.org
94777e213d Remove variable rewrites and the unneccesary Slot class. 
R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7824038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9162 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-07 11:02:31 +00:00
kmillikin@chromium.org
8b165d414f Fix a bug in abrupt exit from with or catch inside finally. 
When with or catch is nested inside finally, we were not properly restoring
the context in the stack for the finally code.  Also, as a small
optimization, restore it from the handler block instead of iteratively
unwinding contexts.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7837023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-07 09:21:44 +00:00
keuchel@chromium.org
85a5b6d3c4 Getting rid of ExitContextStatement for scoped blocks. 
Review URL: http://codereview.chromium.org/7835027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 22:00:59 +00:00
keuchel@chromium.org
edd893a159 Simplfy handling of exits from scoped blocks. 
BUG=
TEST=mjsunit/harmony/block-leave.js

Review URL: http://codereview.chromium.org/7792100

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9157 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 21:48:32 +00:00
keuchel@chromium.org
0820205316 Avoid dynamic lookup when initializing let declared variables. 
'Let's inside a 'with' would initialize the variable
using the StoreContextSlot runtime function which
would fail because it checks that the variable does
not hold the hole value.

Review URL: http://codereview.chromium.org/7792098

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9156 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 21:22:35 +00:00
yangguo@chromium.org
8b82ad274f Put test directories of d8-os tests into /tmp/. 
Review URL: http://codereview.chromium.org/7835040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9154 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 14:48:08 +00:00
jkummerow@chromium.org
09c66d20ce Fix possible crash in FixedDoubleArray::Initialize() 
(this only affected ia32).

BUG=95113
TEST=mjsunit/regress/regress-95113.js passes without crashing.

Review URL: http://codereview.chromium.org/7833040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 14:07:54 +00:00
vegorov@chromium.org
d451878c91 Fix bug in Page::GetRegionMaskForSpan. 
When checking for a wrap take into account offset of the start address in the region.

BUG=http://crbug.com/94425
TEST=test/mjsunit/regress/regress-94425.js
Review URL: http://codereview.chromium.org/7779037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 11:24:48 +00:00
ricow@chromium.org
0fbf8c8854 Add regression test for issue 1215, expand regression test for issue 1447. 
Both these issues has now been closed since they are working on bleeding edge.
Review URL: http://codereview.chromium.org/7739024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 07:43:51 +00:00
lrn@chromium.org
ffffa716c5 Lock the prototype of internal classes. 
Prototypes and their properties and methods are locked down to prevent fiddling with their operation, even if the build-in object leaks.

Made some built-in functions only work during bootstrapping.

Review URL: http://codereview.chromium.org/7799027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-05 07:30:35 +00:00
keuchel@chromium.org
ccd2cd8f64 Prune empty block scopes from scope tree 
BUG=
TEST=

Review URL: http://codereview.chromium.org/7825006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-02 12:43:28 +00:00
lrn@chromium.org
b7eb138eab The spec (15.1.2.2 parseInt (string , radix)) says ToString should be called before ToInt32. 
http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf

In the current implementation, the order is reversed. So this webkit test (https://bugs.webkit.org/show_bug.cgi?id=65366) fails on Chromium.

BUG=1649
TEST=parse-int-float.js

Review URL: http://codereview.chromium.org/7740080

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-02 11:38:40 +00:00
keuchel@chromium.org
d434d3158c Detect conflicting variable bindings in harmony mode. 
BUG=
TEST=mjsunit/harmony/block-conflicts.js

Review URL: http://codereview.chromium.org/7756014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9102 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 12:31:18 +00:00
yangguo@chromium.org
86a62d0da3 Added check for trailing whitespaces and corrected existing violations. 
Review URL: http://codereview.chromium.org/7826007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:28:10 +00:00
ricow@chromium.org
4e94cd8b08 Make arguments and caller always be null on native functions (fixes issue 1548 and issue 1643). 
With this change we follow Firefox, Safari has a slightly different approach where the property is just not there (at least according to GetOwnProperty). 
Review URL: http://codereview.chromium.org/7792054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:09:11 +00:00
vegorov@chromium.org
e833f91eb3 Do constant function check earlier in TryCallApply and ensure correct environment for deopt. 
R=kmillikin@chromium.org
BUG=v8:1650
TEST=test/mjsunit/regress/regress-1650.js
Review URL: http://codereview.chromium.org/7812033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 10:33:59 +00:00
yangguo@chromium.org
ccb262ea3a Changed test expectations for ARM and MIPS. 
Review URL: http://codereview.chromium.org/7778042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-31 14:12:25 +00:00
fschneider@chromium.org
ffc6c7e56b Introduce local function declarations in Crankshaft and fix issue 1647. 
We have to emit code for declarations later into the body block
(and not into the start block) so that the environment contains
the correct values.

In order to capture the environment effect of the declarations
that generate code (function declarations) I inserted a separate
AST id and a HSimulate after the declarations are visited.

Also fixes handling deopt in named function expressions:
BUG=v8:1647
TEST=test/mjsunit/regress/regress-fundecl.js, test/mjsunit/regress/regress-1647.js
Review URL: http://codereview.chromium.org/7776009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-31 13:26:08 +00:00
keuchel@chromium.org
42388ad5c7 Temporal dead zone behaviour for let bindings. 
BUG=
TEST=mjsunit/harmony/block-let-semantics.js

Review URL: http://codereview.chromium.org/7671042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-30 11:23:57 +00:00
mstarzinger@chromium.org
c6e42e1bfa Fix initial prototype of WeakMap function. 
The bootstrapper accidentally overwrote the constructor property of the Object
prototype because it used initial_object_prototype() as prototype for WeakMap.
Unfortunately this is not possible for experimental natives because they are
installed after the snapshot initialization finished.

R=erik.corry@gmail.com
TEST=mjsunit/mirror-object,mjsunit/harmony/weakmaps

Review URL: http://codereview.chromium.org/7624041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9067 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-30 09:35:20 +00:00