ulan@chromium.org
a50aca97a2
Reland r20692 "Check stack limit in ArgumentAdaptorTrampoline."
...
BUG=353058
LOG=N
TEST=mjsunit/regress/regress-353058
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/236633006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 08:26:26 +00:00
mstarzinger@chromium.org
39137c81e6
Fix bogus Object.isSealed check in some Array builtins.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/237253002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 08:25:42 +00:00
bmeurer@chromium.org
6b4d4b7287
Reland "Track field types.".
...
This is an initial step towards tracking the exact types instead of just
the representations of fields. It adds support to track up to one map of
heap object field values, eliminating various map checks on values
loaded from such fields, at the cost of making stores to such fields
slightly more expensive.
Issues with transitioning stores and fast object literals in Crankshaft
fixed.
TEST=mjsunit/field-type-tracking
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/238773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 07:36:47 +00:00
rossberg@chromium.org
7b7f787e3b
Re-reland "More tests for Union & Intersect"
...
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/237143002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 15:35:36 +00:00
yangguo@chromium.org
01fc2ab69b
Allow allocation and GC in access check callbacks.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/234913003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 14:03:20 +00:00
hpayer@chromium.org
c1435b0832
Don't run tests that rely on compaction when compaction is turned off.
...
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/236203010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 13:52:41 +00:00
ulan@chromium.org
8b445aaa5f
Fix result of LCodeGen::DoWrapReceiver for strict functions and builtins.
...
BUG=362128
LOG=Y
TEST=mjsunit/regress/regress-362128
R=jacob.bramley@arm.com
Review URL: https://codereview.chromium.org/226363007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:58:18 +00:00
mstarzinger@chromium.org
b280ad6c44
Try to switch Array builtins into strict mode.
...
R=rossberg@chromium.org
TEST=mjsunit,test262,webkit
Review URL: https://codereview.chromium.org/233083003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:24:40 +00:00
verwaest@chromium.org
de50f63f16
Clean up the public interface of Map.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/234573005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:19:37 +00:00
rossberg@chromium.org
b73257b7a3
Revert "Reland "More tests for Union & Intersect""
...
Need to reproduce wrong result only occurring with ASAN.
TBR=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/236873002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 09:46:56 +00:00
mvstanton@chromium.org
a9db3bc868
Some tests and simplified TransitionArray copying
...
Tests for verifying that we deal correctly with shrinking transition
arrays while allocating a copy of one.
Also, we can rely on a transition array only shrinking and not
disappearing during gc while copying one.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/232883003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:58:00 +00:00
rossberg@chromium.org
a3d743b470
Reland "More tests for Union & Intersect"
...
Fixes size approximation in Intersect. Also lowers the number of fuzzed types in test, to address time-outs.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/226523004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:46:39 +00:00
yangguo@chromium.org
7d987b3744
Allow GetScriptNameOrSourceURL to be called with exception pending.
...
R=jarin@chromium.org , ishell@chromium.org
Review URL: https://codereview.chromium.org/235943006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:27:00 +00:00
jarin@chromium.org
c1a3ab6b4f
Revert "Track field types."
...
Revert r20701.
TBR=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/236843002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:24:15 +00:00
marja@chromium.org
d70f78827e
Fail the compilation if the cached data is invalid.
...
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/234953002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 07:35:46 +00:00
bmeurer@chromium.org
9cf3909975
Track field types.
...
This is an initial step towards tracking the exact types instead of just the representations of fields. It adds support to track up to one map of heap object field values, eliminating various map checks on values loaded from such fields, at the cost of making stores to such fields slightly more expensive.
TEST=mjsunit/field-type-tracking
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/167303005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 06:29:15 +00:00
ulan@chromium.org
68bbdaf28d
Skip mjsunit/regress/regress-353058 for ASAN and ARM until r20692 is relanded.
...
TBR=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/232463005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 17:03:35 +00:00
ulan@chromium.org
4268ce0abd
Check stack limit in ArgumentAdaptorTrampoline.
...
BUG=353058
LOG=N
TEST=mjsunit/regress/regress-353058
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/215853005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:39:19 +00:00
ulan@chromium.org
49d951d043
Do not call user defined getter of Error.stackTraceLimit.
...
Handlify GetNormalizedProperty.
BUG=360733
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/233243005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:16:36 +00:00
yangguo@chromium.org
80a974ba00
Reland "Handlify GetProperty."
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/235083002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 12:47:34 +00:00
dcarney@chromium.org
ee9f7f8942
Revert "More tests for Union & Intersect"
...
This reverts r20684.
TBR=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/235133002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 12:33:20 +00:00
mvstanton@chromium.org
c5eaf80707
Handlify Map::CopyDropDescriptors().
...
* And contain knowledge better in TransitionArray and DescriptorArray (for example WhitenessWitness is now private to DescriptorArray).
* And remove some factory methods
* And handlify some other things.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/234783002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 12:13:53 +00:00
yangguo@chromium.org
93c9717473
Revert "Handlify GetProperty."
...
This reverts r20682.
TBR=dcarney@chromium.org
Review URL: https://codereview.chromium.org/234893003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 11:56:54 +00:00
rossberg@chromium.org
80d8460a20
More tests for Union & Intersect
...
Some fixes of corner cases on the way
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/230923005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 11:53:35 +00:00
marja@chromium.org
069d783a91
Remove the PreCompile API and ScriptData.
...
The new compilation API (ScriptCompiler::Compile) can produce the same data, so
the separate precompilation phase is not needed. ScriptData is replaced by
ScriptCompiler::CachedData.
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/225753004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 11:44:49 +00:00
yangguo@chromium.org
a3d68ca64d
Handlify GetProperty.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/233233004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20682 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 11:26:22 +00:00
yangguo@chromium.org
380ae9810e
Return MaybeHandle from Invoke.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/231883007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 10:41:09 +00:00
ulan@chromium.org
ff953ac055
Make maps in monomorphic IC stubs weak.
...
Maps in monomorphic Load, KeyedLoad, Store, KeyedStore, and CompareNil IC
stubs are treated as weak references by the marking visitor.
During generation of an IC stub with a weak map, the stub is appended to the
dependent code array of the map. When the map dies, all stubs in its dependent
code array are invalidated by setting embedded maps to undefined.
BUG=v8:2073
LOG=Y
TEST=cctest/test-heap/WeakMapInMonomorphic*IC
R=mstarzinger@chromium.org , verwaest@chromium.org
Review URL: https://codereview.chromium.org/188783003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 10:36:09 +00:00
yangguo@chromium.org
a640707213
Implement handlified String::Equals and Name::Equals.
...
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/225823003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 07:27:25 +00:00
jarin@chromium.org
166ec11e43
Avoid type assertion on object comparison in Hydrogen - the comparison is unreachable because of previous checks.
...
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/232053004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:45:24 +00:00
svenpanne@chromium.org
b460910644
x64: Make sure that the upper half of a 64bit register contains 0 for int32 values.
...
BUG=360611
LOG=y
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/225393005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20664 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:32:06 +00:00
jarin@chromium.org
fd988331ea
There is no definition for HArgumentsObject, so LDummyUse confuses the register allocator. I have recently made similar fix for HCapturedObject (see https://codereview.chromium.org/222283002/ ).
...
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/226613007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:29:51 +00:00
danno@chromium.org
2e9902b22a
Partially fix semantics of Array.push()
...
Semantics of elements accessors are now preserved in all optimized code paths
through Array.push(). Previously it was possible to have inconsistent behavior
between optimized and unoptimized code, and there were cases where element
accessors were completely ingored.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/232873002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 13:17:48 +00:00
bmeurer@chromium.org
990b57ba1d
Treat uninitialized as internal type.
...
TEST=cctest/test-types
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/232913002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 11:51:03 +00:00
rossberg@chromium.org
cf4eddd3f8
Yet more type system tests
...
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/232843002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 11:49:18 +00:00
svenpanne@chromium.org
5bddec047d
Do not use ranges after range analysis.
...
Due to the SSA vs. SSI difference, we are only allowed to use the
flags computed during range analysis, not the ranges themselves. For
the case at hand, there is no such flag, so the condition is simply
remvoed.
BUG=361608
LOG=y
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/232553004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:40:17 +00:00
ishell@chromium.org
32735ae3a9
Object::GetElements() and friends maybehandlification.
...
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/231103002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20644 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:20:11 +00:00
bmeurer@chromium.org
c5b6e76ada
Fix compiler warnings on Win64.
...
TEST=cctest/test-types
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/232773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:14:46 +00:00
bmeurer@chromium.org
4620ae5cf1
Fix symmetry of Maybe() predicate. Fix bug in NowContains() predicate.
...
Add tests for TypeImpl::Of(), TypeImpl::NowOf() and
TypeImpl::NowContains(). Improves the implementation of
TypeImpl::NowIs() to match that of TypeImpl::NowContains().
Mark test-types with NO_VARIANTS to speedup testing, since
the variants do not affect the type system at all.
Also improve test coverage for types.
TEST=cctest/test-types
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/230673002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 08:04:50 +00:00
bmeurer@chromium.org
5a564648dd
Improve reproducibility of test runs.
...
Add random seed to run-tests.py, using either a user supplied
value or a random number generated by random.SystemRandom().
This same random seed is passed to all test cases, making sure
that we can easily reproduce test failures that depend on
random numbers (i.e. bugs related to our handwritten ASLR).
Also fix all uses of rand() to make use of our RNG class
instead.
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/231443002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 07:25:49 +00:00
mvstanton@chromium.org
41b6c8a0f1
Handlefy Descriptor and other code in objects.cc
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/228333003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 14:26:32 +00:00
machenbach@chromium.org
1b841f369d
Fix test expectations for nosnap windows.
...
BUG=v8:3216
LOG=n
TBR=dcarney@chromium.org
Review URL: https://codereview.chromium.org/230913002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 14:01:03 +00:00
jarin@chromium.org
008a70c47b
Revert "Make new space iterable when transitioning double array to objects"
...
This reverts r20603.
BUG=
Review URL: https://codereview.chromium.org/230863003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:39:03 +00:00
ishell@chromium.org
74e7a4ad07
ElementsAccessor::SetLength() maybehandlified.
...
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/229943006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20621 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:16:19 +00:00
jarin@chromium.org
57d70c149c
Avoid hydrogen compare-objects-equal assertions in dead code
...
ClusterFuzz test is triggering assertions for dead code. This fix issues
HDeoptimize instruction when it finds out that the compare instruction
is dead (because of previous checks).
R=yangguo@chromium.org
BUG=359491
LOG=N
Review URL: https://codereview.chromium.org/228883005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:08:28 +00:00
machenbach@chromium.org
3d427b5599
Skip tests in nosnap mode.
...
Depends on https://codereview.chromium.org/230743002/ .
BUG=v8:3216
LOG=n
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/230583003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:01:54 +00:00
jochen@chromium.org
dc4ba08d17
Allow the embedder to pass the virtual memory limit to v8
...
The getrlimit() call might be sandboxed, so it's not safe to use it.
BUG=none
R=mstarzinger@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/228923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:45:56 +00:00
yangguo@chromium.org
4df132a878
Fix argument expectation Runtime_StringParseInt.
...
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/230693002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:33:51 +00:00
yangguo@chromium.org
aee76a059a
Remove calls to non-handlified version of GetProperty(name).
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/229973004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:21:47 +00:00
bmeurer@chromium.org
a0ac88db82
Fix various bugs in the type systems, and improve test coverage.
...
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/230463003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 11:12:15 +00:00