AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jkummerow@chromium.org	511edabed2	Fix HGraphBuilder::BuildAddStringLengths length == String::kMaxLength is fine and should not bail out. BUG=chromium:357052 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/222113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-02 12:24:42 +00:00
rossberg@chromium.org	45118bfdfb	Make invalid LHSs that are calls late errors Necessary for web legacy compatibility. Also fold in additional strict mode checks into LHS checks. Minor constness clean-ups on the way. R=marja@chromium.org BUG=chromium:358346 LOG=Y Review URL: https://codereview.chromium.org/217823003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-02 11:03:05 +00:00
dslomov@chromium.org	19c354b7b0	Support typed arrays in IsMoreGeneralElementsKindTransition. R=verwaest@chromium.org BUG=357054 LOG=Y Review URL: https://codereview.chromium.org/220403004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20410 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 16:41:35 +00:00
yangguo@chromium.org	64901004be	Smi immediates are not supported on x64. Do not use it. R=jkummerow@chromium.org BUG=358059 LOG=N Review URL: https://codereview.chromium.org/217083003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 15:32:06 +00:00
mvstanton@chromium.org	d93c906acc	Monomorphic prototype failures should be reserved for already-seen keys. We incorrectly mark a KeyedStoreIC miss as a monomorphic prototype failure even though it's the first time a particular (string) key has been seen. BUG=358088 R=verwaest@chromium.org LOG=N Review URL: https://codereview.chromium.org/219313002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 14:16:54 +00:00
yangguo@chromium.org	10abff3498	Remove internalized cons string types. Currently, internalizing a cons string could result in either an in-place converted internalized cons string or a newly created internalized sequential string, depending on allocation success. The former could end up being embedded into an IC, which is not supported. R=mstarzinger@chromium.org BUG=357103 LOG=N Review URL: https://codereview.chromium.org/218993011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 11:30:31 +00:00
jarin@chromium.org	5607582f3b	We should perform the illegal redeclaration check earlier so that we do not confuse the AST typer with missing type feedback nodes. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/218493007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 16:45:46 +00:00
rossberg@chromium.org	282a7ca14e	Fix Type::Intersect to skip uninhabited bitsets R=verwaest@chromium.org, bmeurer@chromium.org BUG=chromium:357330 LOG=Y Review URL: https://codereview.chromium.org/219333003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:53:21 +00:00
dslomov@chromium.org	b3148d921e	Fix PrepareKeyedOperand on arm. When additional_offset is specified, the 'key' operand can be negative and still pass the bounds check. Therefore, when converting key from Smi, arithmetic and not logical shift must be used. R=verwaest@chromium.org BUG=358057 LOG=Y Review URL: https://codereview.chromium.org/219473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:14:28 +00:00
jarin@chromium.org	d02e1f2c25	Fix left trimming check for large objects BUG=358090 TEST=test/mjsunit/regress/regress-358090.js LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/213833008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:01:46 +00:00
verwaest@chromium.org	019e27d8db	Reland and fix "Fix LoadFieldByIndex to take mutable heap-numbers into account."" BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/218663005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 14:21:04 +00:00
yangguo@chromium.org	c0fa861726	Do not check for interrupt when allocating stack locals. R=dcarney@chromium.org BUG=357137 LOG=N Review URL: https://codereview.chromium.org/219373004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20357 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 14:14:54 +00:00
jochen@chromium.org	163044e7ba	Revert 20348 - "Fix LoadFieldByIndex to take mutable heap-numbers into account." Reason for revert: crashes benchmarks/sunspider/string-fasta on ia32.debug This also reverts r20350 and r20352 > Fix LoadFieldByIndex to take mutable heap-numbers into account. > > BUG= > R=ishell@chromium.org > > Review URL: https://codereview.chromium.org/213213002 BUG=none LOG=n TBR=verwaest@chromium.org Revert "Use sarq on x64" This reverts commit e2a8ef9321345c6bc091054443bf2b9535ff6b1c. Revert "Don't \| int and bool" This reverts commit c90d713d3a8ceba4fec41933a63beb6e50a3d7c0. Review URL: https://codereview.chromium.org/219393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 13:23:32 +00:00
jochen@chromium.org	b7039334ae	Revert 20313 - "Ship promises and weak collections" > R=mstarzinger@chromium.org > BUG= > > Committed: https://code.google.com/p/v8/source/detail?r=20211 > > Review URL: https://codereview.chromium.org/206163004 R=rossberg@chromium.org TBR=rossberg@chromium.org LOG=y BUG=n Review URL: https://codereview.chromium.org/219303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 12:40:32 +00:00
verwaest@chromium.org	55a6318560	Fix LoadFieldByIndex to take mutable heap-numbers into account. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/213213002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 11:59:29 +00:00
jarin@chromium.org	d65fe51ca0	Add missing lazy deopt point for the TransitionElementsKind instruction. R=mvstanton@chromium.org, yangguo@chromium.org BUG=357105 TEST=test/mjsunit/regress/regress-357105.js LOG=N Review URL: https://codereview.chromium.org/216963002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 11:58:53 +00:00
jochen@chromium.org	a2f82479c4	Skip crashing harmony mjsunit tests on NaCL BUG=none TBR=machenbach@chromium.org LOG=n Review URL: https://codereview.chromium.org/219043002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 07:54:22 +00:00
dslomov@chromium.org	bd353dc3a0	Inline internal getters for typed arrays & friends. R=hpayer@chromium.org, yangguo@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=20330 Review URL: https://codereview.chromium.org/212603014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 15:25:24 +00:00
dslomov@chromium.org	c873e813c5	Revert "Inline internal getters for typed arrays & friends." This reverts commit r20330 for breaking arm64 nosnap tests. TBR=svenpanne@chromium.org Review URL: https://codereview.chromium.org/216993002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 13:33:50 +00:00
dslomov@chromium.org	6d91c1e77f	Inline internal getters for typed arrays & friends. R=hpayer@chromium.org, yangguo@chromium.org Review URL: https://codereview.chromium.org/212603014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 12:02:52 +00:00
jarin@chromium.org	9e655afdb4	Reland "Fix property enum cache creation to include only own properties" Reland r20308 (reverted by r20310). TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/216383003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 06:59:20 +00:00
adamk@chromium.org	c2bbd9f9e2	Don't pass the hole to SetElement when creating Array.observe change records Also added comments to remind us why we were using the hole here in the first place (it's used for the case where Object.observe, rather than Array.observe, has been called on Array that's undergoing truncation). BUG=356589 LOG=N R=rossberg@chromium.org Review URL: https://codereview.chromium.org/213823002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20316 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 18:29:07 +00:00
rossberg@chromium.org	826cf64fd3	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Committed: https://code.google.com/p/v8/source/detail?r=20211 Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:42:34 +00:00
jarin@chromium.org	af74f1206e	Revert "Fix property enum cache creation to include only own properties" This reverts commit 4cf47a20b4846cf050ea4844433e9c57654da34e. BUG= Review URL: https://codereview.chromium.org/214893002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:18:42 +00:00
rossberg@chromium.org	ddedf5c309	Harden internal uses of .chain R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/212553009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:11:23 +00:00
jarin@chromium.org	4608bdeccc	With this fix, we only create the enum cache for own property descriptors (originally we cached all descriptors in the map). The problem was that the size of all descriptors could be trimmed during GC triggered by allocating the storage for the cache, so we could have ended up with a wrong storage size. This is really Toon's fix, I have only created a small repro case. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/212673011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 15:33:06 +00:00
dslomov@chromium.org	4cdfb46a6d	Fix JSObject::SetElement for fixed typed array elements. R=ulan@chromium.org BUG=357108 LOG=N Review URL: https://codereview.chromium.org/214543003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 12:54:26 +00:00
svenpanne@chromium.org	fe58e3d7b8	Removed 'executable' bits from mjsunit tests. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/214413006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 12:32:27 +00:00
ulan@chromium.org	5eabc4b802	Run tests on android_arm64. R=rmcilroy@chromium.org Review URL: https://codereview.chromium.org/210773003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 10:06:53 +00:00
yangguo@chromium.org	9be61ddb8a	Hide some runtime functions. R=dslomov@chromium.org Review URL: https://codereview.chromium.org/212163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 15:51:48 +00:00
danno@chromium.org	0a0f12b841	[x64] Improve key value sign-extension of dehoisted LoadKeyed/StoreKeyed Instead of sign-extending at key use, definitions that can be used as keys are sign extended immediately after the definition. R=danno@chromium.org Review URL: https://codereview.chromium.org/179773002 Patch from Weiliang Lin <weiliang.lin@intel.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20284 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 15:51:08 +00:00
jarin@chromium.org	10606aa756	Fix missing representation for the result of HIsSmiAndBranch. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/211273010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20280 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 13:14:08 +00:00
dslomov@chromium.org	76b8f25edb	This implements allocating small typed arrays in heap. R=mvstanton@chromium.org, verwaest@chromium.org Review URL: https://codereview.chromium.org/150813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 12:50:13 +00:00
svenpanne@chromium.org	58c45cdd03	Mark debug-stepout-scope-part8 as flaky for ARM gc-stress. TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/212253005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 08:57:21 +00:00
dslomov@chromium.org	f66af4feb4	Refactor optimized in hydrogen only runtime functions. This splits all runtime function into 3 categories: 1) RUNTIME: implemented in runtime and called from both full and optimized code. 2) RUNTIME_HIDDEN: implemented in runtime, never called directly from JS builtins. 3) INLINE: inlined in both full and optimized code 4) INLINE_OPTIMIZED: inlined in optimized code, implemented in runtime for full code. R=yangguo@chromium.org, yannguo@chromium.org Review URL: https://codereview.chromium.org/209353006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:26:55 +00:00
verwaest@chromium.org	c432f7166c	Don't convert dictionary sloppy arguments to fast double mode. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/207683006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:14:58 +00:00
dslomov@chromium.org	cdc9812756	Revert "This implements allocating small typed arrays in heap." This reverts commit r20244 for breaking Win64 build and webkit tests. TBR=svenpanne@chromium.org Review URL: https://codereview.chromium.org/208503007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:12:58 +00:00
ulan@chromium.org	cb0f49c18a	Add index check in DoAccessArgumentsAt. BUG=355523 LOG=N TEST=mjsunit/regress/regress-355523 R=jarin@chromium.org Review URL: https://codereview.chromium.org/210053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 13:26:41 +00:00
dslomov@chromium.org	654b6a27d1	This implements allocating small typed arrays in heap. R=mvstanton@chromium.org, verwaest@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=20240 Review URL: https://codereview.chromium.org/150813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 13:21:58 +00:00
dslomov@chromium.org	727bc2153e	Revert "This implements allocating small typed arrays in heap." This reverts commit r20240 for breaking Windows build. TBR=svenpanne@chromium.org Review URL: https://codereview.chromium.org/211003003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 12:58:22 +00:00
dslomov@chromium.org	de690b656f	Allow to neuter array buffer twice in tests. R=jarin@chromium.org Review URL: https://codereview.chromium.org/209083005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 12:55:10 +00:00
dslomov@chromium.org	322a474bf2	This implements allocating small typed arrays in heap. R=mvstanton@chromium.org, verwaest@chromium.org Review URL: https://codereview.chromium.org/150813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 12:51:49 +00:00
rossberg@chromium.org	2e1b16de2a	Revert "Ship promises and weak collections" Reason: breaks Blink layout tests. R=machenbach@chromium.org BUG= Review URL: https://codereview.chromium.org/210853003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 10:57:52 +00:00
yangguo@chromium.org	793d4cb0b6	Fix issues when changing FLAG_concurrent_recompilation after init. R=jarin@chromium.org BUG=356053 LOG=N Review URL: https://codereview.chromium.org/210363005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:38:48 +00:00
yangguo@chromium.org	82f630a9f7	Reland "No longer OOM on invalid string length." R=ishell@chromium.org Review URL: https://codereview.chromium.org/210683003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:09:24 +00:00
titzer@chromium.org	3c31102025	First implementation of store elimination. BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/100253004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:06:16 +00:00
jarin@chromium.org	b765d3cdb9	Revert the (wrong) fix of the argument index check asserion. R=ishell@chromium.org BUG= Review URL: https://codereview.chromium.org/208423017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 21:32:19 +00:00
jarin@chromium.org	56f2006605	Fix to get around an assertion that triggers when generating code that happens to be dead because the assertion is checked a bit earlier at runtime. R=ishell@chromium.org BUG=355486 LOG=N Review URL: https://codereview.chromium.org/201573011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 20:51:36 +00:00
rossberg@chromium.org	33be68c2fa	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:59:04 +00:00
verwaest@chromium.org	e18e650582	Ensure the constant operand for heap-object store-named-field is not a smi. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/210193002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:25:48 +00:00
rossberg@chromium.org	6704bbce82	Spec adjustments for well-known symbols R=arv@chromium.org, mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/208423013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20204 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 15:45:52 +00:00
yangguo@chromium.org	72932ae417	Revert "No longer OOM on invalid string length." This reverts r20202. TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/210143002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 15:36:15 +00:00
yangguo@chromium.org	531217502c	No longer OOM on invalid string length. R=ishell@chromium.org BUG=v8:3060 LOG=Y Review URL: https://codereview.chromium.org/207613005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 15:01:17 +00:00
yangguo@chromium.org	9c0f5be8d1	Correctly convert micro-sign to its upper case. R=dcarney@chromium.org BUG=355485 LOG=N Review URL: https://codereview.chromium.org/209323007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20197 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 14:16:14 +00:00
yangguo@chromium.org	f1bacf8fff	Fix DebugEvaluate for generators. R=mstarzinger@chromium.org BUG=v8:3225 LOG=N Review URL: https://codereview.chromium.org/207153004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 14:10:57 +00:00
jkummerow@chromium.org	55d5b02244	Delete mjsunit/string-oom-slow-* tests. They are too slow, and there is no feasible way to speed them up. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/205553005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20186 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 10:37:16 +00:00
yangguo@chromium.org	15951521cc	Refactor inlined typed array runtime functions. R=dslomov@chromium.org Review URL: https://codereview.chromium.org/203443002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 08:22:24 +00:00
ulan@chromium.org	50ca2eb9f6	Add option to run ScopeIterator faster giving up nested scope chain. We'd like to be able to trade nested scope chain info (consisting of with, block and catch scopes) in favor of speed in some cases. BUG=chromium:340285 LOG=N R=ulan@chromium.org, pfeldman, ulan, yangguo Review URL: https://codereview.chromium.org/203463011 Patch from Andrey Adaykin <aandrey@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20162 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 12:30:58 +00:00
ulan@chromium.org	fc2563f108	Visit return statement of inlined function in value context. BUG=354357 LOG=N TEST=mjsunit/regress/regress-354357.js R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/206413005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 12:14:44 +00:00
ulan@chromium.org	f20a9473f3	Ensure that lazy deopt sequence does not override calls. BUG=354433 LOG=N TEST=mjsunit/regress/regress-354433.js R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/198463006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 11:02:15 +00:00
yangguo@chromium.org	f6f99310fe	Skip string-oom tests on nacl. R=machenbach@chromium.org TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/207633004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20152 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 10:34:07 +00:00
jochen@chromium.org	2ce0bebba1	Rename A64 port to ARM64 port BUG=354405 R=ulan@chromium.org, rodolph.perfetta@arm.com LOG=y Review URL: https://codereview.chromium.org/207823003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20148 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 09:28:26 +00:00
jkummerow@chromium.org	2b722b663e	Fix polymorphic hydrogen handling of SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:354391 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/206073008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 16:25:24 +00:00
rossberg@chromium.org	b3b6987b27	Reland "Implement ES6 symbol registry and predefined symbols" Only change relative to original CL is the updated assertion condition at objects-inl.h:2119 R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/204913006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 16:13:09 +00:00
yangguo@chromium.org	c9d391d87f	Fix assertions wrt concurrent OSR. R=ulan@chromium.org Review URL: https://codereview.chromium.org/206473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 15:23:31 +00:00
marja@chromium.org	e9358fa9ce	Increase the "local variables in a function" limit. The limit was originally added to avoid having large user-controlled constants (variable indexes) in the code generated by full-codegen. History behind this change: The original CL for adding the limit was https://codereview.chromium.org/7003030 and at that time, the limit was 32767. Reason for adding the limit (in CL comments): "The motivation behind this change is to avoid large user controlled constants in the code. The slot_operand used in the IA32 full code generator uses a relative load where the local index is an (negative) immediate." The limit was then bumped to 65535 by https://codereview.chromium.org/10965063 and to 131071 by https://codereview.chromium.org/11099063. R=dcarney@chromium.org, svenpanne@chromium.org, jkummerow@chromium.org, rossberg@chromium.org BUG=v8:3205 LOG=Y Review URL: https://codereview.chromium.org/206143004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 13:37:26 +00:00
rossberg@chromium.org	1088fbd1e7	Revert "Implement ES6 symbol registry and predefined symbols" TBR=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/204353004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20121 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 12:56:41 +00:00
yangguo@chromium.org	000be4d033	Reland "Throw exception on invalid string length instead of OOM." R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/199583007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20119 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 12:27:36 +00:00
rossberg@chromium.org	0f71f61799	Implement ES6 symbol registry and predefined symbols R=mstarzinger@chromium.org, arv@chromium.org BUG= LOG=Y Review URL: https://codereview.chromium.org/203243004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 12:26:27 +00:00
yangguo@chromium.org	a5a82ef123	Revert "Throw exception on invalid string length instead of OOM." This reverts r20112. TBR=yangguo@chromium.org Review URL: https://codereview.chromium.org/206383002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20114 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 11:11:28 +00:00
yangguo@chromium.org	9ba80269ee	Throw exception on invalid string length instead of OOM. R=bmeurer@chromium.org BUG=349329 LOG=Y Review URL: https://codereview.chromium.org/199853004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20112 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 10:49:33 +00:00
ulan@chromium.org	41eab25615	A64: Fix write barrier input in KeyedStoreIC::GenerateSloppyArguments. This fixes flaky crashes in gc-stress bot: > Fatal error in ../src/incremental-marking.cc, line 84 > CHECK(obj->IsHeapObject()) failed BUG=353551 LOG=N TEST=test/mjsunit/regress/regress-353551.js R=m.m.capewell@googlemail.com Review URL: https://codereview.chromium.org/204453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 08:32:58 +00:00
jkummerow@chromium.org	d9b6b6439d	Fix polymorphic keyed loads for SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:350867 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/203303010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-19 15:49:29 +00:00
mvstanton@chromium.org	535f3427ca	Pretenure call new support. When FLAG_pretenure_call_new is on, we emit mementos on new object creation in full code, and consume the feedback in crankshaft. A key difference in the generated code for stubs is the allocation of an additional type vector slot for the CallNew AST node, which simplifies the CallConstructStub and CallFunctionStub considerably. Some performance tuning still needs to be addressed, therefore the flag is off at this moment, though fully functional. The goal is to remove the flag as soon as possible, which allows much code deletion (yay). R=hpayer@chromium.org Review URL: https://codereview.chromium.org/132963012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-19 13:39:09 +00:00
rossberg@chromium.org	b7b40e2b84	Remove Promise.cast ...as per January meeting. Renames 'cast' to 'resolve'. We rename the prior 'resolve' to 'accept', to keep the chain API usable. R=svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/200763012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 15:03:35 +00:00
rossberg@chromium.org	aa250ea41a	Promises: make null a legal argument for .then R=svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/203453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 14:55:43 +00:00
ulan@chromium.org	487ca9e384	Fix TransitionElementsKindStub to handle non-JSArray objects correctly. BUG=352982 LOG=N TEST=mjsunit/regress/regress-352982.js R=danno@chromium.org Review URL: https://codereview.chromium.org/196343023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 13:29:29 +00:00
dslomov@chromium.org	6c01c3fd56	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Committed: https://code.google.com/p/v8/source/detail?r=20020 Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:55:29 +00:00
dslomov@chromium.org	a6224272fd	Revert "Apply numeric casts correctly in typed arrays and related code." This reverts commit r20020 for breaking Win64 build. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/199523006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20021 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:50:00 +00:00
dslomov@chromium.org	849187eab0	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:23:50 +00:00
rossberg@chromium.org	58d623f228	Stage ES6 promises and weak collections Split collections flag into weak and non-weak. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/201593004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 09:57:14 +00:00
verwaest@chromium.org	5aaa513630	Don't generate keyed store ICs for global proxies. BUG=352983 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/197873025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 17:19:39 +00:00
ulan@chromium.org	2cb4e78e74	Fix mjsunit/compiler/concurrent-invalidate-transition-map.js test. BUG=v8:3156 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/180053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20009 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 17:00:48 +00:00
ulan@chromium.org	e1e4071cbc	Fix date cache in strict mode. BUG=v8:3220 LOG=N TEST=mjsunit/regress/regress-3220.js R=rossberg@chromium.org Review URL: https://codereview.chromium.org/201753002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:47:58 +00:00
ishell@chromium.org	3b257c35e5	Fixed spec violation of storing to length of a frozen object. BUG=chromium:350890 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/196653015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:43:33 +00:00
jkummerow@chromium.org	e4a18df7d1	Fix ASSERT violation when BinaryOpIC::Transition recurses into itself BUG=chromium:352586 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/201313002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 14:51:31 +00:00
rossberg@chromium.org	c3c185c173	Make invalid LHSs a parse-time (reference) error This is required by the spec. It also prevents crashes resulting from the attempt to read type feedback for the RHS of an invalid assignment which full codegen never actually allocated info for. To do: check properly in preparser already. R=marja@chromium.org, mstarzinger@chromium.org BUG=351658 LOG=Y Review URL: https://codereview.chromium.org/200473003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 10:21:01 +00:00
jkummerow@chromium.org	dc458525ad	Fix typo in r19923 (bounds check offset propagation) BUG=chromium:352929 LOG=n R=ulan@chromium.org Review URL: https://codereview.chromium.org/201303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:38:01 +00:00
ishell@chromium.org	f77c51b0a6	Check elimination now sets known successor branch of HCompareObjectEqAndBranch (correctness fix). BUG=chromium:352058 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/196383018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:11:38 +00:00
mvstanton@chromium.org	e3f3f6d98b	Revert "Continued fix for 351257. Reusing the feedback vector is too complex." This reverts commit r19919. TBR=bmeuer@chromium.org Review URL: https://codereview.chromium.org/196343021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 08:31:21 +00:00
yangguo@chromium.org	33ea8185e9	Suppress test failures on GC-stress for A64. R=ulan@chromium.org BUG=v8:3219 LOG=N Review URL: https://codereview.chromium.org/197873021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 08:30:04 +00:00
verwaest@chromium.org	0f2a324c8a	Fix generalization with callbacks. BUG=352588 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/200173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 14:17:49 +00:00
mvstanton@chromium.org	11df4b8815	Fix for issue 351261. This relands the following fix: "HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included. (bug 347543)" along with additional fixes to KeyedStoreIC. BUG=351261 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/200113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:22:55 +00:00
ulan@chromium.org	2c99cba38b	Propagate updated offsets in BoundsCheckBbData. BUG=350863 LOG=Y TEST=mjsunit/regress/regress-350863.js R=bmeurer@chromium.org, jkummerow@chromium.org Review URL: https://codereview.chromium.org/197823009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:02:25 +00:00
bmeurer@chromium.org	358e176d50	Add regression test for range analysis bug. BUG=v8:3204 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/200103002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:54:26 +00:00
mvstanton@chromium.org	dd28969c1c	Continued fix for 351257. Reusing the feedback vector is too complex. Attempting to re-use the type feedback vector stored in the SharedFunctionInfo turns out to be difficult among the various cases. It will be much easier to do this when deferred type feedback processing is removed, as is in the works. Created bug v8:3212 to track re-introducing the optimization of reusing the type vector on recompile before optimization. The CL also brings back the type vector on the SharedFunctionInfo. BUG=351257 LOG=Y R=bmeurer@chromium.org, bmeuer@chromium.org Review URL: https://codereview.chromium.org/199973004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:28:37 +00:00
yangguo@chromium.org	0f71a24f3a	Correctly retain argument value when deopting from Math.round on x64. R=jkummerow@chromium.org BUG=351624 LOG=N Review URL: https://codereview.chromium.org/199013002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 13:57:21 +00:00
ulan@chromium.org	c64b78f6da	Check that constant is an integer before getting its value in HGraphBuilder::MatchRotateRight. BUG=351263 LOG=N TEST=mjsunit/regress/regress-351263 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/197803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 11:50:50 +00:00
yangguo@chromium.org	4e390c64f1	Harmony: move math features to es-staging. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/195123002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 09:51:59 +00:00
svenpanne@chromium.org	390d3a0b15	Make translation of modulus operation '--stress-opt'-proof. Note that we unconditionally deopt later, anyway, but our compilation pipeline has to survive long enough to reach that place. :-/ LOG=y BUG=352059 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/198833002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 09:37:16 +00:00
jarin@chromium.org	713aa33f2a	Fix of argument materialization of captured heap numbers. The escape analysis calculates the number of slots in an object as no-of-slots = object-size / pointer-size. This gives 3 slots for heap numbers on 32-bit architectures (one slot for the map, two for the double value); however, my argument materialization code assumed just two slots (map + value). Since Hydrogen allocates heap numbers quite rarely, it is hard to produce a more meaningful repro than the one provided by Clusterfuzz. Any suggestions are welcome. The fix is simple - we just read out all extra slots (beyond the map and the double) for heap numbers. R=mstarzinger@chromium.org BUG=351315 LOG=N Review URL: https://codereview.chromium.org/196283004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 07:17:37 +00:00
adamk@chromium.org	8bd05193c7	Reland "Enable Object.observe by default" again This re-re-re-lands enabling Object.observe. The Chromium tests that failed last time this was rolled into Chromium have been disabled in https://src.chromium.org/viewvc/chrome?view=revision&revision=256706 This patch should be safe to merge once that lands. BUG=v8:2409 LOG=Y TBR=rossberg@chromium.org,dslomov@chromium.org,rafaelw@chromium.org Review URL: https://codereview.chromium.org/198383002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19868 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 00:20:06 +00:00
jkummerow@chromium.org	f9ee4f19b4	Use intrinsics for builtin ArrayBuffer property accesses BUG=chromium:351787 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/197793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19862 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 19:25:40 +00:00
svenpanne@chromium.org	be328fd4ce	Disable special handling of flooring division by constant until it is fixed for real. Added a test to check the various division-like operations more exhaustively. R=bmeurer@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/194863002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19852 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 14:28:59 +00:00
verwaest@chromium.org	8735adb2c4	Don't fast RemoveArrayHoles in case of arguments arrays. BUG=351645 LOG=n R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/197043004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19848 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 13:42:18 +00:00
mvstanton@chromium.org	7477bc39ca	350884: KeyedStoreIC miss didn't handle a transitioning case. It's possible to get a transitioned map with no links to the origin map if it's a shared map. Code in KeyedStoreIC::StoreElementStub assumes it can check if two maps are in the same family by traversing the transition array. Long term, the "family" relationship should be recognized with the Normalized Map Cache. For now, allow the IC to remain monomorphic in this case if the receiver map and the previous receiver map are the same. Filed V8 issue 3210 (https://code.google.com/p/v8/issues/detail?id=3210) to track the issue with the Normalized Map Cache. BUG=350884 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/194623005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 13:35:40 +00:00
jkummerow@chromium.org	105c1e08b7	Fix HIsSmiAndBranch::KnownSuccessorBlock() by deleting it Constants can still change their representation, so we cannot determine reachability of blocks based on their Smi-ness BUG=chromium:351320 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/196943002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 10:14:29 +00:00
danno@chromium.org	ae1669b501	Fix handling of polymorphic array accesses with constant index R=jkummerow@chromium.org BUG=chromium:351319 LOG=Y Review URL: https://codereview.chromium.org/196353004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 10:11:38 +00:00
jkummerow@chromium.org	8a1812f252	Fix lazy deopt after tagged binary ops Also add policing code to ensure that optimized frames can in fact lazily deopt at their respective current PC when we patch them for lazy bailout. BUG=chromium:350434 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/194703008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 09:59:36 +00:00
dslomov@chromium.org	f6dac13dcb	Revert "Enable Object.observe by default" This reverts commit r19734 for breeaking ChromiumOS browser tests. 'OpenSpecialTypes/FileManagerBrowserTest.Test/3' started to time out, bisecting the roll led to this change. http://build.chromium.org/p/chromium.chromiumos/builders/Linux%20ChromiumOS%20Tests%20%282%29/builds/22224 TBR=rafaelw@chromium.org,rossberg@chromium.org BUG=v8:2409 LOG=Y Review URL: https://codereview.chromium.org/195123005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 18:15:44 +00:00
rossberg@chromium.org	85800eff3f	Fix issue with getOwnPropertySymbols and hidden properties When getting the symbols of an object we need to ignore the hidden properties of the prototype object since the hidden properties are represented by a single string key and we will not include that hidden string in the found names. BUG=350864 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/192883005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 16:46:35 +00:00
dcarney@chromium.org	62fc099334	fix bad access check check R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/195163002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 15:12:47 +00:00
rossberg@chromium.org	3f702d4bf9	Mode clean-up pt 1: rename classic/non-strict mode to sloppy mode R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/177683002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 14:39:08 +00:00
yangguo@chromium.org	6e1507331e	Fix bug in constant folding object comparisons. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/195063002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 13:34:01 +00:00
yangguo@chromium.org	dda0aa88b0	Revert "Mark mjsunit/string-case as flaky." This reverts r19760 since the issue has been fixed in r19755. R=dslomov@google.com, dslomov@chromium.org BUG=v8:3208 LOG=N Review URL: https://codereview.chromium.org/194823002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 11:38:53 +00:00
mvstanton@chromium.org	819d9f62d0	Fix for 350887: CHECK failure on new_length->IsSmi() In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to optimize setting array length if the new length is a smi. However, we refuse to set an array length to less than the index of the highest non-configurable array element. This index may be outside of smi range. Handle this case accordingly. BUG=350887 LOG=N R=dslomov@chromium.org Review URL: https://codereview.chromium.org/194803002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 10:30:10 +00:00
yangguo@chromium.org	1634e7de38	Fix assertion in RegExp parser to correctly expect stack overflow. Advance() always checks for stack overflow. If stack indeed overflowed, current() would hold the kEndMarker. ParseOctalLiteral does not expect this in the assertion, which causes assertion failure. R=mvstanton@chromium.org BUG=350865 LOG=N Review URL: https://codereview.chromium.org/192773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 15:52:10 +00:00
yangguo@chromium.org	e25d51cc85	Fix constant folding of %_IsMinusZero. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/190793015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 15:06:54 +00:00
dslomov@chromium.org	9eefbda27f	Mark mjsunit/string-case as flaky. BUG=v8:3208 LOG=N R=machenbach@chromium.org Review URL: https://codereview.chromium.org/192573004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 14:52:05 +00:00
yangguo@chromium.org	78d23e5662	Implement KnownSuccessor method to some control instructions. R=jkummerow@chromium.org BUG=v8:3118 LOG=N Review URL: https://codereview.chromium.org/174863002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 14:50:01 +00:00
verwaest@chromium.org	1180803953	Reland and fix "Allow ICs to be generated for own global proxy." BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/176793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 12:23:05 +00:00
rossberg@chromium.org	710ee827b5	Promise.all and Promise.race should reject non-array parameter. Promise.all and Promise.race should reject the returned Promise if an invalid parameter is given. Since they don't support iterable now, they should reject the Promise if a non-array parameter is given. BUG=347453 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/182613003 Patch from Yutaka Hirano <yhirano@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 12:01:06 +00:00
bmeurer@chromium.org	bf86e624d4	Reland "Handle non-power-of-2 divisors in division-like operations". Fixed the flooring div bug and added a test case. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/191293012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 10:39:17 +00:00
rafaelw@chromium.org	6503dfb72b	Reland "Enable Object.observe by default" Original Issue: https://codereview.chromium.org/183683022/ TBR=rossberg BUG=v8:2409 LOG=Y Review URL: https://codereview.chromium.org/189513010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-08 04:41:06 +00:00
rafaelw@chromium.org	0cc44c14e5	Revert "Enable Object.observe by default" TBR=rossberg BUG= Review URL: https://codereview.chromium.org/190853007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-08 03:54:42 +00:00
rafaelw@chromium.org	dcf9842e07	Enable Object.observe by default R=rossberg@chromium.org, rossberg BUG=v8:2409 LOG=Y Review URL: https://codereview.chromium.org/183683022 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-08 02:47:53 +00:00
yangguo@chromium.org	4f15fd2977	Reland "Introduce intrinsics for double values in Javascript." This relands r19704 with a fix to the test case. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/189823003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 14:58:41 +00:00
ulan@chromium.org	06af80d42d	Introduce Runtime_GetAllScopesDetails to get all scopes at once for a frame. This will reduce heavy ScopeIterator instantiations. Once incorporated into chromium, will give 30% speed boost. BUG=chromium:340285 LOG=Y R=ulan@chromium.org, Yang, rossberg, ulan Review URL: https://codereview.chromium.org/181063008 Patch from Andrey Adaykin <aandrey@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 11:03:35 +00:00
yangguo@chromium.org	143902bebf	Revert "Introduce intrinsics for double values in Javascript." This reverts r19704. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/189533008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 09:49:28 +00:00
verwaest@chromium.org	8a3d715250	Revert "Use Representation::Integer32() for smi types on 32-bit-tagged systems." Due to performance regression. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/189843006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 09:29:07 +00:00
yangguo@chromium.org	2aefde4443	Introduce intrinsics for double values in Javascript. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/178583006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 09:05:10 +00:00
yangguo@chromium.org	ea8368f471	Use fast path for sliced and external strings in ConvertCase. R=dcarney@chromium.org BUG=v8:3180 LOG=N Review URL: https://codereview.chromium.org/180063002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 08:36:18 +00:00
ishell@chromium.org	997ce05289	Fix for failing asserts in HBoundsCheck code generation on x64: use proper cmp operation width instead of asserting that Integer32 values should be zero extended. Similar to chromium:345820. BUG=349465 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/188703002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 16:22:47 +00:00
jkummerow@chromium.org	1cc0bafc07	Fix HConstants with Smi-ranged HeapNumber values BUG=chromium:349878 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/186123003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 16:21:09 +00:00
ulan@chromium.org	5af7d10af5	Mark mjsunit/whitespaces as slow and timeout for a64. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/182253008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 14:15:40 +00:00
mvstanton@chromium.org	6115a006fd	Bugfix for 349874: we incorrectly believe we saw a growing store When we set an out of bounds array index, the index might be so large that it causes the array to go to dictionary mode. It's better to avoid "learning" that this was a growing store in that case. This fix also partially reverts a fix for bug 347543, as this fix is comprehensive and satisfies that repro case as well (partial revert of v19591). BUG=349874 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/188643002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 13:07:51 +00:00
verwaest@chromium.org	cd6f3ef088	Only use the non-strict-arguments-stub if the store site is non-strict. BUG=349874 LOG=N R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/176843018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 12:19:06 +00:00
jkummerow@chromium.org	5ea3f0004a	Let HTransitionElementsKind take part in RestoreActualValues phase BUG=chromium:349853 LOG=n R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/183753005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 12:13:49 +00:00
yangguo@chromium.org	285f253af1	Remove outdated assertion scope. R=jkummerow@chromium.org BUG=349870 LOG=N Review URL: https://codereview.chromium.org/182003004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 11:51:53 +00:00
yangguo@chromium.org	e2e2f4050d	Fix issues with JSON stringify replacer array If the replacer array contains a property key we should include the property even if the property is non enumerable or if it is a non own property. String and Number wrappers in the replacer array should be treated as string and number values. R=yangguo@chromium.org BUG=v8:3200, v8:3201 LOG=Y Review URL: https://codereview.chromium.org/187053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:50:53 +00:00
verwaest@chromium.org	7bf33c53eb	Use Representation::Integer32() for smi types on 32-bit-tagged systems. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/187353005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:49:10 +00:00
verwaest@chromium.org	f913c3b492	Also delete force representations that have no uses. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/187773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:47:27 +00:00
jarin@chromium.org	52fd520c96	Fix materialization of captured objects in adapted arguments. R=mstarzinger@chromium.org BUG=348512 LOG=N Review URL: https://codereview.chromium.org/183063006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 12:57:18 +00:00
jarin@chromium.org	7ac668f753	Deoptimization fix for HPushArgument. HPushArgument should never be used in a simulation environment because the slot addresses for the arguments can be off (e.g., due to on-stack arguments object of an inlined caller). R=mstarzinger@chromium.org BUG=v8:3183 LOG=N Review URL: https://codereview.chromium.org/178193026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 12:45:46 +00:00
yangguo@chromium.org	26e4f4cc1c	Handle exception when retrieving toJSON function in JSON.stringify. R=mvstanton@chromium.org BUG=349335 LOG=N Review URL: https://codereview.chromium.org/187603002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 10:54:35 +00:00
jkummerow@chromium.org	3df5573195	x64: Fix LMathMinMax for constant Smi right-hand operands BUG=chromium:349079 LOG=y R=titzer@chromium.org Review URL: https://codereview.chromium.org/186593003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 09:49:07 +00:00
mstarzinger@chromium.org	ee8cbc4fc8	Fix issue with setting __proto__ on a value LOG=N BUG=v8:3172 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/174113003 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 08:58:38 +00:00
verwaest@chromium.org	1aeaeb2b90	Allow objects with "" properties to stay fast. R=danno@chromium.org Review URL: https://codereview.chromium.org/184453003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-04 12:43:05 +00:00
yangguo@chromium.org	b1a271a02c	Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique. R=titzer@chromium.org BUG=348280 LOG=N Review URL: https://codereview.chromium.org/183383006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-04 08:08:08 +00:00
ulan@chromium.org	b9e0b87a5a	Clear optimized code cache in shared function info when code gets deoptimized. This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info. This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js). This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache. BUG=343609 LOG=Y TEST=mjsunit/regress/regress-343609.js R=yangguo@chromium.org Review URL: https://codereview.chromium.org/184923002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-03 11:11:39 +00:00
rossberg@chromium.org	5543263c19	Move all Harmony-only tests to harmony/ R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/178583005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 14:26:32 +00:00
ishell@chromium.org	c2601aea8a	Check elimination did not mark some dead blocks. R=danno@chromium.org Review URL: https://codereview.chromium.org/180483003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 14:16:38 +00:00
svenpanne@chromium.org	e9273332ef	Fixed constant folding for Math.clz32. LOG=y BUG=347906 R=yangguo@chromium.org Review URL: https://codereview.chromium.org/184353002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 13:07:10 +00:00
jochen@chromium.org	ba981e58d5	Make a64.release a quickcheck target I marked all tests as slow that take more than a minute on my machine. With this, a64.release.quickcheck takes two minutes which is about as fast as arm.optdebug.quickcheck. BUG=none R=ulan@chromium.org LOG=n Review URL: https://codereview.chromium.org/183763008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 12:46:13 +00:00
mvstanton@chromium.org	b1ffc7901f	A JSArray may have a filler map in the elements pointer. We already have code that expects this, but incorrectly asserted that the filler map case would never happen when allocation folding is turned on. However, even folding has it's limits, bailing out of continued folding when the object size grows too large. Therefore, it's a general problem when verifying JSArray objects, that we might encounter a filler map in elements(). Discovered by ClusterFuzz crbug 347903. R=hpayer@chromium.org LOG=N BUG=347903 Review URL: https://codereview.chromium.org/184493002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 12:29:19 +00:00
yangguo@chromium.org	5c186bb197	Evict from optimized code map in sync with removing from optimized functions list. R=ulan@chromium.org Review URL: https://codereview.chromium.org/184443002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 12:27:31 +00:00
bmeurer@chromium.org	70242fe3bb	Fix JSObject::PrintTransitions. BUG=347912 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/183683005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 11:41:07 +00:00
hpayer@chromium.org	38ca2629be	Fix representation generalization for doubles. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/184393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 11:07:10 +00:00
dcarney@chromium.org	98d1cedac4	Get array_function from NativeContext R=mvstanton@chromium.org LOG=N BUG=347528 Review URL: https://codereview.chromium.org/184173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 10:01:27 +00:00
bmeurer@chromium.org	5945f9ebb9	Fix handling of constant global variable assignments. BUG=347904 LOG=y R=hpayer@chromium.org Review URL: https://codereview.chromium.org/184303003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 09:40:12 +00:00
svenpanne@chromium.org	c4e90c15b8	Removed bogus ASSERT. LOG=y BUG=347542 R=yangguo@chromium.org Review URL: https://codereview.chromium.org/183763007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 08:45:07 +00:00
ishell@chromium.org	2ab83cf192	HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included. BUG=347543 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/180803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 17:33:25 +00:00
rafaelw@chromium.org	d9a66ad941	Runtime::RunMicrotask should silent return if no pending microtask work (rather than asserting) R=rossberg@chromium.org, rossberg BUG=347532 Review URL: https://codereview.chromium.org/181013008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 16:49:55 +00:00
verwaest@chromium.org	aa14020bc7	Fix putting of prototype transitions. The length is also subject to GC, just like entry. BUG=347536 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/183193003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 16:07:44 +00:00
jarin@chromium.org	05b98492a4	Handle arguments objects in frame when materializing arguments R=mstarzinger@chromium.org BUG=347262 Review URL: https://codereview.chromium.org/177293009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 15:12:12 +00:00
yangguo@chromium.org	6912a248ca	Fix bogus assertion in SetFastDoubleElements. R=danno@chromium.org BUG=347530 LOG=N Review URL: https://codereview.chromium.org/181433016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 14:45:53 +00:00
mvstanton@chromium.org	b8f8cfabca	Fix for Clusterfuzz issue 343928. The problem was that the debugger didn't expect that a JSFunction could have a GlobalContext, which it can with harmony scoping. BUG=343928 R=yangguo@chromium.org LOG=N Review URL: https://codereview.chromium.org/183103003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 13:25:05 +00:00
ishell@chromium.org	1ae7e8a1e5	Fix for failing asserts in HBoundsCheck code generation on x64: index register should be zero extended. BUG=345820 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/180013002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 16:33:54 +00:00
verwaest@chromium.org	d5caecccc5	Revert "Use stability to only conditionally flush information from the CheckMaps table." R=ishell@chromium.org Review URL: https://codereview.chromium.org/180023002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 16:11:58 +00:00
jkummerow@chromium.org	e7e93cd433	Mark HCompareMap as having Tagged representation BUG=chromium:346636 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/176923013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 15:09:47 +00:00
rossberg@chromium.org	63f1970c6c	Fix crasher in Object.getOwnPropertySymbols R=arv@chromium.org, mstarzinger@chromium.org BUG=346141 LOG=Y Review URL: https://codereview.chromium.org/177883002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 12:01:34 +00:00
bmeurer@chromium.org	77f597d387	Don't eliminate loads with incompatible types or representations. BUG=346343 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/179553002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19536 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:55:50 +00:00
ishell@chromium.org	6c1659becf	Fix for a smi stores optimization on x64 with a regression test. BUG=345715 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/178833002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:55:02 +00:00
dcarney@chromium.org	cb05cff594	negative bounds checking on realm calls R=rossberg@chromium.org LOG=N BUG=344285 Review URL: https://codereview.chromium.org/169393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:15:05 +00:00
jkummerow@chromium.org	37b6fd07c1	Fix optimistic BCE to back off after deopt BUG=v8:3176 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/177523002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-24 13:15:31 +00:00
verwaest@chromium.org	84b366516e	Don't turn objects with empty-string properties into fast-mode. R=ishell@chromium.org Review URL: https://codereview.chromium.org/165743003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-20 16:11:48 +00:00
rossberg@chromium.org	0d34254f8d	Upgrade Symbol implementation to match current ES6 behavior. Refresh the implementation of Symbols to catch up with what the specification now mandates: * The global Symbol() function manufactures new Symbol values, optionally with a string description attached. * Invoking Symbol() as a constructor will now throw. * ToString() over Symbol values still throws, and Object.prototype.toString() stringifies like before. * A Symbol value is wrapped in a Symbol object either implicitly if it is the receiver, or explicitly done via Object(symbolValue) or (new Object(symbolValue).) * The Symbol.prototype.toString() method no longer throws on Symbol wrapper objects (nor Symbol values.) Ditto for Symbol.prototype.valueOf(). * Symbol.prototype.toString() stringifies as "Symbol("<description>"), valueOf() returns the wrapper's Symbol value. * ToPrimitive() over Symbol wrapper objects now throws. Overall, this provides a stricter separation between Symbol values and wrapper objects than before, and the explicit fetching out of the description (nee name) via the "name" property is no longer supported (by the spec nor the implementation.) Adjusted existing Symbol test files to fit current, adding some extra tests for new/changed behavior. LOG=N R=arv@chromium.org, rossberg@chromium.org, arv, rossberg BUG=v8:3053 Review URL: https://codereview.chromium.org/118553003 Patch from Sigbjorn Finne <sigbjornf@opera.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 14:19:42 +00:00
yangguo@chromium.org	139134acc2	Harmony: optimize Math.clz32. R=svenpanne@chromium.org BUG=v8:2938 LOG=N Review URL: https://codereview.chromium.org/172133003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19487 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 13:51:49 +00:00
yangguo@chromium.org	84cf85598d	Harmony: implement Math.cbrt, Math.expm1 and Math.log1p. BUG=v8:2938 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/163563003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 13:49:59 +00:00
ishell@chromium.org	1342cb8b00	Bugfix in check elimination with a regression test. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/172173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 12:34:50 +00:00
rossberg@chromium.org	13d99fe778	ES6: Tighten up Object.prototype.__proto__ The spec requires that we throw under certain conditions. BUG=v8:3064 LOG=y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/103853006 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 11:59:05 +00:00
jkummerow@chromium.org	6e3b81a7b2	Fix Hydrogen bounds check elimination When combining bounds checks, they must all be moved before the first load/store that they are guarding. BUG=chromium:344186 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/172093002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 10:30:39 +00:00
alexandre.rames@arm.com	62116e2c12	A64: Let the MacroAssembler resolve branches to distant targets. Code generation would fail when assembling a branch to a label that is bound outside the immediate range of the instruction. A64 is sensitive to this, as the various branching instructions have different ranges, going down to +-32KB for TBZ/TBNZ. The MacroAssembler is augmented to handle branches to targets that may exceed the immediate range of instructions. When branching backward to a label exceeding the instruction range, the MacroAssembler can simply tweak the generated code to use an unconditional branch with a longer range. For example instead of B(cond, &label); the MacroAssembler can generate: b(InvertCondition(cond), &done); b(&label); bind(&done); Since the target is not known when the branch is emitted, forward branches uses a different mechanism. The MacroAssembler keeps track of forward branches to unbound labels. When the code generation approaches the end of the range of a branch, a veneer is generated for the branch. BUG=v8:3148 LOG=Y R=ulan@chromium.org Review URL: https://codereview.chromium.org/169893002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 13:15:32 +00:00
verwaest@chromium.org	60c08a8bf2	Directly store the transition target on LookupResult in TransitionResult. BUG=chromium:343964 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/170343003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 12:19:32 +00:00
yangguo@chromium.org	be7b023a5c	Harmony: implement Math.clz32 R=dslomov@chromium.org, svenpanne@chromium.org BUG=v8:2938 LOG=N Review URL: https://codereview.chromium.org/169783002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 10:49:35 +00:00
svenpanne@chromium.org	dbce27047e	Fixed and improved code for integral division. Fixed and extended tests. Arithmetic right shifting is not division in two's complement representation, only in one's complement. So we convert to one's complement, shift, and go back to two's complement. By permutating the last steps, one can get efficient branch-free code. This insight comes from the paleozoic era of computer science, see the paper from 1976: Guy Lewis Steele Jr.: "Arithmetic Shifting Considered Harmful" ftp://publications.ai.mit.edu/ai-publications/pdf/AIM-378.pdf This results in better and more correct code than our previous "neg/shift/neg" dance. LOG=y BUG=v8:3151 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/166793002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 10:45:27 +00:00
yangguo@chromium.org	9ffe004ae4	Harmony: implement Math.fround. R=jarin@chromium.org BUG=v8:2938 LOG=N Review URL: https://codereview.chromium.org/169513002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 10:43:06 +00:00
mvstanton@chromium.org	8bcdbc354f	Revert "Add a premonomorphic state to the call target cache." This reverts commit r19402 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/169713002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19412 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-17 14:22:18 +00:00
mvstanton@chromium.org	be731e6c95	Add a premonomorphic state to the call target cache. From a CL by kasperl: https://codereview.chromium.org/162903004/ R=verwaest@chromium.org Review URL: https://codereview.chromium.org/163413003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-17 11:59:45 +00:00
jarin@chromium.org	4c7ed144e1	Comparison in effect context lazy deopt fix. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/163623002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-16 05:51:10 +00:00
ulan@chromium.org	6744ff61ae	Fix dictionary element load to pass correct elements kind. Using FAST_SMI_ELEMENTS triggers optimization on 64-bit architectures that load only the higher 32 bits of the element. If the element is a pointer to undefined that has 0 in the higher half than it is erroneously treated as SMI 0. BUG=v8:3158 LOG=N TEST=mjsunit/sparse-array-reverse,mjsunit/regress/regress-3158.js R=danno@chromium.org, ishell@chromium.org Review URL: https://codereview.chromium.org/166653005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 15:52:24 +00:00
yangguo@chromium.org	68c7523e63	Fix assignment of function name constant. If it's shadowed by a variable of the same name and both are forcibly context-allocated, the function is assigned to the wrong context slot. R=rossberg@chromium.org BUG=v8:3138 LOG=Y Review URL: https://codereview.chromium.org/159903008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 12:40:47 +00:00
jarin@chromium.org	8acefb33fe	Test and fix for polymorphic named call deoptimization. The fix removes wrong simulates from the number branch of polymorphic call/field access handling. The change also fixes the same thing for polymorphic named field access even thourgh the field access is probably safe in practice (because it cannot deoptimize). It is better to keep all our simulates in sync with full codegen. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/166503002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 12:02:39 +00:00
yangguo@chromium.org	a676bc1bbf	Fix typed array error message. R=dslomov@chromium.org BUG=v8:3159 LOG=N Review URL: https://codereview.chromium.org/163293002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 09:33:03 +00:00
verwaest@chromium.org	e0960e19aa	Fix polymorphic inlining of accessors in a test-context. R=ishell@chromium.org Review URL: https://codereview.chromium.org/164003002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-13 16:55:38 +00:00
m.m.capewell@googlemail.com	028ff21445	A64: Fix some int32 accesses in lithium This fixes mjsunit/sin-cos. There are further int32 accesses being investigated. BUG= R=jochen@chromium.org Review URL: https://codereview.chromium.org/163553005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-13 15:49:01 +00:00
ishell@chromium.org	6bb57517c0	Restore of compare-objeq-elim test accidentally removed in r19229. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/162903005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-13 12:22:24 +00:00
rafaelw@chromium.org	6b5a4cdef2	V8 Microtask Queue & API This patch generalizes Object.observe callbacks and promise resolution into a FIFO queue called a "microtask queue". It also exposes new V8 API which exposes the microtask queue to the embedder. In particular, it allows the embedder to -schedule a microtask (EnqueueExternalMicrotask) -run the microtask queue (RunMicrotasks) -control whether the microtask queue is run automatically within V8 when the last script exits (SetAutorunMicrotasks). R=dcarney@chromium.org, rossberg@chromium.org, dcarney, rossberg, svenpanne BUG= Review URL: https://codereview.chromium.org/154283002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 22:04:19 +00:00
verwaest@chromium.org	161b2f689a	Reland: "Use stability to only conditionally flush information from the CheckMaps table." BUG= R=ishell@chromium.org Original CL: https://codereview.chromium.org/153823003 Review URL: https://codereview.chromium.org/153653007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 18:48:12 +00:00
verwaest@chromium.org	7b7e3658f7	Don't propagate information through phis in loop headers. To properly do this, we'd have to iterate over CompareMaps (and their bodies) handling phis, until we have learned enough to decide which paths can be taken. For now, just disable learning from phis in loop headers. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/147023005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 18:30:41 +00:00

... 2 3 4 5 6 ...

2894 Commits