dcarney@chromium.org
62fc099334
fix bad access check check
...
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/195163002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 15:12:47 +00:00
rossberg@chromium.org
3f702d4bf9
Mode clean-up pt 1: rename classic/non-strict mode to sloppy mode
...
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/177683002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 14:39:08 +00:00
yangguo@chromium.org
6e1507331e
Fix bug in constant folding object comparisons.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/195063002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 13:34:01 +00:00
yangguo@chromium.org
dda0aa88b0
Revert "Mark mjsunit/string-case as flaky."
...
This reverts r19760 since the issue has been fixed in r19755.
R=dslomov@google.com , dslomov@chromium.org
BUG=v8:3208
LOG=N
Review URL: https://codereview.chromium.org/194823002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 11:38:53 +00:00
mvstanton@chromium.org
819d9f62d0
Fix for 350887: CHECK failure on new_length->IsSmi()
...
In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to
optimize setting array length if the new length is a smi. However, we
refuse to set an array length to less than the index of the highest
non-configurable array element. This index may be outside of smi range.
Handle this case accordingly.
BUG=350887
LOG=N
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/194803002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 10:30:10 +00:00
yangguo@chromium.org
1634e7de38
Fix assertion in RegExp parser to correctly expect stack overflow.
...
Advance() always checks for stack overflow. If stack indeed overflowed,
current() would hold the kEndMarker. ParseOctalLiteral does not expect
this in the assertion, which causes assertion failure.
R=mvstanton@chromium.org
BUG=350865
LOG=N
Review URL: https://codereview.chromium.org/192773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 15:52:10 +00:00
yangguo@chromium.org
e25d51cc85
Fix constant folding of %_IsMinusZero.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/190793015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 15:06:54 +00:00
dslomov@chromium.org
9eefbda27f
Mark mjsunit/string-case as flaky.
...
BUG=v8:3208
LOG=N
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/192573004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 14:52:05 +00:00
yangguo@chromium.org
78d23e5662
Implement KnownSuccessor method to some control instructions.
...
R=jkummerow@chromium.org
BUG=v8:3118
LOG=N
Review URL: https://codereview.chromium.org/174863002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 14:50:01 +00:00
verwaest@chromium.org
1180803953
Reland and fix "Allow ICs to be generated for own global proxy."
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/176793003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:23:05 +00:00
rossberg@chromium.org
710ee827b5
Promise.all and Promise.race should reject non-array parameter.
...
Promise.all and Promise.race should reject the returned Promise if an
invalid parameter is given.
Since they don't support iterable now, they should reject the Promise
if a non-array parameter is given.
BUG=347453
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/182613003
Patch from Yutaka Hirano <yhirano@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:01:06 +00:00
bmeurer@chromium.org
bf86e624d4
Reland "Handle non-power-of-2 divisors in division-like operations".
...
Fixed the flooring div bug and added a test case.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/191293012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 10:39:17 +00:00
rafaelw@chromium.org
6503dfb72b
Reland "Enable Object.observe by default"
...
Original Issue: https://codereview.chromium.org/183683022/
TBR=rossberg
BUG=v8:2409
LOG=Y
Review URL: https://codereview.chromium.org/189513010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 04:41:06 +00:00
rafaelw@chromium.org
0cc44c14e5
Revert "Enable Object.observe by default"
...
TBR=rossberg
BUG=
Review URL: https://codereview.chromium.org/190853007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 03:54:42 +00:00
rafaelw@chromium.org
dcf9842e07
Enable Object.observe by default
...
R=rossberg@chromium.org , rossberg
BUG=v8:2409
LOG=Y
Review URL: https://codereview.chromium.org/183683022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 02:47:53 +00:00
yangguo@chromium.org
4f15fd2977
Reland "Introduce intrinsics for double values in Javascript."
...
This relands r19704 with a fix to the test case.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/189823003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 14:58:41 +00:00
ulan@chromium.org
06af80d42d
Introduce Runtime_GetAllScopesDetails to get all scopes at once for a frame.
...
This will reduce heavy ScopeIterator instantiations.
Once incorporated into chromium, will give 30% speed boost.
BUG=chromium:340285
LOG=Y
R=ulan@chromium.org , Yang, rossberg, ulan
Review URL: https://codereview.chromium.org/181063008
Patch from Andrey Adaykin <aandrey@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:03:35 +00:00
yangguo@chromium.org
143902bebf
Revert "Introduce intrinsics for double values in Javascript."
...
This reverts r19704.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/189533008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:49:28 +00:00
verwaest@chromium.org
8a3d715250
Revert "Use Representation::Integer32() for smi types on 32-bit-tagged systems."
...
Due to performance regression.
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/189843006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:29:07 +00:00
yangguo@chromium.org
2aefde4443
Introduce intrinsics for double values in Javascript.
...
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/178583006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:05:10 +00:00
yangguo@chromium.org
ea8368f471
Use fast path for sliced and external strings in ConvertCase.
...
R=dcarney@chromium.org
BUG=v8:3180
LOG=N
Review URL: https://codereview.chromium.org/180063002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 08:36:18 +00:00
ishell@chromium.org
997ce05289
Fix for failing asserts in HBoundsCheck code generation on x64: use proper cmp operation width instead of asserting that Integer32 values should be zero extended. Similar to chromium:345820.
...
BUG=349465
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/188703002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 16:22:47 +00:00
jkummerow@chromium.org
1cc0bafc07
Fix HConstants with Smi-ranged HeapNumber values
...
BUG=chromium:349878
LOG=y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/186123003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 16:21:09 +00:00
ulan@chromium.org
5af7d10af5
Mark mjsunit/whitespaces as slow and timeout for a64.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/182253008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 14:15:40 +00:00
mvstanton@chromium.org
6115a006fd
Bugfix for 349874: we incorrectly believe we saw a growing store
...
When we set an out of bounds array index, the index might be so large that
it causes the array to go to dictionary mode. It's better to avoid
"learning" that this was a growing store in that case.
This fix also partially reverts a fix for bug 347543, as this fix is
comprehensive and satisfies that repro case as well (partial revert of
v19591).
BUG=349874
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/188643002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 13:07:51 +00:00
verwaest@chromium.org
cd6f3ef088
Only use the non-strict-arguments-stub if the store site is non-strict.
...
BUG=349874
LOG=N
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/176843018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:19:06 +00:00
jkummerow@chromium.org
5ea3f0004a
Let HTransitionElementsKind take part in RestoreActualValues phase
...
BUG=chromium:349853
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/183753005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:13:49 +00:00
yangguo@chromium.org
285f253af1
Remove outdated assertion scope.
...
R=jkummerow@chromium.org
BUG=349870
LOG=N
Review URL: https://codereview.chromium.org/182003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 11:51:53 +00:00
yangguo@chromium.org
e2e2f4050d
Fix issues with JSON stringify replacer array
...
If the replacer array contains a property key we should include the
property even if the property is non enumerable or if it is a non own
property.
String and Number wrappers in the replacer array should be treated as
string and number values.
R=yangguo@chromium.org
BUG=v8:3200, v8:3201
LOG=Y
Review URL: https://codereview.chromium.org/187053003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:50:53 +00:00
verwaest@chromium.org
7bf33c53eb
Use Representation::Integer32() for smi types on 32-bit-tagged systems.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/187353005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:49:10 +00:00
verwaest@chromium.org
f913c3b492
Also delete force representations that have no uses.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/187773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:47:27 +00:00
jarin@chromium.org
52fd520c96
Fix materialization of captured objects in adapted arguments.
...
R=mstarzinger@chromium.org
BUG=348512
LOG=N
Review URL: https://codereview.chromium.org/183063006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:57:18 +00:00
jarin@chromium.org
7ac668f753
Deoptimization fix for HPushArgument.
...
HPushArgument should never be used in a simulation environment
because the slot addresses for the arguments can be off (e.g.,
due to on-stack arguments object of an inlined caller).
R=mstarzinger@chromium.org
BUG=v8:3183
LOG=N
Review URL: https://codereview.chromium.org/178193026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:45:46 +00:00
yangguo@chromium.org
26e4f4cc1c
Handle exception when retrieving toJSON function in JSON.stringify.
...
R=mvstanton@chromium.org
BUG=349335
LOG=N
Review URL: https://codereview.chromium.org/187603002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 10:54:35 +00:00
jkummerow@chromium.org
3df5573195
x64: Fix LMathMinMax for constant Smi right-hand operands
...
BUG=chromium:349079
LOG=y
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/186593003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 09:49:07 +00:00
mstarzinger@chromium.org
ee8cbc4fc8
Fix issue with setting __proto__ on a value
...
LOG=N
BUG=v8:3172
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/174113003
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 08:58:38 +00:00
verwaest@chromium.org
1aeaeb2b90
Allow objects with "" properties to stay fast.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/184453003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 12:43:05 +00:00
yangguo@chromium.org
b1a271a02c
Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique.
...
R=titzer@chromium.org
BUG=348280
LOG=N
Review URL: https://codereview.chromium.org/183383006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 08:08:08 +00:00
ulan@chromium.org
b9e0b87a5a
Clear optimized code cache in shared function info when code gets deoptimized.
...
This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info.
This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js).
This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache.
BUG=343609
LOG=Y
TEST=mjsunit/regress/regress-343609.js
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-03 11:11:39 +00:00
rossberg@chromium.org
5543263c19
Move all Harmony-only tests to harmony/
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/178583005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:26:32 +00:00
ishell@chromium.org
c2601aea8a
Check elimination did not mark some dead blocks.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/180483003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:16:38 +00:00
svenpanne@chromium.org
e9273332ef
Fixed constant folding for Math.clz32.
...
LOG=y
BUG=347906
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184353002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 13:07:10 +00:00
jochen@chromium.org
ba981e58d5
Make a64.release a quickcheck target
...
I marked all tests as slow that take more than a minute on my machine.
With this, a64.release.quickcheck takes two minutes which is about as
fast as arm.optdebug.quickcheck.
BUG=none
R=ulan@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/183763008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:46:13 +00:00
mvstanton@chromium.org
b1ffc7901f
A JSArray may have a filler map in the elements pointer.
...
We already have code that expects this, but incorrectly asserted that the
filler map case would never happen when allocation folding is turned on.
However, even folding has it's limits, bailing out of continued folding
when the object size grows too large. Therefore, it's a general problem
when verifying JSArray objects, that we might encounter a filler map
in elements().
Discovered by ClusterFuzz crbug 347903.
R=hpayer@chromium.org
LOG=N
BUG=347903
Review URL: https://codereview.chromium.org/184493002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:29:19 +00:00
yangguo@chromium.org
5c186bb197
Evict from optimized code map in sync with removing from optimized functions list.
...
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/184443002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:27:31 +00:00
bmeurer@chromium.org
70242fe3bb
Fix JSObject::PrintTransitions.
...
BUG=347912
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/183683005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:41:07 +00:00
hpayer@chromium.org
38ca2629be
Fix representation generalization for doubles.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/184393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:07:10 +00:00
dcarney@chromium.org
98d1cedac4
Get array_function from NativeContext
...
R=mvstanton@chromium.org
LOG=N
BUG=347528
Review URL: https://codereview.chromium.org/184173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 10:01:27 +00:00
bmeurer@chromium.org
5945f9ebb9
Fix handling of constant global variable assignments.
...
BUG=347904
LOG=y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/184303003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 09:40:12 +00:00
svenpanne@chromium.org
c4e90c15b8
Removed bogus ASSERT.
...
LOG=y
BUG=347542
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/183763007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 08:45:07 +00:00