mvstanton@chromium.org
6115a006fd
Bugfix for 349874: we incorrectly believe we saw a growing store
...
When we set an out of bounds array index, the index might be so large that
it causes the array to go to dictionary mode. It's better to avoid
"learning" that this was a growing store in that case.
This fix also partially reverts a fix for bug 347543, as this fix is
comprehensive and satisfies that repro case as well (partial revert of
v19591).
BUG=349874
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/188643002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 13:07:51 +00:00
jkummerow@chromium.org
5ea3f0004a
Let HTransitionElementsKind take part in RestoreActualValues phase
...
BUG=chromium:349853
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/183753005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:13:49 +00:00
yangguo@chromium.org
285f253af1
Remove outdated assertion scope.
...
R=jkummerow@chromium.org
BUG=349870
LOG=N
Review URL: https://codereview.chromium.org/182003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 11:51:53 +00:00
yangguo@chromium.org
e2e2f4050d
Fix issues with JSON stringify replacer array
...
If the replacer array contains a property key we should include the
property even if the property is non enumerable or if it is a non own
property.
String and Number wrappers in the replacer array should be treated as
string and number values.
R=yangguo@chromium.org
BUG=v8:3200, v8:3201
LOG=Y
Review URL: https://codereview.chromium.org/187053003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:50:53 +00:00
verwaest@chromium.org
7bf33c53eb
Use Representation::Integer32() for smi types on 32-bit-tagged systems.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/187353005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:49:10 +00:00
verwaest@chromium.org
f913c3b492
Also delete force representations that have no uses.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/187773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:47:27 +00:00
jarin@chromium.org
52fd520c96
Fix materialization of captured objects in adapted arguments.
...
R=mstarzinger@chromium.org
BUG=348512
LOG=N
Review URL: https://codereview.chromium.org/183063006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:57:18 +00:00
jarin@chromium.org
7ac668f753
Deoptimization fix for HPushArgument.
...
HPushArgument should never be used in a simulation environment
because the slot addresses for the arguments can be off (e.g.,
due to on-stack arguments object of an inlined caller).
R=mstarzinger@chromium.org
BUG=v8:3183
LOG=N
Review URL: https://codereview.chromium.org/178193026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:45:46 +00:00
jkummerow@chromium.org
3df5573195
x64: Fix LMathMinMax for constant Smi right-hand operands
...
BUG=chromium:349079
LOG=y
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/186593003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 09:49:07 +00:00
yangguo@chromium.org
b1a271a02c
Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique.
...
R=titzer@chromium.org
BUG=348280
LOG=N
Review URL: https://codereview.chromium.org/183383006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 08:08:08 +00:00
ulan@chromium.org
b9e0b87a5a
Clear optimized code cache in shared function info when code gets deoptimized.
...
This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info.
This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js).
This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache.
BUG=343609
LOG=Y
TEST=mjsunit/regress/regress-343609.js
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-03 11:11:39 +00:00
rossberg@chromium.org
5543263c19
Move all Harmony-only tests to harmony/
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/178583005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:26:32 +00:00
ishell@chromium.org
c2601aea8a
Check elimination did not mark some dead blocks.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/180483003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:16:38 +00:00
svenpanne@chromium.org
e9273332ef
Fixed constant folding for Math.clz32.
...
LOG=y
BUG=347906
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184353002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 13:07:10 +00:00
mvstanton@chromium.org
b1ffc7901f
A JSArray may have a filler map in the elements pointer.
...
We already have code that expects this, but incorrectly asserted that the
filler map case would never happen when allocation folding is turned on.
However, even folding has it's limits, bailing out of continued folding
when the object size grows too large. Therefore, it's a general problem
when verifying JSArray objects, that we might encounter a filler map
in elements().
Discovered by ClusterFuzz crbug 347903.
R=hpayer@chromium.org
LOG=N
BUG=347903
Review URL: https://codereview.chromium.org/184493002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:29:19 +00:00
yangguo@chromium.org
5c186bb197
Evict from optimized code map in sync with removing from optimized functions list.
...
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/184443002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:27:31 +00:00
bmeurer@chromium.org
70242fe3bb
Fix JSObject::PrintTransitions.
...
BUG=347912
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/183683005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:41:07 +00:00
hpayer@chromium.org
38ca2629be
Fix representation generalization for doubles.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/184393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:07:10 +00:00
dcarney@chromium.org
98d1cedac4
Get array_function from NativeContext
...
R=mvstanton@chromium.org
LOG=N
BUG=347528
Review URL: https://codereview.chromium.org/184173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 10:01:27 +00:00
bmeurer@chromium.org
5945f9ebb9
Fix handling of constant global variable assignments.
...
BUG=347904
LOG=y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/184303003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 09:40:12 +00:00
svenpanne@chromium.org
c4e90c15b8
Removed bogus ASSERT.
...
LOG=y
BUG=347542
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/183763007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 08:45:07 +00:00
ishell@chromium.org
2ab83cf192
HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included.
...
BUG=347543
LOG=N
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/180803005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 17:33:25 +00:00
verwaest@chromium.org
aa14020bc7
Fix putting of prototype transitions. The length is also subject to GC, just like entry.
...
BUG=347536
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/183193003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 16:07:44 +00:00
jarin@chromium.org
05b98492a4
Handle arguments objects in frame when materializing arguments
...
R=mstarzinger@chromium.org
BUG=347262
Review URL: https://codereview.chromium.org/177293009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 15:12:12 +00:00
yangguo@chromium.org
6912a248ca
Fix bogus assertion in SetFastDoubleElements.
...
R=danno@chromium.org
BUG=347530
LOG=N
Review URL: https://codereview.chromium.org/181433016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 14:45:53 +00:00
mvstanton@chromium.org
b8f8cfabca
Fix for Clusterfuzz issue 343928.
...
The problem was that the debugger didn't expect that a JSFunction could
have a GlobalContext, which it can with harmony scoping.
BUG=343928
R=yangguo@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/183103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 13:25:05 +00:00
ishell@chromium.org
1ae7e8a1e5
Fix for failing asserts in HBoundsCheck code generation on x64: index register should be zero extended.
...
BUG=345820
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/180013002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 16:33:54 +00:00
verwaest@chromium.org
d5caecccc5
Revert "Use stability to only conditionally flush information from the CheckMaps table."
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/180023002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 16:11:58 +00:00
jkummerow@chromium.org
e7e93cd433
Mark HCompareMap as having Tagged representation
...
BUG=chromium:346636
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/176923013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 15:09:47 +00:00
rossberg@chromium.org
63f1970c6c
Fix crasher in Object.getOwnPropertySymbols
...
R=arv@chromium.org , mstarzinger@chromium.org
BUG=346141
LOG=Y
Review URL: https://codereview.chromium.org/177883002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 12:01:34 +00:00
bmeurer@chromium.org
77f597d387
Don't eliminate loads with incompatible types or representations.
...
BUG=346343
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/179553002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19536 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:55:50 +00:00
ishell@chromium.org
6c1659becf
Fix for a smi stores optimization on x64 with a regression test.
...
BUG=345715
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/178833002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:55:02 +00:00
dcarney@chromium.org
cb05cff594
negative bounds checking on realm calls
...
R=rossberg@chromium.org
LOG=N
BUG=344285
Review URL: https://codereview.chromium.org/169393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:15:05 +00:00
jkummerow@chromium.org
37b6fd07c1
Fix optimistic BCE to back off after deopt
...
BUG=v8:3176
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/177523002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-24 13:15:31 +00:00
verwaest@chromium.org
84b366516e
Don't turn objects with empty-string properties into fast-mode.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/165743003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-20 16:11:48 +00:00
ishell@chromium.org
1342cb8b00
Bugfix in check elimination with a regression test.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/172173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 12:34:50 +00:00
jkummerow@chromium.org
6e3b81a7b2
Fix Hydrogen bounds check elimination
...
When combining bounds checks, they must all be moved before the first load/store
that they are guarding.
BUG=chromium:344186
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/172093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 10:30:39 +00:00
verwaest@chromium.org
60c08a8bf2
Directly store the transition target on LookupResult in TransitionResult.
...
BUG=chromium:343964
LOG=N
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/170343003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 12:19:32 +00:00
jarin@chromium.org
4c7ed144e1
Comparison in effect context lazy deopt fix.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/163623002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-16 05:51:10 +00:00
ulan@chromium.org
6744ff61ae
Fix dictionary element load to pass correct elements kind.
...
Using FAST_SMI_ELEMENTS triggers optimization on 64-bit architectures that load
only the higher 32 bits of the element. If the element is a pointer to undefined
that has 0 in the higher half than it is erroneously treated as SMI 0.
BUG=v8:3158
LOG=N
TEST=mjsunit/sparse-array-reverse,mjsunit/regress/regress-3158.js
R=danno@chromium.org , ishell@chromium.org
Review URL: https://codereview.chromium.org/166653005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 15:52:24 +00:00
yangguo@chromium.org
68c7523e63
Fix assignment of function name constant.
...
If it's shadowed by a variable of the same name and both are forcibly
context-allocated, the function is assigned to the wrong context slot.
R=rossberg@chromium.org
BUG=v8:3138
LOG=Y
Review URL: https://codereview.chromium.org/159903008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 12:40:47 +00:00
jarin@chromium.org
8acefb33fe
Test and fix for polymorphic named call deoptimization.
...
The fix removes wrong simulates from the number branch of polymorphic
call/field access handling.
The change also fixes the same thing for polymorphic named field
access even thourgh the field access is probably safe in practice
(because it cannot deoptimize). It is better to keep all our simulates
in sync with full codegen.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/166503002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 12:02:39 +00:00
yangguo@chromium.org
a676bc1bbf
Fix typed array error message.
...
R=dslomov@chromium.org
BUG=v8:3159
LOG=N
Review URL: https://codereview.chromium.org/163293002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 09:33:03 +00:00
verwaest@chromium.org
e0960e19aa
Fix polymorphic inlining of accessors in a test-context.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/164003002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 16:55:38 +00:00
verwaest@chromium.org
161b2f689a
Reland: "Use stability to only conditionally flush information from the CheckMaps table."
...
BUG=
R=ishell@chromium.org
Original CL: https://codereview.chromium.org/153823003
Review URL: https://codereview.chromium.org/153653007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:48:12 +00:00
verwaest@chromium.org
7b7e3658f7
Don't propagate information through phis in loop headers.
...
To properly do this, we'd have to iterate over CompareMaps (and their bodies) handling phis, until we have learned enough to decide which paths can be taken. For now, just disable learning from phis in loop headers.
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/147023005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:30:41 +00:00
verwaest@chromium.org
75432b7696
Revert "Use stability to only conditionally flush information from the CheckMaps table."
...
R=ishell@chromium.org
BUG=
Review URL: https://codereview.chromium.org/137863005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:38:42 +00:00
verwaest@chromium.org
2b7d33572a
Use stability to only conditionally flush information from the CheckMaps table.
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/153823003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:07:41 +00:00
jarin@chromium.org
af29e31a11
Fix for (One|Two)ByteSeqStringSetChar evaluation order/deopt.
...
This makes the evaluation order consistent between full codegen
and Hydrogen (so that deopt does not screw up stack).
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/159983008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 13:31:24 +00:00
ulan@chromium.org
e95bc7eec8
Merge experimental/a64 to bleeding_edge.
...
BUG=v8:3113
LOG=Y
R=jochen@chromium.org , rmcilroy@chromium.org , rodolph.perfetta@arm.com
Review URL: https://codereview.chromium.org/148293020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 09:19:30 +00:00
jarin@chromium.org
21bf99e53e
Fix environment of the optimized version of the _SetValueOf intrinsic.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/158723006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 16:11:53 +00:00
rossberg@chromium.org
e8175a3e9f
Revert "Make Function.length and Function.name configurable properties."
...
Plenty of test failures on test262, Mozilla, Webkit. Will have to investigate.
TBR=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/139983003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 15:29:18 +00:00
rossberg@chromium.org
7317b71f02
Make Function.length and Function.name configurable properties.
...
ES6 makes the Function object properties "length" and "name"
configurable; switch the implementation over to follow that.
Doing so exposed a problem in the handling of non-writable, but
configurable properties backed by foreign callback accessors
internally. As an optimization, if such an accessor property is
re-defined with a new value, its setter was passed the new value
directly, keeping the property as an accessor property. However, this
is not correct should the property be non-writable, as its setter will
then simply ignore the updated value. Adjust the enabling logic for
this optimization accordingly, along with adding a test.
LOG=N
R=rossberg@chromium.org , rossberg
BUG=v8:3045
Review URL: https://codereview.chromium.org/116083006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 14:55:30 +00:00
jarin@chromium.org
476881ce5b
Test and fix for _CallFunction intrinsic deoptimization.
...
I have also cleaned up HOptimizedGraphBuilder::GenerateCallFunction
to use IfBuilder.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/131343013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 12:42:26 +00:00
jarin@chromium.org
eb502fe599
Binary operation deoptimization fix.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/132453009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 09:36:55 +00:00
dslomov@chromium.org
a03d31394c
Check the offset argument of TypedArray.set for fitting into Smi.
...
R=jkummerow@chromium.org
BUG=340125
LOG=Y
Review URL: https://codereview.chromium.org/145623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 09:53:05 +00:00
yangguo@chromium.org
9e70f6a4e7
Fix short-circuiting logical and/or in HOptimizedGraphBuilder.
...
R=jkummerow@chromium.org
BUG=336148
LOG=Y
Review URL: https://codereview.chromium.org/143263022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 14:29:34 +00:00
verwaest@chromium.org
db7124dc28
Return a valid map for PropertyAccessInfos with Boolean type.
...
BUG=340064
LOG=N
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/152603002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 10:20:32 +00:00
jarin@chromium.org
3c2363f4b4
Simpler repro for bug 2989.
...
We do not correctly handle accesses to f.arguments after one
of the argument has changed (where f is crankshafted).
R=machenbach@chromium.org
BUG=v8:2989
LOG=n
Review URL: https://codereview.chromium.org/151403003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:12:58 +00:00
bmeurer@chromium.org
3214cf11ff
Don't crash in Array.join() if the resulting string exceeds the max string length.
...
LOG=y
BUG=336820
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/144533003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18986 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:21:17 +00:00
verwaest@chromium.org
bef13f739c
Fix regression caused by supporting inlining accesses to non-JSObjects
...
TBR=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/150983002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 00:29:04 +00:00
mvstanton@chromium.org
371d6f6a98
We shouldn't throw under FLAG_debug_code, rather abort.
...
Throwing under FLAG_debug_code confuses the rest of our infrastructure
which expects a safe point at the site of call into the runtime
for throw. We were doing that to make a clusterfuzz test happy, but
the better solution is to assert/abort under debug_code, and prevent
clusterfuzz from fuzzing on internal APIs that crash on incorrect
values.
We'll need to alter the fuzzer to turn off fuzzing for:
string-natives.js
lithium/SeqStringSetChar.js
regress/regress-seqstrsetchar-ex3.js
regress/regress-seqstrsetchar-ex1.js
regress/regress-crbug-320922.js
So as to prevent the fuzzer from running
%_OneByteSeqStringSetChar() and
%_TwoByteSeqStringSetChar().
BUG=
R=hpayer@chromium.org , machenbach@chromium.org
Review URL: https://codereview.chromium.org/139903005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18878 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-28 11:53:11 +00:00
verwaest@chromium.org
21532ddfdc
Reland ArrayPop / ArrayPush.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/138443012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:47:53 +00:00
machenbach@chromium.org
cde3ed1fe3
Speed up some mjsunit test cases and clean up test expectations for arm and mips.
...
Many skipped test cases already run very fast. Removing the corresponding expectations.
BUG=
R=jkummerow@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/138503008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:36:45 +00:00
jkummerow@chromium.org
ee4e034d70
Revert broken ArrayPop changes
...
This reverts:
r18749 "Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."",
r18790 "Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.", and
r18798 "MIPS: Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft."
For causing crashes on Canary.
BUG=chromium:337686
LOG=N
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/146003006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 08:32:50 +00:00
hpayer@chromium.org
83a1df2354
Remove Heap::MaxRegularSpaceAllocationSize and use Page::MaxRegularHeapObjectSize instead.
...
BUG=
R=mstarzinger@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/141653016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 13:02:27 +00:00
verwaest@chromium.org
f30330325e
Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/144913003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 13:22:58 +00:00
svenpanne@chromium.org
b4949cfd62
Fixed floor-of-div optimization.
...
We removed an HDiv by hand which was still used by an HChange. The
solution is letting dead code removal do the cleanup.
Removed a fragile "optimization" (looking through an HChange), too,
this obviously never triggered and is hard to get right given all our
global invariants and state/type/... changes.
The repro is a bit tricky, because you need inlining to make our
representations and types disagree in this case.
LOG=y
BUG=334708
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/143903016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 11:54:51 +00:00
machenbach@chromium.org
1864f7388e
Add infrastructure for skipping tests in GC stress mode.
...
Also move the GC stress configuration from the buildbot to the test runner.
BUG=
R=jkummerow@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/141653008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 12:41:25 +00:00
mvstanton@chromium.org
155ef100e9
Fix logic error in assert in IsUndeclaredGlobal()
...
Recent changes in IC logic meant that CallStubs no longer use the Contextual bit. IsUndeclaredGlobal() needed to adjust for that.
In fact, now the CL has morphed to remove the notion of storing contextual state in the IC at all, it just becomes some extra ic state of the load ic. This took some adjustment in harmony code to use the global receiver for certain stores.
Now it's clearer that only LoadICs actually record any information about contextual or not.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/140943002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-17 11:08:24 +00:00
verwaest@chromium.org
53f46c5214
Get rid of ContextualMode for call ICs.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/137083002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 16:15:05 +00:00
jkummerow@chromium.org
be4c1bdac2
Fix test after r18586
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/138063003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 14:00:10 +00:00
jkummerow@chromium.org
1ed94acf0c
Turn Runtime_MigrateInstance into Runtime_TryMigrateInstance
...
because it must not cause lazy deopts because it is called from deferred code that cannot handle lazy deopts.
Hat tip to Ben for doing most of the debugging work, and to Toon for writing the regression test.
BUG=chromium:315252
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/131243003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 13:41:09 +00:00
verwaest@chromium.org
f2245a9cf9
Make the strict-mode calling convention for contextual calls the default one.
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/131663003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 12:04:10 +00:00
ulan@chromium.org
8db7aaa03d
Correctly handle instances without elements in polymorphic keyed load/store.
...
BUG=331416
TEST=mjsunit/regress/regress-331416.js
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/121893003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:57:28 +00:00
ulan@chromium.org
43d1c23e2a
Fix selection of popular pages in store buffer.
...
BUG=331444
TEST=mjsunit/regress/regress-331444.js
LOG=Y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/125983002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:49:37 +00:00
jkummerow@chromium.org
7761059a98
Fix d8's Shell::ReadBuffer after r18227
...
BUG=v8:3085
LOG=N
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/127853003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:48:38 +00:00
mvstanton@chromium.org
fc5834343f
Remove flag track-allocation-sites.
...
The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag.
R=verwaest@chromium.org
Committed: https://code.google.com/p/v8/source/detail?r=18385
Review URL: https://codereview.chromium.org/104923010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 15:58:25 +00:00
ulan@chromium.org
711bcbb0e3
ARM: fix loading of global object in LWrapReceiver.
...
Since r16993 the cp register is handled by registers allocator,
and we cannot assume that the cp always contains the context.
BUG=318420
LOG=Y
TEST=test/mjsunit/regress/regress-318420.js
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/121703002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-27 14:38:00 +00:00
yangguo@chromium.org
2a4be7067c
Refactor the compiling pipeline.
...
Goals:
- easier to read, more suitable identifiers.
- better distinction between compiling optimized/unoptimized code
- compiler does not install code on the function.
- easier to add features (e.g. caching optimized code for osr).
- remove unnecessary code.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/110203002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 14:30:35 +00:00
yangguo@chromium.org
cd7d61cfc2
Fix small spec violation in String.prototype.split.
...
Also slightly extended the test coverage.
R=rossberg@chromium.org
BUG=v8:3026
LOG=Y
Review URL: https://codereview.chromium.org/119093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18405 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 10:01:22 +00:00
yangguo@chromium.org
c61d07e03f
Correctly resolve forcibly context allocated parameters in debug-evaluate.
...
R=ulan@chromium.org
BUG=325676
LOG=Y
Review URL: https://codereview.chromium.org/107243006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 08:37:03 +00:00
rossberg@chromium.org
b882bddcfd
Make a strict function's "name" property non-writable.
...
Set [[Writable]] to false for the "name" property of strict
functions as well, mirroring what non-strict functions have
it as.
LOG=N
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-270142
BUG=270142
Review URL: https://codereview.chromium.org/99203006
Patch from Sigbjorn Finne <sigbjornf@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:06:11 +00:00
hpayer@chromium.org
f583b73b70
Revert "Remove flag track-allocation-sites."
...
This reverts commit 6c430da40efe388035504d3603756aa8c46ed1dc.
BUG=
Review URL: https://codereview.chromium.org/109303006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:04:34 +00:00
mvstanton@chromium.org
e654c88fab
Remove flag track-allocation-sites.
...
The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/104923010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 11:46:31 +00:00
jkummerow@chromium.org
3c76ecd732
Fix switch statements with non-Smi integer labels and no type feedback
...
BUG=chromium:329709
LOG=Y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/98643010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-19 14:25:58 +00:00
yangguo@chromium.org
213b05b5b9
Fix off-by-one error in AstTyper, part 2.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/112933002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-12 15:19:57 +00:00
jkummerow@chromium.org
48ff79a300
Fix polymorphic inlined calls with migrating prototypes
...
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/104793003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-12 14:57:00 +00:00
ulan@chromium.org
cc401095fb
Initialize Date parse cache with SMI instead of double to workaround sharing mutable heap numbers in snapshot.
...
This is the only field in the snapshot that was tracked as double.
R=verwaest@chromium.org
TEST=mjsunit/regress/regress-280531.js
BUG=280531
LOG=Y
Review URL: https://chromiumcodereview.appspot.com/112003005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-11 13:11:44 +00:00
yangguo@chromium.org
5bc64b9fa5
Fix off-by-one error in AstTyper.
...
This causes the first parameter to be confused with the first
stack local when we collect type information.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/105943007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18296 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-11 11:34:09 +00:00
hpayer@chromium.org
75a84eca0b
Added regression test for escape analysis.
...
BUG=
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/99133011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18290 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-10 15:54:20 +00:00
svenpanne@chromium.org
e1db6d86a9
Avoid FP exceptions when doing integer division.
...
BUG=v8:3039
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/104003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-09 10:15:19 +00:00
mvstanton@chromium.org
b807f4f82f
Bugfix: HCheckInstanceType::GetCheckMaskAndTag used an incorrect mask.
...
The mask to check for an internalized string was incorrectly formed. Hat
tip to Weiliang Lin for discovering the bug.
BUG=v8:3038
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/108033002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-06 09:43:07 +00:00
verwaest@chromium.org
8a4df124a4
Fix loop side-effects of deoptimizing loops with a nested live OSR loop.
...
R=titzer@chromium.org
Review URL: https://chromiumcodereview.appspot.com/106723002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 18:31:06 +00:00
verwaest@chromium.org
d4eaae37d1
Check whether the receiver to a keyed-call is actually a heapobject.
...
BUG=325225
LOG=n
R=dslomov@chromium.org
Review URL: https://chromiumcodereview.appspot.com/101863004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-03 17:59:31 +00:00
bmeurer@chromium.org
aa83f2900a
Fix invalid assertion with OSR in BuildBinaryOperation.
...
BUG=v8:3032
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/98623004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 13:12:07 +00:00
mstarzinger@chromium.org
db915fe97e
Handle captured objects in OptimizedFrame::Summarize.
...
R=yangguo@chromium.org
BUG=v8:3029
TEST=mjsunit/regress/regress-3029
LOG=N
Review URL: https://codereview.chromium.org/96773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 12:11:02 +00:00
mvstanton@chromium.org
5ba1304d60
Array builtins need to be prevented from changing frozen objects, and changing structure on sealed objects.
...
BUG=299979
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/80623002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-29 15:22:16 +00:00
yangguo@chromium.org
f235194518
Fix bug in inlining Function.apply.
...
R=jkummerow@chromium.org
BUG=323942
LOG=Y
Review URL: https://codereview.chromium.org/95123003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18135 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:30:17 +00:00
dslomov@chromium.org
7372596615
Ensure that length is Smi in TypedArrayFromArrayLike constructor.
...
R=jkummerow@chromium.org
BUG=324028
LOG=Y
Review URL: https://codereview.chromium.org/94473002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:22:36 +00:00
mstarzinger@chromium.org
d53e38777f
Fix missing bounds check in n-arguments Array constructor.
...
LOG=N
R=mvstanton@chromium.org
BUG=v8:3027
TEST=mjsunit/regress/regress-3027
Review URL: https://codereview.chromium.org/92103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 09:29:57 +00:00
yangguo@chromium.org
ab96631177
Increase precision for base conversion for large integers.
...
R=jkummerow@chromium.org
BUG=v8:3025
LOG=Y
Review URL: https://codereview.chromium.org/88583002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 15:48:13 +00:00
yangguo@chromium.org
afd8e5a305
Speed up long-running test cases.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/85163003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 11:32:39 +00:00
yangguo@chromium.org
4716b292db
Make some ARM test cases faster.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/85473004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 10:43:44 +00:00
yangguo@chromium.org
aa3518a0f3
Make sure files end with exactly one new line and police this in presubmit.
...
The changes are (excluding presubmit.py) mechanical. I added the following
lines after the check and iterated the presubmit script until all errors
went away:
f = open(name, "w");
if contents.endswith('\n\n'):
f.write(contents[0:-1])
else:
f.write(contents + '\n')
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/82803005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 13:50:39 +00:00
ulan@chromium.org
21fb1401bd
Restore saved caller FP registers on stub failure
...
and preserve FP registers on NotifyStubFailure.
In debug mode, clobber FP registers on each runtime call to increase
chances of catching such bugs.
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/78283002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 10:21:47 +00:00
danno@chromium.org
06c7620302
Fixed crashes exposed though fuzzing.
...
The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set.
R=yangguo@chromium.org
TEST=test/mjsunit/regress/regress-320948.js
BUG=chromium:320948
LOG=Y
Review URL: https://codereview.chromium.org/72813004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 16:41:07 +00:00
jkummerow@chromium.org
37443768bf
Fix register trashing in Emit*ByteSeqStringSetChar
...
This is currently not observable without --allow-natives-syntax because all internal usages are safe, but it deserves to be fixed nonetheless.
BUG=chromium:320922
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/67103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 12:59:09 +00:00
mvstanton@chromium.org
bff41483dc
Bugfix: dependent code field in AllocationSite was keeping code objects alive even after context death.
...
BUG=320532
LOG=Y
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/62803008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 10:17:33 +00:00
dslomov@chromium.org
4228132e74
Use mock ArrayBuffer allocator to avoid really allocating 1Gb.
...
R=jkummerow@chromium.org
BUG=v8:3014
LOG=N
Review URL: https://codereview.chromium.org/61623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 14:50:45 +00:00
danno@chromium.org
f27f2fa420
Match max property descriptor length to corresponding bit fields
...
BUG=v8:3010
R=verwaest@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/72333004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 11:44:06 +00:00
jkummerow@chromium.org
c9b41c6995
Limit size of dehoistable array indices
...
LOG=Y
BUG=chromium:319835,chromium:319860
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/74113002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 17:24:10 +00:00
dslomov@chromium.org
7936ca39be
Limit the size for typed arrays to MaxSmi.
...
R=jkummerow@chromium.org
LOG=Y
BUG=319722
Review URL: https://codereview.chromium.org/73943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:37:15 +00:00
dslomov@chromium.org
c01aa1fc1f
Revert "Limit the size for typed arrays to MaxSmi."
...
This reverts commit r17798 for allocating too much memroy in tests.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/74093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:25:51 +00:00
dslomov@chromium.org
09ca1318ab
Limit the size for typed arrays to MaxSmi.
...
R=jkummerow@chromium.org
LOG=Y
BUG=319722
Review URL: https://codereview.chromium.org/73943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:09:56 +00:00
verwaest@chromium.org
341d405301
Reland and fix "Add support for keyed-call on arrays of fast elements"
...
BUG=
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/71783003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 10:52:05 +00:00
bmeurer@chromium.org
2ee5aa951c
Fix missing type feedback check for Generic*String addition.
...
TEST=mjsunit/regress/regress-crbug-318671
BUG=318671
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/67473007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 09:13:36 +00:00
danno@chromium.org
28ed69b8fb
Fix overflow in TypedArray initialization function
...
BUG=chromium:319120
TEST=test/mjsunit/regress/regress-319120.js
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/61753013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17711 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 06:20:48 +00:00
mstarzinger@chromium.org
d5cb83f4aa
Fix invalid reuse of weak global handle in GetScriptWrapper.
...
This fixes a direct usage of a weak global handle in GetScriptWrapper
that just casted it to a strong local handle, while a subsequent GC
might clear it. Handlepocalypse anyone?
R=machenbach@chromium.org
BUG=v8:2988
TEST=mjsunit/regress/regress-2988
Review URL: https://codereview.chromium.org/67273004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-11 16:27:36 +00:00
ulan@chromium.org
bc4ad49b25
Do not add values to HGraph in Lithium.
...
Lithium uses indexes after the maximium value ID in the HGraph as indexes
of virtual registers and assumes that the maximum value ID does not change.
The IsStandardConstant and GetConstantXX functions could add constants to
HGraph, which aliased virtual registers with real values. This could confuse
the register allocator to think that a value in a virtual register is tagged
and to incorrectly set it in the pointer map.
BUG=298269
TEST=mjsunit/regress/regress-298269.js
R=verwaest@chromium.org
Review URL: https://chromiumcodereview.appspot.com/66693002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 14:16:34 +00:00
mstarzinger@chromium.org
59536de77d
Make HCapturedObjects non-deletable for DCE.
...
R=jkummerow@chromium.org
BUG=v8:2987
TEST=mjsunit/regress/regress-2987
Review URL: https://codereview.chromium.org/64433002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 16:07:19 +00:00
yangguo@chromium.org
eb550c6da4
Fix y-umlaut to uppercase.
...
R=dcarney@chromium.org
BUG=v8:2984
Review URL: https://codereview.chromium.org/59853006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 09:08:34 +00:00
yangguo@chromium.org
a5ed9a71c8
Correctly load message from an Error object.
...
R=mstarzinger@chromium.org
BUG=306220
Review URL: https://codereview.chromium.org/46593010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 13:04:51 +00:00
jkummerow@chromium.org
2ebfd6e90e
Add missing negative dictionary lookup to NonexistentHandlerFrontend
...
BUG=v8:2980
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/57433003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-04 14:14:09 +00:00
jkummerow@chromium.org
316271fc35
Fix uint32-to-smi conversion in Lithium
...
BUG=chromium:309623
R=vegorov@google.com , yangguo@chromium.org
Review URL: https://codereview.chromium.org/54393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-31 10:18:51 +00:00
yangguo@chromium.org
3f1a833524
Do not remove HAdd with zero if the other operand is a double.
...
The other operand might be minus zero, and -0 + 0 = +0
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/52173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17432 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-30 10:22:52 +00:00
jkummerow@chromium.org
9e88c23cbf
ia32: Fix comparisons of two constant double operands when exactly one of them is in new space.
...
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/46883008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-29 14:34:07 +00:00
yangguo@chromium.org
7dd2d6c590
Reland "Make Array.prototype.pop throw if the last element is not configurable."
...
This relands r17346.
R=machenbach@chromium.org
BUG=311164
Review URL: https://codereview.chromium.org/43923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-25 11:55:56 +00:00
svenpanne@chromium.org
7fb61a78d4
Tune mjsunit/regress/regress-2612.
...
Lower the bounds to something bearable which would still timeout if we
used a quadratic algorithm.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/39863003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 13:07:16 +00:00
svenpanne@chromium.org
f2122438e0
Removed long-running obselete test case.
...
The test was the 2nd longest-running test case in debug mode, and the
stuff it tests has already been moved long ago to some other place,
which is in turn heavily tested by far simpler and faster things
(%TruncateString etc.).
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/39233003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 08:09:32 +00:00
yangguo@chromium.org
0f564cb1b0
Revert "Make Array.prototype.pop throw if the last element is not configurable."
...
This reverts commit r17346.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/39593002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 07:48:23 +00:00
yangguo@chromium.org
e25920da19
Make Array.prototype.pop throw if the last element is not configurable.
...
Popping an element from an array should call [[Delete]] internal method
and pass true as the second argument (ECMA-262/5.1/#sec-15.4.4.6).
When the last element can't be deleted, throw a Type Error.
Not throwing the error would result in endless loop in the following test.
TEST=var a=[];Object.defineProperty(a,0,{});while(a.length)a.pop();
By the way fix another bug, or else i can't post any issues.
"presubmit.py" throw a "missing a correct copyright header" on windows.
Both the slash and the backslash are valid path separator on windows.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/29513004
Patch from Yanagi <admin@web-tinker.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 16:19:24 +00:00
jkummerow@chromium.org
8259439ae8
Fix HObjectAccess for loads from migrating prototypes
...
BUG=chromium:305309
R=danno@chromium.org
Review URL: https://codereview.chromium.org/35173005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17345 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 15:15:15 +00:00
svenpanne@chromium.org
dd74f5aa08
Removed obsolete unit tests.
...
As discussed offline, these tests don't test what they were supposed to
test anymore and were the longest running ones.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/32433009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-22 11:26:07 +00:00
mstarzinger@chromium.org
0a2b4ecdcc
Add regression test for optimized count operation.
...
This is a regression test for a bug with handling of count operations
that target a JavaScript accessor on the prototype chain in Crankshaft.
R=jkummerow@chromium.org
BUG=chromium:306851
TEST=mjsunit/regress/regress-crbug-306851
Review URL: https://codereview.chromium.org/27702002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-17 12:48:28 +00:00
dslomov@chromium.org
5ccd697875
Do not look up ArrayBuffer on global object in typed array constructor.
...
BUG=v8:2931
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/27238009
Patch from Ben Noordhuis <info@bnoordhuis.nl>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 11:27:12 +00:00
yangguo@chromium.org
71ba8c5fb4
Retire concurrent recompilation delay for non-stress testing.
...
Instead, we block concurrent recompilation until unblocked. This makes
affected tests more predictable and run shorter.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/26758003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-14 14:15:22 +00:00
mstarzinger@chromium.org
f878c1c359
Fix pre-parsing of 'use strict' directive after string literals.
...
R=ulan@chromium.org
TEST=mjsunit/regress/regress-parse-use-strict
Review URL: https://codereview.chromium.org/27025002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-11 14:03:54 +00:00
olivf@chromium.org
4b6d0e33f2
Only set binary operation side effects flags, when observable.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/26712002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 16:49:25 +00:00
mstarzinger@chromium.org
63d8abb6c6
Unify and fix checkers for duplicate object literal properties.
...
R=ulan@chromium.org
TEST=preparser/duplicate-property,mjsunit/regress/regress-parse-object-literal
Review URL: https://codereview.chromium.org/26375004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 11:58:16 +00:00
verwaest@chromium.org
7e0ea6ab46
Only fold polymorphic into monomorphic load if all load from either receiver or same prototype.
...
R=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/25718002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-02 13:24:08 +00:00
olivf@chromium.org
d268078ce0
Fix flaky parallel recompilation test.
...
On very rare circumstances parallel recompilation would install
the optimized method earlier than expected and the test would fail.
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/24495005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-25 08:23:14 +00:00
olivf@chromium.org
6fc2875d51
Fix Environment size mismatch in r6849.
...
TBR=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/23983043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-20 08:34:23 +00:00
yangguo@chromium.org
cb10ceb19d
Reland "Clean up after r16292 (disable optimization for StringWrappers)."
...
BUG=
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/23619036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 16:17:58 +00:00
yangguo@chromium.org
ad25a2969d
Revert "Clean up after r16292 (disable optimization for StringWrappers)."
...
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/23600040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 11:15:12 +00:00
yangguo@chromium.org
996813cca2
Clean up after r16292 (disable optimization for StringWrappers).
...
R=jochen@chromium.org
BUG=v8:2855
Review URL: https://codereview.chromium.org/22891028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 10:55:57 +00:00
titzer@chromium.org
49d9555a97
Generate a custom OSR entrypoint for OSR compiles on all platforms, and transition to optimized code using the special entrypoint, instead of through the deoptimizer. Do not install the OSR compiled code as _the_ optimized code for a function.
...
Remove OSR-related stuff from deoptimizer.
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/21340002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-09 16:34:40 +00:00
jkummerow@chromium.org
daee0d83db
Fix bitwise negation on x64
...
BUG=chromium:285355
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/24037003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-06 15:21:38 +00:00
yangguo@chromium.org
d9659da6f4
Fix bug in regexp result object construction.
...
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/23548018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-05 14:32:49 +00:00
verwaest@chromium.org
b41a7b9cea
Properly close the CountOperation value/effect context after leaving the store effect context.
...
R=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/23897003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-05 12:33:14 +00:00