Commit Graph

24257 Commits

Author SHA1 Message Date
littledan
1f61ac5033 In RegExp, lastIndex is read with ToLength, not ToInteger
ES2015 made a change vs ES5, where the "lastIndex" property of a
RegExp (which can be modified by a user to start the next search at
a different location) is cast to an integer with ToLength rather
than ToInteger. The main difference is on negative numbers, and
this is tested by test262. This patch implements that change on
RegExps and enables the test262 test now that it passes.

R=adamk
LOG=Y
BUG=v8:4244

Review URL: https://codereview.chromium.org/1241713004

Cr-Commit-Position: refs/heads/master@{#29715}
2015-07-16 21:55:41 +00:00
adamk
5906ce337c Stage --harmony-new-target
BUG=v8:3887
LOG=y

Review URL: https://codereview.chromium.org/1238693004

Cr-Commit-Position: refs/heads/master@{#29714}
2015-07-16 20:48:33 +00:00
adamk
bd389ec008 Re-ship harmony spread calls and spread arrays
The issue with spread arrays which caused us to turn it off was fixed in
https://chromium.googlesource.com/v8/v8/+/24e98281

BUG=v8:3018
LOG=y

Review URL: https://codereview.chromium.org/1239873002

Cr-Commit-Position: refs/heads/master@{#29713}
2015-07-16 19:44:39 +00:00
bbudge
6113058427 Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29712}
2015-07-16 19:43:32 +00:00
adamk
843b0e29f6 Revert of [turbofan] Ship TF for try-catch statements. (patchset #1 id:1 of https://codereview.chromium.org/1216373002/)
Reason for revert:
Causes gbemu-part1 to time out on Linux dbg builders

http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/3867/
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20code%20serializer/builds/3386/
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20greedy%20allocator/builds/828/

Original issue's description:
> [turbofan] Ship TF for try-catch statements.
>
> R=hablich@chromium.org
> BUG=v8:4131
> LOG=N
>
> Committed: https://crrev.com/1251d02e7bb2a13ae5cf6fda5d3403730d2ae12f
> Cr-Commit-Position: refs/heads/master@{#29708}

TBR=hablich@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4131

Review URL: https://codereview.chromium.org/1234363003

Cr-Commit-Position: refs/heads/master@{#29711}
2015-07-16 19:42:18 +00:00
caitpotter88
dfe2dd835a [parser] use-strict directives in function body affect init block
BUG=
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1234213004

Cr-Commit-Position: refs/heads/master@{#29710}
2015-07-16 16:45:06 +00:00
binji
162f116a91 d8: Leak context_mutex_ so it will never be destroyed while locked
Calling quit() from d8 will call exit(), which will run static destructors. If
context_mutex_ is statically allocated, pthread_mutex_destroy will be called.

When running d8 in "isolates" mode, another thread may be running. If it calls
CreateEvaluationContext, it will lock the context_mutex_. If the mutex is
destroyed while it is locked, it will return an error.

This CL changes the Mutex to a LazyMutex, which will leak instead of being
destroyed.

BUG=v8:4279
R=jarin@chromium.org
R=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1240553003

Cr-Commit-Position: refs/heads/master@{#29709}
2015-07-16 16:40:48 +00:00
mstarzinger
1251d02e7b [turbofan] Ship TF for try-catch statements.
R=hablich@chromium.org
BUG=v8:4131
LOG=N

Review URL: https://codereview.chromium.org/1216373002

Cr-Commit-Position: refs/heads/master@{#29708}
2015-07-16 15:39:44 +00:00
mstarzinger
bdd2be879d [turbofan] Disable one failing debugger test.
TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1242023003

Cr-Commit-Position: refs/heads/master@{#29707}
2015-07-16 15:12:41 +00:00
mstarzinger
0dcba070a9 Remove obsolete %CallSuperWithSpread intrinsic.
The aforementioned intrinsic is no longer needed and can be fully
desugared now that binding assignments to 'this' are explicit.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1234383002

Cr-Commit-Position: refs/heads/master@{#29706}
2015-07-16 15:07:59 +00:00
mstarzinger
07dc66dcd5 Represent implicit 'this' binding by 'super' in AST.
This makes the implicit initializing assignment to 'this' performed
after a super constructor call explicit in the AST. It removes the
need to handle the special case where a CallExpression behaves like a
AssignmentExpression from various AstVisitor implementations.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1226123010

Cr-Commit-Position: refs/heads/master@{#29705}
2015-07-16 14:26:31 +00:00
mbrandy
ecf1c863f3 PPC: Reland Update V8 DEPS.
Port c63e50edc9

Original commit message:
    Rolling v8/tools/clang to 58128abd44c22255def1163d30bc9bb2cc85e15c

    Reland after https://codereview.chromium.org/1241643002/

R=machenbach@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1240833002

Cr-Commit-Position: refs/heads/master@{#29704}
2015-07-16 14:20:16 +00:00
mbrandy
4689f800f0 PPC: Debugger: use debug break slots to break at function exit.
Port fc9c5275c3

Original commit message:
    By not having to patch the return sequence (we patch the debug
    break slot right before it), we don't overwrite it and therefore
    don't have to keep the original copy of the code around.

R=yangguo@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1238503003

Cr-Commit-Position: refs/heads/master@{#29703}
2015-07-16 14:12:07 +00:00
mbrandy
a02f7e6f49 PPC: Switch CallConstructStub to take new.target in register.
Port 1d9d895754

Original commit message:
    This changes the calling convention of the CallConstructStub to take
    the original constructor (i.e. new.target in JS-speak) in a register
    instead of magically via the operand stack. For optimizing compilers
    the operand stack doesn't exist, hence cannot be peeked into.

R=mstarzinger@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1230103004

Cr-Commit-Position: refs/heads/master@{#29702}
2015-07-16 12:59:48 +00:00
hablich
40c38c5a5a Revert of Expose SIMD.Float32x4 type to Javascript. (patchset #14 id:450001 of https://codereview.chromium.org/1219943002/)
Reason for revert:
Seems to brake the latest roll into Chromium: http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_compile_dbg_ng/builds/59796/steps/compile%20%28with%20patch%29/logs/stdio

Original issue's description:
> Expose SIMD.Float32x4 type to Javascript.
> This CL exposes the constructor function, defines type related
> information, and implements value type semantics.
> It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
>
> TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
>
> LOG=Y
> BUG=v8:4124
>
> Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
> Cr-Commit-Position: refs/heads/master@{#29689}

TBR=rossberg@chromium.org,littledan@chromium.org,martyn.capewell@arm.com,bbudge@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review URL: https://codereview.chromium.org/1241533004

Cr-Commit-Position: refs/heads/master@{#29701}
2015-07-16 12:36:11 +00:00
epertoso
f24ebb324a Take the ScriptOrigin into account for CompileFunctionInContext
R=jochen@chromium.org,yangguo@chromium.org
LOG=n
BUG=

Review URL: https://codereview.chromium.org/1233563005

Cr-Commit-Position: refs/heads/master@{#29700}
2015-07-16 12:08:17 +00:00
yangguo
f22a6cfca2 Update OWNERS file.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1230813004

Cr-Commit-Position: refs/heads/master@{#29699}
2015-07-16 11:37:51 +00:00
yangguo
83207b93f4 Debugger: ensure that functions with debug info have code with break slots.
This helps reasoning about setting break points. Functions that
have debug info is also guaranteed to be able to set break points.

R=ulan@chromium.org
BUG=v8:4132
LOG=N

Review URL: https://codereview.chromium.org/1227213003

Cr-Commit-Position: refs/heads/master@{#29698}
2015-07-16 09:38:28 +00:00
yangguo
3a0ee39cbd Debugger: use FrameInspector in ScopeIterator to find context.
In optimized code, it's not guaranteed that the current context
is stored in its frame slot.

R=bmeurer@chromium.org
BUG=v8:4309
LOG=N

Review URL: https://codereview.chromium.org/1239033002

Cr-Commit-Position: refs/heads/master@{#29697}
2015-07-16 09:28:20 +00:00
mstarzinger
b76acef799 [turbofan] Implement super call support in TurboFan.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1238743002

Cr-Commit-Position: refs/heads/master@{#29696}
2015-07-16 08:54:05 +00:00
chunyang.dai
c6d42c7d6c X87: Switch CallConstructStub to take new.target in register.
original commit message:

    This changes the calling convention of the CallConstructStub to take
    the original constructor (i.e. new.target in JS-speak) in a register
    instead of magically via the operand stack. For optimizing compilers
    the operand stack doesn't exist, hence cannot be peeked into.

BUG=

Review URL: https://codereview.chromium.org/1235273003

Cr-Commit-Position: refs/heads/master@{#29695}
2015-07-16 08:53:06 +00:00
chunyang.dai
1d92165049 X87: Debugger: use debug break slots to break at function exit.
port fc9c5275c3 (r29672).

original commit message:

    Debugger: use debug break slots to break at function exit.

    By not having to patch the return sequence (we patch the debug
    break slot right before it), we don't overwrite it and therefore
    don't have to keep the original copy of the code around.

BUG=

Review URL: https://codereview.chromium.org/1236023007

Cr-Commit-Position: refs/heads/master@{#29694}
2015-07-16 08:49:41 +00:00
Ilija.Pavlovic
2bc5a21211 MIPS:
Improved checking target ranges for J and JAL instructions.
Adapted disassembler test for J and JAL instructions.

TEST=cctest/test-disasm-mips[64]
BUG=

Review URL: https://codereview.chromium.org/1237083003

Cr-Commit-Position: refs/heads/master@{#29693}
2015-07-16 08:14:08 +00:00
v8-autoroll
49e54a0259 Update V8 DEPS.
Rolling v8/buildtools to 5215ee866bc3e8eb4a7f124212845abf4029e60b

Rolling v8/tools/clang to 4e7f85d6bc00cb296e34126c822cf57e5e6cf814

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1237553004

Cr-Commit-Position: refs/heads/master@{#29692}
2015-07-16 03:28:33 +00:00
caitpotter88
124d2011ea [cleanup] remove --harmony-classes flag from mjsunit/harmony/new-target
Unknown flag warning is adding unnecessary noise to terminal during
test runs

BUG=
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1236993003

Cr-Commit-Position: refs/heads/master@{#29691}
2015-07-15 22:16:38 +00:00
adamk
9aa1dac802 [api] Deprecate unused Map/Set FromArray factory methods
These were added when I thought they would be useful in Blink, but as
it turned out they were not. They could likely be deleted immediately,
but to play it safe I'll go through the usual deprecation process.

Review URL: https://codereview.chromium.org/1236263004

Cr-Commit-Position: refs/heads/master@{#29690}
2015-07-15 20:18:01 +00:00
bbudge
e5ed3bee99 Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29689}
2015-07-15 19:17:06 +00:00
balazs.kilvady
bb247d4fb4 MIPS: Fix 'Reland Update V8 DEPS.'
Port c63e50edc9

BUG=
TEST=test-disasm-mips/Type

Review URL: https://codereview.chromium.org/1233323002

Cr-Commit-Position: refs/heads/master@{#29688}
2015-07-15 18:59:18 +00:00
brucedawson
b2ed25304e Fix runtime-atomics for Win 10 SDK and remove volatile
For unclear and probably accidental reasons the Windows 10 SDK
renamed some _Interlocked* functions to _InlineInterlocked. This
leads to these errors:

runtime-atomics.cc(159): error C3861: '_InterlockedExchange64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedExchangeAdd64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedAnd64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedOr64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedXor64': identifier not found

Fixing this requires either adding defines to map these five _Interlocked*
functions to _InlineInterlocked*, or else changing to using the
non-underscore versions. It appears that using the non-underscore versions
is preferable so I went that way. This also requires adding three  new
defines because there is a huge lack of consistency, probably due to these
macros being defined sometimes in <intrin.h> and sometimes in <winnt.h>

All five of the renamed 64-bit functions were manually checked to ensure
that the change to the non-underscore versions would make no differences -
the inline functions that they map to were identical. Other functions were
spot-checked.

Also, the 'volatile' qualifiers were removed. Volatile has no no useful
meaning for multi-threaded programming. It only exists in the Interlocked*
prototypes to *allow* volatile variables to be passed. Since this is a bad
habit to encourage there is no reason for us to permit it, and we can
still call the Microsoft functions (T* converts to volatile T*, just not
vice-versa).

The updated code builds with the Windows 8.1 SDK and with the Windows 10 SDK.

R=jarin@chromium.org
LOG=Y
BUG=440500,491424

Review URL: https://codereview.chromium.org/1228063005

Cr-Commit-Position: refs/heads/master@{#29687}
2015-07-15 16:47:54 +00:00
verwaest
99b59d16bf Cleanup element normalization logic
BUG=

Review URL: https://codereview.chromium.org/1241883002

Cr-Commit-Position: refs/heads/master@{#29686}
2015-07-15 15:57:47 +00:00
jkummerow
597af29260 Fix performance regression introduced in r29558
where bound functions started overriding the "name" accessor property with a data property. The bootstrapper must be kept in sync to avoid polymorphism.

BUG=chromium:509983
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1238903002

Cr-Commit-Position: refs/heads/master@{#29685}
2015-07-15 15:56:30 +00:00
adamk
24e982816f Fix spread array inside array literal
During parsing, we now keep track of the first spread seen in an array
literal (if any), and make use of that information when creating the
FixedArray backing store representing the constant elements for array
literal materialization.

The old code tried to do this by setting the generated JSArray's length
in ArrayLiteral::BuildConstantElements(), but that Array length is never
read by the rest of the literal materialization code (it always uses
the length of the FixedArray backing store).

BUG=v8:4298
LOG=n

Review URL: https://codereview.chromium.org/1225223004

Cr-Commit-Position: refs/heads/master@{#29684}
2015-07-15 15:16:13 +00:00
adamk
9c8f78e26f [es6] Fix String.prototype.normalize to properly validate argument
BUG=v8:4302
LOG=n

Review URL: https://codereview.chromium.org/1237873003

Cr-Commit-Position: refs/heads/master@{#29683}
2015-07-15 15:15:14 +00:00
ishell
3bf9935288 Fix broken Variable::IsGlobalObjectProperty() after https://codereview.chromium.org/1218783005
Review URL: https://codereview.chromium.org/1228373011

Cr-Commit-Position: refs/heads/master@{#29682}
2015-07-15 14:42:33 +00:00
mstarzinger
1d9d895754 Switch CallConstructStub to take new.target in register.
This changes the calling convention of the CallConstructStub to take
the original constructor (i.e. new.target in JS-speak) in a register
instead of magically via the operand stack. For optimizing compilers
the operand stack doesn't exist, hence cannot be peeked into.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1237813002

Cr-Commit-Position: refs/heads/master@{#29681}
2015-07-15 14:37:12 +00:00
epertoso
e6e53390cc Let the second pass phantom callbacks run in a separate task on the foreground thread.
R=jochen@chromium.org
LOG=y
BUG=

Review URL: https://codereview.chromium.org/1209403005

Cr-Commit-Position: refs/heads/master@{#29680}
2015-07-15 12:26:11 +00:00
mvstanton
9386b861fd Special printing for type feedback vectors.
Gdb macro jfv on an object will print it as a feedback vector.
Printouts look like this:

DebugPrint: 0x5dc0d2ad: [TypeFeedbackVector]
 - length: 12
 - ics with type info: 3
 - generic ics: 0
 ICSlot 0 CALL_IC MONOMORPHIC
  [4]: 0x5dc0d365 WeakCell for 0x5dc0cd69 <JS Function foo (SharedFunctionInfo 0x5dc0cb0d)>
  [5]: 0x4203c4c1 <Code: HANDLER>
 ICSlot 1 LOAD_IC MONOMORPHIC
  [6]: 0x5dc0d1f5 WeakCell for 0x3a710481 <Map(FAST_HOLEY_SMI_ELEMENTS)>
  [7]: 0x4203a1c1 <Code: HANDLER>
 ICSlot 2 LOAD_IC UNINITIALIZED
  [8]: 0x3060d045 <Symbol: 711234650 <String[20]: uninitialized_symbol>>
  [9]: 0x3060d045 <Symbol: 711234650 <String[20]: uninitialized_symbol>>
 ICSlot 3 LOAD_IC MONOMORPHIC
  [10]: 0x5dc0d3b5 WeakCell for 0x3a710d71 <Map(FAST_HOLEY_ELEMENTS)>
  [11]: 0x4202af01 <Code: HANDLER>

BUG=

Review URL: https://codereview.chromium.org/1225403005

Cr-Commit-Position: refs/heads/master@{#29679}
2015-07-15 12:22:03 +00:00
verwaest
e5c2a69637 Simplify PrepareForDataProperty in the IsElement case
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1237953002

Cr-Commit-Position: refs/heads/master@{#29678}
2015-07-15 12:13:11 +00:00
verwaest
047b4bfbb4 Fix non-standard element handling
BUG=

Review URL: https://codereview.chromium.org/1228113003

Cr-Commit-Position: refs/heads/master@{#29677}
2015-07-15 12:06:31 +00:00
ulan
a9c7712eb8 Add IdleTask API to v8::Platform.
BUG=chromium:490559
LOG=NO

Review URL: https://codereview.chromium.org/1225713003

Cr-Commit-Position: refs/heads/master@{#29676}
2015-07-15 11:51:03 +00:00
bmeurer
199e30d36f [handles] Sanitize Handle and friends.
Bunch of cleanups to allow us to get rid of handles-inl.h at some
point (in the not so far future); but more importantly to sanitize uses
of handles and prepare for handle canonicalization support.

R=yangguo@chromium.org

Committed: https://crrev.com/3283195d0408333cce552cf4087577e6f41054e5
Cr-Commit-Position: refs/heads/master@{#28222}

Committed: https://crrev.com/d940c6d3bcc227b459cb4123d9a8332d9ed0d5f8
Cr-Commit-Position: refs/heads/master@{#29666}

Review URL: https://codereview.chromium.org/1128533002

Cr-Commit-Position: refs/heads/master@{#29675}
2015-07-15 11:05:08 +00:00
rossberg
207fbbbe32 [es6] Implement inner scope for functions with destructuring
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:811
LOG=N

Review URL: https://codereview.chromium.org/1240463002

Cr-Commit-Position: refs/heads/master@{#29674}
2015-07-15 10:59:58 +00:00
machenbach
c63e50edc9 Reland Update V8 DEPS.
Rolling v8/tools/clang to 58128abd44c22255def1163d30bc9bb2cc85e15c

Reland after https://codereview.chromium.org/1241643002/

TBR=jochen@chromium.org, thakis@chromium.org

Review URL: https://codereview.chromium.org/1237793003

Cr-Commit-Position: refs/heads/master@{#29673}
2015-07-15 10:32:03 +00:00
yangguo
fc9c5275c3 Debugger: use debug break slots to break at function exit.
By not having to patch the return sequence (we patch the debug
break slot right before it), we don't overwrite it and therefore
don't have to keep the original copy of the code around.

R=ulan@chromium.org
BUG=v8:4269
LOG=N

Review URL: https://codereview.chromium.org/1234833003

Cr-Commit-Position: refs/heads/master@{#29672}
2015-07-15 09:22:51 +00:00
mvstanton
ae11f20e26 Scoping error caused crash in CallICNexus::StateFromFeedback
A sloppy mode eval call that establishes strict mode will leak that strictness
into the sloppy surrounding scope on recompile. This changes the structure
of the type feedback vector for the function and crashes follow.

The fix is straightforward.

BUG=491536, 503565
LOG=N

Review URL: https://codereview.chromium.org/1231343003

Cr-Commit-Position: refs/heads/master@{#29671}
2015-07-15 09:15:05 +00:00
ishell
48584df5ed Reland "Enable loads and stores to global vars through property cell shortcuts installed into parent script context."
Review URL: https://codereview.chromium.org/1237043006

Cr-Commit-Position: refs/heads/master@{#29670}
2015-07-15 08:53:29 +00:00
machenbach
1964b19663 Revert of [handles] Sanitize Handle and friends. (patchset #5 id:180001 of https://codereview.chromium.org/1128533002/)
Reason for revert:
[Sheriff] Still breaks mac asan:
http://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/2066

Original issue's description:
> [handles] Sanitize Handle and friends.
>
> Bunch of cleanups to allow us to get rid of handles-inl.h at some
> point (in the not so far future); but more importantly to sanitize uses
> of handles and prepare for handle canonicalization support.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/3283195d0408333cce552cf4087577e6f41054e5
> Cr-Commit-Position: refs/heads/master@{#28222}
>
> Committed: https://crrev.com/d940c6d3bcc227b459cb4123d9a8332d9ed0d5f8
> Cr-Commit-Position: refs/heads/master@{#29666}

TBR=yangguo@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1235253007

Cr-Commit-Position: refs/heads/master@{#29669}
2015-07-15 08:05:58 +00:00
ishell
edc61b26b4 Debugger test updated to avoid setting breakpoints into random scripts.
Review URL: https://codereview.chromium.org/1231893007

Cr-Commit-Position: refs/heads/master@{#29668}
2015-07-15 07:42:06 +00:00
adamk
1e146c0708 [es6] JSObject::GetOwnElementKeys should collect String wrapper keys first
This makes Object.getOwnPropertyNames() return the integer keys in the
proper order, following the spec:

http://www.ecma-international.org/ecma-262/6.0/#sec-ordinary-object-internal-methods-and-internal-slots-ownpropertykeys

BUG=v8:4118
LOG=n

Review URL: https://codereview.chromium.org/1228803006

Cr-Commit-Position: refs/heads/master@{#29667}
2015-07-15 07:31:40 +00:00
bmeurer
d940c6d3bc [handles] Sanitize Handle and friends.
Bunch of cleanups to allow us to get rid of handles-inl.h at some
point (in the not so far future); but more importantly to sanitize uses
of handles and prepare for handle canonicalization support.

R=yangguo@chromium.org

Committed: https://crrev.com/3283195d0408333cce552cf4087577e6f41054e5
Cr-Commit-Position: refs/heads/master@{#28222}

Review URL: https://codereview.chromium.org/1128533002

Cr-Commit-Position: refs/heads/master@{#29666}
2015-07-15 07:14:05 +00:00