AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
6,266 Commits 1 Branch 0 Tags 839 MiB
670f947a5c
Commit Graph

1032 Commits

Author SHA1 Message Date
rossberg@chromium.org
670f947a5c Implement set trap for proxies, and revamp class hierarchy in preparation: 
- Introduce a class JSReceiver, that is a common superclass of JSObject and
  JSProxy. Use JSReceiver where appropriate (probably lots of places that we
  still have to migrate, but we will find those later with proxy test suite).

- Move appropriate methods to JSReceiver class (SetProperty,
  GetPropertyAttribute, Get/SetPrototype, Lookup, and so on).

- Introduce new JSFunctionProxy subclass of JSProxy. Currently only a stub.

- Overhaul enum InstanceType:
  * Introduce FIRST/LAST_SPEC_OBJECT_TYPE that ranges over all types that
    represent JS objects, and use that consistently to check language types.
  * Rename FIRST/LAST_JS_OBJECT_TYPE and FIRST/LAST_FUNCTION_CLASS_TYPE
    to FIRST/LAST_[NON]CALLABLE_SPEC_OBJECT_TYPE for clarity.
  * Eliminate the overlap over JS_REGEXP_TYPE.
  * Also replace FIRST_JS_OBJECT with FIRST_JS_RECEIVER, but only use it where
    we exclusively talk about the internal representation type.
  * Insert JS_PROXY and JS_FUNCTION_PROXY in the appropriate places.

- Fix all checks concerning classification, especially for functions, to
  use the CALLABLE_SPEC_OBJECT range (that includes funciton proxies).

- Handle proxies in SetProperty (that was the easiest part :) ).

- A few simple test cases.

R=kmillikin@chromium.org

Review URL: http://codereview.chromium.org/6992072

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-31 16:38:40 +00:00
ager@chromium.org
544191e718 Update apply with arguments optimization for strict mode functions and builtins. 
Do not convert to object for values for strict-mode functions and
builtins.

R=ricow@chromium.org
BUG=v8:1412
TEST=mjsunit/regress/regress-1412.js

Review URL: http://codereview.chromium.org/7096006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-31 10:38:41 +00:00
ager@chromium.org
a01b45df58 Fix a number of tests that incorrectly used assertUnreachable. 
Our testing infrastructure uses exceptions to indicate
errors. assertUnreachable therefore throws an exception to indicate
that it was reached. Therefore, it cannot be used to check that an
exception was thrown using the pattern:

try {
  shouldThrow();
  assertUnreachable();
} catch(e) {
}

Such a test will always pass because assertUnreachable will throw an
exception if shouldThrow does not.

R=ricow@chromium.org

Review URL: http://codereview.chromium.org/7053035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-31 08:08:42 +00:00
ager@chromium.org
bfa2ef1f11 Fix receiver for calls to strict-mode and builtin functions that are 
potentially shadowed by eval.

R=sgjesse@chromium.org
TEST=mjsunit/regress/regress-124.js

Review URL: http://codereview.chromium.org/7096004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-31 07:57:22 +00:00
ager@chromium.org
017935408d Reapply change to Pass undefined to JS builtins when called with 
implicit receiver.

A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.

R=fschneider@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js

Review URL: http://codereview.chromium.org/7085034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-30 13:49:22 +00:00
ager@chromium.org
cc4a2d7e76 Fix a number of IC stubs to correctly set the call kind. 
Make the call kind and call wrapper arguments explicit to force
developers to make a choice. This would have avoided the bug in the
first case.

R=fschneider@chromium.org
TEST=mjsunit/strict-mode-implicit-receiver.js

Review URL: http://codereview.chromium.org/7086029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-30 13:23:17 +00:00
fschneider@chromium.org
5083dec67f Fix timeout and a small bug in a regression test. 
Review URL: http://codereview.chromium.org/7085031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-30 12:48:35 +00:00
fschneider@chromium.org
e0985887bf Simple support for const variables in Crankshaft. 
The approach is to handle the common case in the optimizing
compiler and to bailout for the rare corner cases.

This is done by initializing all local const-variables with
the hole value and disallowing any use of the hole value statically.
Review URL: http://codereview.chromium.org/6026006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8104 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-30 11:31:41 +00:00
sandholm@chromium.org
ba229754ea Fix JSON issue with arrays. 
Review URL: http://codereview.chromium.org/7089003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8100 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-30 10:47:38 +00:00
ricow@chromium.org
7eb6f5c1ba Correctly set the length of string before creating filler object in the json parser (fixes crbug 84186). 
Testcase created based on the supplied test case from the bug report, but using json parse directly instead of through the chrome javascript console. 
Review URL: http://codereview.chromium.org/7084023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-30 06:04:36 +00:00
danno@chromium.org
c2394e0a71 Prevent deopt on double value assignment to typed arrays 
Implement truncation of double and tagged values when assigning to an element of a typed arrays in order to avoid depots.

BUG=1313
TEST=test/mjsunit/external-array.js

Review URL: http://codereview.chromium.org/6961019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 12:07:22 +00:00
ager@chromium.org
c832c467a4 Revert "Pass undefined to JS builtins when called with implicit receiver." 
Presubmit and failing test.

TBR=lrn@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7071009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8075 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 11:22:29 +00:00
kmillikin@chromium.org
f8b01f369e Add a simple test for inlining of arguments accesses. 
R=whesse@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7062018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 11:17:15 +00:00
ager@chromium.org
19b718fe73 Pass undefined to JS builtins when called with implicit receiver. 
A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.

R=lrn@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js

Review URL: http://codereview.chromium.org/7068009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 11:07:48 +00:00
lrn@chromium.org
02c4e8bfcb Make RegExp objects not callable. 
Review URL: http://codereview.chromium.org/6930006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 07:35:09 +00:00
erik.corry@gmail.com
fbf76fc86a Fix GC-unsafe corner case in bit-not on ARM 
Review URL: http://codereview.chromium.org/6987009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8055 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-25 10:35:00 +00:00
ricow@chromium.org
f675db651d Change calls to undefined property setters to not throw (fixes issue 1355). 
We currently throw when there is only a getter defined on the
property, but this should only be the case in strict mode.
Review URL: http://codereview.chromium.org/7064027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-25 08:37:38 +00:00
ager@chromium.org
6f775f2fb0 Fix calls of strict mode function with an implicit receiver. 
Only IA32 version for now. I'll start porting.

Strict mode functions are to get 'undefined' as the receiver when
called with an implicit receiver. Modes are bad! It forces us to have
checks on all function calls.

This change attempts to limit the cost by passing information about
whether or not a call is with an implicit or explicit receiver in ecx
as part of the calling convention. The cost is setting ecx on all
calls and checking ecx on entry to strict mode functions.

Implicit/explicit receiver state has to be maintained by ICs. Various
stubs have to not clobber ecx or save and restore it.

CallFunction stub needs to check if the receiver is implicit when it
doesn't know from the context.

Review URL: http://codereview.chromium.org/7039036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 14:01:36 +00:00
sgjesse@chromium.org
eff2946b9b Handle changes to the Object prototype in fast handling of arrays 
R=ager@chromium.org

BUG=v8:1403
TEST=test/mjsunit/regress/regress-1403.js

Review URL: http://codereview.chromium.org//7067019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 12:28:10 +00:00
ricow@chromium.org
ab67432ed0 Change strict mode poison pill to be the samme type error function (fixes issue 1387). 
We are now following the spec, and with regards to the error message we are following firefox (webkit still has different type errors in their nightly)
Review URL: http://codereview.chromium.org/7067017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 11:07:06 +00:00
sgjesse@chromium.org
fbd106d9cd MIPS: arch-independent changes to support mips. 
This change supports all non-crankshaft features except serialization.

This must be built after the changes in http://codereview.chromium.org/6966031
are landed.

BUG=
TEST=

Review URL: http://codereview.chromium.org//7039058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 07:56:20 +00:00
danno@chromium.org
780df33019 SMI checks for receiver in KeyedLoad/Store (done right this time) 
R=ager@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7059013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7998 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-23 13:42:33 +00:00
sgjesse@chromium.org
825a433900 Add regression test for issue 1401 
R=ager@chromium.org

BUG=v8:1401
TEST=test/regress/regress-1401.js

Review URL: http://codereview.chromium.org//7062002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-23 13:03:45 +00:00
ager@chromium.org
98778dc802 Remove execScript from V8. No longer present i neither Firefox nor Safari. 
R=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7046002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-19 08:10:27 +00:00
vegorov@chromium.org
7fba506f23 Add regression test for http://crbug.com/82769 
Review URL: http://codereview.chromium.org/7034025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-18 12:46:21 +00:00
fschneider@chromium.org
66911961cf Fix bug in optimized compiler's switch-statement. 
In the case where the default-clause occurs as the first clause,
the case-blocks were not wired up correctly.

BUG=v8:1394
TEST=mjsunit/compiler/regress-1394.js
Review URL: http://codereview.chromium.org/7037023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-18 11:06:07 +00:00
whesse@chromium.org
0eca2b4fc1 Fix error in postfix ++ in Crankshaft. 
Add HForceRepresentation, to represent the implicit ToNumber applied to the input of a count operation.

BUG=v8:1389

TEST=

Review URL: http://codereview.chromium.org/7033008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-17 11:41:59 +00:00
danno@chromium.org
daa1be1226 Support conversion of clamped double values for pixel arrays in Crankshaft. 
BUG=1313
TEST=test/mjsunit/external-array.js

Review URL: http://codereview.chromium.org/7014033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-16 14:10:56 +00:00
sgjesse@chromium.org
230a56abda Limit the number of local variables in a function 
Review URL: http://codereview.chromium.org//7003030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-16 08:27:52 +00:00
ricow@chromium.org
964dbff40d Only send null or undefined as receiver for es5 natives, not generally 
for builtin functions.
Review URL: http://codereview.chromium.org/7012012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-13 07:26:44 +00:00
ager@chromium.org
8a0b1f5bc9 Allow closures to be optimized if outer contexts that call eval are all in strict mode. 
R=kmillikin@chromium.org
BUG=
TEST=mjsunit/compiler/eval-introduced-closure.js

Review URL: http://codereview.chromium.org/6993008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-11 11:26:11 +00:00
ricow@chromium.org
7f8a918f08 Allow strict mode flag as extraicstate for keyed external array store ic 
We currently hit an assertion in computeflags, but the extra_ic_state is used to pass the strict mode flag in.

BUG: 1383
Review URL: http://codereview.chromium.org/7003022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-11 08:53:46 +00:00
jkummerow@chromium.org
944a388412 Avoid using a register for constant external array indices. 
This CL is based on and obsoletes CL 6879037.

TEST=mjsunit/external-array.js

Review URL: http://codereview.chromium.org/6902112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-10 15:25:17 +00:00
jkummerow@chromium.org
1eedd8056d Fix timeout of test regress-1118.js 
TEST=mjsunit/regress/regress-1118.js no longer times out when run in the ARM simulator.

Review URL: http://codereview.chromium.org/6994010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-10 15:07:30 +00:00
jkummerow@chromium.org
89c64653bf Expose optimization info via runtime functions 
TEST=mjsunit/assert-opt-and-deopt.js

Review URL: http://codereview.chromium.org/6879108

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-09 08:58:57 +00:00
ager@chromium.org
0961b1a936 Check that receiver is JSObject on API calls. 
R=sgjesse@chromium.org
BUG=v8:1369
TEST=mjsunit/regress/regress-1369.js

Review URL: http://codereview.chromium.org/6931056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-06 14:14:16 +00:00
karlklose@chromium.org
d43066050a Replace loops by OptimizeFunctionOnNextCall in regress-1085 and regress-1210. 
Review URL: http://codereview.chromium.org/6938001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-06 09:10:28 +00:00
ricow@chromium.org
e0eb110130 Reapply 7763, including arm and x64 variants. 
The only difference to revision 7763 is the implementation in the
builtins file for arm and x64, plus a move of Array.prototype.toString
and Array.prototype.toLocaleString from should throw on null or
undefined to the non generic test cases in the function-call test (due
to us not currently supporting generic cases with these to functions)
Review URL: http://codereview.chromium.org/6928007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-05 05:21:30 +00:00
ricow@chromium.org
797cbc68b7 Delete empty test/mjsunit/function-call.js file 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 14:20:19 +00:00
karlklose@chromium.org
8b917d4d96 Replace long running loops by OptimizeFunctionOnNextCall in some tests that are often timing out on ARM. 
Review URL: http://codereview.chromium.org/6910022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 13:53:08 +00:00
ricow@chromium.org
4d890da191 Revert 7763, missing implementation on x64 and arm for call and apply with null or undefined. 
Review URL: http://codereview.chromium.org/6913024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 13:45:19 +00:00
ricow@chromium.org
2b730c2bf6 Don't exchange null and undefined with the global object in function.prototype.{call, apply} for natives. 
This makes us compatible with firefox in throwing an exception when
call is invoked on a builtin with null as the this argument.
Review URL: http://codereview.chromium.org/6902104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 13:19:04 +00:00
lrn@chromium.org
569574b7bf Fix implementation of == to correctly convert Date objects to primitives. 
Fix issue 1356

BUG=v8:1356
TEST=mjsunit/double-equals

Review URL: http://codereview.chromium.org/6912021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7761 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 12:15:14 +00:00
lrn@chromium.org
d1411602a7 Don't allow whitespace after sign characters in parseInt. 
BUG=v8:955
TEST=mjsunit/regress/regress-955

Review URL: http://codereview.chromium.org/6903171

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 07:11:17 +00:00
ager@chromium.org
ccafbca61d Use JSON.parse instead of eval for the debugger JSON protocol. 
R=sgjesse@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/6903172

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7748 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-02 14:20:34 +00:00
kmillikin@chromium.org
1af840ad4c Be more discriminating about uses of the arguments object in optimized code. 
Because we track the value of the arguments object, we need to check
values whenever plugged into a forbidden value context.  It is not
enough to check at only variable references as we did previously.

R=fschneider@chromium.org
BUG=1351
TEST=regress-1351.js

Review URL: http://codereview.chromium.org/6902202

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-02 11:35:51 +00:00
mmaly@chromium.org
796ac25a4f Strict mode eval declares its locals in its own environment. 
BUG=
TEST=strict-mode.js

Review URL: http://codereview.chromium.org/6883200

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-29 15:31:39 +00:00
lrn@chromium.org
f470cf2777 Handle join of sparse arrays with non-empty separator more efficiently. 
BUG=v8:1028

Review URL: http://codereview.chromium.org/6902144

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-29 08:53:36 +00:00
vegorov@chromium.org
1c950e04cc Fix missing writebarrier in ArraySplice builtin. 
Review URL: http://codereview.chromium.org/6883227

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-28 16:03:40 +00:00
kmillikin@chromium.org
dc28280a82 Fix a bug in a corner case of direct eval detection. 
The corner case is calling a function named 'eval' that is looked up at
runtime and found in a non-global context (but not an extension object).
The bug is that we used the function itself as the receiver rather than
using the global object.

R=ager@chromium.org
TEST=has been added to the eval mjsunit test

Review URL: http://codereview.chromium.org/6893057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-28 05:04:48 +00:00