AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
wingo@igalia.com	f88bca9576	Generator object "next" method takes optional send value Update the generators implementation to make "next" also do the job of what was previously called "send" by taking an optional argument. Remove send, and do a bunch of renamings. R=rossberg@chromium.org BUG=v8:2355, v8:2715 Review URL: https://codereview.chromium.org/16136011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-10 09:26:18 +00:00
verwaest@chromium.org	3588aa45cd	Take all uses into account to clear int32 truncation. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/16656002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-07 17:28:46 +00:00
yangguo@chromium.org	17cfe68015	Enable map dependency to in-flight compilation info. R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/16542003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-07 13:27:03 +00:00
wingo@igalia.com	b29a78fb02	Baseline for-of implementation Add full-codegen support for the ES6 for-of iteration statement. R=mstarzinger@chromium.org, rossberg@chromium.org TEST=mjsunit/harmony/iteration-semantics BUG=v8:2214 Review URL: https://codereview.chromium.org/15288011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15002 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-07 11:12:21 +00:00
wingo@igalia.com	cb0d146862	Add initial parser support for harmony iteration This commit adds initial parser support for harmony iteration. Specifically, it will parse: for (x of y) {} for (let x of y) {} for (var x of y) {} The semantics are still unimplemented. TEST=mjsunit/harmony/for-of-syntax BUG=v8:2214 R=rossberg@chromium.org Review URL: https://codereview.chromium.org/15300018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-06 14:38:26 +00:00
verwaest@chromium.org	16199c63d8	Initialized representations of computed values to None. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/14721009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14982 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-06 14:21:35 +00:00
mvstanton@chromium.org	701f356bac	Move runtime array constructor functions from builtins.cc to runtime.cc. Not only is runtime.cc a better location, but situations arise soon where we'll want to make runtime calls to these functions. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/16399007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-06 13:22:42 +00:00
mvstanton@chromium.org	a9a80fb422	Allocation type info advice consumed in bailout path leads to assert failure. If the runtime is taken for a constructor like "new Array(100000)", where allocation site info already led to an elements kind of DOUBLE, then the runtime would fail to transition the array to dictionary mode. Better to recognize this case and avoid wasting time by following the advice. Furthermore, it offers a way to recognize that the array should be in dictionary mode (though a future checkin will capitalize on that). BUG= R=danno@chromium.org Review URL: https://codereview.chromium.org/15993012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-06 09:26:30 +00:00
verwaest@chromium.org	5e8679beea	Remove the optimized construct stub. R=mstarzinger@chromium.org Review URL: https://chromiumcodereview.appspot.com/15993016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14946 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-05 08:43:25 +00:00
adamk@chromium.org	de92d0b0e0	Array.observe emit splices for array length change and update index >= length R=adamk@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/15504002 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-04 23:58:49 +00:00
jkummerow@chromium.org	20cedf9a4b	Liveness analysis for environment slots in Hydrogen R=titzer@chromium.org Review URL: https://codereview.chromium.org/15533004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-04 16:41:24 +00:00
mvstanton@chromium.org	3d3c6b1599	Special Array constructor type feedback erroneously recorded when Array was called as a function. Issue was found with optimize_constructed_array turned on. This patch makes the fix, and turns the flag back on. BUG=244461 R=danno@chromium.org Review URL: https://codereview.chromium.org/16057005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-06-03 14:46:23 +00:00
jkummerow@chromium.org	b4058a3bd4	Fast literals: fixed initialization of non-copied in-object property fields BUG=chromium:245424 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/16190008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14906 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-31 15:50:19 +00:00
verwaest@chromium.org	5b08a1a119	Fix DeferredTaggedToINoSSE2 to not unconditionally untag undefined to 0. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/16228002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-31 08:37:34 +00:00
verwaest@chromium.org	1a4a904bef	Replace DeoptimizeOnUndefined with whitelisting AllowUndefinedAsNan R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/15952007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-30 09:11:06 +00:00
adamk@chromium.org	09c489ea93	Re-land: Implement ObservedArrayPop, ObservedArrayShift, ObservedArrayUnshift & ObservedArraySplice Original issue: https://codereview.chromium.org/15331002/ Broke mozilla/js1_5/Array/regress-451483.js, which ends up attempting to call %IsObserved() on a non-object. IsObserved now checks for JSReceiver and returns false rather than crashing. R=adamk@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/15777007 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14888 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-29 17:26:05 +00:00
yurys@chromium.org	09959efe41	Add support for //# sourceURL similar to deprecated //@ sourceURL one. BUG=v8:2702 R=yangguo@chromium.org, yurys@chromium.org Review URL: https://codereview.chromium.org/15859010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-29 12:40:21 +00:00
mstarzinger@chromium.org	26e7936e27	Re-enable allocation-site-info test case. R=svenpanne@chromium.org TEST=mjsunit/allocation-site-info Review URL: https://codereview.chromium.org/16192002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-29 08:29:25 +00:00
svenpanne@chromium.org	116fe61f5e	Disabled broken test TBR=mvstanton@chromium.org Review URL: https://codereview.chromium.org/15951006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14866 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-29 07:32:10 +00:00
mstarzinger@chromium.org	3b114cdd64	Fix IfBuilder::Deopt to clear the current block. R=jkummerow@chromium.org BUG=chromium:243868 TEST=mjsunit/regress/regress-crbug-243868 Review URL: https://codereview.chromium.org/16155003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14854 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-28 15:30:49 +00:00
rossberg@chromium.org	ecb6bd2718	Revert "Implement ObservedArrayPop, ObservedArrayShift, ObservedArrayUnshift & ObservedArraySplice" This reverts commit r14846. Broke Mozilla test (see http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/3608/steps/Mozilla/logs/stdio), e.g.: === mozilla/js1_5/Array/regress-451483 === --- stdout --- BUGNUMBER: 451483 STATUS: [].splice.call(0) == [] /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/js1_5/Array/regress-451483.js:57: illegal access var result = [].splice.call(0); ^ Command: /mnt/data/b/build/slave/v8-linux-shared/build/v8/out/Release/d8 --test --nobreak-on-abort --nodead-code-elimination --nofold-constants --expose-gc /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/mozilla-shell-emulation.js /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/shell.js /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/js1_5/shell.js /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/js1_5/Array/shell.js /mnt/data/b/build/slave/v8-linux-shared/build/v8/test/mozilla/data/js1_5/Array/regress-451483.js TBR=rafaelw@chromium.org BUG= Review URL: https://codereview.chromium.org/16150003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-28 13:00:53 +00:00
rossberg@chromium.org	6fa987193e	Make (Object.)observed Arrays use SafeRemoveArrayHoles during sort R=adamk,rossberg BUG= Review URL: https://codereview.chromium.org/15837006 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-28 11:23:59 +00:00
rossberg@chromium.org	c06dc9d010	Implement ObservedArrayPop, ObservedArrayShift, ObservedArrayUnshift & ObservedArraySplice R=rossberg,adamk,arv BUG= Review URL: https://codereview.chromium.org/15331002 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-28 11:16:02 +00:00
verwaest@chromium.org	aa2444269b	Fix the hole loading optimization. - Holes are only ever loaded as double or tagged. - Change to tagged has to deoptimize on undefined (no implicit conversions from double the hole NaN -> tagged undefined). BUG= R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/16099006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-27 17:33:14 +00:00
verwaest@chromium.org	9d3e7e5b81	Fix Object.freeze for objects with mixed accessors and data properties The bug in the existing code was that it modified the \|attributes\| local variable on its way through the loop in CopyUpToAddAttributes. But that affected any properties updated after an accessor property. The code now sets up a mask each time and applies that instead of mutating \|attributes\|. R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/16051002 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14818 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-27 10:56:27 +00:00
yangguo@chromium.org	3e41834721	Regexp parser: reset flag after scanning ahead for capture groups. When the regexp pattern parser encounters an unbound reference to a capturing group, it needs to scan ahead to decide whether it really is a reference. The scan advances to the end of the pattern string and sets has_more_ to false, but fails to reset it to true so that later on, parsing a character class wrongly fails. R=ulan@chromium.org BUG=v8:2690 Review URL: https://chromiumcodereview.appspot.com/15712006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-27 10:53:37 +00:00
yangguo@chromium.org	7c2a1346d6	Fix edge case in stack trace formatting. Bug description: in strict mode, null as receiver is not implicitly converted to the global object, so that when formatting the stack trace, the receiver of the stack frame is null. The IS_OBJECT check returns true for null, but %GetDataProperty expected a JSObject, which results in a failed RUNTIME_ASSERT. R=mvstanton@chromium.org BUG=237617 Review URL: https://chromiumcodereview.appspot.com/15670003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-24 11:33:46 +00:00
yangguo@chromium.org	1d39355405	Add belated test for the SeqStringSetChar bug. R=titzer@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/15849003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-24 08:37:27 +00:00
mstarzinger@chromium.org	8fb2086847	Fix embedded new-space pointer in LCmpObjectEqAndBranch. R=mvstanton@chromium.org BUG=chromium:240032 TEST=mjsunit/regress/regress-crbug-240032 Review URL: https://codereview.chromium.org/15779004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 14:06:28 +00:00
mvstanton@chromium.org	1a4482ab3f	Missing type cell on ia32 from bindings. Javascript constructors called from C++ code didn't have a type cell properly filled in on ia32. This showed up as a bug in webkit bindings. Re-enabled flag optimize-constructed-arrays. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/15870002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 13:45:33 +00:00
yangguo@chromium.org	a1e18bdf3c	Improve SeqStringSetChar implementation. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/15743006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 09:51:06 +00:00
verwaest@chromium.org	308e69755b	Implement HChange support for Smis and use it in Load/StoreNameField BUG= R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/15303004 Patch from Daniel Clifford <danno@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 08:32:07 +00:00
verwaest@chromium.org	36e91242fd	Make Object.freeze fast This patch both speeds up the freeze operation itself, but also allows properties to remain in fast mode. Objects with non-empty elements backing stores still end up with slow elements. Relanding r14758 and r14759 with fix for Test262: only mark properties and elements READ_ONLY if they are not JS setter/getters. Tightened up tests to assert frozen-ness, and added targeted tests for the new code (covering accessors). BUG=v8:1858, 115960 R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/15691007 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-23 07:05:58 +00:00
adamk@chromium.org	4d48bb832f	Revert "Make Object.freeze fast" and "Fix Object.freeze on dictionary-backed arrays to properly freeze elements" This reverts r14758 and r14759 due to introducing failures in Test262 TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/15681004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 21:27:00 +00:00
adamk@chromium.org	3ebccb7aae	Fix Object.freeze on dictionary-backed arrays to properly freeze elements Follow-up to r14758: slightly rearranges JSObject::Freeze() to avoid duplicating code while still retaining proper dictionary elements storage behavior. Also fix a lint error. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/15737018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 20:40:04 +00:00
adamk@chromium.org	648e99e308	Make Object.freeze fast This patch both speeds up the freeze operation itself, but also allows properties to remain in fast mode. Objects with non-empty elements backing stores still end up with slow elements. BUG=v8:1858, 115960 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/14888005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 18:53:58 +00:00
mstarzinger@chromium.org	b704cb9139	Fix bogus deopt in BuildEmitDeepCopy for holey arrays. R=verwaest@chromium.org BUG=chromium:242924 TEST=mjsunit/regress/regress-crbug-242924 Review URL: https://codereview.chromium.org/15735012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 17:58:21 +00:00
verwaest@chromium.org	b353b1d131	Don't allow copying holes to fields. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/15745006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 15:33:53 +00:00
mstarzinger@chromium.org	bf413b5122	Fix VisitLogicalExpression for empty blocks on RHS. R=jkummerow@chromium.org BUG=chromium:242870 TEST=mjsunit/regress/regress-crbug-242870 Review URL: https://codereview.chromium.org/15744002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 13:27:00 +00:00
yangguo@chromium.org	9960b24694	Fix unexpected elements transition in JSON.parse R=verwaest@chromium.org BUG=241344 Review URL: https://chromiumcodereview.appspot.com/15739003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 13:24:18 +00:00
verwaest@chromium.org	8db3014974	Keep representations while overwriting transitions. BUG=chromium:241477 R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/15718002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14745 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 10:46:33 +00:00
mstarzinger@chromium.org	d696f7b3c1	Use explicit type feedback clearing in some tests. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/15711004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14744 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 09:17:27 +00:00
hpayer@chromium.org	9c3c28646b	Force GC before executing unbox double arrays test to avoid timeouts. BUG= Review URL: https://codereview.chromium.org/15292002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-22 09:05:22 +00:00
mstarzinger@chromium.org	db4a770c3f	Add regression test for fix from r14732. R=verwaest@chromium.org BUG=chromium:242502 TEST=mjsunit/regress/regress-crbug-242502 Review URL: https://codereview.chromium.org/15288008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-21 14:20:42 +00:00
mvstanton@chromium.org	239b2830cc	Turning off optimize-constructed-arrays to investigate a WebKit/bindings issue. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/15303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-17 12:33:48 +00:00
hpayer@chromium.org	d7427aa938	Fix transition test to support allocation site info. BUG= Review URL: https://codereview.chromium.org/15270002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-17 08:56:45 +00:00
verwaest@chromium.org	73d084fad3	Fix bugs in rewriting combined with attributes and accessors R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/14843023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-17 03:16:20 +00:00
titzer@chromium.org	5746d38351	Fix code gen bug on arm and mips; SeqStringSetChar overwrites a register; Add better default PrintDataTo for HInstruction BUG= Review URL: https://codereview.chromium.org/14895019 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-16 14:27:39 +00:00
rossberg@chromium.org	8ce0718763	Implement Array.observe and emit splice change records for ArrayPush Review URL: https://codereview.chromium.org/14978007 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-16 11:19:37 +00:00
adamk@chromium.org	0ed681905c	Re-land Notifier.prototype.performChange + tests Fixes the debug check failure on sorting an object with an array __proto__. Original Issue: https://codereview.chromium.org/14779011/ TBR=adamk@chromium.org Review URL: https://codereview.chromium.org/14977015 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-15 22:09:40 +00:00
adamk@chromium.org	91daa127c9	Revert "Implement Object.getNotifier(obj).performChange()" (r14696) Reverts r14696 because it caused debug assertion failures when running test/mjsunit/harmony/object-observe.js TBR=rossberg Review URL: https://codereview.chromium.org/15203002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-15 18:47:48 +00:00
adamk@chromium.org	07a54cd06d	Implement Object.getNotifier(obj).performChange() R=rossberg,adamk,arv BUG= Review URL: https://codereview.chromium.org/14779011 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-15 17:44:45 +00:00
wingo@igalia.com	55f6281281	Revert "GeneratorFunction() makes generator instances" This reverts r14684 because of blink LayoutTest failures in inspector/debugger/debugger-pause-in-internal.html. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/14619040 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-15 15:57:58 +00:00
mvstanton@chromium.org	31b8fc19c3	With flag optimize-constructed-arrays on, ARM and MIPS suffered a performance degrade due to incorrect code in GenerateRecordCallTarget(). The CL also enables flag optimize-constructed-arrays. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/14772043 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-15 15:17:01 +00:00
wingo@igalia.com	e24cc32011	GeneratorFunction() makes generator instances The current specification has GeneratorFunction() be like Function(), except that it makes generator instances. This commit implements that behavior. It also fills in a piece of the implementation where otherwise calling GeneratorFunction or GeneratorFunctionPrototype would cause an abort because they have no code. R=mstarzinger@chromium.org, rossberg@chromium.org TEST=mjsunit/harmony/generators-iteration TEST=mjsunit/harmony/generators-runtime BUG=v8:2355 BUG=v8:2680 Review URL: https://codereview.chromium.org/14857009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-15 13:22:05 +00:00
wingo@igalia.com	d6fa1d8ad9	Function constructor should avoid String.prototype methods Replace a use of .indexOf with a call to StringIndexOf. As always, lexical scoping to the rescue. R=mstarzinger@chromium.org TEST=mjsunit/regress/regress-2686 BUG=v8:2686 Review URL: https://codereview.chromium.org/14668013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14678 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-15 10:52:06 +00:00
wingo@igalia.com	8f602260d3	Implement yield* (delegating yield) Ideally this would have been implemented via desugaring at parse-time, but yield* is an expression, and its desugaring includes statements like while and try/catch. We'd have to have BlockExpression in the AST to support that, and it's not worth it for this feature. So instead we implement all of the logic in FullCodeGenerator::VisitYield. Delegating yield AST nodes now have a try handler index, for the try/catch. Otherwise the implementation is straightforward. R=rossberg@chromium.org BUG=v8:2355 TEST=mjsunit/harmony/generators-iteration Review URL: https://codereview.chromium.org/14582007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-14 16:26:56 +00:00
wingo@igalia.com	b7ecb8cb8d	Revert mistakenly committed r14667 and r14666. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-14 16:17:26 +00:00
wingo@igalia.com	25c1d78e3d	Implement yield* (delegating yield) Ideally this would have been implemented via desugaring at parse-time, but yield* is an expression, and its desugaring includes statements like while and try/catch. We'd have to have BlockExpression in the AST to support that, and it's not worth it for this feature. So instead we implement all of the logic in FullCodeGenerator::VisitYield. Delegating yield AST nodes now have a try handler index, for the try/catch. Otherwise the implementation is straightforward. R=mstarzinger@chromium.org BUG=v8:2355 TEST=mjsunit/harmony/generators-iteration git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-14 15:59:25 +00:00
titzer@chromium.org	68eb1e50ca	Improve dead code elimination by transitively marking live code and removing all dead code. Replace unreachable phi removal algorithm with the new dead code elimination pass, which is more thorough. Review URL: https://codereview.chromium.org/14676011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-14 13:10:52 +00:00
wingo@igalia.com	1634369af7	Don't flush code for generator functions. R=mstarzinger@chromium.org BUG=v8:2681 TEST=mjsunit/regress/regress-2681 Review URL: https://codereview.chromium.org/14731023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-13 17:36:26 +00:00
dslomov@chromium.org	5777f3fb48	Enable native implementation of array buffer and typed arrays in d8 and tests. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/15059009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-13 14:18:43 +00:00
jkummerow@chromium.org	7636fdec27	Fix missing hole check for loads from Smi arrays when all uses are changes BUG=chromium:233737 Review URL: https://codereview.chromium.org/14978004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14638 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-13 11:58:10 +00:00
danno@chromium.org	05e8e0e7b4	Elide hole checks on KeyedLoads of holey double arrays Improves NavierStokes by about 5% R=ulan@chromium.org Review URL: https://codereview.chromium.org/15014020 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14630 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-13 07:35:26 +00:00
svenpanne@chromium.org	f853b08ad0	Fixed constant folding in HMod. We have to check for overflow before attempting to do a modulo operation, otherwise Crankshaft itself segfaults on some platforms, e.g. ia32. Added tests even for division, where the problem doesn't show up, just to be sure... R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/14617014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-13 07:32:38 +00:00
verwaest@chromium.org	df57747fc4	Track heap objects. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/14996004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-10 17:17:50 +00:00
wingo@igalia.com	3f09e0a3d8	Remove separate maps for function instances ES3 specified that functions created via Function() would have enumerable prototypes, unlike function literals. For this reason, V8 has always had two prototypes for functions: "function_map" for literals, and "function_instance_map" for "function instances": those functions created by Function(). However, since 2009 or so, both maps have been the same! Both have had writable, non-enumerable prototypes. Moreover, ES5 changed to specify that function instances would have non-enumerable prototypes. This patch removes the separate maps for function instances in sloppy and strict mode. R=mstarzinger@chromium.org TEST=mjsunit/function-prototype BUG= Review URL: https://codereview.chromium.org/14829005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-10 12:59:20 +00:00
mstarzinger@chromium.org	eb18db3ab4	Skip flaky regress-crbug-160010 regression test. R=ulan@chromium.org BUG=chromium:160010 TEST=mjsunit/regress/regress-crbug-160010 Review URL: https://codereview.chromium.org/14908006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-10 10:39:16 +00:00
verwaest@chromium.org	52008429b7	Use mutable heapnumbers to store doubles in fields. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/14850006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14597 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-08 15:02:08 +00:00
ulan@chromium.org	cd4e9866b7	Fix environment in HOptimizedGraphBuilder::VisitCountOperation. Follow-up for r14584. R=danno@chromium.org BUG=v8:2671 TEST=mjsunit/regress/regress-2671-1.js Review URL: https://chromiumcodereview.appspot.com/14972009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-08 14:58:06 +00:00
mvstanton@chromium.org	f5ad8e4469	Turn off optimize-constructed-arrays flag to investigate ARM perf issue BUG= R=danno@chromium.org Review URL: https://codereview.chromium.org/14753007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-08 08:49:29 +00:00
danno@chromium.org	bd9274436c	Bias commutative single-use register inputs and support lea adds This improves register allocation for many common add and multiply patterns on ia32 and x64 by reducing register pressure. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/14856015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-08 08:37:24 +00:00
wingo@igalia.com	75d939aceb	Generators save and restore stack handlers This CL adds machinery to unwind stack handlers from the stack and store them into a generator's operand array. It also includes routines to reinstate them. Together this allows generators to yield within try/catch and try/finally blocks. BUG=v8:2355 R=mstarzinger@chromium.org TEST=mjsunit/harmony/generators-iteration Review URL: https://codereview.chromium.org/14031028 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-08 08:08:23 +00:00
ulan@chromium.org	e5a29e8ff9	Do not change environment between simulate and scope with no observable side-effects in HandlePropertyAssignment. LChunkBuilder reconstructs the environment by applying simulates. A scope with no observable side-effects has no simulates. If the scope deoptimizes, then LChunkBuilder would miss the changes to the environment between the last simulate and the scope. R=danno@chromium.org BUG=v8:2671 TEST=mjsunit/regress/regress-2671.js Review URL: https://chromiumcodereview.appspot.com/14793009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-08 07:40:28 +00:00
mvstanton@chromium.org	d7b013de57	Becuase of cross-context calls, hydrogen-based Array constructor needs to ensure the array constructor pointer passed in matches that of the current context. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/14846017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-07 21:01:53 +00:00
dslomov@chromium.org	b15bbfbe39	Implement TypedArray.set function. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14581005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-07 14:42:17 +00:00
dslomov@chromium.org	e45abf08cc	Update mjsunit tests to be complaian with ES6 implementation of typed arrays R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14580012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-07 14:03:50 +00:00
verwaest@chromium.org	46d39cabd6	Fix polymorphic to monomorphic load to take representation into account. Review URL: https://chromiumcodereview.appspot.com/14966005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14565 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-07 10:32:23 +00:00
wingo@igalia.com	3cd73ebc2f	Generators return boxed values Generators now box their return values in object literals of the form { value: VAL, done: DONE } where DONE is false for yield expressions, and true for return statements. BUG=v8:2355 TEST=mjsunit/harmony/generators-iteration R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/13870007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14563 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-07 08:46:42 +00:00
wingo@igalia.com	19e5f6cbf0	toString() on generator functions prints with function* This CL adds a %FunctionIsGenerator runtime function, and uses it in the function toString() implementation. R=mstarzinger@chromium.org BUG=v8:2355 TEST=mjsunit/harmony/generators-runtime Review URL: https://codereview.chromium.org/14912002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-03 13:01:28 +00:00
dslomov@chromium.org	02889cafb8	Add type checks to typed array property getters. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14650014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-03 09:59:50 +00:00
dslomov@chromium.org	18d02d06f0	Implement TypedArray.subarray method. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14740017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14537 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-03 09:43:44 +00:00
dslomov@chromium.org	8b1f81fa24	Allow pathological zero-length typed arrays. R=rossberg@chromium.org BUG= Review URL: https://codereview.chromium.org/14857002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-02 13:51:03 +00:00
dslomov@chromium.org	343bf33918	Range checking bug in typed array constructor. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14850011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-02 13:30:57 +00:00
dslomov@chromium.org	2751eeb361	More typed array constructors. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14845012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-02 12:27:03 +00:00
dslomov@chromium.org	6e86141916	Implementation of Uint8ClampedArray. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14657003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-05-02 11:36:48 +00:00
dslomov@chromium.org	1da21f1868	Revert "Flag optimize-constructed-arrays turned on." This reverts commit r14491. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-30 11:23:34 +00:00
mvstanton@chromium.org	ff57a1062b	Flag optimize-constructed-arrays turned on. This routes array construction through a hydrogen stub, and enables use of allocation site info tracking. BUG= Review URL: https://codereview.chromium.org/14616010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-30 08:22:05 +00:00
dslomov@chromium.org	9e2c046f5c	TypedArray(length) constructor R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14460008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-29 16:16:31 +00:00
danno@chromium.org	e6570d43ba	Fix bug in CompareNil IC R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/13863022 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-29 15:09:22 +00:00
danno@chromium.org	528792e39b	Fix beyond-heap load on x64 Crankshafted StringCharFromCode BUG=chromium:235311 R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/14387008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-29 14:34:24 +00:00
dslomov@chromium.org	7b1e7463f2	Remove __ prefix from Harmony typed arrays implementation R=rossberg@chromium.org BUG= Review URL: https://codereview.chromium.org/14402026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-29 11:18:27 +00:00
verwaest@chromium.org	99e17bb12a	Track storage types of instance variables. Review URL: https://chromiumcodereview.appspot.com/14146005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-26 15:30:41 +00:00
mstarzinger@chromium.org	1706fe657e	Add support for yield expressions This CL extends the generator suspend and resume implementation to capture values on the operand stack. It factors out some helpers to measure and access the operand stack into the JavaScriptFrame class. It also refactors the suspend and resume helpers to avoid handle allocation. BUG=v8:2355 TEST=mjsunit/harmony/generators-iteration Review URL: https://codereview.chromium.org/14348003 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-26 12:09:32 +00:00
mstarzinger@chromium.org	885fd2f4b2	Fix yield inside with This patch makes it so that suspending generators always saves the context. Previously we erroneously assumed that if the operand stack was empty, that the context would be unchanged, but that is not the case with "with". Fixing this brought out an interesting bug in the variable allocator. Yield inside with will reference a context-allocated temporary holding the generator object. Before the fix, this object was looked up in the with context instead of the function context, because with contexts were not being simulated during full-codegen. Previously this was OK as all variables would be given LOOKUP allocation instead of CONTEXT, but the context-allocated temporary invalidated this assumption. The fix is to simulate the context chain more accurately in full-codegen. R=mstarzinger@chromium.org BUG=v8:2355 TEST=mjsunit/harmony/generators-iteration Review URL: https://codereview.chromium.org/14416011 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14454 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-26 11:55:22 +00:00
mstarzinger@chromium.org	bb2d8a51da	Implement support for Math.imul in Crankshaft. R=jkummerow@chromium.org TEST=mjsunit/math-imul Review URL: https://codereview.chromium.org/14471041 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14450 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-26 08:52:35 +00:00
mvstanton@chromium.org	e751ad06d9	Constructed arrays can be created with Hydrogen code stubs. The feature is still off by default (--optimize-constructed-arrays). BUG= Review URL: https://codereview.chromium.org/12385014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-25 16:00:32 +00:00
mstarzinger@chromium.org	8f1fc88f8c	Relax --debug-code checks that runtime returns are not the hole ia32, unlike the other architectures, includes a --debug-code check that asserts that runtime functions do not return the hole. However the new SuspendJSGeneratorObject runtime does return the hole at times. This CL adds a wee hack that only signals an error if the callee was not SuspendJSGeneratorObject. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/13856011 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14437 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-25 12:00:07 +00:00
mstarzinger@chromium.org	71dc9e165f	Capture receiver in generator object Previously there has been no reason to context-allocate the receiver, so access to the receiver always goes through the stack. This was failing with generators, which assumed that forcing context allocation would relieve the need of storing anything but the context and the function on the stack. This CL adds a slot in generator objects to capture the receiver, and restores it when resuming a generator. BUG=v8:2355 TEST=mjsunit/harmony/generators-iteration Review URL: https://codereview.chromium.org/14158006 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-25 10:59:09 +00:00
jkummerow@chromium.org	628875475e	Fix overflow check in mul-i which was missing since r14322 Review URL: https://codereview.chromium.org/14471012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14430 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-25 07:36:59 +00:00

1 2 3 4 5 ...

2139 Commits