verwaest@chromium.org
5b40c38679
Load the global proxy from the context of the target function.
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/111613003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 08:21:17 +00:00
ulan@chromium.org
711bcbb0e3
ARM: fix loading of global object in LWrapReceiver.
...
Since r16993 the cp register is handled by registers allocator,
and we cannot assume that the cp always contains the context.
BUG=318420
LOG=Y
TEST=test/mjsunit/regress/regress-318420.js
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/121703002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-27 14:38:00 +00:00
ulan@chromium.org
7ac7a7ea99
Fix a race between concurrent recompilation and OSR.
...
If concurrent recompilation finishes before OSR, then OSR replaces
the old optimized code without evicting it from the optimized code map.
New functions can get the old optimized code from the optimized code map,
but the old code could be already deoptimized.
BUG=330046
TEST=test/mjsunit/regress-330046.js
LOG=Y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/109033003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-27 09:22:56 +00:00
yangguo@chromium.org
2a4be7067c
Refactor the compiling pipeline.
...
Goals:
- easier to read, more suitable identifiers.
- better distinction between compiling optimized/unoptimized code
- compiler does not install code on the function.
- easier to add features (e.g. caching optimized code for osr).
- remove unnecessary code.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/110203002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 14:30:35 +00:00
yangguo@chromium.org
f7929d2a87
Reland "Handlify concat string and substring."
...
This relands commit r17490.
BUG=
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/114943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18408 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 12:37:56 +00:00
yangguo@chromium.org
8c10fc6aee
Harmony: implement math.hypot.
...
R=jarin@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/118303002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 11:13:39 +00:00
yangguo@chromium.org
2e2676a843
Harmony: implement Math.log2 and Math.log10.
...
R=jarin@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/119093006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 10:54:47 +00:00
yangguo@chromium.org
cd7d61cfc2
Fix small spec violation in String.prototype.split.
...
Also slightly extended the test coverage.
R=rossberg@chromium.org
BUG=v8:3026
LOG=Y
Review URL: https://codereview.chromium.org/119093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18405 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 10:01:22 +00:00
yangguo@chromium.org
c61d07e03f
Correctly resolve forcibly context allocated parameters in debug-evaluate.
...
R=ulan@chromium.org
BUG=325676
LOG=Y
Review URL: https://codereview.chromium.org/107243006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 08:37:03 +00:00
titzer@chromium.org
be32761a67
Improve load elimination handling of transitioning stores.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/106973005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:12:41 +00:00
rossberg@chromium.org
b882bddcfd
Make a strict function's "name" property non-writable.
...
Set [[Writable]] to false for the "name" property of strict
functions as well, mirroring what non-strict functions have
it as.
LOG=N
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-270142
BUG=270142
Review URL: https://codereview.chromium.org/99203006
Patch from Sigbjorn Finne <sigbjornf@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:06:11 +00:00
hpayer@chromium.org
f583b73b70
Revert "Remove flag track-allocation-sites."
...
This reverts commit 6c430da40efe388035504d3603756aa8c46ed1dc.
BUG=
Review URL: https://codereview.chromium.org/109303006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:04:34 +00:00
mvstanton@chromium.org
e654c88fab
Remove flag track-allocation-sites.
...
The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/104923010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 11:46:31 +00:00
titzer@chromium.org
1f679a58f7
Improve check elimination with branch sensitivity on HCompareObjectEqAndBranch.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/106733002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-19 17:42:21 +00:00
jkummerow@chromium.org
3c76ecd732
Fix switch statements with non-Smi integer labels and no type feedback
...
BUG=chromium:329709
LOG=Y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/98643010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-19 14:25:58 +00:00
verwaest@chromium.org
fb7218dc3d
Enable optimization of functions with generic switches.
...
R=jkummerow@chromium.org , titzer@chromium.org
Review URL: https://chromiumcodereview.appspot.com/110123002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 11:44:38 +00:00
yangguo@chromium.org
213b05b5b9
Fix off-by-one error in AstTyper, part 2.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/112933002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-12 15:19:57 +00:00
jkummerow@chromium.org
48ff79a300
Fix polymorphic inlined calls with migrating prototypes
...
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/104793003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-12 14:57:00 +00:00
ulan@chromium.org
cc401095fb
Initialize Date parse cache with SMI instead of double to workaround sharing mutable heap numbers in snapshot.
...
This is the only field in the snapshot that was tracked as double.
R=verwaest@chromium.org
TEST=mjsunit/regress/regress-280531.js
BUG=280531
LOG=Y
Review URL: https://chromiumcodereview.appspot.com/112003005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-11 13:11:44 +00:00
yangguo@chromium.org
5bc64b9fa5
Fix off-by-one error in AstTyper.
...
This causes the first parameter to be confused with the first
stack local when we collect type information.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/105943007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18296 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-11 11:34:09 +00:00
hpayer@chromium.org
75a84eca0b
Added regression test for escape analysis.
...
BUG=
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/99133011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18290 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-10 15:54:20 +00:00
titzer@chromium.org
3de79abd85
Add a regression test for boolean concatenation in strings.
...
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/106743010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-10 14:05:25 +00:00
svenpanne@chromium.org
e1db6d86a9
Avoid FP exceptions when doing integer division.
...
BUG=v8:3039
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/104003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-09 10:15:19 +00:00
mvstanton@chromium.org
b807f4f82f
Bugfix: HCheckInstanceType::GetCheckMaskAndTag used an incorrect mask.
...
The mask to check for an internalized string was incorrectly formed. Hat
tip to Weiliang Lin for discovering the bug.
BUG=v8:3038
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/108033002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-06 09:43:07 +00:00
verwaest@chromium.org
8a4df124a4
Fix loop side-effects of deoptimizing loops with a nested live OSR loop.
...
R=titzer@chromium.org
Review URL: https://chromiumcodereview.appspot.com/106723002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 18:31:06 +00:00
machenbach@chromium.org
d8a757c669
Add tests and extension verifying CHECK and ASSERT.
...
The new native functions can also be used in blink tests to ensure that V8 asserts are turned on where they should be.
BUG=
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/105953005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18262 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 17:26:22 +00:00
yangguo@chromium.org
34f0b745b8
Reland "Implement hyperbolic math functions for ES6."
...
BUG=v8:2938
LOG=N
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/104173002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 12:36:42 +00:00
yangguo@chromium.org
3e689544af
Revert "Implement hyperbolic math functions for ES6."
...
BUG=
Review URL: https://codereview.chromium.org/104003002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18248 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 08:53:17 +00:00
yangguo@chromium.org
d1e0c338f3
Implement hyperbolic math functions for ES6.
...
R=jarin@chromium.org
BUG=v8:2938
LOG=Y
Review URL: https://codereview.chromium.org/102023003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 08:32:18 +00:00
titzer@chromium.org
1d6710c933
Add some test cases with dead loops.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/98323004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-03 18:04:45 +00:00
verwaest@chromium.org
d4eaae37d1
Check whether the receiver to a keyed-call is actually a heapobject.
...
BUG=325225
LOG=n
R=dslomov@chromium.org
Review URL: https://chromiumcodereview.appspot.com/101863004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-03 17:59:31 +00:00
titzer@chromium.org
16c4c14fac
Check elimination: Learn from if(CompareMap(x)) on true branch.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/99043002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18210 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 18:34:33 +00:00
bmeurer@chromium.org
aa83f2900a
Fix invalid assertion with OSR in BuildBinaryOperation.
...
BUG=v8:3032
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/98623004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 13:12:07 +00:00
yangguo@chromium.org
3d062847a4
Make sin-cos test case compatible with --always-osr.
...
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/98893002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 12:56:54 +00:00
mstarzinger@chromium.org
db915fe97e
Handle captured objects in OptimizedFrame::Summarize.
...
R=yangguo@chromium.org
BUG=v8:3029
TEST=mjsunit/regress/regress-3029
LOG=N
Review URL: https://codereview.chromium.org/96773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 12:11:02 +00:00
mvstanton@chromium.org
5ba1304d60
Array builtins need to be prevented from changing frozen objects, and changing structure on sealed objects.
...
BUG=299979
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/80623002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-29 15:22:16 +00:00
yangguo@chromium.org
f235194518
Fix bug in inlining Function.apply.
...
R=jkummerow@chromium.org
BUG=323942
LOG=Y
Review URL: https://codereview.chromium.org/95123003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18135 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:30:17 +00:00
titzer@chromium.org
bbdd21ebb0
Fix load elimination: can only .Equals() GVN-able instructions.
...
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/95193002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:27:42 +00:00
dslomov@chromium.org
7372596615
Ensure that length is Smi in TypedArrayFromArrayLike constructor.
...
R=jkummerow@chromium.org
BUG=324028
LOG=Y
Review URL: https://codereview.chromium.org/94473002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:22:36 +00:00
mstarzinger@chromium.org
d53e38777f
Fix missing bounds check in n-arguments Array constructor.
...
LOG=N
R=mvstanton@chromium.org
BUG=v8:3027
TEST=mjsunit/regress/regress-3027
Review URL: https://codereview.chromium.org/92103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 09:29:57 +00:00
yangguo@chromium.org
ea43173cf4
Shorten autogenerated error message.
...
R=rossberg@chromium.org
BUG=v8:3019
LOG=Y
Review URL: https://codereview.chromium.org/88393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18115 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 08:59:45 +00:00
rossberg@chromium.org
e943623b12
Harmony promises
...
Based on prototype at
https://github.com/rossberg-chromium/js-promise
which informed the latest spec draft version at
https://github.com/domenic/promises-unwrapping/blob/master/README.md
Activated by --harmony-promises.
Feature complete with respect to the draft spec, plus the addition of .when and .deferred methods. Final naming and other possible deviations from the current draft will hopefully be resolved soon after the next TC39 meeting.
This CL also generalises the Object.observe delivery loop into a simplistic microtask loop. Currently, all observer events are delivered before invoking any promise handler in a single fixpoint iteration. It's not clear yet what the final semantics is supposed to be (should there be a global event ordering?), but it will probably require a more thorough event loop abstraction inside V8 once we get there.
R=dslomov@chromium.org , yhirano@chromium.org
BUG=
Review URL: https://codereview.chromium.org/64223010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18113 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-27 17:21:40 +00:00
machenbach@chromium.org
c95173b2eb
Increase test runner speed.
...
Let the test runner preserve the order of test suites to let suites with long running tests run first.
Mark some tests as slow that can now be skipped via --slow-tests=skip.
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/88343002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18086 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 16:53:04 +00:00
yangguo@chromium.org
ab96631177
Increase precision for base conversion for large integers.
...
R=jkummerow@chromium.org
BUG=v8:3025
LOG=Y
Review URL: https://codereview.chromium.org/88583002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 15:48:13 +00:00
yangguo@chromium.org
afd8e5a305
Speed up long-running test cases.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/85163003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 11:32:39 +00:00
yangguo@chromium.org
4716b292db
Make some ARM test cases faster.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/85473004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 10:43:44 +00:00
dslomov@chromium.org
c3a4d718ce
Generate TypedArrayInitialize builtin in hydrogen.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/59023003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-25 14:41:46 +00:00
mvstanton@chromium.org
81b22bbf96
A performance regression in array literal creation was caused by refactoring that eliminated a special fast case for shallow arrays. At the same time the general case got a bit slower. This CL restores most of the performance without coding the special fast case. The virtual dispatching is unnecessary because we know what we want to do at compile time. A flag was added to Runtime::CreateArrayLiteral. The flags delivers information about shallowness but also whether or not allocation mementos should be created. This is useful for crankshafted code.
...
BUG=v8:3008
LOG=Y
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/77293003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18046 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-25 12:41:27 +00:00
yangguo@chromium.org
aa3518a0f3
Make sure files end with exactly one new line and police this in presubmit.
...
The changes are (excluding presubmit.py) mechanical. I added the following
lines after the check and iterated the presubmit script until all errors
went away:
f = open(name, "w");
if contents.endswith('\n\n'):
f.write(contents[0:-1])
else:
f.write(contents + '\n')
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/82803005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 13:50:39 +00:00
ulan@chromium.org
21fb1401bd
Restore saved caller FP registers on stub failure
...
and preserve FP registers on NotifyStubFailure.
In debug mode, clobber FP registers on each runtime call to increase
chances of catching such bugs.
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/78283002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 10:21:47 +00:00
yangguo@chromium.org
e5f187995d
Mark flaky debug test as failing.
...
The issues are known. For the time being, we mark it as failing.
R=machenbach@chromium.org
BUG=v8:2921, v8:3005
LOG=N
Review URL: https://codereview.chromium.org/77723008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 17:09:17 +00:00
yangguo@chromium.org
2c7ebfa7f0
Increase precision when finding the remainder after division by pi/2.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/66703005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 15:04:37 +00:00
svenpanne@chromium.org
8f88467bf6
Removed unused --preallocate-message-memory flag.
...
It results in a lot of dead code, and Isolate::PrintStack itself
crashes most of the time when something went wrong earlier.
Furthermore, we have plans do get better information into the
minidump, anyway.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/78003002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 12:35:58 +00:00
danno@chromium.org
06c7620302
Fixed crashes exposed though fuzzing.
...
The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set.
R=yangguo@chromium.org
TEST=test/mjsunit/regress/regress-320948.js
BUG=chromium:320948
LOG=Y
Review URL: https://codereview.chromium.org/72813004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 16:41:07 +00:00
jkummerow@chromium.org
37443768bf
Fix register trashing in Emit*ByteSeqStringSetChar
...
This is currently not observable without --allow-natives-syntax because all internal usages are safe, but it deserves to be fixed nonetheless.
BUG=chromium:320922
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/67103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 12:59:09 +00:00
mvstanton@chromium.org
bff41483dc
Bugfix: dependent code field in AllocationSite was keeping code objects alive even after context death.
...
BUG=320532
LOG=Y
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/62803008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 10:17:33 +00:00
dslomov@chromium.org
6749e57f47
Fix data view accessors to throw execptions on offsets bigger than size_t.
...
R=jkummerow@chromium.org
BUG=v8:3013
LOG=Y
Review URL: https://codereview.chromium.org/74583003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 15:16:22 +00:00
dslomov@chromium.org
cb6e8b334d
Revert "Fix data view accessors to throw execptions on offsets bigger than size_t."
...
This reverts commit r17838 for breaking arm build.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/75213005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 15:05:05 +00:00
dslomov@chromium.org
dd5c7ec89e
Fix data view accessors to throw execptions on offsets bigger than size_t.
...
R=jkummerow@chromium.org
BUG=v8:3013
LOG=Y
Review URL: https://codereview.chromium.org/74583003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 14:58:16 +00:00
dslomov@chromium.org
4228132e74
Use mock ArrayBuffer allocator to avoid really allocating 1Gb.
...
R=jkummerow@chromium.org
BUG=v8:3014
LOG=N
Review URL: https://codereview.chromium.org/61623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 14:50:45 +00:00
dslomov@chromium.org
99133912bd
Generate DataViewInitialize built-in in hydrogen.
...
R=bmeurer@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/66843011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 13:57:49 +00:00
danno@chromium.org
f27f2fa420
Match max property descriptor length to corresponding bit fields
...
BUG=v8:3010
R=verwaest@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/72333004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 11:44:06 +00:00
mstarzinger@chromium.org
ed034b39e5
Fix bogus allocation limit in allocation folding.
...
R=ishell@chromium.org
TEST=mjsunit/allocation-folding
Review URL: https://codereview.chromium.org/73563004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 18:44:59 +00:00
dslomov@chromium.org
7832aab75c
Add suppressions for regress-319722-ArrayBuffer.
...
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/59093007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 17:40:21 +00:00
jkummerow@chromium.org
c9b41c6995
Limit size of dehoistable array indices
...
LOG=Y
BUG=chromium:319835,chromium:319860
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/74113002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 17:24:10 +00:00
dslomov@chromium.org
7936ca39be
Limit the size for typed arrays to MaxSmi.
...
R=jkummerow@chromium.org
LOG=Y
BUG=319722
Review URL: https://codereview.chromium.org/73943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:37:15 +00:00
dslomov@chromium.org
c01aa1fc1f
Revert "Limit the size for typed arrays to MaxSmi."
...
This reverts commit r17798 for allocating too much memroy in tests.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/74093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:25:51 +00:00
dslomov@chromium.org
09ca1318ab
Limit the size for typed arrays to MaxSmi.
...
R=jkummerow@chromium.org
LOG=Y
BUG=319722
Review URL: https://codereview.chromium.org/73943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:09:56 +00:00
verwaest@chromium.org
341d405301
Reland and fix "Add support for keyed-call on arrays of fast elements"
...
BUG=
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/71783003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 10:52:05 +00:00
bmeurer@chromium.org
2ee5aa951c
Fix missing type feedback check for Generic*String addition.
...
TEST=mjsunit/regress/regress-crbug-318671
BUG=318671
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/67473007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 09:13:36 +00:00
rafaelw@chromium.org
bdf78a7ad3
Reland [Object.observe] Don't force normalization of elements for observed objects
...
Original Issue: https://codereview.chromium.org/29353003/
Note that this version of the patch includes logic for bailing out of compiled ArrayPush/ArrayPop calls if the array is observed (see stub-cache-*)
R=danno@chromium.org
BUG=v8:2946
LOG=N
Review URL: https://codereview.chromium.org/68343016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 21:47:39 +00:00
verwaest@chromium.org
93f2ed48d9
Handle all object types (minus smi) in load/store ICs
...
R=ulan@chromium.org
Review URL: https://chromiumcodereview.appspot.com/62953007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 16:25:31 +00:00
machenbach@chromium.org
eef8694a7e
[Sheriff] Revert "Add support for keyed-call on arrays of fast elements"
...
This reverts commit r17746 for breaking layout tests.
TBR=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/72753002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 15:00:13 +00:00
verwaest@chromium.org
607a175cbc
Add support for keyed-call on arrays of fast elements
...
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/23537067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 13:46:18 +00:00
mvstanton@chromium.org
3cf157b43b
Inline zero argument array constructor.
...
patch from issue 54583003 (dependent code).
Zero arguments - very easy
1 argument - three special cases:
a) If length is a constant in valid array length range,
no need to check it at runtime.
b) respect DoNotInline feedback on the AllocationSite for
cases that the argument is not a smi or is an integer
with a length that should create a dictionary.
c) if kind feedback is non-holey, and length is non-constant,
we'd have to generate a lot of code to be correct.
Don't inline this case.
N arguments - one special case:
a) If a deopt ever occurs because an input argument isn't
compatible with the elements kind, then set the
DoNotInline flag.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/55933002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17741 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 12:05:09 +00:00
danno@chromium.org
28ed69b8fb
Fix overflow in TypedArray initialization function
...
BUG=chromium:319120
TEST=test/mjsunit/regress/regress-319120.js
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/61753013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17711 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 06:20:48 +00:00
rossberg@chromium.org
cec8383cff
Provide private symbols through internal APIs
...
Adds a notion of private symbols, mainly intended for internal use, especially, self-hosting of built-in types that would otherwise require new C++ classes.
On the JS side (i.e., in built-ins), private properties can be created and accessed through a set of macros:
NEW_PRIVATE(print_name)
HAS_PRIVATE(obj, sym)
GET_PRIVATE(obj, sym)
SET_PRIVATE(obj, sym, val)
DELETE_PRIVATE(obj, sym)
In the V8 API, they are accessible via a new class Private, and respective HasPrivate/Get/Private/SetPrivate/DeletePrivate methods on calss Object.
These APIs are designed and restricted such that their implementation can later be replaced by whatever ES7+ will officially provide.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/48923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-13 10:34:06 +00:00
yangguo@chromium.org
e83fd01ce6
Reland "Implement Math.sin, cos and tan using table lookup and spline interpolation."
...
This relands r17594 with necessary fixes.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/70003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 14:43:18 +00:00
yangguo@chromium.org
df9665032e
Introduce %_IsMinusZero.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/63423004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 11:53:13 +00:00
bmeurer@chromium.org
6f75e92902
Add initial hydrogenized NewStringAddStub.
...
The new stub is enabled via the --new-string-add flag, which is
disabled by default. For now, it's only a stripped down version
of the native StringAddStub, it's still work-in-progress.
BUG=v8:2990
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/61893009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-12 10:21:08 +00:00
mstarzinger@chromium.org
d5cb83f4aa
Fix invalid reuse of weak global handle in GetScriptWrapper.
...
This fixes a direct usage of a weak global handle in GetScriptWrapper
that just casted it to a strong local handle, while a subsequent GC
might clear it. Handlepocalypse anyone?
R=machenbach@chromium.org
BUG=v8:2988
TEST=mjsunit/regress/regress-2988
Review URL: https://codereview.chromium.org/67273004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-11 16:27:36 +00:00
mstarzinger@chromium.org
c6841f1180
Tame mjsunit/fast-literal after fixing allocations.
...
Not that allocations go through Heap::AllocateRaw and actually respect
the allocation timeout, the runtime of this test spiked. This adjusts
the limit to sane values now that the values are actually respected.
R=mvstanton@chromium.org
TEST=mjsunit/fast-literal
Review URL: https://codereview.chromium.org/63603009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-11 10:22:46 +00:00
ulan@chromium.org
bc4ad49b25
Do not add values to HGraph in Lithium.
...
Lithium uses indexes after the maximium value ID in the HGraph as indexes
of virtual registers and assumes that the maximum value ID does not change.
The IsStandardConstant and GetConstantXX functions could add constants to
HGraph, which aliased virtual registers with real values. This could confuse
the register allocator to think that a value in a virtual register is tagged
and to incorrectly set it in the pointer map.
BUG=298269
TEST=mjsunit/regress/regress-298269.js
R=verwaest@chromium.org
Review URL: https://chromiumcodereview.appspot.com/66693002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 14:16:34 +00:00
yangguo@chromium.org
9f104a1a3e
Revert "Implement Math.sin, cos and tan using table lookup and spline interpolation."
...
This reverts commit r17594.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/59153007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 13:44:27 +00:00
yangguo@chromium.org
063b7c4ebb
Implement Math.sin, cos and tan using table lookup and spline interpolation.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/50563003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 13:10:39 +00:00
mstarzinger@chromium.org
59536de77d
Make HCapturedObjects non-deletable for DCE.
...
R=jkummerow@chromium.org
BUG=v8:2987
TEST=mjsunit/regress/regress-2987
Review URL: https://codereview.chromium.org/64433002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 16:07:19 +00:00
verwaest@chromium.org
dccc06e132
Disable stress-gc for memento-related test.
...
R=mvstanton@chromium.org
Review URL: https://chromiumcodereview.appspot.com/64003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17559 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 12:20:45 +00:00
yangguo@chromium.org
eb550c6da4
Fix y-umlaut to uppercase.
...
R=dcarney@chromium.org
BUG=v8:2984
Review URL: https://codereview.chromium.org/59853006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 09:08:34 +00:00
mvstanton@chromium.org
cec8548d0e
Correct handling of arrays with callbacks in the prototype chain.
...
Our generic KeyedStoreIC doesn't handle the case when a callback is
set on array elements in the prototype chain of the object, nor do
we recognize that we need to avoid the monomorphic case if these
callbacks exist.
This CL addresses the issue by looking for dictionary elements in
the prototype chain on IC misses and crankshaft element store
instructions. When found, the generic IC is used. The generic IC is
changed to go to the runtime in this case too.
In general, keyed loads are immune from this problem because they
won't return the hole: discovery of the hole goes to the runtime where
the callback will be found in the prototype chain. Double array loads
in crankshaft can return the hole but only if the prototype chain is
unaltered (we will catch such alterations).
Includes the following patch as well (already reviewed by bmeurer):
Performance regression found in test regress-2185-2.js. The problem was
that the bailout method for TransitionAndStoreStub was not performing
the appropriate transition.
(Review URL for the ElementsTransitionAndStoreIC_Miss change:
https://codereview.chromium.org/26911007 )
R=danno@chromium.org
Review URL: https://codereview.chromium.org/35413006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17525 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 15:45:43 +00:00
bmeurer@chromium.org
980739a29c
Improve implementation of HSeqStringSetChar.
...
This improves the generated code for HSeqStringSetChar across
all platforms, taking advantage of constant operands whenever
possible. It also drops the unused DefineSameAsFirst constraint
for the register allocator on x64 and ia32, where it caused
unnecessary spills when the string operand was live across the
HSeqStringSetChar instruction.
A new GVN flag StringChars is introduced to express dependencies
between HSeqStringSetChar, HStringCharCodeAt and the upcoming
HSeqStringGetChar (the GVNFlags type is now 64bit in size).
Also improves the test case.
TEST=mjsunit/string-natives
R=mstarzinger@chromium.org , yangguo@chromium.org
Review URL: https://codereview.chromium.org/57383004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17521 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 13:09:22 +00:00
rafaelw@chromium.org
13f722cae4
[Object.observe] rename intrinsic change record types for consitency.
...
Note the spec now reflects the updated naming:
http://wiki.ecmascript.org/doku.php?id=harmony:observe_spec_changes
R=rossberg@chromium.org , rossberg
BUG=v8:2940
Review URL: https://codereview.chromium.org/46043020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 12:14:24 +00:00
machenbach@chromium.org
4539c6ba5f
[Sheriff] Mark flaky test on windows.
...
It was marked as flaky on linux nosnap, arm and nacl before. Now it's marked universally flaky since windows joined the list.
BUG=v8:2921
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/54713002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 19:29:58 +00:00
yangguo@chromium.org
371265eec4
Revert "Handlify concat string and substring."
...
This reverts r17490.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/59973004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 15:36:15 +00:00
yangguo@chromium.org
23d085c691
Handlify concat string and substring.
...
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/50073005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 14:07:07 +00:00
yangguo@chromium.org
a5ed9a71c8
Correctly load message from an Error object.
...
R=mstarzinger@chromium.org
BUG=306220
Review URL: https://codereview.chromium.org/46593010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 13:04:51 +00:00
rafaelw@chromium.org
e78081ca1c
Make Object.freeze/seal/preventExtensions observable
...
Note: spec has been updated here: http://wiki.ecmascript.org/doku.php?id=harmony:observe_spec_changes .
R=rossberg@chromium.org , rossberg
BUG=v8:2975,v8:2941
Review URL: https://codereview.chromium.org/47703003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 12:25:32 +00:00
rafaelw@chromium.org
4a8319c7c6
[Object.observe] Implement implicit notification from performChange
...
R=arv@chromium.org , rossberg@chromium.org , rossberg
BUG=v8:2942
Review URL: https://codereview.chromium.org/36313002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17476 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 11:23:08 +00:00
jkummerow@chromium.org
2ebfd6e90e
Add missing negative dictionary lookup to NonexistentHandlerFrontend
...
BUG=v8:2980
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/57433003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-04 14:14:09 +00:00
machenbach@chromium.org
3e6044d3f3
[Sheriff] Mark failing test for nacl port.
...
BUG=v8:2978
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/50333005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-31 11:51:59 +00:00
machenbach@chromium.org
230b47a63b
[Sheriff] Mark flaky test.
...
BUG=v8:2921
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/54423002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-31 11:48:31 +00:00
jkummerow@chromium.org
316271fc35
Fix uint32-to-smi conversion in Lithium
...
BUG=chromium:309623
R=vegorov@google.com , yangguo@chromium.org
Review URL: https://codereview.chromium.org/54393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-31 10:18:51 +00:00
yangguo@chromium.org
3f1a833524
Do not remove HAdd with zero if the other operand is a double.
...
The other operand might be minus zero, and -0 + 0 = +0
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/52173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17432 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-30 10:22:52 +00:00
jkummerow@chromium.org
9e88c23cbf
ia32: Fix comparisons of two constant double operands when exactly one of them is in new space.
...
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/46883008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-29 14:34:07 +00:00
svenpanne@chromium.org
acb06df0e9
Tune mjsunit/compiler/expression-trees.
...
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/43703002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17404 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-28 07:24:19 +00:00
svenpanne@chromium.org
ee87c867e9
Tune mjsunit/array-functions-prototype-misc
...
Again, this brings testing times down quite a bit without losing test
coverage.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/44143003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-28 07:23:27 +00:00
mvstanton@chromium.org
a85c825bb9
The Elements pointer in a JSObject can have a filler map instead of a
...
valid fixed array, iff a gc occurred while allocating a fixed array as
part of array construction. Heap verification needs protection against
examining the elements object in this case.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/43383004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-25 12:26:47 +00:00
yangguo@chromium.org
7dd2d6c590
Reland "Make Array.prototype.pop throw if the last element is not configurable."
...
This relands r17346.
R=machenbach@chromium.org
BUG=311164
Review URL: https://codereview.chromium.org/43923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-25 11:55:56 +00:00
svenpanne@chromium.org
2e2579da1b
Tune mjsunit/regexp-global.
...
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/42993004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-25 08:57:50 +00:00
svenpanne@chromium.org
c2596a257c
Temporarily disable mjsunit/regress/regress-2612 to make our tree green again.
...
TBR=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/40203002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 13:30:40 +00:00
svenpanne@chromium.org
7fb61a78d4
Tune mjsunit/regress/regress-2612.
...
Lower the bounds to something bearable which would still timeout if we
used a quadratic algorithm.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/39863003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 13:07:16 +00:00
bmeurer@chromium.org
56a46e591b
Add performance.now() to the d8 shell.
...
TEST=mjsunit/d8-performance-now
R=hpayer@chromium.org
Committed: https://code.google.com/p/v8/source/detail?r=17366
Committed: https://code.google.com/p/v8/source/detail?r=17368
Review URL: https://codereview.chromium.org/32433010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 12:25:40 +00:00
bmeurer@chromium.org
bef9819190
Revert "Fix shared library build after r17368." and "Add performance.now() to the d8 shell.".
...
This reverts commit r17372 and r17368 for breaking the shared
library build.
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/40043002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 12:16:00 +00:00
bmeurer@chromium.org
0a90cab56a
Add performance.now() to the d8 shell.
...
TEST=mjsunit/d8-performance-now
R=hpayer@chromium.org
Committed: https://code.google.com/p/v8/source/detail?r=17366
Review URL: https://codereview.chromium.org/32433010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 10:48:18 +00:00
bmeurer@chromium.org
67b4eb9ac1
Revert "Add window.performance.now() to the d8 shell."
...
This reverts commit r17366 for breaking the mozilla tests.
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/38753006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17367 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 10:42:02 +00:00
bmeurer@chromium.org
d07231021e
Add window.performance.now() to the d8 shell.
...
TEST=mjsunit/d8-performance-now
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/32433010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 09:27:17 +00:00
svenpanne@chromium.org
f2122438e0
Removed long-running obselete test case.
...
The test was the 2nd longest-running test case in debug mode, and the
stuff it tests has already been moved long ago to some other place,
which is in turn heavily tested by far simpler and faster things
(%TruncateString etc.).
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/39233003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 08:09:32 +00:00
yangguo@chromium.org
0f564cb1b0
Revert "Make Array.prototype.pop throw if the last element is not configurable."
...
This reverts commit r17346.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/39593002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 07:48:23 +00:00
yangguo@chromium.org
e25920da19
Make Array.prototype.pop throw if the last element is not configurable.
...
Popping an element from an array should call [[Delete]] internal method
and pass true as the second argument (ECMA-262/5.1/#sec-15.4.4.6).
When the last element can't be deleted, throw a Type Error.
Not throwing the error would result in endless loop in the following test.
TEST=var a=[];Object.defineProperty(a,0,{});while(a.length)a.pop();
By the way fix another bug, or else i can't post any issues.
"presubmit.py" throw a "missing a correct copyright header" on windows.
Both the slash and the backslash are valid path separator on windows.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/29513004
Patch from Yanagi <admin@web-tinker.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 16:19:24 +00:00
jkummerow@chromium.org
8259439ae8
Fix HObjectAccess for loads from migrating prototypes
...
BUG=chromium:305309
R=danno@chromium.org
Review URL: https://codereview.chromium.org/35173005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17345 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 15:15:15 +00:00
hpayer@chromium.org
fbaf016b6d
Add a soft-deopt in keyed element access when current IC is pre-monomorphic and no type feedback was collected.
...
BUG=
R=danno@chromium.org
Review URL: https://codereview.chromium.org/32643004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 10:41:21 +00:00
mstarzinger@chromium.org
be3ed75ff3
Fix materialization of captured objects with field tracking.
...
R=titzer@chromium.org
BUG=chromium:298990
TEST=mjsunit/compiler/escape-analysis-representation
Review URL: https://codereview.chromium.org/35133003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-22 13:48:54 +00:00
svenpanne@chromium.org
d65cc1e21b
Temporarily deactive regress-2185-2 until our array handling is in good shape again.
...
BUG=v8:2950
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/30443005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-22 13:02:04 +00:00
svenpanne@chromium.org
dd74f5aa08
Removed obsolete unit tests.
...
As discussed offline, these tests don't test what they were supposed to
test anymore and were the longest running ones.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/32433009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-22 11:26:07 +00:00
titzer@chromium.org
a255312491
Handle misaligned loads and stores in load elimination. Do not track misaligned loads and be conservative about invalidating misaligned stores. Add more tests for number conversion to string (NumberToStringStub exhibits misaligned loads)
...
BUG=v8:2934
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/28383003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-21 13:33:03 +00:00
yangguo@chromium.org
2d6dab1f2e
Harmony: implement Math.trunc.
...
BUG=v8:2938
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/28793002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17286 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-21 11:15:11 +00:00
yangguo@chromium.org
575438518c
Harmony: implement Math.sign.
...
R=dslomov@chromium.org
BUG=v8:2938
Review URL: https://codereview.chromium.org/28723002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-21 09:16:31 +00:00
titzer@chromium.org
4d0f2cdd3b
Implement global load elimination based on flow engine.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/27148004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-18 14:28:24 +00:00
rafaelw@chromium.org
ce2c9b1db1
Prevent changes to hidden properties from being observable via Object.observe
...
This addresses the leak that mstarzinger points out (https://codereview.chromium.org/26390003/ ) and includes the test.
Note that this adds a test that observing changes to the empty-string property remains possible.
BUG=
R=mstarzinger@chromium.org , rossberg@chromium.org
Review URL: https://codereview.chromium.org/26592012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-17 20:49:45 +00:00
svenpanne@chromium.org
882778bf09
Make it possible to run a test only in the standard variant.
...
Use this for mjsunit/unicode-case-overoptimization, which is not
related to Crankshaft at all and takes ages.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/27704002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-17 13:09:28 +00:00
mstarzinger@chromium.org
0a2b4ecdcc
Add regression test for optimized count operation.
...
This is a regression test for a bug with handling of count operations
that target a JavaScript accessor on the prototype chain in Crankshaft.
R=jkummerow@chromium.org
BUG=chromium:306851
TEST=mjsunit/regress/regress-crbug-306851
Review URL: https://codereview.chromium.org/27702002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-17 12:48:28 +00:00
mstarzinger@chromium.org
3e0f828b8f
Revert "TransitionAndStoreStub bailout needs to transition (and store)."
...
This reverts commit r17216 breaking fast/js/cross-frame-bad-time.html test.
R=mvstanton@chromium.org
TEST=webkit:fast/js/cross-frame-bad-time.html
Review URL: https://codereview.chromium.org/27516002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-16 14:17:31 +00:00
mvstanton@chromium.org
8f9f192f6e
AllocationSites for all literals
...
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/24250005
Review URL: https://codereview.chromium.org/27366003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-16 08:10:36 +00:00
mvstanton@chromium.org
f4edc076d8
Revert "AllocationSites for all literals"
...
This reverts commit r17219 due to WebKit failures.
R=mstarzinger@chromium.org
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/26539010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 15:35:23 +00:00
mvstanton@chromium.org
362c0cfbca
AllocationSites for all literals
...
BUG=
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/24250005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 14:52:58 +00:00
mvstanton@chromium.org
3769a2d24d
TransitionAndStoreStub bailout needs to transition (and store).
...
Performance regression found in test regress-2185-2.js. The problem was
that the bailout method for TransitionAndStoreStub was not performing
the appropriate transition.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/26911007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17216 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 12:42:03 +00:00
dslomov@chromium.org
5ccd697875
Do not look up ArrayBuffer on global object in typed array constructor.
...
BUG=v8:2931
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/27238009
Patch from Ben Noordhuis <info@bnoordhuis.nl>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 11:27:12 +00:00
yangguo@chromium.org
71ba8c5fb4
Retire concurrent recompilation delay for non-stress testing.
...
Instead, we block concurrent recompilation until unblocked. This makes
affected tests more predictable and run shorter.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/26758003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-14 14:15:22 +00:00
olivf@chromium.org
93d4fbd2ee
Truncate booleans to 0/1 in truncating t-to-i.
...
Thanks to weiliang.lin2@gmail.com for discovering the issue.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/26824002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-11 15:13:12 +00:00
mstarzinger@chromium.org
f878c1c359
Fix pre-parsing of 'use strict' directive after string literals.
...
R=ulan@chromium.org
TEST=mjsunit/regress/regress-parse-use-strict
Review URL: https://codereview.chromium.org/27025002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-11 14:03:54 +00:00
olivf@chromium.org
4b6d0e33f2
Only set binary operation side effects flags, when observable.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/26712002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 16:49:25 +00:00
mstarzinger@chromium.org
63d8abb6c6
Unify and fix checkers for duplicate object literal properties.
...
R=ulan@chromium.org
TEST=preparser/duplicate-property,mjsunit/regress/regress-parse-object-literal
Review URL: https://codereview.chromium.org/26375004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 11:58:16 +00:00
mvstanton@chromium.org
59c8d36c00
Revert "Debug: Allow stepping into on a given call frame."
...
This reverts commit r17095.
There were test failures (flaky).
BUG=chromium:296963
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/26703009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 09:05:28 +00:00
dslomov@chromium.org
380d0ca582
Implement ArrayBuffer.isView.
...
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/25700010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17121 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 08:36:44 +00:00
yurys@chromium.org
ce61a704e3
Debug: Allow stepping into on a given call frame.
...
BUG=chromium:296963
R=yangguo@chromium.org , yurys
Review URL: https://codereview.chromium.org/25605005
Patch from Andrey Adaikin <aandrey@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-03 07:42:44 +00:00
olivf@chromium.org
24c2336d75
Inline some more compare operations.
...
BUG=
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/25009003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-02 18:15:57 +00:00
bmeurer@chromium.org
81e4550796
Always use timeGetTime() for TimeTicks::Now() on Windows.
...
This way, we also ensure that timeGetTime() is used for Time::Now(),
and thereby Date.now() even if GetTickCount64() is available.
Also add test coverage for Time::Now(), TimeTicks::Now() and
TimeTicks::HighResNow().
BUG=chromium:288924
TEST=cctest/test-timer
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/25468003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17080 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-02 13:30:31 +00:00
verwaest@chromium.org
7e0ea6ab46
Only fold polymorphic into monomorphic load if all load from either receiver or same prototype.
...
R=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/25718002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-02 13:24:08 +00:00
mvstanton@chromium.org
81557f21fc
Use a walking visitor to traverse JSObject structure. The purpose is to prepare for more complex context-dependent walks of the structure, needed for allocation site and pretenuring work. Different visitors can be created that annotate the object in various ways.
...
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/25025002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-30 11:36:50 +00:00
hpayer@chromium.org
8f60f65bdf
Disable gc stress mode for mjsunit timer test.
...
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/24979002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-27 11:04:16 +00:00
mstarzinger@chromium.org
9c3ffc4f58
Fix replaying of HCapturedObject for nested objects.
...
R=titzer@chromium.org
TEST=mjsunit/compiler/property-refs,mjsunit/compiler/escape-analysis
Review URL: https://codereview.chromium.org/24561002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-26 15:28:46 +00:00