AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
6,486 Commits 1 Branch 0 Tags 839 MiB
6f66664386
Commit Graph

1069 Commits

Author SHA1 Message Date
ager@chromium.org
19b718fe73 Pass undefined to JS builtins when called with implicit receiver. 
A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.

R=lrn@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js

Review URL: http://codereview.chromium.org/7068009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 11:07:48 +00:00
lrn@chromium.org
02c4e8bfcb Make RegExp objects not callable. 
Review URL: http://codereview.chromium.org/6930006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 07:35:09 +00:00
erik.corry@gmail.com
fbf76fc86a Fix GC-unsafe corner case in bit-not on ARM 
Review URL: http://codereview.chromium.org/6987009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8055 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-25 10:35:00 +00:00
ricow@chromium.org
f675db651d Change calls to undefined property setters to not throw (fixes issue 1355). 
We currently throw when there is only a getter defined on the
property, but this should only be the case in strict mode.
Review URL: http://codereview.chromium.org/7064027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-25 08:37:38 +00:00
ager@chromium.org
6f775f2fb0 Fix calls of strict mode function with an implicit receiver. 
Only IA32 version for now. I'll start porting.

Strict mode functions are to get 'undefined' as the receiver when
called with an implicit receiver. Modes are bad! It forces us to have
checks on all function calls.

This change attempts to limit the cost by passing information about
whether or not a call is with an implicit or explicit receiver in ecx
as part of the calling convention. The cost is setting ecx on all
calls and checking ecx on entry to strict mode functions.

Implicit/explicit receiver state has to be maintained by ICs. Various
stubs have to not clobber ecx or save and restore it.

CallFunction stub needs to check if the receiver is implicit when it
doesn't know from the context.

Review URL: http://codereview.chromium.org/7039036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 14:01:36 +00:00
sgjesse@chromium.org
eff2946b9b Handle changes to the Object prototype in fast handling of arrays 
R=ager@chromium.org

BUG=v8:1403
TEST=test/mjsunit/regress/regress-1403.js

Review URL: http://codereview.chromium.org//7067019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 12:28:10 +00:00
ricow@chromium.org
ab67432ed0 Change strict mode poison pill to be the samme type error function (fixes issue 1387). 
We are now following the spec, and with regards to the error message we are following firefox (webkit still has different type errors in their nightly)
Review URL: http://codereview.chromium.org/7067017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 11:07:06 +00:00
sgjesse@chromium.org
fbd106d9cd MIPS: arch-independent changes to support mips. 
This change supports all non-crankshaft features except serialization.

This must be built after the changes in http://codereview.chromium.org/6966031
are landed.

BUG=
TEST=

Review URL: http://codereview.chromium.org//7039058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 07:56:20 +00:00
danno@chromium.org
780df33019 SMI checks for receiver in KeyedLoad/Store (done right this time) 
R=ager@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7059013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7998 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-23 13:42:33 +00:00
sgjesse@chromium.org
825a433900 Add regression test for issue 1401 
R=ager@chromium.org

BUG=v8:1401
TEST=test/regress/regress-1401.js

Review URL: http://codereview.chromium.org//7062002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-23 13:03:45 +00:00
ager@chromium.org
98778dc802 Remove execScript from V8. No longer present i neither Firefox nor Safari. 
R=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7046002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-19 08:10:27 +00:00
vegorov@chromium.org
7fba506f23 Add regression test for http://crbug.com/82769 
Review URL: http://codereview.chromium.org/7034025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-18 12:46:21 +00:00
fschneider@chromium.org
66911961cf Fix bug in optimized compiler's switch-statement. 
In the case where the default-clause occurs as the first clause,
the case-blocks were not wired up correctly.

BUG=v8:1394
TEST=mjsunit/compiler/regress-1394.js
Review URL: http://codereview.chromium.org/7037023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-18 11:06:07 +00:00
whesse@chromium.org
0eca2b4fc1 Fix error in postfix ++ in Crankshaft. 
Add HForceRepresentation, to represent the implicit ToNumber applied to the input of a count operation.

BUG=v8:1389

TEST=

Review URL: http://codereview.chromium.org/7033008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-17 11:41:59 +00:00
danno@chromium.org
daa1be1226 Support conversion of clamped double values for pixel arrays in Crankshaft. 
BUG=1313
TEST=test/mjsunit/external-array.js

Review URL: http://codereview.chromium.org/7014033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-16 14:10:56 +00:00
sgjesse@chromium.org
230a56abda Limit the number of local variables in a function 
Review URL: http://codereview.chromium.org//7003030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-16 08:27:52 +00:00
ricow@chromium.org
964dbff40d Only send null or undefined as receiver for es5 natives, not generally 
for builtin functions.
Review URL: http://codereview.chromium.org/7012012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-13 07:26:44 +00:00
ager@chromium.org
8a0b1f5bc9 Allow closures to be optimized if outer contexts that call eval are all in strict mode. 
R=kmillikin@chromium.org
BUG=
TEST=mjsunit/compiler/eval-introduced-closure.js

Review URL: http://codereview.chromium.org/6993008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-11 11:26:11 +00:00
ricow@chromium.org
7f8a918f08 Allow strict mode flag as extraicstate for keyed external array store ic 
We currently hit an assertion in computeflags, but the extra_ic_state is used to pass the strict mode flag in.

BUG: 1383
Review URL: http://codereview.chromium.org/7003022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-11 08:53:46 +00:00
jkummerow@chromium.org
944a388412 Avoid using a register for constant external array indices. 
This CL is based on and obsoletes CL 6879037.

TEST=mjsunit/external-array.js

Review URL: http://codereview.chromium.org/6902112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-10 15:25:17 +00:00
jkummerow@chromium.org
1eedd8056d Fix timeout of test regress-1118.js 
TEST=mjsunit/regress/regress-1118.js no longer times out when run in the ARM simulator.

Review URL: http://codereview.chromium.org/6994010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-10 15:07:30 +00:00
jkummerow@chromium.org
89c64653bf Expose optimization info via runtime functions 
TEST=mjsunit/assert-opt-and-deopt.js

Review URL: http://codereview.chromium.org/6879108

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-09 08:58:57 +00:00
ager@chromium.org
0961b1a936 Check that receiver is JSObject on API calls. 
R=sgjesse@chromium.org
BUG=v8:1369
TEST=mjsunit/regress/regress-1369.js

Review URL: http://codereview.chromium.org/6931056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-06 14:14:16 +00:00
karlklose@chromium.org
d43066050a Replace loops by OptimizeFunctionOnNextCall in regress-1085 and regress-1210. 
Review URL: http://codereview.chromium.org/6938001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-06 09:10:28 +00:00
ricow@chromium.org
e0eb110130 Reapply 7763, including arm and x64 variants. 
The only difference to revision 7763 is the implementation in the
builtins file for arm and x64, plus a move of Array.prototype.toString
and Array.prototype.toLocaleString from should throw on null or
undefined to the non generic test cases in the function-call test (due
to us not currently supporting generic cases with these to functions)
Review URL: http://codereview.chromium.org/6928007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-05 05:21:30 +00:00
ricow@chromium.org
797cbc68b7 Delete empty test/mjsunit/function-call.js file 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 14:20:19 +00:00
karlklose@chromium.org
8b917d4d96 Replace long running loops by OptimizeFunctionOnNextCall in some tests that are often timing out on ARM. 
Review URL: http://codereview.chromium.org/6910022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 13:53:08 +00:00
ricow@chromium.org
4d890da191 Revert 7763, missing implementation on x64 and arm for call and apply with null or undefined. 
Review URL: http://codereview.chromium.org/6913024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 13:45:19 +00:00
ricow@chromium.org
2b730c2bf6 Don't exchange null and undefined with the global object in function.prototype.{call, apply} for natives. 
This makes us compatible with firefox in throwing an exception when
call is invoked on a builtin with null as the this argument.
Review URL: http://codereview.chromium.org/6902104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 13:19:04 +00:00
lrn@chromium.org
569574b7bf Fix implementation of == to correctly convert Date objects to primitives. 
Fix issue 1356

BUG=v8:1356
TEST=mjsunit/double-equals

Review URL: http://codereview.chromium.org/6912021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7761 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 12:15:14 +00:00
lrn@chromium.org
d1411602a7 Don't allow whitespace after sign characters in parseInt. 
BUG=v8:955
TEST=mjsunit/regress/regress-955

Review URL: http://codereview.chromium.org/6903171

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-03 07:11:17 +00:00
ager@chromium.org
ccafbca61d Use JSON.parse instead of eval for the debugger JSON protocol. 
R=sgjesse@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/6903172

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7748 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-02 14:20:34 +00:00
kmillikin@chromium.org
1af840ad4c Be more discriminating about uses of the arguments object in optimized code. 
Because we track the value of the arguments object, we need to check
values whenever plugged into a forbidden value context.  It is not
enough to check at only variable references as we did previously.

R=fschneider@chromium.org
BUG=1351
TEST=regress-1351.js

Review URL: http://codereview.chromium.org/6902202

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-02 11:35:51 +00:00
mmaly@chromium.org
796ac25a4f Strict mode eval declares its locals in its own environment. 
BUG=
TEST=strict-mode.js

Review URL: http://codereview.chromium.org/6883200

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-29 15:31:39 +00:00
lrn@chromium.org
f470cf2777 Handle join of sparse arrays with non-empty separator more efficiently. 
BUG=v8:1028

Review URL: http://codereview.chromium.org/6902144

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-29 08:53:36 +00:00
vegorov@chromium.org
1c950e04cc Fix missing writebarrier in ArraySplice builtin. 
Review URL: http://codereview.chromium.org/6883227

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-28 16:03:40 +00:00
kmillikin@chromium.org
dc28280a82 Fix a bug in a corner case of direct eval detection. 
The corner case is calling a function named 'eval' that is looked up at
runtime and found in a non-global context (but not an extension object).
The bug is that we used the function itself as the receiver rather than
using the global object.

R=ager@chromium.org
TEST=has been added to the eval mjsunit test

Review URL: http://codereview.chromium.org/6893057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-28 05:04:48 +00:00
jkummerow@chromium.org
bc8f6943bb Support Float64Arrays 
BUG=None
TEST=mjsunit/external-arrays.js; updated cctest; existing unit tests

Review URL: http://codereview.chromium.org/6879009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-21 07:15:43 +00:00
karlklose@chromium.org
3b6fe22c4d Make throw inlineable only if the exception is inlineable. 
BUG=1337
TEST=regress-1337

Review URL: http://codereview.chromium.org/6881079

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-20 09:15:52 +00:00
yurys@chromium.org
5d70a291fe Fix debuger evaluation on a breakpoint inside eval 
Corresponding Chromium issue: http://code.google.com/p/chromium/issues/detail?id=74412
Review URL: http://codereview.chromium.org/6875005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-15 14:09:45 +00:00
lrn@chromium.org
7aec228dbb Cleanup of mjsunit.js code and make assertEquals more strict. 
Encapsulate the helper functions in mjsunit.js.
Now only exposes the exception class and the assertXXX functions.

Make assertEquals use === instead of ==.
This prevents a lot of possiblefalse positives in tests, and avoids
having to do assertTrue(expected === actual) when you need it.

Fixed some tests that were either buggy or assuming == test.

Review URL: http://codereview.chromium.org/6869007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-15 11:35:36 +00:00
karlklose@chromium.org
dab8f48ebc ARM: Implement correct rounding in the lithium codegenerator. 
This patch provides testing for values that have a fraction part of 0.5 and uses a different rounding method for them. The original method of VFPTruncating the value with round-to-nearest is not correct because it does not round to the larger number in case of a tie.

BUG=http://code.google.com/p/v8/issues/detail?id=958

Review URL: http://codereview.chromium.org/6840051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-15 11:29:01 +00:00
ricow@chromium.org
cfb5a7ee78 Reapply 7581, Fix tools/test.py to allow CTRL+C to work correctly again. 
Buildbot now has python 2.6

Also, remove some semicolons.
Review URL: http://codereview.chromium.org/6871007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-15 09:41:09 +00:00
lrn@chromium.org
3bbcab1ca9 X64: Use roundsd for DoMathFloor. 
TEST=mjsunit/math-floor

Review URL: http://codereview.chromium.org/6835021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-14 09:05:43 +00:00
whesse@chromium.org
98c17a2bf3 Adjust mjsunit.status to account for math-round test passing on ARM when crankshaft is disabled. 
Review URL: http://codereview.chromium.org/6840013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-13 14:03:24 +00:00
fschneider@chromium.org
9783526239 Enable inlining functions containing throw. 
After Kevin's change to the graph builder to allow aborting graph construction
inside arbitrary expressions this just works.

BUG=v8:1143
Review URL: http://codereview.chromium.org/6839017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7605 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-13 13:09:58 +00:00
lrn@chromium.org
caee8a3ccf Fix Math.round in runtime.cc and x64 optimized code. 
Make math-round.js test check both normal and optimized version.
Add some cases to the tests.

BUG=v8:958
TEST=mjsunit/math-round

Review URL: http://codereview.chromium.org/6837018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-13 09:35:56 +00:00
jkummerow@chromium.org
1d774ac5ca Fix load/store of external float arrays on ARM 
BUG=1323
TEST=mjsunit/regress/regress-1323.js, run with simulator=arm

Review URL: http://codereview.chromium.org/6822054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-12 15:20:26 +00:00
ricow@chromium.org
6baa8a2bde Revert 7581, you can't have try except finally toghetter until python 2.5 
We have some 2.4 versions on the windows buildbots, I will try to have these updated and reapply.
Review URL: http://codereview.chromium.org/6821069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-12 07:46:17 +00:00
ricow@chromium.org
7c0b1af4d7 Fix tools/test.py to allow CTRL+C to work correctly again. 
This also changes the AfterRun functions to allow None as the passed in parameter.
Review URL: http://codereview.chromium.org/6824040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-12 06:26:38 +00:00
jkummerow@chromium.org
ed968b1042 Introduce runtime function %OptimizeFunctionOnNextCall to manually trigger optimization. 
TEST=existing unit tests still pass

Review URL: http://codereview.chromium.org/6821009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-11 13:24:50 +00:00
mmaly@chromium.org
164e3a4173 Strict mode fixes. 
- mutual inlining strict and non-strict functions in crankshaft.
- assignment to undefined variable with eval in scope.
- propagation of strict mode through lazy compilation.

BUG=
TEST=test/mjsunit/strict-mode.js test/mjsunit/strict-mode-opt.js

Review URL: http://codereview.chromium.org/6814012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-08 14:30:10 +00:00
vegorov@chromium.org
8a8d3bbbee In LCodeGen::DoDeferredLInstanceOfKnownGlobal emit safepoint with registers for the call to stub. 
Review URL: http://codereview.chromium.org/6793017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-07 13:32:45 +00:00
jkummerow@chromium.org
adf509f159 Make "length" and "BYTES_PER_ELEMENT" properties of typed arrays accessible. 
Review URL: http://codereview.chromium.org/6805010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-07 08:24:56 +00:00
yurys@chromium.org
c2e7beb952 Debugger: show local scope before with for functions created inside with block 
Review URL: http://codereview.chromium.org/6804015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-06 17:54:39 +00:00
peterhal@chromium.org
e3d788329a 1309 fix 
BUG=
TEST=

Review URL: http://codereview.chromium.org/6800018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-06 16:22:06 +00:00
jkummerow@chromium.org
348a4e44f5 Add regression test for overlapping key and value registers. 
Review URL: http://codereview.chromium.org/6804007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-06 11:01:07 +00:00
sgjesse@chromium.org
1244225ba8 Extend crankshaft support for global stores 
All global stores are now supported in crankshaft by using the normal store IC when other optimizations are not possible due to the state of the global object.

R=fschneider@chromium.org

BUG=
TEST=

Review URL: http://codereview.chromium.org//6693066

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-04 15:03:34 +00:00
sgjesse@chromium.org
1e8079fcc9 Increase coverage of global loads in optimized code 
In the cases where a global property cell cannot be used in the optimized code
use standard load ic to get the property instead of bailing out.

This is re-committing r7212 and r7215 which where reverted in r7239 with the addition of recoring the source position in the hydrogen code for the LoadGlobalCell instruction. To record that position an optional position field has been added to the variable proxy AST node.
Review URL: http://codereview.chromium.org/6758007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-01 11:54:04 +00:00
vegorov@chromium.org
ae65366f0b Fix SlotRef::SlotAddress for parameters indices. 
Fix %NewObjectFromBound to correctly handle optimized frames (including those with inlined functions).

Fix %_IsConstructCall handling in hydrogen: when called from inlined function return false constant directly instead of emiting HIsConstructCall.

Fix success case in TraceInline.

BUG=v8:1229
TEST=test/mjsunit/regress/regress-1229.js

Review URL: http://codereview.chromium.org/6740023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-04-01 11:41:36 +00:00
ricow@chromium.org
b4bae54ef2 Decrease number of runs in mjsunit/compiler/pic.js (Test still gets optimized, even without --stress-opt) 
Review URL: http://codereview.chromium.org/6731049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7414 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-29 13:20:05 +00:00
sgjesse@chromium.org
1eb224c2a2 ARM: Check for minus zero when converting binary operation result to smi 
The result of an Int32 binary operation will be converted to a smi if it fits. However a minus zero check was missing.

BUG=v8:1278
TEST=test/mjsunit/regress/regress-1278.js

R=ager@chromium.org
Review URL: http://codereview.chromium.org/6755009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-29 07:43:27 +00:00
ricow@chromium.org
e0c7d3cf08 Run array-length less times to make the builder green. 
We still get this method optimized even without --always-opt flag.
Review URL: http://codereview.chromium.org/6719029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-28 08:51:08 +00:00
ricow@chromium.org
fb6d7e17df Follow jsc on not throwing when trying to add a property to a non-extensible object. 
This change makes us compatible with Safari on not throwing when trying to add a property to a non-extensible object. 
Review URL: http://codereview.chromium.org/6712059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-28 06:11:08 +00:00
lrn@chromium.org
40f9a7db8e Fix test that can fail for small denormals. 
Review URL: http://codereview.chromium.org/6736027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7373 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-25 14:03:42 +00:00
lrn@chromium.org
1a15a9e6a9 Fix typo in math-sqrt.js 
Review URL: http://codereview.chromium.org/6696109

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7372 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-25 13:48:17 +00:00
lrn@chromium.org
0c6fbad874 Add more tests to mul-exhaustive for constant left/right operands. 
Make MJSUnit able to distinguish 0 and -0.

Review URL: http://codereview.chromium.org/6688062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-25 13:24:20 +00:00
fschneider@chromium.org
e6cbf659d1 Fix bug that caused invalid code motion for certain loads instructions. 
The dependency flags of instructions depending on a previous check have to
be a super-set of the flags of the check instructions.
Review URL: http://codereview.chromium.org/6730025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7343 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-24 11:37:24 +00:00
ager@chromium.org
a7d44c49a5 Add regression test. 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-24 11:03:08 +00:00
mmaly@chromium.org
7346fbba81 Implement poison pill for non-strict mode function.caller 
when caller is strict mode function.

Review URL: http://codereview.chromium.org/6713059/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-23 03:45:48 +00:00
mikhail.naganov@gmail.com
cbbe713464 Change the way sampler / profiler handle external callbacks. 
This should fix test-profile-generator/RecordStackTraceAtStartProfiling flakinness.

R=vitalyr@chromium.org
BUG=1261
TEST=test-profile-generator/RecordStackTraceAtStartProfiling

Review URL: http://codereview.chromium.org/6708056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-21 18:13:27 +00:00
ricow@chromium.org
4bb55fd341 Change cctests to use variant flags as part of the name for the serilization file. 
Because we run all tests three times with different variant flags (to
test crankshaft) we might end up in a situation where we try to write
to the same serilization file from two different threads
simultaneously. The patch concats the variant flags at the end of the
serialization file name.
Review URL: http://codereview.chromium.org/6688068

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-21 12:57:25 +00:00
vitalyr@chromium.org
7976ca2cbc Merge isolates to bleeding_edge. 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7271 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-18 20:35:07 +00:00
vitalyr@chromium.org
76e226f832 Revert r7268: it borked the history. 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-18 19:41:05 +00:00
vitalyr@chromium.org
6ff7fdebd3 Merge isolates to bleeding_edge. 
Review URL: http://codereview.chromium.org/6685088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-18 18:49:56 +00:00
mmaly@chromium.org
4cbf3478d8 Implement strict mode ThrowTypeError functions for arguments object. 
* Reverse order of arguments in-object fields for length and callee.
* Introduce arguments ThrowTypeError functions (caller/callee).
* Create strict mode arguments boilerplate object.
* Strict mode "new arguments object" stub.
* Runtime arguments object allocation.
* Update es5conform test expectations.

Review URL: http://codereview.chromium.org/6698015/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-17 20:28:41 +00:00
mmaly@chromium.org
1d1018aec7 Strict mode ThrowTypeError functions for 
- function.caller
- function.arguments

Review URL: http://codereview.chromium.org/6694044/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-17 20:28:17 +00:00
vitalyr@chromium.org
e26ae48786 Remove empty test/mjsunit/compiler/global-accessors.js to make lint happy. 
Review URL: http://codereview.chromium.org/6712001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-17 16:12:13 +00:00
ricow@chromium.org
d6caa8872a Revert revisions 7215 and 7212. 
This caueses line positions to be off by one in certain cases, causing webkit http/tests/inspector/console-xhr-logging to fail.
Review URL: http://codereview.chromium.org/6667077

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7239 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-17 14:30:48 +00:00
vegorov@chromium.org
c83f0a715e Make HDeoptimize to explicitly use environment values. 
Otherwise dead phi elimination can actually remove some of the implicitly used phis.

BUG=1257
TEST=test/mjsunit/regress/regress-1257.js

Review URL: http://codereview.chromium.org/6672066

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-17 12:22:49 +00:00
sgjesse@chromium.org
1a6c821b05 Increase coverage of global loads in optimized code 
In the cases where a global property cell cannot be used in the optimized code use standard load ic to get the property instead of bailing out.
Review URL: http://codereview.chromium.org/6665026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-17 08:16:12 +00:00
erik.corry@gmail.com
5ea0364a6a Fix incorrect assumption on bit-and on ARM 
Review URL: http://codereview.chromium.org/6696037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-15 21:56:12 +00:00
ricow@chromium.org
e8ff324583 Follow Safari on not throwing when __defineGetter__ fails. 
In addition, this fixes defineOwnProperty to actually not throw when
the should_throw flag is false (we had no usage of this priorly).

Review URL: http://codereview.chromium.org/6695018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-15 14:19:18 +00:00
ricow@chromium.org
7cb35bcfa5 Reapply 7143 after fixing issue 1250 
Review URL: http://codereview.chromium.org/6698027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7175 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-15 12:25:13 +00:00
ager@chromium.org
6428822811 Revert "Strict mode ThrowTypeError functions for" 
TBR=mmaly@chromium.org

Review URL: http://codereview.chromium.org/6696018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-15 11:01:21 +00:00
mmaly@chromium.org
80bd958df2 Strict mode ThrowTypeError functions for 
- function.caller
- function.arguments

Review URL: http://codereview.chromium.org/6691003/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7168 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-14 17:46:37 +00:00
whesse@chromium.org
f6e1b82fd4 Fix a problem where Object.getOwnPropertyDescriptor and related functions unintentionally called toString on the values of an object's properties. Fixes issue 1233. 
Review URL: http://codereview.chromium.org/6677017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-11 13:57:20 +00:00
ricow@chromium.org
c00631b86e Fix presubmit by deleting regress-1240 not deleted by last patch. 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-11 09:08:52 +00:00
ricow@chromium.org
f2730d2ab8 Revert revision 7143, this causes a number of webkit tests to fail. 
This includes a security test. Reverting to investigate further.

Review URL: http://codereview.chromium.org/6673019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-11 09:02:54 +00:00
ricow@chromium.org
fa9e57e326 Change __defineGetter__ and __defineSetter__ to respect non-configurable. 
This makes us compatible with firefox. Earlier on we were somehow
compatible with safari - which will allow defining a getter even when
an existing getter is present and non-configurable. We would, however,
in addition to overwriting the getter also change configurable to
true. The approach used by firefox seems much more sound, i.e., why
should it be possible to use __defineGetter__ or __defineSetter__ to
overwrite a non-configurable getter or setter respectively.

I will file a bug on the webkit bugtracker. 

Review URL: http://codereview.chromium.org/6658037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7143 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-11 08:05:59 +00:00
whesse@chromium.org
b7d7aa8ad2 Fix error in sin-cos.js test introduced in r7129. 
Review URL: http://codereview.chromium.org/6659034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-10 14:04:18 +00:00
whesse@chromium.org
fc8f77e398 X64 Crankshaft: Fix error in computation of sine and cosine. 
Review URL: http://codereview.chromium.org/6646047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-10 13:34:23 +00:00
lrn@chromium.org
a8b41a0edd Fix bug in X64 RegExpExec stub. 
Used incorrect register for referencing RegExp data, so it always failed
to match the fast case.
When modifiying the object layout, it was possible to make it crash instead.

BUG=v8:1236
TEST=test/mjsunit/regress/regress-1236.js

Review URL: http://codereview.chromium.org/6635041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-08 14:15:25 +00:00
mmaly@chromium.org
927f341d3c Strict mode arguments do not share binding with formal parameters. 
Move strict mode flag from TemporaryScope to Scope so that it can be accessed from variable binding code.
Arguments do not alias in strict mode (ia32, x64 and arm, codegen and full codegen).
Hydrogen tolerates null arguments_shadow().
In codegen-<arch> arguments object is allocated eagerly to capture values before they get modified.

Review URL: http://codereview.chromium.org/6625048/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-07 19:23:46 +00:00
kmillikin@chromium.org
4a9056cbce Fix a stack-height mismatch during deoptimization. 
When deoptimizing after a conditional expression in an effect context, we
should not see the value of the conditional expression.

BUG=v8:1237

Review URL: http://codereview.chromium.org/6625057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-07 17:01:12 +00:00
mmaly@chromium.org
3c51baa1ac Throw if setting length of a string in strict mode. 
BUG=
TEST=test/mjsunit/strict-mode.js

Review URL: http://codereview.chromium.org/6623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-04 21:12:29 +00:00
mmaly@chromium.org
9dc156ac62 Passing strict mode throughout SetElement. 
Throw if assigning to read only element.
Adding tests for element assignment in strict mode.

Fix tests for strict mode SetElement.

Review URL: http://codereview.chromium.org/6613005/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-04 00:21:52 +00:00
mmaly@chromium.org
1d040083b0 Assignment to read only properties throws in strict mode. 
Review URL: http://codereview.chromium.org/6594037/

Revert "Revert "Assignment to read only properties throws in strict mode.""

This reverts commit aefcd82e1d36d458dd071ebf4777340f08aa67b1.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7007 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-02 04:53:43 +00:00
vitalyr@chromium.org
d9b0c93d23 Allow eval to be overridden with a callable non-function object. 
We simply need to remove early checks in the resolve eval runtime
functions. CallFunctionStub that follows will handle non-functions in
the right way.

Review URL: http://codereview.chromium.org/6591075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-01 19:05:06 +00:00
fschneider@chromium.org
8a72161585 Add lazy deoptimization environment to instanceof by marking it as a call. 
This fixes an assert when an exception is thrown inside instanceof.

BUG=v8:1207
TEST=mjsunit/regress/regress-1207.js

Review URL: http://codereview.chromium.org/6588083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-01 15:37:24 +00:00