AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
10,527 Commits 1 Branch 0 Tags 839 MiB
7145671392
Commit Graph

897 Commits

Author SHA1 Message Date
svenpanne@chromium.org
c26d100b10 Avoid TLS accesses in Object::Lookup and Object::GetPrototype. 
Both methods were among the top causes for TLS accesses.

BUG=v8:2487

Review URL: https://codereview.chromium.org/12319144

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-27 13:22:29 +00:00
jkummerow@chromium.org
b3cb955c4f Normalized map copies should not share code caches 
Review URL: https://codereview.chromium.org/12328136

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-27 12:17:50 +00:00
adamk@chromium.org
deeddc7e76 Remove duplication and unnecessary HandleScope from HasElement helper functions 
Review URL: https://codereview.chromium.org/12328064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-26 17:20:21 +00:00
mstarzinger@chromium.org
ce1e10f5fc Make __proto__ a foreign callback on Object.prototype. 
This moves the __proto__ property to Object.prototype and turns it into
a callback property actually present in the descriptor array as opposed
to a hack in the properties lookup. For now it still is a "magic" data
property using foreign callbacks and not an accessor property visible to
JavaScript.

The second effect of this change is that JSON.parse() no longer treats
the __proto__ property specially, it will be defined as any other data
property. Note that object literals still have their special handling.

R=rossberg@chromium.org
BUG=v8:621,v8:1949,v8:2441
TEST=mjsunit,cctest,test262

Review URL: https://codereview.chromium.org/12212011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-26 10:46:00 +00:00
svenpanne@chromium.org
fb6776e84a Made Isolate a mandatory parameter for everything Handle-related. 
Unified parameter order of CreateHandle with the rest of v8 on the way. A few
Isolate::Current()s had to be introduced, which is not nice, and not every place
will win a beauty contest, but we can clean this up later easily in smaller steps.

Review URL: https://codereview.chromium.org/12300018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-25 14:46:09 +00:00
ulan@chromium.org
7dd0b1ca77 Zap holes in dependent code array after deoptimizing a code group. 
BUG=crash on GC stress builder

R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/12315077

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-25 12:27:28 +00:00
ulan@chromium.org
3a1eca4242 Remove prototype checks for leaf maps in optimized code. 
Review URL: https://chromiumcodereview.appspot.com/12225099

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-20 11:49:54 +00:00
svenpanne@chromium.org
71a26c928a Make the Isolate parameter mandatory for internal HandleScopes. 
Improved Frames and their iterators on the way, too.

BUG=v8:2487

Review URL: https://codereview.chromium.org/12254007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-15 09:27:10 +00:00
dcarney@chromium.org
0da6e525b7 Split AccessorInfo into DeclaredAccessorInfo and ExecutableAccessorInfo 
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12213012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-12 14:33:08 +00:00
danno@chromium.org
a77daae9f8 Add additional flags to control array abuse tracing 
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/12211095

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-08 14:32:38 +00:00
danno@chromium.org
9cb3a2e97d Add --trace-array-abuse to help find OOB accesses. 
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/12220040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-07 07:56:11 +00:00
adamk@chromium.org
dbf50cf948 Object.observe: change array truncation logic to efficiently handle large sparse arrays 
Review URL: https://codereview.chromium.org/12041084

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-04 21:03:08 +00:00
ulan@chromium.org
744d61ebe7 Fix clearing of dead dependent codes and verify weak embedded maps on full GC. 
BUG=172488,172489
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/12094036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-02-04 10:56:50 +00:00
verwaest@chromium.org
672056ac88 Only mark the descriptor that is valid for the map in question. If this map 
transitioned from a map with a different descriptor array (or has no back
pointer), mark all valid descriptors from the start.

This fixes the following memory leak: Map A shares a descriptor array
with map B. Map B adds constant function c that in its scope holds on to
an instance of B. If the descriptor array of A would keep all the shared
descriptors alive, including c, this keeps alive both A and c
indefinitely.

This CL also fixes a bug in descriptor array trimming. When trimming
descriptor arrays we need to trim off the slack as well (thus the entire
storage); and since we are trimming a descriptor array, we need to trim
* kDescriptorSize.

Review URL: https://chromiumcodereview.appspot.com/12084066

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-31 10:50:42 +00:00
adamk@chromium.org
c001d928df Object.observe: don't unnecessarily emit oldValue for reconfigurations of data properties 
When a data property has its attributes changed but its value remains the same,
don't emit an oldValue. This makes the API more consistent by only emitting
oldValue when the value of a property has actually changed (or been removed,
in the case of a reconfiguration as an accessor property or a deletion).

Review URL: https://codereview.chromium.org/11820004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13565 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-30 21:07:28 +00:00
verwaest@chromium.org
e7420f65bc Also allow the empty object map to keep transitions. 
With the old implementation, due to the map-check being inadequate, such
transitions were already added for cross-context field stores. It is not
necessary anymore to not store transitions, since we properly clear
non-live transitions. Globally enabling this feature will help find more
bugs.

BUG=v8:2518
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/12092063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-30 15:07:58 +00:00
ulan@chromium.org
e6224d275f Make embedded maps in optimized code weak. 
Each map has a weak array of dependent codes, where the map tracks all the optimized codes that embed it.
Old space GC either clears the dead dependent codes from the array if the corresponding map is alive or deoptimizes the live dependent codes if the map is dead.

BUG=v8:2073
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11575007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-24 11:55:05 +00:00
mvstanton@chromium.org
7884216804 Additional work to get array literal allocation tracking working, even with --always-opt 
BUG=

Review URL: https://codereview.chromium.org/11817017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-17 08:41:27 +00:00
verwaest@chromium.org
36a26b5394 Separate MEGAMORPHIC and GENERIC ic states 
Review URL: https://chromiumcodereview.appspot.com/11824063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-16 15:02:58 +00:00
svenpanne@chromium.org
b5e4485a34 Add some runtime checks to MayNamedAccess 
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11877027
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-16 08:54:04 +00:00
mstarzinger@chromium.org
b93b2b98b8 Fix shared function info code replacement. 
This fixes a corner case when the unoptimized code for a shared function
info is replaced while the function is enqueued as a flushing candidate.
Since the link field is stored within the code object, the candidates
list got destroyed.

R=hpayer@chromium.org
BUG=v8:169209
TEST=cctest/test-heap/Regress169209

Review URL: https://codereview.chromium.org/11818052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-11 13:13:11 +00:00
verwaest@chromium.org
7cb764b780 Combine DEBUG_BREAK and DEBUG_PREPARE_STEP_IN into one IC stub kind DEBUG_STUB, encoding DEBUG_BREAK and DEBUG_PREPARE_STEP_IN as extra ic state. 
Review URL: https://chromiumcodereview.appspot.com/11821049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13352 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-10 14:15:12 +00:00
yangguo@chromium.org
e41c17084f Continues Latin-1 support. All tests pass with ENABLE_LATIN_1 flag. 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11818025
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-09 15:47:53 +00:00
jkummerow@chromium.org
aee9febccc Some more instrumentation to narrow down Failure leaks. 
The basic idea is to tag OOM-Failure objects with an ID indicating where they were created. This requires changes to equality comparisons.

Note to MIPS folks: I'm planning to revert this CL in a couple of days, so feel free to skip porting the platform-specific changes.

BUG=chromium:156010

Review URL: https://codereview.chromium.org/11818023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-09 12:29:06 +00:00
yangguo@chromium.org
45f20e366a Introduce ENABLE_LATIN_1 compile flag 
Mostly a bunch of renaming when flag is disabled.

R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11759008
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-09 10:30:54 +00:00
mvstanton@chromium.org
467b75208f Test fix: missing check for JSArray. 
BUG=

Review URL: https://codereview.chromium.org/11801036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-08 10:22:12 +00:00
mvstanton@chromium.org
529f801fde Adapt Danno's Track Allocation Info idea to fast literals. When allocating a literal array, 
we store an AllocationSiteInfo object right after the JSArray, with a pointer to the
boilerplate object. Later, if the array transitions we check for the continued existence
of the temporary AllocationSiteInfo object (has no roots). If found, we'll use it to
transition the boilerplate array as well.

Danno's original changeset: https://codereview.chromium.org/10615002/

Review URL: https://codereview.chromium.org/11663005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-08 09:03:16 +00:00
verwaest@chromium.org
50d82ca796 Introduce POLYMORPHIC 
Review URL: https://chromiumcodereview.appspot.com/11747022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13329 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-07 15:36:26 +00:00
yangguo@chromium.org
61f4012989 Use C++ style type casts. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11644097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-07 15:02:56 +00:00
yangguo@chromium.org
4ee20d857b Check for read-only-ness when preparing for array sort. 
R=verwaest@chromium.org
BUG=v8:2419

Review URL: https://chromiumcodereview.appspot.com/11759022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-04 15:24:47 +00:00
yangguo@chromium.org
04ccb975f4 Remove InputBuffer 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11727004
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-03 09:18:01 +00:00
verwaest@chromium.org
537d1d89b0 Move CopyElements to the accessor of the target. 
Review URL: https://chromiumcodereview.appspot.com/11416238

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13292 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-02 10:09:42 +00:00
yangguo@chromium.org
bccef0c712 Reland r13275 and 13276 (Remove most uses of StringInputBuffer). 
R=dcarney@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11727003
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13291 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-31 11:13:50 +00:00
yangguo@chromium.org
121f3f6020 Revert r13275 and 13276 (Remove most uses of StringInputBuffer). 
This is due to test failures in test-mark-compact/BootUpMemoryUse.

R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11688003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-27 10:03:17 +00:00
yangguo@chromium.org
6e6140728b Fix build warnings. 
TBR=dcarney@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11669020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13276 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-24 08:52:32 +00:00
yangguo@chromium.org
7f074acd8d Remove most uses of StringInputBuffer 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11638037
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-24 08:29:48 +00:00
svenpanne@chromium.org
3cff9a2a4a Refactored deopt tracing and FindOptimizedCode. Fixed a bug when printing stubs. 
Review URL: https://codereview.chromium.org/11636046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-21 07:18:56 +00:00
svenpanne@chromium.org
9b00a57a92 Refactoring only: Extracted method to print deopt location. 
Review URL: https://codereview.chromium.org/11640041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-20 11:53:42 +00:00
yangguo@chromium.org
eedcaf1866 Remove Utf8InputBuffer 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11649018
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13248 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-20 09:20:37 +00:00
rossberg@chromium.org
75dac95604 Fix treatment of hidden prototypes in SetProperty. 
R=svenpanne@chromium.org
BUG=v8:2457

Review URL: https://codereview.chromium.org/11644021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-19 15:17:01 +00:00
yangguo@chromium.org
9569b20db2 Replace the use CharacterStreams in Heap::AllocateSymbolInternal and String::ComputeHash 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11593007
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-19 13:27:20 +00:00
danno@chromium.org
1f4b4625ff Re-land Crankshaft-generated KeyedLoad stubs. 
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11528003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-18 16:25:45 +00:00
yangguo@chromium.org
19a6575ea3 Rename LookupSymbol calls to use Utf8 or OneByte in names. 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11597007
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-17 15:56:16 +00:00
rossberg@chromium.org
fb5a5e22ec Object.observe: Make array length and other magic data properties work correctly. 
Also, disable TestFastElementsLength test for now, since it flakes on buildbots for yet unknown reasons.

R=mstarzinger@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11554019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-13 09:31:44 +00:00
rossberg@chromium.org
76375de29d Object.observe: prevent observed objects from using fast elements. 
This is necessary because polymorphic stores generally
do not perform a map check but only an instance type check,
which misses out on changes in the observation status.
Unfortunately, there currently is no efficient way in V8
to maintain that optimisation in the presence of Object.observe.

R=mstarzinger@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11477006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-12 11:38:24 +00:00
mstarzinger@chromium.org
4e42a3295a Clear optimized code map during incremental marking. 
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/11458011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-11 17:28:40 +00:00
mstarzinger@chromium.org
ca3ea142be Fix missing printing of deoptimizer input data. 
R=rossberg@chromium.org
TEST=mjsunit/compiler/inline-arguments --print-all-code

Review URL: https://codereview.chromium.org/11537005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-11 12:19:19 +00:00
yangguo@chromium.org
f02af74575 Cleanup StringCharacterStream and add initial test cases. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11438046
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-11 10:22:15 +00:00
danno@chromium.org
64fc1f99cb Revert 13157, 13145 and 13140: Crankshaft code stubs. 
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/11498006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-10 11:09:12 +00:00
rossberg@chromium.org
9a0623f296 Object.observe support for Function 'prototype' property 
BUG=v8:2409

Review URL: https://codereview.chromium.org/11416353
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-10 10:53:57 +00:00