AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9,473 Commits 1 Branch 0 Tags 839 MiB
74aa15bfa0
Commit Graph

525 Commits

Author SHA1 Message Date
yangguo@chromium.org
67540abe08 Fix compile with debuggersupport=off. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9546051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10952 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-07 10:57:36 +00:00
mstarzinger@chromium.org
8c2708de6d Fix Error.prototype.toString to throw TypeError. 
R=rossberg@chromium.org
BUG=v8:1980
TEST=mjsunit/function-call,mjsunit/regress/regress-1980

Review URL: https://chromiumcodereview.appspot.com/9568005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-05 13:57:48 +00:00
yangguo@chromium.org
f2699b66cf Revert r10908 due to flakiness and crashes. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9580007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-02 15:00:52 +00:00
yangguo@chromium.org
12f2099993 Ensure consistent result of transcendental functions. 
BUG=
TEST=regress-transcendental.js

Review URL: https://chromiumcodereview.appspot.com/9572009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10908 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-03-02 14:33:15 +00:00
mstarzinger@chromium.org
fb8eb04bfd Implement inlining of constructor calls. 
R=vegorov@chromium.org,kmillikin@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9304001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-28 09:05:55 +00:00
yangguo@chromium.org
32e2b0319e Update break points set with partial file name after compile. 
BUG=v8:1853

Review URL: https://chromiumcodereview.appspot.com/9460059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-27 11:52:08 +00:00
yangguo@chromium.org
baabb87dae Fix HConstant's hash function for smis on x64. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9466003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-24 10:59:12 +00:00
yangguo@chromium.org
671084074d Lazy removal of dead HValues in GVN from use lists. 
BUG=v8:1969
TEST=regress/regress-1969

Review URL: https://chromiumcodereview.appspot.com/9455011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-23 13:59:35 +00:00
vegorov@chromium.org
f5c8ac9839 On ia32 LFunctionLiteral instruction should get context from esi register instead of stack slot. 
This makes LFunctionLiteral safe even when it is used from inside inlined function.

All other architectures were implementing LFunctionLiteral correctly.

R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-inlining-function-literal-context.js

Review URL: https://chromiumcodereview.appspot.com/9425061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-21 12:10:04 +00:00
mstarzinger@chromium.org
e423637898 Fix sequence of element access in array builtins. 
R=rossberg@chromium.org
BUG=v8:1790
TEST=mjsunit/regress/regress-1790,test262/15.4.4.22-9-9

Review URL: https://chromiumcodereview.appspot.com/9419044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-17 10:06:26 +00:00
yangguo@chromium.org
cc2780403a Ensure using byte registers for byte instructions on ia32 and x64. 
BUG=v8:1945
TEST=regress-1945.js

Review URL: https://chromiumcodereview.appspot.com/9418005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-16 12:48:02 +00:00
yangguo@chromium.org
01e46b955f Initialize internal arrays with the correct map. 
BUG=v8:1878
TEST=regress-1878.js

Review URL: https://chromiumcodereview.appspot.com/9402009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-15 13:45:42 +00:00
danno@chromium.org
71cd77e22c Fix crashing bugs in store-and-grow IC for double values. 
R=jkummerow@chromium.org
BUG=chromium:113924
TEST=test/mjsunit/regress/regress-113924.js

Review URL: https://chromiumcodereview.appspot.com/9365055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-14 15:09:49 +00:00
yangguo@chromium.org
3e58827710 Fix elements transition bug related to array.concat. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9358018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 09:50:13 +00:00
lrn@chromium.org
f0a87d7c34 Fix handling of 'c: if (0) break c; else ()' where a parser optimization 
leaves a trailing ";" after removing the break.

Review URL: https://chromiumcodereview.appspot.com/9159043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 08:40:11 +00:00
ulan@chromium.org
8093e397e4 Do not ignore an empty context with extension when creating a scope object. 
Runtime_DebugEvaluate creates an empty context which is not correctly handled in FullCodeGenerator::ContextSlotOperandCheckExtensions because the corresponding scope indicates that it has no context.

BUG=crbug.com/107996
TEST=test/mjsunit/regress/regress-crbug-107996.js

Review URL: https://chromiumcodereview.appspot.com/9310027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10582 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-02 09:35:12 +00:00
mstarzinger@chromium.org
5dc4859fa4 Fix test case to correctly check expected result. 
R=vegorov@chromium.org
TEST=mjsunit/regress/regress-1229

Review URL: https://chromiumcodereview.appspot.com/9303032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-31 12:31:24 +00:00
vegorov@chromium.org
67d72eab45 When preparing heap for breakpoints make sure not to flush away non-optimized code for inlined functions. 
Debug::PrepareForBreakPoints was not fully populating active_functions list.

R=erik.corry@gmail.com
TEST=test/mjsunit/regress/regress-debug-code-recompilation.js

Review URL: https://chromiumcodereview.appspot.com/9290013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-25 15:11:59 +00:00
vegorov@chromium.org
04289e8d17 Support inlining at call-sites with mismatched number of arguments. 
Review URL: https://chromiumcodereview.appspot.com/9265004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-24 08:43:12 +00:00
vegorov@chromium.org
704c92ce95 Ensure that LRandom restores rsi after call to the C function on x64. 
R=ulan@chromium.org
BUG=http://crbug.com/110509
TEST=test/mjsunit/regress/regress-110509.js

Review URL: https://chromiumcodereview.appspot.com/9265003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-19 08:43:34 +00:00
yangguo@chromium.org
ddc0144490 Fixing issue 1898 (using HChange outside the insert-representation-changes phase). 
BUG=v8:1898
TEST=mjsunit/regress/regress-1898.js

Review URL: http://codereview.chromium.org/9190047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-13 07:48:44 +00:00
vegorov@chromium.org
c4d3a110a2 Adjust position recorded for call expressions. 
For calls of the form ident(...) record position of the identifier as the position of the call. For other calls record positions of the opening parenthesis.

This guarantees that for expressions of the form function(){}() call position will not intersect with positions recorded for function literal which is used by the debugger for scope chain resolution.

R=kmillikin@chromium.org
BUG=http://crbug.com/109195
TEST=test/mjsunit/regress/regress-109195.js

Review URL: http://codereview.chromium.org/9125001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-06 10:26:17 +00:00
danno@chromium.org
f648626eb9 Reland 10309: Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY 
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/9051014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 14:28:14 +00:00
danno@chromium.org
5d85a04472 Rollback 10309 
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8968042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 13:42:21 +00:00
danno@chromium.org
dff0e36d2d Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY 
BUG=v8:1849
TEST=test/mjsunit/regress/regress-1849.js

Review URL: http://codereview.chromium.org/8968028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 12:54:23 +00:00
danno@chromium.org
aa38094bf0 Ensure that InternalArrays remain InternalArrays regardless of how they are constructed. 
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js

Review URL: http://codereview.chromium.org/9016041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03 Avoid embedding new space objects into code objects in the lithium gap resolver. 
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js

Review URL: http://codereview.chromium.org/8960004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-23 10:39:01 +00:00
mstarzinger@chromium.org
04f0e33229 Fix handling of foreign callbacks in DefineOwnProperty. 
We use foreign callbacks to make some properties shadow internal values
but still behave as data properties from within JavaScript. This means
when a value is passed to Object.defineProperty() on such a property,
it should update the internal value instead of redefinind the property
and destroying the shadowing.

R=rossberg@chromium.org
BUG=v8:1530
TEST=mjsunit/regress/regress-1530,test262/S15.3.3.1_A4

Review URL: http://codereview.chromium.org/8996008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-20 08:49:51 +00:00
jkummerow@chromium.org
91efb313eb Fix crash in d8 when external array ctor hits stack overflow 
BUG=100859
TEST=mjsunit/regress/regress-crbug-100859

Review URL: http://codereview.chromium.org/8898021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-13 13:51:58 +00:00
vegorov@chromium.org
a457040ca6 Ensure that non-optimized code objects are not flushed for inlined functions. 
Collector was flushing them if optimized code was reachable only through the stack (not through the JSFunction object) which happens when you have a pending lazy deoptimization.

Also prevent v8::Script::New from leaking internal objects allocated by the compiler into outer HandleScope.

R=kmillikin@chromium.org
BUG=http://crbug.com/97116
TEST=test/mjsunit/regress/regress-97116.js

Review URL: http://codereview.chromium.org/8888011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-08 16:07:07 +00:00
yangguo@chromium.org
929c619101 Quickfix for DoMathPowHalf. 
TEST=regress-397.js

Review URL: http://codereview.chromium.org/8769037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-02 13:16:49 +00:00
lrn@chromium.org
ebccde15bc Don't preparse large files to find boundaries of lazy functions. 
Instead use the preparser inline to parse only the lazy function
bodies.

This is still disabled for small files.
More measurements are needed to determine if lazy-compiling small
sources is worth it.

Review URL: http://codereview.chromium.org/8662037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-25 09:36:31 +00:00
mstarzinger@chromium.org
330cd2205c Remove hidden prototype for builtin functions. 
This is a deliberate non-conformity introduced more than 2 years ago to
be compatible with JSC. The current state is that all other browsers
perform ES5 conform in that regard.

R=erik.corry@gmail.com
BUG=chromium:1717,chromium:39662
TEST=test262/15.2.3.6-4-6??,mjsunit/undeletable-functions

Review URL: http://codereview.chromium.org/8566009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-15 09:44:57 +00:00
yangguo@chromium.org
53c6077cee Fixing issue 103259. 
BUG=103259
TEST=regress-103259.js

Review URL: http://codereview.chromium.org/8498011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 14:59:40 +00:00
lrn@chromium.org
30465596e6 Make eval consider anything on the form eval(args...) a potential direct cal 
Previously we omitted all cases where the global eval property was shadowed,
even if by a variable holding the same value. ES5 requires us to treat these
as direct calls.

We still throw if calling indirect eval with a detached global object.

BUG=v8:994
TEST=mjsunit/eval.js

Review URL: http://codereview.chromium.org/8343054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-31 09:38:52 +00:00
vegorov@chromium.org
f8c2d3847f Take loop side-effects into account when collecting side-effects on the path between two blocks. 
R=fschneider@chromium.org
BUG=100409
TEST=test/mjsunit/regress/regress-100409.js

Review URL: http://codereview.chromium.org/8395002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 15:39:55 +00:00
mstarzinger@chromium.org
b3eba9e764 Fix handling of non-object receivers for array builtins. 
R=svenpanne@chromium.org
BUG=chromium:100702
TEST=mjsunit/regress/regress-100702

Review URL: http://codereview.chromium.org/8347034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 09:24:37 +00:00
lrn@chromium.org
5152d2e0da Reimplement Function.prototype.bind. 
Make instanceof work correctly.

BUG=v8:893

Review URL: http://codereview.chromium.org/8199004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:44:16 +00:00
lrn@chromium.org
50ef25e0f3 Remove redundant allow-natives flag from CompilationInfo. 
Just use script being native and FLAG_allow_natives_syntax directly.

Review URL: http://codereview.chromium.org/8314018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 09:02:26 +00:00
yangguo@chromium.org
3249530ef0 Fixing issue 1757 (string slices of external strings). 
BUG=v8:1757
TEST=regress-1757.js

Review URL: http://codereview.chromium.org/8217011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 16:09:03 +00:00
kmillikin@chromium.org
fa18fdb206 Add a regression test for an already fixed issue. 
Add a regression test for Chromium issue 99167.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8222002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 10:46:27 +00:00
lrn@chromium.org
9f73eed45f Fix issue 1361 - Implement ES5 Array.prototype.toString. 
BUG=v8:1361
TEST=mjsunit/array-tostring

Review URL: http://codereview.chromium.org/8124025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-05 07:08:23 +00:00
mstarzinger@chromium.org
c034518442 Fix preparation for sorting of external arrays. 
R=rossberg@chromium.org
BUG=98773
TEST=mjsunit/regress/regress-98773

Review URL: http://codereview.chromium.org/8122020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9516 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 13:49:50 +00:00
lrn@chromium.org
4750f0c3cd Fix issue 1415 - allow surrogate pair codes in decodeURIComponent. 
Also some cleanup of uri.js.

BUG=v8:1415
TEST=mjsunit/regress/regress-1415

Review URL: http://codereview.chromium.org/8118004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 07:15:07 +00:00
lrn@chromium.org
4b385d7e8e Fix bug in x64 RegExp detecting start of string. 
Also add missing MIPS case in regexp tracer.

Fixes issues v8:1748 and v8:1746

BUG=v8:1748, v8:1746
TEST=mjsunit/regress/regress-1748.js

Review URL: http://codereview.chromium.org/8116001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-03 10:31:01 +00:00
lrn@chromium.org
165e105ec9 Check enumerability of array indices correctly in propertyIsEnumerable. 
Fix issue 1692.

BUG=v8:1692
TEST=mjsunit/regress/regress-1692

Review URL: http://codereview.chromium.org/8113001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-03 09:15:58 +00:00
lrn@chromium.org
b9d39c48b8 Make the RegExp.prototype object be a RegExp object. 
BUG=v8:1217
TEST=mjsunit/regress/regress-1217

Review URL: http://codereview.chromium.org/8041015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 08:42:01 +00:00
vegorov@chromium.org
bfd048173f Notify collector about lazily deoptimized code objects. 
All slots that were recorded on these objects during incremental marking should be ignored as they are no longer valid.

To filter such invalidated slots out during slots buffers iteration we set all markbits under the invalidated code object to 1 after the code space was swept and before slots buffers are processed.

R=erik.corry@gmail.com
BUG=v8:1713
TEST=test/mjsunit/regress/regress-1713.js

Review URL: http://codereview.chromium.org/7983045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 16:01:35 +00:00
yangguo@chromium.org
7ab81a14fa Reverting r9399. 
Review URL: http://codereview.chromium.org/7989007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 15:55:44 +00:00
yangguo@chromium.org
0c6863a1ef Set RegExp's prototype to RegExp as specified by ES5. 
BUG=v8:1217
TEST=regress-1217.js

Review URL: http://codereview.chromium.org/7995005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 15:11:12 +00:00
mstarzinger@chromium.org
873e4980db Fix transferal of marking bits on array trimming. 
R=vegorov@chromium.org
BUG=v8:1708
TEST=mjsunit/regress/regress-1708

Review URL: http://codereview.chromium.org/7979038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 13:03:22 +00:00
yangguo@chromium.org
b7cac76bae Fixed string.split: always convert non-regexp separator to string. 
BUG=v8:1711
TEST=mjsunit/regress/regress-1711.js

Review URL: http://codereview.chromium.org/7976046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 08:18:58 +00:00
yangguo@chromium.org
fdffe67205 Initialize pre-allocated fields of JSObject with undefined. 
BUG=94873

Review URL: http://codereview.chromium.org/7929001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 10:06:23 +00:00
vegorov@chromium.org
ac36cb4504 Merge experimental/gc branch to the bleeding_edge. 
Review URL: http://codereview.chromium.org/7945009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-19 18:36:47 +00:00
jkummerow@chromium.org
fcc2e65aad Change global const handling to silently ignore redeclarations 
and make window.{Infinity,NaN,undefined} read-only as per ES5

BUG=89490
TEST=mjsunit/const-redecl.js, mjsunit/undeletable-functions.js, es5conform, sputnik

Review URL: http://codereview.chromium.org/7811015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 12:00:30 +00:00
yangguo@chromium.org
48b5328bde Fixing issue 1639, debugger stops stepping outside evaluate. 
BUG=v8:1639

Review URL: http://codereview.chromium.org/7889039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 07:23:31 +00:00
keuchel@chromium.org
96de832c89 Mark variables as being accessed from any inner scope, not only function scopes 
BUG=96523
TEST=mjsunit/regress/regress-96523.js

Review URL: http://codereview.chromium.org/7890031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9281 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 13:51:29 +00:00
kmillikin@chromium.org
63bec78428 Revert "MIPS: port Remove in-loop tracking for call ICs." 
Committed incorrectly.

TBR=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7890026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 08:08:16 +00:00
kmillikin@chromium.org
f9e2922b12 MIPS: port Remove in-loop tracking for call ICs. 
port r9260 (af9cfd83).

Original commit message:
We passed this flag around in a lot of places and had differenc call
ICs based on it, but never did any real specialization based on its
value.

BUG=
TEST=

Review URL: http://codereview.chromium.org/7886028
Patch from Paul Lind <plind44@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 08:04:47 +00:00
rossberg@chromium.org
40880d3206 Fixed spurious character in test case, plus presubmit issues. 
Also addressed Slava's complaint about the personalized comment.

R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7886032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 07:30:51 +00:00
rossberg@chromium.org
28f7136ced Fix for .bind regression. 
R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7892013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 17:14:39 +00:00
yangguo@chromium.org
321bfc549f Fixing r9265: moving test case into correct location. 
Review URL: http://codereview.chromium.org/7889008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 16:11:05 +00:00
danno@chromium.org
df860eda5c Don't allow seal or element property re-definition on external arrays. 
R=ricow@chromium.org
BUG=95920
TEST=test/mjsunit/regress/regress-95920.js

Review URL: http://codereview.chromium.org/7858031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-09 14:30:00 +00:00
kmillikin@chromium.org
8b165d414f Fix a bug in abrupt exit from with or catch inside finally. 
When with or catch is nested inside finally, we were not properly restoring
the context in the stack for the finally code.  Also, as a small
optimization, restore it from the handler block instead of iteratively
unwinding contexts.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7837023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-07 09:21:44 +00:00
jkummerow@chromium.org
09c66d20ce Fix possible crash in FixedDoubleArray::Initialize() 
(this only affected ia32).

BUG=95113
TEST=mjsunit/regress/regress-95113.js passes without crashing.

Review URL: http://codereview.chromium.org/7833040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 14:07:54 +00:00
vegorov@chromium.org
d451878c91 Fix bug in Page::GetRegionMaskForSpan. 
When checking for a wrap take into account offset of the start address in the region.

BUG=http://crbug.com/94425
TEST=test/mjsunit/regress/regress-94425.js
Review URL: http://codereview.chromium.org/7779037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 11:24:48 +00:00
ricow@chromium.org
0fbf8c8854 Add regression test for issue 1215, expand regression test for issue 1447. 
Both these issues has now been closed since they are working on bleeding edge.
Review URL: http://codereview.chromium.org/7739024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 07:43:51 +00:00
yangguo@chromium.org
86a62d0da3 Added check for trailing whitespaces and corrected existing violations. 
Review URL: http://codereview.chromium.org/7826007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:28:10 +00:00
ricow@chromium.org
4e94cd8b08 Make arguments and caller always be null on native functions (fixes issue 1548 and issue 1643). 
With this change we follow Firefox, Safari has a slightly different approach where the property is just not there (at least according to GetOwnProperty). 
Review URL: http://codereview.chromium.org/7792054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:09:11 +00:00
vegorov@chromium.org
e833f91eb3 Do constant function check earlier in TryCallApply and ensure correct environment for deopt. 
R=kmillikin@chromium.org
BUG=v8:1650
TEST=test/mjsunit/regress/regress-1650.js
Review URL: http://codereview.chromium.org/7812033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 10:33:59 +00:00
fschneider@chromium.org
ffc6c7e56b Introduce local function declarations in Crankshaft and fix issue 1647. 
We have to emit code for declarations later into the body block
(and not into the start block) so that the environment contains
the correct values.

In order to capture the environment effect of the declarations
that generate code (function declarations) I inserted a separate
AST id and a HSimulate after the declarations are visited.

Also fixes handling deopt in named function expressions:
BUG=v8:1647
TEST=test/mjsunit/regress/regress-fundecl.js, test/mjsunit/regress/regress-1647.js
Review URL: http://codereview.chromium.org/7776009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-31 13:26:08 +00:00
lrn@chromium.org
d8a123169b Make regexp flag parsing stricter. 
BUG=v8:1628
TEST=mjsunit/regress/regress-219

Review URL: http://codereview.chromium.org/7624045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-19 11:02:41 +00:00
lrn@chromium.org
7939f9acf2 Make scanner handle invalid unicode escapes in identifiers correctly. 
I.e., don't just convert \u to u in identifiers (like in strings and regexps).

Also make the scanning of RegExp flags not interpret the escapes.

(Fix and reapply of r8942)

BUG=v8:1620
TEST=mjsunit/regress/regress-1620

Review URL: http://codereview.chromium.org/7677012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-18 12:47:23 +00:00
ricow@chromium.org
d9c1984fe3 Use InternalArray in Object.defineProperties to avoid issues with overwriten properties on Array.prototype 
TEST=mjsunit/regress/regress-1625
BUG=v8:1625
Review URL: http://codereview.chromium.org/7631039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-18 08:39:06 +00:00
ricow@chromium.org
7f36b52540 Revert 8942 "Make scanner not accept invalid unicode escapes in identifiers" 
This is causing webkit failures, reverting until we figure out if this is a V8 regression or wrong test expectations.
Review URL: http://codereview.chromium.org/7669017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-17 08:22:41 +00:00
lrn@chromium.org
7d17c8d5d3 Make scanner not accept invalid unicode escapes in identifiers. 
BUG=v8:1620
TEST=mjsunit/regress/regress-1620

Review URL: http://codereview.chromium.org/7663005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-16 13:31:08 +00:00
vitalyr@chromium.org
a107387dde Fix fun.apply(receiver, arguments) optimization. 
R=kmillikin@chromium.org
BUG=v8:1592
TEST=mjsunit/regress/regress-1592.js

Review URL: http://codereview.chromium.org/7497067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-10 16:05:17 +00:00
kmillikin@chromium.org
7adb10a48e Fix a bug in named getter/setter compilation. 
Because these are function literals that have an associated name, we were
compiling them as if they were named function expressions.  This is
incorrect, the property name should not be in scope.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7599024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-09 12:43:08 +00:00
kmillikin@chromium.org
d941053dbe Revert "Revert "Fix a bug in scope analysis."" 
Reapply r8838 with a fix for the issue of function names.

Because function names can be added/changed/removed through the API,
remember whether the function is anonymous when initially parsed and use
that information when compiling.

R=vegorov@chromium.org
BUG=1583
TEST=regress-1583

Review URL: http://codereview.chromium.org/7491097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-08 16:14:46 +00:00
lrn@chromium.org
e9bc76c499 Avoid infinite recursion for unterminated non-ASCII JSON string literals. 
BUG=91787
TEST=mjsunit/regress/regress-91787

Review URL: http://codereview.chromium.org/7569008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 12:55:29 +00:00
keuchel@chromium.org
c14b08658e Fix DebugEvaluate crash within a catch in a function without local context. 
BUG=v8:1586
TEST=mjsunit/regress/regress-1586.js

Review URL: http://codereview.chromium.org/7491053

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 12:00:57 +00:00
lrn@chromium.org
61ae1be609 Fix bug in scanner. 
Checking for end-of-comment truncated to byte before comparing to '*'.

BUG=v8:1546
TEST=mjsunit/regress/regress-1546

Review URL: http://codereview.chromium.org/7585004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 11:21:04 +00:00
kmillikin@chromium.org
3e28347d55 Revert "Fix a bug in scope analysis." 
This reverts commit revision 8838.

TBR=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7584005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 09:20:08 +00:00
kmillikin@chromium.org
b625ce2b6b Fix a bug in scope analysis. 
When recompiling code (e.g., when optimizing) we could incorrectly hoist
some function expressions.  This leads to incorrect results or a crash.  The
root cause was that functions were not correctly categorized as expression
or declaration at parse time.

This requires some extra hoops to prevent the print name "anonymous" for
functions created by 'new Function' from establishing a binding.

R=vegorov@chromium.org,kasperl@chromium.org
BUG=1583
TEST=regress-1583

Review URL: http://codereview.chromium.org/7572019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 08:28:11 +00:00
danno@chromium.org
861c895a34 Add regression test for 91517 
R=vegorov@chromium.org
BUG=91517
TEST=regress-91517.js

Review URL: http://codereview.chromium.org/7575007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-04 11:00:32 +00:00
ricow@chromium.org
9721eddc1f Ensure that the length property of bound functions are actual unique 
for the individually bound functions.

Our existing code will generate a new function on every call to bind,
but it will use the same shared function. When setting the lenght this
will be set on the shared function, i.e., the length of all bound
functions will be that of the last bound function.
Review URL: http://codereview.chromium.org/7475002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-03 12:44:17 +00:00
kmillikin@chromium.org
4487f8c050 Revert "Revert "Fix a bug in scope analysis."" 
Reapply r8783 with an additional fix.

Because the preparser and parser do not use the same scope analysis to
determine if a function can be lazily compiled, the parser can have false
positives.  Rather than treating this as a parse error, treat the preparser
as authoritative and eagerly compile the function.

R=lrn@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7565003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-03 09:10:35 +00:00
kmillikin@chromium.org
a129c95a54 Revert "Fix a bug in scope analysis." 
This reverts r8783.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7550013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 17:02:24 +00:00
kmillikin@chromium.org
f37f6e88ca Fix a bug in scope analysis. 
Function declarations inside catch are hoisted to the nearest enclosing
function scope, but we compiled their bodies as if occurring inside the
catch scope.

BUG=chrome:91120
TEST=regress/regress-91120 attached

Review URL: http://codereview.chromium.org/7548011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 15:04:31 +00:00
danno@chromium.org
b333719607 Properly handle FixedDoubleArrays in sort() 
R=jkummerow@chromium.org
BUG=91008
TEST=regress-91008.js

Review URL: http://codereview.chromium.org/7542008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 14:05:11 +00:00
vegorov@chromium.org
9226cfe5b7 Ensure that GenerateStoreFastDoubleElement returns stored value on all paths. 
BUG=chromium:91013
TEST=test/mjsunit/regress/regress-91013.js
Review URL: http://codereview.chromium.org/7551009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 13:36:38 +00:00
vegorov@chromium.org
a547d333f0 Check for phi-uses of arguments object before eliminating dead phi's. 
HGraphBuilder::TryArgumentsAccess does not emit any uses for receiver and will generate incorrect code when receiver for a property access is defined by a phi that returns either arguments object or something else.
 
BUG=v8:1582
TEST=test/mjsunit/regress/regress-1582.js
Review URL: http://codereview.chromium.org/7553006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 09:32:28 +00:00
danno@chromium.org
008f834117 Properly handle FastDoubleArrays in Runtime_MoveArrayContents 
BUG=91013
TEST=regress91013.js

Review URL: http://codereview.chromium.org/7551004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 09:28:55 +00:00
danno@chromium.org
1f9801bb9e Fix bug in ARM pixel array clamping 
Properly handle undefined conversion to zero in Crankshaft.

R=yangguo@chromium.org
BUG=none
TEST=regress-1563.js

Review URL: http://codereview.chromium.org/7461028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-22 16:01:53 +00:00
jkummerow@chromium.org
9de5255b60 Revert "Make window.undefined, window.NaN, window.Infinitiy read-only (ES5 section 15.1.1)" 
This reverts r8691.

Review URL: http://codereview.chromium.org/7457020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-20 10:51:11 +00:00
jkummerow@chromium.org
6768c5e24e Make window.undefined, window.NaN, window.Infinitiy read-only (ES5 section 15.1.1) 
BUG=89490
TEST=manual: "Infinity = 42;" doesn't change the value of "Infinity"

Review URL: http://codereview.chromium.org/7457019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-20 10:06:53 +00:00
ager@chromium.org
85f5afb717 Correctly mark functions from our natives files during compilation. 
When creating a CompilationInfo we always have the script and can
determine if it is a natives script.

Now that all natives functions are recognized as such, many of them
are called with undefined as the receiver. We have to use different
filtering for builtins functions when printing stack traces.

Also, fixed one call of CALL_NON_FUNCTION to be correctly marked as a
method call (with fixed receiver). Now that CALL_NON_FUNCTION is
marked as a native function this caused the receiver to be undefined.

R=svenpanne@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7395030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-19 08:19:31 +00:00
jkummerow@chromium.org
d4779286b6 Add map check for COW elements to crankshaft array handling code. 
BUG=1560
TEST=mjsunit/regress/regress-1560.js

Review URL: http://codereview.chromium.org/7366008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8656 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-14 14:45:20 +00:00
kmillikin@chromium.org
890bc1607a Fix a potential crash in const declaration. 
Declaration of const lookup slots would trigger an assertion if there was a
setter somewhere in the prototype chain, and that setter was shadowed by a
non-readonly data property also in the prototype chain.

R=ager@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7324048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-11 14:07:12 +00:00
kmillikin@chromium.org
cbaf1bc98b Allow JSObject::PreventExtensions to work for arguments objects. 
R=karlklose@chromium.org

Review URL: http://codereview.chromium.org/7335002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-11 06:48:19 +00:00
kmillikin@chromium.org
fe23339bdd Fix a bug in for/in iteration of arguments objects. 
We did not properly combine the property names from the parameter map
and the arguments backing store.  They could overwrite each other and
be unsorted.

Also fix an unrelated bug: deleting from a dictionary-mode arguments
backing store could corrupt the parameter map.

R=rossberg@chromium.org
BUG=1531
TEST=mjsunit/regress/regress-1531.js

Review URL: http://codereview.chromium.org/7278033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-08 07:31:48 +00:00
ricow@chromium.org
82e53270dc Ensure that regexps always have code object, even if GC happened while running multiple times in runtime. 
Review URL: http://codereview.chromium.org/7316018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-07 10:04:56 +00:00
sgjesse@chromium.org
ca3787f395 Fix debug break on binary boolean operators 
The syntax checker finding breakable statements did not take into account that the right hand side of a boolean binary opration might never get evaluated.

R=svenpanne@chromium.org

BUG=v8:1523
TEST=test/mjsunit/regress/regress-1523.js

Review URL: http://codereview.chromium.org//7212027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-06 10:16:57 +00:00
vitalyr@chromium.org
8f60208324 Fix bug 1529: check for NULL handle in v8::TryCatch::StackTrace. 
Internal HandleScope::CloseAndEscape crashes on NULL handles.

R=kmillikin@chromium.org
BUG=v8:1529
TEST=mjsunit/regress/regress-1529

Review URL: http://codereview.chromium.org/7309004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-04 13:29:56 +00:00
kmillikin@chromium.org
57c29c1f29 Fix a bug in with and catch context allocation. 
We were only looking one level up the scope chain to decide which
closure to use in the fresh context.  Instead, we should look to the
first non-catch scope.

R=vegorov@chromium.org
BUG=1528
TEST=regress-1528

Review URL: http://codereview.chromium.org/7309002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8523 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-04 09:34:47 +00:00
kmillikin@chromium.org
a48c03bb2a Fix an issue with optimization of functions inside catch. 
When optimizing a function defined inside a catch, we did not count
the catch context as part of the context chain.

R=vegorov@chromium.org
BUG=1521
TEST=regress-1521

Review URL: http://codereview.chromium.org/7285032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-01 14:05:46 +00:00
karlklose@chromium.org
c0e2268c8c Fix problem with arguments object ICs not checking for dictionary mode elements. 
R=kmillikin@chromium.org
BUG=1514
TEST=mjsunit/regress/regress-1513.js

Review URL: http://codereview.chromium.org/7282029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-30 14:56:06 +00:00
ager@chromium.org
0d8c343c90 Do not pass the global object as the receiver to strict-mode and 
builtin replace and sort functions.

R=ricow@chromium.org
BUG=v8:1360
TEST=mjsunit/regress/regress-1360.js

Review URL: http://codereview.chromium.org/7283006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-30 12:29:19 +00:00
kmillikin@chromium.org
6543526a9d Remove failing test while working on a fix. 
TBR=ricow@chromium.org

Review URL: http://codereview.chromium.org/7283040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-30 12:07:33 +00:00
kmillikin@chromium.org
3f84fcf6c9 Fix a bug in Object.defineProperty. 
There was a bug in Object.defineProperty when used to add an indexed
property to an arguments object.  When converting the elements backing
store to dictionary mode, the parameter map in front of the backing
store does not change.

R=ager@chromium.org,karlklose@chromium.org

Review URL: http://codereview.chromium.org/7289011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-30 11:11:19 +00:00
keuchel@chromium.org
3f70c456eb Fix "illegal access" when calling parseInt with a radix that is not a smi. 
BUG=v8:1246
TEST=regress-1246.js

Review URL: http://codereview.chromium.org/7206019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-28 12:31:42 +00:00
ager@chromium.org
89cc886ba7 Fix receiver check in arguments ICs. 
The receiver needs to be checked in the same way as all other KeyedLoadICs to take non-JSObject and objects that require access checks or has interceptors into account.

R=sgjesse@chromium.org
BUG=87478
TEST=mjsunit/regress/regress-crbug-87478.js

Review URL: http://codereview.chromium.org/7259015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8429 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-27 13:02:51 +00:00
fschneider@chromium.org
4bc671c2b0 Add missing write barrier for arguments store ICs. 
Review URL: http://codereview.chromium.org/7207006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-23 09:20:07 +00:00
ager@chromium.org
a96b9156a3 Correctly handle non-array receivers in Array length setter. 
BUG=v8:1491
TEST=mjsunit/regress/regress-1491.js

Review URL: http://codereview.chromium.org/7206038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8343 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-21 08:07:45 +00:00
erik.corry@gmail.com
c95ecb1fcd Refix issue 1472. The previous fix worked for the example in the bug 
report, but was not general enough to catch all cases.  This is a new
approach.  Includes regression test!
Review URL: http://codereview.chromium.org/7193007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8318 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-17 08:01:12 +00:00
lrn@chromium.org
ee59eff127 Make line-terminators inside multi-line comments count. 
Now follows the specification. Follows WebKit change in revision 89100.

BUG=86431
TEST=regress-892742

Review URL: http://codereview.chromium.org/7184034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-17 07:23:07 +00:00
karlklose@chromium.org
f4e4bc43a8 Merge arguments branch to bleeding edge (second try). 
Review URL: http://codereview.chromium.org/7187007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-16 14:12:58 +00:00
karlklose@chromium.org
cc19d1e278 Revert "Merge arguments branch to bleeding merge." 
This reverts commit ceb31498b9d69edca3260820fb4047045891ce6d.

TBR=kmillikin@chromium.org

Review URL: http://codereview.chromium.org/7172030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-16 06:37:49 +00:00
vegorov@chromium.org
14bf246dfa Add missing branches in code generated for LModI with power-of-2 divisor. 
BUG=v8:1476
TEST=test/mjsunit/regress/regress-1476.js

Review URL: http://codereview.chromium.org/7097015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-15 19:57:39 +00:00
karlklose@chromium.org
6cfeb2d400 Merge arguments branch to bleeding merge. 
Review URL: http://codereview.chromium.org/7167006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-15 15:09:28 +00:00
ricow@chromium.org
23d0aa614b Ensure that bound functions does not have a prototype (fixes issue 794) 
Review URL: http://codereview.chromium.org/7148014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8293 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-15 10:47:37 +00:00
ager@chromium.org
aa7ad8ee9d Fix issue 1447 by not redefining properties unneccesarily in seal and freeze. 
This avoids attempting to redefine function.arguments with a different
value than the current one. function.arguments returns a new copy on
each invocation.

R=lrn@chromium.org
BUG=v8:1447
TEST=mjsunit/regress/regress-1447.js

Review URL: http://codereview.chromium.org/7044104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-10 09:45:02 +00:00
whesse@chromium.org
c40aa827bf Add boolean flag to HChange and LNumberUntagD to not convert undefined to NaN. 
This is needed so that HCompare, optimized for double inputs, works correctly on undefined inputs.
BUG=v8:1434
TEST=mjsunit/bugs/bug-1434.js

Review URL: http://codereview.chromium.org/7044049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8237 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-09 12:27:28 +00:00
fschneider@chromium.org
68eab4a8d8 Fix bug with GVN on array loads. 
This fixes a bug where an array load was incorrectly hoisted by GVN.

BUG=85177
TEST=mjsunit/regress/regress-85177.js
Review URL: http://codereview.chromium.org/7003054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-09 11:15:03 +00:00
ager@chromium.org
626cdffaef Fix Array.prototype.{reduce,reduceRight} to pass undefined as receiver for strict mode callbacks. 
Propagate strict mode information from pre-parser to parser for lazily compiled functions.

R=lrn@chromium.org
BUG=v8:1436
TEST=mjsunit/regress/regress-1436.js

Review URL: http://codereview.chromium.org/7044054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8227 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-09 09:05:15 +00:00
whesse@chromium.org
1ea14c2041 Limit the number of arguments in a function call to 32766. 
Limit the number of arguments in a function call to 32766.  This is identical
to the limit on the number of parameters to a function.

BUG=v8:1413
TEST=

Review URL: http://codereview.chromium.org/7054074

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-07 08:15:47 +00:00
fschneider@chromium.org
7c9cf0b3a1 Re-land r8140: Deoptimize on never-executed code-paths. 
Original cl: http://codereview.chromium.org/7105015

I'm removing the test GlobalLoadICGC test that was introduced for testing
inlined global cell loads (in the classic backend) and has an invalid assumption
about the number of global objects referenced from a v8 context. We don't have
this feature with Crankshaft anymore.
Review URL: http://codereview.chromium.org/7112032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-06 14:57:25 +00:00
kmillikin@chromium.org
6a81642f31 Fix a bug in Lithium environment iteration. 
The Advance() function of the class responsible for iterating
environment uses didn't always advance as far as it could (relying on
the HasNext predicate to finish advancing).  This is brittle.

The HasNext predicate also didn't advance as far as it could when it
was at the end of an environment level.  This is a bug.

R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/6993023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8181 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-06 11:30:17 +00:00
erik.corry@gmail.com
0023cacc22 Fix traversal of the map transition tree to take the prototype 
transitions into account.
Review URL: http://codereview.chromium.org/7074052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-03 14:48:09 +00:00
fschneider@chromium.org
ff76d1ab0c Revert r8140. 
It breaks test when running with nosnapshot.
TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/7027029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-01 13:34:15 +00:00
fschneider@chromium.org
0aa422923c Eagerly deoptimize on never-executed code-paths. 
If type-feedback indicates that an expression was never executed in
the non-optimized code, we insert a forced deoptimization right away
to enable re-optimization if we ever hit this path.

With this change we still continue to build the graph. As a next step, we
should remove the dead code after the deoptimize.

I had to remove one assert about the optimization status in a test since
we now immediately deoptimize after exiting the loop that triggers OSR.

Also remove a restriction that control-flow from an inlined function in a
test context always reaches both true- and false-target.
Review URL: http://codereview.chromium.org/7105015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-06-01 11:04:40 +00:00
ager@chromium.org
544191e718 Update apply with arguments optimization for strict mode functions and builtins. 
Do not convert to object for values for strict-mode functions and
builtins.

R=ricow@chromium.org
BUG=v8:1412
TEST=mjsunit/regress/regress-1412.js

Review URL: http://codereview.chromium.org/7096006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-31 10:38:41 +00:00
ager@chromium.org
a01b45df58 Fix a number of tests that incorrectly used assertUnreachable. 
Our testing infrastructure uses exceptions to indicate
errors. assertUnreachable therefore throws an exception to indicate
that it was reached. Therefore, it cannot be used to check that an
exception was thrown using the pattern:

try {
  shouldThrow();
  assertUnreachable();
} catch(e) {
}

Such a test will always pass because assertUnreachable will throw an
exception if shouldThrow does not.

R=ricow@chromium.org

Review URL: http://codereview.chromium.org/7053035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-31 08:08:42 +00:00
ager@chromium.org
bfa2ef1f11 Fix receiver for calls to strict-mode and builtin functions that are 
potentially shadowed by eval.

R=sgjesse@chromium.org
TEST=mjsunit/regress/regress-124.js

Review URL: http://codereview.chromium.org/7096004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-31 07:57:22 +00:00
ager@chromium.org
017935408d Reapply change to Pass undefined to JS builtins when called with 
implicit receiver.

A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.

R=fschneider@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js

Review URL: http://codereview.chromium.org/7085034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-30 13:49:22 +00:00
ricow@chromium.org
7eb6f5c1ba Correctly set the length of string before creating filler object in the json parser (fixes crbug 84186). 
Testcase created based on the supplied test case from the bug report, but using json parse directly instead of through the chrome javascript console. 
Review URL: http://codereview.chromium.org/7084023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-30 06:04:36 +00:00
ager@chromium.org
c832c467a4 Revert "Pass undefined to JS builtins when called with implicit receiver." 
Presubmit and failing test.

TBR=lrn@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7071009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8075 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 11:22:29 +00:00
ager@chromium.org
19b718fe73 Pass undefined to JS builtins when called with implicit receiver. 
A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.

R=lrn@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js

Review URL: http://codereview.chromium.org/7068009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 11:07:48 +00:00
lrn@chromium.org
02c4e8bfcb Make RegExp objects not callable. 
Review URL: http://codereview.chromium.org/6930006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-26 07:35:09 +00:00
ricow@chromium.org
f675db651d Change calls to undefined property setters to not throw (fixes issue 1355). 
We currently throw when there is only a getter defined on the
property, but this should only be the case in strict mode.
Review URL: http://codereview.chromium.org/7064027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-25 08:37:38 +00:00
sgjesse@chromium.org
eff2946b9b Handle changes to the Object prototype in fast handling of arrays 
R=ager@chromium.org

BUG=v8:1403
TEST=test/mjsunit/regress/regress-1403.js

Review URL: http://codereview.chromium.org//7067019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 12:28:10 +00:00
ricow@chromium.org
ab67432ed0 Change strict mode poison pill to be the samme type error function (fixes issue 1387). 
We are now following the spec, and with regards to the error message we are following firefox (webkit still has different type errors in their nightly)
Review URL: http://codereview.chromium.org/7067017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-24 11:07:06 +00:00
sgjesse@chromium.org
825a433900 Add regression test for issue 1401 
R=ager@chromium.org

BUG=v8:1401
TEST=test/regress/regress-1401.js

Review URL: http://codereview.chromium.org//7062002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-23 13:03:45 +00:00
ager@chromium.org
98778dc802 Remove execScript from V8. No longer present i neither Firefox nor Safari. 
R=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7046002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-19 08:10:27 +00:00
vegorov@chromium.org
7fba506f23 Add regression test for http://crbug.com/82769 
Review URL: http://codereview.chromium.org/7034025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-18 12:46:21 +00:00
whesse@chromium.org
0eca2b4fc1 Fix error in postfix ++ in Crankshaft. 
Add HForceRepresentation, to represent the implicit ToNumber applied to the input of a count operation.

BUG=v8:1389

TEST=

Review URL: http://codereview.chromium.org/7033008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-17 11:41:59 +00:00
ricow@chromium.org
964dbff40d Only send null or undefined as receiver for es5 natives, not generally 
for builtin functions.
Review URL: http://codereview.chromium.org/7012012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-13 07:26:44 +00:00
ricow@chromium.org
7f8a918f08 Allow strict mode flag as extraicstate for keyed external array store ic 
We currently hit an assertion in computeflags, but the extra_ic_state is used to pass the strict mode flag in.

BUG: 1383
Review URL: http://codereview.chromium.org/7003022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-11 08:53:46 +00:00
jkummerow@chromium.org
1eedd8056d Fix timeout of test regress-1118.js 
TEST=mjsunit/regress/regress-1118.js no longer times out when run in the ARM simulator.

Review URL: http://codereview.chromium.org/6994010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-10 15:07:30 +00:00
ager@chromium.org
0961b1a936 Check that receiver is JSObject on API calls. 
R=sgjesse@chromium.org
BUG=v8:1369
TEST=mjsunit/regress/regress-1369.js

Review URL: http://codereview.chromium.org/6931056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-05-06 14:14:16 +00:00