Commit Graph

143 Commits

Author SHA1 Message Date
olehougaard
77a92988d2 Introduce access control in propertyIsEnumerable.
Also, fix JSObject::getPropertyAttribute() so it deals correctly with access control modifiers.
Review URL: http://codereview.chromium.org/8834

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-31 09:42:14 +00:00
kasperl@chromium.org
744aedd2d0 Fix natives fuzzing: Let the StringIndexOf runtime function
deal with start indexes that are out of range.
Review URL: http://codereview.chromium.org/8762

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-31 08:51:26 +00:00
kasperl@chromium.org
95e880ad33 Extend test case to cover calling runtime functions
from JavaScript.
Review URL: http://codereview.chromium.org/8915

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-30 14:16:02 +00:00
ager@chromium.org
2013421859 Add support for API accessors that prohibit overwriting by accessors
defined in JavaScript code by using __defineGetter__ and
__defineSetter__.

Also, disable access checks when configuring objects created from
templates.
Review URL: http://codereview.chromium.org/8914

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@656 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-30 12:51:06 +00:00
sgjesse@chromium.org
52b2a12684 Added some missing initialization checks to the debugger API.
BUG=3723 (Chromium)
Review URL: http://codereview.chromium.org/8909

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-30 10:27:28 +00:00
kasperl@chromium.org
a2be3b6f84 Make sure that allocations through CALL_HEAP_FUNCTION
and runtime calls from JavaScript will always succeed
eventually if we have enough memory.
Review URL: http://codereview.chromium.org/8700

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-30 09:15:58 +00:00
sgjesse@chromium.org
4717ed1de9 Most of the crashing ARM tests failed in debug mode.
TBR=kasperl
Review URL: http://codereview.chromium.org/8698

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-29 15:50:50 +00:00
sgjesse@chromium.org
10e380400b Skip the tests which currently crash on the ARM simulator.
Review URL: http://codereview.chromium.org/8696

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-29 14:23:18 +00:00
sgjesse@chromium.org
0b96fb22f3 Added crash detection to tests on Linux.
Added the timeout condition to the CommandOutput class.
Review URL: http://codereview.chromium.org/8695

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-29 12:51:14 +00:00
kasperl@chromium.org
b5fe75f950 Fix issue with Array.concat not preserving holes in the
top-level arrays.
Review URL: http://codereview.chromium.org/8694

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-29 10:02:09 +00:00
kmillikin@chromium.org
3450c12ffb Because allocation in large object space can now require checking the
size of the entire old generation, the heap must be (more) properly
set up to test the large object space.
Review URL: http://codereview.chromium.org/8872

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@634 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-29 10:00:38 +00:00
feng@chromium.org
4c1a5810b9 Implement Array::concat function in C++.
The performance of Array::concat is critical of jQuery benchmark from
http://www.dromaeo.com. Our current implementation in JavaScript is very
generic and is several times slower than JSC and SpiderMonkey.

Re-implement Array::concat in C++ to take advantage of underlying implementation
details. This cuts dom-travesal-jquery execution time by half.

We may want to move Array specific implementation into a separate source file,
say jsarray.cc.

Review URL: http://codereview.chromium.org/7990

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-28 14:47:50 +00:00
kasperl@chromium.org
a71cca5054 Allow string-compare-alignment to pass on ARM simulator.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-27 16:43:56 +00:00
erik.corry@gmail.com
5f4c9b0960 It seems we haven't nailed the unaligned string compare problem yet.
Review URL: http://codereview.chromium.org/8622

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@610 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-27 15:53:29 +00:00
erik.corry@gmail.com
d7c5ee9120 Test for a bug that was fixed in r554 where we used unaligned accesses on ARM
with surprising results.
Review URL: http://codereview.chromium.org/8619

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-27 14:42:23 +00:00
erik.corry@gmail.com
6e00a80354 You can't use BinarySearch on an unsorted array and other
sillinesses found while trying to get rid of medium-sized strings.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-26 20:50:05 +00:00
kasperl@chromium.org
c128b8d9de Improve code for looking up in context slots in runtime.cc and
use safe casting operations to slot access on contexts when
possible.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-24 10:59:40 +00:00
kasperl@chromium.org
91b19fcfe6 Fix lint issue.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-24 10:15:07 +00:00
sgjesse@chromium.org
5ffd290217 Changed the workarround for a GCC compiler bug to be only active for the GCC
version range for which the bug is known to exist.

Added include to compile with GCC 4.3.1.

BUG=122


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-24 09:35:27 +00:00
sgjesse@chromium.org
39a5ffbd85 Cleanup of http://codereview.chromium.org/8101.
Changed the catcher_ field to a boolean value and renamed it. Modified the
propagation of the external caught exception to also clear the current
TryCatch if there is no exception as it might hold an exception which has
been bypassed by code in a finally block.

Minor formatting changes to a test.
Review URL: http://codereview.chromium.org/8102

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-24 06:22:47 +00:00
sgjesse@chromium.org
f7367a9fe6 Posponed the setting of "external_caught_exception" to when leaving JavaScript
execution. This is achieved by storing a pointer to the C++ TryCatch when the
exception is thrown and checking that this is the handler active when leaving
JavaScript.
Review URL: http://codereview.chromium.org/8101

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 12:54:13 +00:00
kasperl@chromium.org
b454b326a1 Fix lint issue.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 11:09:48 +00:00
christian.plesner.hansen@gmail.com
e08ce319ca Added v8::Object::GetProperties method that returns an array of all
the enumerable properties of an object.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@568 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 10:31:49 +00:00
kasperl@chromium.org
b727198587 Fix issue 124 by computing the receiver correctly when
the property is found in a context slot.
Review URL: http://codereview.chromium.org/8097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 08:42:22 +00:00
sgjesse@chromium.org
63afc7bad3 Changed the message reporting for try { ... } finally { ... } statements to
report the exception when they happen in the try block and not as previously
when re-thrown after execution of the finally block. There is no longer any
message generated by re-throw.

Added test cases for various combinations of try/catch/finally with throw in
different places.

Added a regression directory to the messages tests which is processed by the
test runner.

Added regression tests for the specific bugs fixed.

Runs all the test suites.

BUG=73
BUG=75
Review URL: http://codereview.chromium.org/8050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@565 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 08:40:19 +00:00
christian.plesner.hansen@gmail.com
c7ed0707a3 - Added const in a few places.
- Changed WeakReferenceCallback to take a Persistent<Value> instead of
  a Persistent<Object>.
- Removed Message::GetUnderline and Message::GetScriptData.
- Added Value::IsDate, Date::Cast and Date::Value.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 08:25:23 +00:00
kasperl@chromium.org
8e675da371 Update Mozilla test status to reflect that regress-363258
is flaky on Linux and Mac (as well as Windows) and remove
line that refers to non-existing mozilla/... test.
Review URL: http://codereview.chromium.org/7910

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@559 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 06:11:39 +00:00
kasperl@chromium.org
96733af32b Added failing test case for bug 124.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 05:49:05 +00:00
bak@chromium.org
bf948c8313 - Optimized CopyFixedArray and CopyJSObject.
- Refactored block copying.

Review URL: http://codereview.chromium.org/7863

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-22 08:21:18 +00:00
feng@chromium.org
648f6d21c6 Fix style issues.
TBR=iposva

Review URL: http://codereview.chromium.org/7830

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 20:08:49 +00:00
feng@chromium.org
42ef2c3d77 Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr

This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.

V8 support of split window:
  There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;

  V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.

  Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.

  When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.


It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.

I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.


Review URL: http://codereview.chromium.org/7366

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
erik.corry@gmail.com
99f5ae88a3 Fix bug 1439135 (slicedstring on constring not flat)
Review URL: http://codereview.chromium.org/7809

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 08:08:17 +00:00
kasperl@chromium.org
3d4d596e00 Added failing test case for bug 1439135.
Review URL: http://codereview.chromium.org/7808

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 07:39:53 +00:00
bak@chromium.org
7cd44cea9b - Removed a few indirections by making the two SemiSpaces
part of NewSpace and made NewSpace statically allocated.
- Eliminated indirection in MigrateObject.

Review URL: http://codereview.chromium.org/7619

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-17 09:13:27 +00:00
kasperl@chromium.org
c63477df3d Fix issue 116 by returning the value from SetFastElement.
Review URL: http://codereview.chromium.org/7615

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-17 06:36:35 +00:00
iposva@chromium.org
6d97b325db - Fix instance size calculation to ensure that the object cannot
overflow the maximum object size.
- Added a test that will crash previous revisions.

Review URL: http://codereview.chromium.org/7427

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@507 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-16 05:45:33 +00:00
lrn@chromium.org
c46b0e84d4 Reduced the string length and rounds in the extensive indexOf-test in string-indexof.js.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-14 10:56:40 +00:00
olehougaard
cee2947da0 Testing that sorting behaves reasonably with a bad comparison function.
Review URL: http://codereview.chromium.org/7137

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@494 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-14 10:50:44 +00:00
christian.plesner.hansen@gmail.com
a601594796 Fixed bug 114
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-14 09:13:23 +00:00
lrn@chromium.org
9e0609db8e Most operations are faster than before.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-14 08:57:31 +00:00
erik.corry@gmail.com
89ac41aff9 If an allocation is so huge that we cannot code the size needed in the failure
object then we just return an out of memory failure object (instead of a retry
after GC failure object).  Not all places that checked for retry-after-GC were
able to handle an immediate out of memory failure.

This fixes http://code.google.com/p/v8/issues/detail?id=70
Review URL: http://codereview.chromium.org/6340

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-09 11:26:37 +00:00
christian.plesner.hansen@gmail.com
76b1efea2d - Specialized slow-case string equality nine ways based on the
underlying string representation of the two strings involved.
- Renamed ascii and two byte string classes to sequential ascii and
  sequential two byte, and renamed IsAscii and friends to
  IsAsciiRepresentation.  This is to make a clear distinction between
  strings with an ascii/two-byte representation, of which there is
  four, and flat sequential ascii/two-byte string.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-09 08:08:04 +00:00
kasperl@chromium.org
1aee7c79aa Fix typo in include/v8.h (issue 108) and mark test-spaces/LargeObjectSpace as flaky on ARM (issue 113). TBR=ager@chromium.org
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-09 05:39:00 +00:00
kasperl@chromium.org
b314b46b09 Make sure to check that the function prototype is a
real JavaScript object before looking for it in the
prototype chain during instanceof checks.
Review URL: http://codereview.chromium.org/6579

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-08 14:03:53 +00:00
kasperl@chromium.org
77643dbef6 Improve the generated code for the instanceof operator,
and extended the instanceof test case.
Review URL: http://codereview.chromium.org/6341

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-08 13:33:16 +00:00
bak@chromium.org
9dadae1bfb - Fixed Issue 3201: Embedded Google Calendar crashes the renderer
ExtendStorage did not work with keyed store IC.
- Reduced instructions generated when performing a tail call to 
  kSharedStoreIC_ExtendStorage
- Moved test/mjsunit/bugs/bug-109.js
  to test/mjsunit/keyed-storage-extend.js

Review URL: http://codereview.chromium.org/6526

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-07 09:28:04 +00:00
lrn@chromium.org
ca7668ee32 Fixed typo
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@454 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-07 09:04:23 +00:00
kasperl@chromium.org
f7174fd151 Add reproducible failing test case for bug 109.
Review URL: http://codereview.chromium.org/6300

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@451 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-07 08:11:38 +00:00
sgjesse@chromium.org
47439f3274 Skip the test debug-scripts-request on ARM in debug mode. It has consistently
been running for more than 3 minutes on Arm�g.g.
Review URL: http://codereview.chromium.org/6273

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@447 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-06 15:16:53 +00:00
sgjesse@chromium.org
167d7b4504 Marked a test parsing on ARM as parsing.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@446 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-06 14:30:24 +00:00