Commit Graph

1856 Commits

Author SHA1 Message Date
mvstanton@chromium.org
7884216804 Additional work to get array literal allocation tracking working, even with --always-opt
BUG=

Review URL: https://codereview.chromium.org/11817017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-17 08:41:27 +00:00
mstarzinger@chromium.org
0484ddcf50 Fix arguments materialization for inlined apply().
This fixes materialization of the arguments object in case the constant
function check if TryCallApply() inside an inlined frame fails.

R=svenpanne@chromium.org
BUG=v8:2489
TEST=mjsunit/regress/regress-2489

Review URL: https://codereview.chromium.org/11931012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-16 09:25:45 +00:00
yangguo@chromium.org
f15f294127 Sync laziness between BuildFunctionInfo and MakeFunctionInfo.
BuildFunctionInfo compiles the function eagerly when there are debug
break points. However, the AST may have been parsed lazily since
MakeFunctionInfo does not check for debug break points.

This fixes a regression introduced in r11866.

BUG=147497

Review URL: https://chromiumcodereview.appspot.com/11661008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13382 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-15 10:16:52 +00:00
yangguo@chromium.org
eadcc1c10c Reland r13188, r13194, r13256 (Deferred formatting of error stack trace during GC).
BUG=

Review URL: https://chromiumcodereview.appspot.com/11880018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-14 13:19:27 +00:00
mstarzinger@chromium.org
c5cff2c75a Make recent regression test resilient against GC stress.
R=danno@chromium.org
TEST=mjsunit/regress/regress-165637

Review URL: https://codereview.chromium.org/11824062

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-10 14:21:27 +00:00
mstarzinger@chromium.org
1079642c97 Fix missing exception check in typed array constructor (2).
This fixes another crash when the the typed array constructor accesses
an array that has a throwing accessor defined on one of it's elements.

R=verwaest@chromium.org
BUG=chromium:168545
TEST=mjsunit/regress/regress-crbug-168545.js

Review URL: https://codereview.chromium.org/11791052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-10 11:45:29 +00:00
yangguo@chromium.org
e41c17084f Continues Latin-1 support. All tests pass with ENABLE_LATIN_1 flag.
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11818025
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 15:47:53 +00:00
yangguo@chromium.org
45f20e366a Introduce ENABLE_LATIN_1 compile flag
Mostly a bunch of renaming when flag is disabled.

R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11759008
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 10:30:54 +00:00
svenpanne@chromium.org
0aacbf9619 Added %FlattenString and use it to speed up a regression test.
Flattening strings is relatively costly and by doing it after every duplication
we avoid combinatorial explosion.

Note that flattening could have been done by e.g. using a regular expression,
too, but this is just another implementation detail and %FlattenString seems
general enough to be useful in other tests, too.

Review URL: https://codereview.chromium.org/11828014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 09:32:12 +00:00
mvstanton@chromium.org
529f801fde Adapt Danno's Track Allocation Info idea to fast literals. When allocating a literal array,
we store an AllocationSiteInfo object right after the JSArray, with a pointer to the
boilerplate object. Later, if the array transitions we check for the continued existence
of the temporary AllocationSiteInfo object (has no roots). If found, we'll use it to
transition the boilerplate array as well.

Danno's original changeset: https://codereview.chromium.org/10615002/

Review URL: https://codereview.chromium.org/11663005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-08 09:03:16 +00:00
mstarzinger@chromium.org
0e46919c32 Fix missing exception check in typed array constructor.
The typed array constructor might fail if the first argument is an
object with a length property. Accessing the property can cause an
exception to be thrown and an explicit check needs to be performed.

R=verwaest@chromium.org
BUG=chromium:168545
TEST=mjsunit/regress/regress-crbug-168545.js

Review URL: https://codereview.chromium.org/11777014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13325 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-07 14:01:04 +00:00
danno@chromium.org
4246ac3009 Generalize calling to C++ on stub deopt
Remove code specific to KeyedLoadICs in DoCompiledStubFrame on all platforms, driving stub frame translation by the register parameter information found in a stub's CodeStubInterfaceDescriptor.

Review URL: https://codereview.chromium.org/11635015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-07 10:06:11 +00:00
yangguo@chromium.org
4ee20d857b Check for read-only-ness when preparing for array sort.
R=verwaest@chromium.org
BUG=v8:2419

Review URL: https://chromiumcodereview.appspot.com/11759022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-04 15:24:47 +00:00
yangguo@chromium.org
e536abb777 Handle non-constant divisor in MathFloorOfDiv, on ia32/x64
Zheng Liu
zheng.z.liu@intel.com

Review URL: https://chromiumcodereview.appspot.com/11624022
Patch from Zheng Liu <zheng.z.liu@intel.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-28 15:52:17 +00:00
yangguo@chromium.org
2f821f1ed9 Revert r13188, r13194, r13256 (Deferred formatting of error stack trace during GC).
R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11678006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-27 13:12:27 +00:00
ulan@chromium.org
b64f834383 Fix x64 MathMinMax for negative untagged int32 arguments.
An untagged int32 has zeros in the upper half even if it is negative.
Using cmpq to compare such numbers will incorrectly ignore the sign.

BUG=164442
R=mvstanton@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11665007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-21 17:52:00 +00:00
danno@chromium.org
653a66f527 ARM: Use division instructions in lithium and stubs
BUG=none
TEST=Added to test/mjsunit/math-floor-of-div.js, math-floor-of-div-nosudiv.js

Review URL: https://codereview.chromium.org/11316105
Patch from Martyn Capewell <m.m.capewell@googlemail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-20 16:31:19 +00:00
yangguo@chromium.org
a3f16f8e65 Fix several bugs in error stack trace formatting.
GetScriptWrapper can be called recursively:
GetScriptWrapper -> GC -> DeferredFormatStackTrace -> GetScriptWrapper

GC-unsafe code in ErrorObjectList::DeferredFormatStackTrace

Enable overwriting Error.prepareStackTrace by itself while not
causing infinity recursion when it triggers an exception.

R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11649037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-20 16:25:26 +00:00
rossberg@chromium.org
97eba9d3cd Object.observe: fix observation for optimised in/decrement and compound assignment.
R=svenpanne@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11642042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-20 15:03:30 +00:00
rossberg@chromium.org
d2ed67a958 Object.observe: temporarily disable one test to unbreak ARM.
R=danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11646004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-20 14:12:41 +00:00
yangguo@chromium.org
362218a037 Deopt on overflow in integer mod.
R=ulan@chromium.org
BUG=166379

Review URL: https://chromiumcodereview.appspot.com/11618017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-19 12:01:22 +00:00
rossberg@chromium.org
c9da5fadcb Object.observe: Change semantics of deliverChangeRecords to iterate.
Added test for recursive change generation.

R=yangguo@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11593028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13239 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-19 09:51:46 +00:00
danno@chromium.org
1f4b4625ff Re-land Crankshaft-generated KeyedLoad stubs.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11528003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-18 16:25:45 +00:00
ulan@chromium.org
8574054b59 Correctly handle negative codes in String.fromCharCode()
BUG=166553

R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11576069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13235 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-18 12:37:57 +00:00
rossberg@chromium.org
c6bb497437 Simplify implementation of assignment-to-const checks.
Also, add test that assignment to function name is a syntax error with harmony scoping.

Does not fix issue 2243 directly, but with ES6, the required behaviour will change to what is implemented already anyway.

R=yangguo@chromium.org
BUG=v8:2243

Review URL: https://codereview.chromium.org/11607016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13234 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-18 12:00:50 +00:00
yangguo@chromium.org
6e953d51af Make sure error message formatting does not have side effects.
R=vegorov@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11598011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-17 14:00:50 +00:00
peter.rybin@gmail.com
133957e743 Fix set variable value bug: a function argument must be updated in 2 places
Review URL: https://codereview.chromium.org/11519020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-14 18:36:51 +00:00
rossberg@chromium.org
1080d2aade Object.oberve: assertions to narrow down flaky crashes with array length mutation.
R=mstarzinger@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11566027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-14 14:19:18 +00:00
rossberg@chromium.org
fb5a5e22ec Object.observe: Make array length and other magic data properties work correctly.
Also, disable TestFastElementsLength test for now, since it flakes on buildbots for yet unknown reasons.

R=mstarzinger@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11554019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-13 09:31:44 +00:00
danno@chromium.org
facad070e9 Remove over-zealous hole checking in Array.slice()
R=jkummerow@chromium.org
BUG=chromium:165637
TEST=regress-165637.js

Review URL: https://codereview.chromium.org/11442054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-12 15:20:45 +00:00
rossberg@chromium.org
76375de29d Object.observe: prevent observed objects from using fast elements.
This is necessary because polymorphic stores generally
do not perform a map check but only an instance type check,
which misses out on changes in the observation status.
Unfortunately, there currently is no efficient way in V8
to maintain that optimisation in the presence of Object.observe.

R=mstarzinger@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11477006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-12 11:38:24 +00:00
peter.rybin@gmail.com
6eef2f0682 Issue 2399 part 2: In debugger allow modifying local variable values
Review URL: https://codereview.chromium.org/11412310

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-11 23:27:38 +00:00
mmassi@chromium.org
ae54f9cfe0 Fix for when array bounds check elimination tries to modify a phi index.
BUG=

Review URL: https://chromiumcodereview.appspot.com/11486007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13193 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-11 14:23:04 +00:00
mstarzinger@chromium.org
07077798af Disable GC stress for mjsunit/fast-prototype.
R=yangguo@chromium.org
TEST=mjsunit/fast-prototype --gc-interval=500 --stress-compaction

Review URL: https://codereview.chromium.org/11534004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-11 10:33:04 +00:00
yangguo@chromium.org
72dfb27909 Fire 'stack' getter of error objects after GC.
BUG=v8:2340

Review URL: https://chromiumcodereview.appspot.com/11377158

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-11 10:14:01 +00:00
danno@chromium.org
64fc1f99cb Revert 13157, 13145 and 13140: Crankshaft code stubs.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/11498006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-10 11:09:12 +00:00
yangguo@chromium.org
c70a0f9334 Improve integer division on IA32 and X64
If the divisor is a Power-of-2 constant, we could use shifts instead of the
expensive idiv instructions, which also loose the register constraints.

Review URL: https://chromiumcodereview.appspot.com/11478043
Patch from Yuqiang Xian <yuqiang.xian@intel.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-10 11:02:22 +00:00
rossberg@chromium.org
9a0623f296 Object.observe support for Function 'prototype' property
BUG=v8:2409

Review URL: https://codereview.chromium.org/11416353
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-10 10:53:57 +00:00
rossberg@chromium.org
3348b5c2b4 Allow lazy compilation (and thus optimisation) of functions inside eval.
For strict-mode eval, this requires _disabling_ lazy parsing of inner functions,
because we need to collect their free variables to do allocation for the
eval scope properly.

R=mstarzinger@chromium.org
BUG=v8:2315

Review URL: https://codereview.chromium.org/11438042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13161 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-07 10:35:50 +00:00
yangguo@chromium.org
3388f92e63 Fix spec violations in methods of Number.prototype.
R=svenpanne@chromium.org
BUG=v8:2443

Review URL: https://chromiumcodereview.appspot.com/11465005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-07 10:20:35 +00:00
yangguo@chromium.org
276c790c61 Iterate through all arguments for side effects in Math.min/max.
R=svenpanne@chromium.org
BUG=v8:2444

Review URL: https://chromiumcodereview.appspot.com/11444030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13150 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-06 13:13:38 +00:00
yangguo@chromium.org
2200972f48 Update test expectations.
Test failure has been fixed in r13050.

R=jkummerow@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11450004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-06 13:13:01 +00:00
yangguo@chromium.org
c75ca45000 Improve array to string conversion.
BUG=v8:2435

Review URL: https://chromiumcodereview.appspot.com/11348349

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 15:49:22 +00:00
yangguo@chromium.org
6c92aba643 Fix spec violations related to regexp.lastIndex
BUG=v8:2437, v8:2438

Review URL: https://chromiumcodereview.appspot.com/11451005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13143 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 12:32:25 +00:00
rossberg@chromium.org
6b16d0bcae Make Object.observe on the global object functional
The approach in this change is to handle the unwrapping/wrapping of the global object transparently with respect to the JS implementation of Object.observe. An alternate approach would be to add a runtime method like %IsJSGlobalProxy and %UnwrapJSGlobalProxy, but it seems ugly to give JS (even implementation JS) access to the unwrapped global.

BUG=v8:2409

Review URL: https://codereview.chromium.org/11414094
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 12:03:57 +00:00
rossberg@chromium.org
23850c16b2 Object.observe: notify of __proto__ changes
BUG=v8:2409

Review URL: https://codereview.chromium.org/11299260

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13141 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 11:47:45 +00:00
danno@chromium.org
f19959cd22 Enable stub generation using Hydrogen/Lithium (again)
This initial implementation generates only KeyedLoadICs using the new Hydrogen stub infrastructure.

Committed: https://code.google.com/p/v8/source/detail?r=13105

Committed: https://code.google.com/p/v8/source/detail?r=13117

Review URL: https://codereview.chromium.org/10701054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 11:04:10 +00:00
peter.rybin@gmail.com
be4418bae0 Issue 2429, core implementation and the protocol change
Review URL: https://codereview.chromium.org/11421100

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13123 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-03 21:47:39 +00:00
peter.rybin@gmail.com
4b3e67070e Issue 2399 part 1: In debugger allow modifying local variable values
Review URL: https://codereview.chromium.org/11415042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-03 20:29:29 +00:00
danno@chromium.org
66f6a8182c Revert 13117: "Enable stub generation using Hydrogen/Lithium (again)"
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/11415261

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-03 17:16:51 +00:00