mvstanton@chromium.org
7884216804
Additional work to get array literal allocation tracking working, even with --always-opt
...
BUG=
Review URL: https://codereview.chromium.org/11817017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-17 08:41:27 +00:00
mstarzinger@chromium.org
0484ddcf50
Fix arguments materialization for inlined apply().
...
This fixes materialization of the arguments object in case the constant
function check if TryCallApply() inside an inlined frame fails.
R=svenpanne@chromium.org
BUG=v8:2489
TEST=mjsunit/regress/regress-2489
Review URL: https://codereview.chromium.org/11931012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-16 09:25:45 +00:00
yangguo@chromium.org
f15f294127
Sync laziness between BuildFunctionInfo and MakeFunctionInfo.
...
BuildFunctionInfo compiles the function eagerly when there are debug
break points. However, the AST may have been parsed lazily since
MakeFunctionInfo does not check for debug break points.
This fixes a regression introduced in r11866.
BUG=147497
Review URL: https://chromiumcodereview.appspot.com/11661008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13382 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-15 10:16:52 +00:00
yangguo@chromium.org
eadcc1c10c
Reland r13188, r13194, r13256 (Deferred formatting of error stack trace during GC).
...
BUG=
Review URL: https://chromiumcodereview.appspot.com/11880018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-14 13:19:27 +00:00
mstarzinger@chromium.org
c5cff2c75a
Make recent regression test resilient against GC stress.
...
R=danno@chromium.org
TEST=mjsunit/regress/regress-165637
Review URL: https://codereview.chromium.org/11824062
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-10 14:21:27 +00:00
mstarzinger@chromium.org
1079642c97
Fix missing exception check in typed array constructor (2).
...
This fixes another crash when the the typed array constructor accesses
an array that has a throwing accessor defined on one of it's elements.
R=verwaest@chromium.org
BUG=chromium:168545
TEST=mjsunit/regress/regress-crbug-168545.js
Review URL: https://codereview.chromium.org/11791052
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-10 11:45:29 +00:00
yangguo@chromium.org
e41c17084f
Continues Latin-1 support. All tests pass with ENABLE_LATIN_1 flag.
...
R=yangguo@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11818025
Patch from Dan Carney <dcarney@google.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 15:47:53 +00:00
yangguo@chromium.org
45f20e366a
Introduce ENABLE_LATIN_1 compile flag
...
Mostly a bunch of renaming when flag is disabled.
R=yangguo@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11759008
Patch from Dan Carney <dcarney@google.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 10:30:54 +00:00
svenpanne@chromium.org
0aacbf9619
Added %FlattenString and use it to speed up a regression test.
...
Flattening strings is relatively costly and by doing it after every duplication
we avoid combinatorial explosion.
Note that flattening could have been done by e.g. using a regular expression,
too, but this is just another implementation detail and %FlattenString seems
general enough to be useful in other tests, too.
Review URL: https://codereview.chromium.org/11828014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 09:32:12 +00:00
mvstanton@chromium.org
529f801fde
Adapt Danno's Track Allocation Info idea to fast literals. When allocating a literal array,
...
we store an AllocationSiteInfo object right after the JSArray, with a pointer to the
boilerplate object. Later, if the array transitions we check for the continued existence
of the temporary AllocationSiteInfo object (has no roots). If found, we'll use it to
transition the boilerplate array as well.
Danno's original changeset: https://codereview.chromium.org/10615002/
Review URL: https://codereview.chromium.org/11663005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-08 09:03:16 +00:00
mstarzinger@chromium.org
0e46919c32
Fix missing exception check in typed array constructor.
...
The typed array constructor might fail if the first argument is an
object with a length property. Accessing the property can cause an
exception to be thrown and an explicit check needs to be performed.
R=verwaest@chromium.org
BUG=chromium:168545
TEST=mjsunit/regress/regress-crbug-168545.js
Review URL: https://codereview.chromium.org/11777014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13325 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-07 14:01:04 +00:00
danno@chromium.org
4246ac3009
Generalize calling to C++ on stub deopt
...
Remove code specific to KeyedLoadICs in DoCompiledStubFrame on all platforms, driving stub frame translation by the register parameter information found in a stub's CodeStubInterfaceDescriptor.
Review URL: https://codereview.chromium.org/11635015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-07 10:06:11 +00:00
yangguo@chromium.org
4ee20d857b
Check for read-only-ness when preparing for array sort.
...
R=verwaest@chromium.org
BUG=v8:2419
Review URL: https://chromiumcodereview.appspot.com/11759022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-04 15:24:47 +00:00
yangguo@chromium.org
e536abb777
Handle non-constant divisor in MathFloorOfDiv, on ia32/x64
...
Zheng Liu
zheng.z.liu@intel.com
Review URL: https://chromiumcodereview.appspot.com/11624022
Patch from Zheng Liu <zheng.z.liu@intel.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-28 15:52:17 +00:00
yangguo@chromium.org
2f821f1ed9
Revert r13188, r13194, r13256 (Deferred formatting of error stack trace during GC).
...
R=ulan@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11678006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-27 13:12:27 +00:00
ulan@chromium.org
b64f834383
Fix x64 MathMinMax for negative untagged int32 arguments.
...
An untagged int32 has zeros in the upper half even if it is negative.
Using cmpq to compare such numbers will incorrectly ignore the sign.
BUG=164442
R=mvstanton@chromium.org
Review URL: https://chromiumcodereview.appspot.com/11665007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-21 17:52:00 +00:00
danno@chromium.org
653a66f527
ARM: Use division instructions in lithium and stubs
...
BUG=none
TEST=Added to test/mjsunit/math-floor-of-div.js, math-floor-of-div-nosudiv.js
Review URL: https://codereview.chromium.org/11316105
Patch from Martyn Capewell <m.m.capewell@googlemail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-20 16:31:19 +00:00
yangguo@chromium.org
a3f16f8e65
Fix several bugs in error stack trace formatting.
...
GetScriptWrapper can be called recursively:
GetScriptWrapper -> GC -> DeferredFormatStackTrace -> GetScriptWrapper
GC-unsafe code in ErrorObjectList::DeferredFormatStackTrace
Enable overwriting Error.prepareStackTrace by itself while not
causing infinity recursion when it triggers an exception.
R=ulan@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11649037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-20 16:25:26 +00:00
rossberg@chromium.org
97eba9d3cd
Object.observe: fix observation for optimised in/decrement and compound assignment.
...
R=svenpanne@chromium.org
BUG=v8:2409
Review URL: https://codereview.chromium.org/11642042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-20 15:03:30 +00:00
rossberg@chromium.org
d2ed67a958
Object.observe: temporarily disable one test to unbreak ARM.
...
R=danno@chromium.org
BUG=
Review URL: https://codereview.chromium.org/11646004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-20 14:12:41 +00:00
yangguo@chromium.org
362218a037
Deopt on overflow in integer mod.
...
R=ulan@chromium.org
BUG=166379
Review URL: https://chromiumcodereview.appspot.com/11618017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-19 12:01:22 +00:00
rossberg@chromium.org
c9da5fadcb
Object.observe: Change semantics of deliverChangeRecords to iterate.
...
Added test for recursive change generation.
R=yangguo@chromium.org
BUG=v8:2409
Review URL: https://codereview.chromium.org/11593028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13239 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-19 09:51:46 +00:00
danno@chromium.org
1f4b4625ff
Re-land Crankshaft-generated KeyedLoad stubs.
...
R=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/11528003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-18 16:25:45 +00:00
ulan@chromium.org
8574054b59
Correctly handle negative codes in String.fromCharCode()
...
BUG=166553
R=yangguo@chromium.org
Review URL: https://chromiumcodereview.appspot.com/11576069
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13235 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-18 12:37:57 +00:00
rossberg@chromium.org
c6bb497437
Simplify implementation of assignment-to-const checks.
...
Also, add test that assignment to function name is a syntax error with harmony scoping.
Does not fix issue 2243 directly, but with ES6, the required behaviour will change to what is implemented already anyway.
R=yangguo@chromium.org
BUG=v8:2243
Review URL: https://codereview.chromium.org/11607016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13234 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-18 12:00:50 +00:00
yangguo@chromium.org
6e953d51af
Make sure error message formatting does not have side effects.
...
R=vegorov@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11598011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-17 14:00:50 +00:00
peter.rybin@gmail.com
133957e743
Fix set variable value bug: a function argument must be updated in 2 places
...
Review URL: https://codereview.chromium.org/11519020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-14 18:36:51 +00:00
rossberg@chromium.org
1080d2aade
Object.oberve: assertions to narrow down flaky crashes with array length mutation.
...
R=mstarzinger@chromium.org
BUG=v8:2409
Review URL: https://codereview.chromium.org/11566027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-14 14:19:18 +00:00
rossberg@chromium.org
fb5a5e22ec
Object.observe: Make array length and other magic data properties work correctly.
...
Also, disable TestFastElementsLength test for now, since it flakes on buildbots for yet unknown reasons.
R=mstarzinger@chromium.org
BUG=v8:2409
Review URL: https://codereview.chromium.org/11554019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-13 09:31:44 +00:00
danno@chromium.org
facad070e9
Remove over-zealous hole checking in Array.slice()
...
R=jkummerow@chromium.org
BUG=chromium:165637
TEST=regress-165637.js
Review URL: https://codereview.chromium.org/11442054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-12 15:20:45 +00:00
rossberg@chromium.org
76375de29d
Object.observe: prevent observed objects from using fast elements.
...
This is necessary because polymorphic stores generally
do not perform a map check but only an instance type check,
which misses out on changes in the observation status.
Unfortunately, there currently is no efficient way in V8
to maintain that optimisation in the presence of Object.observe.
R=mstarzinger@chromium.org
BUG=v8:2409
Review URL: https://codereview.chromium.org/11477006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-12 11:38:24 +00:00
peter.rybin@gmail.com
6eef2f0682
Issue 2399 part 2: In debugger allow modifying local variable values
...
Review URL: https://codereview.chromium.org/11412310
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-11 23:27:38 +00:00
mmassi@chromium.org
ae54f9cfe0
Fix for when array bounds check elimination tries to modify a phi index.
...
BUG=
Review URL: https://chromiumcodereview.appspot.com/11486007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13193 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-11 14:23:04 +00:00
mstarzinger@chromium.org
07077798af
Disable GC stress for mjsunit/fast-prototype.
...
R=yangguo@chromium.org
TEST=mjsunit/fast-prototype --gc-interval=500 --stress-compaction
Review URL: https://codereview.chromium.org/11534004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-11 10:33:04 +00:00
yangguo@chromium.org
72dfb27909
Fire 'stack' getter of error objects after GC.
...
BUG=v8:2340
Review URL: https://chromiumcodereview.appspot.com/11377158
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-11 10:14:01 +00:00
danno@chromium.org
64fc1f99cb
Revert 13157, 13145 and 13140: Crankshaft code stubs.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/11498006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-10 11:09:12 +00:00
yangguo@chromium.org
c70a0f9334
Improve integer division on IA32 and X64
...
If the divisor is a Power-of-2 constant, we could use shifts instead of the
expensive idiv instructions, which also loose the register constraints.
Review URL: https://chromiumcodereview.appspot.com/11478043
Patch from Yuqiang Xian <yuqiang.xian@intel.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-10 11:02:22 +00:00
rossberg@chromium.org
9a0623f296
Object.observe support for Function 'prototype' property
...
BUG=v8:2409
Review URL: https://codereview.chromium.org/11416353
Patch from Adam Klein <adamk@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-10 10:53:57 +00:00
rossberg@chromium.org
3348b5c2b4
Allow lazy compilation (and thus optimisation) of functions inside eval.
...
For strict-mode eval, this requires _disabling_ lazy parsing of inner functions,
because we need to collect their free variables to do allocation for the
eval scope properly.
R=mstarzinger@chromium.org
BUG=v8:2315
Review URL: https://codereview.chromium.org/11438042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13161 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-07 10:35:50 +00:00
yangguo@chromium.org
3388f92e63
Fix spec violations in methods of Number.prototype.
...
R=svenpanne@chromium.org
BUG=v8:2443
Review URL: https://chromiumcodereview.appspot.com/11465005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-07 10:20:35 +00:00
yangguo@chromium.org
276c790c61
Iterate through all arguments for side effects in Math.min/max.
...
R=svenpanne@chromium.org
BUG=v8:2444
Review URL: https://chromiumcodereview.appspot.com/11444030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13150 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-06 13:13:38 +00:00
yangguo@chromium.org
2200972f48
Update test expectations.
...
Test failure has been fixed in r13050.
R=jkummerow@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11450004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-06 13:13:01 +00:00
yangguo@chromium.org
c75ca45000
Improve array to string conversion.
...
BUG=v8:2435
Review URL: https://chromiumcodereview.appspot.com/11348349
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 15:49:22 +00:00
yangguo@chromium.org
6c92aba643
Fix spec violations related to regexp.lastIndex
...
BUG=v8:2437, v8:2438
Review URL: https://chromiumcodereview.appspot.com/11451005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13143 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 12:32:25 +00:00
rossberg@chromium.org
6b16d0bcae
Make Object.observe on the global object functional
...
The approach in this change is to handle the unwrapping/wrapping of the global object transparently with respect to the JS implementation of Object.observe. An alternate approach would be to add a runtime method like %IsJSGlobalProxy and %UnwrapJSGlobalProxy, but it seems ugly to give JS (even implementation JS) access to the unwrapped global.
BUG=v8:2409
Review URL: https://codereview.chromium.org/11414094
Patch from Adam Klein <adamk@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 12:03:57 +00:00
rossberg@chromium.org
23850c16b2
Object.observe: notify of __proto__ changes
...
BUG=v8:2409
Review URL: https://codereview.chromium.org/11299260
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13141 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 11:47:45 +00:00
danno@chromium.org
f19959cd22
Enable stub generation using Hydrogen/Lithium (again)
...
This initial implementation generates only KeyedLoadICs using the new Hydrogen stub infrastructure.
Committed: https://code.google.com/p/v8/source/detail?r=13105
Committed: https://code.google.com/p/v8/source/detail?r=13117
Review URL: https://codereview.chromium.org/10701054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-05 11:04:10 +00:00
peter.rybin@gmail.com
be4418bae0
Issue 2429, core implementation and the protocol change
...
Review URL: https://codereview.chromium.org/11421100
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13123 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-03 21:47:39 +00:00
peter.rybin@gmail.com
4b3e67070e
Issue 2399 part 1: In debugger allow modifying local variable values
...
Review URL: https://codereview.chromium.org/11415042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-03 20:29:29 +00:00
danno@chromium.org
66f6a8182c
Revert 13117: "Enable stub generation using Hydrogen/Lithium (again)"
...
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/11415261
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-12-03 17:16:51 +00:00