Commit Graph

2545 Commits

Author SHA1 Message Date
hpayer@chromium.org
86cf9ca690 Enable concurrent sweeping.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/146833012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 14:37:22 +00:00
dslomov@chromium.org
1a67b7f86a External Array renaming and boilerplate scrapping
Replaced symbolic names with correct JS name (byte -> int8, unsigned int -> uint32 etc).
Using macros to scrap the boilerplate
BUG=
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/145133013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 16:01:15 +00:00
verwaest@chromium.org
21532ddfdc Reland ArrayPop / ArrayPush.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/138443012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:47:53 +00:00
machenbach@chromium.org
cde3ed1fe3 Speed up some mjsunit test cases and clean up test expectations for arm and mips.
Many skipped test cases already run very fast. Removing the corresponding expectations.

BUG=
R=jkummerow@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/138503008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:36:45 +00:00
jkummerow@chromium.org
ee4e034d70 Revert broken ArrayPop changes
This reverts:
r18749 "Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."",
r18790 "Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.", and
r18798 "MIPS: Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft."

For causing crashes on Canary.

BUG=chromium:337686
LOG=N
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/146003006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 08:32:50 +00:00
machenbach@chromium.org
ca0d99196d Disable SetAllocationTimeout in fuzz-natives test since it has varargs.
BUG=
R=mstarzinger@chromium.org
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/145803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 16:33:35 +00:00
verwaest@chromium.org
6b60546b16 Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/137693003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 16:20:25 +00:00
hpayer@chromium.org
83a1df2354 Remove Heap::MaxRegularSpaceAllocationSize and use Page::MaxRegularHeapObjectSize instead.
BUG=
R=mstarzinger@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/141653016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 13:02:27 +00:00
hpayer@chromium.org
a92e87e100 Make the full object memory size of a page available for a single allocation.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/145493004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 12:13:20 +00:00
machenbach@chromium.org
c159485fb1 [Sheriff] Temporarily mark test as flaky.
BUG=
TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/145593002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 10:54:30 +00:00
verwaest@chromium.org
f30330325e Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/144913003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 13:22:58 +00:00
dslomov@chromium.org
33d7e64b51 ES6: Implement Object.setPrototypeOf
This reverts commit bdc89ae76c15f3ef2626f8849744500248aec3ba.

This is a revert of the revert with test/webkit updated as needed.

Original CL Description:

http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.setprototypeof

This just exposes the internal %SetPrototype and adds all the required
type checks as specified.

BUG=v8:2675
LOG=Y
R=dslomov@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/144193005

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 12:15:57 +00:00
svenpanne@chromium.org
b4949cfd62 Fixed floor-of-div optimization.
We removed an HDiv by hand which was still used by an HChange. The
solution is letting dead code removal do the cleanup.

Removed a fragile "optimization" (looking through an HChange), too,
this obviously never triggered and is hard to get right given all our
global invariants and state/type/... changes.

The repro is a bit tricky, because you need inlining to make our
representations and types disagree in this case.

LOG=y
BUG=334708
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/143903016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 11:54:51 +00:00
machenbach@chromium.org
1864f7388e Add infrastructure for skipping tests in GC stress mode.
Also move the GC stress configuration from the buildbot to the test runner.

BUG=
R=jkummerow@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/141653008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 12:41:25 +00:00
machenbach@chromium.org
63cd984538 [Sheriff] Temporarily mark array-literal-feedback as flaky for GC stress.
The test is blocking the v8 lkgr. It will be unmarked again after there is infrastructure to disable it on GC stress only.

BUG=
TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/143463004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 07:58:54 +00:00
machenbach@chromium.org
3be4500877 [Sheriff] Temporarily mark two mjsunit tests as flaky.
The tests are blocking the v8 lkgr. They will be unmarked again after there is infrastructure to disable them on GC stress only.

TBR=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/139343008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 19:05:31 +00:00
titzer@chromium.org
5771b0975a Fix representation requirement in HReturn.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/143523002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 19:00:11 +00:00
verwaest@chromium.org
9f64f43a1c Turn ArrayPush into a stub specialized on the elements kind and argc.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/143213003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 17:09:24 +00:00
dslomov@chromium.org
5b7b4b99b7 Revert "ES6: Implement Object.setPrototypeOf"
This reverts commit r18685 for breaking WebKit tests.

TBR=arv@chromium.org

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 10:59:07 +00:00
dslomov@chromium.org
1e3a14da44 ES6: Implement Object.setPrototypeOf
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.setprototypeof

This just exposes the internal %SetPrototype and adds all the required
type checks as specified.

BUG=v8:2675
LOG=Y
R=dslomov@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/141913002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 10:38:01 +00:00
verwaest@chromium.org
ef52aeb701 Remove special ArrayCode CallIC.
Once Call ICs are replaced by LoadIC + CallFunctionStub, we'll need a new way
of tracking this information.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/141073006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-17 11:24:36 +00:00
mvstanton@chromium.org
155ef100e9 Fix logic error in assert in IsUndeclaredGlobal()
Recent changes in IC logic meant that CallStubs no longer use the Contextual bit. IsUndeclaredGlobal() needed to adjust for that.

In fact, now the CL has morphed to remove the notion of storing contextual state in the IC at all, it just becomes some extra ic state of the load ic. This took some adjustment in harmony code to use the global receiver for certain stores.

Now it's clearer that only LoadICs actually record any information about contextual or not.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/140943002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-17 11:08:24 +00:00
verwaest@chromium.org
53f46c5214 Get rid of ContextualMode for call ICs.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/137083002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 16:15:05 +00:00
mstarzinger@chromium.org
4d338985b9 Closed generator returns a completed object instead of throwing a error
From ES6 rev20 draft, closed generator returns completed object (the
value is `undefined` and done is `true`).
Since a error thrown in generator is propagated to the caller without
setting status of a thrown generator to "completed", once a generator is
suspended by a error, status becomes "executing" forever. This is filed
as v8:3096

LOG=N
BUG=v8:3097
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/136003003

Patch from Yusuke Suzuki <yusukesuzuki@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 15:19:34 +00:00
jkummerow@chromium.org
be4c1bdac2 Fix test after r18586
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/138063003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 14:00:10 +00:00
jkummerow@chromium.org
1ed94acf0c Turn Runtime_MigrateInstance into Runtime_TryMigrateInstance
because it must not cause lazy deopts because it is called from deferred code that cannot handle lazy deopts.

Hat tip to Ben for doing most of the debugging work, and to Toon for writing the regression test.

BUG=chromium:315252
LOG=Y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/131243003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 13:41:09 +00:00
verwaest@chromium.org
f2245a9cf9 Make the strict-mode calling convention for contextual calls the default one.
BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/131663003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 12:04:10 +00:00
hpayer@chromium.org
dcf7f73ec0 Enable allocation site pretenuring.
Disable elements-kind.js unit test temporarily on gc stress builders.

BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/136813002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-13 17:11:36 +00:00
jarin@chromium.org
c0f622a45b Fix of Hydrogen environment building for function "apply" calls.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/133773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-11 13:59:04 +00:00
bmeurer@chromium.org
967d6499d2 Revert "Temporarily disable performance.now() in the d8 shell."
This reverts commit r18529.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/133523003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-10 12:07:29 +00:00
bmeurer@chromium.org
1b1c27d916 Temporarily disable performance.now() in the d8 shell.
Review URL: https://codereview.chromium.org/133663002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-10 11:17:57 +00:00
rossberg@chromium.org
014a86ef8c ES6: Add Object.getOwnPropertySymbols
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.getownpropertysymbols

This allows you to get the symbols used as property keys for an object.

  var object = {};
  var sym = Symbol();
  object[sym] = 42;
  assert(Object.getOwnPropertySymbols(object)[0] === sym);

This is only available with --harmony-symbols

BUG=v8:3049
R=rossberg@chromium.org, rossberg
LOG=Y

Review URL: https://codereview.chromium.org/108083005

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 15:57:30 +00:00
rossberg@chromium.org
3286bc71e3 Promises: some adaptations to spec
- Rename Promise.{resolved,rejected,deferred} to Promise.{resolve,reject,defer}
- Rename Promise.one to Promise.race
- Make all failures asynchronous, EXCEPT type errors for resolver
- Disallow non-construct call to Promise constructor
- Don't make combinators go through public this.defer

Also, don't bother using IsCallable.

R=dslomov@chromium.org, yhirano@chromium.org
BUG=

Review URL: https://codereview.chromium.org/99573002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18515 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 13:00:56 +00:00
ulan@chromium.org
8db7aaa03d Correctly handle instances without elements in polymorphic keyed load/store.
BUG=331416
TEST=mjsunit/regress/regress-331416.js
LOG=Y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/121893003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:57:28 +00:00
ulan@chromium.org
43d1c23e2a Fix selection of popular pages in store buffer.
BUG=331444
TEST=mjsunit/regress/regress-331444.js
LOG=Y
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/125983002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:49:37 +00:00
jkummerow@chromium.org
7761059a98 Fix d8's Shell::ReadBuffer after r18227
BUG=v8:3085
LOG=N
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/127853003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:48:38 +00:00
mstarzinger@chromium.org
127c660eab Upgrade Number constructor to ES6.
Add missing constants, predicates and functions to the Number
constructor to have it offer what ES6 now specifies.

That is, extend it with:

 * isInteger(), isSafeInteger()
 * parseInt(), parseFloat()
 * EPSILON, MIN_SAFE_INTEGER, MAX_SAFE_INTEGER

LOG=N
R=mstarzinger@chromium.org
BUG=v8:3082

Review URL: https://codereview.chromium.org/124573002

Patch from Sigbjorn Finne <sigbjornf@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18480 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:09:49 +00:00
mvstanton@chromium.org
fc5834343f Remove flag track-allocation-sites.
The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag.

R=verwaest@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=18385

Review URL: https://codereview.chromium.org/104923010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 15:58:25 +00:00
jarin@chromium.org
acf24331e3 Fixed Lithium environment generation bug for captured objects (created
by escape analysis). Added several tests that expose the bug.

Summary:
LCodegen::AddToTranslation assumes that Lithium environments are
generated by depth-first traversal, but LChunkBuilder::CreateEnvironment
was generating them in breadth-first fashion. This fixes the
CreateEnvironment to traverse the captured objects depth-first.

Note:
It might be worth considering representing LEnvironment by a list
with the same order as the serialized translation representation
rather than having two lists with a subtle relationship between
them (and then serialize in a slightly different order again).

R=titzer@chromium.org, mstarzinger@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/93803003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 14:36:26 +00:00
mvstanton@chromium.org
e3e7daf01c We need to know if a load, store or call IC is assumed
to be on the global object. Previously, this information
was stored in RelocInfo. A more logical place for this kind
of structural information is ExtraICState. Storing it there
makes it easier for us to gather type feedback from these
sites too.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/96083005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 14:14:34 +00:00
verwaest@chromium.org
4615e9edac Reland v8:18458 "Load the global proxy from the context of the target function."
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/104013008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 10:46:39 +00:00
rossberg@chromium.org
2879f2104c Revert "Load the global proxy from the context of the target function."
This reverts commit https://code.google.com/p/v8/source/detail?r=18458, since it exhibits a bug that breaks some tests.

TBR=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/93863006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 09:55:25 +00:00
verwaest@chromium.org
5b40c38679 Load the global proxy from the context of the target function.
BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/111613003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 08:21:17 +00:00
ulan@chromium.org
711bcbb0e3 ARM: fix loading of global object in LWrapReceiver.
Since r16993 the cp register is handled by registers allocator,
and we cannot assume that the cp always contains the context.

BUG=318420
LOG=Y
TEST=test/mjsunit/regress/regress-318420.js
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/121703002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-27 14:38:00 +00:00
ulan@chromium.org
7ac7a7ea99 Fix a race between concurrent recompilation and OSR.
If concurrent recompilation finishes before OSR, then OSR replaces
the old optimized code without evicting it from the optimized code map.

New functions can get the old optimized code from the optimized code map,
but the old code could be already deoptimized.

BUG=330046
TEST=test/mjsunit/regress-330046.js
LOG=Y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/109033003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-27 09:22:56 +00:00
yangguo@chromium.org
2a4be7067c Refactor the compiling pipeline.
Goals:
 - easier to read, more suitable identifiers.
 - better distinction between compiling optimized/unoptimized code
 - compiler does not install code on the function.
 - easier to add features (e.g. caching optimized code for osr).
 - remove unnecessary code.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/110203002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 14:30:35 +00:00
yangguo@chromium.org
f7929d2a87 Reland "Handlify concat string and substring."
This relands commit r17490.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/114943004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18408 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 12:37:56 +00:00
yangguo@chromium.org
8c10fc6aee Harmony: implement math.hypot.
R=jarin@chromium.org
BUG=v8:2938
LOG=N

Review URL: https://codereview.chromium.org/118303002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 11:13:39 +00:00
yangguo@chromium.org
2e2676a843 Harmony: implement Math.log2 and Math.log10.
R=jarin@chromium.org
BUG=v8:2938
LOG=N

Review URL: https://codereview.chromium.org/119093006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 10:54:47 +00:00
yangguo@chromium.org
cd7d61cfc2 Fix small spec violation in String.prototype.split.
Also slightly extended the test coverage.

R=rossberg@chromium.org
BUG=v8:3026
LOG=Y

Review URL: https://codereview.chromium.org/119093002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18405 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 10:01:22 +00:00
yangguo@chromium.org
c61d07e03f Correctly resolve forcibly context allocated parameters in debug-evaluate.
R=ulan@chromium.org
BUG=325676
LOG=Y

Review URL: https://codereview.chromium.org/107243006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-23 08:37:03 +00:00
titzer@chromium.org
be32761a67 Improve load elimination handling of transitioning stores.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/106973005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:12:41 +00:00
rossberg@chromium.org
b882bddcfd Make a strict function's "name" property non-writable.
Set [[Writable]] to false for the "name" property of strict
functions as well, mirroring what non-strict functions have
it as.

LOG=N
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-270142
BUG=270142

Review URL: https://codereview.chromium.org/99203006

Patch from Sigbjorn Finne <sigbjornf@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:06:11 +00:00
hpayer@chromium.org
f583b73b70 Revert "Remove flag track-allocation-sites."
This reverts commit 6c430da40efe388035504d3603756aa8c46ed1dc.

BUG=

Review URL: https://codereview.chromium.org/109303006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:04:34 +00:00
mvstanton@chromium.org
e654c88fab Remove flag track-allocation-sites.
The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/104923010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 11:46:31 +00:00
titzer@chromium.org
1f679a58f7 Improve check elimination with branch sensitivity on HCompareObjectEqAndBranch.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/106733002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-19 17:42:21 +00:00
jkummerow@chromium.org
3c76ecd732 Fix switch statements with non-Smi integer labels and no type feedback
BUG=chromium:329709
LOG=Y
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/98643010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-19 14:25:58 +00:00
verwaest@chromium.org
fb7218dc3d Enable optimization of functions with generic switches.
R=jkummerow@chromium.org, titzer@chromium.org

Review URL: https://chromiumcodereview.appspot.com/110123002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 11:44:38 +00:00
yangguo@chromium.org
213b05b5b9 Fix off-by-one error in AstTyper, part 2.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/112933002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-12 15:19:57 +00:00
jkummerow@chromium.org
48ff79a300 Fix polymorphic inlined calls with migrating prototypes
LOG=Y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/104793003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-12 14:57:00 +00:00
ulan@chromium.org
cc401095fb Initialize Date parse cache with SMI instead of double to workaround sharing mutable heap numbers in snapshot.
This is the only field in the snapshot that was tracked as double.

R=verwaest@chromium.org
TEST=mjsunit/regress/regress-280531.js
BUG=280531
LOG=Y

Review URL: https://chromiumcodereview.appspot.com/112003005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-11 13:11:44 +00:00
yangguo@chromium.org
5bc64b9fa5 Fix off-by-one error in AstTyper.
This causes the first parameter to be confused with the first
stack local when we collect type information.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/105943007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18296 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-11 11:34:09 +00:00
hpayer@chromium.org
75a84eca0b Added regression test for escape analysis.
BUG=
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/99133011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18290 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-10 15:54:20 +00:00
titzer@chromium.org
3de79abd85 Add a regression test for boolean concatenation in strings.
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/106743010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-10 14:05:25 +00:00
svenpanne@chromium.org
e1db6d86a9 Avoid FP exceptions when doing integer division.
BUG=v8:3039
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/104003004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-09 10:15:19 +00:00
mvstanton@chromium.org
b807f4f82f Bugfix: HCheckInstanceType::GetCheckMaskAndTag used an incorrect mask.
The mask to check for an internalized string was incorrectly formed. Hat
tip to Weiliang Lin for discovering the bug.

BUG=v8:3038
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/108033002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-06 09:43:07 +00:00
verwaest@chromium.org
8a4df124a4 Fix loop side-effects of deoptimizing loops with a nested live OSR loop.
R=titzer@chromium.org

Review URL: https://chromiumcodereview.appspot.com/106723002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 18:31:06 +00:00
machenbach@chromium.org
d8a757c669 Add tests and extension verifying CHECK and ASSERT.
The new native functions can also be used in blink tests to ensure that V8 asserts are turned on where they should be.

BUG=
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/105953005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18262 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 17:26:22 +00:00
yangguo@chromium.org
34f0b745b8 Reland "Implement hyperbolic math functions for ES6."
BUG=v8:2938
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/104173002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-05 12:36:42 +00:00
yangguo@chromium.org
3e689544af Revert "Implement hyperbolic math functions for ES6."
BUG=

Review URL: https://codereview.chromium.org/104003002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18248 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 08:53:17 +00:00
yangguo@chromium.org
d1e0c338f3 Implement hyperbolic math functions for ES6.
R=jarin@chromium.org
BUG=v8:2938
LOG=Y

Review URL: https://codereview.chromium.org/102023003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 08:32:18 +00:00
titzer@chromium.org
1d6710c933 Add some test cases with dead loops.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/98323004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-03 18:04:45 +00:00
verwaest@chromium.org
d4eaae37d1 Check whether the receiver to a keyed-call is actually a heapobject.
BUG=325225
LOG=n
R=dslomov@chromium.org

Review URL: https://chromiumcodereview.appspot.com/101863004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-03 17:59:31 +00:00
titzer@chromium.org
16c4c14fac Check elimination: Learn from if(CompareMap(x)) on true branch.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/99043002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18210 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 18:34:33 +00:00
bmeurer@chromium.org
aa83f2900a Fix invalid assertion with OSR in BuildBinaryOperation.
BUG=v8:3032
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/98623004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 13:12:07 +00:00
yangguo@chromium.org
3d062847a4 Make sin-cos test case compatible with --always-osr.
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/98893002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 12:56:54 +00:00
mstarzinger@chromium.org
db915fe97e Handle captured objects in OptimizedFrame::Summarize.
R=yangguo@chromium.org
BUG=v8:3029
TEST=mjsunit/regress/regress-3029
LOG=N

Review URL: https://codereview.chromium.org/96773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 12:11:02 +00:00
mvstanton@chromium.org
5ba1304d60 Array builtins need to be prevented from changing frozen objects, and changing structure on sealed objects.
BUG=299979
LOG=Y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/80623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-29 15:22:16 +00:00
yangguo@chromium.org
f235194518 Fix bug in inlining Function.apply.
R=jkummerow@chromium.org
BUG=323942
LOG=Y

Review URL: https://codereview.chromium.org/95123003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18135 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:30:17 +00:00
titzer@chromium.org
bbdd21ebb0 Fix load elimination: can only .Equals() GVN-able instructions.
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/95193002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:27:42 +00:00
dslomov@chromium.org
7372596615 Ensure that length is Smi in TypedArrayFromArrayLike constructor.
R=jkummerow@chromium.org
BUG=324028
LOG=Y

Review URL: https://codereview.chromium.org/94473002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:22:36 +00:00
mstarzinger@chromium.org
d53e38777f Fix missing bounds check in n-arguments Array constructor.
LOG=N
R=mvstanton@chromium.org
BUG=v8:3027
TEST=mjsunit/regress/regress-3027

Review URL: https://codereview.chromium.org/92103003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 09:29:57 +00:00
yangguo@chromium.org
ea43173cf4 Shorten autogenerated error message.
R=rossberg@chromium.org
BUG=v8:3019
LOG=Y

Review URL: https://codereview.chromium.org/88393002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18115 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 08:59:45 +00:00
rossberg@chromium.org
e943623b12 Harmony promises
Based on prototype at

  https://github.com/rossberg-chromium/js-promise

which informed the latest spec draft version at

  https://github.com/domenic/promises-unwrapping/blob/master/README.md

Activated by --harmony-promises.

Feature complete with respect to the draft spec, plus the addition of .when and .deferred methods. Final naming and other possible deviations from the current draft will hopefully be resolved soon after the next TC39 meeting.

This CL also generalises the Object.observe delivery loop into a simplistic microtask loop. Currently, all observer events are delivered before invoking any promise handler in a single fixpoint iteration. It's not clear yet what the final semantics is supposed to be (should there be a global event ordering?), but it will probably require a more thorough event loop abstraction inside V8 once we get there.

R=dslomov@chromium.org, yhirano@chromium.org
BUG=

Review URL: https://codereview.chromium.org/64223010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18113 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-27 17:21:40 +00:00
machenbach@chromium.org
c95173b2eb Increase test runner speed.
Let the test runner preserve the order of test suites to let suites with long running tests run first.

Mark some tests as slow that can now be skipped via --slow-tests=skip.

BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/88343002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18086 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 16:53:04 +00:00
yangguo@chromium.org
ab96631177 Increase precision for base conversion for large integers.
R=jkummerow@chromium.org
BUG=v8:3025
LOG=Y

Review URL: https://codereview.chromium.org/88583002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 15:48:13 +00:00
yangguo@chromium.org
afd8e5a305 Speed up long-running test cases.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/85163003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 11:32:39 +00:00
yangguo@chromium.org
4716b292db Make some ARM test cases faster.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/85473004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 10:43:44 +00:00
dslomov@chromium.org
c3a4d718ce Generate TypedArrayInitialize builtin in hydrogen.
R=danno@chromium.org

Review URL: https://codereview.chromium.org/59023003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-25 14:41:46 +00:00
mvstanton@chromium.org
81b22bbf96 A performance regression in array literal creation was caused by refactoring that eliminated a special fast case for shallow arrays. At the same time the general case got a bit slower. This CL restores most of the performance without coding the special fast case. The virtual dispatching is unnecessary because we know what we want to do at compile time. A flag was added to Runtime::CreateArrayLiteral. The flags delivers information about shallowness but also whether or not allocation mementos should be created. This is useful for crankshafted code.
BUG=v8:3008
LOG=Y
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/77293003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18046 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-25 12:41:27 +00:00
yangguo@chromium.org
aa3518a0f3 Make sure files end with exactly one new line and police this in presubmit.
The changes are (excluding presubmit.py) mechanical. I added the following
lines after the check and iterated the presubmit script until all errors
went away:

f = open(name, "w");
if contents.endswith('\n\n'):
  f.write(contents[0:-1])
else:
  f.write(contents + '\n')

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/82803005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 13:50:39 +00:00
ulan@chromium.org
21fb1401bd Restore saved caller FP registers on stub failure
and preserve FP registers on NotifyStubFailure.

In debug mode, clobber FP registers on each runtime call to increase
chances of catching such bugs.

R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/78283002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 10:21:47 +00:00
yangguo@chromium.org
e5f187995d Mark flaky debug test as failing.
The issues are known. For the time being, we mark it as failing.

R=machenbach@chromium.org
BUG=v8:2921, v8:3005
LOG=N

Review URL: https://codereview.chromium.org/77723008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 17:09:17 +00:00
yangguo@chromium.org
2c7ebfa7f0 Increase precision when finding the remainder after division by pi/2.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/66703005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 15:04:37 +00:00
svenpanne@chromium.org
8f88467bf6 Removed unused --preallocate-message-memory flag.
It results in a lot of dead code, and Isolate::PrintStack itself
crashes most of the time when something went wrong earlier.
Furthermore, we have plans do get better information into the
minidump, anyway.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/78003002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-20 12:35:58 +00:00
danno@chromium.org
06c7620302 Fixed crashes exposed though fuzzing.
The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set.

R=yangguo@chromium.org
TEST=test/mjsunit/regress/regress-320948.js
BUG=chromium:320948
LOG=Y

Review URL: https://codereview.chromium.org/72813004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 16:41:07 +00:00
jkummerow@chromium.org
37443768bf Fix register trashing in Emit*ByteSeqStringSetChar
This is currently not observable without --allow-natives-syntax because all internal usages are safe, but it deserves to be fixed nonetheless.

BUG=chromium:320922
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/67103003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 12:59:09 +00:00
mvstanton@chromium.org
bff41483dc Bugfix: dependent code field in AllocationSite was keeping code objects alive even after context death.
BUG=320532
LOG=Y
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/62803008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 10:17:33 +00:00
dslomov@chromium.org
6749e57f47 Fix data view accessors to throw execptions on offsets bigger than size_t.
R=jkummerow@chromium.org
BUG=v8:3013
LOG=Y

Review URL: https://codereview.chromium.org/74583003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 15:16:22 +00:00
dslomov@chromium.org
cb6e8b334d Revert "Fix data view accessors to throw execptions on offsets bigger than size_t."
This reverts commit r17838 for breaking arm build.

TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/75213005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 15:05:05 +00:00