AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
16,762 Commits 1 Branch 0 Tags 839 MiB
7eea77bc5c
Commit Graph

2915 Commits

Author SHA1 Message Date
bmeurer@chromium.org
7eea77bc5c Fix missing smi check in inlined indexOf/lastIndexOf. 
BUG=382513
LOG=y
R=danno@chromium.org

Review URL: https://codereview.chromium.org/313233005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-10 04:26:15 +00:00
mvstanton@chromium.org
2714fd2399 Revert "Re-land Clusterfuzz identified overflow check needed in dehoisting." 
This reverts commit r21712

TBR=danno@chromium.org

Review URL: https://codereview.chromium.org/315843005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-06 13:16:24 +00:00
mvstanton@chromium.org
c0cb82274c Re-land Clusterfuzz identified overflow check needed in dehoisting. 
Overflow check needs to be smarter.

BUG=380092
R=danno@google.com, danno@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/317963004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-06 13:00:07 +00:00
mvstanton@chromium.org
35933119fe Revert "Clusterfuzz identified overflow check needed in dehoisting." 
This reverts commit r21708, due to ASAN-reported issue.

TBR=danno@chromium.org

Review URL: https://codereview.chromium.org/318073002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-06 09:47:14 +00:00
mvstanton@chromium.org
7d2d0839ad Clusterfuzz identified overflow check needed in dehoisting. 
BUG=380092
R=danno@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/315593002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-06 09:12:16 +00:00
yangguo@chromium.org
eb1f184386 Mark arm div tests as PASS/FAIL. 
R=machenbach@chromium.org
BUG=v8:3259
LOG=N

Review URL: https://codereview.chromium.org/318943002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-05 12:53:36 +00:00
ulan@chromium.org
c8b2fa454a Preliminary support for block contexts in hydrogen. 
Patch from Steven Keuchel <keuchel@chromium.org>

BUG=v8:2198
LOG=N
TEST=mjsunit/harmony/block-let-crankshaft.js
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/307593002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-05 07:33:01 +00:00
yangguo@chromium.org
61a5a413d7 Extend bounds check elimination to constant keys. 
R=jkummerow@chromium.org
BUG=v8:3367
LOG=N

Review URL: https://codereview.chromium.org/310333004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21672 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-04 11:52:17 +00:00
bmeurer@chromium.org
9244429707 Fix invalid loop condition for Array.lastIndexOf(). 
BUG=380512
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/313073003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-04 08:21:39 +00:00
yangguo@chromium.org
feed21b6d5 Add option to disable MirrorCache. 
R=yurys@chromium.org

Review URL: https://codereview.chromium.org/307383002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21644 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-03 14:27:19 +00:00
mvstanton@chromium.org
d19aaa2b1c Revert "Reland "Make 'name' property on functions configurable."" 
This reverts commit r21609 due to browser test failures.

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/313583002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-03 11:52:07 +00:00
mvstanton@chromium.org
848a9af6b4 %ObjectFreeze needs to exclude non-fast-path objects. 
ClusterFuzz will call it with sloppy arguments and similar cases.

BUG=380049
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/315533002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-03 07:59:36 +00:00
mvstanton@chromium.org
adeaedf547 When flag --nouse-osr is set, don't allow osr from hidden runtime calls. 
BUG=379770
R=yangguo@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/310773003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-03 07:45:40 +00:00
adamk@chromium.org
509a1a405c ES6: Add support for values/keys/entries for Map and Set 
This allows code like this:

  var map = new Map();
  map.set(1, 'One');
  ...
  var iter = map.values();
  var res;
  while (!(res = iter.next()).done) {
    print(res.value);
  }

BUG=v8:1793
LOG=Y
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/259883002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-03 00:34:01 +00:00
mstarzinger@chromium.org
d6500b6cf7 Reland "Make 'name' property on functions configurable." 
R=rossberg@chromium.org
BUG=v8:3333
LOG=N

Review URL: https://codereview.chromium.org/303463006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-06-02 13:35:26 +00:00
jkummerow@chromium.org
f6a249c6d0 Inlined optimized runtime functions: expose Runtime versions for direct testing, skip Hydrogen versions 
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/302703004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-30 17:07:38 +00:00
bmeurer@chromium.org
5cd009a004 HRor and HSar can deoptimize. 
BUG=v8:3359
LOG=y
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/309483002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-30 16:12:25 +00:00
rafaelw@chromium.org
74f92f21da Simplify, speed-up correct-context ObjectObserve calls 
The original patch which ensured that Object.observe did allocations in the correct context regressed performance about 12%. This patch gets back most of that (about 11%) by simply returning the correct function which is then directly callable from JS, rather than by making the call from the runtime function. A side-effect is that their implementation is shorter.

LOG=Y
BUG=NONE
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/307543008

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-28 19:13:41 +00:00
mvstanton@chromium.org
8c54a373dd Changing the attributes of a data property implemented with 
ExecutableAccessorInfo turns the property into a field. Better
to keep it as a callback, and correctly deal with the changed
property attributes.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/262053011

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-28 09:58:27 +00:00
mstarzinger@chromium.org
6b33e50701 Revert "Make 'name' property on functions configurable." 
R=danno@google.com, danno@chromium.org

Review URL: https://codereview.chromium.org/297163009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-27 15:00:26 +00:00
yangguo@chromium.org
db8f7e0383 Cache optimization status getter in mjsunit.js 
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/300003007

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21522 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-27 12:52:15 +00:00
yangguo@chromium.org
620555b495 Do not break in native code (including non-builtin debugger code). 
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/300773002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-27 12:21:40 +00:00
yangguo@chromium.org
2097644fcf Do not (eagerly) trigger exception in mjsunit.js. 
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/301673002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-27 11:53:12 +00:00
yangguo@chromium.org
94b4aef7d6 Fix arm64 gc stress issue. 
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/306483002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-27 06:35:45 +00:00
mvstanton@chromium.org
d755611e93 Reland "Customized support for feedback on calls to Array." and follow-up fixes. 
Comparing one CallIC::State to another was not done correctly, leading to a failure to patch a CallIC when transitioning from monomorphic Array to megamorphic.

BUG=chromium:377198,chromium:377290
LOG=Y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/305493003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-26 13:59:24 +00:00
mstarzinger@chromium.org
82b3b2a367 Make 'name' property on functions configurable. 
R=rossberg@chromium.org
BUG=v8:3333
LOG=N

Review URL: https://codereview.chromium.org/296413003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-26 11:42:56 +00:00
jkummerow@chromium.org
60e665627d Revert "Customized support for feedback on calls to Array." and follow-up fixes. 
This reverts r21429, r21434, r21435, r21440, r21445.

BUG=chromium:377198
LOG=y
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/300693002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-26 09:04:00 +00:00
ulan@chromium.org
3fcda0e576 Make let variables fresh in each iteration of a for-loop. 
BUG=v8:2198
LOG=N
TEST=mjsunit/harmony/block-for
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/292743009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21480 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-26 08:07:02 +00:00
yangguo@chromium.org
32f433c12e Fix leak in debug mirror cache. 
When fetching loaded scripts, mirror objects are created and cached.
If the cache is not cleared, it holds script objects alive.

This also fixes a minor issue with script unloading.

R=ulan@chromium.org
BUG=376534
LOG=N

Review URL: https://codereview.chromium.org/296953005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-26 07:05:56 +00:00
danno@chromium.org
9c485e182b Introduce x87 port 
Support x87-only platform (ia32 without SSE)

R=danno@chromium.org

Review URL: https://codereview.chromium.org/293743005

Patch from Weiliang Lin <weiliang.lin@intel.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21469 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-23 16:37:27 +00:00
mstarzinger@chromium.org
cf448aa15f Fix representation inference for mutable double boxes. 
R=jarin@chromium.org
BUG=v8:3307
TEST=mjsunit/regress/regress-3307
LOG=N

Review URL: https://codereview.chromium.org/298723014

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21467 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-23 14:02:08 +00:00
ishell@chromium.org
7c55f645d5 Cleanup after inobject slack tracking improvement. 
1) %SetExpectedNumberOfProperties() function removed.
2) Obsolete SharedFunctionInfo::BeforeVisitingPointers() removed.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/289283018

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-23 12:55:57 +00:00
rossberg@chromium.org
06f746a576 Consistently say 'own' property 
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/291153005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-22 15:27:57 +00:00
jarin@chromium.org
3d0bf69cd8 Attempt no. 3 to fix Heap::IsHeapIterable and HeapIterator. 
Now we remember new space's top pointer after the last GC to find out if there was a new space allocation since the last GC.

Unfortunately, this not completely safe - the debugger has a callback hook (that can call to JS) at the end of the GC epilogue that can in theory allocate and possibly make the heap non-iterable. We can only hope this does not happen.

BUG=373283
R=hpayer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/291193005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-22 11:13:37 +00:00
mvstanton@chromium.org
e443c89206 Customized support for feedback on calls to Array. 
Gather transition feedback on array calls, and inline the Array
function call when it makes sense.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/279423005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21429 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-22 09:30:02 +00:00
ulan@chromium.org
e56594f10a Fix Array.prototype.push and Array.prototype.unshift for read-only length. 
BUG=
R=mstarzinger@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/279773002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21423 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-22 08:09:57 +00:00
yangguo@chromium.org
ab3afc5722 Reland "Prevent liveedit on or under generators with open activations" 
The change relative to the previous CL is a logic change in
DropActivationsInActiveThreadImpl.  The previous CL skipped the matcher
unless the frame was a JS frame; this was correct for
MultipleFunctionTarget but not for SingleFrameTarget.

I have not been able to reproduce the original failures on either
architecture (ia32 or x64; stack frame dropping is unsupported on other
architectures).

R=yangguo@chromium.org
LOG=N
TEST=mjsunit/harmony/generators-debug-liveedit.js
BUG=

Review URL: https://codereview.chromium.org/270283002

Patch from Andy Wingo <wingo@igalia.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-22 07:32:59 +00:00
yangguo@chromium.org
d9736047b7 Implement Mirror object for Symbols. 
R=rossberg@chromium.org, yurys@chromium.org
BUG=v8:3290
LOG=Y

Review URL: https://codereview.chromium.org/297513006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21414 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-21 15:13:50 +00:00
jarin@chromium.org
02f1a1b987 Revert "Fix Heap::IsHeapIterable." (again) 
This reverts commit r21397.

TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/299813002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21404 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-21 09:49:18 +00:00
adamk@chromium.org
fa55c02b11 Allow debugger to step into Map and Set forEach callbacks 
BUG=v8:3341
LOG=Y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/293083005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-21 09:25:50 +00:00
jkummerow@chromium.org
58661c150f Fix ArrayShift hydrogen support 
BUG=chromium:374838
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/299713003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-21 08:51:29 +00:00
adamk@chromium.org
6717ac656a Array Iterator next should check for own property 
Since we are using private symbols for the internal slots we need to
check for a local property.

BUG=None
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/268363011

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-21 08:05:11 +00:00
jarin@chromium.org
58a130da6e Reland "Fix Heap::IsHeapIterable." 
This relands r21388 (+ handlification of an offending function).

BUG=373283
LOG=N
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/294903003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-21 06:44:38 +00:00
adamk@chromium.org
70c3a714a1 ES6 Map/Set iterators/forEach improvements 
This changes how Map/Set interacts with its iterators. When the
underlying table is rehashed or cleared, we create a new table (like
before) but we add a reference from the old table to the new table. We
also add an array describing how to transition the iterator from the
old table to the new table.

When Next is called on the iterator it checks if there is a newer table
that it should transition to. If there is, it updates the index based
on the previously recorded changes and finally changes itself to point
at the new table.

With these changes Map/Set no longer keeps the iterators alive. Also,
as before, the iterators keep the underlying table(s) alive but not the
actual Map/Set.

BUG=v8:1793
LOG=Y
R=mstarzinger@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/289503002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21389 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-20 14:22:05 +00:00
jarin@chromium.org
014bf8b407 Revert "Fix Heap::IsHeapIterable." 
This reverts commit r21387.

TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/291193002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-20 14:03:38 +00:00
jarin@chromium.org
dd4c82bbb3 Fix Heap::IsHeapIterable. 
We only consider heap iterable if the new space is empty (in addition to the exisiting old space check).

The change also moves the iterability forcing + allocation prevention gadgets to HeapIterator so that it is impossible to miss them when iterating the heap.

R=hpayer@chromium.org
BUG=373283
LOG=N

Review URL: https://codereview.chromium.org/285693006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-20 13:19:21 +00:00
yangguo@chromium.org
cf49b6e3ca Reland "Simplify debugger state." 
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/299653002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-20 08:52:42 +00:00
dcarney@chromium.org
1b70812e7d filter out .caller from other worlds 
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/261103002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-19 13:45:45 +00:00
wingo@igalia.com
6382a25fa7 Poison .arguments and .caller for generator functions 
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/270133003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-19 10:47:00 +00:00
adamk@chromium.org
35b8b0b27a Move microtask queueing logic from JavaScript to C++ 
This avoids the appearence of a leak due to storing a JSObject
as the microtask_state in the strong root list, and allows callers
to call Isolate::RunMicrotasks() without having any v8::Context
available (as at least Blink has interest in doing).

The queue is now a strong root, represented as a FixedArray of JSFunctions
(or empty_fixed_array, if it's empty); it doubles in size when it needs to grow.
The number of elements in the queue is stored in Isolate::pending_microtask_count().

LOG=Y
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/290633010

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21356 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-05-19 07:57:04 +00:00