Commit Graph

5099 Commits

Author SHA1 Message Date
mvstanton@chromium.org
819d9f62d0 Fix for 350887: CHECK failure on new_length->IsSmi()
In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to
optimize setting array length if the new length is a smi. However, we
refuse to set an array length to less than the index of the highest
non-configurable array element. This index may be outside of smi range.

Handle this case accordingly.

BUG=350887
LOG=N
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/194803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 10:30:10 +00:00
rossberg@chromium.org
9abfab09fa Types: cache lub bitset to avoid heap access
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/186743002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 10:28:38 +00:00
jochen@chromium.org
00ba711658 Use a per-isolate cache for the date object JS bits
The old per-context cache made it difficult for the embedder to notify
v8 of date/time configuration changes. The embedder had to enter all
contexts for the isolate and notify v8 for each context.

With the new per-isolate cache, the embedder only needs to notify v8
once per isolate.

BUG=348856
LOG=y
R=dcarney@chromium.org, ulan@chromium.org
TEST=cctest/test-date

Review URL: https://codereview.chromium.org/189913023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19784 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 09:04:14 +00:00
titzer@chromium.org
91a2aa6a2c Add MacroAssembler::Move(reg, immediate) on IA32.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/188463003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 08:52:48 +00:00
rmcilroy@chromium.org
a199ba80ef Differentate between code target pointers and heap pointers in constant pools.
Separate out code target pointers from normal heap pointer entries in constant
pool arrays so that the GC can correctly relocate these pointers using the
appropriate mechanism.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/183883011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 19:05:43 +00:00
jacob.bramley@arm.com
19a04c3a69 A64: Use a scope utility to allocate scratch registers.
This replaces Tmp0() and Tmp1() with a more flexible scratch register
pool. A scope-based utility can temporarily acquire registers from this
pool as needed.

We no longer have to worry about whether to use Tmp0(), Tmp1() or
something else; the scope can just get the next available scratch
register.

BUG=
R=jochen@chromium.org, rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/164793003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19768 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 16:25:15 +00:00
yangguo@chromium.org
1634e7de38 Fix assertion in RegExp parser to correctly expect stack overflow.
Advance() always checks for stack overflow. If stack indeed overflowed,
current() would hold the kEndMarker. ParseOctalLiteral does not expect
this in the assertion, which causes assertion failure.

R=mvstanton@chromium.org
BUG=350865
LOG=N

Review URL: https://codereview.chromium.org/192773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 15:52:10 +00:00
yangguo@chromium.org
e25d51cc85 Fix constant folding of %_IsMinusZero.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/190793015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 15:06:54 +00:00
dslomov@chromium.org
9eefbda27f Mark mjsunit/string-case as flaky.
BUG=v8:3208
LOG=N
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/192573004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 14:52:05 +00:00
yangguo@chromium.org
78d23e5662 Implement KnownSuccessor method to some control instructions.
R=jkummerow@chromium.org
BUG=v8:3118
LOG=N

Review URL: https://codereview.chromium.org/174863002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 14:50:01 +00:00
rossberg@chromium.org
2d48e06e52 Import Blink layout tests for Promises.
Import Blink layout tests for Promises.
We omitted some tests (for example workers tests).
We fixed some wrong test expectations.

BUG=347095
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/182713002

Patch from Yutaka Hirano <yhirano@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:30:47 +00:00
verwaest@chromium.org
1180803953 Reland and fix "Allow ICs to be generated for own global proxy."
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/176793003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:23:05 +00:00
rossberg@chromium.org
710ee827b5 Promise.all and Promise.race should reject non-array parameter.
Promise.all and Promise.race should reject the returned Promise if an
invalid parameter is given.
Since they don't support iterable now, they should reject the Promise
if a non-array parameter is given.

BUG=347453
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/182613003

Patch from Yutaka Hirano <yhirano@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:01:06 +00:00
marja@chromium.org
8bd37cb7c3 Refactor script compilation / running & use of helper funcs in test-api.cc.
The tests were using different kind of constructs for achieving the same
thing. This makes refactoring the compilation API more difficult than it should
be.

cctest.h already contained helpers for compiling and running scripts, but they
were not used consistently.

For example, all these were used for running scripts:

v8::Script::Compile(v8_str("foo"))->Run();
v8::Script::Compile(v8::String::NewFromUtf8(isolate, "foo))->Run();
CompileRun(v8_str("foo"));
CompileRun(v8::String::NewFromUtf8(some_way_to_get_isolate(), "foo"));
v8::Local<v8::Script> script = any_of_the_above; script->Run();

Most of the tests just want to run a script (which is in const char*) and don't
care about how the v8::String is constructed or passed to the compiler API. Using
the helpers makes the test more readable and reduces boilerplate code which is
unrelated to what the test is testing.

R=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/190503002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 11:58:56 +00:00
marja@chromium.org
1b7055cf54 Unify (Pre)Parser::ParseObjectLiteral and add tests.
Notes:
- The regexp in the ParseObjectLiteralComment was wrong, made it less wrong (
it's still wrong since trailing commas are not required / allowed).
- Change in logic: In case we have "get somekeyword() { }", the "somekeyword"
was not logged as a symbol by PreParser and not expected in the preparser data
by Parser. This is unnecessary complication; in other contexts where keywords
are allowed as identifiers, they are logged as symbols (see
ParseIdentifierName).

BUG=v8:3126
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/173273006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 11:42:17 +00:00
bmeurer@chromium.org
bf86e624d4 Reland "Handle non-power-of-2 divisors in division-like operations".
Fixed the flooring div bug and added a test case.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/191293012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 10:39:17 +00:00
yangguo@chromium.org
d3a16a2e2a Add support for allowing an embedder to get the V8 profile timer event logs.
Contributed by fmeawad@chromium.org

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/186163002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19745 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 08:56:48 +00:00
dcarney@chromium.org
2c74163f59 initialize v8::Private with v8::String
R=rossberg@chromium.org

BUG=

Review URL: https://codereview.chromium.org/179983002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19741 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 08:20:56 +00:00
dcarney@chromium.org
7d8cda6ea0 Allow Object::InternalFieldCount and Object::GetAlignedPointerFromInternalField to be called from Persistent classes
R=svenpanne@chromium.org

BUG=

Review URL: https://codereview.chromium.org/177343002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19740 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 08:18:57 +00:00
jarin@chromium.org
b83b8b9ed4 Atomic ops: Sync with Chromium and add unit test.
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/129813008

Patch from Cosmin Truta <ctruta@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19738 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 06:43:21 +00:00
rafaelw@chromium.org
6503dfb72b Reland "Enable Object.observe by default"
Original Issue: https://codereview.chromium.org/183683022/

TBR=rossberg
BUG=v8:2409
LOG=Y

Review URL: https://codereview.chromium.org/189513010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 04:41:06 +00:00
rafaelw@chromium.org
0cc44c14e5 Revert "Enable Object.observe by default"
TBR=rossberg
BUG=

Review URL: https://codereview.chromium.org/190853007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 03:54:42 +00:00
rafaelw@chromium.org
dcf9842e07 Enable Object.observe by default
R=rossberg@chromium.org, rossberg
BUG=v8:2409
LOG=Y

Review URL: https://codereview.chromium.org/183683022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 02:47:53 +00:00
yurys@chromium.org
e18b575c6e Fix compiler warning on Win64
BUG=None
LOG=N
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/191153002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19731 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 17:20:03 +00:00
yurys@chromium.org
74546c03ad AllocationTracker now maintains a map from address range to stack trace that allocated the range. When snapshot is generated the map is used to find construction stack trace for an object using its address.
BUG=chromium:277984
LOG=Y
R=alph@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/177983003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 16:13:22 +00:00
alexandre.rames@arm.com
33a46be689 A64: Handle a few TODOs.
Notes about a few TODOs handled in this patch:

* In ProfileEntryHookStub::Generate:
    Stubs are always called with relocation.

* In CreateArrayDispatchOneArgument:
    The branches to registers can't be conditional. We could use a jump table, but
    there are only 6 different kinds so it is likely not worth it.

* In Builtins::Generate_StringConstructCode:
    Rename the argc register (x0) after its meaning changes.
    Remove a TODO: using a macro would not make the code clearer.

* In Generate_JSEntryTrampolineHelper:
    Remove the TODO and raise an internal issue to investigate this.

* In Disassembler::SubstituteBranchTargetField:
    Print the target address, but we don't have more info on the target.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/185793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19724 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 15:20:32 +00:00
yangguo@chromium.org
4f15fd2977 Reland "Introduce intrinsics for double values in Javascript."
This relands r19704 with a fix to the test case.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/189823003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 14:58:41 +00:00
yurys@chromium.org
49cd3d8a65 Allocation tracker: add separate entry for allocations via V8 API
When object is creating via native V8 API calls JS callstack is empty and the allocation is indistinguishable from say compiler allocations. This change adds a separate entry for such allocations.

Since FunctionInfo not necessarily corresponds to a heap object they are now referred to using their index in the list of all FunctionInfos.

BUG=chromium:277984
LOG=N
R=loislo@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/177203002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:32:01 +00:00
ulan@chromium.org
06af80d42d Introduce Runtime_GetAllScopesDetails to get all scopes at once for a frame.
This will reduce heavy ScopeIterator instantiations.
Once incorporated into chromium, will give 30% speed boost.

BUG=chromium:340285
LOG=Y
R=ulan@chromium.org, Yang, rossberg, ulan

Review URL: https://codereview.chromium.org/181063008

Patch from Andrey Adaykin <aandrey@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:03:35 +00:00
mvstanton@chromium.org
f19e15c388 Test FeedbackVectorPreservedAcrossRecompiles needs crankshaft
The new test didn't recognize that non-sse2 builds on ia32 would
disable crankshaft.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/189263007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:01:03 +00:00
mvstanton@chromium.org
1812f63fd2 Moved type feedback vector to SharedFunctionInfo.
Type Vector followup: the type vector currently lives off the code object. This CL moves it to the SharedFunctionInfo, facilitating re-use and continued use in crankshafted code if desired.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/178463007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 10:12:17 +00:00
yangguo@chromium.org
143902bebf Revert "Introduce intrinsics for double values in Javascript."
This reverts r19704.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/189533008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:49:28 +00:00
verwaest@chromium.org
8a3d715250 Revert "Use Representation::Integer32() for smi types on 32-bit-tagged systems."
Due to performance regression.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/189843006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:29:07 +00:00
mvstanton@chromium.org
1d3652ebe6 Symbols for type cells. We can make more efficient code to check against type cells in the future if we use symbols, guaranteed not to conflict with user code. Currently, the "symbols" are the hole and undefined. Undefined may come in from the outside.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/181283003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:10:18 +00:00
yangguo@chromium.org
2aefde4443 Introduce intrinsics for double values in Javascript.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/178583006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:05:10 +00:00
marja@chromium.org
bd1fb97d5c Remove Script::SetData and the script_data parameter from Script::(Compile|New).
This feature makes it possible to associate data with a script and get it back
when the script is compiled or when an event is handled. It was historically
used by Chromium Dev Tools, but not any more. It is not used by node.js.

Note: this has nothing to do with the preparse data, despite the confusing name.
The preparse data is passed as ScriptData*.

Note 2: This is the same as r19616 ( https://codereview.chromium.org/184403002/ )
with a unused variable fix in bootstrapper.cc.

R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/185533014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 08:43:54 +00:00
yangguo@chromium.org
ea8368f471 Use fast path for sliced and external strings in ConvertCase.
R=dcarney@chromium.org
BUG=v8:3180
LOG=N

Review URL: https://codereview.chromium.org/180063002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 08:36:18 +00:00
ishell@chromium.org
997ce05289 Fix for failing asserts in HBoundsCheck code generation on x64: use proper cmp operation width instead of asserting that Integer32 values should be zero extended. Similar to chromium:345820.
BUG=349465
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/188703002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 16:22:47 +00:00
jkummerow@chromium.org
1cc0bafc07 Fix HConstants with Smi-ranged HeapNumber values
BUG=chromium:349878
LOG=y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/186123003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 16:21:09 +00:00
ulan@chromium.org
5af7d10af5 Mark mjsunit/whitespaces as slow and timeout for a64.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/182253008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 14:15:40 +00:00
mvstanton@chromium.org
6115a006fd Bugfix for 349874: we incorrectly believe we saw a growing store
When we set an out of bounds array index, the index might be so large that
it causes the array to go to dictionary mode. It's better to avoid
"learning" that this was a growing store in that case.

This fix also partially reverts a fix for bug 347543, as this fix is
comprehensive and satisfies that repro case as well (partial revert of
v19591).

BUG=349874
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/188643002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 13:07:51 +00:00
verwaest@chromium.org
cd6f3ef088 Only use the non-strict-arguments-stub if the store site is non-strict.
BUG=349874
LOG=N
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/176843018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:19:06 +00:00
jkummerow@chromium.org
5ea3f0004a Let HTransitionElementsKind take part in RestoreActualValues phase
BUG=chromium:349853
LOG=n
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/183753005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:13:49 +00:00
yangguo@chromium.org
285f253af1 Remove outdated assertion scope.
R=jkummerow@chromium.org
BUG=349870
LOG=N

Review URL: https://codereview.chromium.org/182003004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 11:51:53 +00:00
yangguo@chromium.org
e2e2f4050d Fix issues with JSON stringify replacer array
If the replacer array contains a property key we should include the
property even if the property is non enumerable or if it is a non own
property.

String and Number wrappers in the replacer array should be treated as
string and number values.

R=yangguo@chromium.org
BUG=v8:3200, v8:3201
LOG=Y

Review URL: https://codereview.chromium.org/187053003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:50:53 +00:00
verwaest@chromium.org
7bf33c53eb Use Representation::Integer32() for smi types on 32-bit-tagged systems.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/187353005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:49:10 +00:00
verwaest@chromium.org
f913c3b492 Also delete force representations that have no uses.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/187773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:47:27 +00:00
jarin@chromium.org
52fd520c96 Fix materialization of captured objects in adapted arguments.
R=mstarzinger@chromium.org
BUG=348512
LOG=N

Review URL: https://codereview.chromium.org/183063006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:57:18 +00:00
jarin@chromium.org
7ac668f753 Deoptimization fix for HPushArgument.
HPushArgument should never be used in a simulation environment
because the slot addresses for the arguments can be off (e.g.,
due to on-stack arguments object of an inlined caller).

R=mstarzinger@chromium.org
BUG=v8:3183
LOG=N

Review URL: https://codereview.chromium.org/178193026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:45:46 +00:00
yangguo@chromium.org
26e4f4cc1c Handle exception when retrieving toJSON function in JSON.stringify.
R=mvstanton@chromium.org
BUG=349335
LOG=N

Review URL: https://codereview.chromium.org/187603002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 10:54:35 +00:00