jkummerow@chromium.org
e4a18df7d1
Fix ASSERT violation when BinaryOpIC::Transition recurses into itself
...
BUG=chromium:352586
LOG=n
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/201313002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-17 14:51:31 +00:00
rossberg@chromium.org
c3c185c173
Make invalid LHSs a parse-time (reference) error
...
This is required by the spec. It also prevents crashes resulting from the attempt to read type feedback for the RHS of an invalid assignment which full codegen never actually allocated info for.
To do: check properly in preparser already.
R=marja@chromium.org , mstarzinger@chromium.org
BUG=351658
LOG=Y
Review URL: https://codereview.chromium.org/200473003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-17 10:21:01 +00:00
jkummerow@chromium.org
dc458525ad
Fix typo in r19923 (bounds check offset propagation)
...
BUG=chromium:352929
LOG=n
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/201303002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-17 09:38:01 +00:00
ishell@chromium.org
f77c51b0a6
Check elimination now sets known successor branch of HCompareObjectEqAndBranch (correctness fix).
...
BUG=chromium:352058
LOG=N
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/196383018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-17 09:11:38 +00:00
mvstanton@chromium.org
e3f3f6d98b
Revert "Continued fix for 351257. Reusing the feedback vector is too complex."
...
This reverts commit r19919.
TBR=bmeuer@chromium.org
Review URL: https://codereview.chromium.org/196343021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-17 08:31:21 +00:00
yangguo@chromium.org
33ea8185e9
Suppress test failures on GC-stress for A64.
...
R=ulan@chromium.org
BUG=v8:3219
LOG=N
Review URL: https://codereview.chromium.org/197873021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-17 08:30:04 +00:00
verwaest@chromium.org
0f2a324c8a
Fix generalization with callbacks.
...
BUG=352588
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/200173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-14 14:17:49 +00:00
mvstanton@chromium.org
11df4b8815
Fix for issue 351261.
...
This relands the following fix: "HAllocate should never generate
allocation code if the requested size does not fit into page. Regression
test included. (bug 347543)" along with additional fixes to KeyedStoreIC.
BUG=351261
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/200113002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-14 10:22:55 +00:00
ulan@chromium.org
2c99cba38b
Propagate updated offsets in BoundsCheckBbData.
...
BUG=350863
LOG=Y
TEST=mjsunit/regress/regress-350863.js
R=bmeurer@chromium.org , jkummerow@chromium.org
Review URL: https://codereview.chromium.org/197823009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-14 10:02:25 +00:00
bmeurer@chromium.org
358e176d50
Add regression test for range analysis bug.
...
BUG=v8:3204
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/200103002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-14 09:54:26 +00:00
mvstanton@chromium.org
dd28969c1c
Continued fix for 351257. Reusing the feedback vector is too complex.
...
Attempting to re-use the type feedback vector stored in the
SharedFunctionInfo turns out to be difficult among the various cases.
It will be much easier to do this when deferred type feedback processing
is removed, as is in the works.
Created bug v8:3212 to track re-introducing the optimization of reusing
the type vector on recompile before optimization.
The CL also brings back the type vector on the SharedFunctionInfo.
BUG=351257
LOG=Y
R=bmeurer@chromium.org , bmeuer@chromium.org
Review URL: https://codereview.chromium.org/199973004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-14 09:28:37 +00:00
yangguo@chromium.org
0f71a24f3a
Correctly retain argument value when deopting from Math.round on x64.
...
R=jkummerow@chromium.org
BUG=351624
LOG=N
Review URL: https://codereview.chromium.org/199013002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-13 13:57:21 +00:00
ulan@chromium.org
c64b78f6da
Check that constant is an integer before getting its value in HGraphBuilder::MatchRotateRight.
...
BUG=351263
LOG=N
TEST=mjsunit/regress/regress-351263
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/197803005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-13 11:50:50 +00:00
yangguo@chromium.org
4e390c64f1
Harmony: move math features to es-staging.
...
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/195123002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-13 09:51:59 +00:00
svenpanne@chromium.org
390d3a0b15
Make translation of modulus operation '--stress-opt'-proof.
...
Note that we unconditionally deopt later, anyway, but our compilation
pipeline has to survive long enough to reach that place. :-/
LOG=y
BUG=352059
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/198833002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-13 09:37:16 +00:00
jarin@chromium.org
713aa33f2a
Fix of argument materialization of captured heap numbers.
...
The escape analysis calculates the number of slots in an object as
no-of-slots = object-size / pointer-size. This gives 3 slots for
heap numbers on 32-bit architectures (one slot for the map, two for
the double value); however, my argument materialization code assumed
just two slots (map + value). Since Hydrogen allocates heap numbers
quite rarely, it is hard to produce a more meaningful repro than the
one provided by Clusterfuzz. Any suggestions are welcome.
The fix is simple - we just read out all extra slots (beyond the map
and the double) for heap numbers.
R=mstarzinger@chromium.org
BUG=351315
LOG=N
Review URL: https://codereview.chromium.org/196283004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-13 07:17:37 +00:00
adamk@chromium.org
8bd05193c7
Reland "Enable Object.observe by default" again
...
This re-re-re-lands enabling Object.observe. The Chromium tests that
failed last time this was rolled into Chromium have been disabled in
https://src.chromium.org/viewvc/chrome?view=revision&revision=256706
This patch should be safe to merge once that lands.
BUG=v8:2409
LOG=Y
TBR=rossberg@chromium.org ,dslomov@chromium.org,rafaelw@chromium.org
Review URL: https://codereview.chromium.org/198383002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19868 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-13 00:20:06 +00:00
jkummerow@chromium.org
f9ee4f19b4
Use intrinsics for builtin ArrayBuffer property accesses
...
BUG=chromium:351787
LOG=y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/197793003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19862 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 19:25:40 +00:00
svenpanne@chromium.org
be328fd4ce
Disable special handling of flooring division by constant until it is fixed for real.
...
Added a test to check the various division-like operations more exhaustively.
R=bmeurer@chromium.org , ulan@chromium.org
Review URL: https://codereview.chromium.org/194863002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19852 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 14:28:59 +00:00
verwaest@chromium.org
8735adb2c4
Don't fast RemoveArrayHoles in case of arguments arrays.
...
BUG=351645
LOG=n
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/197043004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19848 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 13:42:18 +00:00
mvstanton@chromium.org
7477bc39ca
350884: KeyedStoreIC miss didn't handle a transitioning case.
...
It's possible to get a transitioned map with no links to the origin
map if it's a shared map. Code in KeyedStoreIC::StoreElementStub
assumes it can check if two maps are in the same family by
traversing the transition array. Long term, the "family" relationship
should be recognized with the Normalized Map Cache. For now, allow
the IC to remain monomorphic in this case if the receiver map and
the previous receiver map are the same.
Filed V8 issue 3210 (https://code.google.com/p/v8/issues/detail?id=3210 )
to track the issue with the Normalized Map Cache.
BUG=350884
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/194623005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 13:35:40 +00:00
jkummerow@chromium.org
105c1e08b7
Fix HIsSmiAndBranch::KnownSuccessorBlock() by deleting it
...
Constants can still change their representation, so we cannot determine reachability of blocks based on their Smi-ness
BUG=chromium:351320
LOG=y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/196943002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 10:14:29 +00:00
danno@chromium.org
ae1669b501
Fix handling of polymorphic array accesses with constant index
...
R=jkummerow@chromium.org
BUG=chromium:351319
LOG=Y
Review URL: https://codereview.chromium.org/196353004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 10:11:38 +00:00
jkummerow@chromium.org
8a1812f252
Fix lazy deopt after tagged binary ops
...
Also add policing code to ensure that optimized frames can in fact lazily deopt
at their respective current PC when we patch them for lazy bailout.
BUG=chromium:350434
LOG=y
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/194703008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-12 09:59:36 +00:00
dslomov@chromium.org
f6dac13dcb
Revert "Enable Object.observe by default"
...
This reverts commit r19734 for breeaking ChromiumOS browser tests.
'OpenSpecialTypes/FileManagerBrowserTest.Test/3' started to time out,
bisecting the roll led to this change.
http://build.chromium.org/p/chromium.chromiumos/builders/Linux%20ChromiumOS%20Tests%20%282%29/builds/22224
TBR=rafaelw@chromium.org ,rossberg@chromium.org
BUG=v8:2409
LOG=Y
Review URL: https://codereview.chromium.org/195123005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 18:15:44 +00:00
rossberg@chromium.org
85800eff3f
Fix issue with getOwnPropertySymbols and hidden properties
...
When getting the symbols of an object we need to ignore the hidden
properties of the prototype object since the hidden properties are
represented by a single string key and we will not include that hidden
string in the found names.
BUG=350864
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/192883005
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 16:46:35 +00:00
dcarney@chromium.org
62fc099334
fix bad access check check
...
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/195163002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 15:12:47 +00:00
rossberg@chromium.org
3f702d4bf9
Mode clean-up pt 1: rename classic/non-strict mode to sloppy mode
...
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/177683002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 14:39:08 +00:00
yangguo@chromium.org
6e1507331e
Fix bug in constant folding object comparisons.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/195063002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 13:34:01 +00:00
yangguo@chromium.org
dda0aa88b0
Revert "Mark mjsunit/string-case as flaky."
...
This reverts r19760 since the issue has been fixed in r19755.
R=dslomov@google.com , dslomov@chromium.org
BUG=v8:3208
LOG=N
Review URL: https://codereview.chromium.org/194823002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 11:38:53 +00:00
mvstanton@chromium.org
819d9f62d0
Fix for 350887: CHECK failure on new_length->IsSmi()
...
In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to
optimize setting array length if the new length is a smi. However, we
refuse to set an array length to less than the index of the highest
non-configurable array element. This index may be outside of smi range.
Handle this case accordingly.
BUG=350887
LOG=N
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/194803002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-11 10:30:10 +00:00
yangguo@chromium.org
1634e7de38
Fix assertion in RegExp parser to correctly expect stack overflow.
...
Advance() always checks for stack overflow. If stack indeed overflowed,
current() would hold the kEndMarker. ParseOctalLiteral does not expect
this in the assertion, which causes assertion failure.
R=mvstanton@chromium.org
BUG=350865
LOG=N
Review URL: https://codereview.chromium.org/192773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 15:52:10 +00:00
yangguo@chromium.org
e25d51cc85
Fix constant folding of %_IsMinusZero.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/190793015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 15:06:54 +00:00
dslomov@chromium.org
9eefbda27f
Mark mjsunit/string-case as flaky.
...
BUG=v8:3208
LOG=N
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/192573004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 14:52:05 +00:00
yangguo@chromium.org
78d23e5662
Implement KnownSuccessor method to some control instructions.
...
R=jkummerow@chromium.org
BUG=v8:3118
LOG=N
Review URL: https://codereview.chromium.org/174863002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 14:50:01 +00:00
verwaest@chromium.org
1180803953
Reland and fix "Allow ICs to be generated for own global proxy."
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/176793003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:23:05 +00:00
rossberg@chromium.org
710ee827b5
Promise.all and Promise.race should reject non-array parameter.
...
Promise.all and Promise.race should reject the returned Promise if an
invalid parameter is given.
Since they don't support iterable now, they should reject the Promise
if a non-array parameter is given.
BUG=347453
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/182613003
Patch from Yutaka Hirano <yhirano@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 12:01:06 +00:00
bmeurer@chromium.org
bf86e624d4
Reland "Handle non-power-of-2 divisors in division-like operations".
...
Fixed the flooring div bug and added a test case.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/191293012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-10 10:39:17 +00:00
rafaelw@chromium.org
6503dfb72b
Reland "Enable Object.observe by default"
...
Original Issue: https://codereview.chromium.org/183683022/
TBR=rossberg
BUG=v8:2409
LOG=Y
Review URL: https://codereview.chromium.org/189513010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 04:41:06 +00:00
rafaelw@chromium.org
0cc44c14e5
Revert "Enable Object.observe by default"
...
TBR=rossberg
BUG=
Review URL: https://codereview.chromium.org/190853007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 03:54:42 +00:00
rafaelw@chromium.org
dcf9842e07
Enable Object.observe by default
...
R=rossberg@chromium.org , rossberg
BUG=v8:2409
LOG=Y
Review URL: https://codereview.chromium.org/183683022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-08 02:47:53 +00:00
yangguo@chromium.org
4f15fd2977
Reland "Introduce intrinsics for double values in Javascript."
...
This relands r19704 with a fix to the test case.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/189823003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 14:58:41 +00:00
ulan@chromium.org
06af80d42d
Introduce Runtime_GetAllScopesDetails to get all scopes at once for a frame.
...
This will reduce heavy ScopeIterator instantiations.
Once incorporated into chromium, will give 30% speed boost.
BUG=chromium:340285
LOG=Y
R=ulan@chromium.org , Yang, rossberg, ulan
Review URL: https://codereview.chromium.org/181063008
Patch from Andrey Adaykin <aandrey@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 11:03:35 +00:00
yangguo@chromium.org
143902bebf
Revert "Introduce intrinsics for double values in Javascript."
...
This reverts r19704.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/189533008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:49:28 +00:00
verwaest@chromium.org
8a3d715250
Revert "Use Representation::Integer32() for smi types on 32-bit-tagged systems."
...
Due to performance regression.
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/189843006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:29:07 +00:00
yangguo@chromium.org
2aefde4443
Introduce intrinsics for double values in Javascript.
...
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/178583006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 09:05:10 +00:00
yangguo@chromium.org
ea8368f471
Use fast path for sliced and external strings in ConvertCase.
...
R=dcarney@chromium.org
BUG=v8:3180
LOG=N
Review URL: https://codereview.chromium.org/180063002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-07 08:36:18 +00:00
ishell@chromium.org
997ce05289
Fix for failing asserts in HBoundsCheck code generation on x64: use proper cmp operation width instead of asserting that Integer32 values should be zero extended. Similar to chromium:345820.
...
BUG=349465
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/188703002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 16:22:47 +00:00
jkummerow@chromium.org
1cc0bafc07
Fix HConstants with Smi-ranged HeapNumber values
...
BUG=chromium:349878
LOG=y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/186123003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 16:21:09 +00:00
ulan@chromium.org
5af7d10af5
Mark mjsunit/whitespaces as slow and timeout for a64.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/182253008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 14:15:40 +00:00
mvstanton@chromium.org
6115a006fd
Bugfix for 349874: we incorrectly believe we saw a growing store
...
When we set an out of bounds array index, the index might be so large that
it causes the array to go to dictionary mode. It's better to avoid
"learning" that this was a growing store in that case.
This fix also partially reverts a fix for bug 347543, as this fix is
comprehensive and satisfies that repro case as well (partial revert of
v19591).
BUG=349874
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/188643002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 13:07:51 +00:00
verwaest@chromium.org
cd6f3ef088
Only use the non-strict-arguments-stub if the store site is non-strict.
...
BUG=349874
LOG=N
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/176843018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:19:06 +00:00
jkummerow@chromium.org
5ea3f0004a
Let HTransitionElementsKind take part in RestoreActualValues phase
...
BUG=chromium:349853
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/183753005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:13:49 +00:00
yangguo@chromium.org
285f253af1
Remove outdated assertion scope.
...
R=jkummerow@chromium.org
BUG=349870
LOG=N
Review URL: https://codereview.chromium.org/182003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 11:51:53 +00:00
yangguo@chromium.org
e2e2f4050d
Fix issues with JSON stringify replacer array
...
If the replacer array contains a property key we should include the
property even if the property is non enumerable or if it is a non own
property.
String and Number wrappers in the replacer array should be treated as
string and number values.
R=yangguo@chromium.org
BUG=v8:3200, v8:3201
LOG=Y
Review URL: https://codereview.chromium.org/187053003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:50:53 +00:00
verwaest@chromium.org
7bf33c53eb
Use Representation::Integer32() for smi types on 32-bit-tagged systems.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/187353005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:49:10 +00:00
verwaest@chromium.org
f913c3b492
Also delete force representations that have no uses.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/187773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:47:27 +00:00
jarin@chromium.org
52fd520c96
Fix materialization of captured objects in adapted arguments.
...
R=mstarzinger@chromium.org
BUG=348512
LOG=N
Review URL: https://codereview.chromium.org/183063006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:57:18 +00:00
jarin@chromium.org
7ac668f753
Deoptimization fix for HPushArgument.
...
HPushArgument should never be used in a simulation environment
because the slot addresses for the arguments can be off (e.g.,
due to on-stack arguments object of an inlined caller).
R=mstarzinger@chromium.org
BUG=v8:3183
LOG=N
Review URL: https://codereview.chromium.org/178193026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:45:46 +00:00
yangguo@chromium.org
26e4f4cc1c
Handle exception when retrieving toJSON function in JSON.stringify.
...
R=mvstanton@chromium.org
BUG=349335
LOG=N
Review URL: https://codereview.chromium.org/187603002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 10:54:35 +00:00
jkummerow@chromium.org
3df5573195
x64: Fix LMathMinMax for constant Smi right-hand operands
...
BUG=chromium:349079
LOG=y
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/186593003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 09:49:07 +00:00
mstarzinger@chromium.org
ee8cbc4fc8
Fix issue with setting __proto__ on a value
...
LOG=N
BUG=v8:3172
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/174113003
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 08:58:38 +00:00
verwaest@chromium.org
1aeaeb2b90
Allow objects with "" properties to stay fast.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/184453003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 12:43:05 +00:00
yangguo@chromium.org
b1a271a02c
Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique.
...
R=titzer@chromium.org
BUG=348280
LOG=N
Review URL: https://codereview.chromium.org/183383006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 08:08:08 +00:00
ulan@chromium.org
b9e0b87a5a
Clear optimized code cache in shared function info when code gets deoptimized.
...
This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info.
This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js).
This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache.
BUG=343609
LOG=Y
TEST=mjsunit/regress/regress-343609.js
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-03 11:11:39 +00:00
rossberg@chromium.org
5543263c19
Move all Harmony-only tests to harmony/
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/178583005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:26:32 +00:00
ishell@chromium.org
c2601aea8a
Check elimination did not mark some dead blocks.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/180483003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:16:38 +00:00
svenpanne@chromium.org
e9273332ef
Fixed constant folding for Math.clz32.
...
LOG=y
BUG=347906
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184353002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 13:07:10 +00:00
jochen@chromium.org
ba981e58d5
Make a64.release a quickcheck target
...
I marked all tests as slow that take more than a minute on my machine.
With this, a64.release.quickcheck takes two minutes which is about as
fast as arm.optdebug.quickcheck.
BUG=none
R=ulan@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/183763008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:46:13 +00:00
mvstanton@chromium.org
b1ffc7901f
A JSArray may have a filler map in the elements pointer.
...
We already have code that expects this, but incorrectly asserted that the
filler map case would never happen when allocation folding is turned on.
However, even folding has it's limits, bailing out of continued folding
when the object size grows too large. Therefore, it's a general problem
when verifying JSArray objects, that we might encounter a filler map
in elements().
Discovered by ClusterFuzz crbug 347903.
R=hpayer@chromium.org
LOG=N
BUG=347903
Review URL: https://codereview.chromium.org/184493002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:29:19 +00:00
yangguo@chromium.org
5c186bb197
Evict from optimized code map in sync with removing from optimized functions list.
...
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/184443002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:27:31 +00:00
bmeurer@chromium.org
70242fe3bb
Fix JSObject::PrintTransitions.
...
BUG=347912
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/183683005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:41:07 +00:00
hpayer@chromium.org
38ca2629be
Fix representation generalization for doubles.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/184393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:07:10 +00:00
dcarney@chromium.org
98d1cedac4
Get array_function from NativeContext
...
R=mvstanton@chromium.org
LOG=N
BUG=347528
Review URL: https://codereview.chromium.org/184173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 10:01:27 +00:00
bmeurer@chromium.org
5945f9ebb9
Fix handling of constant global variable assignments.
...
BUG=347904
LOG=y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/184303003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 09:40:12 +00:00
svenpanne@chromium.org
c4e90c15b8
Removed bogus ASSERT.
...
LOG=y
BUG=347542
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/183763007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 08:45:07 +00:00
ishell@chromium.org
2ab83cf192
HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included.
...
BUG=347543
LOG=N
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/180803005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 17:33:25 +00:00
rafaelw@chromium.org
d9a66ad941
Runtime::RunMicrotask should silent return if no pending microtask work (rather than asserting)
...
R=rossberg@chromium.org , rossberg
BUG=347532
Review URL: https://codereview.chromium.org/181013008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 16:49:55 +00:00
verwaest@chromium.org
aa14020bc7
Fix putting of prototype transitions. The length is also subject to GC, just like entry.
...
BUG=347536
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/183193003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 16:07:44 +00:00
jarin@chromium.org
05b98492a4
Handle arguments objects in frame when materializing arguments
...
R=mstarzinger@chromium.org
BUG=347262
Review URL: https://codereview.chromium.org/177293009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 15:12:12 +00:00
yangguo@chromium.org
6912a248ca
Fix bogus assertion in SetFastDoubleElements.
...
R=danno@chromium.org
BUG=347530
LOG=N
Review URL: https://codereview.chromium.org/181433016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 14:45:53 +00:00
mvstanton@chromium.org
b8f8cfabca
Fix for Clusterfuzz issue 343928.
...
The problem was that the debugger didn't expect that a JSFunction could
have a GlobalContext, which it can with harmony scoping.
BUG=343928
R=yangguo@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/183103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 13:25:05 +00:00
ishell@chromium.org
1ae7e8a1e5
Fix for failing asserts in HBoundsCheck code generation on x64: index register should be zero extended.
...
BUG=345820
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/180013002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 16:33:54 +00:00
verwaest@chromium.org
d5caecccc5
Revert "Use stability to only conditionally flush information from the CheckMaps table."
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/180023002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 16:11:58 +00:00
jkummerow@chromium.org
e7e93cd433
Mark HCompareMap as having Tagged representation
...
BUG=chromium:346636
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/176923013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 15:09:47 +00:00
rossberg@chromium.org
63f1970c6c
Fix crasher in Object.getOwnPropertySymbols
...
R=arv@chromium.org , mstarzinger@chromium.org
BUG=346141
LOG=Y
Review URL: https://codereview.chromium.org/177883002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 12:01:34 +00:00
bmeurer@chromium.org
77f597d387
Don't eliminate loads with incompatible types or representations.
...
BUG=346343
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/179553002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19536 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:55:50 +00:00
ishell@chromium.org
6c1659becf
Fix for a smi stores optimization on x64 with a regression test.
...
BUG=345715
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/178833002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:55:02 +00:00
dcarney@chromium.org
cb05cff594
negative bounds checking on realm calls
...
R=rossberg@chromium.org
LOG=N
BUG=344285
Review URL: https://codereview.chromium.org/169393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:15:05 +00:00
jkummerow@chromium.org
37b6fd07c1
Fix optimistic BCE to back off after deopt
...
BUG=v8:3176
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/177523002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-24 13:15:31 +00:00
verwaest@chromium.org
84b366516e
Don't turn objects with empty-string properties into fast-mode.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/165743003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-20 16:11:48 +00:00
rossberg@chromium.org
0d34254f8d
Upgrade Symbol implementation to match current ES6 behavior.
...
Refresh the implementation of Symbols to catch up with what the
specification now mandates:
* The global Symbol() function manufactures new Symbol values,
optionally with a string description attached.
* Invoking Symbol() as a constructor will now throw.
* ToString() over Symbol values still throws, and
Object.prototype.toString() stringifies like before.
* A Symbol value is wrapped in a Symbol object either implicitly if
it is the receiver, or explicitly done via Object(symbolValue) or
(new Object(symbolValue).)
* The Symbol.prototype.toString() method no longer throws on Symbol
wrapper objects (nor Symbol values.) Ditto for Symbol.prototype.valueOf().
* Symbol.prototype.toString() stringifies as "Symbol("<description>"),
valueOf() returns the wrapper's Symbol value.
* ToPrimitive() over Symbol wrapper objects now throws.
Overall, this provides a stricter separation between Symbol values and
wrapper objects than before, and the explicit fetching out of the
description (nee name) via the "name" property is no longer supported
(by the spec nor the implementation.)
Adjusted existing Symbol test files to fit current, adding some extra
tests for new/changed behavior.
LOG=N
R=arv@chromium.org , rossberg@chromium.org , arv, rossberg
BUG=v8:3053
Review URL: https://codereview.chromium.org/118553003
Patch from Sigbjorn Finne <sigbjornf@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 14:19:42 +00:00
yangguo@chromium.org
139134acc2
Harmony: optimize Math.clz32.
...
R=svenpanne@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/172133003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19487 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 13:51:49 +00:00
yangguo@chromium.org
84cf85598d
Harmony: implement Math.cbrt, Math.expm1 and Math.log1p.
...
BUG=v8:2938
LOG=N
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/163563003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 13:49:59 +00:00
ishell@chromium.org
1342cb8b00
Bugfix in check elimination with a regression test.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/172173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 12:34:50 +00:00
rossberg@chromium.org
13d99fe778
ES6: Tighten up Object.prototype.__proto__
...
The spec requires that we throw under certain conditions.
BUG=v8:3064
LOG=y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/103853006
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 11:59:05 +00:00
jkummerow@chromium.org
6e3b81a7b2
Fix Hydrogen bounds check elimination
...
When combining bounds checks, they must all be moved before the first load/store
that they are guarding.
BUG=chromium:344186
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/172093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 10:30:39 +00:00
alexandre.rames@arm.com
62116e2c12
A64: Let the MacroAssembler resolve branches to distant targets.
...
Code generation would fail when assembling a branch to a label that is bound
outside the immediate range of the instruction. A64 is sensitive to this, as the
various branching instructions have different ranges, going down to +-32KB for
TBZ/TBNZ. The MacroAssembler is augmented to handle branches to targets that
may exceed the immediate range of instructions.
When branching backward to a label exceeding the instruction range, the
MacroAssembler can simply tweak the generated code to use an unconditional
branch with a longer range. For example instead of
B(cond, &label);
the MacroAssembler can generate:
b(InvertCondition(cond), &done);
b(&label);
bind(&done);
Since the target is not known when the branch is emitted, forward branches uses
a different mechanism. The MacroAssembler keeps track of forward branches to
unbound labels. When the code generation approaches the end of the range of a
branch, a veneer is generated for the branch.
BUG=v8:3148
LOG=Y
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/169893002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 13:15:32 +00:00
verwaest@chromium.org
60c08a8bf2
Directly store the transition target on LookupResult in TransitionResult.
...
BUG=chromium:343964
LOG=N
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/170343003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 12:19:32 +00:00
yangguo@chromium.org
be7b023a5c
Harmony: implement Math.clz32
...
R=dslomov@chromium.org , svenpanne@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/169783002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:49:35 +00:00
svenpanne@chromium.org
dbce27047e
Fixed and improved code for integral division. Fixed and extended tests.
...
Arithmetic right shifting is *not* division in two's complement
representation, only in one's complement. So we convert to one's
complement, shift, and go back to two's complement. By permutating the
last steps, one can get efficient branch-free code. This insight comes
from the paleozoic era of computer science, see the paper from 1976:
Guy Lewis Steele Jr.: "Arithmetic Shifting Considered Harmful"
ftp://publications.ai.mit.edu/ai-publications/pdf/AIM-378.pdf
This results in better and more correct code than our previous
"neg/shift/neg" dance.
LOG=y
BUG=v8:3151
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/166793002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:45:27 +00:00
yangguo@chromium.org
9ffe004ae4
Harmony: implement Math.fround.
...
R=jarin@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/169513002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:43:06 +00:00
mvstanton@chromium.org
8bcdbc354f
Revert "Add a premonomorphic state to the call target cache."
...
This reverts commit r19402
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/169713002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19412 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 14:22:18 +00:00
mvstanton@chromium.org
be731e6c95
Add a premonomorphic state to the call target cache.
...
From a CL by kasperl: https://codereview.chromium.org/162903004/
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/163413003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 11:59:45 +00:00
jarin@chromium.org
4c7ed144e1
Comparison in effect context lazy deopt fix.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/163623002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-16 05:51:10 +00:00
ulan@chromium.org
6744ff61ae
Fix dictionary element load to pass correct elements kind.
...
Using FAST_SMI_ELEMENTS triggers optimization on 64-bit architectures that load
only the higher 32 bits of the element. If the element is a pointer to undefined
that has 0 in the higher half than it is erroneously treated as SMI 0.
BUG=v8:3158
LOG=N
TEST=mjsunit/sparse-array-reverse,mjsunit/regress/regress-3158.js
R=danno@chromium.org , ishell@chromium.org
Review URL: https://codereview.chromium.org/166653005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 15:52:24 +00:00
yangguo@chromium.org
68c7523e63
Fix assignment of function name constant.
...
If it's shadowed by a variable of the same name and both are forcibly
context-allocated, the function is assigned to the wrong context slot.
R=rossberg@chromium.org
BUG=v8:3138
LOG=Y
Review URL: https://codereview.chromium.org/159903008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 12:40:47 +00:00
jarin@chromium.org
8acefb33fe
Test and fix for polymorphic named call deoptimization.
...
The fix removes wrong simulates from the number branch of polymorphic
call/field access handling.
The change also fixes the same thing for polymorphic named field
access even thourgh the field access is probably safe in practice
(because it cannot deoptimize). It is better to keep all our simulates
in sync with full codegen.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/166503002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 12:02:39 +00:00
yangguo@chromium.org
a676bc1bbf
Fix typed array error message.
...
R=dslomov@chromium.org
BUG=v8:3159
LOG=N
Review URL: https://codereview.chromium.org/163293002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 09:33:03 +00:00
verwaest@chromium.org
e0960e19aa
Fix polymorphic inlining of accessors in a test-context.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/164003002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 16:55:38 +00:00
m.m.capewell@googlemail.com
028ff21445
A64: Fix some int32 accesses in lithium
...
This fixes mjsunit/sin-cos. There are further int32 accesses being investigated.
BUG=
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/163553005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 15:49:01 +00:00
ishell@chromium.org
6bb57517c0
Restore of compare-objeq-elim test accidentally removed in r19229.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/162903005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 12:22:24 +00:00
rafaelw@chromium.org
6b5a4cdef2
V8 Microtask Queue & API
...
This patch generalizes Object.observe callbacks and promise resolution into a FIFO queue called a "microtask queue".
It also exposes new V8 API which exposes the microtask queue to the embedder. In particular, it allows the embedder to
-schedule a microtask (EnqueueExternalMicrotask)
-run the microtask queue (RunMicrotasks)
-control whether the microtask queue is run automatically within V8 when the last script exits (SetAutorunMicrotasks).
R=dcarney@chromium.org , rossberg@chromium.org , dcarney, rossberg, svenpanne
BUG=
Review URL: https://codereview.chromium.org/154283002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 22:04:19 +00:00
verwaest@chromium.org
161b2f689a
Reland: "Use stability to only conditionally flush information from the CheckMaps table."
...
BUG=
R=ishell@chromium.org
Original CL: https://codereview.chromium.org/153823003
Review URL: https://codereview.chromium.org/153653007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:48:12 +00:00
verwaest@chromium.org
7b7e3658f7
Don't propagate information through phis in loop headers.
...
To properly do this, we'd have to iterate over CompareMaps (and their bodies) handling phis, until we have learned enough to decide which paths can be taken. For now, just disable learning from phis in loop headers.
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/147023005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:30:41 +00:00
rmcilroy@chromium.org
26e8009997
[a64]: Disable failing sparse-array-reverse on a64 debug builds.
...
BUG=v8:3158
LOG=N
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/160633002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:22:28 +00:00
verwaest@chromium.org
75432b7696
Revert "Use stability to only conditionally flush information from the CheckMaps table."
...
R=ishell@chromium.org
BUG=
Review URL: https://codereview.chromium.org/137863005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:38:42 +00:00
verwaest@chromium.org
2b7d33572a
Use stability to only conditionally flush information from the CheckMaps table.
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/153823003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:07:41 +00:00
jarin@chromium.org
af29e31a11
Fix for (One|Two)ByteSeqStringSetChar evaluation order/deopt.
...
This makes the evaluation order consistent between full codegen
and Hydrogen (so that deopt does not screw up stack).
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/159983008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 13:31:24 +00:00
jochen@chromium.org
b0fcc801e9
A64: Skip tests failing on gc stress bots
...
BUG=none
TBR=ulan@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/160353002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 12:18:36 +00:00
jochen@chromium.org
96a1886637
A64: Skip more known failures
...
TBR=ulan@chromium.org
BUG=none
LOG=n
Review URL: https://codereview.chromium.org/160073007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19318 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 11:57:50 +00:00
ulan@chromium.org
e95bc7eec8
Merge experimental/a64 to bleeding_edge.
...
BUG=v8:3113
LOG=Y
R=jochen@chromium.org , rmcilroy@chromium.org , rodolph.perfetta@arm.com
Review URL: https://codereview.chromium.org/148293020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 09:19:30 +00:00
jarin@chromium.org
21bf99e53e
Fix environment of the optimized version of the _SetValueOf intrinsic.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/158723006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 16:11:53 +00:00
ishell@chromium.org
994f0f6dda
Fix for a smi stores optimization on x64 with a test case.
...
BUG=338425
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/152923006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19288 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 16:02:18 +00:00
yangguo@chromium.org
0870702436
Harmony: fix spec violation in Math.cosh.
...
R=jarin@chromium.org
BUG=v8:3141
LOG=N
Review URL: https://codereview.chromium.org/159353003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19272 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 11:48:32 +00:00
yangguo@chromium.org
f78bfaa857
Fix spec violations in JSON.stringify wrt replacer array.
...
R=verwaest@chromium.org
BUG=v8:3135
LOG=Y
Review URL: https://codereview.chromium.org/146623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 10:45:39 +00:00
mvstanton@chromium.org
95ad971d0f
Fix gcstress test failure
...
Map collection complicates a test that wants to assert on code opt/deopt
because of prototype-chain changes. It can happen that a gc occurs
in the stack guard at the start of optimized function foo that deopts
function foo because of a map being collected and deoptimizing it's
dependent code.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/159653002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 09:06:13 +00:00
ishell@chromium.org
f46da9d43b
Reland of r19102: Check elimination improvement: propagation of state through phis is supported, CheckMap narrowing implemented with tests.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/146623006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 15:32:54 +00:00
yangguo@chromium.org
b618d2a42a
Fix inconsistencies wrt whitespaces.
...
This relands r19196 with fixes.
BUG=v8:3109
LOG=Y
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/141323007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 12:43:10 +00:00
mstarzinger@chromium.org
23bfeabcfd
Remove duplicate third-party test cases.
...
Some of the third-party test cases in the mjsunit test suite were
originally taken from WebKit and are now fully covered by the equally
named test suite.
Mapping of test cases:
- array-isarray.js -> test/webkit/Array-isArray.js
- array-splice-webkit.js -> test/webkit/array-splice.js
R=machenbach@chromium.org
BUG=
Review URL: https://codereview.chromium.org/158803002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 11:29:59 +00:00
rossberg@chromium.org
e8175a3e9f
Revert "Make Function.length and Function.name configurable properties."
...
Plenty of test failures on test262, Mozilla, Webkit. Will have to investigate.
TBR=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/139983003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 15:29:18 +00:00
rossberg@chromium.org
7317b71f02
Make Function.length and Function.name configurable properties.
...
ES6 makes the Function object properties "length" and "name"
configurable; switch the implementation over to follow that.
Doing so exposed a problem in the handling of non-writable, but
configurable properties backed by foreign callback accessors
internally. As an optimization, if such an accessor property is
re-defined with a new value, its setter was passed the new value
directly, keeping the property as an accessor property. However, this
is not correct should the property be non-writable, as its setter will
then simply ignore the updated value. Adjust the enabling logic for
this optimization accordingly, along with adding a test.
LOG=N
R=rossberg@chromium.org , rossberg
BUG=v8:3045
Review URL: https://codereview.chromium.org/116083006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 14:55:30 +00:00
yangguo@chromium.org
db1a685b8f
Revert "Fix inconsistencies wrt whitespaces."
...
This reverts r19196.
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/147443008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 14:13:00 +00:00
yangguo@chromium.org
d0f57e1195
Fix inconsistencies wrt whitespaces.
...
\u0085 (NEL) is now considered a whitespace in accordance to http://www.unicode.org/Public/6.3.0/ucd/PropList.txt
R=mstarzinger@chromium.org
BUG=v8:3109
LOG=Y
Review URL: https://codereview.chromium.org/146983007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 12:34:45 +00:00
rafaelw@chromium.org
41039c4f13
Revert "Implement Microtask Delivery Queue"
...
TBR=adamk,rossberg
BUG=
Review URL: https://codereview.chromium.org/150103012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 01:08:50 +00:00
rossberg@chromium.org
01f5601129
ES6: Remove __proto__ setter poison pill
...
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-set-object.prototype.__proto__
The __proto__ setter should be reusable on other objects.
BUG=v8:2804
LOG=y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/103343005
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 16:09:45 +00:00
jarin@chromium.org
476881ce5b
Test and fix for _CallFunction intrinsic deoptimization.
...
I have also cleaned up HOptimizedGraphBuilder::GenerateCallFunction
to use IfBuilder.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/131343013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 12:42:26 +00:00
jarin@chromium.org
eb502fe599
Binary operation deoptimization fix.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/132453009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 09:36:55 +00:00
verwaest@chromium.org
7dc05b57fd
Move failing ASSERT on ARM to a more sane place.
...
Objects can actually be stored into themselves. This fails when no write
barrier is needed (eg, the object was just allocated).
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/148733005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-05 10:12:14 +00:00
rafaelw@chromium.org
7de9fc0a12
Implement Microtask Delivery Queue
...
R=rossberg@chromium.org , rossberg
BUG=
Review URL: https://codereview.chromium.org/131413008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 19:58:49 +00:00
dslomov@chromium.org
a03d31394c
Check the offset argument of TypedArray.set for fitting into Smi.
...
R=jkummerow@chromium.org
BUG=340125
LOG=Y
Review URL: https://codereview.chromium.org/145623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 09:53:05 +00:00
yangguo@chromium.org
9e70f6a4e7
Fix short-circuiting logical and/or in HOptimizedGraphBuilder.
...
R=jkummerow@chromium.org
BUG=336148
LOG=Y
Review URL: https://codereview.chromium.org/143263022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 14:29:34 +00:00
verwaest@chromium.org
db7124dc28
Return a valid map for PropertyAccessInfos with Boolean type.
...
BUG=340064
LOG=N
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/152603002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 10:20:32 +00:00
machenbach@chromium.org
d34938fe34
Fix expectations for new regression test.
...
TBR=jarin@chromium.org
Review URL: https://codereview.chromium.org/150853004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19013 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-01 09:56:20 +00:00
verwaest@chromium.org
ae7a209e71
Remove CallICs
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/148223002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:52:17 +00:00
machenbach@chromium.org
30fb7b83b3
[Sheriff] Mark new regression test flaky on linux 32.
...
BUG=
TBR=jarin@chromium.org
Review URL: https://codereview.chromium.org/148483004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:47:52 +00:00
jarin@chromium.org
3c2363f4b4
Simpler repro for bug 2989.
...
We do not correctly handle accesses to f.arguments after one
of the argument has changed (where f is crankshafted).
R=machenbach@chromium.org
BUG=v8:2989
LOG=n
Review URL: https://codereview.chromium.org/151403003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:12:58 +00:00
machenbach@chromium.org
275437023f
[Sheriff] Mark new regression test as flaky.
...
BUG=336820
LOG=n
R=bmeurer@chromium.org
TBR=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/139923007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 13:56:00 +00:00
bmeurer@chromium.org
3214cf11ff
Don't crash in Array.join() if the resulting string exceeds the max string length.
...
LOG=y
BUG=336820
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/144533003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18986 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:21:17 +00:00
ishell@chromium.org
2aa17c6e62
Load elimination fix: load should not be replaced with another load if the former is not dominated by the latter.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/151333003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18985 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:03:32 +00:00
hpayer@chromium.org
27c385bf69
Revert "[Sheriff] Mark profviz flaky on GC stress."
...
This reverts commit f70687c1e5ef15254887e0619939e25a834e936e.
BUG=
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/148493006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:59:22 +00:00
verwaest@chromium.org
bef13f739c
Fix regression caused by supporting inlining accesses to non-JSObjects
...
TBR=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/150983002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 00:29:04 +00:00
machenbach@chromium.org
c3c064360d
Disable unsuitable tests in ASAN mode.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/148963010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 12:52:22 +00:00
verwaest@chromium.org
73529a7d14
Support loads from primitive values.
...
This also changes load computation to use HeapTypes rather than Maps.
TODO: move conversion between maps and heaptypes earlier in the process, already in the oracle.
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/147763006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 11:30:38 +00:00
jarin@chromium.org
99ce5a2484
The current
...
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).
The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.
Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function. This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).
We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once. The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address. Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones. Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).
Concerns:
- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)
- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.
- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer. However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.
Thanks for any feedback.
R=danno@chromium.org , mstarzinger@chromium.org
LOG=N
BUG=
Committed: https://code.google.com/p/v8/source/detail?r=18918
Review URL: https://codereview.chromium.org/103243005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 10:33:53 +00:00
machenbach@chromium.org
f815198288
[Sheriff] Mark profviz flaky on GC stress.
...
BUG=
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/149763002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 20:50:51 +00:00
jarin@chromium.org
ec51f26b9e
Revert "Captured arguments object materialization"
...
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/130803009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:49:48 +00:00
jarin@chromium.org
868ad01ecb
This is a preview of the captured arguments object materialization,
...
mostly to make sure that it is going in the right direction. The current
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).
The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.
Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function. This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).
We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once. The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address. Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones. Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).
Concerns:
- Is there a simpler/more correct way to store the already-materialized
objects? (At the moment there is a custom root reference to JSArray
containing frames' FixedArrays with their captured objects.)
- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)
- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.
- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer. However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.
Thanks for any feedback.
R=mstarzinger@chromium.org , danno@chromium.org
LOG=N
BUG=
Review URL: https://codereview.chromium.org/103243005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:14:15 +00:00
svenpanne@chromium.org
abe807db7f
ES6: Map and Set needs to normalize minus zero
...
BUG=v8:3069
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/147143003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 07:27:05 +00:00
ishell@chromium.org
d330d4801d
Load elimination fix with a test case.
...
R=titzer@chromium.org , verwaest@chromium.org
Review URL: https://codereview.chromium.org/143413019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-28 16:45:04 +00:00
mvstanton@chromium.org
371d6f6a98
We shouldn't throw under FLAG_debug_code, rather abort.
...
Throwing under FLAG_debug_code confuses the rest of our infrastructure
which expects a safe point at the site of call into the runtime
for throw. We were doing that to make a clusterfuzz test happy, but
the better solution is to assert/abort under debug_code, and prevent
clusterfuzz from fuzzing on internal APIs that crash on incorrect
values.
We'll need to alter the fuzzer to turn off fuzzing for:
string-natives.js
lithium/SeqStringSetChar.js
regress/regress-seqstrsetchar-ex3.js
regress/regress-seqstrsetchar-ex1.js
regress/regress-crbug-320922.js
So as to prevent the fuzzer from running
%_OneByteSeqStringSetChar() and
%_TwoByteSeqStringSetChar().
BUG=
R=hpayer@chromium.org , machenbach@chromium.org
Review URL: https://codereview.chromium.org/139903005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18878 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-28 11:53:11 +00:00
ishell@chromium.org
1776dffa56
Make String.prototype.{starts,ends}With
throw when passing a regular expression
...
Contributed by Mathias Bynens <mathiasb@opera.com>.
TEST=mjsunit/harmony
BUG=v8:3070
LOG=Y
R=arv@chromium.org , ishell@chromium.org
Review URL: https://codereview.chromium.org/120683002
Patch from Mathias Bynens <mathiasb@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18870 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-28 10:31:05 +00:00
machenbach@chromium.org
fd4a006eb3
[Sheriff] Fix status file entry.
...
BUG=
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/148183007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18861 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 16:46:16 +00:00
hpayer@chromium.org
e624346e68
Skip regression test 320948 temporarily.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/131503008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 15:59:10 +00:00
hpayer@chromium.org
86cf9ca690
Enable concurrent sweeping.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/146833012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-27 14:37:22 +00:00
dslomov@chromium.org
1a67b7f86a
External Array renaming and boilerplate scrapping
...
Replaced symbolic names with correct JS name (byte -> int8, unsigned int -> uint32 etc).
Using macros to scrap the boilerplate
BUG=
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/145133013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 16:01:15 +00:00
verwaest@chromium.org
21532ddfdc
Reland ArrayPop / ArrayPush.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/138443012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:47:53 +00:00
machenbach@chromium.org
cde3ed1fe3
Speed up some mjsunit test cases and clean up test expectations for arm and mips.
...
Many skipped test cases already run very fast. Removing the corresponding expectations.
BUG=
R=jkummerow@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/138503008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 11:36:45 +00:00
jkummerow@chromium.org
ee4e034d70
Revert broken ArrayPop changes
...
This reverts:
r18749 "Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."",
r18790 "Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.", and
r18798 "MIPS: Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft."
For causing crashes on Canary.
BUG=chromium:337686
LOG=N
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/146003006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-24 08:32:50 +00:00
machenbach@chromium.org
ca0d99196d
Disable SetAllocationTimeout in fuzz-natives test since it has varargs.
...
BUG=
R=mstarzinger@chromium.org
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/145803002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 16:33:35 +00:00
verwaest@chromium.org
6b60546b16
Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/137693003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 16:20:25 +00:00
hpayer@chromium.org
83a1df2354
Remove Heap::MaxRegularSpaceAllocationSize and use Page::MaxRegularHeapObjectSize instead.
...
BUG=
R=mstarzinger@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/141653016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 13:02:27 +00:00
hpayer@chromium.org
a92e87e100
Make the full object memory size of a page available for a single allocation.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/145493004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 12:13:20 +00:00
machenbach@chromium.org
c159485fb1
[Sheriff] Temporarily mark test as flaky.
...
BUG=
TBR=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/145593002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-23 10:54:30 +00:00
verwaest@chromium.org
f30330325e
Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/144913003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 13:22:58 +00:00
dslomov@chromium.org
33d7e64b51
ES6: Implement Object.setPrototypeOf
...
This reverts commit bdc89ae76c15f3ef2626f8849744500248aec3ba.
This is a revert of the revert with test/webkit updated as needed.
Original CL Description:
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.setprototypeof
This just exposes the internal %SetPrototype and adds all the required
type checks as specified.
BUG=v8:2675
LOG=Y
R=dslomov@chromium.org , rossberg@chromium.org
Review URL: https://codereview.chromium.org/144193005
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 12:15:57 +00:00
svenpanne@chromium.org
b4949cfd62
Fixed floor-of-div optimization.
...
We removed an HDiv by hand which was still used by an HChange. The
solution is letting dead code removal do the cleanup.
Removed a fragile "optimization" (looking through an HChange), too,
this obviously never triggered and is hard to get right given all our
global invariants and state/type/... changes.
The repro is a bit tricky, because you need inlining to make our
representations and types disagree in this case.
LOG=y
BUG=334708
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/143903016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 11:54:51 +00:00
machenbach@chromium.org
1864f7388e
Add infrastructure for skipping tests in GC stress mode.
...
Also move the GC stress configuration from the buildbot to the test runner.
BUG=
R=jkummerow@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/141653008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 12:41:25 +00:00
machenbach@chromium.org
63cd984538
[Sheriff] Temporarily mark array-literal-feedback as flaky for GC stress.
...
The test is blocking the v8 lkgr. It will be unmarked again after there is infrastructure to disable it on GC stress only.
BUG=
TBR=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/143463004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 07:58:54 +00:00
machenbach@chromium.org
3be4500877
[Sheriff] Temporarily mark two mjsunit tests as flaky.
...
The tests are blocking the v8 lkgr. They will be unmarked again after there is infrastructure to disable them on GC stress only.
TBR=mvstanton@chromium.org
BUG=
Review URL: https://codereview.chromium.org/139343008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 19:05:31 +00:00
titzer@chromium.org
5771b0975a
Fix representation requirement in HReturn.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/143523002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 19:00:11 +00:00
verwaest@chromium.org
9f64f43a1c
Turn ArrayPush into a stub specialized on the elements kind and argc.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/143213003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 17:09:24 +00:00
dslomov@chromium.org
5b7b4b99b7
Revert "ES6: Implement Object.setPrototypeOf"
...
This reverts commit r18685 for breaking WebKit tests.
TBR=arv@chromium.org
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 10:59:07 +00:00
dslomov@chromium.org
1e3a14da44
ES6: Implement Object.setPrototypeOf
...
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.setprototypeof
This just exposes the internal %SetPrototype and adds all the required
type checks as specified.
BUG=v8:2675
LOG=Y
R=dslomov@chromium.org , rossberg@chromium.org
Review URL: https://codereview.chromium.org/141913002
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 10:38:01 +00:00
verwaest@chromium.org
ef52aeb701
Remove special ArrayCode CallIC.
...
Once Call ICs are replaced by LoadIC + CallFunctionStub, we'll need a new way
of tracking this information.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/141073006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-17 11:24:36 +00:00
mvstanton@chromium.org
155ef100e9
Fix logic error in assert in IsUndeclaredGlobal()
...
Recent changes in IC logic meant that CallStubs no longer use the Contextual bit. IsUndeclaredGlobal() needed to adjust for that.
In fact, now the CL has morphed to remove the notion of storing contextual state in the IC at all, it just becomes some extra ic state of the load ic. This took some adjustment in harmony code to use the global receiver for certain stores.
Now it's clearer that only LoadICs actually record any information about contextual or not.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/140943002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-17 11:08:24 +00:00
verwaest@chromium.org
53f46c5214
Get rid of ContextualMode for call ICs.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/137083002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 16:15:05 +00:00
mstarzinger@chromium.org
4d338985b9
Closed generator returns a completed object instead of throwing a error
...
From ES6 rev20 draft, closed generator returns completed object (the
value is `undefined` and done is `true`).
Since a error thrown in generator is propagated to the caller without
setting status of a thrown generator to "completed", once a generator is
suspended by a error, status becomes "executing" forever. This is filed
as v8:3096
LOG=N
BUG=v8:3097
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/136003003
Patch from Yusuke Suzuki <yusukesuzuki@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 15:19:34 +00:00
jkummerow@chromium.org
be4c1bdac2
Fix test after r18586
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/138063003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 14:00:10 +00:00
jkummerow@chromium.org
1ed94acf0c
Turn Runtime_MigrateInstance into Runtime_TryMigrateInstance
...
because it must not cause lazy deopts because it is called from deferred code that cannot handle lazy deopts.
Hat tip to Ben for doing most of the debugging work, and to Toon for writing the regression test.
BUG=chromium:315252
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/131243003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 13:41:09 +00:00
verwaest@chromium.org
f2245a9cf9
Make the strict-mode calling convention for contextual calls the default one.
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/131663003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 12:04:10 +00:00
hpayer@chromium.org
dcf7f73ec0
Enable allocation site pretenuring.
...
Disable elements-kind.js unit test temporarily on gc stress builders.
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/136813002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-13 17:11:36 +00:00
jarin@chromium.org
c0f622a45b
Fix of Hydrogen environment building for function "apply" calls.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/133773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-11 13:59:04 +00:00
bmeurer@chromium.org
967d6499d2
Revert "Temporarily disable performance.now() in the d8 shell."
...
This reverts commit r18529.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/133523003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-10 12:07:29 +00:00
bmeurer@chromium.org
1b1c27d916
Temporarily disable performance.now() in the d8 shell.
...
Review URL: https://codereview.chromium.org/133663002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-10 11:17:57 +00:00
rossberg@chromium.org
014a86ef8c
ES6: Add Object.getOwnPropertySymbols
...
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.getownpropertysymbols
This allows you to get the symbols used as property keys for an object.
var object = {};
var sym = Symbol();
object[sym] = 42;
assert(Object.getOwnPropertySymbols(object)[0] === sym);
This is only available with --harmony-symbols
BUG=v8:3049
R=rossberg@chromium.org , rossberg
LOG=Y
Review URL: https://codereview.chromium.org/108083005
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 15:57:30 +00:00
rossberg@chromium.org
3286bc71e3
Promises: some adaptations to spec
...
- Rename Promise.{resolved,rejected,deferred} to Promise.{resolve,reject,defer}
- Rename Promise.one to Promise.race
- Make all failures asynchronous, EXCEPT type errors for resolver
- Disallow non-construct call to Promise constructor
- Don't make combinators go through public this.defer
Also, don't bother using IsCallable.
R=dslomov@chromium.org , yhirano@chromium.org
BUG=
Review URL: https://codereview.chromium.org/99573002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18515 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 13:00:56 +00:00
ulan@chromium.org
8db7aaa03d
Correctly handle instances without elements in polymorphic keyed load/store.
...
BUG=331416
TEST=mjsunit/regress/regress-331416.js
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/121893003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:57:28 +00:00
ulan@chromium.org
43d1c23e2a
Fix selection of popular pages in store buffer.
...
BUG=331444
TEST=mjsunit/regress/regress-331444.js
LOG=Y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/125983002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:49:37 +00:00
jkummerow@chromium.org
7761059a98
Fix d8's Shell::ReadBuffer after r18227
...
BUG=v8:3085
LOG=N
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/127853003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-08 09:48:38 +00:00