kmillikin@chromium.org
890bc1607a
Fix a potential crash in const declaration.
...
Declaration of const lookup slots would trigger an assertion if there was a
setter somewhere in the prototype chain, and that setter was shadowed by a
non-readonly data property also in the prototype chain.
R=ager@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7324048
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-11 14:07:12 +00:00
kmillikin@chromium.org
cbaf1bc98b
Allow JSObject::PreventExtensions to work for arguments objects.
...
R=karlklose@chromium.org
Review URL: http://codereview.chromium.org/7335002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-11 06:48:19 +00:00
danno@chromium.org
f894b7a3b3
Fix polymorphic array test
...
R=jkummerow@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/7326009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-08 10:59:20 +00:00
danno@chromium.org
07def3cb1e
Unify handling of element IC stubs.
...
In the process, add shared stubs for DictionaryValue lookups that are handled in the same way as fast elements and external array elements.
Includes code for MIPS, which compiles and run polymorph-arrays.js successfully.
R=jkummerow@chromium.org
BUG=none
TEST=test/mjsunit/polymorph-arrays.js
Review URL: http://codereview.chromium.org/7227010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-08 10:46:10 +00:00
sgjesse@chromium.org
7cbf0a4d48
Add inspection of whether frame is a construct frame to optimized frames
...
Also avoid that calling Debug::IsBreakAtReturn causes a full doptimization when there are no break points set. The full deoptimization is caused by Debug::IsBreakAtReturn calling Debug::EnsureDebugInfo which will assume that a break point is now set.
R=svenpanne@chromium.org
BUG=v8:1140
TEST=test/mjsunit/debug-evaluate-locals-optimized.js,test/mjsunit/debug-
evaluate-locals-optimized-doubles.js
Review URL: http://codereview.chromium.org//7307035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-08 08:55:26 +00:00
kmillikin@chromium.org
fe23339bdd
Fix a bug in for/in iteration of arguments objects.
...
We did not properly combine the property names from the parameter map
and the arguments backing store. They could overwrite each other and
be unsorted.
Also fix an unrelated bug: deleting from a dictionary-mode arguments
backing store could corrupt the parameter map.
R=rossberg@chromium.org
BUG=1531
TEST=mjsunit/regress/regress-1531.js
Review URL: http://codereview.chromium.org/7278033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-08 07:31:48 +00:00
sgjesse@chromium.org
8ccb47f57e
Add inspection of arguments for optimized frames
...
R=svenpanne@chromium.org
BUG=v8:1140
TEST=test/mjsunit/debug-evaluate-locals-optimized.js,test/mjsunit/debug-
evaluate-locals-optimized-doubles.js
Review URL: http://codereview.chromium.org//7310027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-07 14:29:16 +00:00
rossberg@chromium.org
58b913f9f0
Implement Object.defineProperty for proxies.
...
R=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7314003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-07 12:41:20 +00:00
ricow@chromium.org
82e53270dc
Ensure that regexps always have code object, even if GC happened while running multiple times in runtime.
...
Review URL: http://codereview.chromium.org/7316018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-07 10:04:56 +00:00
sgjesse@chromium.org
53a5b07992
Add inspection of function for optimized frames
...
R=svenpanne@chromium.org
BUG=none
TEST=test/mjsunit/debug-evaluate-locals-optimized.js,test/mjsunit/debug-evaluate-locals-optimized-doubles.js
Review URL: http://codereview.chromium.org//7227006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-06 13:02:17 +00:00
sgjesse@chromium.org
ca3787f395
Fix debug break on binary boolean operators
...
The syntax checker finding breakable statements did not take into account that the right hand side of a boolean binary opration might never get evaluated.
R=svenpanne@chromium.org
BUG=v8:1523
TEST=test/mjsunit/regress/regress-1523.js
Review URL: http://codereview.chromium.org//7212027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-06 10:16:57 +00:00
ricow@chromium.org
1fff78036e
In preperation of using d8 for running tests: Don't run d8-os when running with --isolates.
...
When used with d8 this can potentially interfer with the writing,
reading and deletion of files is the isolates flags makes the same
test run concurrently.
Review URL: http://codereview.chromium.org/7308006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-06 08:20:30 +00:00
vitalyr@chromium.org
8f60208324
Fix bug 1529: check for NULL handle in v8::TryCatch::StackTrace.
...
Internal HandleScope::CloseAndEscape crashes on NULL handles.
R=kmillikin@chromium.org
BUG=v8:1529
TEST=mjsunit/regress/regress-1529
Review URL: http://codereview.chromium.org/7309004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-04 13:29:56 +00:00
kmillikin@chromium.org
57c29c1f29
Fix a bug in with and catch context allocation.
...
We were only looking one level up the scope chain to decide which
closure to use in the fresh context. Instead, we should look to the
first non-catch scope.
R=vegorov@chromium.org
BUG=1528
TEST=regress-1528
Review URL: http://codereview.chromium.org/7309002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8523 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-04 09:34:47 +00:00
kmillikin@chromium.org
a48c03bb2a
Fix an issue with optimization of functions inside catch.
...
When optimizing a function defined inside a catch, we did not count
the catch context as part of the context chain.
R=vegorov@chromium.org
BUG=1521
TEST=regress-1521
Review URL: http://codereview.chromium.org/7285032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-01 14:05:46 +00:00
yangguo@chromium.org
77a3c7226b
exposing a few boolean queries from objects.h
...
TEST=start with ./d8 --allow-natives-syntax and try %ObjectHasFastElements({})
Review URL: http://codereview.chromium.org/7289010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-01 11:47:55 +00:00
lrn@chromium.org
ff9ce1abd4
Make date parser handle all ES5 Date Time Strings correctly.
...
This means that ES5 Date Time Strings will default to UTC if timezone is absent.
Handle as many legacy strings as possible the same way as before
BUG=v8:1498
TEST=mjsunit/date
Review URL: http://codereview.chromium.org/7291022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-01 11:41:45 +00:00
jkummerow@chromium.org
f2a9026d9a
Fix flakiness of optimization assertion on slow ARM builders
...
(if the test ran too slow, optimization kicked in earlier than expected by the test)
TEST=mjsunit/assert-opt-and-deopt.js no longer flaky
Review URL: http://codereview.chromium.org/7298001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-01 11:12:27 +00:00
karlklose@chromium.org
c0e2268c8c
Fix problem with arguments object ICs not checking for dictionary mode elements.
...
R=kmillikin@chromium.org
BUG=1514
TEST=mjsunit/regress/regress-1513.js
Review URL: http://codereview.chromium.org/7282029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 14:56:06 +00:00
kmillikin@chromium.org
f4c4df2d9a
Introduce scopes to keep track of catch blocks at compile time.
...
The catch variable is bound in the catch scope. For simplicity in this
initial implementation, it is always allocated even if unused and always
allocated to a catch context even if it doesn't escape. The presence of
catch is no longer treated as a with.
In this change, care must be taken to distinguish between the scope where a
var declaration is hoisted to and the scope where the initialization occurs.
R=ager@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7280012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8496 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 14:37:55 +00:00
ager@chromium.org
8a3d8b41e8
Exclude %_IsNativeOrStrictMode from natives fuzzer.
...
R=ricow@chromium.org
Review URL: http://codereview.chromium.org/7284032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 13:36:52 +00:00
ager@chromium.org
0d8c343c90
Do not pass the global object as the receiver to strict-mode and
...
builtin replace and sort functions.
R=ricow@chromium.org
BUG=v8:1360
TEST=mjsunit/regress/regress-1360.js
Review URL: http://codereview.chromium.org/7283006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 12:29:19 +00:00
kmillikin@chromium.org
6543526a9d
Remove failing test while working on a fix.
...
TBR=ricow@chromium.org
Review URL: http://codereview.chromium.org/7283040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 12:07:33 +00:00
kmillikin@chromium.org
3f84fcf6c9
Fix a bug in Object.defineProperty.
...
There was a bug in Object.defineProperty when used to add an indexed
property to an arguments object. When converting the elements backing
store to dictionary mode, the parameter map in front of the backing
store does not change.
R=ager@chromium.org ,karlklose@chromium.org
Review URL: http://codereview.chromium.org/7289011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 11:11:19 +00:00
sgjesse@chromium.org
7d2be7c0e0
Support debugger inspection of locals in optimized frames
...
Optimized frames are now handled by the debugger. When discovering optimized frames during stack inspection in the debugger they are "deoptimized" using the normal deoptimization code and the deoptimizer output information is used to provide frame information to the debugger.
Before this change the debugger reported each optimized frame as one frame no matter the number of inlined functuions that might have been called inside of it. Also all locals where reported as undefined. Locals can still be reposted as undefined when their value is not "known" by the optimized frame.
As the structures used to calculate the output frames when deoptimizing are not GC safe the information for the debugger is copied to another structure (DeoptimizedFrameInfo) which is registered with the global deoptimizer data and processed during GC.
R=fschneider@chromium.org
BUG=v8:1140
TEST=test/mjsunit/debug-evaluate-locals-optimized*
Review URL: http://codereview.chromium.org//7230045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-29 13:02:00 +00:00
sgjesse@chromium.org
39ed137e10
ARM: Improve register allocation and constraints (try 2).
...
Gives ~20% boost for Crypto benchmark on A9.
BUG=none
TEST=added to mjsunit/div-mod.js
Review URL: http://codereview.chromium.org//7276034
Patch from Martyn Capewell <m.m.capewell@googlemail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-29 10:51:06 +00:00
erik.corry@gmail.com
f8fdc62c19
Improvement to SmiLexicalCompare. Landing http://codereview.chromium.org/7261008 for Stephen Adams
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8456 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-29 08:35:10 +00:00
keuchel@chromium.org
3f70c456eb
Fix "illegal access" when calling parseInt with a radix that is not a smi.
...
BUG=v8:1246
TEST=regress-1246.js
Review URL: http://codereview.chromium.org/7206019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-28 12:31:42 +00:00
ager@chromium.org
89cc886ba7
Fix receiver check in arguments ICs.
...
The receiver needs to be checked in the same way as all other KeyedLoadICs to take non-JSObject and objects that require access checks or has interceptors into account.
R=sgjesse@chromium.org
BUG=87478
TEST=mjsunit/regress/regress-crbug-87478.js
Review URL: http://codereview.chromium.org/7259015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8429 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-27 13:02:51 +00:00
keuchel@chromium.org
ab3d4cf7b8
Proper handling of future reserved words in strict and normal mode.
...
BUG=86442
TEST=mjsunit/keywords-and-reserved_words.js
Review URL: http://codereview.chromium.org/7207007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-24 14:59:51 +00:00
ricow@chromium.org
840e31a0b3
Add regression test for optimized version of Math.abs.
...
This issue was already fixed on bleeding edge, but adding regression
test to get coverage and to make sure it works on the branches.
Review URL: http://codereview.chromium.org/7237022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-24 07:46:57 +00:00
fschneider@chromium.org
4bc671c2b0
Add missing write barrier for arguments store ICs.
...
Review URL: http://codereview.chromium.org/7207006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-23 09:20:07 +00:00
karlklose@chromium.org
c5a24f64c4
Fix wrong bounds check on arguments object.
...
TEST=added to test/mjsunit/arguments.js
Review URL: http://codereview.chromium.org/7217005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-21 09:27:38 +00:00
ager@chromium.org
a96b9156a3
Correctly handle non-array receivers in Array length setter.
...
BUG=v8:1491
TEST=mjsunit/regress/regress-1491.js
Review URL: http://codereview.chromium.org/7206038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8343 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-21 08:07:45 +00:00
lrn@chromium.org
480ec43c4e
Make "native" not a keyword.
...
We now only recognize "native function" when it occurs in extension scripts
(parsing with a non-NULL extension), and only if there is no line-terminator
between "native" and "function" (so that it would otherwise be a Syntax Error).
Preparsing never recognizes native functions, which is acceptable since we
never preparse extension scripts (because we don't allow lazy functions
anyway).
BUG=v8:1097
Review URL: http://codereview.chromium.org/7206020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-20 10:20:57 +00:00
kasperl@chromium.org
5a547ac413
Generalized Stephen's patch from http://codereview.chromium.org/7044100/ and
...
added a few test cases.
Review URL: http://codereview.chromium.org/7212006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-20 07:40:42 +00:00
erik.corry@gmail.com
c95ecb1fcd
Refix issue 1472. The previous fix worked for the example in the bug
...
report, but was not general enough to catch all cases. This is a new
approach. Includes regression test!
Review URL: http://codereview.chromium.org/7193007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8318 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-17 08:01:12 +00:00
lrn@chromium.org
ee59eff127
Make line-terminators inside multi-line comments count.
...
Now follows the specification. Follows WebKit change in revision 89100.
BUG=86431
TEST=regress-892742
Review URL: http://codereview.chromium.org/7184034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-17 07:23:07 +00:00
karlklose@chromium.org
f4e4bc43a8
Merge arguments branch to bleeding edge (second try).
...
Review URL: http://codereview.chromium.org/7187007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-16 14:12:58 +00:00
karlklose@chromium.org
cc19d1e278
Revert "Merge arguments branch to bleeding merge."
...
This reverts commit ceb31498b9d69edca3260820fb4047045891ce6d.
TBR=kmillikin@chromium.org
Review URL: http://codereview.chromium.org/7172030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-16 06:37:49 +00:00
vegorov@chromium.org
14bf246dfa
Add missing branches in code generated for LModI with power-of-2 divisor.
...
BUG=v8:1476
TEST=test/mjsunit/regress/regress-1476.js
Review URL: http://codereview.chromium.org/7097015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-15 19:57:39 +00:00
karlklose@chromium.org
6cfeb2d400
Merge arguments branch to bleeding merge.
...
Review URL: http://codereview.chromium.org/7167006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-15 15:09:28 +00:00
ricow@chromium.org
4032d2165e
Make name and message non-enumerable on Error object (this is a partial fix for issue 1215)
...
Review URL: http://codereview.chromium.org/7172011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-15 13:54:40 +00:00
ager@chromium.org
939011bb25
Add a number of old tests to the mjsunit test suite.
...
R=kasperl@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7171016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-15 13:33:10 +00:00
ricow@chromium.org
23d0aa614b
Ensure that bound functions does not have a prototype (fixes issue 794)
...
Review URL: http://codereview.chromium.org/7148014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8293 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-15 10:47:37 +00:00
ager@chromium.org
aa7ad8ee9d
Fix issue 1447 by not redefining properties unneccesarily in seal and freeze.
...
This avoids attempting to redefine function.arguments with a different
value than the current one. function.arguments returns a new copy on
each invocation.
R=lrn@chromium.org
BUG=v8:1447
TEST=mjsunit/regress/regress-1447.js
Review URL: http://codereview.chromium.org/7044104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-10 09:45:02 +00:00
ager@chromium.org
8ec22db350
Correct the limit of local variables in a optimized functions.
...
The encoding constraint is that we have 128 values. We use [-64,0] for
parameters and [0,63] for locals. However, for locals we restricted to
64 and not 63.
R=kmillikin@chromium.org
TEST=mjsunit/compiler/regress-max-locals-for-osr.js
Review URL: http://codereview.chromium.org/6995108
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-09 14:52:58 +00:00
whesse@chromium.org
c40aa827bf
Add boolean flag to HChange and LNumberUntagD to not convert undefined to NaN.
...
This is needed so that HCompare, optimized for double inputs, works correctly on undefined inputs.
BUG=v8:1434
TEST=mjsunit/bugs/bug-1434.js
Review URL: http://codereview.chromium.org/7044049
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8237 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-09 12:27:28 +00:00
kmillikin@chromium.org
c8b9f3ab7b
Update the blacklist in fuzz-natives.
...
Runtime functions were renamed in r8231.
R=ager@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7129040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-09 11:40:22 +00:00
fschneider@chromium.org
68eab4a8d8
Fix bug with GVN on array loads.
...
This fixes a bug where an array load was incorrectly hoisted by GVN.
BUG=85177
TEST=mjsunit/regress/regress-85177.js
Review URL: http://codereview.chromium.org/7003054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-09 11:15:03 +00:00