Commit Graph

24222 Commits

Author SHA1 Message Date
machenbach
8bde6b1920 Revert of Make d8 stop using to-be-deprecated APIs (patchset #3 id:40001 of https://codereview.chromium.org/1239053004/)
Reason for revert:
[Sheriff] Breaks:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20code%20serializer/builds/3400

Original issue's description:
> Make d8 stop using to-be-deprecated APIs
>
> BUG=v8:4134
> LOG=n
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/af82ef84b4f851411f00e69167ab29382c7499b8
> Cr-Commit-Position: refs/heads/master@{#29726}

TBR=yangguo@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4134

Review URL: https://codereview.chromium.org/1240993003

Cr-Commit-Position: refs/heads/master@{#29730}
2015-07-17 13:53:52 +00:00
ishell
362b378501 Revert of Reland "Enable loads and stores to global vars through property cell shortcuts installed into paren… (patchset #1 id:1 of https://codereview.chromium.org/1237043006/)
Reason for revert:
chromium:510738, chromium:510911

Original issue's description:
> Reland "Enable loads and stores to global vars through property cell shortcuts installed into parent script context."
>
> Committed: https://crrev.com/48584df5ed97e2cdec1b4900f783c47adc3a3d32
> Cr-Commit-Position: refs/heads/master@{#29670}

TBR=verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1238163002

Cr-Commit-Position: refs/heads/master@{#29729}
2015-07-17 13:31:05 +00:00
verwaest
08827f55fb Fix object enumeration wrt access checked objects
BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1228113007

Cr-Commit-Position: refs/heads/master@{#29728}
2015-07-17 12:57:39 +00:00
verwaest
c0d3c537eb Fix DefineOwnProperty for data properties wrt failed access checks
BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1241973003

Cr-Commit-Position: refs/heads/master@{#29727}
2015-07-17 12:55:33 +00:00
jochen
af82ef84b4 Make d8 stop using to-be-deprecated APIs
BUG=v8:4134
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1239053004

Cr-Commit-Position: refs/heads/master@{#29726}
2015-07-17 12:45:06 +00:00
verwaest
76b3b21cdc Fix GetOwnPropertyNames on access-checked objects
BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1242123002

Cr-Commit-Position: refs/heads/master@{#29725}
2015-07-17 12:30:15 +00:00
jochen
bea3791426 Improve presubmit check for BUG line
Don't chicken out on upload already, and ignore 'none' value

BUG=none
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1237353003

Cr-Commit-Position: refs/heads/master@{#29724}
2015-07-17 12:21:47 +00:00
chunyang.dai
3536562e18 X87: Fix memento initialization when constructing from new call
port 3285e3bf07 (r29719).

original commit message:

  Additionally, push the allocation site or undefined independently of creatin

BUG=

Review URL: https://codereview.chromium.org/1229023003

Cr-Commit-Position: refs/heads/master@{#29723}
2015-07-17 10:07:15 +00:00
yangguo
c062b28aeb Revert of Debugger: use FrameInspector in ScopeIterator to find context. (patchset #3 id:40001 of https://codereview.chromium.org/1239033002/)
Reason for revert:
breaks roll: http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/87292/steps/browser_tests%20%28with%20patch%29/logs/DevToolsSanityTest.TestPauseWhenScriptIsRunning

Original issue's description:
> Debugger: use FrameInspector in ScopeIterator to find context.
>
> In optimized code, it's not guaranteed that the current context
> is stored in its frame slot.
>
> R=bmeurer@chromium.org
> BUG=v8:4309
> LOG=N
>
> Committed: https://crrev.com/3a0ee39cbde6a9778cfc4e2a6a0a8ff68933ff38
> Cr-Commit-Position: refs/heads/master@{#29697}

TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4309

Review URL: https://codereview.chromium.org/1243553002

Cr-Commit-Position: refs/heads/master@{#29722}
2015-07-17 09:53:49 +00:00
verwaest
dc71c1b586 Fix getPrototypeOf for access checked objects
BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1242093002

Cr-Commit-Position: refs/heads/master@{#29721}
2015-07-17 09:37:37 +00:00
jochen
ac1c713646 Delete APIs deprecated since last release
BUG=none
R=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1114873002

Cr-Commit-Position: refs/heads/master@{#29720}
2015-07-17 09:27:00 +00:00
mlippautz
3285e3bf07 Fix memento initialization when constructing from new call
Additionally, push the allocation site or undefined independently of creating a memento to preserve a fixed size for the construct frames.

BUG=

Review URL: https://codereview.chromium.org/1239593003

Cr-Commit-Position: refs/heads/master@{#29719}
2015-07-17 08:51:41 +00:00
v8-autoroll
40f0df5c8e Update V8 DEPS.
Rolling v8/buildtools to 125d157607de4d7c95bf8b02dd580aae17962f19

Rolling v8/third_party/android_tools to 2abd22b08cd757f88362f44b02484de43e4b9611

Rolling v8/third_party/icu to ffeeae138703e692f07d2c438203f32b84e7a094

Rolling v8/tools/clang to f729011d84762dfae62bbf4218580367dbfc7451

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1238783004

Cr-Commit-Position: refs/heads/master@{#29718}
2015-07-17 03:28:24 +00:00
littledan
8068b91d15 Additional TypedArray tests
- Test that TypedArray properties cannot be set in strict mode
  Properties like %TypedArray%.prototype.length have a getter and no
  setter. This test verifies that property, which was apparently not
  true in the past or had no test ensuring throwing in this case.
- Test that TypedArray integer indexed properties (array elements)
  are not configurable

Both of these have passed for some time, but there are open bugs against
them and apparently no tests verifying that they are fixed.

BUG=v8:3048, v8:3799
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1232843005

Cr-Commit-Position: refs/heads/master@{#29717}
2015-07-17 00:21:31 +00:00
littledan
f76dfee9df Array.prototype.reverse should call [[HasProperty]] on elements before [[Get]]
This is a change from ES5 to ES6: When reversing an array, first it is checked
whether the element exists, before the element is looked up. The order in ES6
is

[[HasElement]] lower
[[Get]] lower (if present)
[[HasElement]] upper
[[Get]] upper (if present)

In ES5, on the other hand, the order was

[[Get]] lower
[[Get]] upper
[[HasElement]] lower
[[HasElement]] upper

To mitigate the performance impact, this patch implements a new, third copy
of reversing arrays if %_HasPackedElements. This allows us to skip all
membership tests, and a quick and dirty benchmark shows that the new version
is faster:

Over 4 runs, the slowest for the new version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
4658

Over 3 runs, the fastest for the old version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
5176

BUG=v8:4223
R=adamk
LOG=Y

Review URL: https://codereview.chromium.org/1238593003

Cr-Commit-Position: refs/heads/master@{#29716}
2015-07-16 23:12:23 +00:00
littledan
1f61ac5033 In RegExp, lastIndex is read with ToLength, not ToInteger
ES2015 made a change vs ES5, where the "lastIndex" property of a
RegExp (which can be modified by a user to start the next search at
a different location) is cast to an integer with ToLength rather
than ToInteger. The main difference is on negative numbers, and
this is tested by test262. This patch implements that change on
RegExps and enables the test262 test now that it passes.

R=adamk
LOG=Y
BUG=v8:4244

Review URL: https://codereview.chromium.org/1241713004

Cr-Commit-Position: refs/heads/master@{#29715}
2015-07-16 21:55:41 +00:00
adamk
5906ce337c Stage --harmony-new-target
BUG=v8:3887
LOG=y

Review URL: https://codereview.chromium.org/1238693004

Cr-Commit-Position: refs/heads/master@{#29714}
2015-07-16 20:48:33 +00:00
adamk
bd389ec008 Re-ship harmony spread calls and spread arrays
The issue with spread arrays which caused us to turn it off was fixed in
https://chromium.googlesource.com/v8/v8/+/24e98281

BUG=v8:3018
LOG=y

Review URL: https://codereview.chromium.org/1239873002

Cr-Commit-Position: refs/heads/master@{#29713}
2015-07-16 19:44:39 +00:00
bbudge
6113058427 Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29712}
2015-07-16 19:43:32 +00:00
adamk
843b0e29f6 Revert of [turbofan] Ship TF for try-catch statements. (patchset #1 id:1 of https://codereview.chromium.org/1216373002/)
Reason for revert:
Causes gbemu-part1 to time out on Linux dbg builders

http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/3867/
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20code%20serializer/builds/3386/
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20greedy%20allocator/builds/828/

Original issue's description:
> [turbofan] Ship TF for try-catch statements.
>
> R=hablich@chromium.org
> BUG=v8:4131
> LOG=N
>
> Committed: https://crrev.com/1251d02e7bb2a13ae5cf6fda5d3403730d2ae12f
> Cr-Commit-Position: refs/heads/master@{#29708}

TBR=hablich@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4131

Review URL: https://codereview.chromium.org/1234363003

Cr-Commit-Position: refs/heads/master@{#29711}
2015-07-16 19:42:18 +00:00
caitpotter88
dfe2dd835a [parser] use-strict directives in function body affect init block
BUG=
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1234213004

Cr-Commit-Position: refs/heads/master@{#29710}
2015-07-16 16:45:06 +00:00
binji
162f116a91 d8: Leak context_mutex_ so it will never be destroyed while locked
Calling quit() from d8 will call exit(), which will run static destructors. If
context_mutex_ is statically allocated, pthread_mutex_destroy will be called.

When running d8 in "isolates" mode, another thread may be running. If it calls
CreateEvaluationContext, it will lock the context_mutex_. If the mutex is
destroyed while it is locked, it will return an error.

This CL changes the Mutex to a LazyMutex, which will leak instead of being
destroyed.

BUG=v8:4279
R=jarin@chromium.org
R=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1240553003

Cr-Commit-Position: refs/heads/master@{#29709}
2015-07-16 16:40:48 +00:00
mstarzinger
1251d02e7b [turbofan] Ship TF for try-catch statements.
R=hablich@chromium.org
BUG=v8:4131
LOG=N

Review URL: https://codereview.chromium.org/1216373002

Cr-Commit-Position: refs/heads/master@{#29708}
2015-07-16 15:39:44 +00:00
mstarzinger
bdd2be879d [turbofan] Disable one failing debugger test.
TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1242023003

Cr-Commit-Position: refs/heads/master@{#29707}
2015-07-16 15:12:41 +00:00
mstarzinger
0dcba070a9 Remove obsolete %CallSuperWithSpread intrinsic.
The aforementioned intrinsic is no longer needed and can be fully
desugared now that binding assignments to 'this' are explicit.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1234383002

Cr-Commit-Position: refs/heads/master@{#29706}
2015-07-16 15:07:59 +00:00
mstarzinger
07dc66dcd5 Represent implicit 'this' binding by 'super' in AST.
This makes the implicit initializing assignment to 'this' performed
after a super constructor call explicit in the AST. It removes the
need to handle the special case where a CallExpression behaves like a
AssignmentExpression from various AstVisitor implementations.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1226123010

Cr-Commit-Position: refs/heads/master@{#29705}
2015-07-16 14:26:31 +00:00
mbrandy
ecf1c863f3 PPC: Reland Update V8 DEPS.
Port c63e50edc9

Original commit message:
    Rolling v8/tools/clang to 58128abd44c22255def1163d30bc9bb2cc85e15c

    Reland after https://codereview.chromium.org/1241643002/

R=machenbach@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1240833002

Cr-Commit-Position: refs/heads/master@{#29704}
2015-07-16 14:20:16 +00:00
mbrandy
4689f800f0 PPC: Debugger: use debug break slots to break at function exit.
Port fc9c5275c3

Original commit message:
    By not having to patch the return sequence (we patch the debug
    break slot right before it), we don't overwrite it and therefore
    don't have to keep the original copy of the code around.

R=yangguo@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1238503003

Cr-Commit-Position: refs/heads/master@{#29703}
2015-07-16 14:12:07 +00:00
mbrandy
a02f7e6f49 PPC: Switch CallConstructStub to take new.target in register.
Port 1d9d895754

Original commit message:
    This changes the calling convention of the CallConstructStub to take
    the original constructor (i.e. new.target in JS-speak) in a register
    instead of magically via the operand stack. For optimizing compilers
    the operand stack doesn't exist, hence cannot be peeked into.

R=mstarzinger@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1230103004

Cr-Commit-Position: refs/heads/master@{#29702}
2015-07-16 12:59:48 +00:00
hablich
40c38c5a5a Revert of Expose SIMD.Float32x4 type to Javascript. (patchset #14 id:450001 of https://codereview.chromium.org/1219943002/)
Reason for revert:
Seems to brake the latest roll into Chromium: http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_compile_dbg_ng/builds/59796/steps/compile%20%28with%20patch%29/logs/stdio

Original issue's description:
> Expose SIMD.Float32x4 type to Javascript.
> This CL exposes the constructor function, defines type related
> information, and implements value type semantics.
> It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
>
> TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
>
> LOG=Y
> BUG=v8:4124
>
> Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
> Cr-Commit-Position: refs/heads/master@{#29689}

TBR=rossberg@chromium.org,littledan@chromium.org,martyn.capewell@arm.com,bbudge@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review URL: https://codereview.chromium.org/1241533004

Cr-Commit-Position: refs/heads/master@{#29701}
2015-07-16 12:36:11 +00:00
epertoso
f24ebb324a Take the ScriptOrigin into account for CompileFunctionInContext
R=jochen@chromium.org,yangguo@chromium.org
LOG=n
BUG=

Review URL: https://codereview.chromium.org/1233563005

Cr-Commit-Position: refs/heads/master@{#29700}
2015-07-16 12:08:17 +00:00
yangguo
f22a6cfca2 Update OWNERS file.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1230813004

Cr-Commit-Position: refs/heads/master@{#29699}
2015-07-16 11:37:51 +00:00
yangguo
83207b93f4 Debugger: ensure that functions with debug info have code with break slots.
This helps reasoning about setting break points. Functions that
have debug info is also guaranteed to be able to set break points.

R=ulan@chromium.org
BUG=v8:4132
LOG=N

Review URL: https://codereview.chromium.org/1227213003

Cr-Commit-Position: refs/heads/master@{#29698}
2015-07-16 09:38:28 +00:00
yangguo
3a0ee39cbd Debugger: use FrameInspector in ScopeIterator to find context.
In optimized code, it's not guaranteed that the current context
is stored in its frame slot.

R=bmeurer@chromium.org
BUG=v8:4309
LOG=N

Review URL: https://codereview.chromium.org/1239033002

Cr-Commit-Position: refs/heads/master@{#29697}
2015-07-16 09:28:20 +00:00
mstarzinger
b76acef799 [turbofan] Implement super call support in TurboFan.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1238743002

Cr-Commit-Position: refs/heads/master@{#29696}
2015-07-16 08:54:05 +00:00
chunyang.dai
c6d42c7d6c X87: Switch CallConstructStub to take new.target in register.
original commit message:

    This changes the calling convention of the CallConstructStub to take
    the original constructor (i.e. new.target in JS-speak) in a register
    instead of magically via the operand stack. For optimizing compilers
    the operand stack doesn't exist, hence cannot be peeked into.

BUG=

Review URL: https://codereview.chromium.org/1235273003

Cr-Commit-Position: refs/heads/master@{#29695}
2015-07-16 08:53:06 +00:00
chunyang.dai
1d92165049 X87: Debugger: use debug break slots to break at function exit.
port fc9c5275c3 (r29672).

original commit message:

    Debugger: use debug break slots to break at function exit.

    By not having to patch the return sequence (we patch the debug
    break slot right before it), we don't overwrite it and therefore
    don't have to keep the original copy of the code around.

BUG=

Review URL: https://codereview.chromium.org/1236023007

Cr-Commit-Position: refs/heads/master@{#29694}
2015-07-16 08:49:41 +00:00
Ilija.Pavlovic
2bc5a21211 MIPS:
Improved checking target ranges for J and JAL instructions.
Adapted disassembler test for J and JAL instructions.

TEST=cctest/test-disasm-mips[64]
BUG=

Review URL: https://codereview.chromium.org/1237083003

Cr-Commit-Position: refs/heads/master@{#29693}
2015-07-16 08:14:08 +00:00
v8-autoroll
49e54a0259 Update V8 DEPS.
Rolling v8/buildtools to 5215ee866bc3e8eb4a7f124212845abf4029e60b

Rolling v8/tools/clang to 4e7f85d6bc00cb296e34126c822cf57e5e6cf814

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1237553004

Cr-Commit-Position: refs/heads/master@{#29692}
2015-07-16 03:28:33 +00:00
caitpotter88
124d2011ea [cleanup] remove --harmony-classes flag from mjsunit/harmony/new-target
Unknown flag warning is adding unnecessary noise to terminal during
test runs

BUG=
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1236993003

Cr-Commit-Position: refs/heads/master@{#29691}
2015-07-15 22:16:38 +00:00
adamk
9aa1dac802 [api] Deprecate unused Map/Set FromArray factory methods
These were added when I thought they would be useful in Blink, but as
it turned out they were not. They could likely be deleted immediately,
but to play it safe I'll go through the usual deprecation process.

Review URL: https://codereview.chromium.org/1236263004

Cr-Commit-Position: refs/heads/master@{#29690}
2015-07-15 20:18:01 +00:00
bbudge
e5ed3bee99 Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29689}
2015-07-15 19:17:06 +00:00
balazs.kilvady
bb247d4fb4 MIPS: Fix 'Reland Update V8 DEPS.'
Port c63e50edc9

BUG=
TEST=test-disasm-mips/Type

Review URL: https://codereview.chromium.org/1233323002

Cr-Commit-Position: refs/heads/master@{#29688}
2015-07-15 18:59:18 +00:00
brucedawson
b2ed25304e Fix runtime-atomics for Win 10 SDK and remove volatile
For unclear and probably accidental reasons the Windows 10 SDK
renamed some _Interlocked* functions to _InlineInterlocked. This
leads to these errors:

runtime-atomics.cc(159): error C3861: '_InterlockedExchange64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedExchangeAdd64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedAnd64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedOr64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedXor64': identifier not found

Fixing this requires either adding defines to map these five _Interlocked*
functions to _InlineInterlocked*, or else changing to using the
non-underscore versions. It appears that using the non-underscore versions
is preferable so I went that way. This also requires adding three  new
defines because there is a huge lack of consistency, probably due to these
macros being defined sometimes in <intrin.h> and sometimes in <winnt.h>

All five of the renamed 64-bit functions were manually checked to ensure
that the change to the non-underscore versions would make no differences -
the inline functions that they map to were identical. Other functions were
spot-checked.

Also, the 'volatile' qualifiers were removed. Volatile has no no useful
meaning for multi-threaded programming. It only exists in the Interlocked*
prototypes to *allow* volatile variables to be passed. Since this is a bad
habit to encourage there is no reason for us to permit it, and we can
still call the Microsoft functions (T* converts to volatile T*, just not
vice-versa).

The updated code builds with the Windows 8.1 SDK and with the Windows 10 SDK.

R=jarin@chromium.org
LOG=Y
BUG=440500,491424

Review URL: https://codereview.chromium.org/1228063005

Cr-Commit-Position: refs/heads/master@{#29687}
2015-07-15 16:47:54 +00:00
verwaest
99b59d16bf Cleanup element normalization logic
BUG=

Review URL: https://codereview.chromium.org/1241883002

Cr-Commit-Position: refs/heads/master@{#29686}
2015-07-15 15:57:47 +00:00
jkummerow
597af29260 Fix performance regression introduced in r29558
where bound functions started overriding the "name" accessor property with a data property. The bootstrapper must be kept in sync to avoid polymorphism.

BUG=chromium:509983
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1238903002

Cr-Commit-Position: refs/heads/master@{#29685}
2015-07-15 15:56:30 +00:00
adamk
24e982816f Fix spread array inside array literal
During parsing, we now keep track of the first spread seen in an array
literal (if any), and make use of that information when creating the
FixedArray backing store representing the constant elements for array
literal materialization.

The old code tried to do this by setting the generated JSArray's length
in ArrayLiteral::BuildConstantElements(), but that Array length is never
read by the rest of the literal materialization code (it always uses
the length of the FixedArray backing store).

BUG=v8:4298
LOG=n

Review URL: https://codereview.chromium.org/1225223004

Cr-Commit-Position: refs/heads/master@{#29684}
2015-07-15 15:16:13 +00:00
adamk
9c8f78e26f [es6] Fix String.prototype.normalize to properly validate argument
BUG=v8:4302
LOG=n

Review URL: https://codereview.chromium.org/1237873003

Cr-Commit-Position: refs/heads/master@{#29683}
2015-07-15 15:15:14 +00:00
ishell
3bf9935288 Fix broken Variable::IsGlobalObjectProperty() after https://codereview.chromium.org/1218783005
Review URL: https://codereview.chromium.org/1228373011

Cr-Commit-Position: refs/heads/master@{#29682}
2015-07-15 14:42:33 +00:00
mstarzinger
1d9d895754 Switch CallConstructStub to take new.target in register.
This changes the calling convention of the CallConstructStub to take
the original constructor (i.e. new.target in JS-speak) in a register
instead of magically via the operand stack. For optimizing compilers
the operand stack doesn't exist, hence cannot be peeked into.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1237813002

Cr-Commit-Position: refs/heads/master@{#29681}
2015-07-15 14:37:12 +00:00