Commit Graph

4273 Commits

Author SHA1 Message Date
yangguo@chromium.org
9b8c71ea6d Add warning to cctest when running multiple tests in sequence.
R=mstarzinger@chromium.org
BUG=v8:2848

Review URL: https://codereview.chromium.org/23067008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16247 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-20 13:20:40 +00:00
olivf@chromium.org
383a167279 Add X87 implementations for Integer32ToDouble, DoubleToI, DoubleToSmi
Additionally refactor the X87Stack tracking

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20781007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16246 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-20 13:01:54 +00:00
yangguo@chromium.org
479935bc62 Remove access-check-failed callback after test.
BUG=v8:2848
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22802013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-20 10:46:02 +00:00
dslomov@chromium.org
80ec7fab15 Revert "Promote ArrayBuffer, DataView and typed arrays to non-experimental."
This reverts commit r16137 for breaking Windows build.
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22985011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-20 01:37:09 +00:00
dslomov@chromium.org
62505a3901 Promote ArrayBuffer, DataView and typed arrays to non-experimental.
The primary reason for this change is to bake these guys into the
snapshot.

Flag definitions (--harmony-typed-arrays, --harmony-array-buffer) are
still there so that Blink does not complain, but they are noop and
default to true.

R=mstarzinger@chromium.org
BUG=270527

Committed: https://code.google.com/p/v8/source/detail?r=16137

Review URL: https://codereview.chromium.org/22390008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-20 00:48:25 +00:00
mstarzinger@chromium.org
94fb05f823 Temporary workaround for GC stress builder.
R=hpayer@chromium.org, hpayer@google.com
TEST=cctest/test-debug/ScriptCollectedEventContext --gc-interval=500

Review URL: https://codereview.chromium.org/22987004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16216 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-19 11:10:08 +00:00
verwaest@chromium.org
d81af53131 Store copied value rather than the original double.
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23262002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-16 15:43:42 +00:00
mstarzinger@chromium.org
3e4fbd0e85 Mark HStringCompareAndBranch as potentially causing GCs.
This also adds a %SetAllocationTimout runtime function which helps to
write regression tests that need to trigger a GC at a certain point in
program execution.

R=hpayer@chromium.org
BUG=chromium:274438
TEST=mjsunit/regress/regress-crbug-274438

Review URL: https://codereview.chromium.org/22933006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-16 15:10:07 +00:00
danno@chromium.org
d5762717d6 Fix bug in test-code-stubs-x64 which meant not all registers were being checked.
Also change test-code-stubs-ia32 to use the same style as x64.

BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/22865006

Patch from Ross McIlroy <mcilroy@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-16 11:29:54 +00:00
danno@chromium.org
7aa3fedaab Fix Crankshafted CompareNil of constant values
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/23198002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16193 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-14 16:13:58 +00:00
jkummerow@chromium.org
1fcccc22ee Revert "Make GlobalHandle::NodeBlock deletable"
This reverts r16040 due to OOM crashes.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/22970004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16186 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-14 12:40:44 +00:00
jkummerow@chromium.org
e71a91ca08 Fix Math.round/floor that had bogus Smi representation
BUG=chromium:272564
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23022005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-14 12:14:08 +00:00
verwaest@chromium.org
169f5a9d7b Never hchange nan-hole to hole or hole to nan-hole.
Only allow changing hole to nan if all uses allow undefined as nan.

R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22152003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-14 08:54:27 +00:00
jkummerow@chromium.org
6f800f90ee Fix overflow check computation for Smi Phis
BUG=v8:2836
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22629011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 18:18:24 +00:00
jkummerow@chromium.org
b3b99969b0 Fix overwriting order of object literal properties for MATERIALIZED_LITERALs
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22982005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 17:27:58 +00:00
yangguo@chromium.org
415b61e12e Fix bug in HPhi::SimplifyConstantInput
R=jkummerow@chromium.org
BUG=269679

Review URL: https://codereview.chromium.org/23075003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 16:47:27 +00:00
verwaest@chromium.org
145f240060 Store doubles before calling into the elements transition stub on ARM
BUG=
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22854011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16172 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 15:06:17 +00:00
machenbach@chromium.org
676f18f207 Ignore flaky intl test.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/22853004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-13 08:30:06 +00:00
yangguo@chromium.org
c52b7bba05 Fix regressions triggered by map invalidation during graph creation.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/22807003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16150 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-12 14:10:25 +00:00
machenbach@chromium.org
514dd034db Remove test from deopt fuzzer skip list after bugfix.
BUG=v8:2815
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22806002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-12 13:55:54 +00:00
yangguo@chromium.org
c0d1ba2ede Do not materialize uninitialized const for debug evaluate.
R=prybin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/22822002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16148 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-12 13:35:46 +00:00
machenbach@chromium.org
cfb7ef44ca Ignore an unsuitable test under deopt fuzz.
That test relies on certain optimization/deoptimization points and is therefore not useful for the deopt fuzzer.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22475011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-12 08:59:42 +00:00
verwaest@chromium.org
ee53b0a5ed Make all load-named-fields depend on their map-check, unless explicitly ignored.
BUG=
R=titzer@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22555004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16139 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 18:40:10 +00:00
dslomov@chromium.org
d63e29ba78 Revert "Promote ArrayBuffer, DataView and typed arrays to non-experimental."
This reverts commit r16137 for breaking tests on Windows.

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22710007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 16:23:00 +00:00
dslomov@chromium.org
30375b0937 Promote ArrayBuffer, DataView and typed arrays to non-experimental.
The primary reason for this change is to bake these guys into the
snapshot.

Flag definitions (--harmony-typed-arrays, --harmony-array-buffer) are
still there so that Blink does not complain, but they are noop and
default to true.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22390008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 15:57:31 +00:00
verwaest@chromium.org
3715358145 Replace LoadNamedFieldPolymorphic with explicit branches.
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22213002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 14:04:47 +00:00
verwaest@chromium.org
19659646ca Fix smi-based math floor.
BUG=chromium:270268
R=svenpanne@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22623007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16128 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 11:21:03 +00:00
yurys@chromium.org
85d8178d87 Deprecate self and total time getters and total sample count getter on CpuProfileNode
All of these values are derived from the self samples count and there is no need to evaluate them in v8 when clients can do that when needed on their side.

Also added unsigned GetHitCount() which should be used instead of double GetSelfSamplesCount(). I'm going to deprecate the latter one once Blink has switched to GetHitCount.

BUG=267595
TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/22710006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16119 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-09 07:38:26 +00:00
yurys@chromium.org
4f56107e2f Revert "Deprecate self and total time getters and total sample count getter on CpuProfileNode"
This reverts commit r16116 due to WebKit compilation breakage. Will reland it once Blink r155755 is rolled into Chromium.

TBR=svenpanne@chromium.org
BUG=None

Review URL: https://codereview.chromium.org/22388003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-08 14:43:44 +00:00
yurys@chromium.org
122327d1c6 Deprecate self and total time getters and total sample count getter on CpuProfileNode
All of these values are derived from the self samples count and there is no need to evaluate them in v8 when clients can do that when needed on their side.

Also added unsigned GetHitCount() which should be used instead of double GetSelfSamplesCount(). I'm going to deprecate the latter one once Blink has switched to GetHitCount.

BUG=267595
R=loislo@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/22347003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-08 13:39:57 +00:00
verwaest@chromium.org
e5afd32129 Fix Object.freeze, Object.observe wrt CountOperation and CompoundAssignment.
BUG=2774,2779
R=adamk@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22562004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16111 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 18:45:41 +00:00
yurys@chromium.org
707fdd4c6a Support idle time in CPU profiler
This change provides an API for the embedder to tell CPU profiler if it is idle or busy with some task. This way we can discriminate between idle time and some native code execution.

BUG=268947
R=alph@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/22412003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 17:04:27 +00:00
jkummerow@chromium.org
371ac893f9 Check for empty handle in JSON stringifier
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/22420004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 16:34:13 +00:00
prybin@chromium.org
29bb553b1d Fix step in positions (include various calls and exclude current pc point), add a test
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/22198002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16100 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 12:27:22 +00:00
mstarzinger@chromium.org
63defee477 First implementation of allocation elimination in Hydrogen.
This change implements a simple data-flow analysis pass over captured
objects to the existing escape analysis. It tracks the state of values
in the Hydrogen graph through CapturedObject marker instructions that
are used to construct an appropriate translation for the deoptimizer to
be able to materialize these objects again.

This can be considered a combination of scalar replacement of loads and
stores on captured objects and sinking of unused allocations.

R=titzer@chromium.org
TEST=mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/21055011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 11:24:14 +00:00
yangguo@chromium.org
ef8d394f12 Re-reland "Flush parallel recompilation queues on context dispose notification"
BUG=
R=hpayer@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22379002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 09:33:09 +00:00
yangguo@chromium.org
5818d831c5 Make JSON::Parse return Local<Value>
It should be able to return Smi, etc. Not only JSObject.

BUG=v8:2821
TEST=cctest/test-api/JSONParseNumber
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/22416003

Patch from Takeshi Yoshino <tyoshino@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16092 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 09:11:39 +00:00
dcarney@chromium.org
cd74a09886 expose eternal handle api
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/22384003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-07 08:26:23 +00:00
ulan@chromium.org
3511f7a428 Fix Array index dehoisting.
BUG=264203
TEST=test/mjsunit/regress/regress-264203
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22314012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 16:38:39 +00:00
rossberg@chromium.org
5e121882c6 Remove test that causes illegal access now
TBR=mstarzinger@chromium.org
BUG=265369

Review URL: https://codereview.chromium.org/22428002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 14:34:25 +00:00
rossberg@chromium.org
f56ad9cab7 Turn assert into runtime assertion to make fuzzer happy
R=mstarzinger@chromium.org
BUG=265369

Review URL: https://codereview.chromium.org/22284009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 14:19:13 +00:00
yangguo@chromium.org
8fb95efdda Improve internal stringifcation for custom Error objects.
If an developer attempts to "subclass" Error by running
`MyError.prototype = new Error();`, then the internal v8::Message object
that's produced and handed off to `window.onerror` handlers is poorly
stringified as "[object Object]".

This patch adjusts the stringification process for these objects to
include not only native Error objects, but also objects that have Error
in their prototype chain, and haven't overwritten Error.toString with
some custom variant.

BUG=2822
R=mstarzinger@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/21761002

Patch from Mike West <mkwst@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16075 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 13:58:21 +00:00
rossberg@chromium.org
92bd4d1f2d I found this working on
https://codereview.chromium.org/19541010/

The main problem is that if you called Object.getNotifier(obj) on an object, %SetObserved(object) would never get called on it, and thus it would be unobservable (new test added for this).

Additionally, Runtime::SetObserved was asserting obj->IsJSObject() which would fail if called on a proxy.

It just happens that our existing test always called getNotifier() before Object.observe on proxies, and thus we never previously attempted to transition the map of a proxy.

Both issues are now fixed and properly tested.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/21891008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 13:49:10 +00:00
dslomov@chromium.org
45f4b685bf Update Array Iterator to use numeric indexes
At the last face-to-face meeting it was decided that we should use
numeric indexes for the Array Iterator values.

https://github.com/rwldrn/tc39-notes/blob/master/es6/2013-07/july-24.md#514-keys-entries-return-numbers-for-array-index-properties

BUG=v8:2818
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/21180008

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16072 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 13:10:07 +00:00
jkummerow@chromium.org
665c45c92d Un-revert "Implement simple effect typing for variables" and "Handle switch effects"
This re-lands r15776 and r15777, reverting the revert in r15786.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/22144006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 12:57:23 +00:00
yurys@chromium.org
e06343431a Return start/end profiling time in microseconds instead of milliseconds
The start and end time are now measured in microseconds and the type is int64_t.
This way it seems more natural as we are going to support submilisecond sampling
rate soon. Also it fixes cctest/test-cpu-profiler/ProfileStartEndTime test
failure caused by comparison between long double and double.

TEST=cctest/test-cpu-profiler/ProfileStartEndTime
BUG=v8:2824
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/22155003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16067 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-06 08:00:58 +00:00
jkummerow@chromium.org
14239ab9fb Add "benchmarks" test suite
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/21645003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16056 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 14:54:09 +00:00
hpayer@chromium.org
983a8621e0 More cleanup regarding the maximum non-large object allocation size.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/20867003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16052 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 12:52:53 +00:00
bmeurer@chromium.org
274f254236 Revert "Return start/end profiling time in microseconds instead of milliseconds"
This reverts r16049 for breaking build on windows.

TBR=svenpanne@chromium.org,machenbach@chromium.org

Review URL: https://codereview.chromium.org/22189002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16050 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 12:27:12 +00:00
yurys@chromium.org
d38bbe354b Return start/end profiling time in microseconds instead of milliseconds
The start and end time are now measured in microseconds and the type is int64_t. This way it seems more natural as we are going to support submilisecond sampling rate soon. Also it fixes cctest/test-cpu-profiler/ProfileStartEndTime test failure caused by comparison between long double and double.

TEST=cctest/test-cpu-profiler/ProfileStartEndTime
BUG=v8:2824
R=alph@chromium.org, bmeurer@chromium.org

Review URL: https://codereview.chromium.org/22172002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16049 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 11:48:24 +00:00
jochen@chromium.org
cb68e2cd9b Expose JSON parser through V8 API
BUG=v8:2821
TEST=cctest/test-api/JSONParse
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/21959003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16048 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 11:14:46 +00:00
dcarney@chromium.org
47c3a081f1 fix 16045
TBR=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/22169002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16047 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 10:04:50 +00:00
dcarney@chromium.org
207396101f introduce eternal handles
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/21133006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16045 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 09:46:23 +00:00
dcarney@chromium.org
14ed15e7e1 Make GlobalHandle::NodeBlock deletable
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/21042004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 07:34:29 +00:00
yurys@chromium.org
411d21b2b1 Add start and end profiling time to v8::CpuProfile
I'm going to change CPU profiler API and deprecate GetSelfTime, GetTotalTime and GetTotalSamplesCount on CpuProfileNode as all of those values are derived from self samples count and sampling rate. The sampling rate in turn is calculate based on the profiling duration so having start/end time and total sample count is enough for calculating smpling rate.

BUG=267595
R=alph@chromium.org, bmeurer@chromium.org

Review URL: https://codereview.chromium.org/21918002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16039 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-05 07:17:08 +00:00
dslomov@chromium.org
5230c19d8b Add size_t length argument to v8::ArrayBuffer::Allocator::Free.
The previous implementation of Free is a deprecated overload now.

R=mstarzinger@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=16031

Review URL: https://codereview.chromium.org/21803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 13:03:06 +00:00
dslomov@chromium.org
f8b80ca66d Revert "Add size_t length argument to v8::ArrayBuffer::Allocator::Free."
This reverts r16031 for breaking shared build.

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21818003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 12:56:53 +00:00
dslomov@chromium.org
1688f3c167 Add size_t length argument to v8::ArrayBuffer::Allocator::Free.
The previous implementation of Free is a deprecated overload now.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21803002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 12:19:22 +00:00
jkummerow@chromium.org
232a2c0d88 Regression test for issue 2813 / r16008
BUG=v8:2813
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/21806002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16030 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 12:17:19 +00:00
svenpanne@chromium.org
bf71023ba5 Replaced unary negation by multiplication with -1.
This fixes a deopt loop in the Epic Citadel demo and removes some code. Apart from that, this change is performance-neutral.

When we do something similar for BIT_NOT, the whole UnaryOp stuff can go away.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/21782002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16029 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 11:56:35 +00:00
mstarzinger@chromium.org
c87abd1117 Add new Harmony methods to Array.prototype object.
Array.prototype.find
Array.prototype.findIndex

http://people.mozilla.org/~jorendorff/es6-draft.html

BUG=v8:2776,v8:2777
TEST=mjsunit/harmony/array-find,mjsunit/harmony/array-findindex
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21079003

Patch from Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 10:57:48 +00:00
loislo@chromium.org
d2c443b774 Extract hardcoded error strings into a single place and replace them with enum.
I'd like to propagate bailout reason to cpu profiler.
So I need to save it into heap object SharedFunctionInfo.
But:
1) all bailout reason strings spread across all the sources.
2) they are native strings and if I convert them into String then I may have a performance issue.
3) one byte is enough for 184 bailout reasons. Otherwise we need 8 bytes for the pointer.

Also I think it would be nice to have error strings collected in one place.
In that case we will get additional benefits:

It allows us to keep this set of messages under control.
It gives us a chance to internationalize them.
It slightly reduces the binary footprint.

From the other hand the developers have to add new strings into that enum.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/20843012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16024 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 09:53:11 +00:00
jkummerow@chromium.org
a47705644e Avoid redundant smi check for Math.abs
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/21180004

Patch from Weiliang Lin <weiliang.lin2@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16021 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 08:59:02 +00:00
hpayer@chromium.org
286fc963b2 Disable test in object observe because of bug 2774.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/21495004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-02 06:40:50 +00:00
jochen@chromium.org
777bae581a Reenable tests that need to access the default timezone.
It's now available via builtins.

BUG=v8:2475
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21512002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-01 19:43:06 +00:00
jochen@chromium.org
8bee9f0c3a Remove test that v8Intl symbol exists, as we don't define it anymore.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/21511002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16013 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-01 19:20:42 +00:00
dslomov@chromium.org
f62ffeef31 Calling Map etc without new should throw TypeError
Even though we do not yet allow Map, Set, WeakMap and WeakSet to be
subclassed we need to ensure that we do not allow them to be [[Call]]ed
to allow them to be subclassed in the future.

BUG=v8:2819
R=dslomov@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21400002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-01 09:18:28 +00:00
bmeurer@chromium.org
a4c072ed47 Fix a crash when generating forward jumps to labels at very high assembly offsets
The first jump to a specific label was marked as jump to absolute
position -4. This value was stored in the assembly as a branch to a
offset (-4 - (instruction offset + 8)). The offset is only 24 bit
long on ARM. Thus instruction offsets higher than 2^23 - 12 would overflow
the offset.

Fix by denoting the first jump to a label by storing the jump
instruction location as the target. This will result in offset of -8,
which of course always fits in the branch instruction.

BUG=2736
TEST=cctest/test-assembler-arm/17
R=bmeurer@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/17116006

Patch from Kimmo Kinnunen <kkinnunen@nvidia.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15997 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-01 08:13:08 +00:00
bmeurer@chromium.org
e9fcf8fc98 Revert the latest set of platform changes.
Revert "Fix NaCl build."
Revert "Revert target arch detection."
Revert "Fix typo."
Revert "Simplify implementation of Mutex."
Revert "Fix for older clang releases that lack __has_extension."
Revert "Reland initial bits of "Implement correct OS and CC detection.""

TBR=danno@chromium.org,svenpanne@chromium.org

Review URL: https://codereview.chromium.org/21095008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-31 07:51:46 +00:00
machenbach@chromium.org
16a487d963 Skip recently added test associated with bug id
BUG=v8:2815
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21044005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15968 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-31 06:36:29 +00:00
bmeurer@chromium.org
64bfd42a4c Simplify implementation of Mutex.
Also moves Mutex to its own file mutex.{cc,h}.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/21087012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 17:12:49 +00:00
mstarzinger@chromium.org
96fc677d25 Pipe a script's CORS status through V8 during compilation.
In order to properly sanitize exception data during a 'window.onerror'
handler, we need to know whether a script was served with proper CORS
headers at the time it was loaded into V8. This patch adds a single bool
to ScriptOrigin, and pipes that through the compiler to land on the
Script object. We can then retrieve the parameter when calling the
embedder's exception callback.

BUG=crbug.com/159566
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/20646006

Patch from Mike West <mkwst@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15963 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 17:05:50 +00:00
verwaest@chromium.org
2af164f4d9 Mark maps as unstable if their instances potentially transition away.
Use this as a prerequisite for adding code dependencies.

R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/21095005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 16:33:58 +00:00
mstarzinger@chromium.org
0627d433b0 Add new Harmony methods to String.prototype object.
String.prototype.repeat
String.prototype.startsWith
String.prototype.endsWith
String.prototype.contains

http://people.mozilla.org/~jorendorff/es6-draft.html

BUG=v8:2796,v8:2797,v8:2798,v8:2799
TEST=mjsunit/string-repeat,mjsunit/string-startswith,mjsunit/string-endswith,mjsunit/string-contains
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21014007

Patch from Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 16:33:08 +00:00
titzer@chromium.org
45d4afbde5 Fix many tests that try to force an OSR by checking OptimizationStatus() to instead check OptimizationCount().
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21221003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15951 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 09:28:55 +00:00
machenbach@chromium.org
7696139437 Run some skipped tests again after resolved issue.
BUG=2795
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/21220002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 08:52:26 +00:00
mstarzinger@chromium.org
3202e1d795 Re-revert "Flush parallel recompilation queues on context dispose notification" (r15883).
R=danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/21156009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 08:35:48 +00:00
machenbach@chromium.org
6475cb4d95 Repair test expectations for webkit test.
When adding the new tests in https://codereview.chromium.org/21070002/ the tabs in .js files were automatically replaced with spaces (for presubmit to work).

This replaces the tabs also in a test expectation file for the output to match again.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/21156008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15946 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 07:15:29 +00:00
svenpanne@chromium.org
31e56df122 Prepare some ValueOf renamings.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/20992005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15945 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 07:05:15 +00:00
yurys@chromium.org
6ba502fa4d Simplify sampling rate calculation
Sampling rate is now calculated as total number of samples divided by profiling time in ms. Before the patch the sampling rate was updated once per 100ms which doesn't have any obvious advantage over the simpler method.

Also we are going to get rid of the profile node self and total time calculation in the v8 CPU profiler and only expose profiling start/end time for CpuProfile and number of ticks on each ProfileNode and let clients do all the math should they need it.

BUG=None
R=bmeurer@chromium.org, loislo@chromium.org

Review URL: https://codereview.chromium.org/21105003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 07:01:16 +00:00
machenbach@chromium.org
e26131f792 Migrate more tests from blink repository.
All these tests had <script> tags with additional JS code. All embedded script code is (automatically) concatenated with existing .js files into one .js test file per test.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21070002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15943 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-30 06:36:48 +00:00
svenpanne@chromium.org
2fe3799b8f Added unit tests for the slightly confusing Boolean/BooleanObject API.
Just for documenting the status quo. As discussed offline, we should
probably rename/deprecate a few things:

  NumberObject::NumberValue() => NumberObject::ValueOf()
  BooleanObject::BooleanValue() => BooleanObject::ValueOf()
  StringObject::StringValue => StringObject::ValueOf()

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21013003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 12:37:55 +00:00
titzer@chromium.org
37ee4a0369 Fix IsDeletable() for HStringAdd, HStringCharCodeAt, HStringCharFromCode.
BUG=
R=mstarzinger@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/20241005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 12:35:43 +00:00
mvstanton@chromium.org
43e35a87e2 Fix: Need to remove function type feedback between stress stages in
release build

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20987005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 12:22:34 +00:00
bmeurer@chromium.org
e3901e919d Revert new OS and CC detection and related changes since r15923.
Revert "Attempt to fix leftover test breakage on Mac."
Revert "Fix d8 build error when V8_SHARED is unset on Linux."
Revert "Fix V8_GNUC_PREREQ macro."
Revert "Fix typo."
Revert "Implement correct OS and CC detection."

TBR=svenpanne@chromium.org,danno@chromium.org

Review URL: https://codereview.chromium.org/21022003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15932 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 12:12:39 +00:00
mvstanton@chromium.org
e9cc78af7e Fix for V8 issue 2795: Check fails with deopt for mjsunit/array-store-and-grow
(https://code.google.com/p/v8/issues/detail?id=2795)

The reason is when allocating and building arrays in hydrogen we need to ensure
we do any int32-to-smi conversions BEFORE the allocation. These conversions can
at least theoretically deoptimize. If this happens before all the fields of the
newly allocated object are filled in, we will have a corrupted heap.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20726002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 11:50:39 +00:00
bmeurer@chromium.org
2e7193f897 Implement correct OS and CC detection.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/20734002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 09:19:10 +00:00
bmeurer@chromium.org
709012021a The compiled_transitions flag was enabled for quite some time now and seems to work out quite well, so time has come to remove the obsolete code paths and remove the unused methods.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/18034024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-29 09:12:16 +00:00
jkummerow@chromium.org
3619dcf868 Add regression test for recently fixed bug
BUG=chromium:258519
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/20732002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15912 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 14:58:30 +00:00
yurys@chromium.org
630999d1a2 Remove --prof-auto flag
There is already --prof-lazy flag which should be enough.

BUG=None
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/20482003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 13:18:56 +00:00
machenbach@chromium.org
53c95353c9 Disable mjsunit test when parallel recompilation is not available.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/20573003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 12:34:46 +00:00
yangguo@chromium.org
b62a6d0e2e Do not allow external strings in old pointer space.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/20723002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15906 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 12:32:06 +00:00
verwaest@chromium.org
565699669e Fix Smi-based MathMinMax on x64, and reenable smi mode.
BUG=
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/20706002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 12:06:22 +00:00
machenbach@chromium.org
2aab929806 Add webkit tests to deopt fuzzer portfolio.
Two failing tests are skipped and added to an existing bug report.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/20708002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15904 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 11:39:58 +00:00
mstarzinger@chromium.org
ce1553ffdc Regression test for existing bug in String::MakeExternal.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/20713002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 11:37:54 +00:00
yangguo@chromium.org
372763897d Lazy call to custom stack trace formatting using Error.prepareStackTrace.
This enables custom stack trace formatting for stack overflow.
A consequence is that stack trace formatting is now easily observable,
but we already established that the default stack trace formatting can
be observed anyways. It is only triggered by the .stack getter, and
it has to be explicitly called, (e.g. not implicitly after GC).

R=mstarzinger@chromium.org
BUG=v8:2559

Review URL: https://codereview.chromium.org/20692002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 11:28:08 +00:00
machenbach@chromium.org
4bf2e5be3a Rebaseline webkit test with correct assumptions.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/20691002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-26 11:22:25 +00:00
machenbach@chromium.org
3c9efdeeb4 Migrate more tests from blink repository.
The stand-alone test driver is changed a bit:
- Don't use the errorMessage list. It is used differently in the embedded driver. There it collects parser errors - instead of failure messages.
- Remove html links in description texts. Some test descriptions print a web reference.

The migrated tests fall into 3 categories:
1. Tests outside fast/js
2. Tests that print FAIL messages (and also expect those) - these tests should be examined later if they make sense at all
3. Tests with html links in the test description

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/20280003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-25 19:54:24 +00:00
m.m.capewell@googlemail.com
cc9398cd42 ARM: Make double registers low/high safe
This patch prevents taking the low/high part of a double-precision VFP register that has no corresponding single-precision VFP registers.

BUG=none
TEST=Added to test-disasm-arm.cc, test-assembler-arm.cc

Review URL: https://codereview.chromium.org/19560003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15885 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-25 15:04:38 +00:00
jkummerow@chromium.org
32e2e37230 Fix JSArray-specific length lookup in polymorphic array handling
BUG=chromium:263276
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/20295005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-25 15:04:21 +00:00