yangguo@chromium.org
3e58827710
Fix elements transition bug related to array.concat.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9358018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 09:50:13 +00:00
lrn@chromium.org
f0a87d7c34
Fix handling of 'c: if (0) break c; else ()' where a parser optimization
...
leaves a trailing ";" after removing the break.
Review URL: https://chromiumcodereview.appspot.com/9159043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 08:40:11 +00:00
ulan@chromium.org
8093e397e4
Do not ignore an empty context with extension when creating a scope object.
...
Runtime_DebugEvaluate creates an empty context which is not correctly handled in FullCodeGenerator::ContextSlotOperandCheckExtensions because the corresponding scope indicates that it has no context.
BUG=crbug.com/107996
TEST=test/mjsunit/regress/regress-crbug-107996.js
Review URL: https://chromiumcodereview.appspot.com/9310027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10582 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-02 09:35:12 +00:00
mstarzinger@chromium.org
5dc4859fa4
Fix test case to correctly check expected result.
...
R=vegorov@chromium.org
TEST=mjsunit/regress/regress-1229
Review URL: https://chromiumcodereview.appspot.com/9303032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-31 12:31:24 +00:00
vegorov@chromium.org
67d72eab45
When preparing heap for breakpoints make sure not to flush away non-optimized code for inlined functions.
...
Debug::PrepareForBreakPoints was not fully populating active_functions list.
R=erik.corry@gmail.com
TEST=test/mjsunit/regress/regress-debug-code-recompilation.js
Review URL: https://chromiumcodereview.appspot.com/9290013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-25 15:11:59 +00:00
vegorov@chromium.org
04289e8d17
Support inlining at call-sites with mismatched number of arguments.
...
Review URL: https://chromiumcodereview.appspot.com/9265004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-24 08:43:12 +00:00
vegorov@chromium.org
704c92ce95
Ensure that LRandom restores rsi after call to the C function on x64.
...
R=ulan@chromium.org
BUG=http://crbug.com/110509
TEST=test/mjsunit/regress/regress-110509.js
Review URL: https://chromiumcodereview.appspot.com/9265003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-19 08:43:34 +00:00
yangguo@chromium.org
ddc0144490
Fixing issue 1898 (using HChange outside the insert-representation-changes phase).
...
BUG=v8:1898
TEST=mjsunit/regress/regress-1898.js
Review URL: http://codereview.chromium.org/9190047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-13 07:48:44 +00:00
vegorov@chromium.org
c4d3a110a2
Adjust position recorded for call expressions.
...
For calls of the form ident(...) record position of the identifier as the position of the call. For other calls record positions of the opening parenthesis.
This guarantees that for expressions of the form function(){}() call position will not intersect with positions recorded for function literal which is used by the debugger for scope chain resolution.
R=kmillikin@chromium.org
BUG=http://crbug.com/109195
TEST=test/mjsunit/regress/regress-109195.js
Review URL: http://codereview.chromium.org/9125001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-06 10:26:17 +00:00
danno@chromium.org
f648626eb9
Reland 10309: Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY
...
TBR=jkummerow@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/9051014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 14:28:14 +00:00
danno@chromium.org
5d85a04472
Rollback 10309
...
TBR=jkummerow@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/8968042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 13:42:21 +00:00
danno@chromium.org
dff0e36d2d
Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY
...
BUG=v8:1849
TEST=test/mjsunit/regress/regress-1849.js
Review URL: http://codereview.chromium.org/8968028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 12:54:23 +00:00
danno@chromium.org
aa38094bf0
Ensure that InternalArrays remain InternalArrays regardless of how they are constructed.
...
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js
Review URL: http://codereview.chromium.org/9016041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03
Avoid embedding new space objects into code objects in the lithium gap resolver.
...
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js
Review URL: http://codereview.chromium.org/8960004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-23 10:39:01 +00:00
mstarzinger@chromium.org
04f0e33229
Fix handling of foreign callbacks in DefineOwnProperty.
...
We use foreign callbacks to make some properties shadow internal values
but still behave as data properties from within JavaScript. This means
when a value is passed to Object.defineProperty() on such a property,
it should update the internal value instead of redefinind the property
and destroying the shadowing.
R=rossberg@chromium.org
BUG=v8:1530
TEST=mjsunit/regress/regress-1530,test262/S15.3.3.1_A4
Review URL: http://codereview.chromium.org/8996008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-20 08:49:51 +00:00
jkummerow@chromium.org
91efb313eb
Fix crash in d8 when external array ctor hits stack overflow
...
BUG=100859
TEST=mjsunit/regress/regress-crbug-100859
Review URL: http://codereview.chromium.org/8898021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 13:51:58 +00:00
vegorov@chromium.org
a457040ca6
Ensure that non-optimized code objects are not flushed for inlined functions.
...
Collector was flushing them if optimized code was reachable only through the stack (not through the JSFunction object) which happens when you have a pending lazy deoptimization.
Also prevent v8::Script::New from leaking internal objects allocated by the compiler into outer HandleScope.
R=kmillikin@chromium.org
BUG=http://crbug.com/97116
TEST=test/mjsunit/regress/regress-97116.js
Review URL: http://codereview.chromium.org/8888011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-08 16:07:07 +00:00
yangguo@chromium.org
929c619101
Quickfix for DoMathPowHalf.
...
TEST=regress-397.js
Review URL: http://codereview.chromium.org/8769037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 13:16:49 +00:00
lrn@chromium.org
ebccde15bc
Don't preparse large files to find boundaries of lazy functions.
...
Instead use the preparser inline to parse only the lazy function
bodies.
This is still disabled for small files.
More measurements are needed to determine if lazy-compiling small
sources is worth it.
Review URL: http://codereview.chromium.org/8662037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-25 09:36:31 +00:00
mstarzinger@chromium.org
330cd2205c
Remove hidden prototype for builtin functions.
...
This is a deliberate non-conformity introduced more than 2 years ago to
be compatible with JSC. The current state is that all other browsers
perform ES5 conform in that regard.
R=erik.corry@gmail.com
BUG=chromium:1717,chromium:39662
TEST=test262/15.2.3.6-4-6??,mjsunit/undeletable-functions
Review URL: http://codereview.chromium.org/8566009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-15 09:44:57 +00:00
yangguo@chromium.org
53c6077cee
Fixing issue 103259.
...
BUG=103259
TEST=regress-103259.js
Review URL: http://codereview.chromium.org/8498011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 14:59:40 +00:00
lrn@chromium.org
30465596e6
Make eval consider anything on the form eval(args...) a potential direct cal
...
Previously we omitted all cases where the global eval property was shadowed,
even if by a variable holding the same value. ES5 requires us to treat these
as direct calls.
We still throw if calling indirect eval with a detached global object.
BUG=v8:994
TEST=mjsunit/eval.js
Review URL: http://codereview.chromium.org/8343054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-31 09:38:52 +00:00
vegorov@chromium.org
f8c2d3847f
Take loop side-effects into account when collecting side-effects on the path between two blocks.
...
R=fschneider@chromium.org
BUG=100409
TEST=test/mjsunit/regress/regress-100409.js
Review URL: http://codereview.chromium.org/8395002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 15:39:55 +00:00
mstarzinger@chromium.org
b3eba9e764
Fix handling of non-object receivers for array builtins.
...
R=svenpanne@chromium.org
BUG=chromium:100702
TEST=mjsunit/regress/regress-100702
Review URL: http://codereview.chromium.org/8347034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 09:24:37 +00:00
lrn@chromium.org
5152d2e0da
Reimplement Function.prototype.bind.
...
Make instanceof work correctly.
BUG=v8:893
Review URL: http://codereview.chromium.org/8199004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 12:44:16 +00:00
lrn@chromium.org
50ef25e0f3
Remove redundant allow-natives flag from CompilationInfo.
...
Just use script being native and FLAG_allow_natives_syntax directly.
Review URL: http://codereview.chromium.org/8314018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 09:02:26 +00:00
yangguo@chromium.org
3249530ef0
Fixing issue 1757 (string slices of external strings).
...
BUG=v8:1757
TEST=regress-1757.js
Review URL: http://codereview.chromium.org/8217011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-10 16:09:03 +00:00
kmillikin@chromium.org
fa18fdb206
Add a regression test for an already fixed issue.
...
Add a regression test for Chromium issue 99167.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8222002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-10 10:46:27 +00:00
lrn@chromium.org
9f73eed45f
Fix issue 1361 - Implement ES5 Array.prototype.toString.
...
BUG=v8:1361
TEST=mjsunit/array-tostring
Review URL: http://codereview.chromium.org/8124025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-05 07:08:23 +00:00
mstarzinger@chromium.org
c034518442
Fix preparation for sorting of external arrays.
...
R=rossberg@chromium.org
BUG=98773
TEST=mjsunit/regress/regress-98773
Review URL: http://codereview.chromium.org/8122020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9516 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-04 13:49:50 +00:00
lrn@chromium.org
4750f0c3cd
Fix issue 1415 - allow surrogate pair codes in decodeURIComponent.
...
Also some cleanup of uri.js.
BUG=v8:1415
TEST=mjsunit/regress/regress-1415
Review URL: http://codereview.chromium.org/8118004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-04 07:15:07 +00:00
lrn@chromium.org
4b385d7e8e
Fix bug in x64 RegExp detecting start of string.
...
Also add missing MIPS case in regexp tracer.
Fixes issues v8:1748 and v8:1746
BUG=v8:1748, v8:1746
TEST=mjsunit/regress/regress-1748.js
Review URL: http://codereview.chromium.org/8116001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-03 10:31:01 +00:00
lrn@chromium.org
165e105ec9
Check enumerability of array indices correctly in propertyIsEnumerable.
...
Fix issue 1692.
BUG=v8:1692
TEST=mjsunit/regress/regress-1692
Review URL: http://codereview.chromium.org/8113001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-03 09:15:58 +00:00
lrn@chromium.org
b9d39c48b8
Make the RegExp.prototype object be a RegExp object.
...
BUG=v8:1217
TEST=mjsunit/regress/regress-1217
Review URL: http://codereview.chromium.org/8041015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-26 08:42:01 +00:00
vegorov@chromium.org
bfd048173f
Notify collector about lazily deoptimized code objects.
...
All slots that were recorded on these objects during incremental marking should be ignored as they are no longer valid.
To filter such invalidated slots out during slots buffers iteration we set all markbits under the invalidated code object to 1 after the code space was swept and before slots buffers are processed.
R=erik.corry@gmail.com
BUG=v8:1713
TEST=test/mjsunit/regress/regress-1713.js
Review URL: http://codereview.chromium.org/7983045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 16:01:35 +00:00
yangguo@chromium.org
7ab81a14fa
Reverting r9399.
...
Review URL: http://codereview.chromium.org/7989007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 15:55:44 +00:00
yangguo@chromium.org
0c6863a1ef
Set RegExp's prototype to RegExp as specified by ES5.
...
BUG=v8:1217
TEST=regress-1217.js
Review URL: http://codereview.chromium.org/7995005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 15:11:12 +00:00
mstarzinger@chromium.org
873e4980db
Fix transferal of marking bits on array trimming.
...
R=vegorov@chromium.org
BUG=v8:1708
TEST=mjsunit/regress/regress-1708
Review URL: http://codereview.chromium.org/7979038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 13:03:22 +00:00
yangguo@chromium.org
b7cac76bae
Fixed string.split: always convert non-regexp separator to string.
...
BUG=v8:1711
TEST=mjsunit/regress/regress-1711.js
Review URL: http://codereview.chromium.org/7976046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 08:18:58 +00:00
yangguo@chromium.org
fdffe67205
Initialize pre-allocated fields of JSObject with undefined.
...
BUG=94873
Review URL: http://codereview.chromium.org/7929001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-20 10:06:23 +00:00
vegorov@chromium.org
ac36cb4504
Merge experimental/gc branch to the bleeding_edge.
...
Review URL: http://codereview.chromium.org/7945009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-19 18:36:47 +00:00
jkummerow@chromium.org
fcc2e65aad
Change global const handling to silently ignore redeclarations
...
and make window.{Infinity,NaN,undefined} read-only as per ES5
BUG=89490
TEST=mjsunit/const-redecl.js, mjsunit/undeletable-functions.js, es5conform, sputnik
Review URL: http://codereview.chromium.org/7811015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 12:00:30 +00:00
yangguo@chromium.org
48b5328bde
Fixing issue 1639, debugger stops stepping outside evaluate.
...
BUG=v8:1639
Review URL: http://codereview.chromium.org/7889039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 07:23:31 +00:00
keuchel@chromium.org
96de832c89
Mark variables as being accessed from any inner scope, not only function scopes
...
BUG=96523
TEST=mjsunit/regress/regress-96523.js
Review URL: http://codereview.chromium.org/7890031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9281 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 13:51:29 +00:00
kmillikin@chromium.org
63bec78428
Revert "MIPS: port Remove in-loop tracking for call ICs."
...
Committed incorrectly.
TBR=ricow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7890026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 08:08:16 +00:00
kmillikin@chromium.org
f9e2922b12
MIPS: port Remove in-loop tracking for call ICs.
...
port r9260 (af9cfd83).
Original commit message:
We passed this flag around in a lot of places and had differenc call
ICs based on it, but never did any real specialization based on its
value.
BUG=
TEST=
Review URL: http://codereview.chromium.org/7886028
Patch from Paul Lind <plind44@gmail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 08:04:47 +00:00
rossberg@chromium.org
40880d3206
Fixed spurious character in test case, plus presubmit issues.
...
Also addressed Slava's complaint about the personalized comment.
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7886032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 07:30:51 +00:00
rossberg@chromium.org
28f7136ced
Fix for .bind regression.
...
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7892013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 17:14:39 +00:00
yangguo@chromium.org
321bfc549f
Fixing r9265: moving test case into correct location.
...
Review URL: http://codereview.chromium.org/7889008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 16:11:05 +00:00
danno@chromium.org
df860eda5c
Don't allow seal or element property re-definition on external arrays.
...
R=ricow@chromium.org
BUG=95920
TEST=test/mjsunit/regress/regress-95920.js
Review URL: http://codereview.chromium.org/7858031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-09 14:30:00 +00:00
kmillikin@chromium.org
8b165d414f
Fix a bug in abrupt exit from with or catch inside finally.
...
When with or catch is nested inside finally, we were not properly restoring
the context in the stack for the finally code. Also, as a small
optimization, restore it from the handler block instead of iteratively
unwinding contexts.
R=fschneider@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7837023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-07 09:21:44 +00:00
jkummerow@chromium.org
09c66d20ce
Fix possible crash in FixedDoubleArray::Initialize()
...
(this only affected ia32).
BUG=95113
TEST=mjsunit/regress/regress-95113.js passes without crashing.
Review URL: http://codereview.chromium.org/7833040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 14:07:54 +00:00
vegorov@chromium.org
d451878c91
Fix bug in Page::GetRegionMaskForSpan.
...
When checking for a wrap take into account offset of the start address in the region.
BUG=http://crbug.com/94425
TEST=test/mjsunit/regress/regress-94425.js
Review URL: http://codereview.chromium.org/7779037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 11:24:48 +00:00
ricow@chromium.org
0fbf8c8854
Add regression test for issue 1215, expand regression test for issue 1447.
...
Both these issues has now been closed since they are working on bleeding edge.
Review URL: http://codereview.chromium.org/7739024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 07:43:51 +00:00
yangguo@chromium.org
86a62d0da3
Added check for trailing whitespaces and corrected existing violations.
...
Review URL: http://codereview.chromium.org/7826007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 11:28:10 +00:00
ricow@chromium.org
4e94cd8b08
Make arguments and caller always be null on native functions (fixes issue 1548 and issue 1643).
...
With this change we follow Firefox, Safari has a slightly different approach where the property is just not there (at least according to GetOwnProperty).
Review URL: http://codereview.chromium.org/7792054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 11:09:11 +00:00
vegorov@chromium.org
e833f91eb3
Do constant function check earlier in TryCallApply and ensure correct environment for deopt.
...
R=kmillikin@chromium.org
BUG=v8:1650
TEST=test/mjsunit/regress/regress-1650.js
Review URL: http://codereview.chromium.org/7812033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 10:33:59 +00:00
fschneider@chromium.org
ffc6c7e56b
Introduce local function declarations in Crankshaft and fix issue 1647.
...
We have to emit code for declarations later into the body block
(and not into the start block) so that the environment contains
the correct values.
In order to capture the environment effect of the declarations
that generate code (function declarations) I inserted a separate
AST id and a HSimulate after the declarations are visited.
Also fixes handling deopt in named function expressions:
BUG=v8:1647
TEST=test/mjsunit/regress/regress-fundecl.js, test/mjsunit/regress/regress-1647.js
Review URL: http://codereview.chromium.org/7776009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-31 13:26:08 +00:00
lrn@chromium.org
d8a123169b
Make regexp flag parsing stricter.
...
BUG=v8:1628
TEST=mjsunit/regress/regress-219
Review URL: http://codereview.chromium.org/7624045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-19 11:02:41 +00:00
lrn@chromium.org
7939f9acf2
Make scanner handle invalid unicode escapes in identifiers correctly.
...
I.e., don't just convert \u to u in identifiers (like in strings and regexps).
Also make the scanning of RegExp flags not interpret the escapes.
(Fix and reapply of r8942)
BUG=v8:1620
TEST=mjsunit/regress/regress-1620
Review URL: http://codereview.chromium.org/7677012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-18 12:47:23 +00:00
ricow@chromium.org
d9c1984fe3
Use InternalArray in Object.defineProperties to avoid issues with overwriten properties on Array.prototype
...
TEST=mjsunit/regress/regress-1625
BUG=v8:1625
Review URL: http://codereview.chromium.org/7631039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-18 08:39:06 +00:00
ricow@chromium.org
7f36b52540
Revert 8942 "Make scanner not accept invalid unicode escapes in identifiers"
...
This is causing webkit failures, reverting until we figure out if this is a V8 regression or wrong test expectations.
Review URL: http://codereview.chromium.org/7669017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-17 08:22:41 +00:00
lrn@chromium.org
7d17c8d5d3
Make scanner not accept invalid unicode escapes in identifiers.
...
BUG=v8:1620
TEST=mjsunit/regress/regress-1620
Review URL: http://codereview.chromium.org/7663005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-16 13:31:08 +00:00
vitalyr@chromium.org
a107387dde
Fix fun.apply(receiver, arguments) optimization.
...
R=kmillikin@chromium.org
BUG=v8:1592
TEST=mjsunit/regress/regress-1592.js
Review URL: http://codereview.chromium.org/7497067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-10 16:05:17 +00:00
kmillikin@chromium.org
7adb10a48e
Fix a bug in named getter/setter compilation.
...
Because these are function literals that have an associated name, we were
compiling them as if they were named function expressions. This is
incorrect, the property name should not be in scope.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7599024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-09 12:43:08 +00:00
kmillikin@chromium.org
d941053dbe
Revert "Revert "Fix a bug in scope analysis.""
...
Reapply r8838 with a fix for the issue of function names.
Because function names can be added/changed/removed through the API,
remember whether the function is anonymous when initially parsed and use
that information when compiling.
R=vegorov@chromium.org
BUG=1583
TEST=regress-1583
Review URL: http://codereview.chromium.org/7491097
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-08 16:14:46 +00:00
lrn@chromium.org
e9bc76c499
Avoid infinite recursion for unterminated non-ASCII JSON string literals.
...
BUG=91787
TEST=mjsunit/regress/regress-91787
Review URL: http://codereview.chromium.org/7569008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 12:55:29 +00:00
keuchel@chromium.org
c14b08658e
Fix DebugEvaluate crash within a catch in a function without local context.
...
BUG=v8:1586
TEST=mjsunit/regress/regress-1586.js
Review URL: http://codereview.chromium.org/7491053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 12:00:57 +00:00
lrn@chromium.org
61ae1be609
Fix bug in scanner.
...
Checking for end-of-comment truncated to byte before comparing to '*'.
BUG=v8:1546
TEST=mjsunit/regress/regress-1546
Review URL: http://codereview.chromium.org/7585004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 11:21:04 +00:00
kmillikin@chromium.org
3e28347d55
Revert "Fix a bug in scope analysis."
...
This reverts commit revision 8838.
TBR=ricow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7584005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 09:20:08 +00:00
kmillikin@chromium.org
b625ce2b6b
Fix a bug in scope analysis.
...
When recompiling code (e.g., when optimizing) we could incorrectly hoist
some function expressions. This leads to incorrect results or a crash. The
root cause was that functions were not correctly categorized as expression
or declaration at parse time.
This requires some extra hoops to prevent the print name "anonymous" for
functions created by 'new Function' from establishing a binding.
R=vegorov@chromium.org ,kasperl@chromium.org
BUG=1583
TEST=regress-1583
Review URL: http://codereview.chromium.org/7572019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 08:28:11 +00:00
danno@chromium.org
861c895a34
Add regression test for 91517
...
R=vegorov@chromium.org
BUG=91517
TEST=regress-91517.js
Review URL: http://codereview.chromium.org/7575007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-04 11:00:32 +00:00
ricow@chromium.org
9721eddc1f
Ensure that the length property of bound functions are actual unique
...
for the individually bound functions.
Our existing code will generate a new function on every call to bind,
but it will use the same shared function. When setting the lenght this
will be set on the shared function, i.e., the length of all bound
functions will be that of the last bound function.
Review URL: http://codereview.chromium.org/7475002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-03 12:44:17 +00:00
kmillikin@chromium.org
4487f8c050
Revert "Revert "Fix a bug in scope analysis.""
...
Reapply r8783 with an additional fix.
Because the preparser and parser do not use the same scope analysis to
determine if a function can be lazily compiled, the parser can have false
positives. Rather than treating this as a parse error, treat the preparser
as authoritative and eagerly compile the function.
R=lrn@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7565003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-03 09:10:35 +00:00
kmillikin@chromium.org
a129c95a54
Revert "Fix a bug in scope analysis."
...
This reverts r8783.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7550013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 17:02:24 +00:00
kmillikin@chromium.org
f37f6e88ca
Fix a bug in scope analysis.
...
Function declarations inside catch are hoisted to the nearest enclosing
function scope, but we compiled their bodies as if occurring inside the
catch scope.
BUG=chrome:91120
TEST=regress/regress-91120 attached
Review URL: http://codereview.chromium.org/7548011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 15:04:31 +00:00
danno@chromium.org
b333719607
Properly handle FixedDoubleArrays in sort()
...
R=jkummerow@chromium.org
BUG=91008
TEST=regress-91008.js
Review URL: http://codereview.chromium.org/7542008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 14:05:11 +00:00
vegorov@chromium.org
9226cfe5b7
Ensure that GenerateStoreFastDoubleElement returns stored value on all paths.
...
BUG=chromium:91013
TEST=test/mjsunit/regress/regress-91013.js
Review URL: http://codereview.chromium.org/7551009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 13:36:38 +00:00
vegorov@chromium.org
a547d333f0
Check for phi-uses of arguments object before eliminating dead phi's.
...
HGraphBuilder::TryArgumentsAccess does not emit any uses for receiver and will generate incorrect code when receiver for a property access is defined by a phi that returns either arguments object or something else.
BUG=v8:1582
TEST=test/mjsunit/regress/regress-1582.js
Review URL: http://codereview.chromium.org/7553006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 09:32:28 +00:00
danno@chromium.org
008f834117
Properly handle FastDoubleArrays in Runtime_MoveArrayContents
...
BUG=91013
TEST=regress91013.js
Review URL: http://codereview.chromium.org/7551004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 09:28:55 +00:00
danno@chromium.org
1f9801bb9e
Fix bug in ARM pixel array clamping
...
Properly handle undefined conversion to zero in Crankshaft.
R=yangguo@chromium.org
BUG=none
TEST=regress-1563.js
Review URL: http://codereview.chromium.org/7461028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-22 16:01:53 +00:00
jkummerow@chromium.org
9de5255b60
Revert "Make window.undefined, window.NaN, window.Infinitiy read-only (ES5 section 15.1.1)"
...
This reverts r8691.
Review URL: http://codereview.chromium.org/7457020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-20 10:51:11 +00:00
jkummerow@chromium.org
6768c5e24e
Make window.undefined, window.NaN, window.Infinitiy read-only (ES5 section 15.1.1)
...
BUG=89490
TEST=manual: "Infinity = 42;" doesn't change the value of "Infinity"
Review URL: http://codereview.chromium.org/7457019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-20 10:06:53 +00:00
ager@chromium.org
85f5afb717
Correctly mark functions from our natives files during compilation.
...
When creating a CompilationInfo we always have the script and can
determine if it is a natives script.
Now that all natives functions are recognized as such, many of them
are called with undefined as the receiver. We have to use different
filtering for builtins functions when printing stack traces.
Also, fixed one call of CALL_NON_FUNCTION to be correctly marked as a
method call (with fixed receiver). Now that CALL_NON_FUNCTION is
marked as a native function this caused the receiver to be undefined.
R=svenpanne@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7395030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-19 08:19:31 +00:00
jkummerow@chromium.org
d4779286b6
Add map check for COW elements to crankshaft array handling code.
...
BUG=1560
TEST=mjsunit/regress/regress-1560.js
Review URL: http://codereview.chromium.org/7366008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8656 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-14 14:45:20 +00:00
kmillikin@chromium.org
890bc1607a
Fix a potential crash in const declaration.
...
Declaration of const lookup slots would trigger an assertion if there was a
setter somewhere in the prototype chain, and that setter was shadowed by a
non-readonly data property also in the prototype chain.
R=ager@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7324048
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-11 14:07:12 +00:00
kmillikin@chromium.org
cbaf1bc98b
Allow JSObject::PreventExtensions to work for arguments objects.
...
R=karlklose@chromium.org
Review URL: http://codereview.chromium.org/7335002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-11 06:48:19 +00:00
kmillikin@chromium.org
fe23339bdd
Fix a bug in for/in iteration of arguments objects.
...
We did not properly combine the property names from the parameter map
and the arguments backing store. They could overwrite each other and
be unsorted.
Also fix an unrelated bug: deleting from a dictionary-mode arguments
backing store could corrupt the parameter map.
R=rossberg@chromium.org
BUG=1531
TEST=mjsunit/regress/regress-1531.js
Review URL: http://codereview.chromium.org/7278033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-08 07:31:48 +00:00
ricow@chromium.org
82e53270dc
Ensure that regexps always have code object, even if GC happened while running multiple times in runtime.
...
Review URL: http://codereview.chromium.org/7316018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-07 10:04:56 +00:00
sgjesse@chromium.org
ca3787f395
Fix debug break on binary boolean operators
...
The syntax checker finding breakable statements did not take into account that the right hand side of a boolean binary opration might never get evaluated.
R=svenpanne@chromium.org
BUG=v8:1523
TEST=test/mjsunit/regress/regress-1523.js
Review URL: http://codereview.chromium.org//7212027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-06 10:16:57 +00:00
vitalyr@chromium.org
8f60208324
Fix bug 1529: check for NULL handle in v8::TryCatch::StackTrace.
...
Internal HandleScope::CloseAndEscape crashes on NULL handles.
R=kmillikin@chromium.org
BUG=v8:1529
TEST=mjsunit/regress/regress-1529
Review URL: http://codereview.chromium.org/7309004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-04 13:29:56 +00:00
kmillikin@chromium.org
57c29c1f29
Fix a bug in with and catch context allocation.
...
We were only looking one level up the scope chain to decide which
closure to use in the fresh context. Instead, we should look to the
first non-catch scope.
R=vegorov@chromium.org
BUG=1528
TEST=regress-1528
Review URL: http://codereview.chromium.org/7309002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8523 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-04 09:34:47 +00:00
kmillikin@chromium.org
a48c03bb2a
Fix an issue with optimization of functions inside catch.
...
When optimizing a function defined inside a catch, we did not count
the catch context as part of the context chain.
R=vegorov@chromium.org
BUG=1521
TEST=regress-1521
Review URL: http://codereview.chromium.org/7285032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-01 14:05:46 +00:00
karlklose@chromium.org
c0e2268c8c
Fix problem with arguments object ICs not checking for dictionary mode elements.
...
R=kmillikin@chromium.org
BUG=1514
TEST=mjsunit/regress/regress-1513.js
Review URL: http://codereview.chromium.org/7282029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 14:56:06 +00:00
ager@chromium.org
0d8c343c90
Do not pass the global object as the receiver to strict-mode and
...
builtin replace and sort functions.
R=ricow@chromium.org
BUG=v8:1360
TEST=mjsunit/regress/regress-1360.js
Review URL: http://codereview.chromium.org/7283006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 12:29:19 +00:00
kmillikin@chromium.org
6543526a9d
Remove failing test while working on a fix.
...
TBR=ricow@chromium.org
Review URL: http://codereview.chromium.org/7283040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 12:07:33 +00:00
kmillikin@chromium.org
3f84fcf6c9
Fix a bug in Object.defineProperty.
...
There was a bug in Object.defineProperty when used to add an indexed
property to an arguments object. When converting the elements backing
store to dictionary mode, the parameter map in front of the backing
store does not change.
R=ager@chromium.org ,karlklose@chromium.org
Review URL: http://codereview.chromium.org/7289011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-30 11:11:19 +00:00
keuchel@chromium.org
3f70c456eb
Fix "illegal access" when calling parseInt with a radix that is not a smi.
...
BUG=v8:1246
TEST=regress-1246.js
Review URL: http://codereview.chromium.org/7206019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-28 12:31:42 +00:00
ager@chromium.org
89cc886ba7
Fix receiver check in arguments ICs.
...
The receiver needs to be checked in the same way as all other KeyedLoadICs to take non-JSObject and objects that require access checks or has interceptors into account.
R=sgjesse@chromium.org
BUG=87478
TEST=mjsunit/regress/regress-crbug-87478.js
Review URL: http://codereview.chromium.org/7259015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8429 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-27 13:02:51 +00:00
fschneider@chromium.org
4bc671c2b0
Add missing write barrier for arguments store ICs.
...
Review URL: http://codereview.chromium.org/7207006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-06-23 09:20:07 +00:00