danno@chromium.org
dff0e36d2d
Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY
...
BUG=v8:1849
TEST=test/mjsunit/regress/regress-1849.js
Review URL: http://codereview.chromium.org/8968028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 12:54:23 +00:00
danno@chromium.org
aa38094bf0
Ensure that InternalArrays remain InternalArrays regardless of how they are constructed.
...
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js
Review URL: http://codereview.chromium.org/9016041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03
Avoid embedding new space objects into code objects in the lithium gap resolver.
...
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js
Review URL: http://codereview.chromium.org/8960004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-23 10:39:01 +00:00
mstarzinger@chromium.org
04f0e33229
Fix handling of foreign callbacks in DefineOwnProperty.
...
We use foreign callbacks to make some properties shadow internal values
but still behave as data properties from within JavaScript. This means
when a value is passed to Object.defineProperty() on such a property,
it should update the internal value instead of redefinind the property
and destroying the shadowing.
R=rossberg@chromium.org
BUG=v8:1530
TEST=mjsunit/regress/regress-1530,test262/S15.3.3.1_A4
Review URL: http://codereview.chromium.org/8996008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-20 08:49:51 +00:00
jkummerow@chromium.org
0438c76185
Fix outdated test expectations for array literal crankshafting
...
TEST=nosnap builder green
Review URL: http://codereview.chromium.org/8915006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 13:32:34 +00:00
jkummerow@chromium.org
106973c3d2
Create missing boilerplate for array literals instead of deoptimizing
...
BUG=107370
TEST=new additions to mjsunit/array-literal-transitions
Review URL: http://codereview.chromium.org/8914006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 13:01:27 +00:00
yangguo@chromium.org
4cd99d7cb9
Handle external strings in generated code when concatenating short strings.
...
TEST=string-external-cached.js
Review URL: http://codereview.chromium.org/8931025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 10:32:22 +00:00
fschneider@chromium.org
cf8e2b01e4
Landing forgotten mjsunit test file from previous CL.
...
Patch by Fedor Indutny <fedor.indutny@gmail.com>.
Original code review: http://codereview.chromium.org/8857001/
Review URL: http://codereview.chromium.org/8935006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 17:13:47 +00:00
jkummerow@chromium.org
91efb313eb
Fix crash in d8 when external array ctor hits stack overflow
...
BUG=100859
TEST=mjsunit/regress/regress-crbug-100859
Review URL: http://codereview.chromium.org/8898021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 13:51:58 +00:00
yangguo@chromium.org
94f9aa3a0d
Avoid using an invalid working directory in mjsunit/d8-os.
...
This test deleted its working directory and then tried to run several
shell commands which caused a failure on nfs.
Changes:
-TEST_DIR is only removed at the very end of the test
-the working directory is changed to /tmp at the beginning so that
every iteration (when running with --stress-opt) has a valid working directory
BUG=
TEST=
Review URL: http://codereview.chromium.org/8936004
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 12:57:33 +00:00
yangguo@chromium.org
a7f0c72e2d
Fixing bug introduced in r10210 that crashes v8 raytrace benchmark.
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/8889047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10226 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 12:11:56 +00:00
yangguo@chromium.org
ce86c1bfb1
Avoid bailing out to runtime for short substrings.
...
This significantly improves the speed for creating short substrings (less than 13 characters) from slices, flat cons strings and external strings.
TEST=string-external-cached.js, string-slices.js
Review URL: http://codereview.chromium.org/8889012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 10:04:58 +00:00
keuchel@chromium.org
f1649cf39c
Hydrogen support for context allocated harmony bindings.
...
This CL adds support for loading from and storing to context slots
belonging to harmony let or const bound variables. Checks for the
hole value are performed and the function is deoptimized if they fail.
The full-codegen generated code will take care of properly throwing
a reference error in these cases.
TEST=mjsunit/harmony/block-let-crankshaft.js
Review URL: http://codereview.chromium.org/8820015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 09:50:30 +00:00
danno@chromium.org
ef54f5690f
Support Smi->Double->HeapObject transitions in constructed Arrays.
...
Also several bugs with Smi/double elements handling and make Ensure* routines more flexible.
BUG=none
TEST=test/mjsunit/array-construct-transition.js
Review URL: http://codereview.chromium.org/8820014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 08:50:19 +00:00
vegorov@chromium.org
a457040ca6
Ensure that non-optimized code objects are not flushed for inlined functions.
...
Collector was flushing them if optimized code was reachable only through the stack (not through the JSFunction object) which happens when you have a pending lazy deoptimization.
Also prevent v8::Script::New from leaking internal objects allocated by the compiler into outer HandleScope.
R=kmillikin@chromium.org
BUG=http://crbug.com/97116
TEST=test/mjsunit/regress/regress-97116.js
Review URL: http://codereview.chromium.org/8888011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-08 16:07:07 +00:00
fschneider@chromium.org
c1662a199b
Fix a bug with register use in optimized Math.round.
...
We're not allowed to modify the input register and have to
use a temporary instead, otherwise the result of expressions
containing Math.round can be wrong.
BUG=106351
TEST=test/mjsunit/compiler/regress-106351.js
Review URL: http://codereview.chromium.org/8833007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-07 10:13:46 +00:00
danno@chromium.org
b5b91b5add
Fix nosnap build test failures.
...
TBR=jkummerow@chromium.org
BUG=none
TEST=less waterfall redness
Review URL: http://codereview.chromium.org/8828004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10184 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 22:27:15 +00:00
yangguo@chromium.org
e9688608cd
Fix presubmit.
...
Review URL: http://codereview.chromium.org/8821016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 13:30:22 +00:00
yangguo@chromium.org
72827079ac
Fixing mozilla test failures regarding Math.pow.
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/8820011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 13:14:46 +00:00
keuchel@chromium.org
8b34f4630b
Hydrogen support for stack local harmony bindings in function scope.
...
This is the first CL in a series that add support for the harmony scoping
features to crankshaft. This CL specifically adds support for stack
allocated 'let' and 'const' declared variables in function scopes.
TEST=mjsunit/harmony/block-let-crankshaft.js
Review URL: http://codereview.chromium.org/8806012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 09:41:06 +00:00
yangguo@chromium.org
8e6655c676
Stop skipping regress-397.js
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/8804013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 09:20:55 +00:00
yangguo@chromium.org
fe2049fcb8
Fixing fix for MathPowHalf on ARM.
...
Review URL: http://codereview.chromium.org/8817012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10167 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 09:20:00 +00:00
yangguo@chromium.org
b37ee7bcce
Fixing MathPowHalf on ARM.
...
BUG=v8:397
TEST=regress-397.js
Review URL: http://codereview.chromium.org/8800009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 08:28:12 +00:00
keuchel@chromium.org
08b4262512
Statically check for assignments to const in harmony mode.
...
The ES.next draft rev 4 in section 11.13 reads:
It is a Syntax Error if the AssignmentExpression is contained in extended code
and the LeftHandSideExpression is an Identifier that does not statically resolve
to a declarative environment record binding or if the resolved binding is an
immutable binding.
This CL adds corresponding static checks for the immutable binding case.
TEST=mjsunit/harmony/block-const-assign
Review URL: http://codereview.chromium.org/8688007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10156 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-05 14:43:28 +00:00
mstarzinger@chromium.org
993d650f15
MIPS: updated test .status files based mostly on the ARM version.
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/8572032
Patch from Gergely Kis <gergely@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-05 11:44:17 +00:00
yangguo@chromium.org
c0e7884752
Temporarily disable regress-397 until fix has been ported to all platforms.
...
Review URL: http://codereview.chromium.org/8775051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 13:42:51 +00:00
yangguo@chromium.org
929c619101
Quickfix for DoMathPowHalf.
...
TEST=regress-397.js
Review URL: http://codereview.chromium.org/8769037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 13:16:49 +00:00
danno@chromium.org
25e3d2706d
Optimize Crankshaft array literal initialization from boilerplate.
...
BUG=none
TEST=test/mjsunit/array-literal-transitions.js
Review URL: http://codereview.chromium.org/8747009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 12:42:35 +00:00
yangguo@chromium.org
d5fdb76028
Implement Math.pow using FPU instructions and inline it in crankshaft (ia32).
...
Review URL: http://codereview.chromium.org/8749002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 08:06:37 +00:00
sgjesse@chromium.org
5ccdb3b692
Fix handling of recompiling code for optimized and inlined functions
...
The debugger preparation did not take optimized functions - including
inlined function into account. This caused the full-code used for
deoptimization to be the "lazy compile" builtin which did not work and
caused V8 to crash.
R=yangguo@chromium.org
BUG=chromium:105375, v8:1782
TEST=test/mjsunit/debug-break-inline.js
Review URL: http://codereview.chromium.org//8728031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-30 11:48:35 +00:00
keuchel@chromium.org
b3a2e242db
Reapply "Fix the ScopeIterator reimplementation".
...
This reapplies a fixed version of r10076 that also works on arm. Patch set one is r10076 reapplied and patch set 2 contains the new fix.
Review URL: http://codereview.chromium.org/8725001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10080 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-29 08:43:14 +00:00
keuchel@chromium.org
e26093f3d8
Make let/const outside of the extended mode early errors (under harmony flag).
...
The ES.next drafts require that source code that matches the productions for
let and const bindings outside the extended mode trigger early syntax
errors. This CL adapts the parser / preparser accordingly under the harmony
scoping flag.
Summary:
* Harmony scoping flag not set: Old semantics allowing const in classic mode
with function level scope. Const binding in strict mode and let bindings in
classic and strict mode trigger early syntax errors.
* Harmony scoping is set: Use new harmony const and let in
extended mode and old const in classic mode. This is to preserve
compatibility with current web pages that already use
non-standard implementations of const. An early syntax error is
thrown on const in strict mode and on let in classic and strict
mode.
This depends on:
http://codereview.chromium.org/8562002/
TEST=mjsunit/harmony/block-early-errors.js
Review URL: http://codereview.chromium.org/8564001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10079 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-29 06:38:04 +00:00
keuchel@chromium.org
9664e48e14
Revert r10076 due to arm build failures.
...
Review URL: http://codereview.chromium.org/8716005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-28 14:01:13 +00:00
keuchel@chromium.org
8866d63cc9
The ScopeIterator uses recorded scope position - as detailed in scopes.h - and
...
source code positions it gets from the program counter to recreate the scope
chain by reparsing the function or program.
This CL includes the following changes
* Adds source code positions for the assignment added by the rewriter.
* Run the preparser over global code first.
* Use the ScopeType from the ScopeInfo to determine if the code being debugged
is eval, function or global code instead of looking up the '.result' symbol.
TEST=mjsunit/debug-stepout-scope.js
Review URL: http://codereview.chromium.org/8590027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-28 12:47:39 +00:00
lrn@chromium.org
c7fccff9af
Clean up JavaScript files to better follow coding standard.
...
Multiline conditionals must use braces.
Semicolons are not optional.
Review URL: http://codereview.chromium.org/8701006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-28 12:11:00 +00:00
mstarzinger@chromium.org
ad356bd5ad
Skip test for known failure tracked by issue 1845.
...
R=keuchel@chromium.org
BUG=v8:1845
TEST=mjsunit/harmony/proxies-example-membrane
Review URL: http://codereview.chromium.org/8698017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-28 11:58:53 +00:00
yangguo@chromium.org
d542a2fb75
Add external strings support to regexp in generated code.
...
TEST=test/mjsunit/string-external-cached.js
Review URL: http://codereview.chromium.org/8680010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-25 14:04:47 +00:00
lrn@chromium.org
ebccde15bc
Don't preparse large files to find boundaries of lazy functions.
...
Instead use the preparser inline to parse only the lazy function
bodies.
This is still disabled for small files.
More measurements are needed to determine if lazy-compiling small
sources is worth it.
Review URL: http://codereview.chromium.org/8662037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-25 09:36:31 +00:00
keuchel@chromium.org
1e9a7267ab
Introduce extended mode.
...
This CL introduces a third mode next to the non-strict
(henceforth called 'classic mode') and 'strict mode'
which is called 'extended mode' as in the current
ES.next specification drafts. The extended mode is based on
the 'strict mode' and adds new functionality to it. This
means that most of the semantics of these two modes
coincide.
The 'extended mode' is entered instead of the 'strict mode'
during parsing when using the 'strict mode' directive
"use strict" and when the the harmony-scoping flag is
active. This should be changed once it is fully specified how the 'extended mode' is entered.
This change introduces a new 3 valued enum LanguageMode
(see globals.h) corresponding to the modes which is mostly
used by the frontend code. This includes the following
components:
* (Pre)Parser
* Compiler
* SharedFunctionInfo, Scope and ScopeInfo
* runtime functions: StoreContextSlot,
ResolvePossiblyDirectEval, InitializeVarGlobal,
DeclareGlobals
The old enum StrictModeFlag is still used in the backend
when the distinction between the 'strict mode' and the 'extended mode' does not matter. This includes:
* SetProperty runtime function, Delete builtin
* StoreIC and KeyedStoreIC
* StubCache
Review URL: http://codereview.chromium.org/8417035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10062 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-24 15:17:04 +00:00
yangguo@chromium.org
2055f4195e
Recommit introducing short external strings.
...
Review URL: http://codereview.chromium.org/8677006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-23 13:08:28 +00:00
yangguo@chromium.org
922aee5a02
Rolling back r10049 due to webkit failures.
...
Review URL: http://codereview.chromium.org/8681007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10050 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-23 10:41:12 +00:00
yangguo@chromium.org
21edc7c30b
Introduce short external strings without pointer cache.
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/8635011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10049 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-23 09:58:58 +00:00
yangguo@chromium.org
5a82d78948
Add pointer cache field to external string for access in generated code.
...
TEST=test/mjsunit/string-externalize.js
Review URL: http://codereview.chromium.org/8513010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-17 17:05:12 +00:00
fschneider@chromium.org
8fbf1d5017
Landing: [hydrogen] optimize switch with string clauses. Patch by Fedor Indutny <fedor.indutny@gmail.com>.
...
Original code review: http://codereview.chromium.org/8373029/
Review URL: http://codereview.chromium.org/8589019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-17 13:57:55 +00:00
fschneider@chromium.org
8480569467
Fix lazy deoptimization at HInvokeFunction and enable target-recording call-function stub.
...
Changes the way we do lazy deoptimization:
1. For side-effect instructions, we insert the lazy-deopt call at
the following LLazyBailout instruction.
CALL
GAP
LAZY-BAILOUT ==> lazy-deopt-call
2. For other instructions (StackCheck) we insert it right after the
instruction since the deopt targets an earlier deoptimization environment.
STACK-CHECK
GAP ==> lazy-deopt-call
The pc of the lazy-deopt call that will be patched in is recorded in the
deoptimization input data. Each Lithium instruction can have 0..n safepoints.
All safepoints get the deoptimization index of the associated LAZY-BAILOUT
instruction. On lazy deoptimization we use the return-pc to find the safepoint.
The safepoint tells us the deoptimization index, which in turn finds us the
PC where to insert the lazy-deopt-call.
Additional changes:
* RegExpLiteral marked it as having side-effects so that it
gets an explicitlazy-bailout instruction (instead of
treating it specially like stack-checks)
* Enable target recording CallFunctionStub to achieve
more inlining on optimized code.
BUG=v8:1789
TEST=jslint and uglify run without crashing, mjsunit/compiler/regress-lazy-deopt.js
Review URL: http://codereview.chromium.org/8492004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-16 08:44:30 +00:00
mstarzinger@chromium.org
330cd2205c
Remove hidden prototype for builtin functions.
...
This is a deliberate non-conformity introduced more than 2 years ago to
be compatible with JSC. The current state is that all other browsers
perform ES5 conform in that regard.
R=erik.corry@gmail.com
BUG=chromium:1717,chromium:39662
TEST=test262/15.2.3.6-4-6??,mjsunit/undeletable-functions
Review URL: http://codereview.chromium.org/8566009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-15 09:44:57 +00:00
fschneider@chromium.org
c48f928480
Speedup unit test to avoid timeout on slow ARM simulator.
...
This test depends on OSR being triggered. That's why I can't
use %OptimizeFunctionOnNextCall.
Review URL: http://codereview.chromium.org/8555004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9987 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-14 12:33:44 +00:00
rossberg@chromium.org
a9c1b834f8
A more holistic test case for proxies.
...
Depends on http://codereview.chromium.org/8318014/
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8392038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-10 16:24:43 +00:00
rossberg@chromium.org
830763bda4
Fixing test cases for correct assertSame.
...
Leaving out derived construct trap for now, which I'm working on separately.
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8506020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-10 15:48:07 +00:00
rossberg@chromium.org
8caa6eb732
Fix instanceof a function proxy.
...
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8520001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9954 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-10 13:39:22 +00:00
yangguo@chromium.org
6157562994
Simplify StringCharCodeAt in non-crankshaft codegen.
...
TEST=test/mjsunit/string-slices.js
Review URL: http://codereview.chromium.org/8510005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-09 14:32:51 +00:00
yangguo@chromium.org
53c6077cee
Fixing issue 103259.
...
BUG=103259
TEST=regress-103259.js
Review URL: http://codereview.chromium.org/8498011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 14:59:40 +00:00
rossberg@chromium.org
f936aac43e
Make _CallFunction proxy-aware.
...
Change calling convention for CallFunction stub.
Some fixes regarding strict mode call traps.
R=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8318014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9916 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 14:39:37 +00:00
keuchel@chromium.org
72dba271eb
Reapply r9870 "Remove some initialization checks based on source positions.".
...
This reverts r9896 "Revert r9870 due to browser-test failures." See below for
the diff from the previous version for the ia32 platform. The code for other
platforms has been changed accordingly.
TEST=mjsunit/compiler/lazy-const-lookup.js
diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index 2cbf518..1990f2f 100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -1258,13 +1258,17 @@ void FullCodeGenerator::EmitVariableLoad(VariableProxy* proxy) {
// binding is initialized:
// function() { f(); let x = 1; function f() { x = 2; } }
//
- // Check that we always have valid source position.
- ASSERT(var->initializer_position() != RelocInfo::kNoPosition);
- ASSERT(proxy->position() != RelocInfo::kNoPosition);
- bool skip_init_check =
- var->mode() != CONST &&
- var->scope()->DeclarationScope() == scope()->DeclarationScope() &&
- var->initializer_position() < proxy->position();
+ bool skip_init_check;
+ if (var->scope()->DeclarationScope() != scope()->DeclarationScope()) {
+ skip_init_check = false;
+ } else {
+ // Check that we always have valid source position.
+ ASSERT(var->initializer_position() != RelocInfo::kNoPosition);
+ ASSERT(proxy->position() != RelocInfo::kNoPosition);
+ skip_init_check = var->mode() != CONST &&
+ var->initializer_position() < proxy->position();
+ }
+
if (!skip_init_check) {
// Let and const need a read barrier.
Label done;
Review URL: http://codereview.chromium.org/8479034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9915 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 13:28:53 +00:00
fschneider@chromium.org
4627023b38
Revert r9901 to make tree green again.
...
There was a test failure on x64 mozilla tests.
TBR=ricow@chromium.org
Review URL: http://codereview.chromium.org/8495011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 09:56:09 +00:00
fschneider@chromium.org
cac3008437
[hydrogen] optimize switch with string clauses
...
Hydrogen should optimize not only SMI clauses, but clauses with string literals
too.
Patch from fedor.indutny <fedor.indutny@gmail.com>.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8373029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 09:08:33 +00:00
jkummerow@chromium.org
9625d5d4a0
Fix Array.{splice,slice} to set proper ElementsKind of result
...
TEST=mjsunit/elements-kind.js
Review URL: http://codereview.chromium.org/8430036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-04 12:47:58 +00:00
jkummerow@chromium.org
f2787a42b0
Fix JSObject::EnsureCanContainElements to correctly iterate over Arguments
...
TEST=mjsunit/elements-kind.js
Review URL: http://codereview.chromium.org/8437094
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9881 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-04 12:31:44 +00:00
jkummerow@chromium.org
8450c60d47
Fix Runtime_ArrayConcat to handle FAST_DOUBLE_ELEMENTS
...
TEST=mjsunit/elements-kind.js; stanford-crypto-sha256-iterative in debug mode
Review URL: http://codereview.chromium.org/8334028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9880 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-04 12:19:35 +00:00
mstarzinger@chromium.org
0bbfb46aa6
Fix Harmony sets and maps to allow undefined as keys.
...
This uses a global sentinel as a replacement for undefined keys, which
are not supported internally but required for Harmony sets and maps.
R=rossberg@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections
Review URL: http://codereview.chromium.org/8439069
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-03 14:33:58 +00:00
mstarzinger@chromium.org
79cadcc947
Fix Harmony sets and maps to allow null as key.
...
This changes the internal convention for marking deleted entries in hash
tables from null_value to the_hole_value, which is consistent with other
usages of the_hole.
R=rossberg@chromium.org ,kmillikin@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections
Review URL: http://codereview.chromium.org/8343056
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9871 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-03 14:17:05 +00:00
danno@chromium.org
0766a138a6
Add and use ElementsKind side effect
...
Also partition side effects into observable and not observable, with only observable requiring Simulates and non-observable changes able to participate in GVN and code hoisting.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/8380017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-31 14:15:10 +00:00
mstarzinger@chromium.org
358d7c2078
Adapt date test to be timezone independant.
...
R=yangguo@chromium.org
BUG=v8:1792
TEST=mjsunit/date
Review URL: http://codereview.chromium.org/8423004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-31 11:15:23 +00:00
lrn@chromium.org
30465596e6
Make eval consider anything on the form eval(args...) a potential direct cal
...
Previously we omitted all cases where the global eval property was shadowed,
even if by a variable holding the same value. ES5 requires us to treat these
as direct calls.
We still throw if calling indirect eval with a detached global object.
BUG=v8:994
TEST=mjsunit/eval.js
Review URL: http://codereview.chromium.org/8343054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-31 09:38:52 +00:00
danno@chromium.org
6d7d6d4e4e
Force transition to FAST_ELEMENTS on out-of-bounds KeyedLoads.
...
Proactively ensure that that objects don't get FAST_DOUBLE_ELEMENTS to reduce the number of double boxing operations when generated code calls the runtime frequently to satisfy KeyedLoad requests.
Review URL: http://codereview.chromium.org/8416014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-28 10:35:38 +00:00
mstarzinger@chromium.org
6d950a748f
Fix assertSame for unit testing harness.
...
Using isNaN() here is bogus because it performs an implicit toNumber()
conversion, hence something like assertSame(undefined, {}) would not
throw an exception. These are not the NaNs you are looking for.
R=rossberg@chromium.org
TEST=mjsunit
Review URL: http://codereview.chromium.org/8400056
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-28 09:09:51 +00:00
mstarzinger@chromium.org
cd9bc6c3a6
Fix error handling in Date.prototype.toISOString.
...
This fixes Date.prototyoe.toISOString to throw a RangeError exception
for invalid time values. It also includes a fix to removes the arbitrary
(and completely bogus) range limit on the date value during construction
of a Date object. Note that we still have bogus range limits on the year
and month values.
R=lrn@chromium.org
BUG=v8:1792
TEST=mjsunit/date,test262/15.9.5.43-0-*
Review URL: http://codereview.chromium.org/8392036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-28 08:45:04 +00:00
fschneider@chromium.org
a5b40e27b8
Revert r9805.
...
It did not fix the original problem, but instead introduced new ones.
R=vegorov@chromium.org
Review URL: http://codereview.chromium.org/8404037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-27 12:12:53 +00:00
ricow@chromium.org
d9597f0086
Skip live edit debug tests, these are flaky because in the case of osr we will get wrong frame heights.
...
Review URL: http://codereview.chromium.org/8401029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-27 07:10:25 +00:00
lrn@chromium.org
a9edfefa58
Remove special-casing of calls to RegExp test and exec methods with no argument.
...
Matches new JSC behavior. Fix issue 75740.
BUG=75740
TEST=mjsunit/regexp-static
Review URL: http://codereview.chromium.org/6677020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-26 12:51:07 +00:00
mstarzinger@chromium.org
5a33ffd7e8
Fix Error.prototype.toString to be ES5 conform.
...
R=lrn@chromium.org
TEST=test262/15.11.4.4-8-1,mjsunit/error-tostring
Review URL: http://codereview.chromium.org/8341021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-26 10:41:52 +00:00
fschneider@chromium.org
2d4bb1803d
Fix bug in inlining call-as-function when inlining multiple levels deep.
...
This change fixes a off-by-one level error when dropping the
function from the environment. The function of the outermost
environment was not dropped.
BUG=v8:1785
TEST=test/mjsunit/compiler/regress-inline-callfunctionstub.js
Review URL: http://codereview.chromium.org/8341019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-26 10:31:06 +00:00
rossberg@chromium.org
f7d56eb602
Handle proxies in KeyedStoreIC::Store, instead of just ignoring them.
...
R=mstarzinger@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/8391005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-26 09:31:40 +00:00
fschneider@chromium.org
f8f8c672b6
Temporarily skip failing test to make sure builders cycle green.
...
R=mstarzinger@chromium.org
Review URL: http://codereview.chromium.org/8393005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9779 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 16:11:53 +00:00
vegorov@chromium.org
f8c2d3847f
Take loop side-effects into account when collecting side-effects on the path between two blocks.
...
R=fschneider@chromium.org
BUG=100409
TEST=test/mjsunit/regress/regress-100409.js
Review URL: http://codereview.chromium.org/8395002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 15:39:55 +00:00
mstarzinger@chromium.org
622d35dc0e
Implement Harmony sets and maps.
...
This implementation extends the internal ObjectHashTable to be able to
hold arbitrary objects (e.g. Smis, Strings, ...) as keys by applying
specialized hashing functions to primitive types. Equality of keys is
defined using the internal SameValue function.
R=rossberg@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections
Review URL: http://codereview.chromium.org/8372027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 14:14:56 +00:00
keuchel@chromium.org
e8bccc2cb0
Block scoped const variables.
...
This implements block scoped 'const' declared variables in harmony mode. They
have a temporal dead zone semantics similar to 'let' bindings, i.e. accessing
uninitialized 'const' bindings in throws a ReferenceError.
As for 'let' bindings, the semantics of 'const' bindings in global scope is not
correctly implemented yet. Furthermore assignments to 'const's are silently
ignored. Another CL will introduce treatment of those assignments as early
errors.
Review URL: http://codereview.chromium.org/7992005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 08:33:08 +00:00
rossberg@chromium.org
46dde044de
Adapt to latest spec changes for Proxy.create[Function].
...
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8271005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9761 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 16:25:30 +00:00
rossberg@chromium.org
70dc2fe968
Implement for-in loop for proxies.
...
Fix related corner case for Object.keys.
Remove obsolete GET_KEYS builtin.
R=ricow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8256015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 15:56:18 +00:00
yangguo@chromium.org
f92da58e13
Handle COW-arrays correctly when converting smi->double fast elements.
...
TEST=mjsunit/elements-transition.js
Review URL: http://codereview.chromium.org/8383002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 15:06:20 +00:00
fschneider@chromium.org
53e7502fa0
Fix bug in environment simulation after inlined call-as-function.
...
This change is based on my previous change enabling inlining calls-as-function
fixing the bugs related to deoptimization.
The function value on top of the environment was dropped too late in the old code.
As a result we could get a wrong value on top after deoptimization.
This change includes r9619. It was reverted because of test failures that are fixed
with this patch.
Review URL: http://codereview.chromium.org/8360001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 13:53:08 +00:00
keuchel@chromium.org
c6464d500b
Replace boolean indications of strict mode by an enum value.
...
Review URL: http://codereview.chromium.org/8344082
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 07:47:22 +00:00
keuchel@chromium.org
666c4be29f
Reapply r9673 "Scope tree serialization and ScopeIterator cleanup."
...
This also includes the two fixes from r9674 and r9675. Here's the diff
to the previous CL.
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -11133,17 +11133,26 @@ class ScopeIterator {
context_(Context::cast(frame->context())),
nested_scope_chain_(4) {
+ // Catch the case when the debugger stops in an internal function.
+ Handle<SharedFunctionInfo> shared_info(function_->shared());
+ if (shared_info->script() == isolate->heap()->undefined_value()) {
+ if (shared_info->scope_info()->HasContext()) Next();
+ return;
+ }
+
// Check whether we are in global code or function code. If there is a stack
// slot for .result then this function has been created for evaluating
// global code and it is not a real function.
// Checking for the existence of .result seems fragile, but the scope info
// saved with the code object does not otherwise have that information.
- int index = function_->shared()->scope_info()->
+ int index = shared_info->scope_info()->
StackSlotIndex(isolate_->heap()->result_symbol());
// Reparse the code and analyze the scopes.
ZoneScope zone_scope(isolate, DELETE_ON_EXIT);
- Handle<SharedFunctionInfo> shared_info(function_->shared());
Handle<Script> script(Script::cast(shared_info->script()));
Scope* scope;
if (index >= 0) {
Review URL: http://codereview.chromium.org/8344046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-21 10:26:59 +00:00
lrn@chromium.org
a47caee095
Make builtin functions be skipped in stack traces.
...
Does include exposed builtin functions ("native functions").
Review URL: http://codereview.chromium.org/8345039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-20 12:31:33 +00:00
mstarzinger@chromium.org
67c9a03922
Fix handling Function.apply for non-array arguments.
...
R=rossberg@chromium.org
TEST=mjsunit/apply,test262
Review URL: http://codereview.chromium.org/8342034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 13:56:18 +00:00
sgjesse@chromium.org
663bc0fb78
Temporarily skip asserts in test mjsunit/debug-step-3.js until issue is resolved
...
R=kmillikin@chromium.org
BUG=v8:1782
TEST=mjsunit/debug-step-3.js
Review URL: http://codereview.chromium.org//8356001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 13:47:53 +00:00
jkummerow@chromium.org
439e4600df
Adjust elements-kind.js expectation when --smi-only-arrays is off
...
TEST=mjsunit/elements-kind passes both with and without --smi-only-arrays flag
Review URL: http://codereview.chromium.org/8356002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 12:44:50 +00:00
yangguo@chromium.org
372c16161c
Optimize fast element conversion in arm using batch store/loads.
...
Review URL: http://codereview.chromium.org/8353002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 12:15:15 +00:00
keuchel@chromium.org
17cc6d313f
Revert 9673, 9674 and 9675 because of failing webkit tests.
...
This reverts commits
r9673: "Scope tree serialization and ScopeIterator cleanup."
r9674: "Use OS::SNPrintF instead of snprintf."
r9675: "Use int instead of size_t, StrLength instead of strlen."
Review URL: http://codereview.chromium.org/8353003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 12:15:02 +00:00
jkummerow@chromium.org
3a9d6c04ba
Introduce HTransitionElementsKind instruction.
...
TEST=mjsunit/elements-kind
Review URL: http://codereview.chromium.org/8305001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 12:10:18 +00:00
danno@chromium.org
e5f23399b4
Support array literals with FAST_DOUBLE_ELEMENTS ElementsKind.
...
BUG=none
TEST=test/mjsunit/array-literal.js
Review URL: http://codereview.chromium.org/8258015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 11:36:55 +00:00
svenpanne@chromium.org
d0fe04447e
Fixed evaluation order issue in defineProperties.
...
This is not covered by test262 yet, but it really makes sense and matches Firefox's behaviour.
TEST=mjsunit/define-properties.js
Review URL: http://codereview.chromium.org/8349031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 09:52:08 +00:00
mstarzinger@chromium.org
b3eba9e764
Fix handling of non-object receivers for array builtins.
...
R=svenpanne@chromium.org
BUG=chromium:100702
TEST=mjsunit/regress/regress-100702
Review URL: http://codereview.chromium.org/8347034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 09:24:37 +00:00
yangguo@chromium.org
8472de004b
Porting r9605 to arm (elements kind conversion in generated code).
...
Review URL: http://codereview.chromium.org/8329022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 09:04:35 +00:00
svenpanne@chromium.org
140ae348d2
Recognize special comparisons via pattern matching on the hydrogen graph, 2nd attempt.
...
This time, we initially leave the HTypeof instruction in the Hydrogen graph,
even for the special cases. We later try to remove this instruction (and any
HConstant) in the canonicalization pass, if possible. Always removing the
HTypeof during the initial graph construction is wrong if e.g. it is used in an
HSimulate.
The removals can be generalized a bit, but this will happen in a separate CL.
TEST=mjsunit/optimized-typeof.js
Review URL: http://codereview.chromium.org/8334021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 07:35:30 +00:00
sgjesse@chromium.org
a58c963c67
Reapply "Support for precise stepping in functions compiled before debugging was started (step 2)"
...
This is reapplying r9501 with this single change which seemed to be causing most (all) of the failures for r9501.
--- a/src/debug.cc
+++ b/src/debug.cc
@@ -2230,6 +2230,7 @@ Debugger::Debugger(Isolate* isolate)
compiling_natives_(false),
is_loading_debugger_(false),
never_unload_debugger_(false),
+ force_debugger_active_(true),
message_handler_(NULL),
debugger_unload_pending_(false),
host_dispatch_handler_(NULL),
R=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org//8337009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-18 13:40:33 +00:00
lrn@chromium.org
cefbb1e7f8
Make bound functions have poisoned .caller and .arguments.
...
Also makes func.caller return null if the caller is a bound function,
matching JSC.
Fix bug preventing poisoned setters from triggering.
TEST=mjsunit/function-bind, mjsunit/strict-mode
Review URL: http://codereview.chromium.org/8333019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-18 12:26:53 +00:00
keuchel@chromium.org
4e5643a648
Scope tree serialization and ScopeIterator cleanup.
...
The intention is to store enough scope information for the debugger to
handle stack allocation of block scoped variables introduced by
http://codereview.chromium.org/7860045/ .
This CL is based on
http://codereview.chromium.org/7904008/ .
Review URL: http://codereview.chromium.org/7979001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-18 08:46:46 +00:00
yangguo@chromium.org
d7f3985e33
Rolling back r9662.
...
Review URL: http://codereview.chromium.org/8321001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 13:39:56 +00:00
yangguo@chromium.org
d2434953e2
Changes around ascii-check for strings wrt external strings.
...
Review URL: http://codereview.chromium.org/8312015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 12:49:34 +00:00
lrn@chromium.org
5152d2e0da
Reimplement Function.prototype.bind.
...
Make instanceof work correctly.
BUG=v8:893
Review URL: http://codereview.chromium.org/8199004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 12:44:16 +00:00
keuchel@chromium.org
6f4e70a1dc
Let bound iteration variables in for-loops
...
TEST=mjsunit/harmony/block-for.js
Review URL: http://codereview.chromium.org/7837028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 12:19:06 +00:00
keuchel@chromium.org
f93c69308f
Disallow function declarations in statement positions in harmony mode.
...
Review URL: http://codereview.chromium.org/8306025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 11:59:08 +00:00
yangguo@chromium.org
92fdeff125
Porting r9605 to x64 (elements kind conversion in generated code).
...
Review URL: http://codereview.chromium.org/8271007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 10:44:47 +00:00
lrn@chromium.org
50ef25e0f3
Remove redundant allow-natives flag from CompilationInfo.
...
Just use script being native and FLAG_allow_natives_syntax directly.
Review URL: http://codereview.chromium.org/8314018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 09:02:26 +00:00
mstarzinger@chromium.org
ac712f13c3
Fix evaluation order of GT and LTE operators.
...
According to the ES5 spec all ">" and "<=" expressions should be be
evaluated left-to-right. This obsoletes old hacks for reversing the
order to be ES3 compliant.
R=lrn@chromium.org
BUG=v8:1752
Review URL: http://codereview.chromium.org/8275035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 07:43:40 +00:00
rossberg@chromium.org
4753976194
Fix handling of this in direct calls to function proxies.
...
Fix & tweak some proxy-related error messages.
R=kmillikin@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/8229008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-13 15:55:57 +00:00
yangguo@chromium.org
00a5287d2f
Fixing test failures in arm and x64 due to missing implementation introduced in r9605.
...
Review URL: http://codereview.chromium.org/8261007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-13 12:03:33 +00:00
yangguo@chromium.org
fae807b3bb
Elements kind conversion in generated code (ia32).
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/8241003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9605 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-13 10:53:31 +00:00
rossberg@chromium.org
1abf3ed0a4
Introduce collective --harmony flag.
...
Shorten --harmony-block-scoping to --harmony-scoping.
R=keuchel@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8226017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-12 12:23:06 +00:00
jkummerow@chromium.org
ddacdf847b
Make elements_kind map transition test conditional on smi element support
...
TEST=mjsunit/element-kind passes even without --smi-only-arrays
Review URL: http://codereview.chromium.org/8230008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-11 10:02:42 +00:00
jkummerow@chromium.org
184fdcf28b
Track elements_kind transitions in KeyedStoreICs.
...
Review URL: http://codereview.chromium.org/8166017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-11 09:33:00 +00:00
yangguo@chromium.org
3249530ef0
Fixing issue 1757 (string slices of external strings).
...
BUG=v8:1757
TEST=regress-1757.js
Review URL: http://codereview.chromium.org/8217011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-10 16:09:03 +00:00
kmillikin@chromium.org
fa18fdb206
Add a regression test for an already fixed issue.
...
Add a regression test for Chromium issue 99167.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8222002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-10 10:46:27 +00:00
rossberg@chromium.org
357b45dea5
Tests for evil side-effects during 'internal methods'.
...
R=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8200002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-10 09:59:03 +00:00
rossberg@chromium.org
8898b97dc4
Separate tests specific to function proxies in a separate file.
...
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8218003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-10 08:58:44 +00:00
keuchel@chromium.org
80048c14b1
Fix load of potentially eval-shadowed let bindings.
...
BUG=
TEST=test/mjsunit/harmony/block-let-semantics.js
Review URL: http://codereview.chromium.org/8118032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-06 15:24:20 +00:00
rossberg@chromium.org
ebf6cb7150
Use correct trap for lookup in prototype proxy.
...
R=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8133023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-06 08:42:10 +00:00
lrn@chromium.org
9f73eed45f
Fix issue 1361 - Implement ES5 Array.prototype.toString.
...
BUG=v8:1361
TEST=mjsunit/array-tostring
Review URL: http://codereview.chromium.org/8124025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-05 07:08:23 +00:00
mstarzinger@chromium.org
c034518442
Fix preparation for sorting of external arrays.
...
R=rossberg@chromium.org
BUG=98773
TEST=mjsunit/regress/regress-98773
Review URL: http://codereview.chromium.org/8122020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9516 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-04 13:49:50 +00:00
lrn@chromium.org
4750f0c3cd
Fix issue 1415 - allow surrogate pair codes in decodeURIComponent.
...
Also some cleanup of uri.js.
BUG=v8:1415
TEST=mjsunit/regress/regress-1415
Review URL: http://codereview.chromium.org/8118004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-04 07:15:07 +00:00
lrn@chromium.org
4b385d7e8e
Fix bug in x64 RegExp detecting start of string.
...
Also add missing MIPS case in regexp tracer.
Fixes issues v8:1748 and v8:1746
BUG=v8:1748, v8:1746
TEST=mjsunit/regress/regress-1748.js
Review URL: http://codereview.chromium.org/8116001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-03 10:31:01 +00:00
lrn@chromium.org
165e105ec9
Check enumerability of array indices correctly in propertyIsEnumerable.
...
Fix issue 1692.
BUG=v8:1692
TEST=mjsunit/regress/regress-1692
Review URL: http://codereview.chromium.org/8113001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-03 09:15:58 +00:00
sgjesse@chromium.org
08a85de703
Revert "Support for precise stepping in functions compiled before debugging was started (step 2)"
...
TBR=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org//8101011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9502 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-01 08:47:12 +00:00
sgjesse@chromium.org
b2ebc91f5c
Reapply "Support for precise stepping in functions compiled before debugging was started (step 2)"
...
This is to get a clean run in the buildbot.
TBR=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org//8098020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-01 05:39:14 +00:00
sgjesse@chromium.org
083275715a
Revert "Support for precise stepping in functions compiled before debugging was started (step 2)"
...
This reverts commits r9499, r9497 and r9489.
Then changed caused a number of failures.
TBR=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org//8086020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9500 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-30 13:27:38 +00:00
sgjesse@chromium.org
de7b222e36
Support for precise stepping in functions compiled before debugging was started (step 2)
...
This change will ensure that full code with debug break slots is compiled and activated for all functions which already have activation frames.
This additional handling is only for functions which have activations on the stack, and that activation is of the full code compiled without debug break slots. In that case the full code is recompiled with debug break slots. It is ensured that the full code is compiled generating the exact same instructions - except for the additional debug break slots - as before. The return address on the stack is then patched to continue execution in the new code.
Also fixed SortedListBSearch to actually use the passed comparision function.
R=svenpanne@chromium.org , kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org//8050010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9489 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-30 08:39:56 +00:00
yangguo@chromium.org
008f7ab302
Enable --smi-only-arrays flag in test case for no-snapshot build.
...
TEST=element-kind.js
Review URL: http://codereview.chromium.org/8077008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9485 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-29 14:00:53 +00:00
vegorov@chromium.org
1a0423b54f
Fix leakage of virtual address space on Linux platform.
...
Ensure that unmap return values are checked in debug mode.
R=erik.corry@gmail.com
BUG=v8:1701
Review URL: http://codereview.chromium.org/8060052
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9480 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-29 12:23:05 +00:00
erik.corry@gmail.com
4d062f6ea5
Disable array-join test. We know it is flaky and it is
...
making it hard to see other failures on the build bot.
Review URL: http://codereview.chromium.org/8036018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-28 13:29:00 +00:00
jkummerow@chromium.org
0455aadbeb
Add Crankshaft support for smi-only elements
...
Review URL: http://codereview.chromium.org/8002019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-26 12:09:04 +00:00
vegorov@chromium.org
6dee868e03
Enable compaction, disable code-compaction.
...
Enable array-join test again.
R=erik.corry@gmail.com
Review URL: http://codereview.chromium.org/8043022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9425 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-26 11:46:16 +00:00
lrn@chromium.org
b9d39c48b8
Make the RegExp.prototype object be a RegExp object.
...
BUG=v8:1217
TEST=mjsunit/regress/regress-1217
Review URL: http://codereview.chromium.org/8041015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-26 08:42:01 +00:00
yangguo@chromium.org
65b1ea22fe
Porting r9392 to x64 (smi-only arrays).
...
Review URL: http://codereview.chromium.org/7992003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-23 14:19:04 +00:00
rossberg@chromium.org
3df2602037
Handle function proxies as getters/setters.
...
R=kmillikin@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/7849021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 17:12:41 +00:00
ricow@chromium.org
e4c90dc958
GC Cleanup + Set max old generation size to 700MB on ia32 and max executable size to 128 MB (on ia32)
...
Review URL: http://codereview.chromium.org/7993003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 17:10:40 +00:00
vegorov@chromium.org
bfd048173f
Notify collector about lazily deoptimized code objects.
...
All slots that were recorded on these objects during incremental marking should be ignored as they are no longer valid.
To filter such invalidated slots out during slots buffers iteration we set all markbits under the invalidated code object to 1 after the code space was swept and before slots buffers are processed.
R=erik.corry@gmail.com
BUG=v8:1713
TEST=test/mjsunit/regress/regress-1713.js
Review URL: http://codereview.chromium.org/7983045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 16:01:35 +00:00
yangguo@chromium.org
7ab81a14fa
Reverting r9399.
...
Review URL: http://codereview.chromium.org/7989007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 15:55:44 +00:00
yangguo@chromium.org
0c6863a1ef
Set RegExp's prototype to RegExp as specified by ES5.
...
BUG=v8:1217
TEST=regress-1217.js
Review URL: http://codereview.chromium.org/7995005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 15:11:12 +00:00
rossberg@chromium.org
d938560d59
Implement identity hashes for proxies.
...
R=mstarzinger@chromium.org
BUG=v8:1543,v8:1565
TEST=
Review URL: http://codereview.chromium.org/7754015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 13:54:53 +00:00
mstarzinger@chromium.org
873e4980db
Fix transferal of marking bits on array trimming.
...
R=vegorov@chromium.org
BUG=v8:1708
TEST=mjsunit/regress/regress-1708
Review URL: http://codereview.chromium.org/7979038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 13:03:22 +00:00
danno@chromium.org
f48c9f6557
Basic support for tracking smi-only arrays on ia32.
...
Activated by the flag --smi-only-arrays
Currently not crankshaft support, using flag on non-ia32 platforms will lead to write barrier misses and crashes.
BUG=none
TEST=elements_kind.js
Review URL: http://codereview.chromium.org/7901016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9392 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 11:30:04 +00:00
rossberg@chromium.org
e04d0b23a8
Make integer indexed properties ("elements") work for proxies.
...
Rehome some Object/JSReceiver/JSObject methods.
R=ricow@chromium.org ,kmillikin@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/7795055
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 10:45:37 +00:00
yangguo@chromium.org
b7cac76bae
Fixed string.split: always convert non-regexp separator to string.
...
BUG=v8:1711
TEST=mjsunit/regress/regress-1711.js
Review URL: http://codereview.chromium.org/7976046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 08:18:58 +00:00
rossberg@chromium.org
6c8472bd3a
Fix and test use of property descriptor objects.
...
R=kmillikin@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/7828080
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9364 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-21 12:45:51 +00:00
keuchel@chromium.org
41eb990afe
Fix pre-parsing function declarations.
...
The preparser has been out of sync with the parser. As a reminder, we have the
following grammer for harmony mode
Block ::
{ SourceElement* }
SourceElement ::
Statement
FunctionDeclaration
LetDeclaration
instead of
Block ::
{ Statement* }
SourceElement ::
Statement
FunctionDeclaration
The extension to allow FunctionDeclarations in statement positions in
non-strict code is still active.
Review URL: http://codereview.chromium.org/7983006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-21 12:27:07 +00:00
rossberg@chromium.org
647ad8f500
Fix GC hazard.
...
R=jkummerow@chromium.org
BUG=v8:1698
TEST=
Review URL: http://codereview.chromium.org/7977021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-21 09:58:40 +00:00
erik.corry@gmail.com
14087f430d
Disable some tests while we hunt for the reasons behind them.
...
Review URL: http://codereview.chromium.org/7978022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-21 07:25:33 +00:00
mstarzinger@chromium.org
3fabe323f2
Add kHeaderSize constant to SeqString.
...
This prevents potential misuse of SeqString::kHeaderSize as in the
case of live byte counting in incremental marking stub. All stubs
picked up the undefined size constant SeqString::kHeaderSize, thus
the computed size of all strings was off by two pointers slots.
R=lrn@chromium.org
BUG=v8:1672
TEST=mjsunit/object-seal.js,...
Review URL: http://codereview.chromium.org/7971009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9349 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-20 16:33:03 +00:00
lrn@chromium.org
610281f4ee
Fix calculation of live-bytes in pages.
...
The "live bytes" count is *really* a "marked black" count - i.e., the count of bytes *known* to be live.
Fix aggravating bug on X64 where assembler code used a value that was off
by a factor of 2^31.
Ensure that sweeping clears live-bytes. Added other missing increments.
Added print statements to trace live-byte modifications, under a flag.
Still a few cases of undercounting left.
(New issue to merge from GC branch to bleeding_edge)
Review URL: http://codereview.chromium.org/7970009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-20 11:20:00 +00:00
fschneider@chromium.org
76c869434d
Fix a bug with uninitialized const variables in the optimizing compiler.
...
We have to check for uninitialized uses before phi-elimination. Otherwise we
may miss such a use and result in using the hole value instead. This
causes a NULL-dereference or assertion failure.
BUG=96989
TEST=mjsunit/compiler/regress-96989.js
Review URL: http://codereview.chromium.org/7974009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-20 10:26:01 +00:00
yangguo@chromium.org
fdffe67205
Initialize pre-allocated fields of JSObject with undefined.
...
BUG=94873
Review URL: http://codereview.chromium.org/7929001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-20 10:06:23 +00:00
fschneider@chromium.org
403a022272
Skip crashing Harmony proxies unit test until underlying issue is fixed.
...
BUG=v8:1698
Review URL: http://codereview.chromium.org/7974006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-20 07:00:59 +00:00
vegorov@chromium.org
ac36cb4504
Merge experimental/gc branch to the bleeding_edge.
...
Review URL: http://codereview.chromium.org/7945009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-19 18:36:47 +00:00
rossberg@chromium.org
42f0a73a96
Make proxies work as prototypes.
...
Fix a couple of other proxy bugs along the way.
Refactor trap invocation in native code.
R=kmillikin@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/7799026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-16 13:38:30 +00:00
rossberg@chromium.org
07469fa5ae
Make function proxies work as constructors.
...
R=kmillikin@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/7628021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-16 12:26:29 +00:00
yangguo@chromium.org
3439ab60f7
Correcting a bogus assert outdated since r9295.
...
Review URL: http://codereview.chromium.org/7909002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 12:47:06 +00:00
jkummerow@chromium.org
fcc2e65aad
Change global const handling to silently ignore redeclarations
...
and make window.{Infinity,NaN,undefined} read-only as per ES5
BUG=89490
TEST=mjsunit/const-redecl.js, mjsunit/undeletable-functions.js, es5conform, sputnik
Review URL: http://codereview.chromium.org/7811015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 12:00:30 +00:00
yangguo@chromium.org
327eb48ce6
Enable slices of external strings (in the tentative implementation).
...
TEST=cctest test-strings/SliceFromExternal, mjsunit/string-slices.js
Review URL: http://codereview.chromium.org/7832002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 11:10:01 +00:00
fschneider@chromium.org
9e4663a8d9
Enable inlining of functions that reference context slots.
...
Review URL: http://codereview.chromium.org/7887038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 10:57:47 +00:00
yangguo@chromium.org
48b5328bde
Fixing issue 1639, debugger stops stepping outside evaluate.
...
BUG=v8:1639
Review URL: http://codereview.chromium.org/7889039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 07:23:31 +00:00
keuchel@chromium.org
96de832c89
Mark variables as being accessed from any inner scope, not only function scopes
...
BUG=96523
TEST=mjsunit/regress/regress-96523.js
Review URL: http://codereview.chromium.org/7890031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9281 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 13:51:29 +00:00
keuchel@chromium.org
a392f5bf70
Fix scope iteration when debugging global code.
...
TEST=mjsunit/debug-scopes.js
Review URL: http://codereview.chromium.org/7890007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 11:20:31 +00:00
kmillikin@chromium.org
63bec78428
Revert "MIPS: port Remove in-loop tracking for call ICs."
...
Committed incorrectly.
TBR=ricow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7890026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 08:08:16 +00:00
kmillikin@chromium.org
f9e2922b12
MIPS: port Remove in-loop tracking for call ICs.
...
port r9260 (af9cfd83).
Original commit message:
We passed this flag around in a lot of places and had differenc call
ICs based on it, but never did any real specialization based on its
value.
BUG=
TEST=
Review URL: http://codereview.chromium.org/7886028
Patch from Paul Lind <plind44@gmail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 08:04:47 +00:00
rossberg@chromium.org
40880d3206
Fixed spurious character in test case, plus presubmit issues.
...
Also addressed Slava's complaint about the personalized comment.
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7886032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 07:30:51 +00:00
rossberg@chromium.org
28f7136ced
Fix for .bind regression.
...
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7892013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 17:14:39 +00:00
yangguo@chromium.org
321bfc549f
Fixing r9265: moving test case into correct location.
...
Review URL: http://codereview.chromium.org/7889008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 16:11:05 +00:00
yangguo@chromium.org
fc2c22dd2b
Adding test case for issue 1639, fixed by r9264.
...
BUG=v8:1639
Review URL: http://codereview.chromium.org/7889006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 15:08:36 +00:00
rossberg@chromium.org
ff5c242a47
Test (and fix) all exception paths that can occur with proxies.
...
R=kmillikin@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/7623013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9261 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 13:07:20 +00:00
rossberg@chromium.org
e645597aa7
Implement function proxies (except for their use as constructors).
...
Introduce new %Apply native.
Extend Execution::Call to optionally handle receiver rewriting (needed for %Apply).
Fix Function.prototype.bind for functions that have .apply modified.
R=kmillikin@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/7623011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 11:42:57 +00:00
mstarzinger@chromium.org
aae949ba10
Fix parent of the WeakMap prototype.
...
R=rossberg@chromium.org
BUG=v8:1565
TEST=mjsunit/harmony/weakmaps
Review URL: http://codereview.chromium.org/7890003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 09:45:10 +00:00
sgjesse@chromium.org
81df4a42e4
Support for precise stepping in functions compiled before debugging was started (step 1)
...
This change will ensure that all non-optimized code will be compiled
with debug break slots when debugging is initiated. This is handled by
scanning the heap for non-optimized functions without debug break slots and setting their code to be lazy recomplied. When the lazy recompilation happens the code will ge generated with debug break slots (if debugging is still active at that point in time).
R=svenpanne@chromium.org
Currently this is only implemented for functions which do not have activations on the stack.
BUG=
TEST=
Review URL: http://codereview.chromium.org//7839030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 08:31:21 +00:00
jkummerow@chromium.org
3ec371690c
d8 external array c'tors: allow parameters that can be converted to numbers
...
BUG=v8:1681
TEST=d8 accepts: var a = new Int32Array("2");
Review URL: http://codereview.chromium.org/7867036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-12 12:42:05 +00:00
mikhail.naganov@gmail.com
57b9e9d968
Revert accidental r9229 and r9230
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-12 10:50:40 +00:00
mikhail.naganov@gmail.com
03d325da08
add test
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-12 10:42:25 +00:00
danno@chromium.org
df860eda5c
Don't allow seal or element property re-definition on external arrays.
...
R=ricow@chromium.org
BUG=95920
TEST=test/mjsunit/regress/regress-95920.js
Review URL: http://codereview.chromium.org/7858031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-09 14:30:00 +00:00
yangguo@chromium.org
f877f7bda2
Fixing presubmit error.
...
Review URL: http://codereview.chromium.org/7839031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9181 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-07 16:15:48 +00:00
lrn@chromium.org
2c8680cc46
Avoid size increase of snapshot.
...
The prototype of builtin functions is already unwritable, so we don't
have to make it so (the default map for functions changes after builtins
are initialized).
We no longer need to make the prototype non-extensible, since all properties
that are ever read by the bultins code has been added and frozen already.
Adding properties to the prototype, or changing its __proto__, cannot affect
code.
Removing these two pieces of initialization code reduces the snapshot size
by a few Kb.
Review URL: http://codereview.chromium.org/7839028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-07 11:56:06 +00:00
kmillikin@chromium.org
94777e213d
Remove variable rewrites and the unneccesary Slot class.
...
R=fschneider@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7824038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9162 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-07 11:02:31 +00:00
kmillikin@chromium.org
8b165d414f
Fix a bug in abrupt exit from with or catch inside finally.
...
When with or catch is nested inside finally, we were not properly restoring
the context in the stack for the finally code. Also, as a small
optimization, restore it from the handler block instead of iteratively
unwinding contexts.
R=fschneider@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7837023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-07 09:21:44 +00:00
keuchel@chromium.org
85a5b6d3c4
Getting rid of ExitContextStatement for scoped blocks.
...
Review URL: http://codereview.chromium.org/7835027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 22:00:59 +00:00
keuchel@chromium.org
edd893a159
Simplfy handling of exits from scoped blocks.
...
BUG=
TEST=mjsunit/harmony/block-leave.js
Review URL: http://codereview.chromium.org/7792100
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9157 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 21:48:32 +00:00
keuchel@chromium.org
0820205316
Avoid dynamic lookup when initializing let declared variables.
...
'Let's inside a 'with' would initialize the variable
using the StoreContextSlot runtime function which
would fail because it checks that the variable does
not hold the hole value.
Review URL: http://codereview.chromium.org/7792098
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9156 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 21:22:35 +00:00
yangguo@chromium.org
8b82ad274f
Put test directories of d8-os tests into /tmp/.
...
Review URL: http://codereview.chromium.org/7835040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9154 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 14:48:08 +00:00
jkummerow@chromium.org
09c66d20ce
Fix possible crash in FixedDoubleArray::Initialize()
...
(this only affected ia32).
BUG=95113
TEST=mjsunit/regress/regress-95113.js passes without crashing.
Review URL: http://codereview.chromium.org/7833040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 14:07:54 +00:00
vegorov@chromium.org
d451878c91
Fix bug in Page::GetRegionMaskForSpan.
...
When checking for a wrap take into account offset of the start address in the region.
BUG=http://crbug.com/94425
TEST=test/mjsunit/regress/regress-94425.js
Review URL: http://codereview.chromium.org/7779037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 11:24:48 +00:00
ricow@chromium.org
0fbf8c8854
Add regression test for issue 1215, expand regression test for issue 1447.
...
Both these issues has now been closed since they are working on bleeding edge.
Review URL: http://codereview.chromium.org/7739024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 07:43:51 +00:00
lrn@chromium.org
ffffa716c5
Lock the prototype of internal classes.
...
Prototypes and their properties and methods are locked down to prevent fiddling with their operation, even if the build-in object leaks.
Made some built-in functions only work during bootstrapping.
Review URL: http://codereview.chromium.org/7799027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-05 07:30:35 +00:00
keuchel@chromium.org
ccd2cd8f64
Prune empty block scopes from scope tree
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/7825006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-02 12:43:28 +00:00
lrn@chromium.org
b7eb138eab
The spec (15.1.2.2 parseInt (string , radix)) says ToString should be called before ToInt32.
...
http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf
In the current implementation, the order is reversed. So this webkit test (https://bugs.webkit.org/show_bug.cgi?id=65366 ) fails on Chromium.
BUG=1649
TEST=parse-int-float.js
Review URL: http://codereview.chromium.org/7740080
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-02 11:38:40 +00:00
keuchel@chromium.org
d434d3158c
Detect conflicting variable bindings in harmony mode.
...
BUG=
TEST=mjsunit/harmony/block-conflicts.js
Review URL: http://codereview.chromium.org/7756014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9102 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 12:31:18 +00:00
yangguo@chromium.org
86a62d0da3
Added check for trailing whitespaces and corrected existing violations.
...
Review URL: http://codereview.chromium.org/7826007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 11:28:10 +00:00
ricow@chromium.org
4e94cd8b08
Make arguments and caller always be null on native functions (fixes issue 1548 and issue 1643).
...
With this change we follow Firefox, Safari has a slightly different approach where the property is just not there (at least according to GetOwnProperty).
Review URL: http://codereview.chromium.org/7792054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 11:09:11 +00:00
vegorov@chromium.org
e833f91eb3
Do constant function check earlier in TryCallApply and ensure correct environment for deopt.
...
R=kmillikin@chromium.org
BUG=v8:1650
TEST=test/mjsunit/regress/regress-1650.js
Review URL: http://codereview.chromium.org/7812033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 10:33:59 +00:00
yangguo@chromium.org
ccb262ea3a
Changed test expectations for ARM and MIPS.
...
Review URL: http://codereview.chromium.org/7778042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-31 14:12:25 +00:00
fschneider@chromium.org
ffc6c7e56b
Introduce local function declarations in Crankshaft and fix issue 1647.
...
We have to emit code for declarations later into the body block
(and not into the start block) so that the environment contains
the correct values.
In order to capture the environment effect of the declarations
that generate code (function declarations) I inserted a separate
AST id and a HSimulate after the declarations are visited.
Also fixes handling deopt in named function expressions:
BUG=v8:1647
TEST=test/mjsunit/regress/regress-fundecl.js, test/mjsunit/regress/regress-1647.js
Review URL: http://codereview.chromium.org/7776009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-31 13:26:08 +00:00
keuchel@chromium.org
42388ad5c7
Temporal dead zone behaviour for let bindings.
...
BUG=
TEST=mjsunit/harmony/block-let-semantics.js
Review URL: http://codereview.chromium.org/7671042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-30 11:23:57 +00:00
mstarzinger@chromium.org
c6e42e1bfa
Fix initial prototype of WeakMap function.
...
The bootstrapper accidentally overwrote the constructor property of the Object
prototype because it used initial_object_prototype() as prototype for WeakMap.
Unfortunately this is not possible for experimental natives because they are
installed after the snapshot initialization finished.
R=erik.corry@gmail.com
TEST=mjsunit/mirror-object,mjsunit/harmony/weakmaps
Review URL: http://codereview.chromium.org/7624041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9067 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-30 09:35:20 +00:00
yangguo@chromium.org
3077e8aa2f
Generated code for substring slices in ia32.
...
Review URL: http://codereview.chromium.org/7744052
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-30 08:22:41 +00:00
fschneider@chromium.org
fa2ff742ed
Adjust unit test to avoid flakyness when running with the ARM simulator.
...
In some cases the assert that the test function is not optimized fails
because the function may be optimized already after the second invocation.
(e.g. when running slow in debug mode)
Review URL: http://codereview.chromium.org/7778009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9034 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-29 08:46:35 +00:00
mstarzinger@chromium.org
fbe1690def
Only count uniquely named native scripts for debug.
...
The debugger exposes all native script which might include duplicates
having the same name. This is triggered by debug-script in stress mode
on the gc branch.
R=sgjesse@chromium.org
BUG=v8:1641
TEST=mjsunit/debug-script
Review URL: http://codereview.chromium.org/7740050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-26 13:23:25 +00:00
yangguo@chromium.org
77141f78ff
Tentative implementation of string slices (hidden under the flag --string-slices).
...
TEST=test/mjsunit/string-slices.js
Review URL: http://codereview.chromium.org/7477045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-26 13:03:30 +00:00
lrn@chromium.org
2f2f90610e
Changed computation of func.caller to skip some built-in functions.
...
Now skips built-in functions called from other built-in functions,
so only the initally called built-in function is exposed.
Review URL: http://codereview.chromium.org/7740021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9018 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-25 13:38:58 +00:00
lrn@chromium.org
13dd915a2a
Fix typo in assert.
...
Also remove the requirement to have an AssertNoAllocation object when getting the flat content. We actually do allow allocation, it's just GC's we don't allow.
Review URL: http://codereview.chromium.org/7710018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-23 13:23:30 +00:00
lrn@chromium.org
9eb7d4a53c
Replace ToAsciiVector and ToUC16Vector with single function that returns a tagged value.
...
The tag tells whether the content is ASCII or UC16, or even if the string wasn't flat.
BUG: v8:1633
Review URL: http://codereview.chromium.org/7709024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-23 12:22:12 +00:00
lrn@chromium.org
d8a123169b
Make regexp flag parsing stricter.
...
BUG=v8:1628
TEST=mjsunit/regress/regress-219
Review URL: http://codereview.chromium.org/7624045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-19 11:02:41 +00:00
lrn@chromium.org
7939f9acf2
Make scanner handle invalid unicode escapes in identifiers correctly.
...
I.e., don't just convert \u to u in identifiers (like in strings and regexps).
Also make the scanning of RegExp flags not interpret the escapes.
(Fix and reapply of r8942)
BUG=v8:1620
TEST=mjsunit/regress/regress-1620
Review URL: http://codereview.chromium.org/7677012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-18 12:47:23 +00:00
ricow@chromium.org
d9c1984fe3
Use InternalArray in Object.defineProperties to avoid issues with overwriten properties on Array.prototype
...
TEST=mjsunit/regress/regress-1625
BUG=v8:1625
Review URL: http://codereview.chromium.org/7631039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-18 08:39:06 +00:00
ricow@chromium.org
7f36b52540
Revert 8942 "Make scanner not accept invalid unicode escapes in identifiers"
...
This is causing webkit failures, reverting until we figure out if this is a V8 regression or wrong test expectations.
Review URL: http://codereview.chromium.org/7669017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-17 08:22:41 +00:00
keuchel@chromium.org
c6c504f8b6
Parse harmony let declarations.
...
Implementation of the harmony block scoped let bindings as proposed here:
http://wiki.ecmascript.org/doku.php?id=harmony:block_scoped_bindings
Changes to the syntax are explained there. They are active under the
harmony_block_scoping_ flag in the parser.
Review URL: http://codereview.chromium.org/7616009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-16 14:24:12 +00:00
lrn@chromium.org
7d17c8d5d3
Make scanner not accept invalid unicode escapes in identifiers.
...
BUG=v8:1620
TEST=mjsunit/regress/regress-1620
Review URL: http://codereview.chromium.org/7663005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-16 13:31:08 +00:00
mstarzinger@chromium.org
d640d8d913
Fix issue with prototype of WeakMap constructor.
...
The WeakMap constructor didn't have a unique prototype, so it shared one with
Object. All WeakMap functions (including "get" and "set") were installed on
that prototype.
R=rossberg@chromium.org
BUG=v8:1617
TEST=mjsunit/harmony/weakmaps
Review URL: http://codereview.chromium.org/7658008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8941 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-16 12:09:47 +00:00
kmillikin@chromium.org
91553bbacd
Simplify handling of exits from with and catch.
...
Remove the try/finally used for with and catch. Instead of using
try/finally to handle break and continue from with or catch,
statically track nesting dept and clean up when compiling break or
continue.
And instead of using try/finally to handle throw to handler in a frame
whose pc is inside a with or catch, store the context that the handler
should run in in the handler itself.
BUG=
TEST=
Review URL: http://codereview.chromium.org/7618007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-12 10:52:49 +00:00
fschneider@chromium.org
6549163a55
Add roundsd instruction to ia32 and use it in optimized Math.floor.
...
It is available platforms that have SSE 4.1 and allows us to handle
negative numbers without deoptimization. Before we would deoptimize
on negative inputs to Math.floor. x64 already uses this instruction.
* Change Math.floor unit test to make sure every test case gets
optimized by changing the source code for each test case.
* Fix HIR debug printing for some instructions.
Review URL: http://codereview.chromium.org/7628017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-12 10:13:40 +00:00
keuchel@chromium.org
3c7ca304fe
Preliminary code for block scopes and block contexts.
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/7549008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8911 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-11 16:29:28 +00:00
danno@chromium.org
d5d7185578
Create a common base class for Fixed-, FixedDouble- and ExternalArrays.
...
Also unify Crankshaft code to load array length.
BUG=v8:1493
TEST=external-arrays.js
Review URL: http://codereview.chromium.org/7600025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-11 14:00:16 +00:00
vitalyr@chromium.org
a107387dde
Fix fun.apply(receiver, arguments) optimization.
...
R=kmillikin@chromium.org
BUG=v8:1592
TEST=mjsunit/regress/regress-1592.js
Review URL: http://codereview.chromium.org/7497067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-10 16:05:17 +00:00
fschneider@chromium.org
f17bd8ca51
Fix three bugs with handling negative zero in the optimizing compiler.
...
* Bug fix for range analysis (contributed by Andy Wingo). Ranges of
double values have to include negative zero. Original code review:
http://codereview.chromium.org/7514040/
* Fix a bug in optimized Math.round on ARM. When emitting minus-zero checks
we previously return a wrong result because of incorrect register assignment.
* Fix performance problem in IA32 and x64. Refine the checks
for minus zero and avoid unnecessary deoptimizations on Math.floor.
* Improve mjsunit test for Math.round to make sure we also
get the optimized version of the code for each test case.
Review URL: http://codereview.chromium.org/7604028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8877 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-10 12:32:43 +00:00
rossberg@chromium.org
bd18514972
Implement Harmony semantics for typeof null (behind a flag).
...
Harmony is intended to make typeof null === "null". This may
break existing programs. Implementing it will allow us to run
some tests on the actual web.
R=kmillikin@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7598030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8876 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-10 12:12:06 +00:00
kmillikin@chromium.org
7adb10a48e
Fix a bug in named getter/setter compilation.
...
Because these are function literals that have an associated name, we were
compiling them as if they were named function expressions. This is
incorrect, the property name should not be in scope.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7599024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-09 12:43:08 +00:00
kmillikin@chromium.org
d941053dbe
Revert "Revert "Fix a bug in scope analysis.""
...
Reapply r8838 with a fix for the issue of function names.
Because function names can be added/changed/removed through the API,
remember whether the function is anonymous when initially parsed and use
that information when compiling.
R=vegorov@chromium.org
BUG=1583
TEST=regress-1583
Review URL: http://codereview.chromium.org/7491097
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-08 16:14:46 +00:00
vitalyr@chromium.org
caf493afb3
Make d8-os test less flaky.
...
Because of stress testing there may be parallel instances of the test
running, which makes it fail when using a hardcoded test dir
name. Adding a random suffix helps. It'd be nicer to add something
like pid, but there doesn't seem to be an easy way of getting it.
R=yangguo@chromium.org
Review URL: http://codereview.chromium.org/7491057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8848 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 13:34:46 +00:00
lrn@chromium.org
e9bc76c499
Avoid infinite recursion for unterminated non-ASCII JSON string literals.
...
BUG=91787
TEST=mjsunit/regress/regress-91787
Review URL: http://codereview.chromium.org/7569008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 12:55:29 +00:00
keuchel@chromium.org
c14b08658e
Fix DebugEvaluate crash within a catch in a function without local context.
...
BUG=v8:1586
TEST=mjsunit/regress/regress-1586.js
Review URL: http://codereview.chromium.org/7491053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 12:00:57 +00:00
lrn@chromium.org
61ae1be609
Fix bug in scanner.
...
Checking for end-of-comment truncated to byte before comparing to '*'.
BUG=v8:1546
TEST=mjsunit/regress/regress-1546
Review URL: http://codereview.chromium.org/7585004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 11:21:04 +00:00
kmillikin@chromium.org
3e28347d55
Revert "Fix a bug in scope analysis."
...
This reverts commit revision 8838.
TBR=ricow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7584005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 09:20:08 +00:00
kmillikin@chromium.org
b625ce2b6b
Fix a bug in scope analysis.
...
When recompiling code (e.g., when optimizing) we could incorrectly hoist
some function expressions. This leads to incorrect results or a crash. The
root cause was that functions were not correctly categorized as expression
or declaration at parse time.
This requires some extra hoops to prevent the print name "anonymous" for
functions created by 'new Function' from establishing a binding.
R=vegorov@chromium.org ,kasperl@chromium.org
BUG=1583
TEST=regress-1583
Review URL: http://codereview.chromium.org/7572019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-05 08:28:11 +00:00
kmillikin@chromium.org
abb04d9ec1
Revert "tighten invariants of HValue::InferRange"
...
This change reportedly causes a slowdown or inifinite loop on ARM. Revert
pending investigation.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7566040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-04 16:43:20 +00:00
mstarzinger@chromium.org
9b826964f2
Additional functions to Harmony weak maps API.
...
R=rossberg@chromium.org
BUG=v8:1565
TEST=mjsunit/harmony/weakmaps
Review URL: http://codereview.chromium.org/7572013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8825 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-04 11:13:15 +00:00
danno@chromium.org
861c895a34
Add regression test for 91517
...
R=vegorov@chromium.org
BUG=91517
TEST=regress-91517.js
Review URL: http://codereview.chromium.org/7575007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-04 11:00:32 +00:00
mstarzinger@chromium.org
b05ff5e0b9
Prototype of mark-and-compact support for Harmony weak maps.
...
R=vegorov@chromium.org
BUG=v8:1565
TEST=cctest/test-weakmaps
Review URL: http://codereview.chromium.org/7553012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-03 12:48:30 +00:00
ricow@chromium.org
9721eddc1f
Ensure that the length property of bound functions are actual unique
...
for the individually bound functions.
Our existing code will generate a new function on every call to bind,
but it will use the same shared function. When setting the lenght this
will be set on the shared function, i.e., the length of all bound
functions will be that of the last bound function.
Review URL: http://codereview.chromium.org/7475002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-03 12:44:17 +00:00
mstarzinger@chromium.org
2bb7c74f80
Preliminary Harmony weak maps API implementation.
...
R=rossberg@chromium.org ,danno@chromium.org
BUG=v8:1565
TEST=mjsunit/harmony/weakmaps
Review URL: http://codereview.chromium.org/7529007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-03 11:55:13 +00:00
kmillikin@chromium.org
ffa08197e4
tighten invariants of HValue::InferRange
...
* src/hydrogen-instructions.cc (HValue::InferRange): Only mark values
with int32 representation as never being -0. Always return a non-NULL
value; callers should check for representation().IsNone() if that's
their concern.
In practice these invariants were not violated by callers, but they
were sometimes two calls away, which seems brittle.
BUG=
TEST=tests pass, modulo http://code.google.com/p/v8/issues/detail?id=1572
Review URL: http://codereview.chromium.org/7514040
Patch from Andy Wingo <wingo@igalia.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-03 10:44:20 +00:00
jkummerow@chromium.org
a41c25607d
Revert "Make window.{undefined,NaN,Infinity} read-only"
...
This reverts r8766.
TEST=WebKit LayoutTests green again.
Review URL: http://codereview.chromium.org/7562005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-03 09:53:14 +00:00
kmillikin@chromium.org
4487f8c050
Revert "Revert "Fix a bug in scope analysis.""
...
Reapply r8783 with an additional fix.
Because the preparser and parser do not use the same scope analysis to
determine if a function can be lazily compiled, the parser can have false
positives. Rather than treating this as a parse error, treat the preparser
as authoritative and eagerly compile the function.
R=lrn@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7565003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-03 09:10:35 +00:00
kmillikin@chromium.org
a129c95a54
Revert "Fix a bug in scope analysis."
...
This reverts r8783.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7550013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 17:02:24 +00:00
svenpanne@chromium.org
6f6c882e19
Fixed code generation for LBranch on ARM when the operand's representation is double.
...
The condition code for branching on the result of vcmp was wrong, effectively
swapping the true/false branches.
TEST=regress-lbranch-double.js
Review URL: http://codereview.chromium.org/7553010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8784 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 15:14:12 +00:00
kmillikin@chromium.org
f37f6e88ca
Fix a bug in scope analysis.
...
Function declarations inside catch are hoisted to the nearest enclosing
function scope, but we compiled their bodies as if occurring inside the
catch scope.
BUG=chrome:91120
TEST=regress/regress-91120 attached
Review URL: http://codereview.chromium.org/7548011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 15:04:31 +00:00
danno@chromium.org
b333719607
Properly handle FixedDoubleArrays in sort()
...
R=jkummerow@chromium.org
BUG=91008
TEST=regress-91008.js
Review URL: http://codereview.chromium.org/7542008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 14:05:11 +00:00
vegorov@chromium.org
9226cfe5b7
Ensure that GenerateStoreFastDoubleElement returns stored value on all paths.
...
BUG=chromium:91013
TEST=test/mjsunit/regress/regress-91013.js
Review URL: http://codereview.chromium.org/7551009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 13:36:38 +00:00
vegorov@chromium.org
a547d333f0
Check for phi-uses of arguments object before eliminating dead phi's.
...
HGraphBuilder::TryArgumentsAccess does not emit any uses for receiver and will generate incorrect code when receiver for a property access is defined by a phi that returns either arguments object or something else.
BUG=v8:1582
TEST=test/mjsunit/regress/regress-1582.js
Review URL: http://codereview.chromium.org/7553006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 09:32:28 +00:00
danno@chromium.org
008f834117
Properly handle FastDoubleArrays in Runtime_MoveArrayContents
...
BUG=91013
TEST=regress91013.js
Review URL: http://codereview.chromium.org/7551004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-02 09:28:55 +00:00
jkummerow@chromium.org
15c979eeaa
Make window.{undefined,NaN,Infinity} read-only
...
as per ES5.
BUG=89490
TEST=es5conform 15.1.*, 15.2.3.*; mjsunit/undeletable-functions
Review URL: http://codereview.chromium.org/7538016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-01 12:18:03 +00:00
keuchel@chromium.org
dfb195550f
Fix calculation of 'scope_calls_eval' when 'eval' is within a nested catch.
...
BUG=
TEST=mjsunit/scope-calls-eval.js
Review URL: http://codereview.chromium.org/7464030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-28 12:17:36 +00:00
ricow@chromium.org
950feb6940
Switch from sample shell to d8 for unit test
...
Landing for yangguo to coordinate with buildbot update.
Original codereview: http://codereview.chromium.org/7282008/
Review URL: http://codereview.chromium.org/7495033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-26 05:56:45 +00:00
danno@chromium.org
1f9801bb9e
Fix bug in ARM pixel array clamping
...
Properly handle undefined conversion to zero in Crankshaft.
R=yangguo@chromium.org
BUG=none
TEST=regress-1563.js
Review URL: http://codereview.chromium.org/7461028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-22 16:01:53 +00:00
danno@chromium.org
3e7d642d0a
Remaining changes to fully support FastDoubleArray.
...
R=ager@chromium.org
BUG=none
TEST=cctests, unboxed-double-array.js
Review URL: http://codereview.chromium.org/7473031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-22 09:04:16 +00:00
rossberg@chromium.org
3f5bc11c55
Implement Object.prototype.{hasOwnProperty, propertyIsEnumerable} for proxies.
...
Refactor trap invocation.
Test other Object.prototype functionality for proxies.
R=ager@chromium.org
BUG=v8:1543
TEST=
Review URL: http://codereview.chromium.org/7436004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-07-21 11:20:27 +00:00