Commit Graph

9697 Commits

Author SHA1 Message Date
verwaest@chromium.org
36dd23aa1b Do not go to slow mode and back to fast in initializer blocks.
Review URL: https://chromiumcodereview.appspot.com/10905308

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 17:18:27 +00:00
mstarzinger@chromium.org
8d3ba0c0b3 Add jsfunfuzz to gitignore file.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/10918273

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 14:50:51 +00:00
mstarzinger@chromium.org
86fd161fdc Fix casting error for receiver of interceptors.
This fixes a casting error that occured when the receiver of a missed
or uninitialized CallIC is a Smi and there is an interceptor installed
on the prototype chain.

R=yangguo@chromium.org
BUG=chromium:149912
TEST=cctest/test-api/Regress149912

Review URL: https://codereview.chromium.org/10914317

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 14:39:10 +00:00
yangguo@chromium.org
783d10197a Tentatively reenable previous failing test.
R=mstarzinger@chromium.org
BUG=v8:2261

Review URL: https://chromiumcodereview.appspot.com/10907254

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 14:19:11 +00:00
yangguo@chromium.org
73462594ea Change regress-2318 to trigger more quickly and reliably.
BUG=v8:2336

Review URL: https://chromiumcodereview.appspot.com/10913294

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 13:21:59 +00:00
erik.corry@gmail.com
bafcfe5427 Fix misplaced assert in heap.cc.
Bug=2336
Review URL: https://chromiumcodereview.appspot.com/10911334

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 11:38:24 +00:00
svenpanne@chromium.org
6f5d872410 Consistently use named getters for Lithium operands on ARM.
Removed a dead Lithium instruction on the way.

Review URL: https://codereview.chromium.org/10907234

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 10:54:26 +00:00
mstarzinger@chromium.org
3018b875b1 Integrate map marking into static marking visitor.
This refactors the specialized marking of map contents to be done by the
static marking visitor shared between full and incremental marking. This
also fixes an issue where some maps weren't accounted for in the object
stats tracker. But more importantly, it simplifies the code base.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/10919294

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12526 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 10:04:39 +00:00
ulan@chromium.org
4bd4fb1aa4 Throw a more descriptive exception when blocking 'eval' via CSP.
BUG=140191

R=svenpanne@chromium.org,mkwst@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10837358

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12525 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 09:58:22 +00:00
yangguo@chromium.org
70e09a7e22 Fix build on OpenBSD/i386.
BUG=v8:1445

Review URL: https://chromiumcodereview.appspot.com/10919314

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12522 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 07:56:15 +00:00
yangguo@chromium.org
9d94f92d56 Improve the assembly code for power function with integer exponential.
The change removes one unused multiply and reschedules
the shift, multiply and jump instructions to reduce
stall. Experiment shows it improve about 20% performance
on x86 for exponetials from about 100 to 2000.

Review URL: https://chromiumcodereview.appspot.com/10916311

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12521 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-17 07:45:54 +00:00
danno@chromium.org
48d327d0b4 Let the embedder store arbitrary Values via Context::SetData
In WebKit, we would like to store a void* to a data structure that contains
lots of exciting per-context data. The current API restricts us to storing only
Strings, which is less useful.

I've also cleaned up the implementation of GetData to be less convoluted.

Review URL: https://codereview.chromium.org/10907189
Patch from Adam Barth <abarth@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 16:13:23 +00:00
verwaest@chromium.org
204d22a583 Moving the WhitenessWitness back to DescriptorArray.
TransitionArrays never allocate while being created.

Review URL: https://chromiumcodereview.appspot.com/10908237

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 15:10:31 +00:00
yangguo@chromium.org
cb72bf5735 Fix debugger's eval when close to stack overflow.
R=verwaest@chromium.org
BUG=v8:2318

Review URL: https://chromiumcodereview.appspot.com/10914290

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 13:40:32 +00:00
verwaest@chromium.org
fb506e0864 Only count the descriptor array if it's owned by the map.
Review URL: https://chromiumcodereview.appspot.com/10918245

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 13:37:41 +00:00
yangguo@chromium.org
a3b006058a Add checks to live edit.
BUG=v8:2297

Review URL: https://chromiumcodereview.appspot.com/10914262

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12515 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 13:31:11 +00:00
erik.corry@gmail.com
07ac7a4032 Fix test failures on nosnap builder.
Review URL: https://chromiumcodereview.appspot.com/10915277

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 13:19:42 +00:00
verwaest@chromium.org
ad4746c8a3 CNLT with descriptors but no valid enum fields has to clear the EnumCache.
Review URL: https://chromiumcodereview.appspot.com/10928204

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 13:15:43 +00:00
erik.corry@gmail.com
a36695e853 Microoptimization to regexps.
Review URL: https://chromiumcodereview.appspot.com/10917260

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 12:01:12 +00:00
svenpanne@chromium.org
58c8d208f5 Consistently use named getters for Lithium operands on ia32.
With this CL we clearly distinguish two different views on Lithium
instructions: For register allocation, the actual instruction/operand
is irrelevant, so it has only an iterator/indexed view on the
instruction operands. All other places, most importantly code
generation, use named getters for the operands now, making it easy to
see where each one is used.

Review URL: https://codereview.chromium.org/10919261

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 11:55:49 +00:00
erik.corry@gmail.com
8924052787 Fix compile errors on Win64.
Review URL: https://chromiumcodereview.appspot.com/10913273

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 11:48:31 +00:00
svenpanne@chromium.org
924c38c063 Consistently use named getters for Lithium operands on x64
Review URL: https://codereview.chromium.org/10933087

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12508 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 11:46:01 +00:00
yangguo@chromium.org
8d04c8c89f Replace r12503. Explicitly check toString() for exception in d8's print().
R=jkummerow@chromium.org
BUG=v8:2317

Review URL: https://chromiumcodereview.appspot.com/10911305

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12507 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 11:43:46 +00:00
erik.corry@gmail.com
ee55b2c2d3 Switch on code compaction on incremental GCs.
Review URL: https://chromiumcodereview.appspot.com/10928203

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 11:38:45 +00:00
erik.corry@gmail.com
5a8d1764bc Refactoring of snapshots. This simplifies and improves
the speed of deserializing code.  The current startup
time improvement for V8 is around 6%, but code deserialization
is speeded up disproportionately, and we will soon have more
code in the snapshot.
* Removed support for deserializing into large object space.
  The regular pages are 1Mbyte now and that is plenty.  This
  is a big simplification.
* Instead of reserving space for the snapshot we actually
  allocate it now.  This removes some special casing from
  the memory management and simplifies deserialization since
  we are just bumping a pointer rather than calling the
  normal allocation routines during deserialization.
* Record in the snapshot how much we need to boot up and
  allocate it instead of just assuming that allocations in
  a new VM will always be linear.
* In the snapshot we always address an object as a negative
  offset from the current allocation point.  We used to
  sometimes address from the start of the deserialized data,
  but this is less useful now that we have good support for
  roots and repetitions in the deserialization data.
* Code objects were previously deserialized (like other
  objects) by alternating raw data (deserialized with memcpy)
  and pointers (to external references, other objects, etc.).
  Now we deserialize code objects with a single memcpy,
  followed by a series of skips and pointers that partially
  overwrite the code we memcopied out of the snapshot.
  The skips are sometimes merged into the following
  instruction in the deserialization data to reduce dispatch
  time.
* Integers in the snapshot were stored in a variable length
  format that gives a compact representation for small positive
  integers.  This is still the case, but the new encoding can
  be decoded without branches or conditional instructions,
  which is faster on a modern CPU.
Review URL: https://chromiumcodereview.appspot.com/10918067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12505 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 11:16:56 +00:00
mstarzinger@chromium.org
77a7d9f539 Fix caching of optimized code for OSR.
This makes sure we do not share optimized code across closures that were
optimized using OSR (for a particular OSR entry AST id) even if caching
of optimized code kicks in.

R=danno@chromium.org
BUG=v8:2326
TEST=mjsunit/regress/regress-2326

Review URL: https://codereview.chromium.org/10933088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 10:41:31 +00:00
yangguo@chromium.org
4fe330c055 Not mask exception thrown by toString in String::UtfValue etc.
R=jkummerow@chromium.org
BUG=v8:2317

Review URL: https://chromiumcodereview.appspot.com/10917236

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 08:13:57 +00:00
danno@chromium.org
e8e675f259 Skip version 3.13.8 and fast-forward to 3.14.0
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/10907230

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12502 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 07:44:28 +00:00
yangguo@chromium.org
123e85f400 Replace VFP by VFP2 in common.gypi
This fixes an omission in cl 10818026.
Patch by Nathan Rajlich.

Review URL: https://chromiumcodereview.appspot.com/10913256
Patch from Bert Belder <bertbelder@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-14 07:41:55 +00:00
verwaest@chromium.org
7a84e84143 Directly set the value in the descriptors pointer to avoid checks.
This is the only place from where we are allowed to modify the value of
the descriptors pointer.

Review URL: https://chromiumcodereview.appspot.com/10905266

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12500 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-13 16:48:31 +00:00
yangguo@chromium.org
4f47e68a08 Fix printf formatting in test-compiler.
R=jkummerow@chromium.org
BUG=v8:2319

Review URL: https://chromiumcodereview.appspot.com/10928182

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-13 15:06:15 +00:00
verwaest@chromium.org
c037a7fe10 Clear the EnumLength fields of maps that lose their enumeration cache.
Review URL: https://chromiumcodereview.appspot.com/10905262

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12498 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-13 14:36:51 +00:00
mstarzinger@chromium.org
8db2000615 Fix API check for length of external arrays.
R=jkummerow@chromium.org
BUG=chromium:148896
TEST=cctest/test-api/ExternalArrayLimits

Review URL: https://codereview.chromium.org/10914257

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-13 09:36:56 +00:00
verwaest@chromium.org
1d1adaf9d3 Ensure correct enumeration indices in the dict
BUG=chromium:148376

Review URL: https://chromiumcodereview.appspot.com/10908216

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12494 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-13 08:52:55 +00:00
mmassi@chromium.org
22aed1cddd Fixed bounds check removal by restricting it to int32 indexes (and reenabled both ABCR and index dehoisting).
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10905232

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 17:00:25 +00:00
verwaest@chromium.org
ebd3241b05 Sharing of descriptor arrays.
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore, but rather do so via an indirect pointer (a JSGlobalPropertyCell).

An ownership bit is added to maps indicating whether it owns its own descriptor array or not.

Maps owning a descriptor array can pass on ownership if a transition from that map is generated; but only if the descriptor array stays exactly the same; or if a descriptor is added.

Maps that don't have ownership get ownership back if their direct child to which ownership was passed is cleared in ClearNonLiveTransitions.

To detect which descriptors in an array are valid, each map knows its own NumberOfOwnDescriptors. Since the descriptors are sorted in order of addition, if we search and find a descriptor with index bigger than this number, it is not valid for the given map.

We currently still build up an enumeration cache (although this may disappear). The enumeration cache is always built for the entire descriptor array, even if not all descriptors are owned by the map. Once a descriptor array has an enumeration cache for a given map; this invariant will always be true, even if the descriptor array was extended. The extended array will inherit the enumeration cache from the smaller descriptor array. If a map with more descriptors needs an enumeration cache, it's EnumLength will still be set to invalid, so it will have to recompute the enumeration cache. This new cache will also be valid for smaller maps since they have their own enumlength; and use this to loop over the cache. If the EnumLength is still invalid, but there is already a cache present that is big enough; we just initialize the EnumLength field for the map.

When we apply ClearNonLiveTransitions and descriptor ownership is passed back to a parent map, the descriptor array is trimmed in-place and resorted. At the same time, the enumeration cache is trimmed in-place.

Only transition arrays contain descriptor arrays. If we transition to a map and pass ownership of the descriptor array along, the child map will not store the descriptor array it owns. Rather its parent will keep the pointer. So for every leaf-map, we find the descriptor array by following the back pointer, reading out the transition array, and fetching the descriptor array from the JSGlobalPropertyCell. If a map has a transition array, we fetch it from there. If a map has undefined as its back-pointer and has no transition array; it is considered to have an empty descriptor array.

When we modify properties, we cannot share the descriptor array. To accommodate this, the child map will get its own transition array; even if there are not necessarily any transitions leaving from the child map. This is necessary since it's the only way to store its own descriptor array.

Review URL: https://chromiumcodereview.appspot.com/10909007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 16:43:57 +00:00
yangguo@chromium.org
67d0506622 Correctly initialize regexp global cache.
R=ulan@chromium.org
BUG=148378

Review URL: https://chromiumcodereview.appspot.com/10905239

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12491 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 15:26:43 +00:00
mstarzinger@chromium.org
a3733c64a7 Fix compilation issue in r12489.
R=svenpanne@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10909190

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 14:11:37 +00:00
mstarzinger@chromium.org
f37f504de5 Fix arguments object materialization during deopt.
This fixes materialization of arguments objects for strict mode functions during
deoptimization. We materialize arguments from the stack area where optimized
code pushes the arguments when entering the inlined environment. For adapted
invocations we use the arguments adaptor frame for materialization.

R=svenpanne@chromium.org
BUG=v8:2261
TEST=mjsunit/regress/regress-2261,mjsunit/compiler/inline-arguments

Review URL: https://chromiumcodereview.appspot.com/10908194

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12489 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 12:28:42 +00:00
yangguo@chromium.org
6a9e4048aa Introduce new API to expose external string resource regardless of encoding.
BUG=

Review URL: https://chromiumcodereview.appspot.com/10917211

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 11:29:50 +00:00
yangguo@chromium.org
7276fa39ab Shorten code path in string allocation.
This was part of r12430 (http://codereview.chromium.org/10857030/) which has been reverted.

R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10913220

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12487 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 11:15:20 +00:00
jkummerow@chromium.org
b6770314ab Fixed CHECK failure in LCodeGen::DoWrapReceiver when --deopt-every-n-times flag is present
BUG=148389

Review URL: https://chromiumcodereview.appspot.com/10914222

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 08:37:47 +00:00
yangguo@chromium.org
59b9a32b34 Fix edge case of extension with NULL as source string.
BUG=144649

Review URL: https://chromiumcodereview.appspot.com/10914201

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12485 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-11 14:16:56 +00:00
mmassi@chromium.org
bff3d2a8a6 Fix array index dehoisting.
BUG=141395
TEST=

Review URL: https://chromiumcodereview.appspot.com/10919214

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-11 14:14:32 +00:00
erik.corry@gmail.com
1987542825 Fix invariant so that we cannot record relocation slots for
white objects when compacting.  Add flag for incremental code
compaction.
Review URL: https://chromiumcodereview.appspot.com/10907174

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-11 14:01:39 +00:00
mstarzinger@chromium.org
a64410d956 Prepare push to trunk. Now working on version 3.13.8.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10911208

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12480 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-11 13:19:02 +00:00
yangguo@chromium.org
474e34e3c5 Fix TypeError message for Date builtins.
BUG=

Review URL: https://chromiumcodereview.appspot.com/10928108

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-11 12:43:17 +00:00
ulan@chromium.org
a9162af1af Fix delta computation in DoDeferredInstanceOfKnownGlobal() for ARM.
BUG=v8:2314

R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10908195

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12478 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-11 11:36:48 +00:00
peter.rybin@gmail.com
bda5ce9cd6 Introduce InternalProperty type and expose internal properties for bound functions
Committed: https://code.google.com/p/v8/source/detail?r=12346

Review URL: https://chromiumcodereview.appspot.com/10834376

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-10 23:17:04 +00:00
yangguo@chromium.org
266cca47fc Add more checks for native callback results.
R=svenpanne@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10928083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-10 13:38:21 +00:00