This makes back pointers in the map transition tree explicit by having
accurate back pointers throughout the lifetime of maps instead of
establishing and destroying back pointers before and after each marking
phase. This is a prerequisite for being able to clear map transitions
during incremental marking.
R=vegorov@chromium.org
BUG=v8:1465
Review URL: https://chromiumcodereview.appspot.com/10381053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Constructs the (generally cyclic) graph of module instance objects
and populates their exports. Any exports other than nested modules
are currently set to 'undefined' (but already present as properties).
Details:
- Added new type JSModule for instance objects: a JSObject carrying a context.
- Statically allocate instance objects for all module literals (in parser 8-}).
- Extend interfaces to record and unify concrete instance objects,
and to support iteration over members.
- Introduce new runtime function for pushing module contexts.
- Generate code for allocating, initializing, and setting module contexts,
and for populating instance objects from module literals.
Currently, all non-module exports are still initialized with 'undefined'.
- Module aliases are resolved statically, so no special code is required.
- Make sure that code containing module constructs is never optimized
(macrofy AST node construction flag setting while we're at it).
- Add test case checking linkage.
Baseline: http://codereview.chromium.org/9722043/R=svenpanne@chromium.org,mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9844002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Marking aligned frames with a marker can produce false positives since
an optimized frame spill slot may be mistakenly seen as a marker value.
It also breaks the debugger reproducably: Tested when enabling alignment
for all functions and running the debugger unit tests.
BUG=v8:2009
TEST=no crashes in EarleyBoyer
Review URL: https://chromiumcodereview.appspot.com/9703110
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11075 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This allows elements of the non-strict arguments object to be redefined
with custom attributes and still maintain an alias into the context.
Such a slow alias is maintained by placing a special marker into the
dictionary backing store of the arguments object.
R=rossberg@chromium.org
BUG=v8:1772
TEST=test262,mjsunit/object-define-property
Review URL: https://chromiumcodereview.appspot.com/9460004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This implementation extends the internal ObjectHashTable to be able to
hold arbitrary objects (e.g. Smis, Strings, ...) as keys by applying
specialized hashing functions to primitive types. Equality of keys is
defined using the internal SameValue function.
R=rossberg@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections
Review URL: http://codereview.chromium.org/8372027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
If a GC happened during initialization (when allocating the elements array)
of the non_strict_arguments_boilerplate, heap verification would fail with the following assert:
ASSERT_EQ((map()->has_fast_elements() || map()->has_fast_smi_only_elements()),
(elements()->map() == GetHeap()->fixed_array_map() ||
elements()->map() == GetHeap()->fixed_cow_array_map()));
This was not harmful since the boilerplate was setup
correctly immediatly afterwards.
Simplified the setup code by removing a call to GetElementsTransitionMap. It always return the same map as
the input object in this case and is therefore unnecessary.
Added more assertions to verify well-formed non-strict
arguments backing store.
BUG=v8:1520
TEST=no more flaky tests with failing this assert.
Review URL: http://codereview.chromium.org/8336021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9678 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Advantage is that it's much easier to add new element types (like FAST_SMI_ELEMENTS), and that handling logic for each element kind is (more) consolidated.
Currently, only GetElementsWithReceiver uses the new encapsulation, but the goal is to move much more element functionality into the class incrementally.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/7527001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8810 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Due to issues relating mostly to chrome extensions we have lately been
running into OOMs that are caused by our executable space running
out. This change introduces flushing of code from regexps if we have
not used the code for 5 mark sweeps.
The approach is different from the normal function code flusing. Here
we make a copy of the code inside the data array, and exchange the
original code with a smi determined by the sweep_generation (a new
heap variable increased everytime we do mark sweep/compact). If we
encounter a smi in EnsureCompiled we simply reinstate the code
object. If, in the marking phase of mark sweep, we find a regexp that
already have a smi in the code field, and this is more than 5
generations old we flush the code from the saved index.
Review URL: http://codereview.chromium.org/7282026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1) Add new type JSProxy for representing proxy objects.
Currently devoid of functionality, i.e., all properties are undefined.
2) Some rudimentary global $Proxy functions to create proxies.
Next step: Hook up getProperty and getOwnProperty handlers. Will probably
require introducing a new LookupResult type, which is a mixture of
INTERCEPTOR (handles any property) and CALLBACK (calls back to JS).
Can we unify this somehow?
TODO: Should probably rename existing Proxy type to something like
"Foreign", to avoid confusion.
Review URL: http://codereview.chromium.org/6932068
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7887 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Worth mentioning:
- Specialized versions of pixel array and store/loads inside the generic stubs have been removed, since to have parity for all external arrays, 8 different versions would have to be inlined/checked.
- There's a new constant in v8.h for external arrays with pixel array elements.
Review URL: http://codereview.chromium.org/6546036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
objectprint=on (defaults to off) option (which defines OBJECT_PRINT).
2. Added the ability to print objects to a specified file instead of
just stdout.
3. Added a use_verbose_printer flag (true by default) to allow some
object printouts to be less verbose when the flag is false.
4. Fixed a bug in VSNPrintF() where it can potentially write into an
empty char vector.
Patch by Mark Lam from Hewlett-Packard Development Company, LP
Review URL: http://codereview.chromium.org/5998001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6080 ce2b1a6d-e550-0410-aec6-3dcde31c8c00