mstarzinger@chromium.org
9e757a604c
Make __proto__ a real JavaScript accessor property.
...
This turns the __proto__ callback from a foreign callback into a real
JavaScript accessor. It makes the accessor behavior of this property
explicit.
R=rossberg@chromium.org
BUG=v8:1949,v8:2606
TEST=mjsunit/regress/regress-2606
Review URL: https://codereview.chromium.org/13533004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14139 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-04-04 12:10:23 +00:00
ulan@chromium.org
eee5884f8d
Add extra flag for load-ic stubs in code cache.
...
This allows to distinguish between stubs compiled for the current object from
stubs compiled for objects that have the current object as a prototype.
BUG=v8:2593
R=verwaest@chromium.org
Review URL: https://chromiumcodereview.appspot.com/13552003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-04-04 08:29:25 +00:00
danno@chromium.org
98281c62f0
Ensure UseRegisterAtStart not used with fixed temp/return register
...
R=vegorov@chromium.org
BUG=chromium:201590
Review URL: https://codereview.chromium.org/13527007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14124 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-04-03 14:45:39 +00:00
yangguo@chromium.org
443f85eed9
Add test to check that Function.caller must not expose native functions.
...
R=svenpanne@chromium.org
BUG=v8:105
Review URL: https://chromiumcodereview.appspot.com/13166002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-28 14:31:48 +00:00
dslomov@chromium.org
47d8af7616
Canonicalize NaNs on store to Fast(Float|Double) arrays
...
Also treat holey NaN coming from external float/double arrays correctly
BUG=2596
Review URL: https://codereview.chromium.org/12918028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-28 13:30:16 +00:00
yangguo@chromium.org
9155d20282
Stack trace API: poison stack frames below the first strict mode frame.
...
Function and receiver objects are not accessible for poisoned frames.
R=rossberg@chromium.org
BUG=v8:2564
Review URL: https://chromiumcodereview.appspot.com/13150003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14085 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-28 10:40:07 +00:00
yangguo@chromium.org
a942fcd984
Add test case for missing deopt sequence after forced deopt.
...
R=danno@chromium.org
BUG=217858
Review URL: https://chromiumcodereview.appspot.com/13042005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-27 09:58:32 +00:00
yangguo@chromium.org
bb632dc49d
Only copy with, block and catch scopes in DebugEvaluate.
...
R=ulan@chromium.org
BUG=171715
Review URL: https://chromiumcodereview.appspot.com/13093003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-26 17:46:16 +00:00
danno@chromium.org
c3486bc4eb
Remove bogus test flags
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/12872007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14072 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-25 17:59:15 +00:00
danno@chromium.org
dfd9ea8087
Fix store_mode bug involving polymorphism with external and JS arrays.
...
Review URL: https://codereview.chromium.org/12987014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-25 15:19:22 +00:00
verwaest@chromium.org
a8b3215afa
Change LookupForWrite to always do a full lookup and check the result.
...
If we find a property in the prototype-chain that we can overwrite, and
we have a transition, keep the holder in the lookup-result as the actual
holder. We will need it for the consistency-check in GenerateStoreField.
By directly checking the entire chain we avoid having to lazily bail out
to a copy of the miss stub while generating the Field Store IC.
Currently this CL disallows a normal non-receiver holder, given that
that would require a positive lookup + details verification to ensure
the property did not become read-only. This fixes the regressions in the
attached tests.
Review URL: https://chromiumcodereview.appspot.com/12810006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-25 12:55:27 +00:00
yangguo@chromium.org
b347a0dcae
Correctly materialize arguments object in Runtime_DebugEvaluate.
...
The problem was that if the # arguments specified in the function
declaration and the # arguments passed to the function are not
the same, we use an arguments adapter frame to make it work. This
confuses the existing implementation to materialize the arguments
object.
R=peter.rybin@gmail.com
BUG=222893
Review URL: https://chromiumcodereview.appspot.com/12674027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-25 10:01:53 +00:00
yangguo@chromium.org
27b0979347
Restore correct regression test for crbug/146910.
...
For some reason (rebase conflicts?) the regression test introduced
in r12547 was overwritten by r13340.
The test in question already exists in regress-latin-1
R=dcarney@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/13023003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-22 09:04:36 +00:00
yangguo@chromium.org
b522319a98
Extend test coverage for JSON.stringify's slow path.
...
R=verwaest@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/12702009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14008 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-20 14:07:30 +00:00
verwaest@chromium.org
002ba9c76d
Turn Flags into a uint32_t typedef.
...
We cannot rely on C++ compilers inferring the int-type from the enum
value range. Whereas Linux/OSX find uint32_t as type for [0,MaxUInt32],
Windows insists it's int.
Update the test to execute its original intent on all platforms: 1 value
larger than max arguments, 1 smaller than max arguments (on all
platforms). This makes the test run a lot faster.
BUG=chromium:194749
Review URL: https://chromiumcodereview.appspot.com/12507010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-19 13:11:49 +00:00
verwaest@chromium.org
010f36f94b
Raise the limit since it is 2**16 (65536) on x64.
...
Review URL: https://chromiumcodereview.appspot.com/12700012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-18 15:49:33 +00:00
jkummerow@chromium.org
e2cd7aa423
Fix detection of |handle_smi| case in HOptimizedGraphBuilder::HandlePolymorphicCallNamed
...
BUG=chromium:196583
Review URL: https://codereview.chromium.org/12620014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13963 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-18 12:41:52 +00:00
yangguo@chromium.org
b85237a0bc
Fix white space matching in latin-1 strings wrt \u00a0.
...
R=dcarney@chromium.org
BUG=181422
Review URL: https://chromiumcodereview.appspot.com/12644008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-11 11:52:11 +00:00
mstarzinger@chromium.org
d70523dce6
Restore Function()'s expected string representation.
...
R=rossberg@chromium.org
BUG=v8:2470
TEST=mjsunit/regress/regress-2470
Review URL: https://codereview.chromium.org/12687002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13880 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-08 11:47:20 +00:00
mstarzinger@chromium.org
4b0395cc23
Harden Function()'s parsing of function literals.
...
R=rossberg@chromium.org
BUG=v8:2470
TEST=mjsunit/regress/regress-2470
Review URL: https://codereview.chromium.org/12613007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-07 15:46:14 +00:00
yangguo@chromium.org
3a497dfd51
Insert missing type cast in JSON.stringify.
...
R=dcarney@chromium.org
BUG=v8:2570
Review URL: https://chromiumcodereview.appspot.com/12599003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-07 09:58:27 +00:00
yangguo@chromium.org
a62cfd1db0
Fix Array.length, String.length and Function.prototype LoadICs on x64.
...
R=jkummerow@chromium.org
BUG=v8:2568
Review URL: https://chromiumcodereview.appspot.com/12545004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-06 18:19:35 +00:00
adamk@chromium.org
7fe9bd5a09
Properly handle misses for StoreArrayLengthStub on ia32 and x64
...
Both failed to generate a miss if the key wasn't "length".
ARM and MIPS were already correct.
BUG=v8:2566
Review URL: https://codereview.chromium.org/12378085
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13828 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-05 16:31:11 +00:00
mstarzinger@chromium.org
2aabf6257d
Add workaround for redefinition of __proto__ property.
...
This is a temporary workaround when the __proto__ property is being
redefined (e.g. by Object.freeze()) to not loose the foreign callback.
Once the __proto__ property is a real JavaScript accessor this hack is
no longer necessary. This change also makes __proto__ configurable.
R=rossberg@chromium.org
BUG=v8:2565
TEST=mjsunit/regress/regress-2565
Review URL: https://codereview.chromium.org/12398010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-04 17:53:40 +00:00
yangguo@chromium.org
358311e8ec
Limit EatAtLeast recursion by a budget.
...
BUG=178790
Review URL: https://chromiumcodereview.appspot.com/12380026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-01 14:50:14 +00:00
yangguo@chromium.org
2a3063a7c3
Handle negative input in inlined Math.round on Intel CPUs.
...
R=jkummerow@chromium.org
BUG=v8:2451
Review URL: https://chromiumcodereview.appspot.com/12342037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-27 14:44:57 +00:00
mstarzinger@chromium.org
ea5e9edac4
Fix materialization of arguments objects with unknown values.
...
This fixes the deoptimizer to materialize arguments objects of correct
length even in cases where the actual argument values are unknown and
were optimized away by Crankshaft. This can happen if only the length
property or the identity of an arguments object is used.
R=svenpanne@chromium.org
BUG=chromium:163530
TEST=mjsunit/regress/regress-crbug-163530
Review URL: https://codereview.chromium.org/12335132
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-27 14:37:51 +00:00
dcarney@chromium.org
52a015b1af
Fix overflow in WriteQuoteJsonString and SlowQuoteJsonString
...
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/12326120
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-26 11:02:39 +00:00
mstarzinger@chromium.org
ce1e10f5fc
Make __proto__ a foreign callback on Object.prototype.
...
This moves the __proto__ property to Object.prototype and turns it into
a callback property actually present in the descriptor array as opposed
to a hack in the properties lookup. For now it still is a "magic" data
property using foreign callbacks and not an accessor property visible to
JavaScript.
The second effect of this change is that JSON.parse() no longer treats
the __proto__ property specially, it will be defined as any other data
property. Note that object literals still have their special handling.
R=rossberg@chromium.org
BUG=v8:621,v8:1949,v8:2441
TEST=mjsunit,cctest,test262
Review URL: https://codereview.chromium.org/12212011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-26 10:46:00 +00:00
mstarzinger@chromium.org
300413b5a9
Fix f.apply() optimization when declared arguments are mutated.
...
R=verwaest@chromium.org
BUG=v8:2539
TEST=mjsunit/regress/regress-2539
Review URL: https://codereview.chromium.org/12255033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-14 15:12:49 +00:00
jkummerow@chromium.org
19dab057b4
Fix NegateCompareOp and InvertCompareOp
...
BUG=v8:2537
Review URL: https://codereview.chromium.org/12217136
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-13 14:36:19 +00:00
jkummerow@chromium.org
e83ff197bf
Add regression test for r13617
...
Many thanks to Vyacheslav Egorov for coming up with this test!
BUG=173907
Review URL: https://codereview.chromium.org/12212066
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-07 15:38:24 +00:00
mstarzinger@chromium.org
79607d20e6
Make the GC stress builder go green.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/12218034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-06 13:21:28 +00:00
verwaest@chromium.org
aca87c2fcd
Tag stubs that rely on instance types as MEGAMORPHIC.
...
BUG=chromium:173974
Review URL: https://chromiumcodereview.appspot.com/12178017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-02-04 13:12:03 +00:00
verwaest@chromium.org
c8636a2809
Do not try to collect the map if the monomorphic IC stub has no map.
...
This is necessary for monomorphic stubs that rely on instance types,
such as ArrayLength, StringLength and FunctionPrototype.
BUG=chromium:172345
Review URL: https://chromiumcodereview.appspot.com/12082023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13526 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-28 13:19:53 +00:00
yangguo@chromium.org
24ec13cbd2
Fix additional spec violations wrt RegExp.lastIndex.
...
R=svenpanne@chromium.org
BUG=v8:2437
Review URL: https://chromiumcodereview.appspot.com/12033099
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-25 10:53:26 +00:00
ulan@chromium.org
e6224d275f
Make embedded maps in optimized code weak.
...
Each map has a weak array of dependent codes, where the map tracks all the optimized codes that embed it.
Old space GC either clears the dead dependent codes from the array if the corresponding map is alive or deoptimizes the live dependent codes if the map is dead.
BUG=v8:2073
R=mstarzinger@chromium.org
Review URL: https://chromiumcodereview.appspot.com/11575007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-24 11:55:05 +00:00
ulan@chromium.org
d29826544e
Correctly set kCanBeDivByZero flag for HMathFloorOfDiv.
...
After r13289 the divisor can be non-constant, so we should check for zero.
BUG=171641
R=yangguo@chromium.org
Review URL: https://chromiumcodereview.appspot.com/12047050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-23 15:58:49 +00:00
yangguo@chromium.org
9296975c04
Correctly reset lastIndex in an RegExp object.
...
R=svenpanne@chromium.org
BUG=170856
Review URL: https://chromiumcodereview.appspot.com/11896060
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-23 12:28:16 +00:00
ulan@chromium.org
79a0e3b017
Fix pattern detection for replacing shifts by rotation.
...
BUG=2499
R=svenpanne@chromium.org
Review URL: https://chromiumcodereview.appspot.com/12047015
Patch from Hirofumi Mako <mkhrfm@gmail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-22 13:55:22 +00:00
mvstanton@chromium.org
c3746b4388
allocation-site-info.js broken on arm with new changes. Reverting to previous version until diagnosed.
...
Regress-2185.js test takes too long on slow path when allocation site info is discovered.
BUG=
Review URL: https://codereview.chromium.org/12049003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13456 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-21 16:15:08 +00:00
yangguo@chromium.org
0c822b21cb
Fix some latin-1 webkit units tests
...
R=yangguo@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11962035
Patch from Dan Carney <dcarney@google.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-21 16:11:31 +00:00
mstarzinger@chromium.org
0484ddcf50
Fix arguments materialization for inlined apply().
...
This fixes materialization of the arguments object in case the constant
function check if TryCallApply() inside an inlined frame fails.
R=svenpanne@chromium.org
BUG=v8:2489
TEST=mjsunit/regress/regress-2489
Review URL: https://codereview.chromium.org/11931012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-16 09:25:45 +00:00
yangguo@chromium.org
f15f294127
Sync laziness between BuildFunctionInfo and MakeFunctionInfo.
...
BuildFunctionInfo compiles the function eagerly when there are debug
break points. However, the AST may have been parsed lazily since
MakeFunctionInfo does not check for debug break points.
This fixes a regression introduced in r11866.
BUG=147497
Review URL: https://chromiumcodereview.appspot.com/11661008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13382 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-15 10:16:52 +00:00
mstarzinger@chromium.org
c5cff2c75a
Make recent regression test resilient against GC stress.
...
R=danno@chromium.org
TEST=mjsunit/regress/regress-165637
Review URL: https://codereview.chromium.org/11824062
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-10 14:21:27 +00:00
mstarzinger@chromium.org
1079642c97
Fix missing exception check in typed array constructor (2).
...
This fixes another crash when the the typed array constructor accesses
an array that has a throwing accessor defined on one of it's elements.
R=verwaest@chromium.org
BUG=chromium:168545
TEST=mjsunit/regress/regress-crbug-168545.js
Review URL: https://codereview.chromium.org/11791052
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-10 11:45:29 +00:00
yangguo@chromium.org
e41c17084f
Continues Latin-1 support. All tests pass with ENABLE_LATIN_1 flag.
...
R=yangguo@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11818025
Patch from Dan Carney <dcarney@google.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 15:47:53 +00:00
yangguo@chromium.org
45f20e366a
Introduce ENABLE_LATIN_1 compile flag
...
Mostly a bunch of renaming when flag is disabled.
R=yangguo@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/11759008
Patch from Dan Carney <dcarney@google.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 10:30:54 +00:00
svenpanne@chromium.org
0aacbf9619
Added %FlattenString and use it to speed up a regression test.
...
Flattening strings is relatively costly and by doing it after every duplication
we avoid combinatorial explosion.
Note that flattening could have been done by e.g. using a regular expression,
too, but this is just another implementation detail and %FlattenString seems
general enough to be useful in other tests, too.
Review URL: https://codereview.chromium.org/11828014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-09 09:32:12 +00:00
mstarzinger@chromium.org
0e46919c32
Fix missing exception check in typed array constructor.
...
The typed array constructor might fail if the first argument is an
object with a length property. Accessing the property can cause an
exception to be thrown and an explicit check needs to be performed.
R=verwaest@chromium.org
BUG=chromium:168545
TEST=mjsunit/regress/regress-crbug-168545.js
Review URL: https://codereview.chromium.org/11777014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13325 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-07 14:01:04 +00:00