AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
5,341 Commits 1 Branch 0 Tags 839 MiB
a0364d795d
Commit Graph

887 Commits

Author SHA1 Message Date
ager@chromium.org
a0364d795d Handle indexed properties on value objects correctly. 
As with named properties, search the value wrapper prototypes for properties.

Review URL: http://codereview.chromium.org/6526046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6810 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 12:10:48 +00:00
lrn@chromium.org
9ec16dfe68 Fix bug 1137. No longer allow the RegExp /(*)/. 
BUG=v8:1137
TEST=test/mjsunit/regexp.js

Review URL: http://codereview.chromium.org/6499016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6802 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 08:10:47 +00:00
mmaly@chromium.org
582cf097e9 Strict mode "this" transformation in Function.call/Function.apply. 
In strict mode the transformation of "this" is skipped.

Code review feedback.
Testing memory operand against 8 bit IMM on ia32 and x64.

Review URL: http://codereview.chromium.org/6524006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 18:57:37 +00:00
vitalyr@chromium.org
4143e4c097 Fix issue 1160: check array elements in ArrayJoin. 
Review URL: http://codereview.chromium.org/6529020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 15:12:51 +00:00
ricow@chromium.org
a8d4360d65 Make sure we always have room for patching the reloc info during lazy deoptimization (fixes issue 1156). 
Before we could have calls to builtins that would not be in the
relocation info since this used a register as target. Whenever we have
this case (from lithium codegen) we now emit a comment in the reloc
info.

Review URL: http://codereview.chromium.org/6499015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6795 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 14:36:12 +00:00
ricow@chromium.org
0648103e8c x64: Port OSR to the x64 platform. 
Review URL: http://codereview.chromium.org/6515012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 13:37:10 +00:00
mmaly@chromium.org
9adaeb6a17 Strict mode delete of non-configurable property. 
Strict mode flag is passed to runtime DELETE function
and then to JSObject::Delete(Property/Element) as STRICT_DELETION enum.
When deleting non-configurable property/eleemnt, TypeError is thrown.
Adding mozilla test to .gitignore.
Incorporate CR feedback.

Review URL: http://codereview.chromium.org/6515005/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 23:41:47 +00:00
mmaly@chromium.org
7e6bbab2c8 Strict mode delete of unqualified identifier. 
SyntaxError is reported in strict mode when deleting
an unqualified identifier. (11.4.1 of Ecma-262 5th ed)

Review URL: http://codereview.chromium.org/6516003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 18:44:26 +00:00
antonm@chromium.org
186d832c79 Introduce new runtime function to make join with lower memory usage. 
Do not use generic StringBuilderConcat which requires array passed
to keep both elements and separator (which roughly double size
of the array).  That should be faster as well.

BUG=crbug.com/54580

Review URL: http://codereview.chromium.org/6520004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 17:25:12 +00:00
whesse@chromium.org
1e4800b918 X64 Crankshaft: Fix error in pushed register indices for safepoints. Fixes issue 1153. 
BUG=1153
TEST=mjsunit/date-parse

Review URL: http://codereview.chromium.org/6518007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 16:02:02 +00:00
whesse@chromium.org
7233a930b5 X64 Crankshaft: Add test that fails on x64 Crankshaft build to list of skipped mjsunit tests. Fix comments and remove unused function from date.js. 
BUG=1153
TEST=mjsunit/date-parse
Review URL: http://codereview.chromium.org/6516011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 13:57:15 +00:00
fschneider@chromium.org
ad70b7de39 Fix a potential crash bug in keyed calls for non-string keys. 
BUG=v8:1146

Review URL: http://codereview.chromium.org/6517010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 13:13:41 +00:00
kmillikin@chromium.org
c73ce4f126 Fix a duplicate AST ID recorded for for/in. 
Avoid visiting the subexpressions of a variable that rewrites to a property
when occurring as the 'left-hand side' of for/in.

BUG=v8:1149

Review URL: http://codereview.chromium.org/6475009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 12:51:25 +00:00
karlklose@chromium.org
e0552d77cf ARM: Implement PatchStackCheckCodeAt and RevertStackCheckCode. 
Remove a failing test expectation from mjsunit.status.

Review URL: http://codereview.chromium.org/6410029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 12:07:48 +00:00
ricow@chromium.org
34eeb88ee4 Use ForceSetObjectProperty in DefineOrRedefineDataProperty (fixes crbug 72736). 
The current version uses SetObjectProperty which will not set the
value in case this is a readonly property. The spec explictly says
that a configurable but non writable property can have its value
changed with Object.defineProperty (because the same thing can be
accomplished by doing 3 calls (set writable to true, update the value,
set writable to false).


Review URL: http://codereview.chromium.org/6518004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 10:43:21 +00:00
ricow@chromium.org
6d9fde492c Do not allow calls to SetProtoType on functions that should not have a prototype (fixes issue 1151) 
Review URL: http://codereview.chromium.org/6518003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 09:37:56 +00:00
ricow@chromium.org
46bde305b5 Add support for the global object in Object.keys (fixes issue 1150) 
We do not currently handle the case where the JSGlobalProxy is passed
as argument to LocalKeys in runtime.cc.

Review URL: http://codereview.chromium.org/6516008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 07:49:13 +00:00
mmaly@chromium.org
e0be3072b5 Implement assignment to undefined reference in ES5 Strict Mode. 
Strict mode assignment to undefined reference.
Simple assignments (x = <value>) use CODE_TARGET_CONTEXT.
StoreIC stores its own strictness in extra_ic_state.
The strcitness is propagated as further ic stubs are generated.

Details:
* ReferenceError on assignment to non-resolvable reference in strict mode.
* Fix es5conform test expectation file.
* Add es5conform test suite into .gitignore.
* Fix Xcode project.
* Change implemented in virtual frame code generator, as well as full-codegen
  for all architectures.
* Fix debugger test.
* Fix comment for CODE_TARGET_CONTEXT
* Implement remaining StoreIC stubs to be strict mode aware.
* Trace extra_ic_state() for ic code stubs.

Code Review URL: http://codereview.chromium.org/6474026/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-13 16:19:53 +00:00
mmaly@chromium.org
3f4701df7f Revert r6756. Check failed on V8 arm - debug - crankshaft. 
Need to investigate.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-11 23:25:07 +00:00
mmaly@chromium.org
fd6338bdda Implement assignment to undefined reference in ES5 Strict Mode. 
Strict mode assignment to undefined reference.
Simple assignments (x = <value>) use CODE_TARGET_CONTEXT.
StoreIC stores its own strictness in extra_ic_state.
The strcitness is propagated as further ic stubs are generated.

Details:
* ReferenceError on assignment to non-resolvable reference in strict mode.
* Fix es5conform test expectation file.
* Add es5conform test suite into .gitignore.
* Fix Xcode project.
* Change implemented in virtual frame code generator, as well as full-codegen
  for all architectures.
* Fix debugger test.
* Fix comment for CODE_TARGET_CONTEXT
* Implement remaining StoreIC stubs to be strict mode aware.
* Trace extra_ic_state() for ic code stubs.

Code Review URL: http://codereview.chromium.org/6474026/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-11 21:39:59 +00:00
antonm@chromium.org
e96c24bf03 Properly treat exceptions thrown while compiling. 
BUG=v8:1132
TEST=test/mjsunit/regress/regress-1132.js

Review URL: http://codereview.chromium.org/6487021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-11 14:26:56 +00:00
lrn@chromium.org
fdfbdfbcf5 Fix typo in ASSERT in object-verifier for RegExp. 
BUG=v8::1129
TEST=test/mjsunit/regress/regress-1129.js

Review URL: http://codereview.chromium.org/6476027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 16:43:01 +00:00
antonm@chromium.org
ab24485760 Bypass JS accessors when building error array. 
In the presence of JS accessors for elements on Object.prototype JSArray::SetFastElement
may throw or its behaviour can be altered.  Instead operate on plain FixedArrays and
turn them into JSArry later.

BUG=v8:1130
TEST=test/mjsunit/regress/regress-1130.js

Review URL: http://codereview.chromium.org/6481001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 15:02:13 +00:00
fschneider@chromium.org
5b753cecb6 Check holder before optimizing calls to global functions. 
In the case where the function is not found in the global object,
we have to generate a generic call.

BUG=v8:1106
TEST=mjsunit/regress/regress-1106.js

Review URL: http://codereview.chromium.org/6483010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 12:33:51 +00:00
vegorov@chromium.org
49adfd0f0a Bailout from PrepareSlowElementsForSort when hiting a key outside of smi-range. 
BUG=v8:1131
TEST=test/mjsunit/regress/regress-1131.js

Review URL: http://codereview.chromium.org/6469006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6726 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 12:33:34 +00:00
mikhail.naganov@gmail.com
12e62e7154 Shorten constructor names in JS tickprocessor. 
As they are no more used in DevTools profiler, there is no
need to prefix them with "devtools.profiler" namespace.

Review URL: http://codereview.chromium.org/6456025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 07:47:28 +00:00
kmillikin@chromium.org
dc91c4218b Make optimized Function.prototype.apply safe for non-JSObject first arguments. 
If we have a property access of the form this.x, where the access site sees
the global object, we can specialize the IC stub so that it performs a map
check without first performing a heap object check.

Ensure that we do not get in JS code with a non-JSObject this value by
deoptimizing at Function.prototype.apply if the first argument is not a
JSObject.

BUG=v8:1128

Review URL: http://codereview.chromium.org/6463025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 16:43:23 +00:00
whesse@chromium.org
0fb5a1fd1a Add a regression test for issue 1106, optimized access to the prototype chain of the global object. 
Review URL: http://codereview.chromium.org/6459023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 15:50:39 +00:00
lrn@chromium.org
d358e2ecd3 Fix incorrect asserts in scanner. 
BUG=v8::1126
TEST=test/mjsunit/regress/regress-1126.js

Review URL: http://codereview.chromium.org/6459021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 14:16:25 +00:00
whesse@chromium.org
afec61e870 Fix typo in r6697: Use assertThrows correctly in the added test regress-1122.js. 
Review URL: http://codereview.chromium.org/6460030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 13:16:40 +00:00
whesse@chromium.org
602d5cf427 Fix a bug that occurs when functions are defined with more than 16,382 parameters. 
Review URL: http://codereview.chromium.org/6447007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 12:46:22 +00:00
kmillikin@chromium.org
991a1cae12 Fix an assertion failure in stack trace construction. 
When constructing stack traces we interpret the deoptimization data for
optimized frames to find the receiver value.  This value could sometimes be
eliminated from the deoptimization data if we though it was unused.

BUG=v8:1118

Review URL: http://codereview.chromium.org/6465023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 11:45:50 +00:00
antonm@chromium.org
d724993138 Use GC-safe version when setting elements. 
BUG=1125
TEST=test/mjsunit/regress/regress-1125.js

Review URL: http://codereview.chromium.org/6463001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 11:38:10 +00:00
antonm@chromium.org
cf30cefda7 Check if Array.prototype.__proto__ has been reset to null. 
BUG=v8:1121
TEST=test/mjsunit/regress/regress-1121.js

Review URL: http://codereview.chromium.org/6454004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:56:44 +00:00
antonm@chromium.org
0273e8185b Propagate exceptions thrown when setting elements. 
Plus use more robust path when formatting messages---work
directly with fixed arrays.

BUG=v8:1107
TEST=test/mjsunit/getter-in-prototype.js,test/mjsunit/regress/regress-1107.js

Review URL: http://codereview.chromium.org/6451004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:42:14 +00:00
antonm@chromium.org
da8b72f2b8 1) Return failure if any of property sets failed; 
2) We cannot assert the declared property will go to the extension in the presence of callbacks and interceptors.

BUG=1119
TEST=test/mjsunit/regress/regress-1119.js

Review URL: http://codereview.chromium.org/6454011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:04:17 +00:00
ager@chromium.org
096c21522b Fix wrong assumption in parser that parsing a function literal cannot throw an exception. 
Review URL: http://codereview.chromium.org/6453009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 18:46:13 +00:00
ager@chromium.org
8c6c273236 Fix issues with using defineProperty on the global proxy object. 
Review URL: http://codereview.chromium.org/6452004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 16:31:58 +00:00
ricow@chromium.org
f64966085e x64: Add MulI and DivI to lithium instructions. 
Review URL: http://codereview.chromium.org/6448001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 14:37:50 +00:00
lrn@chromium.org
2f32f27e8f Correct propagation of exceptions from setters. 
BUG=v8:1105
TEST=test/mjsunit/regress/regress-1105.js

Review URL: http://codereview.chromium.org/6451003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 14:04:27 +00:00
kmillikin@chromium.org
bf3c3eb9cb Fix a possible duplicate AST ID for deoptimization. 
For redeclarations of variables that alias the parameters in functions
using arguments, we need to avoid re-visiting the shared variable
rewrite.

BUG=v8:1104

Review URL: http://codereview.chromium.org/6453004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 14:00:22 +00:00
ricow@chromium.org
20f2c1c98a Make sure that we do not call is_extensible on the global proxy. 
When calling Object.isExtensible we did not do a check for the global
js proxy. This caused the check on the extensible bit on the map to
return true, even when the bit was set to false on the global js
object.


Review URL: http://codereview.chromium.org/6450003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 13:09:07 +00:00
ricow@chromium.org
81787f986b Make sure that we never call prevent extension on the global proxy, 
but instead call this on the global object.

BUG: 1103

Review URL: http://codereview.chromium.org/6454001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 12:41:16 +00:00
lrn@chromium.org
48fadffcc4 Fix bug in JSON.parse for objects containing "__proto__" as key. 
It added the __proto__ key as a normal key, which made it visible
in enumeration, while reading still hit the hard-coded accessor.

Review URL: http://codereview.chromium.org/6451002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 11:38:15 +00:00
peterhal@chromium.org
39957aa741 Issue 117 - strict mode and future reserved words 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6653 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 18:36:37 +00:00
mmaly@chromium.org
87233c49c8 Pass strict mode to eval. 
Code review feedback.

Code Review URL: http://codereview.chromium.org/6286043/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 18:15:49 +00:00
vegorov@chromium.org
10f715e3ff Restore context after LApplyArguments. 
BUG=v8:1099
TEST=test/mjsunit/regress/regress-1099.js

Review URL: http://codereview.chromium.org/6246106

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 15:42:02 +00:00
peterhal@chromium.org
c894b1f317 Fix bugs 992, 1083 and 1092 
My previous patch added an assert which uncovered 1092 in the sputnik tests.
This patch adds the fix for 1092, which is to ensure that NormalizeProperties
does not get called for a JSGlobalProxy along all code paths.

Add sputnik tests to .gitignore.

BUG=
TEST=

Review URL: http://codereview.chromium.org/6286060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 19:29:10 +00:00
ricow@chromium.org
a2aa84873e Add regression test for the deoptimizer immediately followed by gc bug. 
In addition to the regression test I changed the gc-extension to take
a boolean flag specifying if compaction should be used (default is
false, existing tests will not change behaviour)

The regression test is disabled on arm and x64 with crankshaft
enabled. I made a bug to track this:
http://code.google.com/p/v8/issues/detail?id=1094


Review URL: http://codereview.chromium.org/6312118

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 13:47:27 +00:00
danno@chromium.org
a2fb4a12bb Create specialized code stubs for PixelArray loads. 
Review URL: http://codereview.chromium.org/6287030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 12:50:50 +00:00