vegorov@chromium.org
a457040ca6
Ensure that non-optimized code objects are not flushed for inlined functions.
...
Collector was flushing them if optimized code was reachable only through the stack (not through the JSFunction object) which happens when you have a pending lazy deoptimization.
Also prevent v8::Script::New from leaking internal objects allocated by the compiler into outer HandleScope.
R=kmillikin@chromium.org
BUG=http://crbug.com/97116
TEST=test/mjsunit/regress/regress-97116.js
Review URL: http://codereview.chromium.org/8888011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-08 16:07:07 +00:00
yangguo@chromium.org
929c619101
Quickfix for DoMathPowHalf.
...
TEST=regress-397.js
Review URL: http://codereview.chromium.org/8769037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 13:16:49 +00:00
lrn@chromium.org
ebccde15bc
Don't preparse large files to find boundaries of lazy functions.
...
Instead use the preparser inline to parse only the lazy function
bodies.
This is still disabled for small files.
More measurements are needed to determine if lazy-compiling small
sources is worth it.
Review URL: http://codereview.chromium.org/8662037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-25 09:36:31 +00:00
mstarzinger@chromium.org
330cd2205c
Remove hidden prototype for builtin functions.
...
This is a deliberate non-conformity introduced more than 2 years ago to
be compatible with JSC. The current state is that all other browsers
perform ES5 conform in that regard.
R=erik.corry@gmail.com
BUG=chromium:1717,chromium:39662
TEST=test262/15.2.3.6-4-6??,mjsunit/undeletable-functions
Review URL: http://codereview.chromium.org/8566009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-15 09:44:57 +00:00
yangguo@chromium.org
53c6077cee
Fixing issue 103259.
...
BUG=103259
TEST=regress-103259.js
Review URL: http://codereview.chromium.org/8498011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 14:59:40 +00:00
lrn@chromium.org
30465596e6
Make eval consider anything on the form eval(args...) a potential direct cal
...
Previously we omitted all cases where the global eval property was shadowed,
even if by a variable holding the same value. ES5 requires us to treat these
as direct calls.
We still throw if calling indirect eval with a detached global object.
BUG=v8:994
TEST=mjsunit/eval.js
Review URL: http://codereview.chromium.org/8343054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-31 09:38:52 +00:00
vegorov@chromium.org
f8c2d3847f
Take loop side-effects into account when collecting side-effects on the path between two blocks.
...
R=fschneider@chromium.org
BUG=100409
TEST=test/mjsunit/regress/regress-100409.js
Review URL: http://codereview.chromium.org/8395002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 15:39:55 +00:00
mstarzinger@chromium.org
b3eba9e764
Fix handling of non-object receivers for array builtins.
...
R=svenpanne@chromium.org
BUG=chromium:100702
TEST=mjsunit/regress/regress-100702
Review URL: http://codereview.chromium.org/8347034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 09:24:37 +00:00
lrn@chromium.org
5152d2e0da
Reimplement Function.prototype.bind.
...
Make instanceof work correctly.
BUG=v8:893
Review URL: http://codereview.chromium.org/8199004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 12:44:16 +00:00
lrn@chromium.org
50ef25e0f3
Remove redundant allow-natives flag from CompilationInfo.
...
Just use script being native and FLAG_allow_natives_syntax directly.
Review URL: http://codereview.chromium.org/8314018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 09:02:26 +00:00
yangguo@chromium.org
3249530ef0
Fixing issue 1757 (string slices of external strings).
...
BUG=v8:1757
TEST=regress-1757.js
Review URL: http://codereview.chromium.org/8217011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-10 16:09:03 +00:00
kmillikin@chromium.org
fa18fdb206
Add a regression test for an already fixed issue.
...
Add a regression test for Chromium issue 99167.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8222002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-10 10:46:27 +00:00
lrn@chromium.org
9f73eed45f
Fix issue 1361 - Implement ES5 Array.prototype.toString.
...
BUG=v8:1361
TEST=mjsunit/array-tostring
Review URL: http://codereview.chromium.org/8124025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-05 07:08:23 +00:00
mstarzinger@chromium.org
c034518442
Fix preparation for sorting of external arrays.
...
R=rossberg@chromium.org
BUG=98773
TEST=mjsunit/regress/regress-98773
Review URL: http://codereview.chromium.org/8122020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9516 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-04 13:49:50 +00:00
lrn@chromium.org
4750f0c3cd
Fix issue 1415 - allow surrogate pair codes in decodeURIComponent.
...
Also some cleanup of uri.js.
BUG=v8:1415
TEST=mjsunit/regress/regress-1415
Review URL: http://codereview.chromium.org/8118004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-04 07:15:07 +00:00
lrn@chromium.org
4b385d7e8e
Fix bug in x64 RegExp detecting start of string.
...
Also add missing MIPS case in regexp tracer.
Fixes issues v8:1748 and v8:1746
BUG=v8:1748, v8:1746
TEST=mjsunit/regress/regress-1748.js
Review URL: http://codereview.chromium.org/8116001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-03 10:31:01 +00:00
lrn@chromium.org
165e105ec9
Check enumerability of array indices correctly in propertyIsEnumerable.
...
Fix issue 1692.
BUG=v8:1692
TEST=mjsunit/regress/regress-1692
Review URL: http://codereview.chromium.org/8113001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-03 09:15:58 +00:00
lrn@chromium.org
b9d39c48b8
Make the RegExp.prototype object be a RegExp object.
...
BUG=v8:1217
TEST=mjsunit/regress/regress-1217
Review URL: http://codereview.chromium.org/8041015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-26 08:42:01 +00:00
vegorov@chromium.org
bfd048173f
Notify collector about lazily deoptimized code objects.
...
All slots that were recorded on these objects during incremental marking should be ignored as they are no longer valid.
To filter such invalidated slots out during slots buffers iteration we set all markbits under the invalidated code object to 1 after the code space was swept and before slots buffers are processed.
R=erik.corry@gmail.com
BUG=v8:1713
TEST=test/mjsunit/regress/regress-1713.js
Review URL: http://codereview.chromium.org/7983045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 16:01:35 +00:00
yangguo@chromium.org
7ab81a14fa
Reverting r9399.
...
Review URL: http://codereview.chromium.org/7989007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 15:55:44 +00:00
yangguo@chromium.org
0c6863a1ef
Set RegExp's prototype to RegExp as specified by ES5.
...
BUG=v8:1217
TEST=regress-1217.js
Review URL: http://codereview.chromium.org/7995005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 15:11:12 +00:00
mstarzinger@chromium.org
873e4980db
Fix transferal of marking bits on array trimming.
...
R=vegorov@chromium.org
BUG=v8:1708
TEST=mjsunit/regress/regress-1708
Review URL: http://codereview.chromium.org/7979038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 13:03:22 +00:00
yangguo@chromium.org
b7cac76bae
Fixed string.split: always convert non-regexp separator to string.
...
BUG=v8:1711
TEST=mjsunit/regress/regress-1711.js
Review URL: http://codereview.chromium.org/7976046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-22 08:18:58 +00:00
yangguo@chromium.org
fdffe67205
Initialize pre-allocated fields of JSObject with undefined.
...
BUG=94873
Review URL: http://codereview.chromium.org/7929001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-20 10:06:23 +00:00
vegorov@chromium.org
ac36cb4504
Merge experimental/gc branch to the bleeding_edge.
...
Review URL: http://codereview.chromium.org/7945009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-19 18:36:47 +00:00
jkummerow@chromium.org
fcc2e65aad
Change global const handling to silently ignore redeclarations
...
and make window.{Infinity,NaN,undefined} read-only as per ES5
BUG=89490
TEST=mjsunit/const-redecl.js, mjsunit/undeletable-functions.js, es5conform, sputnik
Review URL: http://codereview.chromium.org/7811015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 12:00:30 +00:00
yangguo@chromium.org
48b5328bde
Fixing issue 1639, debugger stops stepping outside evaluate.
...
BUG=v8:1639
Review URL: http://codereview.chromium.org/7889039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-15 07:23:31 +00:00
keuchel@chromium.org
96de832c89
Mark variables as being accessed from any inner scope, not only function scopes
...
BUG=96523
TEST=mjsunit/regress/regress-96523.js
Review URL: http://codereview.chromium.org/7890031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9281 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 13:51:29 +00:00
kmillikin@chromium.org
63bec78428
Revert "MIPS: port Remove in-loop tracking for call ICs."
...
Committed incorrectly.
TBR=ricow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7890026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 08:08:16 +00:00
kmillikin@chromium.org
f9e2922b12
MIPS: port Remove in-loop tracking for call ICs.
...
port r9260 (af9cfd83).
Original commit message:
We passed this flag around in a lot of places and had differenc call
ICs based on it, but never did any real specialization based on its
value.
BUG=
TEST=
Review URL: http://codereview.chromium.org/7886028
Patch from Paul Lind <plind44@gmail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 08:04:47 +00:00
rossberg@chromium.org
40880d3206
Fixed spurious character in test case, plus presubmit issues.
...
Also addressed Slava's complaint about the personalized comment.
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7886032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-14 07:30:51 +00:00
rossberg@chromium.org
28f7136ced
Fix for .bind regression.
...
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7892013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 17:14:39 +00:00
yangguo@chromium.org
321bfc549f
Fixing r9265: moving test case into correct location.
...
Review URL: http://codereview.chromium.org/7889008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-13 16:11:05 +00:00
danno@chromium.org
df860eda5c
Don't allow seal or element property re-definition on external arrays.
...
R=ricow@chromium.org
BUG=95920
TEST=test/mjsunit/regress/regress-95920.js
Review URL: http://codereview.chromium.org/7858031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-09 14:30:00 +00:00
kmillikin@chromium.org
8b165d414f
Fix a bug in abrupt exit from with or catch inside finally.
...
When with or catch is nested inside finally, we were not properly restoring
the context in the stack for the finally code. Also, as a small
optimization, restore it from the handler block instead of iteratively
unwinding contexts.
R=fschneider@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7837023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-07 09:21:44 +00:00
jkummerow@chromium.org
09c66d20ce
Fix possible crash in FixedDoubleArray::Initialize()
...
(this only affected ia32).
BUG=95113
TEST=mjsunit/regress/regress-95113.js passes without crashing.
Review URL: http://codereview.chromium.org/7833040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 14:07:54 +00:00
vegorov@chromium.org
d451878c91
Fix bug in Page::GetRegionMaskForSpan.
...
When checking for a wrap take into account offset of the start address in the region.
BUG=http://crbug.com/94425
TEST=test/mjsunit/regress/regress-94425.js
Review URL: http://codereview.chromium.org/7779037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 11:24:48 +00:00
ricow@chromium.org
0fbf8c8854
Add regression test for issue 1215, expand regression test for issue 1447.
...
Both these issues has now been closed since they are working on bleeding edge.
Review URL: http://codereview.chromium.org/7739024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-06 07:43:51 +00:00
yangguo@chromium.org
86a62d0da3
Added check for trailing whitespaces and corrected existing violations.
...
Review URL: http://codereview.chromium.org/7826007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 11:28:10 +00:00
ricow@chromium.org
4e94cd8b08
Make arguments and caller always be null on native functions (fixes issue 1548 and issue 1643).
...
With this change we follow Firefox, Safari has a slightly different approach where the property is just not there (at least according to GetOwnProperty).
Review URL: http://codereview.chromium.org/7792054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 11:09:11 +00:00
vegorov@chromium.org
e833f91eb3
Do constant function check earlier in TryCallApply and ensure correct environment for deopt.
...
R=kmillikin@chromium.org
BUG=v8:1650
TEST=test/mjsunit/regress/regress-1650.js
Review URL: http://codereview.chromium.org/7812033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-09-01 10:33:59 +00:00
fschneider@chromium.org
ffc6c7e56b
Introduce local function declarations in Crankshaft and fix issue 1647.
...
We have to emit code for declarations later into the body block
(and not into the start block) so that the environment contains
the correct values.
In order to capture the environment effect of the declarations
that generate code (function declarations) I inserted a separate
AST id and a HSimulate after the declarations are visited.
Also fixes handling deopt in named function expressions:
BUG=v8:1647
TEST=test/mjsunit/regress/regress-fundecl.js, test/mjsunit/regress/regress-1647.js
Review URL: http://codereview.chromium.org/7776009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-31 13:26:08 +00:00
lrn@chromium.org
d8a123169b
Make regexp flag parsing stricter.
...
BUG=v8:1628
TEST=mjsunit/regress/regress-219
Review URL: http://codereview.chromium.org/7624045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-19 11:02:41 +00:00
lrn@chromium.org
7939f9acf2
Make scanner handle invalid unicode escapes in identifiers correctly.
...
I.e., don't just convert \u to u in identifiers (like in strings and regexps).
Also make the scanning of RegExp flags not interpret the escapes.
(Fix and reapply of r8942)
BUG=v8:1620
TEST=mjsunit/regress/regress-1620
Review URL: http://codereview.chromium.org/7677012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-18 12:47:23 +00:00
ricow@chromium.org
d9c1984fe3
Use InternalArray in Object.defineProperties to avoid issues with overwriten properties on Array.prototype
...
TEST=mjsunit/regress/regress-1625
BUG=v8:1625
Review URL: http://codereview.chromium.org/7631039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-18 08:39:06 +00:00
ricow@chromium.org
7f36b52540
Revert 8942 "Make scanner not accept invalid unicode escapes in identifiers"
...
This is causing webkit failures, reverting until we figure out if this is a V8 regression or wrong test expectations.
Review URL: http://codereview.chromium.org/7669017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-17 08:22:41 +00:00
lrn@chromium.org
7d17c8d5d3
Make scanner not accept invalid unicode escapes in identifiers.
...
BUG=v8:1620
TEST=mjsunit/regress/regress-1620
Review URL: http://codereview.chromium.org/7663005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-16 13:31:08 +00:00
vitalyr@chromium.org
a107387dde
Fix fun.apply(receiver, arguments) optimization.
...
R=kmillikin@chromium.org
BUG=v8:1592
TEST=mjsunit/regress/regress-1592.js
Review URL: http://codereview.chromium.org/7497067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-10 16:05:17 +00:00
kmillikin@chromium.org
7adb10a48e
Fix a bug in named getter/setter compilation.
...
Because these are function literals that have an associated name, we were
compiling them as if they were named function expressions. This is
incorrect, the property name should not be in scope.
R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7599024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-09 12:43:08 +00:00
kmillikin@chromium.org
d941053dbe
Revert "Revert "Fix a bug in scope analysis.""
...
Reapply r8838 with a fix for the issue of function names.
Because function names can be added/changed/removed through the API,
remember whether the function is anonymous when initially parsed and use
that information when compiling.
R=vegorov@chromium.org
BUG=1583
TEST=regress-1583
Review URL: http://codereview.chromium.org/7491097
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-08-08 16:14:46 +00:00