AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
25,146 Commits 1 Branch 0 Tags 839 MiB
a504a184f6
Commit Graph

1475 Commits

Author SHA1 Message Date
ishell
1c673a56c1 Fixed DCHECK in StoreIC::CompileHandler(). 
BUG=chromium:489597
LOG=N

Review URL: https://codereview.chromium.org/1123153005

Cr-Commit-Position: refs/heads/master@{#28518}
 2015-05-20 13:36:27 +00:00
mstarzinger
7bd2d3e32e [turbofan] Fix over-restictive assertion in code generator. 
R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-489293
BUG=chromium:489293
LOG=n

Review URL: https://codereview.chromium.org/1142873005

Cr-Commit-Position: refs/heads/master@{#28486}
 2015-05-19 16:14:28 +00:00
ishell
18b60594c4 Another regression test for resolving references to "this" in strict mode. 
BUG=chromium:487105
LOG=N

Review URL: https://codereview.chromium.org/1136123010

Cr-Commit-Position: refs/heads/master@{#28480}
 2015-05-19 12:51:42 +00:00
jkummerow
f8175201da Fix harmless HGraph verification failure after hoisting inlined bounds checks 
BUG=chromium:487608
LOG=y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1133343003

Cr-Commit-Position: refs/heads/master@{#28463}
 2015-05-19 07:32:48 +00:00
yangguo
19312c1631 Do not clear stepping after DebugEvaluate. 
Clearing stepping was originally introduced in http://codereview.chromium.org/7889039
But DebugEvaluate now also uses a DisableBreak scope, which makes sure we don't step
inside the evaluated code.

R=yurys@chromium.org
BUG=chromium:467180
LOG=N

Review URL: https://codereview.chromium.org/1129363003

Cr-Commit-Position: refs/heads/master@{#28461}
 2015-05-19 04:56:08 +00:00
verwaest
4268141ca6 Reland "Mark internal AccessorInfo properties as 'special data properties'" 
This reverts commit ac5336baca.

BUG=

Review URL: https://codereview.chromium.org/1138483005

Cr-Commit-Position: refs/heads/master@{#28442}
 2015-05-18 12:36:40 +00:00
machenbach
f453416b7f Revert of Debugger: preserve stepping state after evaluating breakpoint condition. (patchset #1 id:1 of https://codereview.chromium.org/1132643004/) 
Reason for revert:
[Sheriff] This breaks TSAN (makes some tests marked as flaky permanently fail):
http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/3882

Original issue's description:
> Debugger: preserve stepping state after evaluating breakpoint condition.
>
> R=ulan@chromium.org, yurys@chromium.org
> BUG=chromium:467180
> LOG=N

TBR=ulan@chromium.org,yurys@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:467180

Review URL: https://codereview.chromium.org/1130123007

Cr-Commit-Position: refs/heads/master@{#28436}
 2015-05-17 06:21:39 +00:00
yangguo
ee6666a55a Debugger: preserve stepping state after evaluating breakpoint condition. 
R=ulan@chromium.org, yurys@chromium.org
BUG=chromium:467180
LOG=N

Review URL: https://codereview.chromium.org/1132643004

Cr-Commit-Position: refs/heads/master@{#28432}
 2015-05-15 22:50:55 +00:00
yangguo
d8e9f3a484 Add regression test for resolving "this" in debug evaluate. 
R=hablich@chromium.org
BUG=chromium:487289
LOG=N

Review URL: https://codereview.chromium.org/1137293002

Cr-Commit-Position: refs/heads/master@{#28424}
 2015-05-15 13:57:31 +00:00
mvstanton
de3a1ca02e Bug: Runtime_GrowArrayElements provoked unnecessary lazy deopt. 
Unnecessary, and unhandled as well.

BUG=488398
R=jarin@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1141163004

Cr-Commit-Position: refs/heads/master@{#28421}
 2015-05-15 13:05:00 +00:00
ishell
3c1487db60 Map::ReconfigureProperty() should mark map as unstable when there is an element kind transition somewhere in the middle of the transition tree. 
BUG=chromium:485548
LOG=N

Review URL: https://codereview.chromium.org/1128043005

Cr-Commit-Position: refs/heads/master@{#28418}
 2015-05-15 10:39:51 +00:00
wingo
e73594c7fb Use ExpressionClassifier to identify valid arrow function formals 
R=dslomov@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/1138153003

Cr-Commit-Position: refs/heads/master@{#28391}
 2015-05-13 11:45:02 +00:00
yangguo
46f992ddd0 Reland "Use function wrapper argument to expose internal arrays to native scripts." 
Review URL: https://codereview.chromium.org/1138173002

Cr-Commit-Position: refs/heads/master@{#28367}
 2015-05-12 14:00:45 +00:00
yurys
cf07add227 Don't create debug context if debug listener is not set 
If there had been no debug listener v8::Debug::GetDebugContext would have created new context and wouln't have kept reference to it. This way we may well end up with several debug contexts and disabled debugger.

As a side effect this change allows to efficiently distinguish debug context from blink contexts by simply comparing handles.

BUG=chromium:482290
LOG=Y

Review URL: https://codereview.chromium.org/1136733002

Cr-Commit-Position: refs/heads/master@{#28356}
 2015-05-12 07:33:18 +00:00
yangguo
c39a0a75ad Revert of Use function wrapper argument to expose internal arrays to native scripts. (patchset #2 id:20001 of https://codereview.chromium.org/1127983003/) 
Reason for revert:
custom snapshot builder failing.

Original issue's description:
> Use function wrapper argument to expose internal arrays to native scripts.
>
> R=jkummerow@chromium.org
>
> Committed: https://crrev.com/a9b5a1795449d94387218d25baed2c2b3c4fbadc
> Cr-Commit-Position: refs/heads/master@{#28354}

TBR=jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1123353008

Cr-Commit-Position: refs/heads/master@{#28355}
 2015-05-12 07:26:01 +00:00
yangguo
a9b5a17954 Use function wrapper argument to expose internal arrays to native scripts. 
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1127983003

Cr-Commit-Position: refs/heads/master@{#28354}
 2015-05-12 06:14:18 +00:00
jkummerow
f10b992dab Let Runtime_GrowArrayElements accept non-Smi numbers as |key|. 
BUG=chromium:485410
LOG=y
R=mvstanton@chromium.org,danno@chromium.org

Review URL: https://codereview.chromium.org/1132113004

Cr-Commit-Position: refs/heads/master@{#28327}
 2015-05-09 10:30:49 +00:00
titzer
318c1f770c [turbofan] Fix handling of OsrLoopEntry in ControlReducer::ConnectNTL() 
R=jarin@chromium.org
LOG=Y
BUG=chromium:485908

Review URL: https://codereview.chromium.org/1138463004

Cr-Commit-Position: refs/heads/master@{#28323}
 2015-05-08 15:44:27 +00:00
hpayer
c80d730c71 Initialize sub-array literals first before pointing to it. 
BUG=484544
LOG=n

Review URL: https://codereview.chromium.org/1132763002

Cr-Commit-Position: refs/heads/master@{#28313}
 2015-05-08 09:24:31 +00:00
verwaest
f21ea065b3 Fix smi scanning 
BUG=chromium:483176
LOG=n

Review URL: https://codereview.chromium.org/1114073003

Cr-Commit-Position: refs/heads/master@{#28202}
 2015-05-04 15:02:30 +00:00
yangguo
f42544b768 Set inferred name of bound function to empty string. 
Otherwise it's whatever the js minifier assigns it to.

R=jkummerow@chromium.org
BUG=chromium:484077
LOG=N

Review URL: https://codereview.chromium.org/1122733002

Cr-Commit-Position: refs/heads/master@{#28190}
 2015-05-04 09:55:43 +00:00
yangguo
7681432dbf JSON serializer should fail gracefully for special value wrappers. 
R=mstarzinger@chromium.org
BUG=chromium:471702
LOG=N

Review URL: https://codereview.chromium.org/1120573002

Cr-Commit-Position: refs/heads/master@{#28154}
 2015-04-30 10:02:21 +00:00
mstarzinger
6b60f19168 [turbofan] Fix frame state for class literal definition. 
This introduces a bailout point for class literals right after the
%DefineClass function has been called. Otherwise the FrameState after
class literal evaluation might contain the literal itself.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-480819
BUG=chromium:480819
LOG=N

Review URL: https://codereview.chromium.org/1104673004

Cr-Commit-Position: refs/heads/master@{#28043}
 2015-04-24 11:12:57 +00:00
bmeurer
4f9bc2d1c3 [turbofan] Ignore dead cached nodes in the JSGraph. 
BUG=chromium:480807
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1101273002

Cr-Commit-Position: refs/heads/master@{#28041}
 2015-04-24 10:51:32 +00:00
yangguo
8cf289ca4f Throw when attaching a stack trace to an object fails. 
R=jarin@chromium.org
BUG=chromium:478011
LOG=N

Review URL: https://codereview.chromium.org/1077153003

Cr-Commit-Position: refs/heads/master@{#27941}
 2015-04-20 14:40:45 +00:00
jkummerow
4204c72739 Don't use normalized map cache for prototype maps 
BUG=chromium:477924
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1090193002

Cr-Commit-Position: refs/heads/master@{#27916}
 2015-04-17 12:16:07 +00:00
erikcorry
e0be05036f Reduce regexp compiler stack size when not optimizing regexps 
R=jkummerow@chromium.org
BUG=chromium:475705
LOG=y

Review URL: https://codereview.chromium.org/1082763002

Cr-Commit-Position: refs/heads/master@{#27851}
 2015-04-15 15:15:52 +00:00
ulan
68a7773e0f Correctly handle clearing of deprecated field types. 
BUG=v8:4027
LOG=NO

Review URL: https://codereview.chromium.org/1086063003

Cr-Commit-Position: refs/heads/master@{#27837}
 2015-04-15 09:55:33 +00:00
jkummerow
2ff768b206 Put --noalways-opt flag back into regress-crbug-245480 
This is a partial revert of 3eb277f270.

R=machenbach@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1087183002

Cr-Commit-Position: refs/heads/master@{#27835}
 2015-04-15 09:31:39 +00:00
jkummerow
3eb277f270 %GetOptimizationStatus(): Unconditionally return a sentinel when --always-opt is present 
Review URL: https://codereview.chromium.org/1086923002

Cr-Commit-Position: refs/heads/master@{#27822}
 2015-04-14 14:57:48 +00:00
mvstanton
2ebb794b4f VectorICs: recreate feedback vector if scoping changes on recompile. 
BUG=476488
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1080253003

Cr-Commit-Position: refs/heads/master@{#27817}
 2015-04-14 12:31:31 +00:00
verwaest
434b456b51 Fix indirect push 
BUG=chromium:388665
LOG=n

Review URL: https://codereview.chromium.org/1087463003

Cr-Commit-Position: refs/heads/master@{#27795}
 2015-04-13 16:25:33 +00:00
ulan
2f327a5cb4 Do not inline store if field map was cleared. 
BUG=v8:4023
LOG=NO

Review URL: https://codereview.chromium.org/1081033004

Cr-Commit-Position: refs/heads/master@{#27779}
 2015-04-13 09:43:52 +00:00
mstarzinger
96ef78aa0b [turbofan] Fix FrameInspector when deoptimizer is disabled. 
This is a workaround to make the debugger happy about TurboFan frames
when the debugger causes frame inspection. Note that this can happen
because the debugger can be activated while there still are optimized
TurboFan activations on the stack.

R=ishell@chromium.org
BUG=chromium:465298
TEST=mjsunit/regress/regress-crbug-465298
LOG=N

Review URL: https://codereview.chromium.org/1074793003

Cr-Commit-Position: refs/heads/master@{#27717}
 2015-04-09 19:40:49 +00:00
yangguo
3a4d073f1d Create result array of %DebugGetLoadedScripts outside the debug context. 
R=jarin@chromium.org
BUG=chromium:474297
LOG=N

Review URL: https://codereview.chromium.org/1062143002

Cr-Commit-Position: refs/heads/master@{#27659}
 2015-04-08 11:15:02 +00:00
jkummerow
90cbede588 Move prototype metadata from internal properties to prototype maps 
The motivation is that we prefer to avoid creating internal properties, and we have a usable field on maps ("transitions", which is not used for prototype maps).
This CL also ensures the invariant that prototype maps are never shared, even if they are in dictionary mode.

Review URL: https://codereview.chromium.org/1033653002

Cr-Commit-Position: refs/heads/master@{#27617}
 2015-04-07 10:42:57 +00:00
yangguo
c67cb287a9 Always update raw pointers when handling interrupts inside RegExp code. 
R=mstarzinger@chromium.org
BUG=chromium:469480
LOG=N

Review URL: https://codereview.chromium.org/1034173002

Cr-Commit-Position: refs/heads/master@{#27615}
 2015-04-07 09:44:57 +00:00
jkummerow
146598f44a JSEntryTrampoline: check for stack space before pushing arguments 
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.

BUG=chromium:469768
LOG=y

Review URL: https://codereview.chromium.org/1056913003

Cr-Commit-Position: refs/heads/master@{#27614}
 2015-04-07 09:13:44 +00:00
erikcorry
5a93a3304c Reland: Fix JSON parser Handle leak (previous CL 1041483004) 
R=mstarzinger@chromium.org
BUG=v8:3976
BUG=472504
LOG=y

Review URL: https://codereview.chromium.org/1051833002

Cr-Commit-Position: refs/heads/master@{#27571}
 2015-04-01 16:58:47 +00:00
kozyatinskiy
66d5519f7e Revert of Correctly compute line numbers in functions from the function constructor. (patchset #5 id:80001 of https://codereview.chromium.org/701093003/) 
Reason for revert:
Locations from New Function are broken in DevTools.

Original issue's description:
> Correctly compute line numbers in functions from the function constructor.
>
> R=aandrey@chromium.org
> BUG=chromium:109362
> LOG=Y
>
> Committed: https://code.google.com/p/v8/source/detail?r=25289

TBR=aandrey@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:109362
LOG=Y

Review URL: https://codereview.chromium.org/1053563002

Cr-Commit-Position: refs/heads/master@{#27564}
 2015-04-01 10:11:26 +00:00
erikcorry
77dd1f347d Revert of Fix JSON parser Handle leak (patchset #3 id:40001 of https://codereview.chromium.org/1041483004/) 
Reason for revert:
Reverting due to JSOn parser failures

Original issue's description:
> Fix JSON parser Handle leak
>
> R=verwaest@chromium.org
> BUG=v8:3976
> LOG=y
>
> Committed: https://crrev.com/1ec850383bb82f6d8bebc7416e5f50b649d1eeaa
> Cr-Commit-Position: refs/heads/master@{#27512}

TBR=verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3976

Review URL: https://codereview.chromium.org/1052593002

Cr-Commit-Position: refs/heads/master@{#27562}
 2015-04-01 09:23:02 +00:00
ishell
3cb9f132ba Layout descriptor must be trimmed when corresponding descriptors array is trimmed to stay in sync. 
BUG=chromium:470804
LOG=Y

Review URL: https://codereview.chromium.org/1033273005

Cr-Commit-Position: refs/heads/master@{#27528}
 2015-03-30 17:03:50 +00:00
verwaest
87eef73234 Fix speedup of typedarray-length loading in the ICs as well as Crankshaft 
BUG=

Review URL: https://codereview.chromium.org/1034393002

Cr-Commit-Position: refs/heads/master@{#27519}
 2015-03-30 11:50:23 +00:00
erikcorry
1ec850383b Fix JSON parser Handle leak 
R=verwaest@chromium.org
BUG=v8:3976
LOG=y

Review URL: https://codereview.chromium.org/1041483004

Cr-Commit-Position: refs/heads/master@{#27512}
 2015-03-30 09:55:30 +00:00
mvstanton
7c347c545e Ensure object literal element boilerplates aren't modified. 
A bug allows JSObject literals with elements to have the elements in the
boilerplate modified.

BUG=466993
LOG=N

Review URL: https://codereview.chromium.org/1037273002

Cr-Commit-Position: refs/heads/master@{#27511}
 2015-03-30 09:20:09 +00:00
yangguo
69383d6366 Revert of Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #1 id:1 of https://codereview.chromium.org/999273003/) 
Reason for revert:
Reland since the failure has been fixed in https://codereview.chromium.org/1035523005/

Original issue's description:
> Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #4 id:60001 of https://codereview.chromium.org/998253005/)
>
> Reason for revert:
> Code caching failures.
>
> Original issue's description:
> > Debugger: deduplicate shared function info when setting script break points.
> >
> > Also fix Debug.showBreakPoints for multiple break points at the same location.
> >
> > BUG=v8:3960
> > LOG=N
> >
> > Committed: https://crrev.com/73b17a71a22564c0b66d9aa7c00948c748f5b290
> > Cr-Commit-Position: refs/heads/master@{#27444}
>
> TBR=mstarzinger@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3960
>
> Committed: https://crrev.com/9b29d008dfcc00bf56be8040add1d2c5e404673b
> Cr-Commit-Position: refs/heads/master@{#27448}

TBR=mstarzinger@chromium.org
BUG=v8:3960
LOG=N

Review URL: https://codereview.chromium.org/1037013002

Cr-Commit-Position: refs/heads/master@{#27472}
 2015-03-26 10:43:51 +00:00
yangguo
46cc8740a9 Debugger: remove unused JS Debugger API. 
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1005053004

Cr-Commit-Position: refs/heads/master@{#27464}
 2015-03-26 08:15:45 +00:00
yangguo
9b29d008df Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #4 id:60001 of https://codereview.chromium.org/998253005/) 
Reason for revert:
Code caching failures.

Original issue's description:
> Debugger: deduplicate shared function info when setting script break points.
>
> Also fix Debug.showBreakPoints for multiple break points at the same location.
>
> BUG=v8:3960
> LOG=N
>
> Committed: https://crrev.com/73b17a71a22564c0b66d9aa7c00948c748f5b290
> Cr-Commit-Position: refs/heads/master@{#27444}

TBR=mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3960

Review URL: https://codereview.chromium.org/999273003

Cr-Commit-Position: refs/heads/master@{#27448}
 2015-03-25 15:19:20 +00:00
yangguo
73b17a71a2 Debugger: deduplicate shared function info when setting script break points. 
Also fix Debug.showBreakPoints for multiple break points at the same location.

BUG=v8:3960
LOG=N

Review URL: https://codereview.chromium.org/998253005

Cr-Commit-Position: refs/heads/master@{#27444}
 2015-03-25 14:53:49 +00:00
mstarzinger
38a719f965 Switch full-codegen from StackHandlers to handler table. 
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.

Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).

On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).

R=yangguo@chromium.org
TEST=cctest/test-run-jsexceptions/DeoptTry

Review URL: https://codereview.chromium.org/1010883002

Cr-Commit-Position: refs/heads/master@{#27440}
 2015-03-25 13:14:02 +00:00
titzer
006ae96dab Set test expectations prior to enabling --turbo-osr. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1018513003

Cr-Commit-Position: refs/heads/master@{#27425}
 2015-03-24 19:02:55 +00:00
erikcorry
4c806802b5 Fix OOM bug 3976. 
Also introduce --trace-fragmentation-verbose, and fix --always-compact.

R=ulan@chromium.org
BUG=v8:3976
LOG=y

Review URL: https://codereview.chromium.org/1024823002

Cr-Commit-Position: refs/heads/master@{#27414}
 2015-03-24 15:02:28 +00:00
jarin
0f94c96cbc Test for wrong arguments object materialization. 
The test demonstrates a bad interaction between arguments object
materialization, escape analysis and exception handling.

We can return a wrong arguments object if we materialize arguments
object (using f.arguments) and then throw around f's frame so that f
does not clean up the materialized frame information (see the
MaterializedObjectStore in deoptimizer.h/.cc). If we enter another
function that has the same frame pointer and request an arguments object
of (or lazily deoptimize) that function, we can get the materialized
object of the original function.

We should clean up the materialized object store when we unwind the
stack.

BUG=v8:3985
LOG=n

Review URL: https://codereview.chromium.org/1032623003

Cr-Commit-Position: refs/heads/master@{#27406}
 2015-03-24 13:20:21 +00:00
verwaest
1b16678f25 Properly handle non-JSFunction constructors in CanRetainOtherContext 
BUG=

Review URL: https://codereview.chromium.org/1017263003

Cr-Commit-Position: refs/heads/master@{#27379}
 2015-03-23 19:24:58 +00:00
titzer
d931700b81 [turbofan] Fix control reducer bug with walking non-control edges during ConnectNTL phase. 
R=jarin@chromium.org
BUG=chromium:469605
LOG=Y

Review URL: https://codereview.chromium.org/1030623003

Cr-Commit-Position: refs/heads/master@{#27366}
 2015-03-23 14:08:25 +00:00
Toon Verwaest
0f573464e6 Ensure we don't overflow in BCE 
BUG=chromium:469148
LOG=y
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/1023123003

Cr-Commit-Position: refs/heads/master@{#27346}
 2015-03-20 16:43:05 +00:00
rossberg
d0e20d8221 [harmony] Move some regression tests to the right place 
TBR=dslomov@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1027693003

Cr-Commit-Position: refs/heads/master@{#27339}
 2015-03-20 11:03:14 +00:00
aperez
3c3ce1bca8 Parser: Fix crash on stack overflow when lazy-parsing arrow functions 
The problem manifests itself when parsing manages to return something
meaningful in the presence of a stack overflow. This happens because
calling ParserBase::Next() will still return one valid token on stack
overflow, before starting to return invalid tokens.

Take the following input as example:

        a.map(v => v + 1);
              | |
       already   next token
        parsed   (which will be an invalid token
  (identifier)   because of a stack overflow)

The "v" may have been already parsed into a VariableProxy, then if a
stack overflow occurs, next token will be an invalid token (instead
of Token::ARROW), but the parser will return the VariableProxy.

This always happens when lazy-parsing arrow functions, so the position
in the input stream where the the arrow function code ends is known.
This fix adds a check that ensures that parsing ended at the end
position of the arrow function.

BUG=465671
LOG=N

Review URL: https://codereview.chromium.org/1023483003

Cr-Commit-Position: refs/heads/master@{#27325}
 2015-03-20 00:17:50 +00:00
yangguo
f289311c8d Add regression test for dependency to field type tracked weak map. 
TBR=jkummerow@chromium.org
BUG=v8:3969
LOG=N

Review URL: https://codereview.chromium.org/1019223002

Cr-Commit-Position: refs/heads/master@{#27291}
 2015-03-19 08:51:29 +00:00
mstarzinger
86b391ecad Delegate throwing in RegExpExecStub to CEntryStub. 
This ensures that there is only one stub that deals with unwinding the
stack. Having more than one place containing that logic is brittle and
error prone, especially when it is a corner case only for RangeErrors.

R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-467047
BUG=chromium:467047
LOG=N

Review URL: https://codereview.chromium.org/1012103002

Cr-Commit-Position: refs/heads/master@{#27243}
 2015-03-17 15:49:40 +00:00
mstarzinger
7e8a62e34a [turbofan] Fix C++ evaluation order in AstGraphBuilder. 
The evaluation order of receiver versus arguments is not properly
defined by C++. This caused issues with Clang where the environment
changed after the receiveing environment was already loaded.

R=jarin@chromium.org
BUG=chromium:467531
TEST=mjsunit/regress/regress-crbug-467531
LOG=N

Review URL: https://codereview.chromium.org/1015683002

Cr-Commit-Position: refs/heads/master@{#27238}
 2015-03-17 12:37:07 +00:00
ishell
ddfca2b069 Bugfix in hydrogen GVN. 
BUG=chromium:467481
LOG=Y

Review URL: https://codereview.chromium.org/1009933002

Cr-Commit-Position: refs/heads/master@{#27223}
 2015-03-16 13:46:20 +00:00
arv
e625844648 [es6] Function length property should be configurable 
ES6 specs the function length property (it was not part of ES5) and
it makes it configurable.

BUG=v8:3045
LOG=N
R=mstarzinger@chromium.org, adamk@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/993073002

Cr-Commit-Position: refs/heads/master@{#27190}
 2015-03-13 17:19:53 +00:00
dslomov
92138c73a7 Remove --harmony-scoping flag. 
We have been shipping harmony scoping for 2 Chrome releases now (M41
and M42). Time to remove the flag.

R=rossberg@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1007783002

Cr-Commit-Position: refs/heads/master@{#27187}
 2015-03-13 15:15:57 +00:00
ishell
0902b5f4df Incorrect handling of HTransitionElementsKind in hydrogen check elimination phase fixed. 
BUG=chromium:460917
LOG=Y

Review URL: https://codereview.chromium.org/1000893003

Cr-Commit-Position: refs/heads/master@{#27154}
 2015-03-12 11:44:29 +00:00
yangguo
3ed5dea6f7 Add test case for serializing external references to runtime functions. 
R=svenpanne@chromium.org
BUG=chromium:465564
LOG=N

Review URL: https://codereview.chromium.org/996603002

Cr-Commit-Position: refs/heads/master@{#27093}
 2015-03-10 10:36:16 +00:00
Jaroslav Sevcik
82a28adf05 Do not set target in deoptimized code in keyed store IC. 
BUG=chromium:460937
R=ishell@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/989093002

Cr-Commit-Position: refs/heads/master@{#27064}
 2015-03-09 10:11:13 +00:00
svenpanne
d8416f5524 Intrinsics in the INLINE_FUNCTION_LIST are now avaliable without '_', too. 
This involved renaming apart a few more intrinsics. In the long run,
we want to clean up redundant intrinsics which just delegate.

BUG=v8:3947
LOG=n

Review URL: https://codereview.chromium.org/984963002

Cr-Commit-Position: refs/heads/master@{#27043}
 2015-03-06 13:50:06 +00:00
jarin
9b40c5d0d2 [turbofan] Fix the deopt ids in assignment. 
BUG=chromium:463028
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/987733003

Cr-Commit-Position: refs/heads/master@{#27041}
 2015-03-06 12:50:47 +00:00
arv
f6cd009efd ES6: Make function name configurable 
Function name property is now standardized in ES6. It was a Mozilla proprietary
extension before. With ES6, the property was made configurable, so that it can
be used instead of another proprietary property, displayName.

This is a revert of revert c791d84112.

Last time this broke a Chrome browser test which has since been updated:

5f75a3be4c

BUG=v8:3333
LOG=N
R=mstarzinger@chromium.org,verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/977003004

Cr-Commit-Position: refs/heads/master@{#26996}
 2015-03-04 16:57:10 +00:00
arv
c791d84112 Revert of ES6: Make function name configurable (patchset #10 id:220001 of https://codereview.chromium.org/960343002/) 
Reason for revert:
Breaks Chrome browser test that checks Object.name

[16509:16509:0228/030150:INFO:CONSOLE(43)] "Uncaught Error: Clobbered Object.name getter", source: http://www.chromium.org:33611/assertions.js (43)

http://build.chromium.org/p/client.v8/builders/Linux%20Tests%20%28dbg%29%281%29/builds/2328/steps/browser_tests/logs/stdio

Original issue's description:
> ES6: Make function name configurable
>
> This is partially based on r21609 but that CL was incomplete.
>
> Function name is still non writable so one has to use defineProperty
> to change the actual value.
>
> BUG=v8:3333
> LOG=N
> R=adamk, mstarzinger@chromium.org
>
> Committed: https://crrev.com/f7790f7670c8d859455a98fcb90ff1b66af1eca7
> Cr-Commit-Position: refs/heads/master@{#26924}

TBR=adamk@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3333

Review URL: https://codereview.chromium.org/969683002

Cr-Commit-Position: refs/heads/master@{#26933}
 2015-03-02 00:19:01 +00:00
arv
f7790f7670 ES6: Make function name configurable 
This is partially based on r21609 but that CL was incomplete.

Function name is still non writable so one has to use defineProperty
to change the actual value.

BUG=v8:3333
LOG=N
R=adamk, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/960343002

Cr-Commit-Position: refs/heads/master@{#26924}
 2015-02-27 19:29:01 +00:00
machenbach
885a88166d Revert of Invalidate the global property cell when converting from data to accessor. (patchset #1 id:1 of https://codereview.chromium.org/961003002/) 
Reason for revert:
Breaks gc stress, e.g.: http://build.chromium.org/p/client.v8/builders/V8%20GC%20Stress%20-%201/builds/2322

Original issue's description:
> Invalidate the global property cell when converting from data to accessor.
>
> BUG=
> TBR=jkummerow@chromium.org,
>
> Committed: https://crrev.com/6a12dc240b1faffa500ff269077d832ecc74239d
> Cr-Commit-Position: refs/heads/master@{#26896}

TBR=jkummerow@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/958113004

Cr-Commit-Position: refs/heads/master@{#26899}
 2015-02-26 21:03:18 +00:00
verwaest
6a12dc240b Invalidate the global property cell when converting from data to accessor. 
BUG=
TBR=jkummerow@chromium.org,

Review URL: https://codereview.chromium.org/961003002

Cr-Commit-Position: refs/heads/master@{#26896}
 2015-02-26 18:48:59 +00:00
jarin
9951e1e5f0 [turbofan] Fix typing of comparisons. 
BUG=chromium:459955
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/943483002

Cr-Commit-Position: refs/heads/master@{#26743}
 2015-02-19 10:56:23 +00:00
hpayer
206e9136bd Unlink pages from the space page list after evacuation. 
BUG=430201
LOG=n

Review URL: https://codereview.chromium.org/937833002

Cr-Commit-Position: refs/heads/master@{#26738}
 2015-02-19 09:28:59 +00:00
jarin
3f3558f365 Convert to immutable heap number when materializing arguments object. 
BUG=chromium:457935
LOG=n
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/935623002

Cr-Commit-Position: refs/heads/master@{#26704}
 2015-02-17 18:08:59 +00:00
mstarzinger
22dd6dc2a6 Fix representation for CompareIC in JSGenericLowering. 
R=jarin@chromium.org
TEST=mjsunit/regress/regress-3884
BUG=v8:3884
LOG=N

Review URL: https://codereview.chromium.org/933913002

Cr-Commit-Position: refs/heads/master@{#26702}
 2015-02-17 16:37:36 +00:00
jarin
0a4047a69b During arguments materialization, do not store materialized objects without lazy deopt. 
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/919173003

Cr-Commit-Position: refs/heads/master@{#26695}
 2015-02-17 15:24:34 +00:00
titzer
c5f7d2bb82 [turbofan] Fix control reducer with re-reducing branches. 
R=jarin@chromium.org
LOG=Y
BUG=chromium:458876

Review URL: https://codereview.chromium.org/917383004

Cr-Commit-Position: refs/heads/master@{#26666}
 2015-02-16 14:56:49 +00:00
jarin
d0758949e1 [turbofan] Clear pending exception from unsuccessful compilation. 
BUG=chromium:458987
LOG=n
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/932603002

Cr-Commit-Position: refs/heads/master@{#26665}
 2015-02-16 14:25:23 +00:00
hpayer
c889fb4c1d Use just one to-space page for the promotion queue. 
BUG=454725
LOG=n

Review URL: https://codereview.chromium.org/919473008

Cr-Commit-Position: refs/heads/master@{#26577}
 2015-02-11 13:39:40 +00:00
titzer
1db760de7d Reduce the number of iterations in some OSR tests by using an explicit %OptimizeOsr(). 
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/913463002

Cr-Commit-Position: refs/heads/master@{#26540}
 2015-02-10 09:53:22 +00:00
titzer
9030a2674b Remove some busy-OSR loops from tests using %OptimizeOsr(). 
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/908863002

Cr-Commit-Position: refs/heads/master@{#26527}
 2015-02-09 14:11:23 +00:00
titzer
4c302ca290 Make it easier to test OSR with %OptimizeOsr() runtime call. 
This call triggers OSR for the current function. And also allows explicitly testing OSR on the top-level code.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/906243002

Cr-Commit-Position: refs/heads/master@{#26523}
 2015-02-09 12:47:43 +00:00
mstarzinger
df986d08b7 Fix try-finally for dead AST-branches in TurboFan. 
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-455644
BUG=chromium:455644
LOG=N

Review URL: https://codereview.chromium.org/880443004

Cr-Commit-Position: refs/heads/master@{#26458}
 2015-02-05 12:29:33 +00:00
jkummerow
bfe7f4af14 Fix HConstant(double, ...) constructor 
It must always populate int32_value_, even if that's lossy, because other code (specifically, constant folding for truncating operations) relies on it.

BUG=v8:3865
LOG=y

Review URL: https://codereview.chromium.org/897263002

Cr-Commit-Position: refs/heads/master@{#26453}
 2015-02-05 10:28:13 +00:00
caitpotter88
49ef549807 templates: Don't check IsLineTerminator() if character is negative 
BUG=455212
LOG=N
R=arv@chromium.org

Review URL: https://codereview.chromium.org/902703002

Cr-Commit-Position: refs/heads/master@{#26442}
 2015-02-04 21:05:48 +00:00
jarin
4f786befb7 Infer HConstant::NotInNewSpace only if the supplied handle is null. 
BUG=chromium:449291
LOG=n
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/898753003

Cr-Commit-Position: refs/heads/master@{#26413}
 2015-02-03 17:48:35 +00:00
bmeurer
f6e02e195c Compute the same hash for all NaN values. 
Both SameValue and SameValueZero consider different NaNs equal, so we
better assign the same hash value to all NaNs.

BUG=v8:3859
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/897593002

Cr-Commit-Position: refs/heads/master@{#26391}
 2015-02-03 06:29:18 +00:00
verwaest
9cce4ff285 Clear pending exception on stack overflow in the parser 
BUG=450960
LOG=n

Review URL: https://codereview.chromium.org/858213003

Cr-Commit-Position: refs/heads/master@{#26390}
 2015-02-03 06:22:36 +00:00
verwaest
1de7dff2ef Check global object behind global proxy for extensibility 
BUG=454091
LOG=Y

Review URL: https://codereview.chromium.org/895573002

Cr-Commit-Position: refs/heads/master@{#26380}
 2015-02-02 12:49:12 +00:00
mvstanton
3df0a9ae77 CallIC used an invalid mechanism to detect if it was in optimized code. 
BUG=453481
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/885333002

Cr-Commit-Position: refs/heads/master@{#26361}
 2015-01-30 15:07:14 +00:00
jarin
da90aabc07 Always emit bailout id for inlining property access (even for keyed access). 
R=ulan@chromium.org
BUG=chromium:453805
LOG=n

Review URL: https://codereview.chromium.org/887023003

Cr-Commit-Position: refs/heads/master@{#26359}
 2015-01-30 14:35:43 +00:00
ishell
32fe247d91 Layout descriptor sharing issue fixed. 
BUG=chromium:437713, v8:3832
LOG=Y

Review URL: https://codereview.chromium.org/885003002

Cr-Commit-Position: refs/heads/master@{#26354}
 2015-01-30 12:55:25 +00:00
aperez
91b87e7a28 Do not create unresolved variables when parsing arrow functions lazily 
Arrow function parameter lists are parsed as expressions. When an identifier
is found a VariableProxy is created and added to the list of unresolved
variables for the scope. When parsing a function lazily, the scope has been
already resolved, so with this patch only the VariableProxy is created,
without adding it as an unresolved variable in the scope.

BUG=v8:3501
LOG=Y

Review URL: https://codereview.chromium.org/880253004

Cr-Commit-Position: refs/heads/master@{#26328}
 2015-01-29 15:53:15 +00:00
mstarzinger
c5833e8596 Add missing FrameState to JSToName nodes. 
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-451770
BUG=chromium:451770
LOG=N

Review URL: https://codereview.chromium.org/880963002

Cr-Commit-Position: refs/heads/master@{#26305}
 2015-01-28 11:40:02 +00:00
yangguo
1e905469be Land test case for RegExp.source. 
BUG=chromium:447561
LOG=N
TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/878033003

Cr-Commit-Position: refs/heads/master@{#26297}
 2015-01-27 15:17:37 +00:00
ishell
7f9b2fa699 Do not generalize field representations when making elements kind or observed transition. 
BUG=chromium:448711
LOG=y

Review URL: https://codereview.chromium.org/861173004

Cr-Commit-Position: refs/heads/master@{#26289}
 2015-01-27 11:19:06 +00:00
titzer
7c81161b97 [turbofan] Simplify reduction if IfTrue and IfFalse and fix bugs. 
R=mstarzinger@chromium.org
BUG=chromium:451958
LOG=Y

Review URL: https://codereview.chromium.org/880533002

Cr-Commit-Position: refs/heads/master@{#26276}
 2015-01-26 16:11:24 +00:00
mstarzinger
00f3f99221 Add missing FrameState for Runtime_CreateArrayLiteral. 
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-451013
BUG=chromium:451013
LOG=N

Review URL: https://codereview.chromium.org/873973003

Cr-Commit-Position: refs/heads/master@{#26268}
 2015-01-26 12:45:34 +00:00
svenpanne
a7d67a64f1 Fixed Hydrogen environment handling for mul-i on ARM and ARM64. 
The whole logic in DoMul makes me cry, so I made only the minimal
change to fix the issue...

BUG=v8:451322
LOG=y

Review URL: https://codereview.chromium.org/873703002

Cr-Commit-Position: refs/heads/master@{#26261}
 2015-01-26 08:35:58 +00:00
mstarzinger
d2e424afb8 Avoid unintentional optimization of hot builtins by TurboFan. 
R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-451016
BUG=chromium:451016
LOG=N

Review URL: https://codereview.chromium.org/817293005

Cr-Commit-Position: refs/heads/master@{#26229}
 2015-01-22 18:52:15 +00:00
ishell
8ccc696bf6 Support concatenating with zero-size arrays with DICTIONARY_ELEMENTS in Runtime_ArrayConcat. 
BUG=chromium:450895
LOG=y

Review URL: https://codereview.chromium.org/849693003

Cr-Commit-Position: refs/heads/master@{#26219}
 2015-01-22 11:15:30 +00:00
mstarzinger
558efe21f0 Add missing BailoutId and FrameState to with statements. 
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-450642
BUG=chromium:450642
LOG=N

Review URL: https://codereview.chromium.org/865833002

Cr-Commit-Position: refs/heads/master@{#26218}
 2015-01-22 10:57:42 +00:00
bmeurer
0381acf7b3 Double field values need sNaN -> qNaN canonicalization. 
Also fix mjsunit/regress/regress-undefined-nan to ensure that we are
testing transfer via xmm registers by forcing the transfer to be in an
optimized function.

BUG=v8:3839
LOG=n
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/863153002

Cr-Commit-Position: refs/heads/master@{#26213}
 2015-01-22 08:36:12 +00:00
Benedikt Meurer
ee86227600 [arm] Fix sNaN quietening in the ARM simulator on IA-32. 
TEST=msjunit/regress/regress-undefined-nan2
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/802243004

Cr-Commit-Position: refs/heads/master@{#26185}
 2015-01-21 13:01:23 +00:00
Benedikt Meurer
9eace97bba Use signaling NaN for holes in fixed double arrays. 
TEST=mjsunit,cctest,unittests
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/863633002

Cr-Commit-Position: refs/heads/master@{#26180}
 2015-01-21 08:52:25 +00:00
ishell
33994b4a22 Massive renaming of PropertyType values and other implied stuff. 
PropertyKind:
  DATA -> kData
  ACCESSOR -> kAccessor

PropertyType:
  FIELD -> DATA
  CONSTANT -> DATA_CONSTANT
  ACCESSOR_FIELD -> ACCESSOR
  CALLBACKS -> ACCESSOR_CONSTANT

PropertyLocation:
  IN_OBJECT -> kField
  IN_DESCRIPTOR -> kDescriptor

StoreMode:
  FORCE_IN_OBJECT -> FORCE_FIELD

FieldDescriptor -> DataDescriptor
ConstantDescriptor -> DataConstantDescriptor
CallbacksDescriptor -> AccessorConstantDescriptor

Review URL: https://codereview.chromium.org/856503002

Cr-Commit-Position: refs/heads/master@{#26146}
 2015-01-19 17:49:22 +00:00
mvstanton
173b69f041 ClusterFuzz fix: %NormalizeElements shouldn't process the global proxy. 
BUG=449070
R=yangguo@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/859713002

Cr-Commit-Position: refs/heads/master@{#26126}
 2015-01-19 09:31:19 +00:00
Sven Panne
e5184734b3 Another attempt to fix regress-crbug-178790. 
This time we simply undo the change introduced by the PPC port for
this test. No idea why it should be necessary, and Windows XP
obviously doesn't give us that much stack, anyway.

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/826833003

Cr-Commit-Position: refs/heads/master@{#26093}
 2015-01-16 10:12:15 +00:00
Sven Panne
54570cfa74 PPC aftermath: Fix regress-crbug-178790. 
The test fails on XP only, so let's tentatively raise the stack limit more. We probably need to investigate what a tighter limit might be and (more importantly) what the underlying reason for the failure is.

Hopefully 1800kB is enough, we can't test this via try jobs, because we don't have XP try bots. :-/

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/791693005

Cr-Commit-Position: refs/heads/master@{#26092}
 2015-01-16 09:45:31 +00:00
Sven Panne
e4c5b84652 Contribution of PowerPC port (continuation of 422063005) 
Contribution of PowerPC port (continuation of 422063005). The inital patch
covers the core changes to the common files.  Subsequent patches will cover
changes to common files to support AIX and to update the ppc directories so
they are current with the changes in the rest of the project.

This is based off of the GitHub repository
https://github.com/andrewlow/v8ppc

BUG=
R=svenpanne@chromium.org, danno@chromium.org, sevnpanne@chromium.org

Review URL: https://codereview.chromium.org/817143002

Cr-Commit-Position: refs/heads/master@{#26091}
 2015-01-16 07:42:15 +00:00
bmeurer
e1d878d16f Add proper support for proxies to HType. 
TEST=mjsunit/regress/regress-crbug-448730
BUG=chromium:448730
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/847373002

Cr-Commit-Position: refs/heads/master@{#26056}
 2015-01-14 13:57:09 +00:00
dslomov
a4124b3bfc Map -0 to integer 0 for typed array constructors. 
R=bmeurer@chromium.org
BUG=chromium:447756
LOG=Y

Review URL: https://codereview.chromium.org/790813005

Cr-Commit-Position: refs/heads/master@{#26021}
 2015-01-12 11:42:57 +00:00
titzer
7e98658e31 [turbofan] Fix control reducer for degenerate cases of self-loop branches. 
R=jarin@chromium.org
BUG=chromium:447526

Review URL: https://codereview.chromium.org/828823006

Cr-Commit-Position: refs/heads/master@{#26009}
 2015-01-09 12:28:14 +00:00
Yang Guo
2050994d80 Correctly parse line ends for debugging. 
Instead of using only \n as line terminator, we now use the definition
in http://www.ecma-international.org/ecma-262/5.1/#sec-7.3

R=marja@chromium.org
BUG=v8:2825
LOG=Y

Review URL: https://codereview.chromium.org/821383009

Cr-Commit-Position: refs/heads/master@{#25989}
 2015-01-08 10:46:13 +00:00
ishell
0d6785805c Correct handling of exceptions occured during getting of exception stack trace. 
BUG=chromium:444805
LOG=Y

Review URL: https://codereview.chromium.org/793333003

Cr-Commit-Position: refs/heads/master@{#25978}
 2015-01-07 14:50:16 +00:00
titzer
d77d3ba9a3 Fix bug in Runtime_CompileOptimized resulting from stack overflow. 
R=jarin@chromium.org
BUG=chromium:446389
LOG=Y

Review URL: https://codereview.chromium.org/844503002

Cr-Commit-Position: refs/heads/master@{#25974}
 2015-01-07 13:43:44 +00:00
svenpanne
cbf3b0bcc7 More -fsanitize=vptr fixes. 
This actually fixes 3 different issues when accessing Operand1:

   * Object vs. HeapObject

   * Wrong defaults for equals/hash

   * silently dropping const

TEST=test/mjsunit/regress/regress-441099.js
BUG=chromium:441099
LOG=y

Review URL: https://codereview.chromium.org/812563002

Cr-Commit-Position: refs/heads/master@{#25843}
 2014-12-16 14:20:28 +00:00
marja
978f41a1da RegExpParser: Fix Reset()ting to the end. 
The bug would occur when we try to Reset() to a position already at the end.

This happens e.g., when the regexp ends with \u. What used to happen in that
case: 1) Advance past \ and u (to the end) (which wouldn't increase next_pos_
enough) 2) Try to parse 4 hex digits 3) When that failed, Reset() to the
position which should've been at the end but wasn't.

To be able to properly Reset() to a position at the end, we need to allow
next_pos_ to move beyond the end (since position() is next_pos_ - 1).

Minimal repro case:

var r = /foo\u/
r.test("foou") // should be true, was false.

(Note that \u not followed by 4 hex didits should be interpreted as an identity
escape. It already worked unless \u was at the end of the regexp.)

BUG=v8:3756
LOG=NO

Review URL: https://codereview.chromium.org/802313003

Cr-Commit-Position: refs/heads/master@{#25838}
 2014-12-16 12:14:19 +00:00
jkummerow
c060f4e26c Internalize strings being stored into uninitialized property cells 
Review URL: https://codereview.chromium.org/804993002

Cr-Commit-Position: refs/heads/master@{#25822}
 2014-12-15 15:46:11 +00:00
dslomov
e6198a0fed Update tests in preparation for shipping classes. 
R=arv@chromium.org
BUG=v8:3330
LOG=N

Review URL: https://codereview.chromium.org/788773003

Cr-Commit-Position: refs/heads/master@{#25783}
 2014-12-11 15:54:09 +00:00
ishell
7d13ca278a Reland of "TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name." 
Review URL: https://codereview.chromium.org/793453004

Cr-Commit-Position: refs/heads/master@{#25750}
 2014-12-10 15:18:52 +00:00
svenpanne
c16b8f6cbb Fixed environment handling for LFlooringDivI on ARM. 
Beautiful code... :-}

BUG=chromium:437765
LOG=y

Review URL: https://codereview.chromium.org/775613002

Cr-Commit-Position: refs/heads/master@{#25613}
 2014-12-02 13:47:19 +00:00
ishell
1a2e4b265a Map::CopyGeneralizeAllRepresentations() left incorrect layout descriptor in a new map. 
BUG=chromium:436820
LOG=N

Review URL: https://codereview.chromium.org/759823004

Cr-Commit-Position: refs/heads/master@{#25530}
 2014-11-26 17:37:05 +00:00
titzer
9da4998204 Abort optimization in corner case. 
The %OptimizeFunctionOnNextCall sledgehammer can cause a function to be
marked for optimization before it's ever been compiled by fullcode.
This can lead to the situation where a function doesn't have optimization
disabled until we try to compile it optimized.

Basically, the assert should just handle this case more gracefully.

R=yangguo@chromium.org
BUG=436893
LOG=Y

Review URL: https://codereview.chromium.org/760063002

Cr-Commit-Position: refs/heads/master@{#25528}
 2014-11-26 16:57:52 +00:00
jarin
97cab985b8 Do not try to inline if the function has an illegal redeclaration. 
R=mvstanton@chromium.org
BUG=chromium:436896
LOG=n

Review URL: https://codereview.chromium.org/755333003

Cr-Commit-Position: refs/heads/master@{#25527}
 2014-11-26 16:32:46 +00:00
dslomov
626f110f0b Introduce legacy const slots in correct context. 
R=rossberg@chromium.org
BUG=chromium:410030
LOG=Y

Review URL: https://codereview.chromium.org/756293004

Cr-Commit-Position: refs/heads/master@{#25519}
 2014-11-26 12:16:30 +00:00
dslomov
6ac4de87a8 harmony-scoping: make assignment to 'const' a late error. 
Per TC39 Nov 2014 decision.

This patch also changes behavior for "legacy const": assignments to sloppy const in strict mode is now also a type error. This fixes v8:2243 and also brings us in compliance with other engines re assignment to function names (see updated webkit test), but might have bigger implications.
That change can easily be reverted by changing Variable::IsSignallingAssignmentToConst.

BUG=v8:3713,v8:2243
LOG=N

Review URL: https://codereview.chromium.org/749633002

Cr-Commit-Position: refs/heads/master@{#25516}
 2014-11-26 11:21:23 +00:00
jarin
d9cabb9b22 [turbofan] Fix matching of the lea instruction. 
Resets the scaled exponent to 0 when the scaling match fails.

BUG=

Review URL: https://codereview.chromium.org/756643002

Cr-Commit-Position: refs/heads/master@{#25491}
 2014-11-24 17:45:33 +00:00
yangguo
270dccf6db Correctly find shared function info for debugging when compiling eagerly. 
R=ulan@chromium.org
BUG=v8:3717
LOG=N

Review URL: https://codereview.chromium.org/758523004

Cr-Commit-Position: refs/heads/master@{#25486}
 2014-11-24 15:43:35 +00:00
yangguo
14a3b9188d Fix RegExp.source for uncompiled regexp. 
R=jkummerow@chromium.org
BUG=435825
LOG=N

Review URL: https://codereview.chromium.org/753983002

Cr-Commit-Position: refs/heads/master@{#25476}
 2014-11-24 11:21:52 +00:00
yangguo
5414c39974 Slightly improve tests that rely on lazy compilation. 
R=rossberg@chromium.org
BUG=v8:3712
LOG=N

Review URL: https://codereview.chromium.org/743843003

Cr-Commit-Position: refs/heads/master@{#25463}
 2014-11-21 12:41:06 +00:00
yangguo
61bee5c898 Correctly escape RegExp source. 
R=ulan@chromium.org
BUG=v8:3229
LOG=N

Review URL: https://codereview.chromium.org/736003002

Cr-Commit-Position: refs/heads/master@{#25457}
 2014-11-21 10:50:24 +00:00
Michael Stanton
cf572694fe Assert to protect against polymorphic string loads fires on valid stores. 
BUG=435477
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/751513002

Cr-Commit-Position: refs/heads/master@{#25456}
 2014-11-21 10:29:08 +00:00
Michael Stanton
3d58b82add Fix for 435073: CHECK failure in CHECK(p->IsSmi()) failed. 
The bug was an error when copying arrays in crankshaft. If it's a holey smi
array, the copy must be done as FAST_HOLEY_ELEMENTS to prevent representation
changes from being inserted that deopt on encountering the hole.

Also, prevent inlining array pop() and shift() if the length is read-only.

BUG=435073
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/737383002

Cr-Commit-Position: refs/heads/master@{#25455}
 2014-11-21 10:14:19 +00:00
ulan
dc88962350 Do not bailout from optimizing functions that use f(x, arguments) 
if there is not enough type-feedback to detect that f is Function.prototype.apply.

BUG=v8:3709
LOG=N
TEST=mjsunit/regress/regress-3709

Review URL: https://codereview.chromium.org/736043002

Cr-Commit-Position: refs/heads/master@{#25447}
 2014-11-20 17:07:44 +00:00
Andreas Rossberg
4f63564700 Fix lower bound violation 
R=jarin@chromium.org
BUG=433332
LOG=N

Review URL: https://codereview.chromium.org/739563002

Cr-Commit-Position: refs/heads/master@{#25436}
 2014-11-20 11:22:49 +00:00
yangguo
5bea77f786 Fix disabling all break points from within the debug event callback. 
BUG=chromium:432493
LOG=Y

Review URL: https://codereview.chromium.org/728103008

Cr-Commit-Position: refs/heads/master@{#25400}
 2014-11-18 14:57:48 +00:00
Jakob Kummerow
bf22724e0d Fix one more missing c0_ < 0 check in scanner 
BUG=chromium:433766
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/731953003

Cr-Commit-Position: refs/heads/master@{#25371}
 2014-11-17 09:43:31 +00:00
Jaroslav Sevcik
c3af691e72 [turbofan] Remove int32 narrowing during typed lowering. 
With Int32Add we lose the int/uint distinction, so later, in simplified lowering we can make a wrong decision. E.g., see the attached test case, where we lower NumberAdd -> Int32Add because inputs are Uint32, but during simplified lowering we change the inputs to Int32, so we get a wrong result.

Simplified lowering will lower the NumberAdd operations anyway, so we should lose performance.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/721723004

Cr-Commit-Position: refs/heads/master@{#25368}
 2014-11-17 09:04:52 +00:00
ishell@chromium.org
2e38f33911 Revert "TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name." 
Revert "Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136."

This revert is made in order to revert r25099 which potentially causes renderer hangs.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/722873004

Cr-Commit-Position: refs/heads/master@{#25332}
 2014-11-13 15:31:04 +00:00
ishell@chromium.org
bc8c41c08d Avoid fast short-cut in Map::GeneralizeRepresentation() for literals with non-simple transitions. 
It started showing after r25253.

BUG=v8:3687
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/715313003

Cr-Commit-Position: refs/heads/master@{#25324}
 2014-11-13 10:56:31 +00:00
Jaroslav Sevcik
2d075e2298 Reland "[turbofan] Weakening of types must weaken ranges inside unions." 
This relands commit 4c1f4b796d.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/723023002

Cr-Commit-Position: refs/heads/master@{#25317}
 2014-11-13 09:02:14 +00:00
Yang Guo
b96309b776 Move public symbols to the root set. 
This allows serializing public symbols that are embedded in code.

BUG=v8:3689
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/722723002

Cr-Commit-Position: refs/heads/master@{#25315}
 2014-11-13 08:48:08 +00:00
Jaroslav Sevcik
c513297f9f Revert "[turbofan] Weakening of types must weaken ranges inside unions." 
This reverts commit 4c1f4b796d.

TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/722943003

Cr-Commit-Position: refs/heads/master@{#25312}
 2014-11-13 06:10:42 +00:00
Jaroslav Sevcik
4c1f4b796d [turbofan] Weakening of types must weaken ranges inside unions. 
BUG=
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/712623002

Cr-Commit-Position: refs/heads/master@{#25311}
 2014-11-13 05:31:47 +00:00
dslomov@chromium.org
0e2f7e3c35 Re-enable serialization under harmony-scoping. 
R=yangguo@chromium.org
BUG=v8:3689
LOG=N

Review URL: https://codereview.chromium.org/717153002

Cr-Commit-Position: refs/heads/master@{#25294}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-12 13:12:50 +00:00
yangguo@chromium.org
1dbd6369b1 Correctly compute line numbers in functions from the function constructor. 
R=aandrey@chromium.org
BUG=chromium:109362
LOG=Y

Review URL: https://codereview.chromium.org/701093003

Cr-Commit-Position: refs/heads/master@{#25289}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-12 10:06:47 +00:00
adamk@chromium.org
1386257c55 Correctly handle Array unshift/splices that move elements past the max length of an Array 
BUG=v8:2615
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/679113003

Cr-Commit-Position: refs/heads/master@{#25270}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-11 19:08:14 +00:00
jkummerow@chromium.org
3b3929fdc7 Reland "Avoid some unnecessary fast-properties map creations." 
This relands commit ea74f0f85a.

The revert was due to failures in cctest/test-heap/ReleaseOverReservedPages,
caused by apparent changes to memory layout and fragmentation of the
first page. Eliminating a situation in messages.js where this CL has had
an effect on map transitions seems to solve the issue.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/714883003

Cr-Commit-Position: refs/heads/master@{#25266}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-11 15:41:30 +00:00
jkummerow@chromium.org
d3b68cf370 Fix has_constant_parameter_count() confusion in LReturn 
BUG=chromium:431602
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/714663002

Cr-Commit-Position: refs/heads/master@{#25249}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-10 15:25:50 +00:00
arv@chromium.org
c24ebcd387 Revert "Avoid some unnecessary fast-properties map creations." 
This reverts commit e1f23eab4255d63344011dfb885b8e8962cb60e2.

Broke cctest/test-heap/ReleaseOverReservedPages on a bunch of builders

http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/928/steps/Check/logs/ReleaseOverReservedPa..

BUG=None
LOG=N
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/709123002

Cr-Commit-Position: refs/heads/master@{#25224}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-07 18:49:45 +00:00
jkummerow@chromium.org
ea74f0f85a Avoid some unnecessary fast-properties map creations. 
(1) When we have just normalized and re-fastified a map, we don't need to copy it again to set the is_prototype bit.
(2) When defining accessors causes a non-prototype object to go slow, don't force re-fastification.

BUG=v8:3267
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/706243002

Cr-Commit-Position: refs/heads/master@{#25221}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-07 16:33:47 +00:00
marja@chromium.org
2b026851ac Scanner: disallow unicode escapes in regexp flags. 
The spec explicitly forbids them. V8 never handled them properly either, just
the Scanner accepted them (it had code to add them literally to the
LiteralBuffer) and later on, Regexp constructor disallowed them.

According to the spec, unicode escapes in regexp flags should be an early error
("It is a Syntax Error if IdentifierPart contains a Unicode escape sequence.").

Note that Scanner is still more relaxed about regexp flags than the
spec. Especially, it accepts any identifier parts (not just a small set of
letters) and doesn't check for duplicates.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/700373003

Cr-Commit-Position: refs/heads/master@{#25215}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-07 14:32:19 +00:00
ishell@chromium.org
e1f93a82f2 Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136. 
BUG=chromium:430846
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/704183002

Cr-Commit-Position: refs/heads/master@{#25185}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-06 11:50:33 +00:00
jarin@chromium.org
91eeae5849 [turbofan] Fix deopt for assignments in non-effect context. 
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/701853002

Cr-Commit-Position: refs/heads/master@{#25151}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-05 13:09:14 +00:00
ishell@chromium.org
33dde8d92c TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name. 
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/661133002

Cr-Commit-Position: refs/heads/master@{#25136}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-05 09:26:48 +00:00
rossberg@chromium.org
357882a8e5 1..isPrototypeOf.call(null) should return false, not throw TypeError. 
BUG=v8:3483
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/433413002

Cr-Commit-Position: refs/heads/master@{#25116}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-04 16:14:18 +00:00
mstarzinger@chromium.org
cd3273b562 Properly handle stack overflows in the AST graph builder. 
R=jarin@chromium.org
BUG=chromium:429159
TEST=mjsunit/regress/regress-crbug-429159
LOG=N

Review URL: https://codereview.chromium.org/697473006

Cr-Commit-Position: refs/heads/master@{#25037}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-31 14:02:46 +00:00
yangguo@chromium.org
76292d2daf Fix assertion scope in Runtime_GetScript. 
The HeapIterator implies DisallowHeapAllocation, but Script::GetWrapper
may allocate.

LOG=N
R=jkummerow@chromium.org
BUG=chromium:410033

Review URL: https://codereview.chromium.org/680283002

Cr-Commit-Position: refs/heads/master@{#25001}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-30 07:25:43 +00:00
yangguo@chromium.org
64cef0b2e9 Reland "In PrepareForBreakPoints, also purge shared function info not referenced by functions." 
BUG=chromium:424142
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/692453002

Cr-Commit-Position: refs/heads/master@{#24970}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24970 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-29 10:19:44 +00:00
yangguo@chromium.org
67b76ebaea Revert "In PrepareForBreakPoints, also purge shared function info not referenced by functions." 
This reverts commit r24964.

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/687163002

Cr-Commit-Position: refs/heads/master@{#24966}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-29 09:23:10 +00:00
yangguo@chromium.org
7668c4c29a In PrepareForBreakPoints, also purge shared function info not referenced by functions. 
R=ulan@chromium.org
BUG=chromium:424142
LOG=N

Review URL: https://codereview.chromium.org/685753002

Cr-Commit-Position: refs/heads/master@{#24964}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-29 08:11:41 +00:00
yangguo@chromium.org
0dfbf83468 Use shared function info for eval cache key. 
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/678843004

Cr-Commit-Position: refs/heads/master@{#24927}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-28 10:01:44 +00:00
yangguo@chromium.org
efc01f4736 Prevent recursion in the debug event listener. 
R=ulan@chromium.org
BUG=chromium:409614
LOG=N

Review URL: https://codereview.chromium.org/684573005

Cr-Commit-Position: refs/heads/master@{#24924}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24924 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-28 09:44:43 +00:00
adamk@chromium.org
f1954232b0 SimpleMove now calls [[Has]] before [[Get]] when moving elements 
BUG=v8:3643
LOG=n
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/678753002

Cr-Commit-Position: refs/heads/master@{#24907}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-27 13:05:13 +00:00
jarin@chromium.org
23df66ee24 Add more missing deopts 
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/639883002

Cr-Commit-Position: refs/heads/master@{#24886}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-26 10:25:48 +00:00
adamk@chromium.org
c9ea8d6512 SimpleSlice now calls [[Get]] before [[Has]] when generating copy 
SparseSlice does not need this (non-optimal) reordering since its
callers guarantee that [[Get]] has no side effects on the passed-in array.

BUG=v8:3643
LOG=n
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/674003002

Cr-Commit-Position: refs/heads/master@{#24884}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-24 18:08:13 +00:00
adamk@chromium.org
02d37b8f10 Widen definition of %HasComplexElements() to include non-enumerability 
This avoids using the Sparse methods on objects with non-enumerable elements,
which can cause the 'enumerable: false' bit to get lost in the operation.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/672323003

Cr-Commit-Position: refs/heads/master@{#24883}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-24 18:04:13 +00:00
adamk@chromium.org
0ef073d556 Fix sparse versions of Array slice/splice to use [[DefineOwnProperty]] to generate return value 
BUG=chromium:423633
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/673893002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-23 21:13:29 +00:00
adamk@chromium.org
5f1ae66d56 Narrow cases where Sparse/Smart versions of Array methods are used 
Added a new %HasComplexElements runtime function (meaning elements that are
non-writable, non-configurable, or have getters and setters) and use it
in UseSparseVariant to filter out cases where the sparse optimizations
can cause V8 to fall out of spec compliance.

Renamed SmartMove/SmartSlice to SparseMove/SparseSlice and guarded them
with the new and improved UseSparseVariant.

These two changes combine let us pass nearly every test in bug-2615.js,
as well as fixing reverse and join on sparse arrays.

Note that there are various test changes in this patch that correct existing
tests to match the correct-by-spec behavior.

This patch depends on https://codereview.chromium.org/666883009, which
better-aligns the behavior of SmartMove with SimpleMove.

BUG=v8:2615,v8:3612,v8:3621
LOG=y
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/656423004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-23 18:21:50 +00:00
ishell@chromium.org
5509cc2c07 Fixed mutable heap numbers leak in JSON parser. 
BUG=chromium:423687
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/669403002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-23 14:41:39 +00:00
dslomov@chromium.org
96105a90fc harmony-scoping: Allow 'const' iteration variables in strict mode. 
R=rossberg@chromium.org
BUG=v8:2506
LOG=N

Committed: https://code.google.com/p/v8/source/detail?r=24834

Review URL: https://codereview.chromium.org/671913002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-23 12:30:20 +00:00
dslomov@chromium.org
707ed29a51 Revert "harmony-scoping: Allow 'const' iteration variables in strict mode." 
This reverts commit r24834 for breaking debug tests.

TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/672193002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-23 11:55:19 +00:00
dslomov@chromium.org
b54f7d3c46 harmony-scoping: Allow 'const' iteration variables in strict mode. 
R=rossberg@chromium.org
BUG=v8:2506
LOG=N

Review URL: https://codereview.chromium.org/671913002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-23 11:18:50 +00:00
rodolph.perfetta@arm.com
ecbfc43f37 ARM64: Fix stack manipulation. 
Builtins::Generate_StringConstructCode was claiming stack space instead of
giving it back.

BUG=chromium:425585
LOG=Y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/672623003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-22 18:24:20 +00:00
dslomov@chromium.org
b664c12235 Flatten the string in StringToDouble function. 
R=yangguo@chromium.org
BUG=chromium:425551
LOG=N

Review URL: https://codereview.chromium.org/654763003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-22 08:19:05 +00:00
adamk@chromium.org
b6d0113abc Array.prototype.{slice,splice} should use [[DefineOwnProperty]] to generate return value 
BUG=chromium:423633
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/649063003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24784 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-21 17:46:42 +00:00
mvstanton@chromium.org
8330178b4c The issue is that by handling strings with map/handler pairs instead of a special 
version of the keyed load stub (https://code.google.com/p/v8/source/detail?r=24661),
I allowed polymorphism between string and non-string types in the IC. Before, the
IC would go generic.

Then, at crankshaft time, we special case when we only saw strings. The error
here is that crankshaft can't emit code that handles polymorphism between string
and non-string types. The choice is either to get that to happen (I don't deem
this necessary from a performance point of view, an IC with such type feedback
before would have gone generic), or simply check for the case of "polymorphic
with some string maps" and require crankshaft to go generic. I'll do the latter.

BUG=425519
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/667923004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-21 13:04:51 +00:00
yangguo@chromium.org
83ddaa0df7 Fix break location calculation. 
R=ulan@chromium.org
BUG=chromium:419663
LOG=Y

Review URL: https://codereview.chromium.org/658723005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-17 14:11:01 +00:00
adamk@chromium.org
ae7161e4cb Revert "Remove SmartMove, bringing Array methods further into spec compliance" 
This reverts https://code.google.com/p/v8/source/detail?r=24647

It caused test failures in Array methods in Linux64 OptimizeForSize.

BUG=v8:2615
TBR=verwaest@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/656683003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-15 23:53:02 +00:00
adamk@chromium.org
bb885a79db Remove SmartMove, bringing Array methods further into spec compliance 
This is one step towards a single codepath for each method in array.js.

This patch is based on rafaelw's https://codereview.chromium.org/349073002

BUG=v8:2615
LOG=Y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/455933002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24647 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-15 23:36:58 +00:00
adamk@chromium.org
a6ff3f7f4a Handle exceptions thrown by Array.observe machinery 
BUG=chromium:417709
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/651323003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-15 18:22:20 +00:00
verwaest@chromium.org
23868b419c Optimize Function.prototype.call 
BUG=
R=verwaest@chromium.org, jarin@chromium.org, jkummerow@chromium.org

Review URL: https://codereview.chromium.org/588573002

Patch from Petka Antonov <p.antonov@partner.samsung.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-15 12:22:15 +00:00
yangguo@chromium.org
9a21ba499c Catch exceptions thrown when enqueuing change records. 
R=ishell@chromium.org
BUG=chromium:417709
LOG=N

Review URL: https://codereview.chromium.org/653593002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-14 14:46:11 +00:00
ulan@chromium.org
29296d7e50 Fix computation of UTC time from local time at DST change points. 
This also reverts r23606, which was an incorrect fix.

BUG=v8:3116,chromium:417640,chromium:415424
LOG=Y
TEST=mjsunit/regress/regress-3116.js
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/639383002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-09 14:17:33 +00:00
jkummerow@chromium.org
1bb52d0da8 Fix Hydrogen's BuildStore() 
BUG=chromium:417508
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/612423002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-01 13:17:34 +00:00
jarin@chromium.org
5b742b356d Adding more missing deoptimization points in Turbofan. 
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/595863002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-29 13:37:58 +00:00
jarin@chromium.org
b11c925142 Disable merging simulates across captured objects. 
BUG=chromium:416730
LOG=N
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/607453002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-25 12:16:32 +00:00
yangguo@chromium.org
86b3c3eea7 Insert materialized context at the right place in DebugEvaluate. 
R=aandrey@chromium.org, ulan@chromium.org
BUG=chromium:323936
LOG=N

Review URL: https://codereview.chromium.org/599113002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-25 09:33:40 +00:00
jkummerow@chromium.org
1903e560b0 Non-JSArrays must always have holey elements. 
Drive-by cleanup: remove unused elements_kind_ field in CallNew.

BUG=chromium:416558
LOG=n
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/595333002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-25 08:25:25 +00:00
mvstanton@chromium.org
b0b59073ac Fix IC cache confusion on String.prototype.length 
BUG=416416
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/587363002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-24 09:33:04 +00:00
jarin@chromium.org
9ef343c18d [Turbofan] Insert nops for lazy bailout patching, fix translation of literals. 
The code for EnsureSpaceForLazyDeopt is taken from lithium-codegen-*.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/562033003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-23 08:46:18 +00:00
verwaest@chromium.org
83f64e8c1f Fix escaped index JSON parsing 
BUG=416449
LOG=y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/592813002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-22 15:21:19 +00:00
mstarzinger@chromium.org
429924b780 Fix typed lowering to number comparison. 
R=titzer@chromium.org
TEST=mjsunit/regress/regress-3564
BUG=v8:3564
LOG=N

Review URL: https://codereview.chromium.org/574653002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-16 11:33:30 +00:00
mstarzinger@chromium.org
d313551a3e Disable lowering to StringAdd due to various issues. 
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/566303003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-16 08:29:46 +00:00
yangguo@chromium.org
7cb82a76b4 Reland "Remove V8_HOST_CAN_READ_UNALIGNED and its uses." 
BUG=chromium:412967
LOG=N
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/571903002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-15 10:54:49 +00:00
jarin@chromium.org
00e90b7e6e Remove deoptimization by patching the call stack. 
We go back to patching the code for lazy deoptimization because ICs need the on-stack return address to read/update the IC address/state.

The change also fixes bunch of tests, mostly by adding more deoptimization points.

(We still need to add code to ensure lazy deopt patching does not overwrite ICs and other lazy deopts; this is coming next.)

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/568783002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-15 09:21:39 +00:00