AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9,828 Commits 1 Branch 0 Tags 839 MiB
a65e166aa7
Commit Graph

1751 Commits

Author SHA1 Message Date
rossberg@chromium.org
8eb704257f Object.observe: Fixed missing case for turning off ICs. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11358122

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 13:15:54 +00:00
rossberg@chromium.org
fbc6e0d883 Object.observe: generate change records for indexed properties. 
Details:
- Extend ElementAccessors with GetAttributes method.
- Add HasLocalElement, Get[Local]ElementAttribute methods to JSReceiver/JSObject.
- Otherwise, mirror implementation for named properties.

Cannot correctly handle the cases yet where an accessor is redefined or deleted.

Also fixed handling of object info table.

(Based on CL https://codereview.chromium.org/11362115/)

R=verwaest@chromium.org,mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11365111

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 12:58:08 +00:00
mstarzinger@chromium.org
a31889e2de Fix slack tracking when instance prototype changes. 
This fixes a corner case when the instance prototype of a function is
changed while inobject slack tracking is still in progress. This caused
the intial map to be unrelated for functions with the same shared info
and hence the shared construct stub is no longer generic enough to work
for all those functions.

R=danno@chromium.org
BUG=chromium:157019
TEST=mjsunit/regress/regress-crbug-157019

Review URL: https://codereview.chromium.org/11293059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 11:56:44 +00:00
rossberg@chromium.org
e059e64c98 Object.observe: include oldValue in change records, 
plus more accurate distinction of different change types.

Required handlifying more code.

Also fixed a handlification bug in JSProxy::GetElementAttributeWithHandler.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11362115

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12888 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-07 14:14:50 +00:00
yangguo@chromium.org
ecb6126e45 Remove check for recursion depth for JSON.stringify. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11368119

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-07 12:12:52 +00:00
mstarzinger@chromium.org
e405ff84b4 ES6: Adding support for size to Set and Map 
Section 15.14.5.10 and 15.16.5.7 in the October 26, 2012 ES6 draft,
http://wiki.ecmascript.org/doku.php?id=harmony:specification_drafts

This adds a getter for "size" to Set.prototype and Map.prototype which reflects
the number of elements in the Set and Map respectively.

BUG=v8:2395

Review URL: https://codereview.chromium.org/11360089
Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12875 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-06 18:14:45 +00:00
rossberg@chromium.org
b80cbd7922 Object.observe: generate change records for named properties. 
In more detail:
- Set observation bit for observed objects (and make NormalizedMapCache respect it).
- Mutation of observed objects is always delegated from ICs to runtime.
- Introduce JS runtime function for notifying generated changes.
- Invoke this function in the appropriate places (including some local refactoring).
- Inclusion of oldValue field is not yet implemented, nor element properties.

Also, shortened flag to --harmony-observation.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11347037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-06 12:32:36 +00:00
ulan@chromium.org
f106c9c9f7 Add rotate-right instruction to hydrogen and use it instead of bitwise operations 
of the form ((x >>> i) | (x << (32 - i))).

This CL is based on https://chromiumcodereview.appspot.com/10984057/
by Jay Conrod <dconrod@codeaurora.org>.

R=danno@chromium.org,mstarzinger@chromium.org,dconrod@codeaurora.org

Review URL: https://chromiumcodereview.appspot.com/11033005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-05 13:28:10 +00:00
yangguo@chromium.org
e452c10702 Add fast path for FastProperty objects in JSON.stringify. 
R=verwaest@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11363078

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-05 12:59:35 +00:00
yangguo@chromium.org
e26012e771 Fix JSON.stringify wrt harmony proxies. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11312063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-05 10:53:56 +00:00
svenpanne@chromium.org
9de1d40d28 Improve handling of property loads on the proto chain. 
Previously Crankshaft emitted a generic load for these, now we emit a load of a
named field, guarded by a proto chain check.

LCheckPrototypeMaps now returns the holder, which is for free, because it
already had to check its map as the last step, anyway. This is in sync with what
StubCompiler::CheckPrototype does.

Review URL: https://codereview.chromium.org/11338030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-05 08:53:54 +00:00
yangguo@chromium.org
e8d91b424c Handle edge cases in basic JSON.stringify. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11315009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-02 14:46:57 +00:00
verwaest@chromium.org
14abf05bd5 Ensure reducing the length of an array doesn't make it go holey. 
Also only transition and/or change anything to the backing store if we are
actually going to delete anything.

BUG=

Review URL: https://chromiumcodereview.appspot.com/11358011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-02 10:24:56 +00:00
yangguo@chromium.org
fe7ec01096 Fix handling arrays with holes in JSON.stringify. 
R=verwaest@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11273112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-30 15:29:34 +00:00
yangguo@chromium.org
8ed2e560ea Treat leading zeros in JSON.parse correctly. 
R=verwaest@chromium.org
BUG=158185

Review URL: https://chromiumcodereview.appspot.com/11273075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-29 12:01:29 +00:00
mstarzinger@chromium.org
e363cd3425 Fix ugly typo in GenerateNewNonStrictFast. 
R=svenpanne@chromium.org
BUG=chromium:157520
TEST=mjsunit/regress/regress-crbug-157520

Review URL: https://codereview.chromium.org/11300008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12826 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-26 10:55:25 +00:00
yangguo@chromium.org
f6ed7f5e23 Relax test expectations for json-recursive.js 
R=mvstanton@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11311002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-26 07:52:18 +00:00
rossberg@chromium.org
ae93cf665d Initial JS stub implementation of Object.observe. Adds support for .object/.unobserve/.notify/.deliverChangeRecords. No delivery mechanism is implemented for end-of-microtask. 
Review URL: https://codereview.chromium.org/11225058
Patch from Rafael Weinstein <rafaelw@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-25 14:56:44 +00:00
yangguo@chromium.org
e91473f057 Relax test expectations to appease mac build. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11272029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-25 12:39:41 +00:00
yangguo@chromium.org
58c82e93b3 Catch stack overflow in JSON.parse. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11275039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-25 12:36:40 +00:00
yangguo@chromium.org
e40b33d39e Correctly check for stack limit in JSON.stringify. 
Changes include:
 - inline functions in a way as not to waste stack space.
 - reset StackReserveSize to the value prior to r12808.
 - check stack overflow dynamically.

R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11271021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-25 12:18:24 +00:00
yangguo@chromium.org
b2d41f8fe8 Fix stack overflow in JSON.stringify. 
R=verwaest@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11265011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-24 15:49:59 +00:00
yangguo@chromium.org
e50ee08ad6 Reland JSON.stringify reimplementation. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11189112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-22 14:22:58 +00:00
jkummerow@chromium.org
5ea870f855 tools/run-tests.py: A few timeout-related fixes 
Review URL: https://codereview.chromium.org/11230029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-22 14:13:01 +00:00
yangguo@chromium.org
e41250a390 Revert r12760 (JSON.stringify). 
R=verwaest@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11225026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-22 11:11:22 +00:00
yangguo@chromium.org
8148f972e8 Stress GC less by allocating exponentially growing string chunks in JSON.stringify. 
R=verwaest@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11232002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-19 12:39:43 +00:00
yangguo@chromium.org
f910052543 Always invoke the default Array.sort functions from builtin functions, part 2. 
R=vegorov@chromium.org
BUG=v8:2372

Review URL: https://chromiumcodereview.appspot.com/11175007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-19 12:30:18 +00:00
ulan@chromium.org
06a9f51ccb Adjust Android test expectations. 
Disable long running tests:
- test-threads/ThreadJoinSelf in release and debug modes.
- regress/regress-1122 in debug mode.

Disable failing test:
- preparser/strict-octal-regexp (v8 issue 2265).

R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11185073

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-19 09:28:23 +00:00
verwaest@chromium.org
fa53250dd2 Fixed json regression 
BUG=v8:2374

Review URL: https://chromiumcodereview.appspot.com/11186059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-19 08:23:45 +00:00
verwaest@chromium.org
7bc94a92c5 Fixed error introduced in r12761. 
BUG=2373

Review URL: https://chromiumcodereview.appspot.com/11198068

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-18 18:43:19 +00:00
yangguo@chromium.org
7a653c1675 Reimplement a simpler version of JSON.stringify. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11186025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-18 14:42:26 +00:00
yangguo@chromium.org
a7f3edb818 Make sure the fast case of ScanJsonString bails out to the slow case correctly. 
R=verwaest@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11185050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-18 13:15:05 +00:00
fschneider@chromium.org
971e834a8d Always invoke the default Array.sort functions from builtin functions. 
TEST=mjsunit/regress/regress-builtin-array-op.js
BUG=v8:2372
Review URL: https://chromiumcodereview.appspot.com/10559005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12752 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-18 11:18:08 +00:00
mstarzinger@chromium.org
02490829dd Fix bug in deletion of indexed properties 
The delete operator always return true in case of indexed property. It
should return false if an indexed property can't be deleted (eg.
DontDelete attribute is set or a string object is the holder).

Contributed by Peter Varga <pvarga@inf.u-szeged.hu>

BUG=none
TEST=mjsunit/delete-non-configurable

Review URL: https://codereview.chromium.org/11094021
Patch from Peter Varga <pvarga@inf.u-szeged.hu>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-15 15:23:22 +00:00
verwaest@chromium.org
7c28995e5d Invalidate the enum cache when converting a transition across which the descriptors are shared. 
Review URL: https://chromiumcodereview.appspot.com/11145017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-15 08:38:51 +00:00
ulan@chromium.org
c969afe137 Reland r12342: Flush monomorphic ICs on context disposal instead of context exit. 
The crashes that caused r12342 to be reverted are fixed in r12563.

R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11092081

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-12 13:49:12 +00:00
verwaest@chromium.org
b75705f07b Don't clear EnumLength but rather copy the enum cache. Added regression test for crashes from chromecrash. 
Review URL: https://chromiumcodereview.appspot.com/11103036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 15:33:34 +00:00
rossberg@chromium.org
348736efaa Find a stack limit for the test that works on both Win32 and Linux64. 
R=mstarzinger@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/11086073

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 13:10:24 +00:00
rossberg@chromium.org
ddbd426821 Increase stack size for test to work on x64. 
R=jkummerow@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/11098070

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 12:11:46 +00:00
rossberg@chromium.org
00132da734 Bump variable limit further to 2^17. 
R=jkummerow@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/11099063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 11:40:10 +00:00
verwaest@chromium.org
dde1cdfb8e Fix transition conversion from CONSTANT_FUNCTION to FIELD. 
Review URL: https://chromiumcodereview.appspot.com/11094044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-10 12:31:50 +00:00
verwaest@chromium.org
55e924c595 Fix CNLT regression. 
This happens when a map A with no descriptors in fast_holey_elements
mode first gets some properties, making it share descriptor arrays with
a map B to which it transitions. Then map A transitions elements kind to
dictionary_elements in map C. C stores the empty_descriptor_array in its
own transition array. When adding a property to C, C transitions to D
and shares the descriptors. If D dies, a CNLT clears the transition
array of C, making the descriptor array of A (and thus also of B) shine
through. If a property is now added to an object in state C, it'll inherit
all the properties of A (and B). If those properties had high field indices,
we do not have a large enough backing store for the single newly added
property, and we'll write out of bounds.

BUG=chromium:151749

Review URL: https://chromiumcodereview.appspot.com/11017054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-10 12:29:44 +00:00
svenpanne@chromium.org
5d11c5ee69 Fixed Accessors::FunctionGetPrototype's proto chain traversal. 
Actually it didn't traverse that far... ;-) Did some cleanup on the way.

R=rossberg@chromium.org
BUG=chrome:143967
TEST=regress/regress-143967.js

Review URL: https://codereview.chromium.org/11087004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-08 12:58:46 +00:00
rossberg@chromium.org
329cf12363 Make sure that names of temporaries do not clash with real variables. 
R=mstarzinger@chromium.org
BUG=v8:2322

Review URL: https://codereview.chromium.org/11035054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 12:47:34 +00:00
rossberg@chromium.org
b07f38a46b Reject local module declarations. 
R=mstarzinger@chromium.org
BUG=150628

Review URL: https://codereview.chromium.org/11033025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 09:14:08 +00:00
rossberg@chromium.org
3f7b5c338a Reject uses of lexical for-loop variable on the RHS. 
R=mstarzinger@chromium.org
BUG=v8:2322

Review URL: https://codereview.chromium.org/11031045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12664 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-05 09:07:53 +00:00
verwaest@chromium.org
efe955587e Allow optimistically hoisting elements transitions over accesses. 
Review URL: https://chromiumcodereview.appspot.com/10972011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-01 16:22:43 +00:00
mmassi@chromium.org
8fbfad63cd Avoid wrong imul deopt on ia32 and x64 (fixes v8 bug 2339). 
BUG=v8:2339

Review URL: https://chromiumcodereview.appspot.com/10963032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-26 09:57:30 +00:00
erik.corry@gmail.com
72e9f1bea1 x64 and ARM: Fix issue 2346 (order of operations in keyed store 
on arrays) and turn get-own-property-descriptor.js test into
a regression test.
Review URL: https://chromiumcodereview.appspot.com/10985017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-25 13:35:42 +00:00
rossberg@chromium.org
20b1c426cf Bump number of allowed variables per scope to 65535, to address GWT. 
R=jkummerow@chromium.org
BUG=151625

Review URL: https://codereview.chromium.org/10965063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12600 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 16:22:17 +00:00