binji
df1f72bbf1
[d8 worker] Fix regression when serializing very large arraybuffer
...
BUG=chromium:514081
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1264723002
Cr-Commit-Position: refs/heads/master@{#29982}
2015-08-03 17:08:00 +00:00
jarin
156a155be3
[deoptimizer] Fix the frame size calculation for debugger-inspectable frame construction.
...
The calculation now takes into account the size of the arguments object
if it is present in the optimized frame.
(Yang, many thanks for the awesome repro!)
BUG=chromium:514362
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1264483008
Cr-Commit-Position: refs/heads/master@{#29973}
2015-08-03 12:59:59 +00:00
jochen
bc49e1e1ba
After trying once to create a Realm in regress-crbug-501711.js give up
...
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1261123003
Cr-Commit-Position: refs/heads/master@{#29946}
2015-07-31 08:06:54 +00:00
yangguo
47fce35e80
Debugger: correctly redirect code with no stack check.
...
This fix makes the redirect mechanism a bit more stable.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1269733002
Cr-Commit-Position: refs/heads/master@{#29936}
2015-07-30 14:23:13 +00:00
binji
a87db3dec8
[d8 Workers] Fix bug creating Worker during main thread termination
...
When the main thread terminates, it forcibly terminates all Worker threads.
When this happens, the threads objects were only half-created; they had a
JavaScript Worker object, but not a C++ worker object.
This CL fixes that bug, as well as some other fixes:
* Signatures on Worker methods
* Use SetAlignedPointerFromInternalField instead of using an External.
* Remove state_ from Worker. Simplify to atomic bool running_.
BUG=chromium:511880
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1255563002
Cr-Commit-Position: refs/heads/master@{#29911}
2015-07-30 08:19:39 +00:00
jkummerow
c906efd5d1
Fix prototype registration upon SlowToFast migration
...
When a prototype object migrates from a slow to a fast map, where the slow map
was registered as a user of its own prototype, then the registration must be
transferred to the new map (just like MigrateToMap does for all other cases).
BUG=chromium:513602
LOG=y
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1263543004
Cr-Commit-Position: refs/heads/master@{#29898}
2015-07-28 15:41:29 +00:00
bmeurer
cac64b9f63
[stubs] Properly handle read-only properties in StoreGlobalViaContextStub.
...
We don't need the hole check and slow runtime mode for read-only
properties this way.
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/1255133002
Cr-Commit-Position: refs/heads/master@{#29881}
2015-07-27 18:45:36 +00:00
ishell
156042f7f7
Cross-script variables handling fixed. It was possible to write to read-only global variable.
...
Review URL: https://codereview.chromium.org/1259853002
Cr-Commit-Position: refs/heads/master@{#29860}
2015-07-27 05:53:05 +00:00
yangguo
cc8fa95f7c
Debugger: fix deoptimizing inlined function.
...
BUG=v8:4320
LOG=N
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1255803004
Cr-Commit-Position: refs/heads/master@{#29842}
2015-07-24 10:37:57 +00:00
danno
bc8041dc2b
Unify "runtime-style" IC functions with Runtime intrinsics
...
Previous to this CL, ICs used a slightly different code idiom
to get to C++ code from generated code than runtime intrinsics,
using an IC_Utility class that in essence provided exactly
the same functionality as Runtime::FunctionForId, but in its
own quirky way.
This CL unifies the two mechanisms, folding IC_Utility
away by making all IC entry points in C++ code, e.g. IC
miss handlers, full-fledged runtime intrinsics. This makes
it possible to eliminate a bunch of ad-hoc declarations and
adapters that the IC system had to needlessly re-invent.
As a bonus and the original reason for this yak-shave:
IC-related C++ runtime functions are now callable from
TurboFan.
Review URL: https://codereview.chromium.org/1248303002
Cr-Commit-Position: refs/heads/master@{#29811}
2015-07-23 13:32:26 +00:00
ishell
9e6647c216
Speedup some slow running stack-overflow tests.
...
BUG=chromium:505007
LOG=N
Review URL: https://codereview.chromium.org/1238273003
Cr-Commit-Position: refs/heads/master@{#29747}
2015-07-20 09:50:53 +00:00
adamk
e6cb6bb6b7
Fix element enumeration on String wrappers with dictionary elements
...
BUG=chromium:510426
LOG=n
Review URL: https://codereview.chromium.org/1246513002
Cr-Commit-Position: refs/heads/master@{#29745}
2015-07-20 09:01:06 +00:00
yangguo
01902e4eab
Debugger: use FrameInspector in ScopeIterator to find context.
...
In optimized code, it's not guaranteed that the current context
is stored in its frame slot.
R=bmeurer@chromium.org
BUG=v8:4309
LOG=N
Committed: https://crrev.com/3a0ee39cbde6a9778cfc4e2a6a0a8ff68933ff38
Cr-Commit-Position: refs/heads/master@{#29697}
Review URL: https://codereview.chromium.org/1239033002
Cr-Commit-Position: refs/heads/master@{#29744}
2015-07-20 08:53:39 +00:00
ishell
cc66a1c64e
Crankshaft part of the 'loads and stores to global vars through property cell shortcuts' feature.
...
BUG=chromium:510738
LOG=N
Review URL: https://codereview.chromium.org/1228113008
Cr-Commit-Position: refs/heads/master@{#29743}
2015-07-20 08:49:28 +00:00
caitpotter88
c9007d8f7e
[d8] bounds-check before getting Shell::Worker internal field
...
Prevents fatal error in debug builds
BUG=v8:4271, 506954
R=binji@chromium.org
LOG=N
Committed: https://crrev.com/43ce9c6f101c4224addd9a54e0c39963188dc7fa
Cr-Commit-Position: refs/heads/master@{#29524}
Review URL: https://codereview.chromium.org/1214053004
Cr-Commit-Position: refs/heads/master@{#29737}
2015-07-17 21:44:37 +00:00
yangguo
c062b28aeb
Revert of Debugger: use FrameInspector in ScopeIterator to find context. (patchset #3 id:40001 of https://codereview.chromium.org/1239033002/ )
...
Reason for revert:
breaks roll: http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/87292/steps/browser_tests%20%28with%20patch%29/logs/DevToolsSanityTest.TestPauseWhenScriptIsRunning
Original issue's description:
> Debugger: use FrameInspector in ScopeIterator to find context.
>
> In optimized code, it's not guaranteed that the current context
> is stored in its frame slot.
>
> R=bmeurer@chromium.org
> BUG=v8:4309
> LOG=N
>
> Committed: https://crrev.com/3a0ee39cbde6a9778cfc4e2a6a0a8ff68933ff38
> Cr-Commit-Position: refs/heads/master@{#29697}
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4309
Review URL: https://codereview.chromium.org/1243553002
Cr-Commit-Position: refs/heads/master@{#29722}
2015-07-17 09:53:49 +00:00
yangguo
3a0ee39cbd
Debugger: use FrameInspector in ScopeIterator to find context.
...
In optimized code, it's not guaranteed that the current context
is stored in its frame slot.
R=bmeurer@chromium.org
BUG=v8:4309
LOG=N
Review URL: https://codereview.chromium.org/1239033002
Cr-Commit-Position: refs/heads/master@{#29697}
2015-07-16 09:28:20 +00:00
mvstanton
ae11f20e26
Scoping error caused crash in CallICNexus::StateFromFeedback
...
A sloppy mode eval call that establishes strict mode will leak that strictness
into the sloppy surrounding scope on recompile. This changes the structure
of the type feedback vector for the function and crashes follow.
The fix is straightforward.
BUG=491536, 503565
LOG=N
Review URL: https://codereview.chromium.org/1231343003
Cr-Commit-Position: refs/heads/master@{#29671}
2015-07-15 09:15:05 +00:00
binji
a55fcc93ae
Don't use length property when bounds checking atomics functions
...
The length property can be monkey-patched, so use the native function instead.
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1227913006
Cr-Commit-Position: refs/heads/master@{#29653}
2015-07-14 16:17:21 +00:00
verwaest
5f24690384
Properly handle missing from normalized stores with keys convertible to array indices
...
BUG=chromium:509961
LOG=n
Review URL: https://codereview.chromium.org/1241613003
Cr-Commit-Position: refs/heads/master@{#29648}
2015-07-14 11:44:56 +00:00
yangguo
541aa57718
Fix test case for crbug/507070.
...
--debug-code causes full-codegen on arm64 to emit different number
of calls, which confuses the debugger when on-stack replacing code
with recompiled debug version on-stack.
BUG=chromium:507070
TBR=mstarzinger@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1228353004
Cr-Commit-Position: refs/heads/master@{#29638}
2015-07-14 08:50:18 +00:00
yangguo
dec11f5ee0
Debugger: make debug code on-stack replacement more robust.
...
The new implemtation counts the number of calls (or continuations)
before the PC to find the corresponding PC in the new code.
R=mstarzinger@chromium.org
BUG=chromium:507070
LOG=N
Review URL: https://codereview.chromium.org/1235603002
Cr-Commit-Position: refs/heads/master@{#29636}
2015-07-14 06:38:53 +00:00
verwaest
01f40e6ad6
Fix keyed element access wrt string wrappers
...
BUG=v8:4296
LOG=n
Review URL: https://codereview.chromium.org/1228063004
Cr-Commit-Position: refs/heads/master@{#29618}
2015-07-13 15:39:07 +00:00
verwaest
0b3d6f7a7d
Reload the map of typed arrays after performing ToNumber.
...
BUG=chromium:507980
LOG=n
Review URL: https://codereview.chromium.org/1234553002
Cr-Commit-Position: refs/heads/master@{#29570}
2015-07-10 12:49:40 +00:00
ishell
b625d4d8cc
[arm64] Fixed unnecessary environment assignment to LSmiTag instruction.
...
BUG=chromium:490021
LOG=N
Review URL: https://codereview.chromium.org/1235563002
Cr-Commit-Position: refs/heads/master@{#29567}
2015-07-10 11:36:17 +00:00
binji
d42e81d587
d8 workers: fix race on quit() with context_mutex_
...
When quit() is called, d8 shell exits without cleanup. If a worker is running,
it might be holding the context_mutex_, which if destroyed will DCHECK.
BUG=4279
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1231473002
Cr-Commit-Position: refs/heads/master@{#29557}
2015-07-09 19:30:29 +00:00
binji
54920cd2f0
Fix cluster-fuzz found regression with d8 Workers
...
This one occurred when serializing an object. When the property getter threw an
exception, that value was skipped, but the property count wasn't updated. The
deserializer then tried to deserialize the wrong value.
BUG=chromium:506549
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1220193004
Cr-Commit-Position: refs/heads/master@{#29541}
2015-07-08 17:58:00 +00:00
ishell
52b3e41799
Fixed a couple of proxies-related unhandled exceptions.
...
BUG=chromium:506956, chromium:505907
LOG=N
Review URL: https://codereview.chromium.org/1215463012
Cr-Commit-Position: refs/heads/master@{#29530}
2015-07-08 11:46:14 +00:00
jkummerow
5379d8bc36
[x64] Fix handling of Smi constants in LSubI and LBitI
...
Smi immediates are not supported, so instructions with Smi representations need their constants in a register. LAddI has already been doing this. The manifestation of the bug was that an operation would compute 0 instead of the correct result.
BUG=chromium:478612
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1224623017
Cr-Commit-Position: refs/heads/master@{#29529}
2015-07-08 10:20:31 +00:00
machenbach
650ef15c00
Revert of [d8] bounds-check before getting Shell::Worker internal field (patchset #4 id:80001 of https://codereview.chromium.org/1214053004/ )
...
Reason for revert:
[Sheriff] Fails here:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/4737
Original issue's description:
> [d8] bounds-check before getting Shell::Worker internal field
>
> Prevents fatal error in debug builds
>
> BUG=v8:4271
> R=binji@chromium.org
> LOG=N
>
> Committed: https://crrev.com/43ce9c6f101c4224addd9a54e0c39963188dc7fa
> Cr-Commit-Position: refs/heads/master@{#29524}
TBR=binji@chromium.org ,jochen@chromium.org,adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4271
Review URL: https://codereview.chromium.org/1215333012
Cr-Commit-Position: refs/heads/master@{#29525}
2015-07-07 21:17:00 +00:00
caitpotter88
43ce9c6f10
[d8] bounds-check before getting Shell::Worker internal field
...
Prevents fatal error in debug builds
BUG=v8:4271
R=binji@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1214053004
Cr-Commit-Position: refs/heads/master@{#29524}
2015-07-07 21:06:19 +00:00
mstarzinger
b8ecd94c72
[turbofan] Fix bogus materialization from frame with OSR.
...
The context constant cannot be materialized from the frame when we are
compiling for OSR, because the context spill slot contains the current
instead of the outermost context in full-codegen.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1220013003
Cr-Commit-Position: refs/heads/master@{#29472}
2015-07-06 03:40:29 +00:00
yangguo
619570b3dd
Make sure the constant pool size is as promised.
...
LOG=N
R=bmeurer@chromium.org
BUG=chromium:506443
Review URL: https://codereview.chromium.org/1217673003
Cr-Commit-Position: refs/heads/master@{#29463}
2015-07-03 10:32:37 +00:00
binji
ffa6b5fe6c
Change d8 Worker API so it takes a string instead of a function.
...
This is more consistent with the DOM API, and is clearer w.r.t. which values
are available in the lexical environment of the Worker.
BUG=chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1218553004
Cr-Commit-Position: refs/heads/master@{#29426}
2015-07-01 16:41:56 +00:00
binji
abaa094a2b
Fix cluster-fuzz found regression in d8 Workers
...
v8::Internal::List will DCHECK when indexing out of the array, even if just to
get the address, and the value is never used. So this construct will fail:
memcpy(p, &data[0], length);
When data is empty and length is 0.
BUG=chromium:505778
R=mstarzinger@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1216853003
Cr-Commit-Position: refs/heads/master@{#29388}
2015-06-30 16:49:09 +00:00
yangguo
4f9cf2bb1e
Use correct LookupIterator in CallSite::GetMethodName.
...
R=verwaest@chromium.org
BUG=chromium:505370
LOG=N
Review URL: https://codereview.chromium.org/1218023002
Cr-Commit-Position: refs/heads/master@{#29385}
2015-06-30 16:28:07 +00:00
mstarzinger
a7697bdcc7
Fix clobbered register when setting this_function variable.
...
Reland of https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-498022
BUG=chromium:498022
LOG=N
Review URL: https://codereview.chromium.org/1214483008
Cr-Commit-Position: refs/heads/master@{#29372}
2015-06-30 10:39:16 +00:00
ishell
b8cce79f41
A couple of other "stack overflow" vs. "has_pending_exception()" issues in debugger fixed.
...
BUG=chromium:505007
LOG=N
Review URL: https://codereview.chromium.org/1219693003
Cr-Commit-Position: refs/heads/master@{#29369}
2015-06-30 08:30:18 +00:00
mstarzinger
df06f1c715
[turbofan] Fix exit control flow in TryCatchBuilder.
...
This makes sure that the exit control flow that merges the try-block
with the catch-block after a try-catch-statement creates a new merge
node in cases where it has to. Otherwise dangling phi nodes might have
the wrong number of value inputs.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-505354
BUG=chromium:505354
LOG=N
Review URL: https://codereview.chromium.org/1213183003
Cr-Commit-Position: refs/heads/master@{#29362}
2015-06-30 03:23:41 +00:00
oth
cff8c9b933
Ensure mjsunit tests use dashes not underscores in flags directives.
...
BUG=chromium:505228
LOG=Y
Review URL: https://codereview.chromium.org/1219723002
Cr-Commit-Position: refs/heads/master@{#29355}
2015-06-29 17:08:18 +00:00
yangguo
972beef14c
Parse eagerly inside block scopes.
...
Only this way we can precisely determine how to allocate let variables
inside the scope.
R=rossberg@chromium.org
BUG=v8:4255
LOG=N
Review URL: https://codereview.chromium.org/1216013002
Cr-Commit-Position: refs/heads/master@{#29354}
2015-06-29 16:16:21 +00:00
binji
e291b78a8e
Fix cluster-fuzz found regression in d8 Workers.
...
This one occurs when Function.prototype.toString is overridden to return a
non-string.
BUG=chromium:504729
R=mstarzinger@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1214803004
Cr-Commit-Position: refs/heads/master@{#29351}
2015-06-29 15:53:22 +00:00
binji
93c43523ea
Fix cluster-fuzz found regression in d8 Workers.
...
Dumb typo introduced in refs/heads/master@{#29306}. I thought I was turning on
report_exceptions in Shell::ExecuteString, but instead I turned on print_result
(which assumes an interactive debugger and a HandleScope for the
utility_context_).
BUG=chromium:504727,chromium:504728
R=mstarzinger@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1219563002
Cr-Commit-Position: refs/heads/master@{#29350}
2015-06-29 15:48:39 +00:00
arv
47dd45c0ab
[es6] Remove harmony-object-literal flag
...
And move tests to es6 directory
BUG=v8:3516
LOG=N
R=adamk@chromium.org , rossberg@chromium.org
Review URL: https://codereview.chromium.org/1218473003
Cr-Commit-Position: refs/heads/master@{#29334}
2015-06-26 19:49:53 +00:00
yangguo
8c72792b6d
Mark function info as compiled after EnsureDeoptimizationSupport.
...
Note that prior to having canonical shared function infos, this has
been a source of duplicate shared function infos.
R=bmeurer@chromium.org
BUG=chromium:504787
LOG=N
Review URL: https://codereview.chromium.org/1209383002
Cr-Commit-Position: refs/heads/master@{#29326}
2015-06-26 13:17:05 +00:00
binji
28b0129b03
Fix cluster-fuzz regression when getting message from Worker
...
The issue is that Worker.prototype.terminate was deleting the C++ Worker
object, and then Worker.prototype.getMessage was trying to read messages from
the queue.
The simplest solution is to keep workers in a zombie state when they have been
terminated. They won't be reaped until Shell::CleanupWorkers is called.
I've also fixed some threading issues with Workers:
* Workers can be created by another Worker, so the Shell::workers_ variable
must be protected by a mutex.
* An individual Worker can typically only be accessed by the isolate that
created it, but the main thread can always terminate it, so the Worker::state_
must be accessed in a thread-safe way.
BUG=chromium:504136
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1208733002
Cr-Commit-Position: refs/heads/master@{#29306}
2015-06-25 18:01:22 +00:00
wingo
40b7d874b2
Reapply "Fix receiver when calling eval() bound by with scope"
...
Originally applied in https://codereview.chromium.org/1202963005
BUG=v8:4214
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
LOG=N
R=arv@chromium.org , mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1208873002
Cr-Commit-Position: refs/heads/master@{#29293}
2015-06-25 13:46:46 +00:00
yangguo
6434ec3087
Reland 2 "Keep a canonical list of shared function infos."
...
BUG=v8:4132
LOG=N
Review URL: https://codereview.chromium.org/1211803002
Cr-Commit-Position: refs/heads/master@{#29291}
2015-06-25 12:20:06 +00:00
erikcorry
daef0ec5f4
Reland Extend big-disjunction optimization to case-independent regexps
...
Previous code review https://codereview.chromium.org/1182783009/
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n
Review URL: https://codereview.chromium.org/1204123003
Cr-Commit-Position: refs/heads/master@{#29290}
2015-06-25 11:42:20 +00:00
yangguo
f7ef0c9921
Revert of Reland "Keep a canonical list of shared function infos." (patchset #3 id:40001 of https://codereview.chromium.org/1211453002/ )
...
Reason for revert:
proxies test failing https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/903/steps/Mjsunit/logs/proxies
Original issue's description:
> Reland "Keep a canonical list of shared function infos."
>
> This reverts commit 3164aa7483
.
>
> Committed: https://crrev.com/cacb646d80daa429f6915824a741f595db7d5044
> Cr-Commit-Position: refs/heads/master@{#29282}
TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1206263002
Cr-Commit-Position: refs/heads/master@{#29285}
2015-06-25 10:35:12 +00:00
yangguo
cacb646d80
Reland "Keep a canonical list of shared function infos."
...
This reverts commit 3164aa7483
.
Review URL: https://codereview.chromium.org/1211453002
Cr-Commit-Position: refs/heads/master@{#29282}
2015-06-25 09:09:44 +00:00
machenbach
93d130ce70
Revert of Fix receiver when calling eval() bound by with scope (patchset #3 id:40001 of https://codereview.chromium.org/1202963005/ )
...
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream blink first.
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Mac/builds/574
Please consider extra blink trybots on a reland.
Original issue's description:
> Fix receiver when calling eval() bound by with scope
>
> Thanks to André Bargull for the report.
>
> BUG=v8:4214
> LOG=N
> R=arv@chromium.org , mstarzinger@chromium.org
>
> Committed: https://crrev.com/3c5f0db3a1768ade68108bf003676ce378d1cbdc
> Cr-Commit-Position: refs/heads/master@{#29259}
TBR=arv@chromium.org ,mstarzinger@chromium.org,verwaest@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4214
Review URL: https://codereview.chromium.org/1201273004
Cr-Commit-Position: refs/heads/master@{#29267}
2015-06-24 19:08:35 +00:00
machenbach
3eae40d7a4
Revert of Extend big-disjunction optimization to case-independent regexps (patchset #5 id:80001 of https://codereview.chromium.org/1182783009/ )
...
Reason for revert:
[Sheriff] Test times out now on msan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/2947
Original issue's description:
> Extend big-disjunction optimization to case-independent regexps
>
> R=yangguo@chromium.org
> BUG=chromium:482998
> LOG=n
>
> Committed: https://crrev.com/d2135603bcf462e15a1284d8ed969f6692610dda
> Cr-Commit-Position: refs/heads/master@{#29264}
TBR=yangguo@chromium.org ,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:482998
Review URL: https://codereview.chromium.org/1204013003
Cr-Commit-Position: refs/heads/master@{#29266}
2015-06-24 19:04:15 +00:00
binji
5023335b4d
Fix cluster-fuzz regression with Workers and recursive serialization
...
Shell::SerializeValue was using a HandleScope, but was also storing Handles in
an ObjectList. The ObjectList handles would persist after the function had
returned, but will have already been destroyed by the HandleScope, so there is
a use-after-free.
This change removes the HandleScope in Shell::SerializeValue and relies on the
caller's HandleScope.
BUG=chromium:503968
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1211433003
Cr-Commit-Position: refs/heads/master@{#29265}
2015-06-24 18:31:50 +00:00
erikcorry
d2135603bc
Extend big-disjunction optimization to case-independent regexps
...
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n
Review URL: https://codereview.chromium.org/1182783009
Cr-Commit-Position: refs/heads/master@{#29264}
2015-06-24 18:17:41 +00:00
binji
b3bd7289f7
Fix cluster-fuzz regression with Workers when serializing empty string
...
BUG=chromium:503991
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1210623002
Cr-Commit-Position: refs/heads/master@{#29263}
2015-06-24 17:47:23 +00:00
binji
627627b327
Fix cluster-fuzz regression with Workers on mips.debug
...
BUG=chromium:503698
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1208573003
Cr-Commit-Position: refs/heads/master@{#29261}
2015-06-24 17:09:59 +00:00
wingo
3c5f0db3a1
Fix receiver when calling eval() bound by with scope
...
Thanks to André Bargull for the report.
BUG=v8:4214
LOG=N
R=arv@chromium.org , mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1202963005
Cr-Commit-Position: refs/heads/master@{#29259}
2015-06-24 16:47:58 +00:00
binji
3e2c6a2eb7
Fix ReferenceError of Worker in regress-crbug-503578
...
Worker is not defined on the V8 Shared bots.
BUG=chromium:503578
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1202763004
Cr-Commit-Position: refs/heads/master@{#29246}
2015-06-24 05:36:20 +00:00
binji
10b6af71b8
Fix cluster-fuzz found regression in d8 when deserializing ArrayBuffer
...
BUG=503578
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1204753002
Cr-Commit-Position: refs/heads/master@{#29244}
2015-06-24 04:23:58 +00:00
adamk
3164aa7483
Revert "Keep a canonical list of shared function infos."
...
Speculative revert in the hopes of fixing serializer crashes seen in canary.
This reverts commit c166945083
, as well as
followup change "Do not look for existing shared function info when compiling a new script."
(commit 7c43967bb7
).
BUG=chromium:503552,v8:4132
TBR=yangguo@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1207583002
Cr-Commit-Position: refs/heads/master@{#29241}
2015-06-23 22:59:30 +00:00
ishell
bcb276c6f7
Fixed exception handling in Realm.create().
...
BUG=chromium:501711
LOG=N
Review URL: https://codereview.chromium.org/1207453002
Cr-Commit-Position: refs/heads/master@{#29236}
2015-06-23 15:08:50 +00:00
verwaest
c49659b008
Don't insert elements transitions into normalized maps
...
BUG=chromium:499790
LOG=n
Review URL: https://codereview.chromium.org/1203653003
Cr-Commit-Position: refs/heads/master@{#29233}
2015-06-23 14:33:11 +00:00
ishell
47421760f4
Map::ReconfigureProperty() should mark map as unstable when it returns a different map.
...
BUG=chromium:502930
LOG=N
Review URL: https://codereview.chromium.org/1200003002
Cr-Commit-Position: refs/heads/master@{#29226}
2015-06-23 11:30:58 +00:00
ishell
5c4aae390f
Global handle leak in Realm.create() fixed.
...
BUG=chromium:501808
LOG=N
Review URL: https://codereview.chromium.org/1197403002
Cr-Commit-Position: refs/heads/master@{#29224}
2015-06-23 11:04:21 +00:00
dslomov
e7cdb615ae
[destructuring] Implement parameter pattern matching.
...
Scoping for initializers is yet incorrect. Defaults are not supported.
R=arv@chromium.org ,rossberg@chromium.org
BUG=v8:811
LOG=N
Committed: https://crrev.com/42f30f4ded2b1ca0c4caa7639e6206e93c78ee70
Cr-Commit-Position: refs/heads/master@{#29184}
Review URL: https://codereview.chromium.org/1189743003
Cr-Commit-Position: refs/heads/master@{#29192}
2015-06-22 14:16:02 +00:00
caitpotter88
5337508fe3
[es6] ship Rest Parameters
...
BUG=v8:2159
LOG=N
R=arv@chromium.org , dslomov@chromium.org , rossberg@chromium.org
Review URL: https://codereview.chromium.org/1191653008
Cr-Commit-Position: refs/heads/master@{#29191}
2015-06-22 13:43:26 +00:00
machenbach
82e8060515
Revert of [destructuring] Implement parameter pattern matching. (patchset #7 id:120001 of https://codereview.chromium.org/1189743003/ )
...
Reason for revert:
[Sheriff] Breaks tsan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/4392
Original issue's description:
> [destructuring] Implement parameter pattern matching.
>
> Scoping for initializers is yet incorrect. Defaults are not supported.
>
> R=arv@chromium.org ,rossberg@chromium.org
> BUG=v8:811
> LOG=N
>
> Committed: https://crrev.com/42f30f4ded2b1ca0c4caa7639e6206e93c78ee70
> Cr-Commit-Position: refs/heads/master@{#29184}
TBR=arv@chromium.org ,rossberg@chromium.org,caitpotter88@gmail.com,wingo@igalia.com,dslomov@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811
Review URL: https://codereview.chromium.org/1195163007
Cr-Commit-Position: refs/heads/master@{#29188}
2015-06-22 13:14:24 +00:00
dslomov
42f30f4ded
[destructuring] Implement parameter pattern matching.
...
Scoping for initializers is yet incorrect. Defaults are not supported.
R=arv@chromium.org ,rossberg@chromium.org
BUG=v8:811
LOG=N
Review URL: https://codereview.chromium.org/1189743003
Cr-Commit-Position: refs/heads/master@{#29184}
2015-06-22 12:07:13 +00:00
machenbach
a002cbd743
Revert of Ship Harmony Array/TypedArray methods (patchset #6 id:100001 of https://codereview.chromium.org/1187543003/ )
...
Reason for revert:
[Sheriff] Breaks gcstress and mac asan:
http://build.chromium.org/p/client.v8/builders/V8%20GC%20Stress%20-%203/builds/3896
http://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/1774
Original issue's description:
> Ship Harmony Array/TypedArray methods
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=v8:3578
> LOG=Y
> R=adamk
>
> Committed: https://crrev.com/7142b0d211b732e1c119fded80f43fbbd9cea0f8
> Cr-Commit-Position: refs/heads/master@{#29170}
TBR=adamk@chromium.org ,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3578
Review URL: https://codereview.chromium.org/1195163002
Cr-Commit-Position: refs/heads/master@{#29171}
2015-06-20 07:25:27 +00:00
littledan
7142b0d211
Ship Harmony Array/TypedArray methods
...
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:3578
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1187543003
Cr-Commit-Position: refs/heads/master@{#29170}
2015-06-20 00:02:02 +00:00
binji
e6fed5e895
Fix cluster-fuzz bug introduced in refs/heads/master@{#28796}
...
Don't DCHECK in the atomic runtime functions.
BUG=chromium:501809,chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1189223003
Cr-Commit-Position: refs/heads/master@{#29159}
2015-06-19 16:14:15 +00:00
yangguo
c166945083
Keep a canonical list of shared function infos.
...
Each Script object now keeps a WeakFixedArray of SharedFunctionInfo
objects created from this script.
This way, when compiling a function, we do not create duplicate shared
function info objects when recompiling with either compiler.
This fixes a class of issues in the debugger, where we set break points
on one shared function info, but functions from duplicate shared function
infos are not affected.
LOG=N
BUG=v8:4132
Review URL: https://codereview.chromium.org/1183733006
Cr-Commit-Position: refs/heads/master@{#29151}
2015-06-19 14:40:32 +00:00
caitpotter88
b61e9812c3
[es6] ship Object.assign
...
BUG=v8:4007
LOG=N
R=rossberg@chromium.org , arv@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Committed: https://crrev.com/12e194860a56d47a10d89ae34761a4af6b6166bb
Cr-Commit-Position: refs/heads/master@{#29118}
Review URL: https://codereview.chromium.org/1191003003
Cr-Commit-Position: refs/heads/master@{#29150}
2015-06-19 14:39:13 +00:00
yangguo
4b7d5dc4bb
Protect error message formatter against invalid string length.
...
R=mstarzinger@chromium.org
BUG=chromium:500980
LOG=N
Review URL: https://codereview.chromium.org/1191263002
Cr-Commit-Position: refs/heads/master@{#29135}
2015-06-19 08:31:31 +00:00
ulan
fda60dc214
ARM: make predictable code size scope more precise in DoDeferredInstanceOfKnownGlobal.
...
We block constant pool up to the call stub instruction, but the check for code size
includes the next instruction after the call instruction. That instruction can
emit constant pool.
BUG=chromium:500831
LOG=NO
TEST=mjsunit/regress/regress-500831
Review URL: https://codereview.chromium.org/1189123003
Cr-Commit-Position: refs/heads/master@{#29132}
2015-06-19 04:54:51 +00:00
ulan
19cdd00d09
ARM64: remove stack pushes without frame in RegExpExecStub.
...
RegExpExecStub pushes callee-saved registers without setting up a frame. This confuses the stack iterator.
Other architectures do not save these registers.
BUG=chromium:487981
LOG=NO
TEST=mjsunit/regress/regress-487981
Review URL: https://codereview.chromium.org/1183593005
Cr-Commit-Position: refs/heads/master@{#29120}
2015-06-18 15:45:32 +00:00
jkummerow
5de595a603
[test] Fix gc-stress failures of regress-crbug-500497.js
...
R=machenbach@chromium.org
NOTRY=y
Review URL: https://codereview.chromium.org/1175123003
Cr-Commit-Position: refs/heads/master@{#29091}
2015-06-17 14:24:36 +00:00
jkummerow
5fca3947cf
Hydrogen object literals: always initialize in-object properties
...
This fixes a bug where new-space GC could be triggered by non-folded allocations for some of the in-object properties, while the object was only partially initialized.
BUG=chromium:500497
LOG=y
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/1182113007
Cr-Commit-Position: refs/heads/master@{#29079}
2015-06-17 11:24:24 +00:00
verwaest
bb1b54a776
Only walk the hidden prototype chain for private nonexistent symbols
...
BUG=chromium:479528
LOG=n
Review URL: https://codereview.chromium.org/1185373004
Cr-Commit-Position: refs/heads/master@{#29075}
2015-06-17 10:20:52 +00:00
verwaest
72cdb99346
Rely on the map being a dictionary map rather than not having a backpointer
...
BUG=chromium:500173
LOG=n
Review URL: https://codereview.chromium.org/1194513003
Cr-Commit-Position: refs/heads/master@{#29074}
2015-06-17 10:14:01 +00:00
machenbach
b4d3e1ceba
Revert of Add %TypedArray% to proto chain (patchset #6 id:100001 of https://codereview.chromium.org/1186733002/ )
...
Reason for revert:
[Sheriff] Changes layout tests:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/429
See e.g.:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_32/429/layout-test-results/inspector/console/console-big-array-pretty-diff.html
Please upload a blink side needsmanualrebaseline change first for these tests if the change is intended. Please also add a blink trybot on a reland of this CL.
Original issue's description:
> Add %TypedArray% to proto chain
>
> According to the ES6 spec, the main methods and getters shouldn't
> be properties of the individual TypedArray objects and prototypes
> but instead on %TypedArray% and %TypedArray%.prototype. This
> difference is observable through introspection. This patch moves
> some methods and getters to the proper place, with the exception
> of %TypedArray%.prototype.subarray and harmony methods. These will
> be moved in follow-on patches.
>
> BUG=v8:4085
> LOG=Y
> R=adamk
>
> Committed: https://crrev.com/a10590158260737b256fac3254b4939f48f90095
> Cr-Commit-Position: refs/heads/master@{#29057}
TBR=adamk@chromium.org ,arv@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085
Review URL: https://codereview.chromium.org/1192433003
Cr-Commit-Position: refs/heads/master@{#29070}
2015-06-17 09:05:51 +00:00
littledan
a105901582
Add %TypedArray% to proto chain
...
According to the ES6 spec, the main methods and getters shouldn't
be properties of the individual TypedArray objects and prototypes
but instead on %TypedArray% and %TypedArray%.prototype. This
difference is observable through introspection. This patch moves
some methods and getters to the proper place, with the exception
of %TypedArray%.prototype.subarray and harmony methods. These will
be moved in follow-on patches.
BUG=v8:4085
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1186733002
Cr-Commit-Position: refs/heads/master@{#29057}
2015-06-16 23:39:10 +00:00
bmeurer
21a1975542
[turbofan] Work around negative parameter count.
...
BUG=chromium:500824
LOG=n
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1186333002
Cr-Commit-Position: refs/heads/master@{#29043}
2015-06-16 09:44:28 +00:00
bmeurer
45439b92e7
[crankshaft] Fix wrong bailout points in for-in loop body.
...
R=jochen@chromium.org
BUG=chromium:500435
LOG=y
Review URL: https://codereview.chromium.org/1183683004
Cr-Commit-Position: refs/heads/master@{#29040}
2015-06-16 08:08:42 +00:00
yangguo
75350f1ef0
Debugger: require debugger to be active when dealing with breaks.
...
This invariant will save us some head ache.
The changes to test-debug/DebugStub is due to the fact that it abuses
the ability to set break points in code that has no debug break slots.
This is now no longer possible.
R=ulan@chromium.org
BUG=v8:4132
LOG=N
Review URL: https://codereview.chromium.org/1181013007
Cr-Commit-Position: refs/heads/master@{#29038}
2015-06-16 07:11:21 +00:00
dusan.milosavljevic
b7d8cb4a51
MIPS: Remove unsafe EmitLoadRegister usage in AddI/SubI for constant right operand.
...
TEST=test/mjsunit/regress/regress-500176
BUG=chromium:500176
LOG=N
Review URL: https://codereview.chromium.org/1185143002
Cr-Commit-Position: refs/heads/master@{#29030}
2015-06-15 17:58:43 +00:00
machenbach
06ac599d1e
Revert of Fix clobbered register when setting this_function variable. (patchset #2 id:20001 of https://codereview.chromium.org/1185703002/ )
...
Reason for revert:
[Sheriff] Makes mjsunit/es6/block-const-assign flaky, e.g.:
http://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/4082
Original issue's description:
> Fix clobbered register when setting this_function variable.
>
> R=arv@chromium.org
> TEST=mjsunit/regress/regress-crbug-498022
> BUG=chromium:498022
> LOG=N
>
> Committed: https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91
> Cr-Commit-Position: refs/heads/master@{#29020}
TBR=arv@chromium.org ,rossberg@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:498022
Review URL: https://codereview.chromium.org/1184093003
Cr-Commit-Position: refs/heads/master@{#29022}
2015-06-15 11:56:25 +00:00
mstarzinger
bf2bbc8ba5
Fix clobbered register when setting this_function variable.
...
R=arv@chromium.org
TEST=mjsunit/regress/regress-crbug-498022
BUG=chromium:498022
LOG=N
Review URL: https://codereview.chromium.org/1185703002
Cr-Commit-Position: refs/heads/master@{#29020}
2015-06-15 10:18:57 +00:00
bmeurer
d19410f8e7
[mjsunit] Remove unsupported flag --turbo-deoptimization from tests.
...
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1183123002
Cr-Commit-Position: refs/heads/master@{#29018}
2015-06-15 09:43:11 +00:00
bmeurer
e30b351d7b
[mjsunit] Remove obsolete nosse2 tests.
...
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1186713003
Cr-Commit-Position: refs/heads/master@{#29017}
2015-06-15 09:32:01 +00:00
ishell
4cc4bc591c
Map::TryUpdate() must be in sync with Map::Update().
...
This CL fixes elements kind transitions handling in Map::TryUpdate().
BUG=v8:4121
LOG=Y
Review URL: https://codereview.chromium.org/1181163002
Cr-Commit-Position: refs/heads/master@{#28999}
2015-06-12 12:36:40 +00:00
wingo
103fcfaa40
Add script context with context-allocated "const this"
...
This is a reapplication of https://codereview.chromium.org/1173333004 .
R=rossberg@chromium.org
LOG=N
BUG=498811
Review URL: https://codereview.chromium.org/1178903003
Cr-Commit-Position: refs/heads/master@{#28998}
2015-06-12 12:34:24 +00:00
arv
37e268732d
Bound functions should also have configurable length
...
BUG=v8:4116
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1180873002
Cr-Commit-Position: refs/heads/master@{#28961}
2015-06-11 20:07:15 +00:00
erikcorry
05507cc3ea
Reland II of 'Optimize trivial regexp disjunctions' CL 1176453002
...
This change rewrites regexps like (ab|ac|z|ad|ae|af) into (a[b-f]|z). We can only reorder disjunctions like this for case-dependent regexps. For case-independent regexps, the disjunctions should be pre-sorted for best results.
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n
Review URL: https://codereview.chromium.org/1180433003
Cr-Commit-Position: refs/heads/master@{#28902}
2015-06-10 09:55:31 +00:00
binji
4d6c309777
Fix cluster-fuzz bug introduced in refs/heads/master@{#28796}.
...
Don't DCHECK when neutering that the buffer is not a SharedArrayBuffer;
instead, just return early.
BUG=chromium:498142,chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1174753002
Cr-Commit-Position: refs/heads/master@{#28892}
2015-06-10 07:33:55 +00:00
mstarzinger
eb0593e137
[turbofan] Fix context chain extension for top-level code.
...
For top-level code the closure passed into context allocation methods
needs to be replaced with a sentinel to canonicalize is to the empty
function object.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-4169
BUG=v8:4169
LOG=N
Review URL: https://codereview.chromium.org/1172013002
Cr-Commit-Position: refs/heads/master@{#28888}
2015-06-10 06:03:14 +00:00
erikcorry
b75bf6cd7e
Revert of Optimize trivial regexp disjunctions (patchset #10 id:180001 of https://codereview.chromium.org/1176453002/ )
...
Reason for revert:
ASAN failure
Original issue's description:
> Optimize trivial regexp disjunctions
>
> R=yangguo@chromium.org
> BUG=chromium:482998
> LOG=n
>
> Committed: https://crrev.com/5f1f7c15b3207f6c51d187692690aeb09d3e36b5
> Cr-Commit-Position: refs/heads/master@{#28871}
TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:482998
Review URL: https://codereview.chromium.org/1174603002
Cr-Commit-Position: refs/heads/master@{#28878}
2015-06-09 17:16:01 +00:00
mstarzinger
f45f24d259
[turbofan] Fix one mean typo in kResolvePossiblyDirectEval.
...
R=titzer@chromium.org
TEST=mjsunit/regress/regress-eval-context
Review URL: https://codereview.chromium.org/1169853006
Cr-Commit-Position: refs/heads/master@{#28877}
2015-06-09 17:14:52 +00:00
erikcorry
5f1f7c15b3
Optimize trivial regexp disjunctions
...
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n
Review URL: https://codereview.chromium.org/1176453002
Cr-Commit-Position: refs/heads/master@{#28871}
2015-06-09 15:58:00 +00:00
mstarzinger
c14ba5ec48
Drop computed handler count and index from AST.
...
These values were computed by the parser and hence out of sync with any
visitor over the AST. Our AST visitor aborts visitation of statement
lists as soon as a jump statement has been reached. Now handler tables
are guaranteed to be dense and fully populated.
R=ishell@chromium.org
TEST=mjsunit/regress/regress-crbug-493290
BUG=chromium:493290
LOG=N
Review URL: https://codereview.chromium.org/1157213004
Cr-Commit-Position: refs/heads/master@{#28846}
2015-06-08 18:19:40 +00:00
yangguo
f2cce3c41f
Check for null and undefined when getting type name for stack trace.
...
R=svenpanne@chromium.org
BUG=v8:3718
LOG=N
Review URL: https://codereview.chromium.org/1164933005
Cr-Commit-Position: refs/heads/master@{#28840}
2015-06-08 13:02:27 +00:00
ishell
050e8880f5
A couple of other "stack overflow" vs. "has_pending_exception()" issues fixed.
...
BUG=chromium:471659, chromium:494158
LOG=N
Review URL: https://codereview.chromium.org/1151333005
Cr-Commit-Position: refs/heads/master@{#28816}
2015-06-05 15:52:20 +00:00
ishell
5606fefe12
Fixed noi18n build.
...
Review URL: https://codereview.chromium.org/1159553011
Cr-Commit-Position: refs/heads/master@{#28792}
2015-06-03 16:23:08 +00:00
ishell
405844b5f2
Fixed memory-leak in d8. It did not clean evaluation context used for executing shell commands.
...
BUG=chromium:493284
LOG=N
Review URL: https://codereview.chromium.org/1147343004
Cr-Commit-Position: refs/heads/master@{#28790}
2015-06-03 14:34:58 +00:00
ishell
65ada9fa0b
Mark proxy map as unstable during proxy fixing (freezing, sealing or preventing extensions).
...
BUG=chromium:493568
LOG=N
Review URL: https://codereview.chromium.org/1158023003
Cr-Commit-Position: refs/heads/master@{#28759}
2015-06-02 11:29:27 +00:00
verwaest
2fb894fa58
Use GetProperty for getting elements.
...
This also fixes issues with
- kMaxUint32 being a valid length but not index cornercases
- exotic integer objects masking "exotic indexes" even though its in the prototype chain
- concating of holey sloppy arguments
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/1159433003
Cr-Commit-Position: refs/heads/master@{#28754}
2015-06-02 10:42:29 +00:00
mstarzinger
d207fcef66
Fix bogus insertion of filler in LO-space by String#replace.
...
R=hpayer@chromium.org
TEST=mjsunit/regress/regress-crbug-493779
BUG=chromium:493779
LOG=N
Review URL: https://codereview.chromium.org/1163793002
Cr-Commit-Position: refs/heads/master@{#28727}
2015-06-01 13:36:11 +00:00
yangguo
3f223ee69b
Debugger: PreservePositionScope should clear positions inside the scope.
...
The point of this change is so that when emitting code for a call in
FullCodegen::VisitCall, the statement position is not associated to
any code that loads the function, but to the actual CallIC.
R=mvstanton@chromium.org
BUG=chromium:481896
LOG=N
Review URL: https://codereview.chromium.org/1157543004
Cr-Commit-Position: refs/heads/master@{#28701}
2015-05-29 12:56:40 +00:00
ishell
c984efe6e3
Reland "Fixed a couple of failing DCHECK(has_pending_exception()). (patchset #1 id:1 of https://codereview.chromium.org/1151373002/ )"
...
BUG=chromium:491062
LOG=N
Review URL: https://codereview.chromium.org/1157273002
Cr-Commit-Position: refs/heads/master@{#28699}
2015-05-29 11:37:23 +00:00
yangguo
dc9f0d4642
Throw illegal exception when formatting with invalid template index.
...
R=arv@chromium.org
BUG=chromium:492526
LOG=N
Review URL: https://codereview.chromium.org/1146923004
Cr-Commit-Position: refs/heads/master@{#28671}
2015-05-28 07:05:12 +00:00
yangguo
36d8363c1c
Do not eagerly convert exception to string when creating a message object
...
R=mstarzinger@chromium.org
BUG=chromium:490680
LOG=Y
Review URL: https://codereview.chromium.org/1157563005
Cr-Commit-Position: refs/heads/master@{#28670}
2015-05-28 06:30:14 +00:00
yangguo
0837b43720
Correctly hook up materialized receiver into the evaluation context chain.
...
R=ulan@chromium.org
BUG=chromium:491943
LOG=Y
Review URL: https://codereview.chromium.org/1157993002
Cr-Commit-Position: refs/heads/master@{#28628}
2015-05-26 13:06:41 +00:00
ishell
d2334e901c
Revert of Fixed a couple of failing DCHECK(has_pending_exception()). (patchset #1 id:1 of https://codereview.chromium.org/1151373002/ )
...
Reason for revert:
Broke V8 Linux - nosnap.
Original issue's description:
> Fixed a couple of failing DCHECK(has_pending_exception()).
>
> BUG=chromium:491062
> LOG=N
>
> Committed: https://crrev.com/62b56507cce3c57a2e1aebce6d34f29b3b64e762
> Cr-Commit-Position: refs/heads/master@{#28617}
TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:491062
Review URL: https://codereview.chromium.org/1148423004
Cr-Commit-Position: refs/heads/master@{#28619}
2015-05-26 10:28:35 +00:00
ishell
62b56507cc
Fixed a couple of failing DCHECK(has_pending_exception()).
...
BUG=chromium:491062
LOG=N
Review URL: https://codereview.chromium.org/1151373002
Cr-Commit-Position: refs/heads/master@{#28617}
2015-05-26 10:06:54 +00:00
jarin
a893a5e59a
Exclude non-optimizable functions from OptimizeFunctionOnNextCall.
...
BUG=chromium:491481
R=mstarzinger@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1143223004
Cr-Commit-Position: refs/heads/master@{#28614}
2015-05-26 08:47:04 +00:00
yangguo
e56585077b
Use shared container to manage imports/exports.
...
Also changed string.js and math.js to adapt this change.
R=jkummerow@chromium.org
Committed: https://crrev.com/e25058b0b7b9831162579564fc8935d568c1ecdd
Cr-Commit-Position: refs/heads/master@{#28521}
Review URL: https://codereview.chromium.org/1143993003
Cr-Commit-Position: refs/heads/master@{#28533}
2015-05-21 06:15:19 +00:00
jkummerow
1ec5561685
Revert of Use shared container to manage imports/exports. (patchset #2 id:20001 of https://codereview.chromium.org/1143993003/ )
...
Reason for revert:
Breaks nosnap bots
Original issue's description:
> Use shared container to manage imports/exports.
>
> Also changed string.js and math.js to adapt this change.
>
> R=jkummerow@chromium.org
>
> Committed: https://crrev.com/e25058b0b7b9831162579564fc8935d568c1ecdd
> Cr-Commit-Position: refs/heads/master@{#28521}
TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1144163002
Cr-Commit-Position: refs/heads/master@{#28523}
2015-05-20 15:59:37 +00:00
yangguo
e25058b0b7
Use shared container to manage imports/exports.
...
Also changed string.js and math.js to adapt this change.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1143993003
Cr-Commit-Position: refs/heads/master@{#28521}
2015-05-20 14:58:43 +00:00
ishell
1c673a56c1
Fixed DCHECK in StoreIC::CompileHandler().
...
BUG=chromium:489597
LOG=N
Review URL: https://codereview.chromium.org/1123153005
Cr-Commit-Position: refs/heads/master@{#28518}
2015-05-20 13:36:27 +00:00
mstarzinger
7bd2d3e32e
[turbofan] Fix over-restictive assertion in code generator.
...
R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-489293
BUG=chromium:489293
LOG=n
Review URL: https://codereview.chromium.org/1142873005
Cr-Commit-Position: refs/heads/master@{#28486}
2015-05-19 16:14:28 +00:00
ishell
18b60594c4
Another regression test for resolving references to "this" in strict mode.
...
BUG=chromium:487105
LOG=N
Review URL: https://codereview.chromium.org/1136123010
Cr-Commit-Position: refs/heads/master@{#28480}
2015-05-19 12:51:42 +00:00
jkummerow
f8175201da
Fix harmless HGraph verification failure after hoisting inlined bounds checks
...
BUG=chromium:487608
LOG=y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1133343003
Cr-Commit-Position: refs/heads/master@{#28463}
2015-05-19 07:32:48 +00:00
yangguo
19312c1631
Do not clear stepping after DebugEvaluate.
...
Clearing stepping was originally introduced in http://codereview.chromium.org/7889039
But DebugEvaluate now also uses a DisableBreak scope, which makes sure we don't step
inside the evaluated code.
R=yurys@chromium.org
BUG=chromium:467180
LOG=N
Review URL: https://codereview.chromium.org/1129363003
Cr-Commit-Position: refs/heads/master@{#28461}
2015-05-19 04:56:08 +00:00
verwaest
4268141ca6
Reland "Mark internal AccessorInfo properties as 'special data properties'"
...
This reverts commit ac5336baca
.
BUG=
Review URL: https://codereview.chromium.org/1138483005
Cr-Commit-Position: refs/heads/master@{#28442}
2015-05-18 12:36:40 +00:00
machenbach
f453416b7f
Revert of Debugger: preserve stepping state after evaluating breakpoint condition. (patchset #1 id:1 of https://codereview.chromium.org/1132643004/ )
...
Reason for revert:
[Sheriff] This breaks TSAN (makes some tests marked as flaky permanently fail):
http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/3882
Original issue's description:
> Debugger: preserve stepping state after evaluating breakpoint condition.
>
> R=ulan@chromium.org , yurys@chromium.org
> BUG=chromium:467180
> LOG=N
TBR=ulan@chromium.org ,yurys@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:467180
Review URL: https://codereview.chromium.org/1130123007
Cr-Commit-Position: refs/heads/master@{#28436}
2015-05-17 06:21:39 +00:00
yangguo
ee6666a55a
Debugger: preserve stepping state after evaluating breakpoint condition.
...
R=ulan@chromium.org , yurys@chromium.org
BUG=chromium:467180
LOG=N
Review URL: https://codereview.chromium.org/1132643004
Cr-Commit-Position: refs/heads/master@{#28432}
2015-05-15 22:50:55 +00:00
yangguo
d8e9f3a484
Add regression test for resolving "this" in debug evaluate.
...
R=hablich@chromium.org
BUG=chromium:487289
LOG=N
Review URL: https://codereview.chromium.org/1137293002
Cr-Commit-Position: refs/heads/master@{#28424}
2015-05-15 13:57:31 +00:00
mvstanton
de3a1ca02e
Bug: Runtime_GrowArrayElements provoked unnecessary lazy deopt.
...
Unnecessary, and unhandled as well.
BUG=488398
R=jarin@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1141163004
Cr-Commit-Position: refs/heads/master@{#28421}
2015-05-15 13:05:00 +00:00
ishell
3c1487db60
Map::ReconfigureProperty() should mark map as unstable when there is an element kind transition somewhere in the middle of the transition tree.
...
BUG=chromium:485548
LOG=N
Review URL: https://codereview.chromium.org/1128043005
Cr-Commit-Position: refs/heads/master@{#28418}
2015-05-15 10:39:51 +00:00
wingo
e73594c7fb
Use ExpressionClassifier to identify valid arrow function formals
...
R=dslomov@chromium.org
LOG=N
BUG=
Review URL: https://codereview.chromium.org/1138153003
Cr-Commit-Position: refs/heads/master@{#28391}
2015-05-13 11:45:02 +00:00
yangguo
46f992ddd0
Reland "Use function wrapper argument to expose internal arrays to native scripts."
...
Review URL: https://codereview.chromium.org/1138173002
Cr-Commit-Position: refs/heads/master@{#28367}
2015-05-12 14:00:45 +00:00
yurys
cf07add227
Don't create debug context if debug listener is not set
...
If there had been no debug listener v8::Debug::GetDebugContext would have created new context and wouln't have kept reference to it. This way we may well end up with several debug contexts and disabled debugger.
As a side effect this change allows to efficiently distinguish debug context from blink contexts by simply comparing handles.
BUG=chromium:482290
LOG=Y
Review URL: https://codereview.chromium.org/1136733002
Cr-Commit-Position: refs/heads/master@{#28356}
2015-05-12 07:33:18 +00:00
yangguo
c39a0a75ad
Revert of Use function wrapper argument to expose internal arrays to native scripts. (patchset #2 id:20001 of https://codereview.chromium.org/1127983003/ )
...
Reason for revert:
custom snapshot builder failing.
Original issue's description:
> Use function wrapper argument to expose internal arrays to native scripts.
>
> R=jkummerow@chromium.org
>
> Committed: https://crrev.com/a9b5a1795449d94387218d25baed2c2b3c4fbadc
> Cr-Commit-Position: refs/heads/master@{#28354}
TBR=jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1123353008
Cr-Commit-Position: refs/heads/master@{#28355}
2015-05-12 07:26:01 +00:00
yangguo
a9b5a17954
Use function wrapper argument to expose internal arrays to native scripts.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1127983003
Cr-Commit-Position: refs/heads/master@{#28354}
2015-05-12 06:14:18 +00:00
jkummerow
f10b992dab
Let Runtime_GrowArrayElements accept non-Smi numbers as |key|.
...
BUG=chromium:485410
LOG=y
R=mvstanton@chromium.org ,danno@chromium.org
Review URL: https://codereview.chromium.org/1132113004
Cr-Commit-Position: refs/heads/master@{#28327}
2015-05-09 10:30:49 +00:00
titzer
318c1f770c
[turbofan] Fix handling of OsrLoopEntry in ControlReducer::ConnectNTL()
...
R=jarin@chromium.org
LOG=Y
BUG=chromium:485908
Review URL: https://codereview.chromium.org/1138463004
Cr-Commit-Position: refs/heads/master@{#28323}
2015-05-08 15:44:27 +00:00
hpayer
c80d730c71
Initialize sub-array literals first before pointing to it.
...
BUG=484544
LOG=n
Review URL: https://codereview.chromium.org/1132763002
Cr-Commit-Position: refs/heads/master@{#28313}
2015-05-08 09:24:31 +00:00
verwaest
f21ea065b3
Fix smi scanning
...
BUG=chromium:483176
LOG=n
Review URL: https://codereview.chromium.org/1114073003
Cr-Commit-Position: refs/heads/master@{#28202}
2015-05-04 15:02:30 +00:00
yangguo
f42544b768
Set inferred name of bound function to empty string.
...
Otherwise it's whatever the js minifier assigns it to.
R=jkummerow@chromium.org
BUG=chromium:484077
LOG=N
Review URL: https://codereview.chromium.org/1122733002
Cr-Commit-Position: refs/heads/master@{#28190}
2015-05-04 09:55:43 +00:00
yangguo
7681432dbf
JSON serializer should fail gracefully for special value wrappers.
...
R=mstarzinger@chromium.org
BUG=chromium:471702
LOG=N
Review URL: https://codereview.chromium.org/1120573002
Cr-Commit-Position: refs/heads/master@{#28154}
2015-04-30 10:02:21 +00:00
mstarzinger
6b60f19168
[turbofan] Fix frame state for class literal definition.
...
This introduces a bailout point for class literals right after the
%DefineClass function has been called. Otherwise the FrameState after
class literal evaluation might contain the literal itself.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-480819
BUG=chromium:480819
LOG=N
Review URL: https://codereview.chromium.org/1104673004
Cr-Commit-Position: refs/heads/master@{#28043}
2015-04-24 11:12:57 +00:00
bmeurer
4f9bc2d1c3
[turbofan] Ignore dead cached nodes in the JSGraph.
...
BUG=chromium:480807
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1101273002
Cr-Commit-Position: refs/heads/master@{#28041}
2015-04-24 10:51:32 +00:00
yangguo
8cf289ca4f
Throw when attaching a stack trace to an object fails.
...
R=jarin@chromium.org
BUG=chromium:478011
LOG=N
Review URL: https://codereview.chromium.org/1077153003
Cr-Commit-Position: refs/heads/master@{#27941}
2015-04-20 14:40:45 +00:00
jkummerow
4204c72739
Don't use normalized map cache for prototype maps
...
BUG=chromium:477924
LOG=n
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1090193002
Cr-Commit-Position: refs/heads/master@{#27916}
2015-04-17 12:16:07 +00:00
erikcorry
e0be05036f
Reduce regexp compiler stack size when not optimizing regexps
...
R=jkummerow@chromium.org
BUG=chromium:475705
LOG=y
Review URL: https://codereview.chromium.org/1082763002
Cr-Commit-Position: refs/heads/master@{#27851}
2015-04-15 15:15:52 +00:00
ulan
68a7773e0f
Correctly handle clearing of deprecated field types.
...
BUG=v8:4027
LOG=NO
Review URL: https://codereview.chromium.org/1086063003
Cr-Commit-Position: refs/heads/master@{#27837}
2015-04-15 09:55:33 +00:00
jkummerow
2ff768b206
Put --noalways-opt flag back into regress-crbug-245480
...
This is a partial revert of 3eb277f270
.
R=machenbach@chromium.org
NOTRY=true
Review URL: https://codereview.chromium.org/1087183002
Cr-Commit-Position: refs/heads/master@{#27835}
2015-04-15 09:31:39 +00:00
jkummerow
3eb277f270
%GetOptimizationStatus(): Unconditionally return a sentinel when --always-opt is present
...
Review URL: https://codereview.chromium.org/1086923002
Cr-Commit-Position: refs/heads/master@{#27822}
2015-04-14 14:57:48 +00:00
mvstanton
2ebb794b4f
VectorICs: recreate feedback vector if scoping changes on recompile.
...
BUG=476488
LOG=N
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1080253003
Cr-Commit-Position: refs/heads/master@{#27817}
2015-04-14 12:31:31 +00:00