bmeurer@chromium.org
aa83f2900a
Fix invalid assertion with OSR in BuildBinaryOperation.
...
BUG=v8:3032
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/98623004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 13:12:07 +00:00
mstarzinger@chromium.org
db915fe97e
Handle captured objects in OptimizedFrame::Summarize.
...
R=yangguo@chromium.org
BUG=v8:3029
TEST=mjsunit/regress/regress-3029
LOG=N
Review URL: https://codereview.chromium.org/96773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-02 12:11:02 +00:00
mvstanton@chromium.org
5ba1304d60
Array builtins need to be prevented from changing frozen objects, and changing structure on sealed objects.
...
BUG=299979
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/80623002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-29 15:22:16 +00:00
yangguo@chromium.org
f235194518
Fix bug in inlining Function.apply.
...
R=jkummerow@chromium.org
BUG=323942
LOG=Y
Review URL: https://codereview.chromium.org/95123003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18135 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:30:17 +00:00
dslomov@chromium.org
7372596615
Ensure that length is Smi in TypedArrayFromArrayLike constructor.
...
R=jkummerow@chromium.org
BUG=324028
LOG=Y
Review URL: https://codereview.chromium.org/94473002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 15:22:36 +00:00
mstarzinger@chromium.org
d53e38777f
Fix missing bounds check in n-arguments Array constructor.
...
LOG=N
R=mvstanton@chromium.org
BUG=v8:3027
TEST=mjsunit/regress/regress-3027
Review URL: https://codereview.chromium.org/92103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-28 09:29:57 +00:00
yangguo@chromium.org
ab96631177
Increase precision for base conversion for large integers.
...
R=jkummerow@chromium.org
BUG=v8:3025
LOG=Y
Review URL: https://codereview.chromium.org/88583002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 15:48:13 +00:00
yangguo@chromium.org
afd8e5a305
Speed up long-running test cases.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/85163003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 11:32:39 +00:00
yangguo@chromium.org
4716b292db
Make some ARM test cases faster.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/85473004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-26 10:43:44 +00:00
yangguo@chromium.org
aa3518a0f3
Make sure files end with exactly one new line and police this in presubmit.
...
The changes are (excluding presubmit.py) mechanical. I added the following
lines after the check and iterated the presubmit script until all errors
went away:
f = open(name, "w");
if contents.endswith('\n\n'):
f.write(contents[0:-1])
else:
f.write(contents + '\n')
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/82803005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 13:50:39 +00:00
ulan@chromium.org
21fb1401bd
Restore saved caller FP registers on stub failure
...
and preserve FP registers on NotifyStubFailure.
In debug mode, clobber FP registers on each runtime call to increase
chances of catching such bugs.
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/78283002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-22 10:21:47 +00:00
danno@chromium.org
06c7620302
Fixed crashes exposed though fuzzing.
...
The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set.
R=yangguo@chromium.org
TEST=test/mjsunit/regress/regress-320948.js
BUG=chromium:320948
LOG=Y
Review URL: https://codereview.chromium.org/72813004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 16:41:07 +00:00
jkummerow@chromium.org
37443768bf
Fix register trashing in Emit*ByteSeqStringSetChar
...
This is currently not observable without --allow-natives-syntax because all internal usages are safe, but it deserves to be fixed nonetheless.
BUG=chromium:320922
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/67103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 12:59:09 +00:00
mvstanton@chromium.org
bff41483dc
Bugfix: dependent code field in AllocationSite was keeping code objects alive even after context death.
...
BUG=320532
LOG=Y
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/62803008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-19 10:17:33 +00:00
dslomov@chromium.org
4228132e74
Use mock ArrayBuffer allocator to avoid really allocating 1Gb.
...
R=jkummerow@chromium.org
BUG=v8:3014
LOG=N
Review URL: https://codereview.chromium.org/61623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 14:50:45 +00:00
danno@chromium.org
f27f2fa420
Match max property descriptor length to corresponding bit fields
...
BUG=v8:3010
R=verwaest@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/72333004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-18 11:44:06 +00:00
jkummerow@chromium.org
c9b41c6995
Limit size of dehoistable array indices
...
LOG=Y
BUG=chromium:319835,chromium:319860
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/74113002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 17:24:10 +00:00
dslomov@chromium.org
7936ca39be
Limit the size for typed arrays to MaxSmi.
...
R=jkummerow@chromium.org
LOG=Y
BUG=319722
Review URL: https://codereview.chromium.org/73943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:37:15 +00:00
dslomov@chromium.org
c01aa1fc1f
Revert "Limit the size for typed arrays to MaxSmi."
...
This reverts commit r17798 for allocating too much memroy in tests.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/74093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:25:51 +00:00
dslomov@chromium.org
09ca1318ab
Limit the size for typed arrays to MaxSmi.
...
R=jkummerow@chromium.org
LOG=Y
BUG=319722
Review URL: https://codereview.chromium.org/73943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 16:09:56 +00:00
verwaest@chromium.org
341d405301
Reland and fix "Add support for keyed-call on arrays of fast elements"
...
BUG=
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/71783003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 10:52:05 +00:00
bmeurer@chromium.org
2ee5aa951c
Fix missing type feedback check for Generic*String addition.
...
TEST=mjsunit/regress/regress-crbug-318671
BUG=318671
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/67473007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-15 09:13:36 +00:00
danno@chromium.org
28ed69b8fb
Fix overflow in TypedArray initialization function
...
BUG=chromium:319120
TEST=test/mjsunit/regress/regress-319120.js
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/61753013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17711 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-14 06:20:48 +00:00
mstarzinger@chromium.org
d5cb83f4aa
Fix invalid reuse of weak global handle in GetScriptWrapper.
...
This fixes a direct usage of a weak global handle in GetScriptWrapper
that just casted it to a strong local handle, while a subsequent GC
might clear it. Handlepocalypse anyone?
R=machenbach@chromium.org
BUG=v8:2988
TEST=mjsunit/regress/regress-2988
Review URL: https://codereview.chromium.org/67273004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-11 16:27:36 +00:00
ulan@chromium.org
bc4ad49b25
Do not add values to HGraph in Lithium.
...
Lithium uses indexes after the maximium value ID in the HGraph as indexes
of virtual registers and assumes that the maximum value ID does not change.
The IsStandardConstant and GetConstantXX functions could add constants to
HGraph, which aliased virtual registers with real values. This could confuse
the register allocator to think that a value in a virtual register is tagged
and to incorrectly set it in the pointer map.
BUG=298269
TEST=mjsunit/regress/regress-298269.js
R=verwaest@chromium.org
Review URL: https://chromiumcodereview.appspot.com/66693002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-08 14:16:34 +00:00
mstarzinger@chromium.org
59536de77d
Make HCapturedObjects non-deletable for DCE.
...
R=jkummerow@chromium.org
BUG=v8:2987
TEST=mjsunit/regress/regress-2987
Review URL: https://codereview.chromium.org/64433002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 16:07:19 +00:00
yangguo@chromium.org
eb550c6da4
Fix y-umlaut to uppercase.
...
R=dcarney@chromium.org
BUG=v8:2984
Review URL: https://codereview.chromium.org/59853006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-07 09:08:34 +00:00
yangguo@chromium.org
a5ed9a71c8
Correctly load message from an Error object.
...
R=mstarzinger@chromium.org
BUG=306220
Review URL: https://codereview.chromium.org/46593010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-05 13:04:51 +00:00
jkummerow@chromium.org
2ebfd6e90e
Add missing negative dictionary lookup to NonexistentHandlerFrontend
...
BUG=v8:2980
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/57433003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-04 14:14:09 +00:00
jkummerow@chromium.org
316271fc35
Fix uint32-to-smi conversion in Lithium
...
BUG=chromium:309623
R=vegorov@google.com , yangguo@chromium.org
Review URL: https://codereview.chromium.org/54393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-31 10:18:51 +00:00
yangguo@chromium.org
3f1a833524
Do not remove HAdd with zero if the other operand is a double.
...
The other operand might be minus zero, and -0 + 0 = +0
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/52173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17432 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-30 10:22:52 +00:00
jkummerow@chromium.org
9e88c23cbf
ia32: Fix comparisons of two constant double operands when exactly one of them is in new space.
...
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/46883008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-29 14:34:07 +00:00
yangguo@chromium.org
7dd2d6c590
Reland "Make Array.prototype.pop throw if the last element is not configurable."
...
This relands r17346.
R=machenbach@chromium.org
BUG=311164
Review URL: https://codereview.chromium.org/43923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-25 11:55:56 +00:00
svenpanne@chromium.org
7fb61a78d4
Tune mjsunit/regress/regress-2612.
...
Lower the bounds to something bearable which would still timeout if we
used a quadratic algorithm.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/39863003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 13:07:16 +00:00
svenpanne@chromium.org
f2122438e0
Removed long-running obselete test case.
...
The test was the 2nd longest-running test case in debug mode, and the
stuff it tests has already been moved long ago to some other place,
which is in turn heavily tested by far simpler and faster things
(%TruncateString etc.).
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/39233003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 08:09:32 +00:00
yangguo@chromium.org
0f564cb1b0
Revert "Make Array.prototype.pop throw if the last element is not configurable."
...
This reverts commit r17346.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/39593002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-24 07:48:23 +00:00
yangguo@chromium.org
e25920da19
Make Array.prototype.pop throw if the last element is not configurable.
...
Popping an element from an array should call [[Delete]] internal method
and pass true as the second argument (ECMA-262/5.1/#sec-15.4.4.6).
When the last element can't be deleted, throw a Type Error.
Not throwing the error would result in endless loop in the following test.
TEST=var a=[];Object.defineProperty(a,0,{});while(a.length)a.pop();
By the way fix another bug, or else i can't post any issues.
"presubmit.py" throw a "missing a correct copyright header" on windows.
Both the slash and the backslash are valid path separator on windows.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/29513004
Patch from Yanagi <admin@web-tinker.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 16:19:24 +00:00
jkummerow@chromium.org
8259439ae8
Fix HObjectAccess for loads from migrating prototypes
...
BUG=chromium:305309
R=danno@chromium.org
Review URL: https://codereview.chromium.org/35173005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17345 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-23 15:15:15 +00:00
svenpanne@chromium.org
dd74f5aa08
Removed obsolete unit tests.
...
As discussed offline, these tests don't test what they were supposed to
test anymore and were the longest running ones.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/32433009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-22 11:26:07 +00:00
mstarzinger@chromium.org
0a2b4ecdcc
Add regression test for optimized count operation.
...
This is a regression test for a bug with handling of count operations
that target a JavaScript accessor on the prototype chain in Crankshaft.
R=jkummerow@chromium.org
BUG=chromium:306851
TEST=mjsunit/regress/regress-crbug-306851
Review URL: https://codereview.chromium.org/27702002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-17 12:48:28 +00:00
dslomov@chromium.org
5ccd697875
Do not look up ArrayBuffer on global object in typed array constructor.
...
BUG=v8:2931
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/27238009
Patch from Ben Noordhuis <info@bnoordhuis.nl>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 11:27:12 +00:00
yangguo@chromium.org
71ba8c5fb4
Retire concurrent recompilation delay for non-stress testing.
...
Instead, we block concurrent recompilation until unblocked. This makes
affected tests more predictable and run shorter.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/26758003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-14 14:15:22 +00:00
mstarzinger@chromium.org
f878c1c359
Fix pre-parsing of 'use strict' directive after string literals.
...
R=ulan@chromium.org
TEST=mjsunit/regress/regress-parse-use-strict
Review URL: https://codereview.chromium.org/27025002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-11 14:03:54 +00:00
olivf@chromium.org
4b6d0e33f2
Only set binary operation side effects flags, when observable.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/26712002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 16:49:25 +00:00
mstarzinger@chromium.org
63d8abb6c6
Unify and fix checkers for duplicate object literal properties.
...
R=ulan@chromium.org
TEST=preparser/duplicate-property,mjsunit/regress/regress-parse-object-literal
Review URL: https://codereview.chromium.org/26375004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-10 11:58:16 +00:00
verwaest@chromium.org
7e0ea6ab46
Only fold polymorphic into monomorphic load if all load from either receiver or same prototype.
...
R=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/25718002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-02 13:24:08 +00:00
olivf@chromium.org
d268078ce0
Fix flaky parallel recompilation test.
...
On very rare circumstances parallel recompilation would install
the optimized method earlier than expected and the test would fail.
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/24495005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-25 08:23:14 +00:00
olivf@chromium.org
6fc2875d51
Fix Environment size mismatch in r6849.
...
TBR=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/23983043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-20 08:34:23 +00:00
yangguo@chromium.org
cb10ceb19d
Reland "Clean up after r16292 (disable optimization for StringWrappers)."
...
BUG=
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/23619036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 16:17:58 +00:00
yangguo@chromium.org
ad25a2969d
Revert "Clean up after r16292 (disable optimization for StringWrappers)."
...
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/23600040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 11:15:12 +00:00