AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
7,099 Commits 1 Branch 0 Tags 839 MiB
ac36cb4504
Commit Graph

372 Commits

Author SHA1 Message Date
vegorov@chromium.org
ac36cb4504 Merge experimental/gc branch to the bleeding_edge. 
Review URL: http://codereview.chromium.org/7945009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-19 18:36:47 +00:00
jkummerow@chromium.org
fcc2e65aad Change global const handling to silently ignore redeclarations 
and make window.{Infinity,NaN,undefined} read-only as per ES5

BUG=89490
TEST=mjsunit/const-redecl.js, mjsunit/undeletable-functions.js, es5conform, sputnik

Review URL: http://codereview.chromium.org/7811015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 12:00:30 +00:00
yangguo@chromium.org
48b5328bde Fixing issue 1639, debugger stops stepping outside evaluate. 
BUG=v8:1639

Review URL: http://codereview.chromium.org/7889039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-15 07:23:31 +00:00
keuchel@chromium.org
96de832c89 Mark variables as being accessed from any inner scope, not only function scopes 
BUG=96523
TEST=mjsunit/regress/regress-96523.js

Review URL: http://codereview.chromium.org/7890031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9281 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 13:51:29 +00:00
kmillikin@chromium.org
63bec78428 Revert "MIPS: port Remove in-loop tracking for call ICs." 
Committed incorrectly.

TBR=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7890026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 08:08:16 +00:00
kmillikin@chromium.org
f9e2922b12 MIPS: port Remove in-loop tracking for call ICs. 
port r9260 (af9cfd83).

Original commit message:
We passed this flag around in a lot of places and had differenc call
ICs based on it, but never did any real specialization based on its
value.

BUG=
TEST=

Review URL: http://codereview.chromium.org/7886028
Patch from Paul Lind <plind44@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 08:04:47 +00:00
rossberg@chromium.org
40880d3206 Fixed spurious character in test case, plus presubmit issues. 
Also addressed Slava's complaint about the personalized comment.

R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7886032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-14 07:30:51 +00:00
rossberg@chromium.org
28f7136ced Fix for .bind regression. 
R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7892013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 17:14:39 +00:00
yangguo@chromium.org
321bfc549f Fixing r9265: moving test case into correct location. 
Review URL: http://codereview.chromium.org/7889008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-13 16:11:05 +00:00
danno@chromium.org
df860eda5c Don't allow seal or element property re-definition on external arrays. 
R=ricow@chromium.org
BUG=95920
TEST=test/mjsunit/regress/regress-95920.js

Review URL: http://codereview.chromium.org/7858031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-09 14:30:00 +00:00
kmillikin@chromium.org
8b165d414f Fix a bug in abrupt exit from with or catch inside finally. 
When with or catch is nested inside finally, we were not properly restoring
the context in the stack for the finally code.  Also, as a small
optimization, restore it from the handler block instead of iteratively
unwinding contexts.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7837023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-07 09:21:44 +00:00
jkummerow@chromium.org
09c66d20ce Fix possible crash in FixedDoubleArray::Initialize() 
(this only affected ia32).

BUG=95113
TEST=mjsunit/regress/regress-95113.js passes without crashing.

Review URL: http://codereview.chromium.org/7833040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 14:07:54 +00:00
vegorov@chromium.org
d451878c91 Fix bug in Page::GetRegionMaskForSpan. 
When checking for a wrap take into account offset of the start address in the region.

BUG=http://crbug.com/94425
TEST=test/mjsunit/regress/regress-94425.js
Review URL: http://codereview.chromium.org/7779037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 11:24:48 +00:00
ricow@chromium.org
0fbf8c8854 Add regression test for issue 1215, expand regression test for issue 1447. 
Both these issues has now been closed since they are working on bleeding edge.
Review URL: http://codereview.chromium.org/7739024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-06 07:43:51 +00:00
yangguo@chromium.org
86a62d0da3 Added check for trailing whitespaces and corrected existing violations. 
Review URL: http://codereview.chromium.org/7826007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:28:10 +00:00
ricow@chromium.org
4e94cd8b08 Make arguments and caller always be null on native functions (fixes issue 1548 and issue 1643). 
With this change we follow Firefox, Safari has a slightly different approach where the property is just not there (at least according to GetOwnProperty). 
Review URL: http://codereview.chromium.org/7792054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:09:11 +00:00
vegorov@chromium.org
e833f91eb3 Do constant function check earlier in TryCallApply and ensure correct environment for deopt. 
R=kmillikin@chromium.org
BUG=v8:1650
TEST=test/mjsunit/regress/regress-1650.js
Review URL: http://codereview.chromium.org/7812033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 10:33:59 +00:00
fschneider@chromium.org
ffc6c7e56b Introduce local function declarations in Crankshaft and fix issue 1647. 
We have to emit code for declarations later into the body block
(and not into the start block) so that the environment contains
the correct values.

In order to capture the environment effect of the declarations
that generate code (function declarations) I inserted a separate
AST id and a HSimulate after the declarations are visited.

Also fixes handling deopt in named function expressions:
BUG=v8:1647
TEST=test/mjsunit/regress/regress-fundecl.js, test/mjsunit/regress/regress-1647.js
Review URL: http://codereview.chromium.org/7776009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-31 13:26:08 +00:00
lrn@chromium.org
d8a123169b Make regexp flag parsing stricter. 
BUG=v8:1628
TEST=mjsunit/regress/regress-219

Review URL: http://codereview.chromium.org/7624045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-19 11:02:41 +00:00
lrn@chromium.org
7939f9acf2 Make scanner handle invalid unicode escapes in identifiers correctly. 
I.e., don't just convert \u to u in identifiers (like in strings and regexps).

Also make the scanning of RegExp flags not interpret the escapes.

(Fix and reapply of r8942)

BUG=v8:1620
TEST=mjsunit/regress/regress-1620

Review URL: http://codereview.chromium.org/7677012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-18 12:47:23 +00:00
ricow@chromium.org
d9c1984fe3 Use InternalArray in Object.defineProperties to avoid issues with overwriten properties on Array.prototype 
TEST=mjsunit/regress/regress-1625
BUG=v8:1625
Review URL: http://codereview.chromium.org/7631039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-18 08:39:06 +00:00
ricow@chromium.org
7f36b52540 Revert 8942 "Make scanner not accept invalid unicode escapes in identifiers" 
This is causing webkit failures, reverting until we figure out if this is a V8 regression or wrong test expectations.
Review URL: http://codereview.chromium.org/7669017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-17 08:22:41 +00:00
lrn@chromium.org
7d17c8d5d3 Make scanner not accept invalid unicode escapes in identifiers. 
BUG=v8:1620
TEST=mjsunit/regress/regress-1620

Review URL: http://codereview.chromium.org/7663005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-16 13:31:08 +00:00
vitalyr@chromium.org
a107387dde Fix fun.apply(receiver, arguments) optimization. 
R=kmillikin@chromium.org
BUG=v8:1592
TEST=mjsunit/regress/regress-1592.js

Review URL: http://codereview.chromium.org/7497067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-10 16:05:17 +00:00
kmillikin@chromium.org
7adb10a48e Fix a bug in named getter/setter compilation. 
Because these are function literals that have an associated name, we were
compiling them as if they were named function expressions.  This is
incorrect, the property name should not be in scope.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7599024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-09 12:43:08 +00:00
kmillikin@chromium.org
d941053dbe Revert "Revert "Fix a bug in scope analysis."" 
Reapply r8838 with a fix for the issue of function names.

Because function names can be added/changed/removed through the API,
remember whether the function is anonymous when initially parsed and use
that information when compiling.

R=vegorov@chromium.org
BUG=1583
TEST=regress-1583

Review URL: http://codereview.chromium.org/7491097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-08 16:14:46 +00:00
lrn@chromium.org
e9bc76c499 Avoid infinite recursion for unterminated non-ASCII JSON string literals. 
BUG=91787
TEST=mjsunit/regress/regress-91787

Review URL: http://codereview.chromium.org/7569008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 12:55:29 +00:00
keuchel@chromium.org
c14b08658e Fix DebugEvaluate crash within a catch in a function without local context. 
BUG=v8:1586
TEST=mjsunit/regress/regress-1586.js

Review URL: http://codereview.chromium.org/7491053

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 12:00:57 +00:00
lrn@chromium.org
61ae1be609 Fix bug in scanner. 
Checking for end-of-comment truncated to byte before comparing to '*'.

BUG=v8:1546
TEST=mjsunit/regress/regress-1546

Review URL: http://codereview.chromium.org/7585004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 11:21:04 +00:00
kmillikin@chromium.org
3e28347d55 Revert "Fix a bug in scope analysis." 
This reverts commit revision 8838.

TBR=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7584005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 09:20:08 +00:00
kmillikin@chromium.org
b625ce2b6b Fix a bug in scope analysis. 
When recompiling code (e.g., when optimizing) we could incorrectly hoist
some function expressions.  This leads to incorrect results or a crash.  The
root cause was that functions were not correctly categorized as expression
or declaration at parse time.

This requires some extra hoops to prevent the print name "anonymous" for
functions created by 'new Function' from establishing a binding.

R=vegorov@chromium.org,kasperl@chromium.org
BUG=1583
TEST=regress-1583

Review URL: http://codereview.chromium.org/7572019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-05 08:28:11 +00:00
danno@chromium.org
861c895a34 Add regression test for 91517 
R=vegorov@chromium.org
BUG=91517
TEST=regress-91517.js

Review URL: http://codereview.chromium.org/7575007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-04 11:00:32 +00:00
ricow@chromium.org
9721eddc1f Ensure that the length property of bound functions are actual unique 
for the individually bound functions.

Our existing code will generate a new function on every call to bind,
but it will use the same shared function. When setting the lenght this
will be set on the shared function, i.e., the length of all bound
functions will be that of the last bound function.
Review URL: http://codereview.chromium.org/7475002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-03 12:44:17 +00:00
kmillikin@chromium.org
4487f8c050 Revert "Revert "Fix a bug in scope analysis."" 
Reapply r8783 with an additional fix.

Because the preparser and parser do not use the same scope analysis to
determine if a function can be lazily compiled, the parser can have false
positives.  Rather than treating this as a parse error, treat the preparser
as authoritative and eagerly compile the function.

R=lrn@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7565003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-03 09:10:35 +00:00
kmillikin@chromium.org
a129c95a54 Revert "Fix a bug in scope analysis." 
This reverts r8783.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7550013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 17:02:24 +00:00
kmillikin@chromium.org
f37f6e88ca Fix a bug in scope analysis. 
Function declarations inside catch are hoisted to the nearest enclosing
function scope, but we compiled their bodies as if occurring inside the
catch scope.

BUG=chrome:91120
TEST=regress/regress-91120 attached

Review URL: http://codereview.chromium.org/7548011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 15:04:31 +00:00
danno@chromium.org
b333719607 Properly handle FixedDoubleArrays in sort() 
R=jkummerow@chromium.org
BUG=91008
TEST=regress-91008.js

Review URL: http://codereview.chromium.org/7542008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 14:05:11 +00:00
vegorov@chromium.org
9226cfe5b7 Ensure that GenerateStoreFastDoubleElement returns stored value on all paths. 
BUG=chromium:91013
TEST=test/mjsunit/regress/regress-91013.js
Review URL: http://codereview.chromium.org/7551009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 13:36:38 +00:00
vegorov@chromium.org
a547d333f0 Check for phi-uses of arguments object before eliminating dead phi's. 
HGraphBuilder::TryArgumentsAccess does not emit any uses for receiver and will generate incorrect code when receiver for a property access is defined by a phi that returns either arguments object or something else.
 
BUG=v8:1582
TEST=test/mjsunit/regress/regress-1582.js
Review URL: http://codereview.chromium.org/7553006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 09:32:28 +00:00
danno@chromium.org
008f834117 Properly handle FastDoubleArrays in Runtime_MoveArrayContents 
BUG=91013
TEST=regress91013.js

Review URL: http://codereview.chromium.org/7551004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-08-02 09:28:55 +00:00
danno@chromium.org
1f9801bb9e Fix bug in ARM pixel array clamping 
Properly handle undefined conversion to zero in Crankshaft.

R=yangguo@chromium.org
BUG=none
TEST=regress-1563.js

Review URL: http://codereview.chromium.org/7461028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-22 16:01:53 +00:00
jkummerow@chromium.org
9de5255b60 Revert "Make window.undefined, window.NaN, window.Infinitiy read-only (ES5 section 15.1.1)" 
This reverts r8691.

Review URL: http://codereview.chromium.org/7457020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-20 10:51:11 +00:00
jkummerow@chromium.org
6768c5e24e Make window.undefined, window.NaN, window.Infinitiy read-only (ES5 section 15.1.1) 
BUG=89490
TEST=manual: "Infinity = 42;" doesn't change the value of "Infinity"

Review URL: http://codereview.chromium.org/7457019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-20 10:06:53 +00:00
ager@chromium.org
85f5afb717 Correctly mark functions from our natives files during compilation. 
When creating a CompilationInfo we always have the script and can
determine if it is a natives script.

Now that all natives functions are recognized as such, many of them
are called with undefined as the receiver. We have to use different
filtering for builtins functions when printing stack traces.

Also, fixed one call of CALL_NON_FUNCTION to be correctly marked as a
method call (with fixed receiver). Now that CALL_NON_FUNCTION is
marked as a native function this caused the receiver to be undefined.

R=svenpanne@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7395030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-19 08:19:31 +00:00
jkummerow@chromium.org
d4779286b6 Add map check for COW elements to crankshaft array handling code. 
BUG=1560
TEST=mjsunit/regress/regress-1560.js

Review URL: http://codereview.chromium.org/7366008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8656 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-14 14:45:20 +00:00
kmillikin@chromium.org
890bc1607a Fix a potential crash in const declaration. 
Declaration of const lookup slots would trigger an assertion if there was a
setter somewhere in the prototype chain, and that setter was shadowed by a
non-readonly data property also in the prototype chain.

R=ager@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7324048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-11 14:07:12 +00:00
kmillikin@chromium.org
cbaf1bc98b Allow JSObject::PreventExtensions to work for arguments objects. 
R=karlklose@chromium.org

Review URL: http://codereview.chromium.org/7335002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-11 06:48:19 +00:00
kmillikin@chromium.org
fe23339bdd Fix a bug in for/in iteration of arguments objects. 
We did not properly combine the property names from the parameter map
and the arguments backing store.  They could overwrite each other and
be unsorted.

Also fix an unrelated bug: deleting from a dictionary-mode arguments
backing store could corrupt the parameter map.

R=rossberg@chromium.org
BUG=1531
TEST=mjsunit/regress/regress-1531.js

Review URL: http://codereview.chromium.org/7278033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-08 07:31:48 +00:00
ricow@chromium.org
82e53270dc Ensure that regexps always have code object, even if GC happened while running multiple times in runtime. 
Review URL: http://codereview.chromium.org/7316018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-07 10:04:56 +00:00
sgjesse@chromium.org
ca3787f395 Fix debug break on binary boolean operators 
The syntax checker finding breakable statements did not take into account that the right hand side of a boolean binary opration might never get evaluated.

R=svenpanne@chromium.org

BUG=v8:1523
TEST=test/mjsunit/regress/regress-1523.js

Review URL: http://codereview.chromium.org//7212027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-07-06 10:16:57 +00:00