ishell
1a2e4b265a
Map::CopyGeneralizeAllRepresentations() left incorrect layout descriptor in a new map.
...
BUG=chromium:436820
LOG=N
Review URL: https://codereview.chromium.org/759823004
Cr-Commit-Position: refs/heads/master@{#25530}
2014-11-26 17:37:05 +00:00
titzer
9da4998204
Abort optimization in corner case.
...
The %OptimizeFunctionOnNextCall sledgehammer can cause a function to be
marked for optimization before it's ever been compiled by fullcode.
This can lead to the situation where a function doesn't have optimization
disabled until we try to compile it optimized.
Basically, the assert should just handle this case more gracefully.
R=yangguo@chromium.org
BUG=436893
LOG=Y
Review URL: https://codereview.chromium.org/760063002
Cr-Commit-Position: refs/heads/master@{#25528}
2014-11-26 16:57:52 +00:00
jarin
97cab985b8
Do not try to inline if the function has an illegal redeclaration.
...
R=mvstanton@chromium.org
BUG=chromium:436896
LOG=n
Review URL: https://codereview.chromium.org/755333003
Cr-Commit-Position: refs/heads/master@{#25527}
2014-11-26 16:32:46 +00:00
dslomov
626f110f0b
Introduce legacy const slots in correct context.
...
R=rossberg@chromium.org
BUG=chromium:410030
LOG=Y
Review URL: https://codereview.chromium.org/756293004
Cr-Commit-Position: refs/heads/master@{#25519}
2014-11-26 12:16:30 +00:00
dslomov
6ac4de87a8
harmony-scoping: make assignment to 'const' a late error.
...
Per TC39 Nov 2014 decision.
This patch also changes behavior for "legacy const": assignments to sloppy const in strict mode is now also a type error. This fixes v8:2243 and also brings us in compliance with other engines re assignment to function names (see updated webkit test), but might have bigger implications.
That change can easily be reverted by changing Variable::IsSignallingAssignmentToConst.
BUG=v8:3713,v8:2243
LOG=N
Review URL: https://codereview.chromium.org/749633002
Cr-Commit-Position: refs/heads/master@{#25516}
2014-11-26 11:21:23 +00:00
jarin
d9cabb9b22
[turbofan] Fix matching of the lea instruction.
...
Resets the scaled exponent to 0 when the scaling match fails.
BUG=
Review URL: https://codereview.chromium.org/756643002
Cr-Commit-Position: refs/heads/master@{#25491}
2014-11-24 17:45:33 +00:00
yangguo
270dccf6db
Correctly find shared function info for debugging when compiling eagerly.
...
R=ulan@chromium.org
BUG=v8:3717
LOG=N
Review URL: https://codereview.chromium.org/758523004
Cr-Commit-Position: refs/heads/master@{#25486}
2014-11-24 15:43:35 +00:00
yangguo
14a3b9188d
Fix RegExp.source for uncompiled regexp.
...
R=jkummerow@chromium.org
BUG=435825
LOG=N
Review URL: https://codereview.chromium.org/753983002
Cr-Commit-Position: refs/heads/master@{#25476}
2014-11-24 11:21:52 +00:00
yangguo
5414c39974
Slightly improve tests that rely on lazy compilation.
...
R=rossberg@chromium.org
BUG=v8:3712
LOG=N
Review URL: https://codereview.chromium.org/743843003
Cr-Commit-Position: refs/heads/master@{#25463}
2014-11-21 12:41:06 +00:00
yangguo
61bee5c898
Correctly escape RegExp source.
...
R=ulan@chromium.org
BUG=v8:3229
LOG=N
Review URL: https://codereview.chromium.org/736003002
Cr-Commit-Position: refs/heads/master@{#25457}
2014-11-21 10:50:24 +00:00
Michael Stanton
cf572694fe
Assert to protect against polymorphic string loads fires on valid stores.
...
BUG=435477
LOG=N
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/751513002
Cr-Commit-Position: refs/heads/master@{#25456}
2014-11-21 10:29:08 +00:00
Michael Stanton
3d58b82add
Fix for 435073: CHECK failure in CHECK(p->IsSmi()) failed.
...
The bug was an error when copying arrays in crankshaft. If it's a holey smi
array, the copy must be done as FAST_HOLEY_ELEMENTS to prevent representation
changes from being inserted that deopt on encountering the hole.
Also, prevent inlining array pop() and shift() if the length is read-only.
BUG=435073
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/737383002
Cr-Commit-Position: refs/heads/master@{#25455}
2014-11-21 10:14:19 +00:00
ulan
dc88962350
Do not bailout from optimizing functions that use f(x, arguments)
...
if there is not enough type-feedback to detect that f is Function.prototype.apply.
BUG=v8:3709
LOG=N
TEST=mjsunit/regress/regress-3709
Review URL: https://codereview.chromium.org/736043002
Cr-Commit-Position: refs/heads/master@{#25447}
2014-11-20 17:07:44 +00:00
Andreas Rossberg
4f63564700
Fix lower bound violation
...
R=jarin@chromium.org
BUG=433332
LOG=N
Review URL: https://codereview.chromium.org/739563002
Cr-Commit-Position: refs/heads/master@{#25436}
2014-11-20 11:22:49 +00:00
yangguo
5bea77f786
Fix disabling all break points from within the debug event callback.
...
BUG=chromium:432493
LOG=Y
Review URL: https://codereview.chromium.org/728103008
Cr-Commit-Position: refs/heads/master@{#25400}
2014-11-18 14:57:48 +00:00
Jakob Kummerow
bf22724e0d
Fix one more missing c0_ < 0 check in scanner
...
BUG=chromium:433766
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/731953003
Cr-Commit-Position: refs/heads/master@{#25371}
2014-11-17 09:43:31 +00:00
Jaroslav Sevcik
c3af691e72
[turbofan] Remove int32 narrowing during typed lowering.
...
With Int32Add we lose the int/uint distinction, so later, in simplified lowering we can make a wrong decision. E.g., see the attached test case, where we lower NumberAdd -> Int32Add because inputs are Uint32, but during simplified lowering we change the inputs to Int32, so we get a wrong result.
Simplified lowering will lower the NumberAdd operations anyway, so we should lose performance.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/721723004
Cr-Commit-Position: refs/heads/master@{#25368}
2014-11-17 09:04:52 +00:00
ishell@chromium.org
2e38f33911
Revert "TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name."
...
Revert "Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136."
This revert is made in order to revert r25099 which potentially causes renderer hangs.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/722873004
Cr-Commit-Position: refs/heads/master@{#25332}
2014-11-13 15:31:04 +00:00
ishell@chromium.org
bc8c41c08d
Avoid fast short-cut in Map::GeneralizeRepresentation() for literals with non-simple transitions.
...
It started showing after r25253.
BUG=v8:3687
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/715313003
Cr-Commit-Position: refs/heads/master@{#25324}
2014-11-13 10:56:31 +00:00
Jaroslav Sevcik
2d075e2298
Reland "[turbofan] Weakening of types must weaken ranges inside unions."
...
This relands commit 4c1f4b796d
.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/723023002
Cr-Commit-Position: refs/heads/master@{#25317}
2014-11-13 09:02:14 +00:00
Yang Guo
b96309b776
Move public symbols to the root set.
...
This allows serializing public symbols that are embedded in code.
BUG=v8:3689
LOG=N
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/722723002
Cr-Commit-Position: refs/heads/master@{#25315}
2014-11-13 08:48:08 +00:00
Jaroslav Sevcik
c513297f9f
Revert "[turbofan] Weakening of types must weaken ranges inside unions."
...
This reverts commit 4c1f4b796d
.
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/722943003
Cr-Commit-Position: refs/heads/master@{#25312}
2014-11-13 06:10:42 +00:00
Jaroslav Sevcik
4c1f4b796d
[turbofan] Weakening of types must weaken ranges inside unions.
...
BUG=
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/712623002
Cr-Commit-Position: refs/heads/master@{#25311}
2014-11-13 05:31:47 +00:00
dslomov@chromium.org
0e2f7e3c35
Re-enable serialization under harmony-scoping.
...
R=yangguo@chromium.org
BUG=v8:3689
LOG=N
Review URL: https://codereview.chromium.org/717153002
Cr-Commit-Position: refs/heads/master@{#25294}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-12 13:12:50 +00:00
yangguo@chromium.org
1dbd6369b1
Correctly compute line numbers in functions from the function constructor.
...
R=aandrey@chromium.org
BUG=chromium:109362
LOG=Y
Review URL: https://codereview.chromium.org/701093003
Cr-Commit-Position: refs/heads/master@{#25289}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-12 10:06:47 +00:00
adamk@chromium.org
1386257c55
Correctly handle Array unshift/splices that move elements past the max length of an Array
...
BUG=v8:2615
LOG=n
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/679113003
Cr-Commit-Position: refs/heads/master@{#25270}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-11 19:08:14 +00:00
jkummerow@chromium.org
3b3929fdc7
Reland "Avoid some unnecessary fast-properties map creations."
...
This relands commit ea74f0f85a
.
The revert was due to failures in cctest/test-heap/ReleaseOverReservedPages,
caused by apparent changes to memory layout and fragmentation of the
first page. Eliminating a situation in messages.js where this CL has had
an effect on map transitions seems to solve the issue.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/714883003
Cr-Commit-Position: refs/heads/master@{#25266}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-11 15:41:30 +00:00
jkummerow@chromium.org
d3b68cf370
Fix has_constant_parameter_count() confusion in LReturn
...
BUG=chromium:431602
LOG=y
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/714663002
Cr-Commit-Position: refs/heads/master@{#25249}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-10 15:25:50 +00:00
arv@chromium.org
c24ebcd387
Revert "Avoid some unnecessary fast-properties map creations."
...
This reverts commit e1f23eab4255d63344011dfb885b8e8962cb60e2.
Broke cctest/test-heap/ReleaseOverReservedPages on a bunch of builders
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/928/steps/Check/logs/ReleaseOverReservedPa ..
BUG=None
LOG=N
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/709123002
Cr-Commit-Position: refs/heads/master@{#25224}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-07 18:49:45 +00:00
jkummerow@chromium.org
ea74f0f85a
Avoid some unnecessary fast-properties map creations.
...
(1) When we have just normalized and re-fastified a map, we don't need to copy it again to set the is_prototype bit.
(2) When defining accessors causes a non-prototype object to go slow, don't force re-fastification.
BUG=v8:3267
LOG=n
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/706243002
Cr-Commit-Position: refs/heads/master@{#25221}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-07 16:33:47 +00:00
marja@chromium.org
2b026851ac
Scanner: disallow unicode escapes in regexp flags.
...
The spec explicitly forbids them. V8 never handled them properly either, just
the Scanner accepted them (it had code to add them literally to the
LiteralBuffer) and later on, Regexp constructor disallowed them.
According to the spec, unicode escapes in regexp flags should be an early error
("It is a Syntax Error if IdentifierPart contains a Unicode escape sequence.").
Note that Scanner is still more relaxed about regexp flags than the
spec. Especially, it accepts any identifier parts (not just a small set of
letters) and doesn't check for duplicates.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/700373003
Cr-Commit-Position: refs/heads/master@{#25215}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-07 14:32:19 +00:00
ishell@chromium.org
e1f93a82f2
Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136.
...
BUG=chromium:430846
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/704183002
Cr-Commit-Position: refs/heads/master@{#25185}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-06 11:50:33 +00:00
jarin@chromium.org
91eeae5849
[turbofan] Fix deopt for assignments in non-effect context.
...
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/701853002
Cr-Commit-Position: refs/heads/master@{#25151}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-05 13:09:14 +00:00
ishell@chromium.org
33dde8d92c
TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/661133002
Cr-Commit-Position: refs/heads/master@{#25136}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-05 09:26:48 +00:00
rossberg@chromium.org
357882a8e5
1..isPrototypeOf.call(null)
should return false, not throw TypeError.
...
BUG=v8:3483
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/433413002
Cr-Commit-Position: refs/heads/master@{#25116}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-11-04 16:14:18 +00:00
mstarzinger@chromium.org
cd3273b562
Properly handle stack overflows in the AST graph builder.
...
R=jarin@chromium.org
BUG=chromium:429159
TEST=mjsunit/regress/regress-crbug-429159
LOG=N
Review URL: https://codereview.chromium.org/697473006
Cr-Commit-Position: refs/heads/master@{#25037}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-31 14:02:46 +00:00
yangguo@chromium.org
76292d2daf
Fix assertion scope in Runtime_GetScript.
...
The HeapIterator implies DisallowHeapAllocation, but Script::GetWrapper
may allocate.
LOG=N
R=jkummerow@chromium.org
BUG=chromium:410033
Review URL: https://codereview.chromium.org/680283002
Cr-Commit-Position: refs/heads/master@{#25001}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-30 07:25:43 +00:00
yangguo@chromium.org
64cef0b2e9
Reland "In PrepareForBreakPoints, also purge shared function info not referenced by functions."
...
BUG=chromium:424142
LOG=N
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/692453002
Cr-Commit-Position: refs/heads/master@{#24970}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24970 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-29 10:19:44 +00:00
yangguo@chromium.org
67b76ebaea
Revert "In PrepareForBreakPoints, also purge shared function info not referenced by functions."
...
This reverts commit r24964.
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/687163002
Cr-Commit-Position: refs/heads/master@{#24966}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-29 09:23:10 +00:00
yangguo@chromium.org
7668c4c29a
In PrepareForBreakPoints, also purge shared function info not referenced by functions.
...
R=ulan@chromium.org
BUG=chromium:424142
LOG=N
Review URL: https://codereview.chromium.org/685753002
Cr-Commit-Position: refs/heads/master@{#24964}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-29 08:11:41 +00:00
yangguo@chromium.org
0dfbf83468
Use shared function info for eval cache key.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/678843004
Cr-Commit-Position: refs/heads/master@{#24927}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-28 10:01:44 +00:00
yangguo@chromium.org
efc01f4736
Prevent recursion in the debug event listener.
...
R=ulan@chromium.org
BUG=chromium:409614
LOG=N
Review URL: https://codereview.chromium.org/684573005
Cr-Commit-Position: refs/heads/master@{#24924}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24924 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-28 09:44:43 +00:00
adamk@chromium.org
f1954232b0
SimpleMove now calls [[Has]] before [[Get]] when moving elements
...
BUG=v8:3643
LOG=n
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/678753002
Cr-Commit-Position: refs/heads/master@{#24907}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-27 13:05:13 +00:00
jarin@chromium.org
23df66ee24
Add more missing deopts
...
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/639883002
Cr-Commit-Position: refs/heads/master@{#24886}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-26 10:25:48 +00:00
adamk@chromium.org
c9ea8d6512
SimpleSlice now calls [[Get]] before [[Has]] when generating copy
...
SparseSlice does not need this (non-optimal) reordering since its
callers guarantee that [[Get]] has no side effects on the passed-in array.
BUG=v8:3643
LOG=n
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/674003002
Cr-Commit-Position: refs/heads/master@{#24884}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-24 18:08:13 +00:00
adamk@chromium.org
02d37b8f10
Widen definition of %HasComplexElements() to include non-enumerability
...
This avoids using the Sparse methods on objects with non-enumerable elements,
which can cause the 'enumerable: false' bit to get lost in the operation.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/672323003
Cr-Commit-Position: refs/heads/master@{#24883}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-24 18:04:13 +00:00
adamk@chromium.org
0ef073d556
Fix sparse versions of Array slice/splice to use [[DefineOwnProperty]] to generate return value
...
BUG=chromium:423633
LOG=n
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/673893002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-23 21:13:29 +00:00
adamk@chromium.org
5f1ae66d56
Narrow cases where Sparse/Smart versions of Array methods are used
...
Added a new %HasComplexElements runtime function (meaning elements that are
non-writable, non-configurable, or have getters and setters) and use it
in UseSparseVariant to filter out cases where the sparse optimizations
can cause V8 to fall out of spec compliance.
Renamed SmartMove/SmartSlice to SparseMove/SparseSlice and guarded them
with the new and improved UseSparseVariant.
These two changes combine let us pass nearly every test in bug-2615.js,
as well as fixing reverse and join on sparse arrays.
Note that there are various test changes in this patch that correct existing
tests to match the correct-by-spec behavior.
This patch depends on https://codereview.chromium.org/666883009 , which
better-aligns the behavior of SmartMove with SimpleMove.
BUG=v8:2615,v8:3612,v8:3621
LOG=y
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/656423004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-23 18:21:50 +00:00
ishell@chromium.org
5509cc2c07
Fixed mutable heap numbers leak in JSON parser.
...
BUG=chromium:423687
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/669403002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-23 14:41:39 +00:00
dslomov@chromium.org
96105a90fc
harmony-scoping: Allow 'const' iteration variables in strict mode.
...
R=rossberg@chromium.org
BUG=v8:2506
LOG=N
Committed: https://code.google.com/p/v8/source/detail?r=24834
Review URL: https://codereview.chromium.org/671913002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-10-23 12:30:20 +00:00