Commit Graph

3865 Commits

Author SHA1 Message Date
dcarney@chromium.org
ff2a76b5d5 remove most V8_ALLOW_ACCESS_TO_* defines from test classes
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/15964004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-28 11:54:52 +00:00
rossberg@chromium.org
6fa987193e Make (Object.)observed Arrays use SafeRemoveArrayHoles during sort
R=adamk,rossberg
BUG=

Review URL: https://codereview.chromium.org/15837006

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-28 11:23:59 +00:00
rossberg@chromium.org
c06dc9d010 Implement ObservedArrayPop, ObservedArrayShift, ObservedArrayUnshift & ObservedArraySplice
R=rossberg,adamk,arv
BUG=

Review URL: https://codereview.chromium.org/15331002

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-28 11:16:02 +00:00
dcarney@chromium.org
eecc9ff8f1 remove use of context scope with persistent argument
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/15837007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-28 10:36:21 +00:00
yurys@chromium.org
0aaed2bba7 Mark test-profile-generator/RecordStackTraceAtStartProfiling as always passing
The test should be stable now.

Drive-by: removed test-heap-profiler/HeapSnapshotsDiff from cctest.status as there is no such test

BUG=None
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/15786005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-28 08:36:17 +00:00
yurys@chromium.org
9974d932b2 Deprecate profiler methods that accept security origin
Now that the only known client console.profiles was removed from Blink:
https://src.chromium.org/viewvc/blink?revision=151136&view=revision
https://src.chromium.org/viewvc/blink?revision=151196&view=revision
this method can be deprecated and all the code that supports filtering
CPU profiles based on security origins can be later removed.

Drive-by fix: in line with CpuProfiler changes deprecated HeapProfiler::FindHeapSnapshot to reduce v8 API surface. FindHeapSnapshot may well be implemented based on existing GetSnapshotCount/GetSnapshot and it is only used in the tests.

BUG=None
R=jkummerow@chromium.org, loislo@chromium.org

Review URL: https://codereview.chromium.org/16114002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-28 08:00:16 +00:00
verwaest@chromium.org
aa2444269b Fix the hole loading optimization.
- Holes are only ever loaded as double or tagged.
- Change to tagged has to deoptimize on undefined (no implicit
  conversions from double the hole NaN -> tagged undefined).

BUG=
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16099006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-27 17:33:14 +00:00
dcarney@chromium.org
f69727d849 Add template parameter to ReturnValue::Set.
E.g., v8-i18n wants to set the return value with a different type of a Persistent.

BUG=NONE
R=dcarney@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/16102002

Patch from Marja Hölttä <marja@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14826 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-27 14:34:16 +00:00
dcarney@chromium.org
81e5778718 make isolate accessible from returnvalue
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16021010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14819 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-27 11:50:08 +00:00
verwaest@chromium.org
9d3e7e5b81 Fix Object.freeze for objects with mixed accessors and data properties
The bug in the existing code was that it modified the |attributes|
local variable on its way through the loop in CopyUpToAddAttributes.
But that affected any properties updated after an accessor property.
The code now sets up a mask each time and applies that instead of
mutating |attributes|.

R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16051002

Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14818 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-27 10:56:27 +00:00
yangguo@chromium.org
3e41834721 Regexp parser: reset flag after scanning ahead for capture groups.
When the regexp pattern parser encounters an unbound reference to a
capturing group, it needs to scan ahead to decide whether it really
is a reference.  The scan advances to the end of the pattern string
and sets has_more_ to false, but fails to reset it to true so that
later on, parsing a character class wrongly fails.

R=ulan@chromium.org
BUG=v8:2690

Review URL: https://chromiumcodereview.appspot.com/15712006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-27 10:53:37 +00:00
yurys@chromium.org
77d93014ae Un-flake test-cpu-profiler/SampleWhenFrameIsNotSetup
It is OK for FindChild to return NULL. If the child must
exist GetChild should be used to force the assertion.

BUG=v8:2628
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/15786004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14809 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-24 16:19:06 +00:00
yangguo@chromium.org
7c2a1346d6 Fix edge case in stack trace formatting.
Bug description: in strict mode, null as receiver is not implicitly converted
to the global object, so that when formatting the stack trace, the receiver of
the stack frame is null. The IS_OBJECT check returns true for null, but
%GetDataProperty expected a JSObject, which results in a failed RUNTIME_ASSERT.

R=mvstanton@chromium.org
BUG=237617

Review URL: https://chromiumcodereview.appspot.com/15670003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-24 11:33:46 +00:00
svenpanne@chromium.org
dc9e80beec fix thread safety issue in FunctionTemplate test
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/15791005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14795 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-24 09:32:10 +00:00
yangguo@chromium.org
1d39355405 Add belated test for the SeqStringSetChar bug.
R=titzer@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/15849003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-24 08:37:27 +00:00
dcarney@chromium.org
91efd1e7d7 callback handler map not correctly populated by direct use of SetCallHandler
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/15814005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-24 07:59:33 +00:00
mstarzinger@chromium.org
8fb2086847 Fix embedded new-space pointer in LCmpObjectEqAndBranch.
R=mvstanton@chromium.org
BUG=chromium:240032
TEST=mjsunit/regress/regress-crbug-240032

Review URL: https://codereview.chromium.org/15779004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 14:06:28 +00:00
mvstanton@chromium.org
1a4482ab3f Missing type cell on ia32 from bindings.
Javascript constructors called from C++ code didn't have a type cell
properly filled in on ia32. This showed up as a bug in webkit bindings.
Re-enabled flag optimize-constructed-arrays.

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/15870002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 13:45:33 +00:00
dslomov@chromium.org
28729d24a4 Fix Windows build after r14770
TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/15848003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14771 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 10:29:28 +00:00
dslomov@chromium.org
fc73052dc2 Externalization API for ArrayBuffer
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/15001041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 10:01:42 +00:00
yangguo@chromium.org
a1e18bdf3c Improve SeqStringSetChar implementation.
R=jkummerow@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/15743006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 09:51:06 +00:00
verwaest@chromium.org
308e69755b Implement HChange support for Smis and use it in Load/StoreNameField
BUG=
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15303004

Patch from Daniel Clifford <danno@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 08:32:07 +00:00
hpayer@chromium.org
2cbc81a5ce Move global pretenuring flag check to ShouldGloballyPretenure().
BUG=

Review URL: https://codereview.chromium.org/15734007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 08:17:03 +00:00
verwaest@chromium.org
36e91242fd Make Object.freeze fast
This patch both speeds up the freeze operation itself, but also
allows properties to remain in fast mode. Objects with non-empty
elements backing stores still end up with slow elements.

Relanding r14758 and r14759 with fix for Test262: only mark properties
and elements READ_ONLY if they are not JS setter/getters. Tightened up
tests to assert frozen-ness, and added targeted tests for the new code
(covering accessors).

BUG=v8:1858, 115960
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15691007

Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 07:05:58 +00:00
adamk@chromium.org
4d48bb832f Revert "Make Object.freeze fast"
and "Fix Object.freeze on dictionary-backed arrays to properly freeze elements"

This reverts r14758 and r14759 due to introducing failures in Test262

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/15681004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 21:27:00 +00:00
adamk@chromium.org
3ebccb7aae Fix Object.freeze on dictionary-backed arrays to properly freeze elements
Follow-up to r14758: slightly rearranges JSObject::Freeze() to avoid duplicating
code while still retaining proper dictionary elements storage behavior.

Also fix a lint error.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/15737018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 20:40:04 +00:00
adamk@chromium.org
648e99e308 Make Object.freeze fast
This patch both speeds up the freeze operation itself, but also
allows properties to remain in fast mode. Objects with non-empty
elements backing stores still end up with slow elements.

BUG=v8:1858, 115960
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/14888005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 18:53:58 +00:00
mstarzinger@chromium.org
b704cb9139 Fix bogus deopt in BuildEmitDeepCopy for holey arrays.
R=verwaest@chromium.org
BUG=chromium:242924
TEST=mjsunit/regress/regress-crbug-242924

Review URL: https://codereview.chromium.org/15735012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 17:58:21 +00:00
verwaest@chromium.org
b353b1d131 Don't allow copying holes to fields.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15745006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 15:33:53 +00:00
mstarzinger@chromium.org
bf413b5122 Fix VisitLogicalExpression for empty blocks on RHS.
R=jkummerow@chromium.org
BUG=chromium:242870
TEST=mjsunit/regress/regress-crbug-242870

Review URL: https://codereview.chromium.org/15744002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 13:27:00 +00:00
yangguo@chromium.org
9960b24694 Fix unexpected elements transition in JSON.parse
R=verwaest@chromium.org
BUG=241344

Review URL: https://chromiumcodereview.appspot.com/15739003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 13:24:18 +00:00
verwaest@chromium.org
8db3014974 Keep representations while overwriting transitions.
BUG=chromium:241477
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15718002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14745 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 10:46:33 +00:00
mstarzinger@chromium.org
d696f7b3c1 Use explicit type feedback clearing in some tests.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/15711004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14744 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 09:17:27 +00:00
hpayer@chromium.org
9c3c28646b Force GC before executing unbox double arrays test to avoid timeouts.
BUG=

Review URL: https://codereview.chromium.org/15292002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 09:05:22 +00:00
dcarney@chromium.org
1045d62733 implement fast ReturnValue setters
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/15398008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14738 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-22 06:35:38 +00:00
mstarzinger@chromium.org
db4a770c3f Add regression test for fix from r14732.
R=verwaest@chromium.org
BUG=chromium:242502
TEST=mjsunit/regress/regress-crbug-242502

Review URL: https://codereview.chromium.org/15288008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-21 14:20:42 +00:00
mstarzinger@chromium.org
8743661682 Disable flaky test after r14723.
R=svenpanne@chromium.org
BUG=v8:2628
TEST=cctest/test-cpu-profiler/SampleWhenFrameIsNotSetup

Review URL: https://codereview.chromium.org/15415007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14729 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-21 11:24:20 +00:00
dcarney@chromium.org
881476a7af new style of property/function callbacks
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12494012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14725 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-21 06:36:24 +00:00
rodolph.perfetta@gmail.com
45ec481659 ARM: Smi refactoring and improvements.
Refactoring:
 * consistent use of SmiTag/Untag
 * added a few Smi macros and helpers
Improvements
 * small optimisations (e.g. merging untag and cmp #0)
 * added fixed point to double conversion instructions for simpler conversions

More on the last point: a Smi can be seen as a fixed point number with the
a one bit fractional part. Fixed to double instructions allow us to convert
a Smi to a double without untagging.

BUG=none
TEST=none

Review URL: https://chromiumcodereview.appspot.com/15085026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14724 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-17 15:38:14 +00:00
yurys@chromium.org
3ad62f5ee1 Allow for no samples in test-cpu-profiler/SampleWhenFrameIsNotSetup
The test should only check that there are no sample stacks that never possible in the JS code being profiled.

BUG=v8:2628
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/14845018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-17 15:10:25 +00:00
mvstanton@chromium.org
239b2830cc Turning off optimize-constructed-arrays to investigate a WebKit/bindings issue.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/15303002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-17 12:33:48 +00:00
hpayer@chromium.org
d7427aa938 Fix transition test to support allocation site info.
BUG=

Review URL: https://codereview.chromium.org/15270002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-17 08:56:45 +00:00
verwaest@chromium.org
73d084fad3 Fix bugs in rewriting combined with attributes and accessors
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14843023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-17 03:16:20 +00:00
titzer@chromium.org
5746d38351 Fix code gen bug on arm and mips; SeqStringSetChar overwrites a register; Add better default PrintDataTo for HInstruction
BUG=

Review URL: https://codereview.chromium.org/14895019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-16 14:27:39 +00:00
rossberg@chromium.org
8ce0718763 Implement Array.observe and emit splice change records for ArrayPush
Review URL: https://codereview.chromium.org/14978007

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-16 11:19:37 +00:00
olivf@chromium.org
c3dde4bd9d Encapsulating Type information in the CompareICStub
Encapsulate type information in a convenient wrapper instead of storing it in a naked bitfield. This especially facilitates transitioning to a new state and converting from/to the extraICState representation. Additionally cleaning up ToBooleanICStub::Types for consistency.

BUG=
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/14862009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-16 10:59:17 +00:00
adamk@chromium.org
0ed681905c Re-land Notifier.prototype.performChange + tests
Fixes the debug check failure on sorting an object with an array __proto__.

Original Issue: https://codereview.chromium.org/14779011/

TBR=adamk@chromium.org

Review URL: https://codereview.chromium.org/14977015

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 22:09:40 +00:00
adamk@chromium.org
91daa127c9 Revert "Implement Object.getNotifier(obj).performChange()" (r14696)
Reverts r14696 because it caused debug assertion failures when running
test/mjsunit/harmony/object-observe.js

TBR=rossberg

Review URL: https://codereview.chromium.org/15203002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 18:47:48 +00:00
adamk@chromium.org
07a54cd06d Implement Object.getNotifier(obj).performChange()
R=rossberg,adamk,arv
BUG=

Review URL: https://codereview.chromium.org/14779011
Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 17:44:45 +00:00
mstarzinger@chromium.org
365b2eb91e Preserve optimized code map during GCs weakly.
This change preserves the contents of optimized code maps during GCs but
treats the references in this cache weakly. It uses infrastructure from
code flushing to maintain a list of all caches.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/14794007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14695 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 16:09:25 +00:00
wingo@igalia.com
55f6281281 Revert "GeneratorFunction() makes generator instances"
This reverts r14684 because of blink LayoutTest failures in
inspector/debugger/debugger-pause-in-internal.html.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/14619040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 15:57:58 +00:00
mvstanton@chromium.org
31b8fc19c3 With flag optimize-constructed-arrays on, ARM and MIPS suffered a performance degrade due to incorrect code in GenerateRecordCallTarget().
The CL also enables flag optimize-constructed-arrays.

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/14772043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 15:17:01 +00:00
wingo@igalia.com
e24cc32011 GeneratorFunction() makes generator instances
The current specification has GeneratorFunction() be like Function(),
except that it makes generator instances.  This commit implements that
behavior.  It also fills in a piece of the implementation where
otherwise calling GeneratorFunction or GeneratorFunctionPrototype would
cause an abort because they have no code.

R=mstarzinger@chromium.org, rossberg@chromium.org
TEST=mjsunit/harmony/generators-iteration
TEST=mjsunit/harmony/generators-runtime
BUG=v8:2355
BUG=v8:2680

Review URL: https://codereview.chromium.org/14857009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 13:22:05 +00:00
mstarzinger@chromium.org
2d0bddfc80 Fix build failure on Linux since r14681.
R=danno@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/14969025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 13:14:24 +00:00
mstarzinger@chromium.org
3d5b800943 Provide BitField64 utility class.
R=svenpanne@chromium.org
TEST=cctest/test-conversions/BitField64

Review URL: https://codereview.chromium.org/14643004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 12:29:13 +00:00
svenpanne@chromium.org
0099fdebc0 Ignore failing flaky profiler test.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/14899010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 10:54:24 +00:00
wingo@igalia.com
d6fa1d8ad9 Function constructor should avoid String.prototype methods
Replace a use of .indexOf with a call to StringIndexOf.  As always,
lexical scoping to the rescue.

R=mstarzinger@chromium.org
TEST=mjsunit/regress/regress-2686
BUG=v8:2686

Review URL: https://codereview.chromium.org/14668013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14678 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 10:52:06 +00:00
svenpanne@chromium.org
b1bd641078 Various minor cctest fixes to make ASAN a bit happier.
* Running with ASAN needs more stack, so don't set resource constraints too
     tight.

   * Checking boot time memory usage doesn't make sense when running with ASAN,
     it eats tons of memory for itself.

   * Fixed a malloc/delete[] mismatch: Not surprisingly, the pointer wrapped by
     a SmartArrayPointer should better be allocated by, well, NewArray...

Even with these 3 fixes, we still have a few failures when running our test
suite with ASAN. Most of them are either timeouts or failures caused by greatly
increased stack usage.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/15096011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 08:59:28 +00:00
yurys@chromium.org
69c2f54d32 Skip samples where top function's stack frame is not setup properly
Stack iterator takes return address based on the frame pointer (ebp) and detects JS frames based on value at fp + StandardFrameConstants::kMarkerOffset. So in order the iterator to work correctly this values should be already setup for the current function. Stack frame is constructed at the very beginning of JS function code and destroyed before return. If sample is taken before before the frame construction is completed or after it was destroyed the stack iterator will wrongly think that FP points at the current functions frame base and will skip callers frame. To avoid this we mark code ranges where  stack frame doesn't exist and completely ignore such samples.

This fixes cctest/test-cpu-profiler/CollectCpuProfile flakiness.

BUG=v8:2628
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/14253015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-14 22:51:33 +00:00
wingo@igalia.com
8f602260d3 Implement yield* (delegating yield)
Ideally this would have been implemented via desugaring at parse-time,
but yield* is an expression, and its desugaring includes statements like
while and try/catch.  We'd have to have BlockExpression in the AST to
support that, and it's not worth it for this feature.

So instead we implement all of the logic in
FullCodeGenerator::VisitYield.  Delegating yield AST nodes now have a
try handler index, for the try/catch.  Otherwise the implementation is
straightforward.

R=rossberg@chromium.org
BUG=v8:2355
TEST=mjsunit/harmony/generators-iteration

Review URL: https://codereview.chromium.org/14582007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-14 16:26:56 +00:00
wingo@igalia.com
b7ecb8cb8d Revert mistakenly committed r14667 and r14666.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-14 16:17:26 +00:00
wingo@igalia.com
25c1d78e3d Implement yield* (delegating yield)
Ideally this would have been implemented via desugaring at parse-time,
but yield* is an expression, and its desugaring includes statements like
while and try/catch.  We'd have to have BlockExpression in the AST to
support that, and it's not worth it for this feature.

So instead we implement all of the logic in
FullCodeGenerator::VisitYield.  Delegating yield AST nodes now have a
try handler index, for the try/catch.  Otherwise the implementation is
straightforward.

R=mstarzinger@chromium.org
BUG=v8:2355
TEST=mjsunit/harmony/generators-iteration

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-14 15:59:25 +00:00
titzer@chromium.org
68eb1e50ca Improve dead code elimination by transitively marking live code and removing all dead code. Replace unreachable phi removal algorithm with the new dead code elimination pass, which is more thorough.
Review URL: https://codereview.chromium.org/14676011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-14 13:10:52 +00:00
wingo@igalia.com
1634369af7 Don't flush code for generator functions.
R=mstarzinger@chromium.org
BUG=v8:2681
TEST=mjsunit/regress/regress-2681

Review URL: https://codereview.chromium.org/14731023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-13 17:36:26 +00:00
dslomov@chromium.org
5777f3fb48 Enable native implementation of array buffer and typed arrays in d8 and tests.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/15059009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-13 14:18:43 +00:00
dcarney@chromium.org
b774c3edfe stop using AsciiValue
TBR=svenpanne@chomium.org
BUG=

Review URL: https://codereview.chromium.org/15129002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-13 14:18:05 +00:00
jkummerow@chromium.org
7636fdec27 Fix missing hole check for loads from Smi arrays when all uses are changes
BUG=chromium:233737

Review URL: https://codereview.chromium.org/14978004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14638 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-13 11:58:10 +00:00
danno@chromium.org
05e8e0e7b4 Elide hole checks on KeyedLoads of holey double arrays
Improves NavierStokes by about 5%

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/15014020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14630 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-13 07:35:26 +00:00
svenpanne@chromium.org
f853b08ad0 Fixed constant folding in HMod.
We have to check for overflow before attempting to do a modulo operation,
otherwise Crankshaft itself segfaults on some platforms, e.g. ia32. Added tests
even for division, where the problem doesn't show up, just to be sure...

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/14617014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-13 07:32:38 +00:00
verwaest@chromium.org
df57747fc4 Track heap objects.
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14996004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-10 17:17:50 +00:00
mstarzinger@chromium.org
d97fe8d4df Add Persistent::ClearAndLeak.
This will be relevant after Persistent is changed to Dispose itself when
destructed. With Persistent::ClearAndLeak, Blink can take the ownership of the
object pointed by a Persistent and avoid it getting destructed.

BUG=
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/15023010

Patch from Marja Hölttä <marja@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-10 14:04:51 +00:00
mstarzinger@chromium.org
0b7c1450f1 Fix bogus arguments length check in StringLocaleCompare.
R=rossberg@chromium.org
TEST=test262/15.5.4.9_3

Review URL: https://codereview.chromium.org/14972015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14623 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-10 13:50:10 +00:00
mstarzinger@chromium.org
64651ed565 Update Test262 harness to recent version.
R=rossberg@chromium.org
TEST=test262

Review URL: https://codereview.chromium.org/14644015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-10 13:00:43 +00:00
wingo@igalia.com
3f09e0a3d8 Remove separate maps for function instances
ES3 specified that functions created via Function() would have
enumerable prototypes, unlike function literals.  For this reason, V8
has always had two prototypes for functions: "function_map" for
literals, and "function_instance_map" for "function instances": those
functions created by Function().

However, since 2009 or so, both maps have been the same!  Both have had
writable, non-enumerable prototypes.  Moreover, ES5 changed to specify
that function instances would have non-enumerable prototypes.

This patch removes the separate maps for function instances in sloppy
and strict mode.

R=mstarzinger@chromium.org
TEST=mjsunit/function-prototype
BUG=

Review URL: https://codereview.chromium.org/14829005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-10 12:59:20 +00:00
mstarzinger@chromium.org
eb18db3ab4 Skip flaky regress-crbug-160010 regression test.
R=ulan@chromium.org
BUG=chromium:160010
TEST=mjsunit/regress/regress-crbug-160010

Review URL: https://codereview.chromium.org/14908006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-10 10:39:16 +00:00
verwaest@chromium.org
52008429b7 Use mutable heapnumbers to store doubles in fields.
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14850006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14597 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 15:02:08 +00:00
ulan@chromium.org
cd4e9866b7 Fix environment in HOptimizedGraphBuilder::VisitCountOperation. Follow-up for r14584.
R=danno@chromium.org
BUG=v8:2671
TEST=mjsunit/regress/regress-2671-1.js

Review URL: https://chromiumcodereview.appspot.com/14972009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 14:58:06 +00:00
mvstanton@chromium.org
f5ad8e4469 Turn off optimize-constructed-arrays flag to investigate ARM perf issue
BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/14753007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 08:49:29 +00:00
danno@chromium.org
bd9274436c Bias commutative single-use register inputs and support lea adds
This improves register allocation for many common add and multiply patterns on ia32 and x64 by reducing register pressure.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/14856015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 08:37:24 +00:00
wingo@igalia.com
75d939aceb Generators save and restore stack handlers
This CL adds machinery to unwind stack handlers from the stack and store
them into a generator's operand array.  It also includes routines to
reinstate them.  Together this allows generators to yield within
try/catch and try/finally blocks.

BUG=v8:2355
R=mstarzinger@chromium.org
TEST=mjsunit/harmony/generators-iteration

Review URL: https://codereview.chromium.org/14031028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 08:08:23 +00:00
dcarney@chromium.org
d4fd9db342 fix nosnapshot test failure in 14793004, do not deprecate function
BUG=
TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/14947005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 07:45:16 +00:00
ulan@chromium.org
e5a29e8ff9 Do not change environment between simulate and scope with no observable side-effects in HandlePropertyAssignment.
LChunkBuilder reconstructs the environment by applying simulates. A scope with no observable side-effects has no simulates. If the scope deoptimizes, then LChunkBuilder would miss the changes to the environment between the last simulate and the scope.

R=danno@chromium.org
BUG=v8:2671
TEST=mjsunit/regress/regress-2671.js

Review URL: https://chromiumcodereview.appspot.com/14793009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 07:40:28 +00:00
mvstanton@chromium.org
d7b013de57 Becuase of cross-context calls, hydrogen-based Array constructor needs to ensure
the array constructor pointer passed in matches that of the current context.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/14846017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 21:01:53 +00:00
mstarzinger@chromium.org
04a5b3d6b6 Revert "deprecate Context::New which returns Persistent"
This reverts r14573 because of test failures in no-snapshot mode in the
cctest/test-debug/ScriptCollectedEventContext test case.

TBR=dcarney@chromium.org,svenpanne@chromium.org
TEST=cctest/test-debug/ScriptCollectedEventContext

Review URL: https://codereview.chromium.org/15038002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 16:28:51 +00:00
dslomov@chromium.org
b15bbfbe39 Implement TypedArray.set function.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/14581005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 14:42:17 +00:00
dslomov@chromium.org
e45abf08cc Update mjsunit tests to be complaian with ES6 implementation of typed arrays
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/14580012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 14:03:50 +00:00
mstarzinger@chromium.org
f5817cfc2b Disable flaky CPU profiler test case.
R=svenpanne@chromium.org
BUG=v8:2628
TEST=cctest/test-cpu-profiler/CollectCpuProfile

Review URL: https://codereview.chromium.org/14767021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 14:02:31 +00:00
dcarney@chromium.org
386de8010b deprecate Context::New which returns Persistent
BUG=
TBR=marja@chromium.org

Review URL: https://codereview.chromium.org/14793004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 13:29:24 +00:00
verwaest@chromium.org
0b1a9c9e3d Free up 11 bits in fast-mode PropertyDetails by removing the enumeration-index.
The descriptors are nowadays ordered in order of addition, so that info was
duplicated.

Review URL: https://chromiumcodereview.appspot.com/14622005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 13:09:23 +00:00
dcarney@chromium.org
44ec65b1e1 Add Persistent<T>::Reset which disposes the handle and redirects it to point to another object.
BUG=
R=dcarney@chromium.org, svenpanne@chromium.org

Review URL: https://codereview.chromium.org/14788013

Patch from Marja Hölttä <marja@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 12:37:22 +00:00
dcarney@chromium.org
42a8ff87ba add weakcallback without persistent copying
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/14908004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 10:44:30 +00:00
verwaest@chromium.org
46d39cabd6 Fix polymorphic to monomorphic load to take representation into account.
Review URL: https://chromiumcodereview.appspot.com/14966005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14565 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 10:32:23 +00:00
wingo@igalia.com
3cd73ebc2f Generators return boxed values
Generators now box their return values in object literals of the form

  { value: VAL, done: DONE }

where DONE is false for yield expressions, and true for return
statements.

BUG=v8:2355
TEST=mjsunit/harmony/generators-iteration
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/13870007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14563 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 08:46:42 +00:00
dslomov@chromium.org
9b45b71d5a Added an extra flag that enables only ArrayBuffer.
This makes Blink experimentation easier.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/14884012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-06 16:19:27 +00:00
dcarney@chromium.org
1a9997ee37 Make v8 compilable without V8_USE_UNSAFE_HANDLES.
Without this modification, we get this error: "dereferencing type-punned pointer
will break strict-aliasing rules" (GCC strict aliasing).

Also included small CcTest sanity fixes: isolate() cannot return anything else
than default_isolate().

BUG=
TBR=dcarney@chromium.org

Review URL: https://codereview.chromium.org/14894006

Patch from Marja Hölttä <marja@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-06 13:01:03 +00:00
wingo@igalia.com
19e5f6cbf0 toString() on generator functions prints with function*
This CL adds a %FunctionIsGenerator runtime function, and uses it in the
function toString() implementation.

R=mstarzinger@chromium.org
BUG=v8:2355
TEST=mjsunit/harmony/generators-runtime

Review URL: https://codereview.chromium.org/14912002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-03 13:01:28 +00:00
dslomov@chromium.org
02889cafb8 Add type checks to typed array property getters.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/14650014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-03 09:59:50 +00:00
dslomov@chromium.org
18d02d06f0 Implement TypedArray.subarray method.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/14740017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14537 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-03 09:43:44 +00:00
dcarney@chromium.org
0cf128390f deprecate WriteAscii and MayContainNonAscii
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/14638003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-03 06:47:24 +00:00
dcarney@chromium.org
ae287f04b2 build fix for 14530
TBR=svenpanne@chromium.org
BUG=
TEST=

Review URL: https://codereview.chromium.org/14881002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-02 22:00:39 +00:00