Commit Graph

43 Commits

Author SHA1 Message Date
ager@chromium.org
544191e718 Update apply with arguments optimization for strict mode functions and builtins.
Do not convert to object for values for strict-mode functions and
builtins.

R=ricow@chromium.org
BUG=v8:1412
TEST=mjsunit/regress/regress-1412.js

Review URL: http://codereview.chromium.org/7096006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 10:38:41 +00:00
ager@chromium.org
cc4a2d7e76 Fix a number of IC stubs to correctly set the call kind.
Make the call kind and call wrapper arguments explicit to force
developers to make a choice. This would have avoided the bug in the
first case.

R=fschneider@chromium.org
TEST=mjsunit/strict-mode-implicit-receiver.js

Review URL: http://codereview.chromium.org/7086029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 13:23:17 +00:00
lrn@chromium.org
a50e69bda5 Avoid calling inherited setters when creating object literals and their boilerplates.
Fix issue 1015.

Review URL: http://codereview.chromium.org/6118001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-06 14:00:50 +00:00
lrn@chromium.org
d8fb09a030 Fix tab in javascript file.
Review URL: http://codereview.chromium.org/6004009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6156 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-04 13:14:39 +00:00
lrn@chromium.org
e7ecb74b8a Don't let JSON parsed objects hit inherited setters.
Review URL: http://codereview.chromium.org/6101001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6154 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-04 12:19:55 +00:00
erik.corry@gmail.com
0dcaac1939 Make Failure inherit from MaybeObject instead of Object.
Review URL: http://codereview.chromium.org/3970005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-10-25 15:22:03 +00:00
ricow@chromium.org
de512af068 Add support for elements and array indices in Object.defineProperty
(fixes bug 619).

This also fixes a bug in GetOwnProperty in runtime.cc discovered by
the new test cases. That part of the code was not testable before
since we had no way of correctly defining properties on elements.

Review URL: http://codereview.chromium.org/2832001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4862 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-06-14 13:55:38 +00:00
sgjesse@chromium.org
bc890ec279 Added tests for issue 618
Review URL: http://codereview.chromium.org/668055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-03-04 15:04:04 +00:00
ricow@chromium.org
27eaf97350 Added test for bug 619 - we should move this to object-define-property when the bug has been corrected.
Review URL: http://codereview.chromium.org/651028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-19 13:27:43 +00:00
sgjesse@chromium.org
17e80e76e7 Add a test case for issue 618
Review URL: http://codereview.chromium.org/647014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-02-18 13:01:58 +00:00
sgjesse@chromium.org
562f90d375 Ensure correct boxing of values when calling functions on them
When a function is called with a value type as the receiver this is now boxed as an object.

This is a low-impact solution where the receiver is only boxed when required. For IC calls to the V8 builtins values are not boxed and as most of the functions on String.prototype, Number.prototype and Boolean.prototype are sitting there most IC calls on values will not need any boxing of the receiver.

For calls which are not IC calls but calls through the CallFunctionStub a flag is used to determine whether the receiver might be a value and only when that is the case will the receiver be boxed.

No changtes to Function.call and Function.apply - they already boxed values. According to the ES5 spec the receiver should not be boxed for these functions, but current browsers have not adopted that change yet.

BUG=223
TEST=test/mjsunit/value-wrapper.js
TEST=test/mjsunit/regress/regress-crbug-3184.js
Review URL: http://codereview.chromium.org/542087

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-01-15 13:42:32 +00:00
whesse@chromium.org
1ae8a7da3d Fix bug 344: always keep attributes of existing properties.
Review URL: http://codereview.chromium.org/113197

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1931 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-05-13 10:46:28 +00:00
lrn@chromium.org
b11b61c4c0 Added test for issue 334.
Test for issue 334 (oveerwriting function erases attributes).

Review URL: http://codereview.chromium.org/109009


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-05-05 11:52:37 +00:00
sgjesse@chromium.org
a74fcf458c Fixed the step in handling for function.apply.
The generic step-in mechanism floods the function called with break points to ensure a break is hit when entering the function. This generic mechanism was also used for function.apply. The code for function.apply contains a keyed load IC which was patched when stepping into function.apply. However function.apply enteres an internal frame not a JavaScript frame. This caused the logic for returning from the break in function.apply to fail as it forced a jump to the IC on the top JavaScript frame. The top JavaScript frame was the frame for the function calling function.apply not the frame for the apply function. Now returning from the break point in the keyed load IC in the apply code caused a jump to the code for the call IC for the function calling function.apply in the first place. Not a pretty sight.

Step-in now handles function.apply as a separate case where the actual JavaScript function called through apply is flodded with breakpoints instead of the function.apply function.

BUG=269
BUG=8210@chromium.org
Review URL: http://codereview.chromium.org/63055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-04-07 09:54:53 +00:00
kmillikin@chromium.org
5e2f3adfd0 Fix issue 284.
The problem was continuing out of the body of a for/in (where we do
register allocation) to the loop update (where we do not).  Variables
allocated to registers where not preserved.

Review URL: http://codereview.chromium.org/53002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-03-24 08:29:24 +00:00
christian.plesner.hansen
cff1d2715e Added test case for issue 284.
Review URL: http://codereview.chromium.org/52031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-03-23 23:49:58 +00:00
ager@chromium.org
2fcad0aec1 Revert change 1509 that flush ICs when adding setters on an object or
when setting a __proto__ to an object that holds a setter.

This seems to cause a major page load regression, so we need to tune
the clearing.
Review URL: http://codereview.chromium.org/50011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-03-19 15:06:00 +00:00
christian.plesner.hansen@gmail.com
8dffcb9efa Flush ICs when adding setters to an object or setting a __proto__ to
an object that holds a setter.  If there are no store ics then no
flushing is done.  The implementation has been tweaked so that no ICs
are cleared during normal context creation.
This may cost us some performance but I'm submitting it as it is and
if there are problems we can either decide to be smarter about when,
what and/or how we clear, or back this change out altogether.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-03-13 13:43:07 +00:00
sgjesse@chromium.org
c8f01466ff See http://code.google.com/p/v8/issues/detail?id=269.
BUG=269
Review URL: http://codereview.chromium.org/43023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-03-11 07:34:48 +00:00
kmillikin@chromium.org
0e60cf38dc Fix issue 265 by handling extra statement state on the frame based on
the expectation at the break, continue, and return labels (including
shadowed ones) instead of based on the AST nodes.

See http://code.google.com/p/v8/issues/detail?id=265

Review URL: http://codereview.chromium.org/42017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-03-11 06:17:19 +00:00
kmillikin@chromium.org
8eea2af615 Add a failing test case for issue 265:
http://code.google.com/p/v8/issues/detail?id=265

Review URL: http://codereview.chromium.org/39349

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1460 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-03-09 17:21:28 +00:00
lrn@chromium.org
24dfb65ff8 Test for issue 87 was upgraded, but the old bug file wasn't deleted.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-02-12 09:24:53 +00:00
christian.plesner.hansen@gmail.com
14f66ff796 Added one test case and moved another.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1238 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-02-09 08:46:26 +00:00
lrn@chromium.org
18c2d3ef4e Clears captures of look-aheads on backtrack.
Reduces number of pushes when flushing a trace. Some are converted to clears
in the undo-code instead, and some just ignored if they have no value worth restoring.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-01-23 13:34:51 +00:00
ager@chromium.org
d4dae20a12 Fix issue 186:
http://code.google.com/p/v8/issues/detail?id=186

Create a new instance type for context extension objects.  Use it to
not use the __proto__ accessor for context extension objects.
Review URL: http://codereview.chromium.org/18044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1072 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-01-14 12:13:26 +00:00
christian.plesner.hansen@gmail.com
d6e6508bd7 Added clearing of captures before entering the body of a loop. This
also revealed a bug or two that had to be fixed.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-01-14 11:32:23 +00:00
ager@chromium.org
cd1afeaaa2 Add failing test for issue 186:
http://code.google.com/p/v8/issues/detail?id=186

The issue is that the extension object is a normal javascript object
on which assignments to __proto__ changes the prototype chain.
Review URL: http://codereview.chromium.org/18221

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2009-01-14 09:20:13 +00:00
erik.corry@gmail.com
4ede982a4b Added test for bug 176 (zero length matches should fail in quantifiers).
Review URL: http://codereview.chromium.org/13381

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-12-11 09:01:55 +00:00
kasperl@chromium.org
b727198587 Fix issue 124 by computing the receiver correctly when
the property is found in a context slot.
Review URL: http://codereview.chromium.org/8097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 08:42:22 +00:00
kasperl@chromium.org
8e675da371 Update Mozilla test status to reflect that regress-363258
is flaky on Linux and Mac (as well as Windows) and remove
line that refers to non-existing mozilla/... test.
Review URL: http://codereview.chromium.org/7910

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@559 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 06:11:39 +00:00
kasperl@chromium.org
96733af32b Added failing test case for bug 124.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-23 05:49:05 +00:00
erik.corry@gmail.com
99f5ae88a3 Fix bug 1439135 (slicedstring on constring not flat)
Review URL: http://codereview.chromium.org/7809

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 08:08:17 +00:00
kasperl@chromium.org
3d4d596e00 Added failing test case for bug 1439135.
Review URL: http://codereview.chromium.org/7808

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 07:39:53 +00:00
bak@chromium.org
9dadae1bfb - Fixed Issue 3201: Embedded Google Calendar crashes the renderer
ExtendStorage did not work with keyed store IC.
- Reduced instructions generated when performing a tail call to 
  kSharedStoreIC_ExtendStorage
- Moved test/mjsunit/bugs/bug-109.js
  to test/mjsunit/keyed-storage-extend.js

Review URL: http://codereview.chromium.org/6526

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-07 09:28:04 +00:00
kasperl@chromium.org
f7174fd151 Add reproducible failing test case for bug 109.
Review URL: http://codereview.chromium.org/6300

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@451 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-07 08:11:38 +00:00
kasperl@chromium.org
016fcd4aff Fix issue 86 by keeping track of the fact that finally blocks
are evaluated with an extra element on the stack, which needs
to be taken into account when breaking and continuing. 

I'll clean up the code and add an abstraction for manipulating
the break stack height in a future CL -- I want to try to get
rid of the separate local variable we keep around for the "state"
when running in a finally block.
Review URL: http://codereview.chromium.org/5625

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@400 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-01 07:43:00 +00:00
christian.plesner.hansen@gmail.com
20e3e2f85f Added copyright headers to tests.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-09-25 13:14:23 +00:00
christian.plesner.hansen@gmail.com
2d0c43ad09 - Added support for warnings on unused test rules.
- Added automatic loading of test suites


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-09-25 12:38:34 +00:00
christian.plesner.hansen@gmail.com
9bed566bdb Changed copyright header from google inc. to v8 project authors.
Added presubmit step to check copyright.



git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-09-09 20:08:45 +00:00
christian.plesner.hansen@gmail.com
3351499cb5 Fixed problem where asian characters were not categorized as letters
because they were defined using different syntax in the unicode
database.



git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-09-08 10:45:01 +00:00
mads.s.ager@gmail.com
9ef7673d82 Clean up a couple of runtime functions that mixed handles and raw
pointers.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@36 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-08-29 08:48:06 +00:00
feng.qian.v8
69b74a95bb Add a test that access a property name in its unicode escaped form.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@30 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-08-28 18:32:52 +00:00
mads.s.ager@gmail.com
c470d9f05b Changed status file support for the tests. The testcfg.py script is
now responsible for adding the status information for the tests in the
corresponding test suite.

Added status file from mjsunit tests.

Added tests for known bugs.


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@29 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-08-28 13:17:47 +00:00