Commit Graph

1715 Commits

Author SHA1 Message Date
jkummerow@chromium.org
63263a9aa9 Fix unsigned-Smi check in MappedArgumentsLookup
BUG=126414
TEST=mjsunit/regress/regress-crbug-126414

Review URL: https://chromiumcodereview.appspot.com/10375033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-07 10:05:39 +00:00
mstarzinger@chromium.org
11d24334fc Implement ClearFunctionTypeFeedback for test cases.
R=danno@chromium.org
TEST=mjsunit/compiler/inline-construct

Review URL: https://chromiumcodereview.appspot.com/10332010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-04 09:16:38 +00:00
peter.rybin@gmail.com
885c142d24 Fix mjsunit.status for new liveedit test
Review URL: https://chromiumcodereview.appspot.com/10353016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 18:53:40 +00:00
peter.rybin@gmail.com
1719a1499a Fix issue 825 (LiveEdit vs. function with no locals) in core and for ia32.
Review URL: https://chromiumcodereview.appspot.com/10263002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11502 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 17:31:34 +00:00
svenpanne@chromium.org
065cc14449 Use map transitions when defining accessor properties.
AccessorPairs can now contain map transitions, which is similar to our current
handling of CONSTANT_FUNCTION/CONSTANT_TRANSITION, but generalized to a pair for
holding info about the getter and the setter. This way we can achieve map
sharing for objects with accessor properties, which is a prerequisite for making
them fast via inlining. We fall back to the previous way of handling accessor
properties when sharing is not possible or we don't handle a special case.

Note: When an exisiting accessor property is redefined we could in principle
move the AccessorPair out of the descriptor into the object itself (again just
like the way we do something similar for CONSTANT_FUNCTION/CONSTANT_TRANSITION),
but this would require a new property kind for holding a pair of values. Perhaps
we can implement this later, but for now this hopefully rare case is handled
like before, losing map sharing and potentially creating more maps than strictly
necessary.

Review URL: https://chromiumcodereview.appspot.com/10238005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11496 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 12:41:40 +00:00
yangguo@chromium.org
b42ab19d2e Modify two regression tests to actually fail when failing.
BUG=
TEST=regress-1639, regress-1639-2

Review URL: https://chromiumcodereview.appspot.com/10315009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 11:52:56 +00:00
erik.corry@gmail.com
baf7ebd6da Fix assert triggered in fast/regex/pcre-test-4.html We were not filtering out
all the nodes that had non-ASCII characters.  That has been fixed, but because
of the protection against over-deep recursion when filtering it is wrong to
assert that all nodes were filtered.  This change therefore also makes sure we
can cope with non-filtered nodes by adding back some code removed in
https://chromiumcodereview.appspot.com/10174017/
Review URL: https://chromiumcodereview.appspot.com/10358008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11487 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 08:22:12 +00:00
danno@chromium.org
908e77a53a Ensure reload of elements pointer in StoreFastDoubleElement stub.
R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-125515.js
BUG=chromium:125515

Review URL: https://chromiumcodereview.appspot.com/10260014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-02 09:58:42 +00:00
jkummerow@chromium.org
f6dacfe83a Fixed corner cases in truncation behavior when storing to TypedArrays.
Also simplified ia32 KeyedStoreStubCompiler::GenerateStoreExternalArray a bit.

BUG=v8:2110
TEST=mjsunit/regress/regress-2110

Review URL: https://chromiumcodereview.appspot.com/10260011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-30 15:17:59 +00:00
mstarzinger@chromium.org
b54ca31fb2 Fix LFastLiteral to check boilerplate elements kind.
Adds a missing check that the elements kind of the boilerplate object
still has the expected elements kind, unoptimized code can transition
the boilerplate. Corner cases might cause the optimized code to be
reentered again.

R=danno@chromium.org
TEST=mjsunit/regress/regress-fast-literal-transition

Review URL: https://chromiumcodereview.appspot.com/10254006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-30 14:59:13 +00:00
peter.rybin@gmail.com
569eba39f5 Issue 2081: Expose function's (closure's) inner context in debugger.
This is against the correct branch (bleeding_edge).

Review URL: https://chromiumcodereview.appspot.com/10171003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-26 20:16:53 +00:00
erik.corry@gmail.com
292e007cf3 Remove more assumptions from debug tests. Even though a function
is optimized, does not mean all frames on the stack are optimized.
Also, when we ask for the list of scripts we may get more or less
depending on GC timing.  Also fixed a presubmit error and made
%GetOptimizationStatus a little more honest.
Review URL: https://chromiumcodereview.appspot.com/10234007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-26 13:44:18 +00:00
erik.corry@gmail.com
ad4f2b996b Remove unwarranted assumptions about inlining from a debugger test.
Review URL: https://chromiumcodereview.appspot.com/10239003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11449 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-26 11:58:34 +00:00
erik.corry@gmail.com
d511b69e86 Regexp: Remove nodes from the regexp that cannot match because
they contain non-ASCII characters and the input string is ASCII.
Remove unused Clone() method.
Review URL: https://chromiumcodereview.appspot.com/10174017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-26 09:11:19 +00:00
mmassi@chromium.org
93113da5a2 Eliminate redundant array bound checks (checks already performed earlier in the DT).
As a special case, for checks on index expressions with the form (expr + constant) if a smaller constant is checked later in the DT also eliminate the check.
Finally, if a larger constant is checked later in the same BB do the more general check (larger constant) earlier instead of the less general one.
This will not cause useless deoptimizations because, since we are in the same BB, all the checks would have been executed anyway.
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10032029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11437 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-25 14:32:27 +00:00
mstarzinger@chromium.org
21fc0fef6a Fix deopted construct stub frame to contain code object.
R=danno@chromium.org
BUG=chromium:124594
TEST=mjsunit/regress/regress-124594

Review URL: https://chromiumcodereview.appspot.com/10155024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11436 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-25 13:22:04 +00:00
erik.corry@gmail.com
f6f954484c Make --stress-compaction more stressful.
Review URL: https://chromiumcodereview.appspot.com/10141007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-25 11:35:32 +00:00
fschneider@chromium.org
6e713a269d Optimise Math.floor(x/y) to use integer division for specific divisor.
Landing for Rodolph Perfetta <rodolph.perfetta@gmail.com>. 

Original CL: http://codereview.chromium.org/9638018/
Review URL: https://chromiumcodereview.appspot.com/10197010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11427 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-24 15:59:07 +00:00
erik.corry@gmail.com
c436c70f8b Fix some bugs in accessing details of the lastest regexp
match.  Sometimes were were not updating it when we should
and sometimes we were leaving the lastMatchInfoOverride in
place when we should be using the updated regular last match
info.  Small optimization for zero length match in
String.prototype.replace.
Review URL: https://chromiumcodereview.appspot.com/10184004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-23 18:56:07 +00:00
mstarzinger@chromium.org
e3be59512a Fix source property of empty RegExp objects.
R=rossberg@chromium.org
BUG=v8:1982
TEST=test262/15.10.4.1-5

Review URL: https://chromiumcodereview.appspot.com/10134010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-23 13:59:43 +00:00
yangguo@chromium.org
717dbba694 Disabling stepping into callback function of String.replace.
This is being done due to performance concerns.

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10134006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-20 15:20:52 +00:00
rossberg@chromium.org
c8aea7a184 Put new global var semantics behind a flag until WebKit tests are cleaned up.
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10163003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-20 13:35:09 +00:00
yangguo@chromium.org
f516037a6f Enable stepping into callback passed to builtins (e.g. Array.forEach).
BUG=109564
TEST=

Review URL: https://chromiumcodereview.appspot.com/10078014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-20 11:06:12 +00:00
svenpanne@chromium.org
cac8bbff6e Replaced the --limit-inling flag by three separate flags and bumped hard limits.
This change makes experiments with inlining limits much easier. Note that the
default values for the limits keep their old values for now. Renamed things a
bit for more consistency.

Review URL: https://chromiumcodereview.appspot.com/10162001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-20 10:42:12 +00:00
fschneider@chromium.org
0556f87851 Optimize ~~(expr) in optimized code.
~~ is commonly used to truncate a value to int32 (ToInt32).

This change avoid actually emitting the bitwise operations, and
just truncates the subexpression of ~~.

BUG=v8:2037
TEST=test/mjsunit/compiler/optimize-bitnot.js
Review URL: https://chromiumcodereview.appspot.com/10123007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-19 13:24:15 +00:00
mstarzinger@chromium.org
57739100f3 Fix missing GVN flag for new-space promotion.
R=vegorov@chromium.org
BUG=chromium:123919
TEST=mjsunit/regress/regress-123919

Review URL: https://chromiumcodereview.appspot.com/10119016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11382 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-19 07:49:11 +00:00
mstarzinger@chromium.org
47d07b8a7b Fix fast array literals to ignore prototype chain.
This makes sure that boilerplate objects for array literals with
non-constant elements (which will contain the hole at non-constant
positions) will not cause prototype chain lookups when generating
optimized code.

R=erik.corry@gmail.com
BUG=chromium:123512
TEST=mjsunit/regress/regress-123512

Review URL: https://chromiumcodereview.appspot.com/10105025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-17 11:12:37 +00:00
mstarzinger@chromium.org
f7cd1e41f8 Fix illegal escape-sequences to throw syntax errors.
R=erik.corry@gmail.com
TEST=test262/S7.8.4_A6.*,test262/S7.8.4_A7.*

Review URL: https://chromiumcodereview.appspot.com/9490006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-16 15:54:02 +00:00
rossberg@chromium.org
ab26fb6b21 Implement rudimentary module linking.
Constructs the (generally cyclic) graph of module instance objects
and populates their exports. Any exports other than nested modules
are currently set to 'undefined' (but already present as properties).

Details:
- Added new type JSModule for instance objects: a JSObject carrying a context.
- Statically allocate instance objects for all module literals (in parser 8-}).
- Extend interfaces to record and unify concrete instance objects,
  and to support iteration over members.
- Introduce new runtime function for pushing module contexts.
- Generate code for allocating, initializing, and setting module contexts,
  and for populating instance objects from module literals.
  Currently, all non-module exports are still initialized with 'undefined'.
- Module aliases are resolved statically, so no special code is required.
- Make sure that code containing module constructs is never optimized
  (macrofy AST node construction flag setting while we're at it).
- Add test case checking linkage.

Baseline: http://codereview.chromium.org/9722043/

R=svenpanne@chromium.org,mstarzinger@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9844002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-16 14:43:27 +00:00
rossberg@chromium.org
62945585fd Implement ES5 erratum: global declarations shadow inherited properties.
I also discovered that our treatment of const declarations is inconsistent
when inside a global eval under 'with' (i.e., when created by
DeclareContextSlots). That is,

  var x;
  eval("const x = 9")

and

  var x;
  eval("with({}) const x = 9")

differ (the former assigns 9, the latter throws). This appears to be an
oversight from earlier changes to our const semantics (the latter shouldn't
throw either). Fixing this is a separate issue, though (and one that doesn't
seem quite worthwhile).

R=mstarzinger@chromium.org
BUG=v8:1991,80591
TEST=

Review URL: https://chromiumcodereview.appspot.com/10067010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11333 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-16 13:20:50 +00:00
erik.corry@gmail.com
b32ff09a49 Regexp.rightContext was still not quite right. Fixed and
added more tests.
Review URL: https://chromiumcodereview.appspot.com/10008104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-13 11:03:22 +00:00
vegorov@chromium.org
69952d78af Untabify test/mjsunit/regress/regress-119609.js.
TBR=kmillikin@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10067017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-12 20:29:48 +00:00
vegorov@chromium.org
ec4c772746 Return LOOKUP variable instead of CONTEXT for non-context allocated outer scope parameters.
R=kmillikin@chromium.org
BUG=chromium:119609
TEST=test/mjsunit/regress/regress-119609.js

Review URL: https://chromiumcodereview.appspot.com/10010046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-12 19:32:29 +00:00
jkummerow@chromium.org
14e181709b Fix regular and ElementsKind transitions interfering with each other
R=danno@chromium.org
BUG=122271
TEST=mjsunit/regress/regress-crbug-122271

Review URL: https://chromiumcodereview.appspot.com/10038010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11286 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-12 12:30:32 +00:00
erikcorry
32f16418ea Regexp: Fix rightContext in the lastMatchInfoOverride
case.
Review URL: http://codereview.chromium.org/10068010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-12 12:13:18 +00:00
vegorov@chromium.org
983d521fe9 Reland arguments access support for inlined functions (r11109,r11118).
When pushing arguments use correct initial values instead of fetching them from the environment which can be modified.

R=fschneider@chromium.org
TEST=test/mjsunit/compiler/inline-arguments.js

Review URL: https://chromiumcodereview.appspot.com/10033028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11274 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-11 13:40:55 +00:00
erikcorry
f90e665e9a Ensure that a call to String.prototype.match with a
global regexp after a call to String.prototype.replace
with a function argument sets the last match info
correctly.  Bug=2058
Review URL: http://codereview.chromium.org/10029009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-10 10:42:25 +00:00
danno@chromium.org
ed5d288ac1 Adjust stack limit again to avoid overflow on 64 bit windows
Also add additional stack check.

R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10006010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11238 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 14:01:39 +00:00
ulan@chromium.org
3861063018 Check for NaN in inlined versions of Math.min, Math.max.
R=danno@chromium.org
BUG=V8:2056
TEST=mjsunit/regress/regress-2056.js

Review URL: https://chromiumcodereview.appspot.com/10006008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11237 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 13:24:52 +00:00
danno@chromium.org
3c6f5774d2 Fix stack overflows on Windows x64.
R=mstarzinger@chromium.org
TEST=win 64 not red anymore

Review URL: https://chromiumcodereview.appspot.com/10008005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 12:32:35 +00:00
danno@chromium.org
7bd1274baa Rollback 11231: Add regression test case for issue 2025.
TBR=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10006006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 08:35:32 +00:00
danno@chromium.org
db34072379 Add regression test case for issue 2025.
R=ulan@chromium.org
BUG=v8:2056
TEST=test/mjsunit/regress/regress-2056.js

Review URL: https://chromiumcodereview.appspot.com/10006004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 08:08:05 +00:00
mstarzinger@chromium.org
47aa3254c2 Fix rewriter to not treat throw as an expression.
Now we can correctly optimize top level code that contains a throw (or
return) as it's last statement.

R=ulan@chromium.org
BUG=v8:2054
TEST=mjsunit/regress/regress-2054

Review URL: https://chromiumcodereview.appspot.com/9969146

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-04 13:41:05 +00:00
mstarzinger@chromium.org
7b59b1d5ac Fix array boilerplate object transitioning.
Array literal boilerplate objects can be transitioned while existing
un-transitioned clones are still being populated. This adds a check that
prevents us from performing the same transition twice.

R=danno@chromium.org
BUG=v8:2055
TEST=mjsunit/regress/regress-2055

Review URL: https://chromiumcodereview.appspot.com/9950095

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-03 16:54:28 +00:00
danno@chromium.org
8dc9bc962f Don't crash on stack overflow entering the debugger.
R=ager@chromium.org, sgjesse@chromium.org
BUG=chromium:119429
TEST= test/mjsunit/regress/regress-119429.js

Review URL: https://chromiumcodereview.appspot.com/9965101

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-03 13:45:56 +00:00
danno@chromium.org
d9437722da Properly support shrinking arrays in CopyDictionaryToObjectElements.
R=mstarzinger@chromium.org
BUG=chromium:121407
TEST=test/mjsunit/regress/regress-121407.js

Review URL: https://chromiumcodereview.appspot.com/9968056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11214 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-03 08:13:59 +00:00
mstarzinger@chromium.org
5798bc27aa Fix hidden properties to ignore [[Extensible]].
The [[Extensible]] property prevented the very first hidden property
from being added. If any hidden property was added to the object before
preventing extension, adding subsequent hidden properties would have
succeed however.

R=svenpanne@chromium.org
BUG=v8:2034
TEST=mjsunit/regress/regress-2034

Review URL: https://chromiumcodereview.appspot.com/9844025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-02 08:26:30 +00:00
vegorov@chromium.org
8360ec877e Ensure that arguments object is materialized when deoptimizing from inlined function.
Lithium translation rebuilds hydrogen environments from scratch so we have to ensure that arguments object is correctly bound on function entry otherwise deoptimization will not materialize it.

This fix was implemented as part of r11109 and then reverted.

R=danno@chromium.org
BUG=v8:2045
TEST=test/mjsunit/regress/regress-2045.js

Review URL: https://chromiumcodereview.appspot.com/9963008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-30 13:22:39 +00:00
erik.corry@gmail.com
356cf1ed0a RegExp: Add support for table-based character class
code generation.  This is performance neutral for
all our tests, but a factor 6 faster for the Unicode
based regexp in the new test (and much more compact
code).
Review URL: https://chromiumcodereview.appspot.com/9854020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-30 07:43:48 +00:00
mstarzinger@chromium.org
552393c383 Add missing regression test for r11173.
R=svenpanne@chromium.org
BUG=chromium:12009
TEST=mjsunit/regress/regress-120099

Review URL: https://chromiumcodereview.appspot.com/9873027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-28 15:17:14 +00:00
mstarzinger@chromium.org
057371da13 Fix polymorphic load on named fields.
This fixes polymorphic loads to correctly compare in-object offsets
instead of indices, because indices might coincide even though the
actual slot is different because of different instance sizes.

R=danno@chromium.org
BUG=v8:2030
TEST=mjsunit/regress/regress-2030,mjsunit/mirror-array

Review URL: https://chromiumcodereview.appspot.com/9864028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-27 10:42:38 +00:00
erik.corry@gmail.com
6cb333cadf Fix broken test.
Review URL: https://chromiumcodereview.appspot.com/9865019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-27 09:10:58 +00:00
erik.corry@gmail.com
bfb1e9e702 Fix edge case for case independent regexp character classes.
http://code.google.com/p/v8/issues/detail?id=2032
Review URL: https://chromiumcodereview.appspot.com/9860029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-27 08:42:37 +00:00
ulan@chromium.org
a47d1c0714 Fix the return type of the date set methods.
Date set methods (setMinutes, setHours, etc.) should return the time value as a number instead of JSDate.

R=jkummerow@chromium.org
TEST=test/mjsunit/regress/regress-2027.js

Review URL: https://chromiumcodereview.appspot.com/9809010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-26 10:13:03 +00:00
jkummerow@chromium.org
4e405b6945 Fix missing write barrier in CopyObjectToObjectElements.
Passing the write barrier mode as a parameter does not make sense, as the elements kind specific copiers know best whether a write barrier is needed or not.

BUG=119926
TEST=mjsunit/regress/regress-crbug-119926
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9808111

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11134 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-25 15:16:06 +00:00
danno@chromium.org
8833c99552 Check double array bounds in HasElementImpl.
R=jkummerow@chromium.org
BUG=chromium:119925
TEST=test/mjsunit/regress/regress-119925.js

Review URL: https://chromiumcodereview.appspot.com/9808110

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-25 14:21:51 +00:00
vegorov@chromium.org
3ccc885c78 Revert arguments access support for inlined functions (r11109,r11118).
We are inserting HPushArgument instructions after HEnterInlined based on the environment at the point of the first arguments access. Which might create use before def if there are redundant phis in the environment. 
Review URL: https://chromiumcodereview.appspot.com/9837041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11128 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-23 15:39:34 +00:00
rossberg@chromium.org
00346bd1da Fix use of proxies as f.prototype properties.
R=mstarzinger@chromium.org
BUG=v8:2021
TEST=

Review URL: https://chromiumcodereview.appspot.com/9837008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-23 10:25:14 +00:00
vegorov@chromium.org
b7dca5d5a7 Support arguments object access from inlined functions.
R=fschneider@chromium.org
TEST=test/mjsunit/compiler/inline-arguments.js

Review URL: https://chromiumcodereview.appspot.com/9837002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-22 13:53:28 +00:00
vegorov@chromium.org
790219ec55 Use correct arguments adaptation environment when inlining function containing arguments.
R=mstarzinger@google.com
BUG=V8:2014
TEST=test/mjsunit/compile/inline-arguments.js

Review URL: https://chromiumcodereview.appspot.com/9750007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-20 18:15:31 +00:00
yangguo@chromium.org
184b7a8915 Experimental profiler: split RegExp.test() for better optimization.
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9701064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 17:21:42 +00:00
pfeldman@chromium.org
26aaa3b005 Debugger: naive implementation of "step into Function.prototype.bind".
Review URL: https://chromiumcodereview.appspot.com/9705018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11058 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 14:17:22 +00:00
mstarzinger@chromium.org
79a98de9f7 Fix declarations escaping global strict eval.
According to ES5 10.4.2(3), eval calls of strict code always require
their own lexical and variable environment. For now we just add a new
scope when we parse the strict mode directive. The clean solution would
be to always have this sope present (even for global eval calls) and
adapt variable binding to cope with that.

R=rossberg@chromium.org
BUG=v8:1624
TEST=mjsunit/regress/regress-1624,test262/S10.4.2.1_A1

Review URL: https://chromiumcodereview.appspot.com/9703021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11057 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 13:02:21 +00:00
pfeldman@chromium.org
100bc51eae Debugger: add ability to set script source from within OnBeforeCompile.
Review URL: https://chromiumcodereview.appspot.com/9677043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 11:51:26 +00:00
danno@chromium.org
beb012be45 Don't use an explicit s0 in ClampDoubleToUint8.
R=fschneider@chromium.org
BUG=v8:2004
TEST=test/mjsunit/pixel-array-rounding.js

Review URL: https://chromiumcodereview.appspot.com/9702027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 09:52:48 +00:00
mstarzinger@chromium.org
2c7f0edd48 Fix wrapping of receiver for non-strict callbacks.
R=rossberg@chromium.org
BUG=v8:1973
TEST=mjsunit/regress/regress-1973

Review URL: https://chromiumcodereview.appspot.com/9705020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11050 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-14 17:42:19 +00:00
rossberg@chromium.org
46001aa54c Function declarations shall not overwrite read-only global properties.
R=mstarzinger@chromium.org
BUG=115452
TEST=mjsunit/regress/regress-115452

Review URL: https://chromiumcodereview.appspot.com/9696035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-14 13:51:00 +00:00
vegorov@chromium.org
262c8bddd5 Always create HArgumentsObject on function entry.
We do not know if we are going to need it and creating it lazyly might cause us to insert it at the block that does not dominate all uses.

R=mstarzinger@chromium.org
TEST=mjsunit/compiler/inline-arguments.js

Review URL: https://chromiumcodereview.appspot.com/9692046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11024 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-13 14:45:03 +00:00
kmillikin@chromium.org
7d6fd56fd5 Ensure there is a smi check of the receiver for global load and call ICs.
There was a comment that, for such ICs specialized to the global object,
they were always contextual loads.  This is very brittle.  It is a
micro-optimization that relies too much on the way that things happen to
work today.

Instead, never omit the smi check because it's safer.

R=vegorov@chromium.org
BUG=117794
TEST=regress-117794.js

Review URL: https://chromiumcodereview.appspot.com/9691038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-13 11:39:30 +00:00
yangguo@chromium.org
7659beafb1 Ensure consistency of Math.sqrt on Intel platforms.
BUG=
TEST=regress-sqrt.js

Review URL: https://chromiumcodereview.appspot.com/9690010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11012 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-12 14:56:04 +00:00
vegorov@chromium.org
da03f56b1f Inline functions that use arguments object in f.apply(o, arguments) pattern.
Support arguments materialization after deoptimization in all frames (not only in topmost one).

R=fschneider@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9643001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11008 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-12 12:49:41 +00:00
ulan@chromium.org
cb2f2a2391 Fix compile errors on Windows introduced by r10983.
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9652030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10987 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-09 13:01:32 +00:00
ulan@chromium.org
1767fef60b Implement date library functions in C++.
Developed together with Andreas Rossberg based on:
  https://chromiumcodereview.appspot.com/9117034/
  https://chromiumcodereview.appspot.com/9307083/

R=rossberg@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9572008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10983 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-09 12:07:29 +00:00
rossberg@chromium.org
8604da7f06 New class for Date objects: caches individual date components.
First step, cache slots not used yet.

R=ulan@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9117034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10981 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-09 11:11:55 +00:00
rossberg@chromium.org
dbb95bc5f0 Fix minifier to distinguish regexps from divisions (to some extent).
Rrraaa, I have to say, doing program rewriting via regexp rules is an inherently broken idea...

R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9644001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-08 16:38:44 +00:00
rossberg@chromium.org
448b620dad Basic interface inference for modules.
All module expressions, and all variables that might refer to modules,
are assigned interfaces (module types) that are resolved using
unification. This is necessary to deal with the highly recursive
nature of ES6 modules, which does not allow any kind of bottom-up
strategy for resolving module names and paths.

Error messages are rudimental right now. Probably need to track
more information to make them nicer.

R=svenpanne@chromium.org
BUG=v8:1569
TEST=

Review URL: https://chromiumcodereview.appspot.com/9615009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-08 13:03:07 +00:00
mstarzinger@chromium.org
1d89a176ec Implement Object.is and Number.is[Finite,NaN] functions.
R=rossberg@chromium.org
TEST=mjsunit/object-is,mjsunit/number-is

Review URL: https://chromiumcodereview.appspot.com/9630009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10965 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-08 12:49:24 +00:00
yangguo@chromium.org
13689a4f13 Set debug break slot at init of loop variable in a for loop.
BUG=102153
TEST=regress-102153.js

Review URL: https://chromiumcodereview.appspot.com/9625011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10963 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-08 10:21:43 +00:00
svenpanne@chromium.org
1729e3c0dd Make the runtime entry for setting/changing accessors "atomic".
Previously, there were 1 or 2 calls to the runtime when accessors were changed
or set. This doesn't really work well with property attributes, leading to some
hacks and complicates things even further when trying to share maps in presence
of accessors. Therefore, the runtime entry now takes the full triple (getter,
setter, attributes), where the getter and/or the setter can be null in case they
shouldn't be changed.

For now, we do basically the same on the native side as we did before on the
JavaScript side, but this will change in future CLs, the current CL is already
large enough.

Note that object literals with a getter and a setter for the same property still
do 2 calls, but this is a little bit more tricky to fix and will be handled in a
separate CL.

Review URL: https://chromiumcodereview.appspot.com/9616016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10956 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-07 13:24:44 +00:00
yangguo@chromium.org
67540abe08 Fix compile with debuggersupport=off.
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9546051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10952 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-07 10:57:36 +00:00
svenpanne@chromium.org
64340007e0 Never let the hole escape...
Review URL: https://chromiumcodereview.appspot.com/9605042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10951 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-07 10:03:32 +00:00
mstarzinger@chromium.org
8c2708de6d Fix Error.prototype.toString to throw TypeError.
R=rossberg@chromium.org
BUG=v8:1980
TEST=mjsunit/function-call,mjsunit/regress/regress-1980

Review URL: https://chromiumcodereview.appspot.com/9568005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-05 13:57:48 +00:00
mstarzinger@chromium.org
240e818f0c Fix inlining of strict mode constructors.
Inlined strict mode functions (that are not called as methods) will get
their receiver reset to undefined. This should not happen when inlining
constructors.

This change also simplifies the test suite to reuse the same closures
into which constructors get inlined and use gc() to force V8 to forget
collected type feedback.

R=vegorov@chromium.org
TEST=mjsunit/compiler/inline-construct

Review URL: https://chromiumcodereview.appspot.com/9597017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-05 12:46:50 +00:00
yangguo@chromium.org
f2699b66cf Revert r10908 due to flakiness and crashes.
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9580007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-02 15:00:52 +00:00
yangguo@chromium.org
12f2099993 Ensure consistent result of transcendental functions.
BUG=
TEST=regress-transcendental.js

Review URL: https://chromiumcodereview.appspot.com/9572009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10908 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-02 14:33:15 +00:00
danno@chromium.org
57a0c6c6e3 Inline ordered relational compares of mixed double/undefined values.
Allow Crankshaft to inline ordered relational comparisons (<, >, <=, >=) that have undefined arguments in addition to double value arguments (rather than calling the generic Compare stub).

R=fschneider@chromium.org
TEST=test/mjsunit/comparison-ops-and-undefined.js

Review URL: https://chromiumcodereview.appspot.com/9584006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-02 13:40:14 +00:00
fschneider@chromium.org
1e40f7ac2c Fix a register assignment bug in typed array stores without SSE3 available.
The old code used a separate HToInt32 instruction which had a wrong register
constraint for the input register which caused wrong result when the stored value
is used after a typed array store. (UseRegister instead of UseTempRegister) when no
SSE3 is available.

This change fixes it by replacing HToInt32 with the corresponding HChange
instruction which has correct register contraints.

TEST=mjsunit/compiler/regress-toint32.js
Review URL: https://chromiumcodereview.appspot.com/9565007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10891 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-01 12:45:46 +00:00
mstarzinger@chromium.org
fd5640cf7a Implement inlined object allocation in Crankshaft.
Generates inlined code for object allocation specific to the initial map
of the given constructor function. Also forces completion of inobject
slack tracking while crankshafting to finalize instance size of these
objects.

R=vegorov@chromium.org
TEST=mjsunit/compiler/alloc-object

Review URL: https://chromiumcodereview.appspot.com/9370019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10881 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-01 11:10:28 +00:00
rossberg@chromium.org
b89c0a962c AST extensions and parsing for import & export declarations.
R=jkummerow@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9496003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10866 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-29 12:12:52 +00:00
mstarzinger@chromium.org
fb8eb04bfd Implement inlining of constructor calls.
R=vegorov@chromium.org,kmillikin@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9304001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-28 09:05:55 +00:00
vegorov@chromium.org
9b55ebaa3a When compiling for-in pass correct context value to the increment instruction.
Additionally force increment instruction to use int32 representation.

R=fschneider@google.com
BUG=http://crbug.com/115646
TEST=test/mjsunit/compiler/optimized-for-in.js

Review URL: https://chromiumcodereview.appspot.com/9463052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-27 14:37:27 +00:00
yangguo@chromium.org
32e2b0319e Update break points set with partial file name after compile.
BUG=v8:1853

Review URL: https://chromiumcodereview.appspot.com/9460059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-27 11:52:08 +00:00
rossberg@chromium.org
becd8dd11c Make 'module' a context-sensitive keyword.
Baseline: http://codereview.chromium.org/9401008/

R=lrn@chromium.org,mstarzinger@chromium.org
BUG=v8:1957
TEST=mjsunit/harmony/module-parsing

Review URL: https://chromiumcodereview.appspot.com/9422001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-24 15:53:09 +00:00
mstarzinger@chromium.org
36a91e30f7 Fix redefining of attributes on aliased arguments.
This allows elements of the non-strict arguments object to be redefined
with custom attributes and still maintain an alias into the context.
Such a slow alias is maintained by placing a special marker into the
dictionary backing store of the arguments object.

R=rossberg@chromium.org
BUG=v8:1772
TEST=test262,mjsunit/object-define-property

Review URL: https://chromiumcodereview.appspot.com/9460004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-24 14:34:01 +00:00
mstarzinger@chromium.org
9f83b4ee36 Fix Object.getOwnPropertyDescriptor in string elements.
This fixes Object.getOwnPropertyDescriptor to report string character
elements as enumerable in accordance with the spec.

BUG=v8:862
TEST=mjsunit/get-own-property-descriptor

Review URL: https://chromiumcodereview.appspot.com/9447053
Patch from Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10822 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-24 11:58:09 +00:00
yangguo@chromium.org
baabb87dae Fix HConstant's hash function for smis on x64.
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9466003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-24 10:59:12 +00:00
yangguo@chromium.org
8affd2bead Skip regress-1969 in x64.
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9455015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-23 14:50:08 +00:00
mstarzinger@chromium.org
30dcdb6a36 Revert r10811 because of test flakiness.
TBR=vegorov@chromium.org
BUG=v8:1322

Review URL: https://chromiumcodereview.appspot.com/9453012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-23 14:12:44 +00:00
yangguo@chromium.org
671084074d Lazy removal of dead HValues in GVN from use lists.
BUG=v8:1969
TEST=regress/regress-1969

Review URL: https://chromiumcodereview.appspot.com/9455011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-23 13:59:35 +00:00
mstarzinger@chromium.org
c1b97fe842 Allow inlining of functions containing function literals.
R=fschneider@chromium.org,vegorov@chromium.org
BUG=v8:1322
TEST=mjsunit/compiler/inline-literals

Review URL: https://chromiumcodereview.appspot.com/9453007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-23 12:24:03 +00:00
vegorov@chromium.org
5bb6a8399d Support OSR in for-in loops.
Modify PreProcessOsrEntry to work with OSR entries that have non-empty expression stack.

Modify graph builder to take for-in state from environment instead of directly referencing emitted instructions.

Extend %OptimizeFunctionOnNextCall with an argument to force OSR to make writing OSR tests easier: %OptimizeFunctionOnNextCall(f, "osr").

R=fschneider@chromium.org
TEST=test/mjsunit/compiler/optimized-for-in.js

Review URL: https://chromiumcodereview.appspot.com/9431030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-22 16:45:35 +00:00
vegorov@chromium.org
6703dddac4 Support fast case for-in in Crankshaft.
Only JSObject enumerables with enum cache (fast case properties, no interceptors, no enumerable properties on the prototype) are supported.

HLoadKeyedGeneric with keys produced by for-in enumeration are recognized and rewritten into direct property load by index. For this enum-cache was extended to store property indices in a separate array (see handles.cc).

New hydrogen instructions:

- HForInPrepareMap: checks for-in fast case preconditions and returns map that contains enum-cache;
- HForInCacheArray: extracts enum-cache array from the map;
- HCheckMapValue: map check with HValue map instead of immediate;
- HLoadFieldByIndex: load fast property by it's index, positive indexes denote in-object properties, negative - out of object properties;

Changed hydrogen instructions:

- HLoadKeyedFastElement: added hole check suppression for loads from internal FixedArrays that are knows to have no holes inside.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9425045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-22 12:47:42 +00:00
rossberg@chromium.org
e414be5fc6 After assignment return right hand side value instead of undefined
when Object.isExtensible(o) === false

Added corresponding tests

ES5 description: http://es5.github.com/#x11.13.1

Related issue: http://code.google.com/p/v8/issues/detail?id=1901

Contributed by ioseb.dzmanashvili@gmail.com

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9429002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-21 14:09:45 +00:00
vegorov@chromium.org
f5c8ac9839 On ia32 LFunctionLiteral instruction should get context from esi register instead of stack slot.
This makes LFunctionLiteral safe even when it is used from inside inlined function.

All other architectures were implementing LFunctionLiteral correctly.

R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-inlining-function-literal-context.js

Review URL: https://chromiumcodereview.appspot.com/9425061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-21 12:10:04 +00:00
mstarzinger@chromium.org
417a01accf Fix RegExp white-space character class to match BOMs.
R=rossberg@chromium.org
TEST=test262/S15.10.2.12_A?_T1,mjsunit/regexp

Review URL: https://chromiumcodereview.appspot.com/9426032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-20 17:50:53 +00:00
rossberg@chromium.org
958b3bf470 Parsing of basic module declarations (no imports/exports yet).
Module definitions are not compiled or otherwise executed yet.
Toplevel module identifiers are bound but never initialized.

R=kmillikin@chromium.org,mstarzinger@google.com
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9401008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-20 14:02:59 +00:00
rossberg@chromium.org
1336b913d0 Make built-ins strict mode conforming, and support a --use-strict flag.
* Turned all uses of 'const' into 'var'.
* Turned all uses of local 'function' into 'var'.
* Added a couple of missing toplevel 'var' declarations.

One consequence is that the properties on the builtin object  are no longer
non-writable, and I had to adapt one test. Is that a problem?

Unfortunately, we cannot actually switch the library scripts to strict mode
by default, because that makes observable things like poisoned .caller properties
for library functions.

Also removed dead flag code in Compiler::Compile.

R=yangguo@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9415010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-20 13:48:24 +00:00
yangguo@chromium.org
30bcc481e1 Enable inlining for Math.min/max in more cases.
Review URL: https://chromiumcodereview.appspot.com/9372021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-20 13:21:15 +00:00
mstarzinger@chromium.org
e423637898 Fix sequence of element access in array builtins.
R=rossberg@chromium.org
BUG=v8:1790
TEST=mjsunit/regress/regress-1790,test262/15.4.4.22-9-9

Review URL: https://chromiumcodereview.appspot.com/9419044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-17 10:06:26 +00:00
mstarzinger@chromium.org
1dd2b094a5 Implement fast literal support in Crankshaft.
This extends the current support for nested object literals we already
have in Crankshaft, to also support nested array literals and mixed
nested literals containing arrays and objects. All three types are
generated by the unified HFastLiteral instruction.

All previous upper bounds on nested literal graphs remain unchanged,
keeping the size of generated code in check.

The main intention is to boost performance of two-dimensional array
literals containing constant elements (aka. matrices).

R=danno@chromium.org
TEST=mjsunit/compiler/literals-optimized

Review URL: https://chromiumcodereview.appspot.com/9403018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 17:32:30 +00:00
mstarzinger@chromium.org
15c368ce4c Revert r10721 because of test flakiness.
TBR=fschneider@chromium.org
BUG=v8:1322

Review URL: https://chromiumcodereview.appspot.com/9417013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 17:13:37 +00:00
danno@chromium.org
a07e129e9a Relax TransitionElementsKind DependsOn/Changes dependencies.
Ensure that GVN eliminates all transitions that are dominated by an equivalent transition, even if there is a DependsOn-changing instruction in between.

R=fschneider@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9365057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10731 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 15:37:52 +00:00
mstarzinger@chromium.org
acb83c06f4 Allow inlining of functions containing function literals.
R=fschneider@chromium.org
BUG=v8:1322
TEST=mjsunit/compiler/inline-literals

Review URL: https://chromiumcodereview.appspot.com/9419005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10721 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 14:01:41 +00:00
yangguo@chromium.org
cc2780403a Ensure using byte registers for byte instructions on ia32 and x64.
BUG=v8:1945
TEST=regress-1945.js

Review URL: https://chromiumcodereview.appspot.com/9418005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 12:48:02 +00:00
danno@chromium.org
bd79e299e5 Uniformly handle 'undefined' store to Float64Array and Float32Array.
Previous behavior diverged in ICs and Crankshaft. When storing to a Float32Array or Float64Array, the ICs treated undefined as zero while Crankshaft treated it as NaN. Now both ICs and Crankshaft treat it as NaN, which is consistent with the WebGL & ECMAScript spec.

R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9402008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10714 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 07:58:07 +00:00
yangguo@chromium.org
01e46b955f Initialize internal arrays with the correct map.
BUG=v8:1878
TEST=regress-1878.js

Review URL: https://chromiumcodereview.appspot.com/9402009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-15 13:45:42 +00:00
danno@chromium.org
71cd77e22c Fix crashing bugs in store-and-grow IC for double values.
R=jkummerow@chromium.org
BUG=chromium:113924
TEST=test/mjsunit/regress/regress-113924.js

Review URL: https://chromiumcodereview.appspot.com/9365055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-14 15:09:49 +00:00
jkummerow@chromium.org
4233bf8348 Initial support for count-based profiling
(behind FLAG_count_based_interrupts; only on ia32)

Review URL: https://chromiumcodereview.appspot.com/9373028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-14 14:00:31 +00:00
rossberg@chromium.org
559f5eecad Don't treat function parameters as let-bound variables in Harmony mode.
R=ulan@chromium.org
BUG=v8:1942
TEST=

Review URL: https://chromiumcodereview.appspot.com/9365054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-14 13:47:54 +00:00
mstarzinger@chromium.org
0db91d40e9 Allow inlining of functions containing object literals.
R=fschneider@chromium.org
BUG=v8:1322
TEST=mjsunit/compiler/inline-literals

Review URL: https://chromiumcodereview.appspot.com/9388007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-14 08:57:10 +00:00
yangguo@chromium.org
fff8eba038 Fix test expectations for the tickprocessor.
Review URL: https://chromiumcodereview.appspot.com/9388003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10682 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-13 10:24:55 +00:00
danno@chromium.org
f0c4b87f34 Implement KeyedStoreICs to grow arrays on out-of-bound stores.
Supports growing non-COW JSArray by a single element if the backing store has room, and initial allocation of a backing store for the store to index zero of an empty array  to kPreallocatedArrayElements elements (e.g. the [] array literal).

Review URL: https://chromiumcodereview.appspot.com/9310117

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-10 12:36:05 +00:00
danno@chromium.org
9cc595a295 Add asserts to try to flush out test flakiness.
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9358033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-09 17:29:26 +00:00
danno@chromium.org
256975f314 Ensure expected behavior for transition hosting tests by flushing ICs
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9373027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-09 14:55:32 +00:00
mstarzinger@chromium.org
19a62a22fc Fix d8-os unit test to be skipped for isolates.
This test sets the umask on a per-process basis and hence cannot be
used in multi-threaded runs.

R=yangguo@chromium.org
TEST=mjsunit/d8-os

Review URL: https://chromiumcodereview.appspot.com/9372018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-09 09:52:38 +00:00
danno@chromium.org
d949c64688 Improve GVN handling of ElementTransitions.
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9141016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-09 08:58:19 +00:00
fschneider@chromium.org
b8b50400d2 Inline builtin Math functions functions in more cases.
Until now we only could inline as specialized HIR instructions when called
as a method (e.g. Math.abs)

It is very common practice to abbreviate calls to those functions by defining
a global or local variable like:

var a = Math.abs;
var x = a(123);

This change allows inlining them when called as a function (global or local).
Review URL: https://chromiumcodereview.appspot.com/9365013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10640 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 12:08:46 +00:00
mstarzinger@chromium.org
8e1399c761 Fix d8-os unit test to work with isolates.
We cannot use chdir to set the working directory on a per-isolate basis,
hence we need to specify absolute directories instead for this test to
work properly on multi-threaded runs.

R=yangguo@chromium.org
TEST=mjsunit/d8-os

Review URL: https://chromiumcodereview.appspot.com/9348051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 10:59:19 +00:00
mstarzinger@chromium.org
f034a3f0ea Enable membrane example for proxies again.
R=rossberg@chromium.org
BUG=v8:1845
TEST=mjsunit/harmony/proxies-example-membrane

Review URL: https://chromiumcodereview.appspot.com/9365011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 10:14:18 +00:00
yangguo@chromium.org
3e58827710 Fix elements transition bug related to array.concat.
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9358018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 09:50:13 +00:00
lrn@chromium.org
f0a87d7c34 Fix handling of 'c: if (0) break c; else ()' where a parser optimization
leaves a trailing ";" after removing the break.

Review URL: https://chromiumcodereview.appspot.com/9159043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 08:40:11 +00:00
fschneider@chromium.org
cb5164c0b0 Speed up two unit tests to avoid timeouts and make tests finish faster.
Review URL: https://chromiumcodereview.appspot.com/9309118

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-06 11:40:24 +00:00
ulan@chromium.org
8093e397e4 Do not ignore an empty context with extension when creating a scope object.
Runtime_DebugEvaluate creates an empty context which is not correctly handled in FullCodeGenerator::ContextSlotOperandCheckExtensions because the corresponding scope indicates that it has no context.

BUG=crbug.com/107996
TEST=test/mjsunit/regress/regress-crbug-107996.js

Review URL: https://chromiumcodereview.appspot.com/9310027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10582 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-02 09:35:12 +00:00
mstarzinger@chromium.org
5dc4859fa4 Fix test case to correctly check expected result.
R=vegorov@chromium.org
TEST=mjsunit/regress/regress-1229

Review URL: https://chromiumcodereview.appspot.com/9303032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-31 12:31:24 +00:00
danno@chromium.org
57525ef893 Store transitioned JSArray maps in global context
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9073007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10523 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-26 21:47:57 +00:00
vegorov@chromium.org
67d72eab45 When preparing heap for breakpoints make sure not to flush away non-optimized code for inlined functions.
Debug::PrepareForBreakPoints was not fully populating active_functions list.

R=erik.corry@gmail.com
TEST=test/mjsunit/regress/regress-debug-code-recompilation.js

Review URL: https://chromiumcodereview.appspot.com/9290013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-25 15:11:59 +00:00
vegorov@chromium.org
189aee91de Untabify test/mjsunit/debug-evaluate-locals-optimized-double.js.
TBR=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9284016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-24 08:48:33 +00:00
vegorov@chromium.org
04289e8d17 Support inlining at call-sites with mismatched number of arguments.
Review URL: https://chromiumcodereview.appspot.com/9265004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-24 08:43:12 +00:00
rossberg@chromium.org
c61665604b Fix handling of function proxies in higher-order array and string methods,
which use yet another way to determine strict vs non-strict function receivers.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9270004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-20 13:59:37 +00:00
vegorov@chromium.org
704c92ce95 Ensure that LRandom restores rsi after call to the C function on x64.
R=ulan@chromium.org
BUG=http://crbug.com/110509
TEST=test/mjsunit/regress/regress-110509.js

Review URL: https://chromiumcodereview.appspot.com/9265003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-19 08:43:34 +00:00
yangguo@chromium.org
6d0d6a5695 Recursion limit for one-char string replace and retire String::kMinNonFlatLength.
TEST=mjsunit/string-replace-one-char.js

Review URL: https://chromiumcodereview.appspot.com/9231017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-17 14:29:17 +00:00
yangguo@chromium.org
ddc0144490 Fixing issue 1898 (using HChange outside the insert-representation-changes phase).
BUG=v8:1898
TEST=mjsunit/regress/regress-1898.js

Review URL: http://codereview.chromium.org/9190047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-13 07:48:44 +00:00
yangguo@chromium.org
339c9c12e7 Inlining Math.min and Math.max in crankshaft.
BUG=v8:1325
TEST=

Review URL: http://codereview.chromium.org/9147034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10391 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 15:43:33 +00:00
danno@chromium.org
a42da8e38d Correct nits in d8 ArrayBuffer() implementation
TBR=jkummerow@chromium.org
BUG=none
TEST=external-array.js

Review URL: http://codereview.chromium.org/9185006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 15:10:56 +00:00
danno@chromium.org
6ce13906dc Add primitive WebGL ArrayBuffer() support to d8
R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/9114050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10389 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 14:42:58 +00:00
vegorov@chromium.org
c4d3a110a2 Adjust position recorded for call expressions.
For calls of the form ident(...) record position of the identifier as the position of the call. For other calls record positions of the opening parenthesis.

This guarantees that for expressions of the form function(){}() call position will not intersect with positions recorded for function literal which is used by the debugger for scope chain resolution.

R=kmillikin@chromium.org
BUG=http://crbug.com/109195
TEST=test/mjsunit/regress/regress-109195.js

Review URL: http://codereview.chromium.org/9125001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-06 10:26:17 +00:00
mstarzinger@chromium.org
e79274abe6 Fix handling of bogus receivers for Harmony collections.
R=rossberg@chromium.org
BUG=v8:1884
TEST=mjsunit/harmony/collections

Review URL: http://codereview.chromium.org/9074003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-05 12:55:06 +00:00
erik.corry@gmail.com
81a0271004 Randomize the seed used for string hashing. This helps guard against
CPU-eating DOS attacks against node.js servers.  Based on code from
Bert Belder.  This version only solves the issue for those that compile
V8 themselves or those that do not use snapshots.  A snapshot-based
precompiled V8 will still have predictable string hash codes.
Review URL: http://codereview.chromium.org/9086006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-04 15:12:15 +00:00
danno@chromium.org
f648626eb9 Reland 10309: Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/9051014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 14:28:14 +00:00
danno@chromium.org
5d85a04472 Rollback 10309
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8968042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 13:42:21 +00:00
danno@chromium.org
dff0e36d2d Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY
BUG=v8:1849
TEST=test/mjsunit/regress/regress-1849.js

Review URL: http://codereview.chromium.org/8968028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 12:54:23 +00:00
danno@chromium.org
aa38094bf0 Ensure that InternalArrays remain InternalArrays regardless of how they are constructed.
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js

Review URL: http://codereview.chromium.org/9016041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03 Avoid embedding new space objects into code objects in the lithium gap resolver.
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js

Review URL: http://codereview.chromium.org/8960004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-23 10:39:01 +00:00
mstarzinger@chromium.org
04f0e33229 Fix handling of foreign callbacks in DefineOwnProperty.
We use foreign callbacks to make some properties shadow internal values
but still behave as data properties from within JavaScript. This means
when a value is passed to Object.defineProperty() on such a property,
it should update the internal value instead of redefinind the property
and destroying the shadowing.

R=rossberg@chromium.org
BUG=v8:1530
TEST=mjsunit/regress/regress-1530,test262/S15.3.3.1_A4

Review URL: http://codereview.chromium.org/8996008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-20 08:49:51 +00:00
jkummerow@chromium.org
0438c76185 Fix outdated test expectations for array literal crankshafting
TEST=nosnap builder green

Review URL: http://codereview.chromium.org/8915006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 13:32:34 +00:00
jkummerow@chromium.org
106973c3d2 Create missing boilerplate for array literals instead of deoptimizing
BUG=107370
TEST=new additions to mjsunit/array-literal-transitions

Review URL: http://codereview.chromium.org/8914006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 13:01:27 +00:00
yangguo@chromium.org
4cd99d7cb9 Handle external strings in generated code when concatenating short strings.
TEST=string-external-cached.js

Review URL: http://codereview.chromium.org/8931025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 10:32:22 +00:00
fschneider@chromium.org
cf8e2b01e4 Landing forgotten mjsunit test file from previous CL.
Patch by Fedor Indutny <fedor.indutny@gmail.com>.

Original code review: http://codereview.chromium.org/8857001/
Review URL: http://codereview.chromium.org/8935006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 17:13:47 +00:00
jkummerow@chromium.org
91efb313eb Fix crash in d8 when external array ctor hits stack overflow
BUG=100859
TEST=mjsunit/regress/regress-crbug-100859

Review URL: http://codereview.chromium.org/8898021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 13:51:58 +00:00
yangguo@chromium.org
94f9aa3a0d Avoid using an invalid working directory in mjsunit/d8-os.
This test deleted its working directory and then tried to run several
shell commands which caused a failure on nfs.

Changes:
-TEST_DIR is only removed at the very end of the test
-the working directory is changed to /tmp at the beginning so that
 every iteration (when running with --stress-opt) has a valid working directory

BUG=
TEST=

Review URL: http://codereview.chromium.org/8936004
Patch from Daniel Kalmar <kalmard@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 12:57:33 +00:00
yangguo@chromium.org
a7f0c72e2d Fixing bug introduced in r10210 that crashes v8 raytrace benchmark.
BUG=
TEST=

Review URL: http://codereview.chromium.org/8889047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10226 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 12:11:56 +00:00
yangguo@chromium.org
ce86c1bfb1 Avoid bailing out to runtime for short substrings.
This significantly improves the speed for creating short substrings (less than 13 characters) from slices, flat cons strings and external strings.

TEST=string-external-cached.js, string-slices.js

Review URL: http://codereview.chromium.org/8889012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 10:04:58 +00:00
keuchel@chromium.org
f1649cf39c Hydrogen support for context allocated harmony bindings.
This CL adds support for loading from and storing to context slots
belonging to harmony let or const bound variables. Checks for the
hole value are performed and the function is deoptimized if they fail.
The full-codegen generated code will take care of properly throwing
a reference error in these cases.

TEST=mjsunit/harmony/block-let-crankshaft.js

Review URL: http://codereview.chromium.org/8820015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 09:50:30 +00:00
danno@chromium.org
ef54f5690f Support Smi->Double->HeapObject transitions in constructed Arrays.
Also several bugs with Smi/double elements handling and make Ensure* routines more flexible.

BUG=none
TEST=test/mjsunit/array-construct-transition.js

Review URL: http://codereview.chromium.org/8820014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 08:50:19 +00:00
vegorov@chromium.org
a457040ca6 Ensure that non-optimized code objects are not flushed for inlined functions.
Collector was flushing them if optimized code was reachable only through the stack (not through the JSFunction object) which happens when you have a pending lazy deoptimization.

Also prevent v8::Script::New from leaking internal objects allocated by the compiler into outer HandleScope.

R=kmillikin@chromium.org
BUG=http://crbug.com/97116
TEST=test/mjsunit/regress/regress-97116.js

Review URL: http://codereview.chromium.org/8888011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-08 16:07:07 +00:00
fschneider@chromium.org
c1662a199b Fix a bug with register use in optimized Math.round.
We're not allowed to modify the input register and have to
use a temporary instead, otherwise the result of expressions
containing Math.round can be wrong.

BUG=106351
TEST=test/mjsunit/compiler/regress-106351.js
Review URL: http://codereview.chromium.org/8833007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-07 10:13:46 +00:00
danno@chromium.org
b5b91b5add Fix nosnap build test failures.
TBR=jkummerow@chromium.org
BUG=none
TEST=less waterfall redness

Review URL: http://codereview.chromium.org/8828004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10184 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 22:27:15 +00:00
yangguo@chromium.org
e9688608cd Fix presubmit.
Review URL: http://codereview.chromium.org/8821016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 13:30:22 +00:00
yangguo@chromium.org
72827079ac Fixing mozilla test failures regarding Math.pow.
BUG=
TEST=

Review URL: http://codereview.chromium.org/8820011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 13:14:46 +00:00
keuchel@chromium.org
8b34f4630b Hydrogen support for stack local harmony bindings in function scope.
This is the first CL in a series that add support for the harmony scoping
features to crankshaft. This CL specifically adds support for stack
allocated 'let' and 'const' declared variables in function scopes.

TEST=mjsunit/harmony/block-let-crankshaft.js

Review URL: http://codereview.chromium.org/8806012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 09:41:06 +00:00
yangguo@chromium.org
8e6655c676 Stop skipping regress-397.js
BUG=
TEST=

Review URL: http://codereview.chromium.org/8804013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 09:20:55 +00:00
yangguo@chromium.org
fe2049fcb8 Fixing fix for MathPowHalf on ARM.
Review URL: http://codereview.chromium.org/8817012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10167 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 09:20:00 +00:00
yangguo@chromium.org
b37ee7bcce Fixing MathPowHalf on ARM.
BUG=v8:397
TEST=regress-397.js

Review URL: http://codereview.chromium.org/8800009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 08:28:12 +00:00
keuchel@chromium.org
08b4262512 Statically check for assignments to const in harmony mode.
The ES.next draft rev 4 in section 11.13 reads:
It is a Syntax Error if the AssignmentExpression is contained in extended code
and the LeftHandSideExpression is an Identifier that does not statically resolve
to a declarative environment record binding or if the resolved binding is an
immutable binding.

This CL adds corresponding static checks for the immutable binding case.

TEST=mjsunit/harmony/block-const-assign

Review URL: http://codereview.chromium.org/8688007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10156 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-05 14:43:28 +00:00
mstarzinger@chromium.org
993d650f15 MIPS: updated test .status files based mostly on the ARM version.
BUG=
TEST=

Review URL: http://codereview.chromium.org/8572032
Patch from Gergely Kis <gergely@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-05 11:44:17 +00:00
yangguo@chromium.org
c0e7884752 Temporarily disable regress-397 until fix has been ported to all platforms.
Review URL: http://codereview.chromium.org/8775051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 13:42:51 +00:00
yangguo@chromium.org
929c619101 Quickfix for DoMathPowHalf.
TEST=regress-397.js

Review URL: http://codereview.chromium.org/8769037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 13:16:49 +00:00
danno@chromium.org
25e3d2706d Optimize Crankshaft array literal initialization from boilerplate.
BUG=none
TEST=test/mjsunit/array-literal-transitions.js

Review URL: http://codereview.chromium.org/8747009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 12:42:35 +00:00
yangguo@chromium.org
d5fdb76028 Implement Math.pow using FPU instructions and inline it in crankshaft (ia32).
Review URL: http://codereview.chromium.org/8749002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 08:06:37 +00:00
sgjesse@chromium.org
5ccdb3b692 Fix handling of recompiling code for optimized and inlined functions
The debugger preparation did not take optimized functions - including
inlined function into account. This caused the full-code used for
deoptimization to be the "lazy compile" builtin which did not work and
caused V8 to crash.

R=yangguo@chromium.org

BUG=chromium:105375, v8:1782
TEST=test/mjsunit/debug-break-inline.js

Review URL: http://codereview.chromium.org//8728031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-30 11:48:35 +00:00
keuchel@chromium.org
b3a2e242db Reapply "Fix the ScopeIterator reimplementation".
This reapplies a fixed version of r10076 that also works on arm. Patch set one is r10076 reapplied and patch set 2 contains the new fix.

Review URL: http://codereview.chromium.org/8725001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10080 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-29 08:43:14 +00:00
keuchel@chromium.org
e26093f3d8 Make let/const outside of the extended mode early errors (under harmony flag).
The ES.next drafts require that source code that matches the productions for
let and const bindings outside the extended mode trigger early syntax
errors. This CL adapts the parser / preparser accordingly under the harmony
scoping flag.

Summary:
* Harmony scoping flag not set: Old semantics allowing const in classic mode
with function level scope. Const binding in strict mode and let bindings in
classic and strict mode trigger early syntax errors.
* Harmony scoping is set: Use new harmony const and let in
extended mode and old const in classic mode. This is to preserve
compatibility with current web pages that already use
non-standard implementations of const. An early syntax error is
thrown on const in strict mode and on let in classic and strict
mode.

This depends on:
http://codereview.chromium.org/8562002/

TEST=mjsunit/harmony/block-early-errors.js

Review URL: http://codereview.chromium.org/8564001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10079 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-29 06:38:04 +00:00
keuchel@chromium.org
9664e48e14 Revert r10076 due to arm build failures.
Review URL: http://codereview.chromium.org/8716005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-28 14:01:13 +00:00
keuchel@chromium.org
8866d63cc9 The ScopeIterator uses recorded scope position - as detailed in scopes.h - and
source code positions it gets from the program counter to recreate the scope
chain by reparsing the function or program.

This CL includes the following changes
* Adds source code positions for the assignment added by the rewriter.
* Run the preparser over global code first.
* Use the ScopeType from the ScopeInfo to determine if the code being debugged
  is eval, function or global code instead of looking up the '.result' symbol.

TEST=mjsunit/debug-stepout-scope.js

Review URL: http://codereview.chromium.org/8590027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-28 12:47:39 +00:00
lrn@chromium.org
c7fccff9af Clean up JavaScript files to better follow coding standard.
Multiline conditionals must use braces.
Semicolons are not optional.

Review URL: http://codereview.chromium.org/8701006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-28 12:11:00 +00:00
mstarzinger@chromium.org
ad356bd5ad Skip test for known failure tracked by issue 1845.
R=keuchel@chromium.org
BUG=v8:1845
TEST=mjsunit/harmony/proxies-example-membrane

Review URL: http://codereview.chromium.org/8698017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-28 11:58:53 +00:00
yangguo@chromium.org
d542a2fb75 Add external strings support to regexp in generated code.
TEST=test/mjsunit/string-external-cached.js

Review URL: http://codereview.chromium.org/8680010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-25 14:04:47 +00:00
lrn@chromium.org
ebccde15bc Don't preparse large files to find boundaries of lazy functions.
Instead use the preparser inline to parse only the lazy function
bodies.

This is still disabled for small files.
More measurements are needed to determine if lazy-compiling small
sources is worth it.

Review URL: http://codereview.chromium.org/8662037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-25 09:36:31 +00:00
keuchel@chromium.org
1e9a7267ab Introduce extended mode.
This CL introduces a third mode next to the non-strict
(henceforth called 'classic mode') and 'strict mode'
which is called 'extended mode' as in the current
ES.next specification drafts. The extended mode is based on
the 'strict mode' and adds new functionality to it. This
means that most of the semantics of these two modes
coincide.

The 'extended mode' is entered instead of the 'strict mode'
during parsing when using the 'strict mode' directive
"use strict" and when the the harmony-scoping flag is
active. This should be changed once it is fully specified how the 'extended mode' is entered.

This change introduces a new 3 valued enum LanguageMode
(see globals.h) corresponding to the modes which is mostly
used by the frontend code. This includes the following
components:
* (Pre)Parser
* Compiler
* SharedFunctionInfo, Scope and ScopeInfo
* runtime functions: StoreContextSlot,
  ResolvePossiblyDirectEval, InitializeVarGlobal,
  DeclareGlobals

The old enum StrictModeFlag is still used in the backend
when the distinction between the 'strict mode' and the 'extended mode' does not matter. This includes:
* SetProperty runtime function, Delete builtin
* StoreIC and KeyedStoreIC
* StubCache

Review URL: http://codereview.chromium.org/8417035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10062 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-24 15:17:04 +00:00
yangguo@chromium.org
2055f4195e Recommit introducing short external strings.
Review URL: http://codereview.chromium.org/8677006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-23 13:08:28 +00:00
yangguo@chromium.org
922aee5a02 Rolling back r10049 due to webkit failures.
Review URL: http://codereview.chromium.org/8681007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10050 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-23 10:41:12 +00:00
yangguo@chromium.org
21edc7c30b Introduce short external strings without pointer cache.
BUG=
TEST=

Review URL: http://codereview.chromium.org/8635011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10049 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-23 09:58:58 +00:00
yangguo@chromium.org
5a82d78948 Add pointer cache field to external string for access in generated code.
TEST=test/mjsunit/string-externalize.js

Review URL: http://codereview.chromium.org/8513010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-17 17:05:12 +00:00
fschneider@chromium.org
8fbf1d5017 Landing: [hydrogen] optimize switch with string clauses. Patch by Fedor Indutny <fedor.indutny@gmail.com>.
Original code review: http://codereview.chromium.org/8373029/
Review URL: http://codereview.chromium.org/8589019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-17 13:57:55 +00:00
fschneider@chromium.org
8480569467 Fix lazy deoptimization at HInvokeFunction and enable target-recording call-function stub.
Changes the way we do lazy deoptimization:

1. For side-effect instructions, we insert the lazy-deopt call at
the following LLazyBailout instruction.

     CALL
     GAP
     LAZY-BAILOUT ==> lazy-deopt-call

2. For other instructions (StackCheck) we insert it right after the
instruction since the deopt targets an earlier deoptimization environment.

   STACK-CHECK
   GAP ==> lazy-deopt-call

The pc of the lazy-deopt call that will be patched in is recorded in the
deoptimization input data. Each Lithium instruction can have 0..n safepoints.
All safepoints get the deoptimization index of the associated LAZY-BAILOUT
instruction. On lazy deoptimization we use the return-pc to find the safepoint.
The safepoint tells us the deoptimization index, which in turn finds us the
PC where to insert the lazy-deopt-call.

Additional changes:
 * RegExpLiteral marked it as having side-effects so that it 
   gets an explicitlazy-bailout instruction (instead of
   treating it specially like stack-checks)
 * Enable target recording CallFunctionStub to achieve
   more inlining on optimized code.

BUG=v8:1789
TEST=jslint and uglify run without crashing, mjsunit/compiler/regress-lazy-deopt.js
Review URL: http://codereview.chromium.org/8492004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-16 08:44:30 +00:00
mstarzinger@chromium.org
330cd2205c Remove hidden prototype for builtin functions.
This is a deliberate non-conformity introduced more than 2 years ago to
be compatible with JSC. The current state is that all other browsers
perform ES5 conform in that regard.

R=erik.corry@gmail.com
BUG=chromium:1717,chromium:39662
TEST=test262/15.2.3.6-4-6??,mjsunit/undeletable-functions

Review URL: http://codereview.chromium.org/8566009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-15 09:44:57 +00:00
fschneider@chromium.org
c48f928480 Speedup unit test to avoid timeout on slow ARM simulator.
This test depends on OSR being triggered. That's why I can't
use %OptimizeFunctionOnNextCall.
Review URL: http://codereview.chromium.org/8555004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9987 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-14 12:33:44 +00:00
rossberg@chromium.org
a9c1b834f8 A more holistic test case for proxies.
Depends on http://codereview.chromium.org/8318014/

R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8392038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-10 16:24:43 +00:00
rossberg@chromium.org
830763bda4 Fixing test cases for correct assertSame.
Leaving out derived construct trap for now, which I'm working on separately.

R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8506020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-10 15:48:07 +00:00
rossberg@chromium.org
8caa6eb732 Fix instanceof a function proxy.
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8520001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9954 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-10 13:39:22 +00:00
yangguo@chromium.org
6157562994 Simplify StringCharCodeAt in non-crankshaft codegen.
TEST=test/mjsunit/string-slices.js

Review URL: http://codereview.chromium.org/8510005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-09 14:32:51 +00:00
yangguo@chromium.org
53c6077cee Fixing issue 103259.
BUG=103259
TEST=regress-103259.js

Review URL: http://codereview.chromium.org/8498011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 14:59:40 +00:00
rossberg@chromium.org
f936aac43e Make _CallFunction proxy-aware.
Change calling convention for CallFunction stub.
Some fixes regarding strict mode call traps.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8318014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9916 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 14:39:37 +00:00
keuchel@chromium.org
72dba271eb Reapply r9870 "Remove some initialization checks based on source positions.".
This reverts r9896 "Revert r9870 due to browser-test failures." See below for
the diff from the previous version for the ia32 platform. The code for other
platforms has been changed accordingly.

TEST=mjsunit/compiler/lazy-const-lookup.js

diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index 2cbf518..1990f2f 100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -1258,13 +1258,17 @@ void FullCodeGenerator::EmitVariableLoad(VariableProxy* proxy) {
         // binding is initialized:
         //   function() { f(); let x = 1; function f() { x = 2; } }
         //
-        // Check that we always have valid source position.
-        ASSERT(var->initializer_position() != RelocInfo::kNoPosition);
-        ASSERT(proxy->position() != RelocInfo::kNoPosition);
-        bool skip_init_check =
-            var->mode() != CONST &&
-            var->scope()->DeclarationScope() == scope()->DeclarationScope() &&
-            var->initializer_position() < proxy->position();
+        bool skip_init_check;
+        if (var->scope()->DeclarationScope() != scope()->DeclarationScope()) {
+          skip_init_check = false;
+        } else {
+          // Check that we always have valid source position.
+          ASSERT(var->initializer_position() != RelocInfo::kNoPosition);
+          ASSERT(proxy->position() != RelocInfo::kNoPosition);
+          skip_init_check = var->mode() != CONST &&
+              var->initializer_position() < proxy->position();
+        }
+
         if (!skip_init_check) {
           // Let and const need a read barrier.
           Label done;

Review URL: http://codereview.chromium.org/8479034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9915 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 13:28:53 +00:00
fschneider@chromium.org
4627023b38 Revert r9901 to make tree green again.
There was a test failure on x64 mozilla tests.

TBR=ricow@chromium.org
Review URL: http://codereview.chromium.org/8495011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 09:56:09 +00:00
fschneider@chromium.org
cac3008437 [hydrogen] optimize switch with string clauses
Hydrogen should optimize not only SMI clauses, but clauses with string literals
too.

Patch from fedor.indutny <fedor.indutny@gmail.com>.

R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8373029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-08 09:08:33 +00:00
jkummerow@chromium.org
9625d5d4a0 Fix Array.{splice,slice} to set proper ElementsKind of result
TEST=mjsunit/elements-kind.js

Review URL: http://codereview.chromium.org/8430036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-04 12:47:58 +00:00
jkummerow@chromium.org
f2787a42b0 Fix JSObject::EnsureCanContainElements to correctly iterate over Arguments
TEST=mjsunit/elements-kind.js

Review URL: http://codereview.chromium.org/8437094

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9881 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-04 12:31:44 +00:00
jkummerow@chromium.org
8450c60d47 Fix Runtime_ArrayConcat to handle FAST_DOUBLE_ELEMENTS
TEST=mjsunit/elements-kind.js; stanford-crypto-sha256-iterative in debug mode

Review URL: http://codereview.chromium.org/8334028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9880 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-04 12:19:35 +00:00
mstarzinger@chromium.org
0bbfb46aa6 Fix Harmony sets and maps to allow undefined as keys.
This uses a global sentinel as a replacement for undefined keys, which
are not supported internally but required for Harmony sets and maps.

R=rossberg@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections

Review URL: http://codereview.chromium.org/8439069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-03 14:33:58 +00:00
mstarzinger@chromium.org
79cadcc947 Fix Harmony sets and maps to allow null as key.
This changes the internal convention for marking deleted entries in hash
tables from null_value to the_hole_value, which is consistent with other
usages of the_hole.

R=rossberg@chromium.org,kmillikin@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections

Review URL: http://codereview.chromium.org/8343056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9871 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-03 14:17:05 +00:00
danno@chromium.org
0766a138a6 Add and use ElementsKind side effect
Also partition side effects into observable and not observable, with only observable requiring Simulates and non-observable changes able to participate in GVN and code hoisting.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8380017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-31 14:15:10 +00:00
mstarzinger@chromium.org
358d7c2078 Adapt date test to be timezone independant.
R=yangguo@chromium.org
BUG=v8:1792
TEST=mjsunit/date

Review URL: http://codereview.chromium.org/8423004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-31 11:15:23 +00:00
lrn@chromium.org
30465596e6 Make eval consider anything on the form eval(args...) a potential direct cal
Previously we omitted all cases where the global eval property was shadowed,
even if by a variable holding the same value. ES5 requires us to treat these
as direct calls.

We still throw if calling indirect eval with a detached global object.

BUG=v8:994
TEST=mjsunit/eval.js

Review URL: http://codereview.chromium.org/8343054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-31 09:38:52 +00:00
danno@chromium.org
6d7d6d4e4e Force transition to FAST_ELEMENTS on out-of-bounds KeyedLoads.
Proactively ensure that that objects don't get FAST_DOUBLE_ELEMENTS to reduce the number of double boxing operations when generated code calls the runtime frequently to satisfy KeyedLoad requests.

Review URL: http://codereview.chromium.org/8416014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-28 10:35:38 +00:00
mstarzinger@chromium.org
6d950a748f Fix assertSame for unit testing harness.
Using isNaN() here is bogus because it performs an implicit toNumber()
conversion, hence something like assertSame(undefined, {}) would not
throw an exception. These are not the NaNs you are looking for.

R=rossberg@chromium.org
TEST=mjsunit

Review URL: http://codereview.chromium.org/8400056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-28 09:09:51 +00:00
mstarzinger@chromium.org
cd9bc6c3a6 Fix error handling in Date.prototype.toISOString.
This fixes Date.prototyoe.toISOString to throw a RangeError exception
for invalid time values. It also includes a fix to removes the arbitrary
(and completely bogus) range limit on the date value during construction
of a Date object. Note that we still have bogus range limits on the year
and month values.

R=lrn@chromium.org
BUG=v8:1792
TEST=mjsunit/date,test262/15.9.5.43-0-*

Review URL: http://codereview.chromium.org/8392036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-28 08:45:04 +00:00
fschneider@chromium.org
a5b40e27b8 Revert r9805.
It did not fix the original problem, but instead introduced new ones.

R=vegorov@chromium.org
Review URL: http://codereview.chromium.org/8404037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-27 12:12:53 +00:00
ricow@chromium.org
d9597f0086 Skip live edit debug tests, these are flaky because in the case of osr we will get wrong frame heights.
Review URL: http://codereview.chromium.org/8401029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-27 07:10:25 +00:00
lrn@chromium.org
a9edfefa58 Remove special-casing of calls to RegExp test and exec methods with no argument.
Matches new JSC behavior. Fix issue 75740.

BUG=75740
TEST=mjsunit/regexp-static

Review URL: http://codereview.chromium.org/6677020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-26 12:51:07 +00:00
mstarzinger@chromium.org
5a33ffd7e8 Fix Error.prototype.toString to be ES5 conform.
R=lrn@chromium.org
TEST=test262/15.11.4.4-8-1,mjsunit/error-tostring

Review URL: http://codereview.chromium.org/8341021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-26 10:41:52 +00:00
fschneider@chromium.org
2d4bb1803d Fix bug in inlining call-as-function when inlining multiple levels deep.
This change fixes a off-by-one level error when dropping the
function from the environment. The function of the outermost
environment was not dropped.

BUG=v8:1785
TEST=test/mjsunit/compiler/regress-inline-callfunctionstub.js
Review URL: http://codereview.chromium.org/8341019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-26 10:31:06 +00:00
rossberg@chromium.org
f7d56eb602 Handle proxies in KeyedStoreIC::Store, instead of just ignoring them.
R=mstarzinger@chromium.org
BUG=v8:1543
TEST=

Review URL: http://codereview.chromium.org/8391005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-26 09:31:40 +00:00
fschneider@chromium.org
f8f8c672b6 Temporarily skip failing test to make sure builders cycle green.
R=mstarzinger@chromium.org
Review URL: http://codereview.chromium.org/8393005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9779 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 16:11:53 +00:00
vegorov@chromium.org
f8c2d3847f Take loop side-effects into account when collecting side-effects on the path between two blocks.
R=fschneider@chromium.org
BUG=100409
TEST=test/mjsunit/regress/regress-100409.js

Review URL: http://codereview.chromium.org/8395002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 15:39:55 +00:00
mstarzinger@chromium.org
622d35dc0e Implement Harmony sets and maps.
This implementation extends the internal ObjectHashTable to be able to
hold arbitrary objects (e.g. Smis, Strings, ...) as keys by applying
specialized hashing functions to primitive types. Equality of keys is
defined using the internal SameValue function.

R=rossberg@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections

Review URL: http://codereview.chromium.org/8372027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 14:14:56 +00:00
keuchel@chromium.org
e8bccc2cb0 Block scoped const variables.
This implements block scoped 'const' declared variables in harmony mode. They
have a temporal dead zone semantics similar to 'let' bindings, i.e. accessing
uninitialized 'const' bindings in throws a ReferenceError.

As for 'let' bindings, the semantics of 'const' bindings in global scope is not
correctly implemented yet. Furthermore assignments to 'const's are silently
ignored. Another CL will introduce treatment of those assignments as early
errors.

Review URL: http://codereview.chromium.org/7992005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-25 08:33:08 +00:00
rossberg@chromium.org
46dde044de Adapt to latest spec changes for Proxy.create[Function].
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8271005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9761 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 16:25:30 +00:00
rossberg@chromium.org
70dc2fe968 Implement for-in loop for proxies.
Fix related corner case for Object.keys.
Remove obsolete GET_KEYS builtin.

R=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8256015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 15:56:18 +00:00
yangguo@chromium.org
f92da58e13 Handle COW-arrays correctly when converting smi->double fast elements.
TEST=mjsunit/elements-transition.js

Review URL: http://codereview.chromium.org/8383002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 15:06:20 +00:00
fschneider@chromium.org
53e7502fa0 Fix bug in environment simulation after inlined call-as-function.
This change is based on my previous change enabling inlining calls-as-function
fixing the bugs related to deoptimization.

The function value on top of the environment was dropped too late in the old code.
As a result we could get a wrong value on top after deoptimization.

This change includes r9619. It was reverted because of test failures that are fixed
with this patch.
Review URL: http://codereview.chromium.org/8360001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 13:53:08 +00:00
keuchel@chromium.org
c6464d500b Replace boolean indications of strict mode by an enum value.
Review URL: http://codereview.chromium.org/8344082

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-24 07:47:22 +00:00
keuchel@chromium.org
666c4be29f Reapply r9673 "Scope tree serialization and ScopeIterator cleanup."
This also includes the two fixes from r9674 and r9675. Here's the diff
to the previous CL.

 --- a/src/runtime.cc
 +++ b/src/runtime.cc
 @@ -11133,17 +11133,26 @@ class ScopeIterator {
        context_(Context::cast(frame->context())),
        nested_scope_chain_(4) {

 +    // Catch the case when the debugger stops in an internal function.
 +    Handle<SharedFunctionInfo> shared_info(function_->shared());
 +    if (shared_info->script() == isolate->heap()->undefined_value()) {
 +      if (shared_info->scope_info()->HasContext()) Next();
 +      return;
 +    }
 +
      // Check whether we are in global code or function code. If there is a stack
      // slot for .result then this function has been created for evaluating
      // global code and it is not a real function.
      // Checking for the existence of .result seems fragile, but the scope info
      // saved with the code object does not otherwise have that information.
 -    int index = function_->shared()->scope_info()->
 +    int index = shared_info->scope_info()->
          StackSlotIndex(isolate_->heap()->result_symbol());

      // Reparse the code and analyze the scopes.
      ZoneScope zone_scope(isolate, DELETE_ON_EXIT);
 -    Handle<SharedFunctionInfo> shared_info(function_->shared());
      Handle<Script> script(Script::cast(shared_info->script()));
      Scope* scope;
      if (index >= 0) {

Review URL: http://codereview.chromium.org/8344046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-21 10:26:59 +00:00
lrn@chromium.org
a47caee095 Make builtin functions be skipped in stack traces.
Does include exposed builtin functions ("native functions").

Review URL: http://codereview.chromium.org/8345039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-20 12:31:33 +00:00
mstarzinger@chromium.org
67c9a03922 Fix handling Function.apply for non-array arguments.
R=rossberg@chromium.org
TEST=mjsunit/apply,test262

Review URL: http://codereview.chromium.org/8342034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 13:56:18 +00:00
sgjesse@chromium.org
663bc0fb78 Temporarily skip asserts in test mjsunit/debug-step-3.js until issue is resolved
R=kmillikin@chromium.org

BUG=v8:1782
TEST=mjsunit/debug-step-3.js

Review URL: http://codereview.chromium.org//8356001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 13:47:53 +00:00
jkummerow@chromium.org
439e4600df Adjust elements-kind.js expectation when --smi-only-arrays is off
TEST=mjsunit/elements-kind passes both with and without --smi-only-arrays flag

Review URL: http://codereview.chromium.org/8356002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 12:44:50 +00:00
yangguo@chromium.org
372c16161c Optimize fast element conversion in arm using batch store/loads.
Review URL: http://codereview.chromium.org/8353002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 12:15:15 +00:00
keuchel@chromium.org
17cc6d313f Revert 9673, 9674 and 9675 because of failing webkit tests.
This reverts commits
r9673: "Scope tree serialization and ScopeIterator cleanup."
r9674: "Use OS::SNPrintF instead of snprintf."
r9675: "Use int instead of size_t, StrLength instead of strlen."

Review URL: http://codereview.chromium.org/8353003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 12:15:02 +00:00
jkummerow@chromium.org
3a9d6c04ba Introduce HTransitionElementsKind instruction.
TEST=mjsunit/elements-kind

Review URL: http://codereview.chromium.org/8305001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 12:10:18 +00:00
danno@chromium.org
e5f23399b4 Support array literals with FAST_DOUBLE_ELEMENTS ElementsKind.
BUG=none
TEST=test/mjsunit/array-literal.js

Review URL: http://codereview.chromium.org/8258015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 11:36:55 +00:00
svenpanne@chromium.org
d0fe04447e Fixed evaluation order issue in defineProperties.
This is not covered by test262 yet, but it really makes sense and matches Firefox's behaviour.

TEST=mjsunit/define-properties.js
Review URL: http://codereview.chromium.org/8349031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 09:52:08 +00:00
mstarzinger@chromium.org
b3eba9e764 Fix handling of non-object receivers for array builtins.
R=svenpanne@chromium.org
BUG=chromium:100702
TEST=mjsunit/regress/regress-100702

Review URL: http://codereview.chromium.org/8347034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 09:24:37 +00:00
yangguo@chromium.org
8472de004b Porting r9605 to arm (elements kind conversion in generated code).
Review URL: http://codereview.chromium.org/8329022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 09:04:35 +00:00
svenpanne@chromium.org
140ae348d2 Recognize special comparisons via pattern matching on the hydrogen graph, 2nd attempt.
This time, we initially leave the HTypeof instruction in the Hydrogen graph,
even for the special cases. We later try to remove this instruction (and any
HConstant) in the canonicalization pass, if possible. Always removing the
HTypeof during the initial graph construction is wrong if e.g. it is used in an
HSimulate.

The removals can be generalized a bit, but this will happen in a separate CL.

TEST=mjsunit/optimized-typeof.js
Review URL: http://codereview.chromium.org/8334021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-19 07:35:30 +00:00
sgjesse@chromium.org
a58c963c67 Reapply "Support for precise stepping in functions compiled before debugging was started (step 2)"
This is reapplying r9501 with this single change which seemed to be causing most (all) of the failures for r9501.

--- a/src/debug.cc
+++ b/src/debug.cc
@@ -2230,6 +2230,7 @@ Debugger::Debugger(Isolate* isolate)
       compiling_natives_(false),
       is_loading_debugger_(false),
       never_unload_debugger_(false),
+      force_debugger_active_(true),
       message_handler_(NULL),
       debugger_unload_pending_(false),
       host_dispatch_handler_(NULL),

R=kmillikin@chromium.org

BUG=
TEST=

Review URL: http://codereview.chromium.org//8337009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-18 13:40:33 +00:00
lrn@chromium.org
cefbb1e7f8 Make bound functions have poisoned .caller and .arguments.
Also makes func.caller return null if the caller is a bound function,
matching JSC.
Fix bug preventing poisoned setters from triggering.

TEST=mjsunit/function-bind, mjsunit/strict-mode

Review URL: http://codereview.chromium.org/8333019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-18 12:26:53 +00:00
keuchel@chromium.org
4e5643a648 Scope tree serialization and ScopeIterator cleanup.
The intention is to store enough scope information for the debugger to
handle stack allocation of block scoped variables introduced by
http://codereview.chromium.org/7860045/ .

This CL is based on
http://codereview.chromium.org/7904008/ .

Review URL: http://codereview.chromium.org/7979001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-18 08:46:46 +00:00
yangguo@chromium.org
d7f3985e33 Rolling back r9662.
Review URL: http://codereview.chromium.org/8321001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 13:39:56 +00:00
yangguo@chromium.org
d2434953e2 Changes around ascii-check for strings wrt external strings.
Review URL: http://codereview.chromium.org/8312015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-10-17 12:49:34 +00:00