AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
lrn@chromium.org	aed6a37c10	X64: Convert smis to holding 32 bits of payload. Review URL: http://codereview.chromium.org/196139 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-10-08 12:36:12 +00:00
ager@chromium.org	e9acdc7a00	Follow the spec in disallowing function declarations without a name. We used to allow these for compatibility, but both Safari and Firefox now disallow them. Review URL: http://codereview.chromium.org/242124 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3009 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-10-02 12:47:15 +00:00
kasperl@chromium.org	6621a43833	Add regression test case for http://crbug.com/18639 which was fixed in r2642. Review URL: http://codereview.chromium.org/192037 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-09-08 07:22:35 +00:00
whesse@chromium.org	3703231636	Add safe handling of NaN to Posix platform-dependent time functions. Review URL: http://codereview.chromium.org/160580 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-08-04 09:41:18 +00:00
whesse@chromium.org	18c6337a2c	Fix an error in a keyed lookup stub - HeapNumbers treated as strings. Review URL: http://codereview.chromium.org/155924 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-07-23 13:01:17 +00:00
kmillikin@chromium.org	1ca19c383d	Fix ARM compiler crash in short-circuited boolean expressions. We did not handle the case where the left-hand-side expression was fully compiled to control flow. There were also some assertions for unary and binary expressions that crashed debug builds when the expression was fully compiled to control flow. Regression test added. Review URL: http://codereview.chromium.org/160006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2524 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-07-23 11:40:14 +00:00
kmillikin@chromium.org	6443cb99f7	Fix issue 345 by avoiding duplicates in the list of escaping labels from a try...catch...finally statement. Review URL: http://codereview.chromium.org/149670 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-07-15 08:57:25 +00:00
lrn@chromium.org	e3bb851efb	X64: Fix bug in left-shift. Also changed a few other places that looked suspicious in the same way. Added more info to failing test case and rewrote incorrect uses of mjsunit "fail" function. Review URL: http://codereview.chromium.org/155279 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-07-09 08:00:12 +00:00
kasperl@chromium.org	b0f411c298	Fix issue 397 and issue 399. Review URL: http://codereview.chromium.org/149247 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2372 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-07-07 11:57:09 +00:00
kasperl@chromium.org	f0053e89aa	Add regression test case for issue 396. Review URL: http://codereview.chromium.org/150215 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2333 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-07-02 09:08:15 +00:00
sgjesse@chromium.org	25405ddd9c	Handle JavaScript accessors on the global object. With the new representation of the global object adding JavaScript accessors for a property after global inline caches was created for that property did not work property as the inline caches did not take the JavaScript accessor information (fixed array with two elements) that could be present in a global object property cell into account. This is now fixed by changing the map for a global object when a JavaScript accessor is defined on it. BUG=394 TEST=test\mjsunit\regress\regress-394.js Review URL: http://codereview.chromium.org/150162 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-07-01 11:20:33 +00:00
kasperl@chromium.org	3ae01ab8ef	Fix issue 392 by disabling the TakeValue optimization for access to the arguments object. Review URL: http://codereview.chromium.org/150016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-06-29 06:20:52 +00:00
lrn@chromium.org	2dd9717c4b	Fix bug in static type inference for loops. Review URL: http://codereview.chromium.org/140058 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-06-22 12:36:01 +00:00
whesse@chromium.org	74ddab9d94	Fix issue 386, a bug in JSObject::ReplaceSlowProperty with constant transitions. Review URL: http://codereview.chromium.org/141031 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-06-22 07:41:15 +00:00
erik.corry@gmail.com	e2a01ed4fb	Fix regexp bug reported by Ian where [6-9] would match any digit. Review URL: http://codereview.chromium.org/140021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2226 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-06-20 17:57:09 +00:00
lrn@chromium.org	945245393c	Fix for issue 351 - lastIndexOf. Review URL: http://codereview.chromium.org/113838 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-05-26 15:42:06 +00:00
lrn@chromium.org	2ff3901cf7	Fix for issue 349: Make initial boundary check for BM text search. There was a case where the BMH algorithm bailed out exactly at the end of the string, and the BM algorithm that takes over wasn't expecting this. Review URL: http://codereview.chromium.org/113575 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-05-19 09:01:03 +00:00
whesse@chromium.org	1ae8a7da3d	Fix bug 344: always keep attributes of existing properties. Review URL: http://codereview.chromium.org/113197 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1931 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-05-13 10:46:28 +00:00
kmillikin@chromium.org	18f69a7171	Fix for issue 341. In the stub for instanceof, we could try to read an object's map before we were sure it was a heap object. Review URL: http://codereview.chromium.org/115236 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1914 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-05-12 11:40:14 +00:00
lrn@chromium.org	889eac7f13	Fix Issue 326. Handle sorting of non-array objects correctly. Change handling of sorting to be the same for all JS-arrays. Collect undefined values as well while removing holes. Review URL: http://codereview.chromium.org/92123 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-04-27 11:16:59 +00:00
kmillikin@chromium.org	cb9d66638b	Fix regression test by wrapping expression in a thunk^H^H^H^H^Hstring. Review URL: http://codereview.chromium.org/95001 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-04-22 17:44:28 +00:00
kmillikin@chromium.org	b39f4383dc	When merging a frame to an expected on at block entry, the static type of elements is set to a safe lower bound. Move the setting of the static type out of VirtualFrame::MergeTo (which is not necessarily run for all frames) and into VirtualFrame::PrepareMergeTo (which is). Review URL: http://codereview.chromium.org/92009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1767 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-04-22 13:19:38 +00:00
lrn@chromium.org	bfb33b1e2f	Fix for Issue 317 - bug in string.replace(string, "$foo"). Fix for Issue 317. Replace string with something containing dollar now works. Review URL: http://codereview.chromium.org/94002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-04-22 11:43:05 +00:00
kmillikin@chromium.org	22896c8304	Change the function name collector to tolerate expressions that contain multiple anonymous function literals as subexpressions. Choose the rightmost one the one to attach a name to. Review URL: http://codereview.chromium.org/67165 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-04-15 13:14:23 +00:00
sgjesse@chromium.org	a74fcf458c	Fixed the step in handling for function.apply. The generic step-in mechanism floods the function called with break points to ensure a break is hit when entering the function. This generic mechanism was also used for function.apply. The code for function.apply contains a keyed load IC which was patched when stepping into function.apply. However function.apply enteres an internal frame not a JavaScript frame. This caused the logic for returning from the break in function.apply to fail as it forced a jump to the IC on the top JavaScript frame. The top JavaScript frame was the frame for the function calling function.apply not the frame for the apply function. Now returning from the break point in the keyed load IC in the apply code caused a jump to the code for the call IC for the function calling function.apply in the first place. Not a pretty sight. Step-in now handles function.apply as a separate case where the actual JavaScript function called through apply is flodded with breakpoints instead of the function.apply function. BUG=269 BUG=8210@chromium.org Review URL: http://codereview.chromium.org/63055 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-04-07 09:54:53 +00:00
kmillikin@chromium.org	c80b013999	Fix issue 294 by ensuring that we don't lose the copy flag on memory frame elements when allocating them to a register as a result of popping one of their copies. Review URL: http://codereview.chromium.org/57053 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-31 14:01:25 +00:00
kmillikin@chromium.org	1ba34bf86b	Fix issue 286. Ensure frame elements are invalidated by InvalidateFrameSlotAt. Review URL: http://codereview.chromium.org/53008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-24 12:42:28 +00:00
kmillikin@chromium.org	5e2f3adfd0	Fix issue 284. The problem was continuing out of the body of a for/in (where we do register allocation) to the loop update (where we do not). Variables allocated to registers where not preserved. Review URL: http://codereview.chromium.org/53002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-24 08:29:24 +00:00
olehougaard	a8c50151fc	Reapply revisions 1432, 1433, 1469 and 1472 while fixing issue 279. Review URL: http://codereview.chromium.org/48006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-23 07:27:47 +00:00
ager@chromium.org	2fcad0aec1	Revert change 1509 that flush ICs when adding setters on an object or when setting a __proto__ to an object that holds a setter. This seems to cause a major page load regression, so we need to tune the clearing. Review URL: http://codereview.chromium.org/50011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-19 15:06:00 +00:00
kasperl@chromium.org	0a09a08ec8	Add copyright notice to new test case. Review URL: http://codereview.chromium.org/42216 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-15 22:44:23 +00:00
erik.corry@gmail.com	99063fe0f8	Fix GC related crash bug in search-replace. Review URL: http://codereview.chromium.org/42214 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-15 22:28:26 +00:00
erik.corry@gmail.com	3aa57f7f65	Revert 1432, 1433, 1469 and 1472 due to a bug with literal objects. Review URL: http://codereview.chromium.org/46088 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-15 16:18:20 +00:00
christian.plesner.hansen@gmail.com	8dffcb9efa	Flush ICs when adding setters to an object or setting a __proto__ to an object that holds a setter. If there are no store ics then no flushing is done. The implementation has been tweaked so that no ICs are cleared during normal context creation. This may cost us some performance but I'm submitting it as it is and if there are problems we can either decide to be smarter about when, what and/or how we clear, or back this change out altogether. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-13 13:43:07 +00:00
kmillikin@chromium.org	0e60cf38dc	Fix issue 265 by handling extra statement state on the frame based on the expectation at the break, continue, and return labels (including shadowed ones) instead of based on the AST nodes. See http://code.google.com/p/v8/issues/detail?id=265 Review URL: http://codereview.chromium.org/42017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-11 06:17:19 +00:00
lrn@chromium.org	34db0ff86c	Issue 267: Calls to arguments in eval-tainted function scope uses global object as receiver. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1476 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-10 12:28:34 +00:00
christian.plesner.hansen@gmail.com	782b53799d	Implemented invalid UTF8 detection in decodeURI. That is, detection of invalid utf8 not invalid utf8-detection. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-10 09:08:05 +00:00
ager@chromium.org	bab4b3b2e0	Simplify the map collection regression test. This test is the minimal example that would trigger the bug. Review URL: http://codereview.chromium.org/43004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1467 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-10 07:23:22 +00:00
ager@chromium.org	38548e3da6	Make map collection test run faster in an attempt to make it pass on buildbot (not timeout). This consistently fails with the old build. TBR=whesse Review URL: http://codereview.chromium.org/40302 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-09 18:00:39 +00:00
whesse@chromium.org	7977c6c680	Fix garbage collection of unused maps. Null descriptors, created by map collection, are now handled correctly everywhere. The map-collect flag is now true by default. Review URL: http://codereview.chromium.org/40218 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-09 16:24:46 +00:00
kmillikin@chromium.org	34af9f2ecf	Work around issue 260 for now by disabling duplication of the loop condition for while and for loops. http://code.google.com/p/v8/issues/detail?id=260 Review URL: http://codereview.chromium.org/40294 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1453 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-09 14:12:20 +00:00
kmillikin@chromium.org	ece2c03160	Fix issue 263: http://code.google.com/p/v8/issues/detail?id=263 Sharing the code to unlink the exception handler for a try/finally causes us to try to merge virtual frames with different heights (due to statements that keep state on the stack) at the entry to the unlink code. Avoid this by unlinking the handler separately for each exit from the try block. Review URL: http://codereview.chromium.org/39331 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1449 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-09 10:51:57 +00:00
kmillikin@chromium.org	182c3ebb2d	Reapply r1434 and port to ARM. Review URL: http://codereview.chromium.org/40220 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-06 14:18:03 +00:00
christian.plesner.hansen@gmail.com	2a2c9381ea	Reverted r1434 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1437 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-06 11:59:53 +00:00
kmillikin@chromium.org	b638d5c613	Fix issue 259. http://code.google.com/p/v8/issues/detail?id=259 Due to constant folding of loop conditions, it is possible to have a try/finally with no exits from the try block (eg, an infinite loop in the try block). In that case the code to unlink the try handler is dead and should not be emitted. Review URL: http://codereview.chromium.org/39251 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-06 10:18:33 +00:00
lrn@chromium.org	21fb24e0b2	Issue 254 - now correctly updates lastIndexof when using the test method. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-04 12:29:37 +00:00
olehougaard	7bd50d046d	Fixed issue 253. No longer assuming that the target of a property lookup is a JSObject. Review URL: http://codereview.chromium.org/39126 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-04 11:57:24 +00:00
lrn@chromium.org	4852bef23d	Issue 246 - wait until regexp is parsed to detect whether it's simple. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1412 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-03-04 09:52:01 +00:00
lrn@chromium.org	80bb2cc546	Missing handle check. Triggers bug if the runtime stack overflows and it is detected by a global regexp. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-02-13 09:40:15 +00:00
lrn@chromium.org	0b1f3f2134	Issue 231 - Irregexp backtracking stack pointer could become corrupted. http://code.google.com/p/v8/issues/detail?id=231 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2009-02-12 13:07:58 +00:00

1 2

93 Commits