AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
20,372 Commits 1 Branch 0 Tags 839 MiB
bb65d40dbf
Commit Graph

486 Commits

Author SHA1 Message Date
svenpanne
bb65d40dbf Fixed -fsanitize=float-cast-overflow problems. 
BUG=v8:3773
LOG=y

Review URL: https://codereview.chromium.org/809293003

Cr-Commit-Position: refs/heads/master@{#25880}
 2014-12-18 11:13:04 +00:00
ishell
08146dc023 Introduced PropertyType ACCESSOR_FIELD. 
Review URL: https://codereview.chromium.org/805453002

Cr-Commit-Position: refs/heads/master@{#25842}
 2014-12-16 13:22:31 +00:00
jkummerow
60dafcaab2 Add infrastructure to keep track of references to prototypes. 
There are no users of this infrastructure yet, so it's behind an off-by-default flag.

Review URL: https://codereview.chromium.org/768633002

Cr-Commit-Position: refs/heads/master@{#25829}
 2014-12-15 19:57:54 +00:00
adamk
8877f15664 Create optimized inline versions of Map and Set initialization 
Review URL: https://codereview.chromium.org/779173010

Cr-Commit-Position: refs/heads/master@{#25758}
 2014-12-10 18:47:36 +00:00
yangguo
d28b2a194d Extract non-IO part of mksnapshot into an API method. 
R=vogelheim@chromium.org

Review URL: https://codereview.chromium.org/789213002

Cr-Commit-Position: refs/heads/master@{#25747}
 2014-12-10 14:20:26 +00:00
ulan
2ac522ab15 Reland parts of 'Use weak cells in map checks in polymorphic ICs' 
This relands macroassembler instructions and weak cell caching and
does not include parts that caused "Linux ASan LSan" test failures.

BUG=v8:3663
LOG=N

Review URL: https://codereview.chromium.org/764003003

Cr-Commit-Position: refs/heads/master@{#25615}
 2014-12-02 14:25:26 +00:00
machenbach
d9c83f6bd0 Revert of Use weak cells in map checks in polymorphic ICs. (patchset #8 id:140001 of https://codereview.chromium.org/753993003/) 
Reason for revert:
[Sheriff] Speculative revert for breaking chromium asan (roll blocker):
http://build.chromium.org/p/client.v8/builders/Linux%20ASan%20LSan%20Tests%20%281%29/builds/1683

Original issue's description:
> Use weak cells in map checks in polymorphic ICs.
>
> BUG=v8:3663
> LOG=N

TBR=mvstanton@chromium.org,akos.palfi@imgtec.com,weiliang.lin@intel.com,ulan@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3663

Review URL: https://codereview.chromium.org/771033003

Cr-Commit-Position: refs/heads/master@{#25597}
 2014-12-02 08:17:05 +00:00
ulan
45a36948e1 Use weak cells in map checks in polymorphic ICs. 
BUG=v8:3663
LOG=N

Review URL: https://codereview.chromium.org/753993003

Cr-Commit-Position: refs/heads/master@{#25581}
 2014-12-01 10:41:14 +00:00
Michael Stanton
c142994f74 Flesh out vector ic state query and set mechanisms. 
The IC system now fully integrates the vector concept and can
handle loads and keyed loads vector-based.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/754303003

Cr-Commit-Position: refs/heads/master@{#25552}
 2014-11-27 16:36:40 +00:00
yangguo
33853f73a7 Partially revert "Optimize function across closures." 
BUG=chromium:434447

Review URL: https://codereview.chromium.org/755173002

Cr-Commit-Position: refs/heads/master@{#25500}
 2014-11-25 13:22:04 +00:00
yangguo
6714365a30 Reland "Optimize function across closures." (again). 
Review URL: https://codereview.chromium.org/707463002

Cr-Commit-Position: refs/heads/master@{#25367}
 2014-11-17 08:43:00 +00:00
Toon Verwaest
c8e5a1add7 Install the constructor property on custom prototype before optimizing it as a prototype 
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/725593002

Cr-Commit-Position: refs/heads/master@{#25328}
 2014-11-13 14:13:11 +00:00
dslomov@chromium.org
eacdfa0b7a Various clean-ups after top-level lexical declarations are done. 
1. Global{Context,Scope}=>Script{Context,Scope}
2. Enable fixed tests
3. Update comments

R=rossberg@chromium.org
BUG=v8:2198
LOG=N

Review URL: https://codereview.chromium.org/716833002

Cr-Commit-Position: refs/heads/master@{#25291}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25291 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-12 11:35:18 +00:00
ishell@chromium.org
18cf6c9ac9 MapCache simplification. It is now a FixedArray that maps number of properties to a WeakCell with a Map. 
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/712943002

Cr-Commit-Position: refs/heads/master@{#25253}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25253 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-10 18:04:17 +00:00
dslomov@chromium.org
1a64b02dcf harmony_scoping: Implement lexical bindings at top level 
This implements correct semantics for "extensible" top level lexical scope.
The entire lexical scope is represented at runtime by GlobalContextTable, reachable from native context and accumulating global contexts from every script loaded into the context.

When the new script starts executing, it does the following validation:
- checks the GlobalContextTable and global object (non-configurable own) properties against the set of declarations it introduces and reports potential conflicts.
- invalidates the conflicting PropertyCells on global object, so that any code depending on them will miss/deopt causing any contextual lookups to be reexecuted under the new bindings
- adds the lexical bindings it introduces to the GlobalContextTable

Loads and stores for contextual lookups are modified so that they check the GlobalContextTable before looking up properties on global object, thus implementing the shadowing of global object properties by lexical declarations.

R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/705663004

Cr-Commit-Position: refs/heads/master@{#25220}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-07 16:29:45 +00:00
jkummerow@chromium.org
e2e9e1d3f6 Add FLAG_trace_maps 
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/694533003

Cr-Commit-Position: refs/heads/master@{#25219}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-07 16:03:44 +00:00
yangguo@chromium.org
6de28b2be1 Revert "Reland "Optimize function across closures."" 
This reverts commit r25142.

TBR=ishell@chromium.org

Review URL: https://codereview.chromium.org/702853002

Cr-Commit-Position: refs/heads/master@{#25145}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-05 11:37:42 +00:00
yangguo@chromium.org
1cdf4e9308 Reland "Optimize function across closures." 
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/703603003

Cr-Commit-Position: refs/heads/master@{#25142}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-05 11:12:41 +00:00
yangguo@chromium.org
c66a3f95ae Revert "Optimize function across closures." 
This reverts r25102.

TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/699143002

Cr-Commit-Position: refs/heads/master@{#25104}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25104 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-04 11:40:45 +00:00
yangguo@chromium.org
1d66934565 Optimize function across closures. 
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/699633002

Cr-Commit-Position: refs/heads/master@{#25102}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25102 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-04 11:06:44 +00:00
aandrey@chromium.org
35eaced208 Add debug mirror support for ES6 Map/Set iterators. 
This is to show values preview of an iterator in DevTools console.

API=v8::Value::IsMapIterator, v8::Value::IsSetIterator
BUG=chromium:427868
R=arv@chromium.org, yangguo@chromium.org, adamk@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/693813002

Cr-Commit-Position: refs/heads/master@{#25100}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25100 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-11-04 10:02:43 +00:00
mvstanton@chromium.org
c688ebd858 vector-based ICs did not update type feedback counts correctly. 
BUG=v8:3605
LOG=N
R=jkummerow@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/650073002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24732 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-20 11:42:56 +00:00
dslomov@chromium.org
7cf9d1c807 Share code between Factory::NewJSTypedArray and API 
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/641343005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-17 09:04:58 +00:00
erikcorry@chromium.org
3727a10d20 Use WeakCell to handle the script wrapper cache 
The script wrapper cache used the API weak handles to provide a weak link from Script to ScriptWrapper. We want to change the way API weakness works, and in this context it's best to get rid of users of the API that don't need to be users.

R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/659513003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-15 10:11:08 +00:00
ulan@chromium.org
dd49272c00 Weak Cells 
Introduce an object that holds a weak reference.
Design document: http://goo.gl/9dSvvy.

BUG=
R=erik.corry@gmail.com

Review URL: https://codereview.chromium.org/640303006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-14 14:43:45 +00:00
bmeurer@chromium.org
cb37b6c54e [turbofan] Fix typed lowering of typed array loads/stores. 
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/646483003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-10 08:10:29 +00:00
bmeurer@chromium.org
e3294b1f09 [turbofan] Fix lowering of typed loads/stores. 
Only JSLoadProperty/JSStoreProperty nodes with external typed arrays can
be lowered to LoadElement/StoreElement, because lowering of non-external
typed arrays would require a map check.

TEST=cctest,unittests,mjsunit
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/631093003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-07 07:36:21 +00:00
jarin@chromium.org
f40d582cf1 Revert "[turbofan] Fix lowering of typed loads/stores." 
This reverts commit r24386 for tanking asm.js benchmarks.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/634473002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-06 08:54:24 +00:00
bmeurer@chromium.org
5899cc8ca7 [turbofan] Fix lowering of typed loads/stores. 
We can only access to external typed arrays; lowering of internal
typed arrays would require a map check plus eager deoptimization.
Also embed the array buffer reference directly instead of embedding
the typed array.

TEST=cctest,mjsunit,unittests
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/621863002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-10-02 08:38:37 +00:00
jkummerow@chromium.org
1903e560b0 Non-JSArrays must always have holey elements. 
Drive-by cleanup: remove unused elements_kind_ field in CallNew.

BUG=chromium:416558
LOG=n
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/595333002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-25 08:25:25 +00:00
verwaest@chromium.org
40bbeef0ee Make Map::Create always use the Object function, and remove the unused inobject properties 
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/584943002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-19 14:59:14 +00:00
verwaest@chromium.org
e2cc4baaf3 Use the initial map of the Object function for empty object literals 
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/586673002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24088 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-19 13:40:38 +00:00
mvstanton@chromium.org
9505d5b5ae Fix gcmole warning. 
TBR=ishell@chromium.org

Review URL: https://codereview.chromium.org/582033002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24041 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-18 13:24:02 +00:00
mvstanton@chromium.org
200095c3e7 Move state sentinels into TypeFeedbackVector. 
These sentinels were in the wrong place, living in only tangentially related class TypeFeedbackInfo, but they codify state in the TypeFeedbackVector.

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/579153003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-18 12:31:31 +00:00
mvstanton@chromium.org
134a89b11f Introduce TypeFeedbackVector, as FixedArray grew constrictive. 
The TypeFeedbackVector is poised to host significant functionality. While it
remains a FixedArray under the covers, we need a place to hold logic and
definitions unique to its function.

BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/581993002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-18 09:59:53 +00:00
arv@chromium.org
477b75f1cb Arrow functions: Cleanup handling of the prototype property 
The old code did not work correctly in case of optimizations. I
found this out when implementing concise methods and we now plumb
through the function kind so we know what kind of Map to create for
the function.

BUG=v8:2700
LOG=y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/562253002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-12 15:07:43 +00:00
arv@chromium.org
45d8e74cd6 ES6: Add support for method shorthand in object literals 
This is governed by the harmony-object-literals flag.

BUG=v8:3516
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/477263002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-10 16:39:42 +00:00
yangguo@chromium.org
4e670fd05e Rename ascii to one-byte where applicable. 
R=dcarney@chromium.org, marja@chromium.org

Review URL: https://codereview.chromium.org/559913002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-10 12:38:12 +00:00
verwaest@chromium.org
5941bb4e73 Never skip access checks in the lookup iterator 
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/536943002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-03 14:05:55 +00:00
bmeurer@chromium.org
7d0d01005c First step to cleanup the power-of-2 mess. 
TEST=base-unittests,cctest,mjsunit
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/528993002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-02 13:36:35 +00:00
yangguo@chromium.org
7be66cf5d7 Do not expose termination exceptions to the Exception API. 
R=verwaest@chromium.org
BUG=403509
LOG=N

Review URL: https://codereview.chromium.org/516913003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-09-01 09:11:44 +00:00
adamk@chromium.org
71fbe7d4ec Ensure that JSProxy::Fix gives the generated JSObject map a constructor 
All JSObjects in V8 either have a map()->constructor() field or are
JSFunctions. JSProxy::Fix, however, was not enforcing this, and
Object.observe's use of JSObject::GetCreationContext() exposed this.

Note that this is not Object.observe-specific: the API call
v8::Object::CreationContext() also would have revealed this bug.

This patch chooses Object as a reasonable constructor to put on the
newly-fixed object's map. Note that this has no effect on the "constructor"
property in JS. In doing so, I've also tightened up the code underlying
JSProxy::Fix to only support JSObject and JSFunction as possible output
types.

BUG=405844
LOG=N
R=rossberg@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/505303004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-27 15:54:23 +00:00
bmeurer@chromium.org
90c8932596 Replace our homegrown ARRAY_SIZE() with Chrome's arraysize(). 
Our own ARRAY_SIZE() was pretty bad at error checking. If you use
arrasize() in a wrong way, the compiler will issue an error instead of
silently doing the wrong thing. The previous ARRAY_SIZE() macro is still
available as ARRAYSIZE_UNSAFE() similar to Chrome.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/501323002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23389 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-26 09:19:24 +00:00
verwaest@chromium.org
01cfeb1205 Clean up LookupIterator::Configuration naming 
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/503663003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23349 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-25 11:34:43 +00:00
yangguo@chromium.org
5f5f8e6724 Make internalized string parser in JSON.parse GC-safe 
SubStringKey::AsHandle is not GC-safe because the string backing store
may move.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/484703002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-19 08:53:38 +00:00
verwaest@chromium.org
109db3ca12 Rename the configuration flags of the LookupIterator 
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/469733002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23167 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-18 14:59:04 +00:00
dslomov@chromium.org
d2fe3e68ea Add "own" symbols support. 
"Own" symbols are symbols that can only denote own properties of
objects.

R=hpayer@chromium.org, verwaest@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=23056

Review URL: https://codereview.chromium.org/464473002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-12 15:28:20 +00:00
dslomov@chromium.org
dc4c277589 Revert "Add "own" symbols support." 
This reverts commit r23056 for breaking Mac x64 test.

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/460803003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-11 21:44:08 +00:00
dslomov@chromium.org
88f65f2c52 Add "own" symbols support. 
"Own" symbols are symbols that can only denote own properties of
objects.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/464473002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23056 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-11 18:59:38 +00:00
yangguo@chromium.org
e566c0f4a1 Small clean up of externalizing strings. 
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/462643002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2014-08-11 14:04:37 +00:00