AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
mstarzinger@chromium.org	0f348e5592	Generator objects can suspend * src/ast.h: * src/parser.cc: Differentiate between the different kinds of yields, in anticipation of boxing return values. Parse `return' into `yield' in a generator. * src/runtime.h: * src/runtime.cc (Runtime_SuspendJSGeneratorObject): New horrible runtime function: saves continuation, context, and operands into the generator object. * src/arm/full-codegen-arm.cc (VisitYield): * src/ia32/full-codegen-ia32.cc (VisitYield): * src/x64/full-codegen-x64.cc (VisitYield): Arrange to call SuspendJSGeneratorObject. If the call returns the hole, we suspend. Otherwise we resume. BUG=v8:2355 TEST=These codepaths are tested when the generator is first invoked, and so are covered by mjsunit/harmony/generators-objects.js. Review URL: https://codereview.chromium.org/13704010 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-19 14:11:23 +00:00
yurys@chromium.org	c0fca4e8c8	Revert r14252 as it broke --prof for some cases R=jkummerow BUG=v8:2642 Review URL: https://codereview.chromium.org/14367020 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-19 11:55:01 +00:00
yangguo@chromium.org	72a05845ec	Revert r14310 due to isolate tests failure. R=mstarzinger@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/14021004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14334 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-18 14:41:24 +00:00
mstarzinger@chromium.org	adf9afc09e	Fix missing Smi check in grow mode keyed stores. R=danno@chromium.org TEST=mjsunit/regress/regress-grow-store-smi-check Review URL: https://codereview.chromium.org/14352011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14332 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-18 14:18:27 +00:00
jkummerow@chromium.org	5eadc1a428	Remove SCons related files Review URL: https://codereview.chromium.org/14348002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-18 11:01:14 +00:00
dslomov@chromium.org	3e31a67bf8	Disable the test due to Win64 build problems. The large allocation actually succeeds on Win64, but it looks like subsequent memory adjustment fails. Disabling the test for now, will investigate further. TBR=rossberg Review URL: https://codereview.chromium.org/14330006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-17 18:13:44 +00:00
yangguo@chromium.org	b3707c17d6	Inline String.fromCharCode in hydrogen. BUG= Review URL: https://chromiumcodereview.appspot.com/14296009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-17 16:37:11 +00:00
rossberg@chromium.org	2458a801f7	Add d8 functionality for switching between realms (a.k.a. contexts) R=mstarzinger@chromium.org,yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/14295011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-17 15:07:31 +00:00
mstarzinger@chromium.org	57a7714e06	Generator objects have [[Class]] === "Generator" Generator object maps now link to their constructors, which are created with a "Generator" class name. This does not cause a per-generator constructor property to be set. BUG=v8:2355 TEST=mjsunit/harmony/generators-objects Review URL: https://codereview.chromium.org/14262004 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-17 15:01:25 +00:00
dslomov@chromium.org	c1a19275d3	First cut at impementing ES6 TypedArrays in V8. BUG= Review URL: https://codereview.chromium.org/13975012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-16 14:16:30 +00:00
yangguo@chromium.org	d7b78dc230	Fix OOB write in --print-code. R=jkummerow@chromium.org BUG=v8:2624 Review URL: https://chromiumcodereview.appspot.com/14018010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-15 15:19:51 +00:00
mstarzinger@chromium.org	591a8ec86c	Calling a generator function returns a generator object * src/heap.h: * src/heap.cc: * src/objects-debug.cc: * src/objects-inl.h: * src/objects-printer.cc: * src/objects-visiting.cc: * src/objects.cc: * src/objects.h: Define a new object type, JSGeneratorObject. * src/factory.h: * src/factory.cc (NewFunctionFromSharedFunctionInfo): Generator function inital maps construct the new JS_GENERATOR_OBJECT_TYPE objects, not generic JSObjects. * src/runtime.h: * src/runtime.cc (Runtime_CreateJSGeneratorObject): * src/arm/full-codegen-arm.cc (Generate): * src/ia32/full-codegen-ia32.cc (Generate): * src/x64/full-codegen-x64.cc (Generate): Before visiting generator bodies, arrange to construct and return a generator object. * test/mjsunit/harmony/generators-objects.js: Add tests for the properties and prototype of generator objects. BUG=v8:2355 TEST=mjsunit/harmony/generators-objects Review URL: https://codereview.chromium.org/13542002 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-15 12:29:44 +00:00
yurys@chromium.org	5206b08451	Remove code that analyzes tos values from tickprocessor Assuming that the value on top of stack is return address for a frameless invocation is error-prone. Corresponding logic was removed from profile-generator.cc in r14205 (see https://code.google.com/p/v8/source/diff?spec=svn14205&r=14205&format=side&path=/branches/bleeding_edge/src/profile-generator.cc) and now it is time to remove it from the tick processor. Since the tos is not used anymore by profiler it is also removed from TickSample. BUG=None Review URL: https://codereview.chromium.org/13873009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-12 11:20:22 +00:00
mstarzinger@chromium.org	75c388e691	Fix detection of indexed properties in Object.defineProperty() When defining an indexed property on an Array object, the object's length property should (perhaps) be updated. This was done for any property for which ToUInt32(name) == ToNumber(name) was true, meaning any property name that, when converted to a number, was an integer in the range [0, 2^32). The detection should be more strict; an indexed property is one for which ToString(ToUInt32(name)) == name is true only. Review URL: https://codereview.chromium.org/13914003 Patch from Jens Lindström <jl@opera.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-12 08:45:14 +00:00
rossberg@chromium.org	8e8bbc0e6c	* src/generator.js: Add methods and intialization for generator meta-objects. * src/contexts.h: * src/bootstrapper.cc (InitializeExperimentalGlobal): Make generator meta-objects, and store maps for constructing generator functions and their prototypes. * src/factory.h: * src/factory.cc (MapForNewFunction): New helper. (NewFunctionFromSharedFunctionInfo): Use the new helper. * src/heap.cc (AllocateFunctionPrototype, AllocateInitialMap): For generators, allocate appropriate prototypes and maps. * src/code-stubs.h: * src/arm/code-stubs-arm.h: * src/arm/full-codegen-arm.h: * src/ia32/code-stubs-ia32.h: * src/ia32/full-codegen-ia32.h: * src/x64/code-stubs-x64.h: * src/x64/full-codegen-x64.h: Allow fast closure creation for generators, using the appropriate map. * test/mjsunit/harmony/builtins.js: Add a special case for GeneratorFunctionPrototype.prototype.__proto__. BUG= TEST=mjsunit/harmony/generators-runtime Review URL: https://codereview.chromium.org/13192004 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-11 16:28:19 +00:00
mstarzinger@chromium.org	d311208e12	Move creation of collection prototypes into JavaScript. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/14165004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14234 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-11 13:31:51 +00:00
rossberg@chromium.org	723cd9887f	Fix set-up of intrinsic's 'constructor' properties Looks so easy... R=mstarzinger@chromium.org BUG=229445 Review URL: https://codereview.chromium.org/13880007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-11 12:27:55 +00:00
yangguo@chromium.org	da5c11a44a	Fix JSON.stringify's slow path wrt sliced strings. R=mvstanton@chromium.org BUG=229923 Review URL: https://chromiumcodereview.appspot.com/14107004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-11 09:53:00 +00:00
hpayer@chromium.org	2db9e62fc8	Build fast literals in hydrogen. BUG= Review URL: https://codereview.chromium.org/12880017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-10 13:52:08 +00:00
yangguo@chromium.org	996a80df45	Fix OSR for nested loops. R=jkummerow@chromium.org BUG=v8:2618 Review URL: https://chromiumcodereview.appspot.com/13811014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-10 09:24:31 +00:00
verwaest@chromium.org	79d18ea332	Let ComputeTarget fail if it skips over NORMAL objects. BUG=v8:2595 Review URL: https://chromiumcodereview.appspot.com/13862008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-09 16:38:51 +00:00
mvstanton@chromium.org	b7022fd2be	Improvements for x87 stack handling BUG= Review URL: https://codereview.chromium.org/13426006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-09 08:42:57 +00:00
ulan@chromium.org	74839e86d7	Modifications to tests and test tools for Native Client V8. BUG=2614 Review URL: https://chromiumcodereview.appspot.com/13638013 Patch from Brad Chen <bradchen@google.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-09 08:39:01 +00:00
yangguo@chromium.org	fe6fc554b0	Fix slow path of JSON.stringifier when GC strikes. FlatContent is not GC-safe. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/13782002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14175 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-09 08:12:59 +00:00
verwaest@chromium.org	c569d31ff5	Adding standard-compliance tests for array functions. BUG=v8:2615 Review URL: https://chromiumcodereview.appspot.com/13601009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-09 08:09:52 +00:00
verwaest@chromium.org	98d8c9e452	Always check global property cells for readonliness before storing. Add check when the global object is the last in the chain. Review URL: https://chromiumcodereview.appspot.com/13730002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-09 08:09:05 +00:00
yangguo@chromium.org	9559181b0e	Fix worst-case behavior of MergeRemovableSimulates(). Currently, when a long series of removable simulates are merged, we do this by merging them one by one as we find them. As we merge the value value lists of the simulates, those lists snowball so that we get a quadratic complexity wrt runtime and memory consumption. Instead, we gather simulates that need to be merged, and merge them backwards starting from the last simulate. R=jkummerow@chromium.org BUG=v8:2612 Review URL: https://chromiumcodereview.appspot.com/13649003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-08 17:37:22 +00:00
yangguo@chromium.org	e33b68817b	Fix Array.prototype.concat when exceeding array size limit. R=verwaest@chromium.org BUG=v8:581 Review URL: https://chromiumcodereview.appspot.com/13465008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14154 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-05 15:12:59 +00:00
mstarzinger@chromium.org	b6efbd79de	Force context allocation for variables in generator scopes. * src/scopes.h (ForceContextAllocation, has_forced_context_allocation): New interface to force context allocation for an entire function's scope. * src/scopes.cc: Unless a new scope is a function scope, if its outer scope has forced context allocation, it should also force context allocation. (MustAllocateInContext): Return true if the scope as a whole has forced context allocation. (CollectStackAndContextLocals): Allow temporaries to be context-allocated. * src/parser.cc (ParseFunctionLiteral): Force context allocation for generator scopes. * src/v8globals.h (VariableMode): Update comment on TEMPORARY. * src/arm/full-codegen-arm.cc (Generate): * src/ia32/full-codegen-ia32.cc (Generate): * src/x64/full-codegen-x64.cc (Generate): Assert that generators have no stack slots. * test/mjsunit/harmony/generators-instantiation.js: New test. BUG=v8:2355 TEST=mjsunit/harmony/generators-instantiation Review URL: https://codereview.chromium.org/13408005 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14152 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-05 13:19:31 +00:00
yangguo@chromium.org	deecbb2e01	Do not implicitly convert non-object receivers for strict mode functions. This was still the case for Array.prototype.* builtin functions. R=rossberg@chromium.org BUG=v8:2273 Review URL: https://chromiumcodereview.appspot.com/13473009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-05 11:57:02 +00:00
mstarzinger@chromium.org	48635f7d58	Fix minor typo in generator parsing test. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/13575010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14148 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-05 08:38:40 +00:00
mstarzinger@chromium.org	9fd5eb52d4	Skip long running regression test from r14078. R=yangguo@chromium.org BUG=chromium:217858 TEST=mjsunit/regress/regress-crbug-217858 Review URL: https://codereview.chromium.org/13640004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14141 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-04 14:46:18 +00:00
mstarzinger@chromium.org	9e757a604c	Make __proto__ a real JavaScript accessor property. This turns the __proto__ callback from a foreign callback into a real JavaScript accessor. It makes the accessor behavior of this property explicit. R=rossberg@chromium.org BUG=v8:1949,v8:2606 TEST=mjsunit/regress/regress-2606 Review URL: https://codereview.chromium.org/13533004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14139 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-04 12:10:23 +00:00
dslomov@chromium.org	370caca72c	Test behavior of qNaN and sNaN BUG=v8:2607 Review URL: https://codereview.chromium.org/13470002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-04 09:31:24 +00:00
ulan@chromium.org	eee5884f8d	Add extra flag for load-ic stubs in code cache. This allows to distinguish between stubs compiled for the current object from stubs compiled for objects that have the current object as a prototype. BUG=v8:2593 R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/13552003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-04 08:29:25 +00:00
rossberg@chromium.org	b449691db2	ES6 symbols: fix corner cases of equality operators R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/13552002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14128 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-03 17:06:22 +00:00
dslomov@chromium.org	a172a5e839	Remove (H\|L)JSArrayLength instructions BUG= Review URL: https://codereview.chromium.org/12491023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14127 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-03 16:25:24 +00:00
danno@chromium.org	98281c62f0	Ensure UseRegisterAtStart not used with fixed temp/return register R=vegorov@chromium.org BUG=chromium:201590 Review URL: https://codereview.chromium.org/13527007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14124 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-03 14:45:39 +00:00
mstarzinger@chromium.org	2816f19680	Add parser support for generators. This patchset begins by adding support for "yield", which is unlike other tokens in JS. In a generator, whether strict or classic, it is a syntactic keyword. In classic mode it is an identifier. In strict mode it is reserved. This patch adds YIELD as a token to the scanner, and adapts the preparser and parser appropriately. It also parses "function*", indicating that a function is actually a generator, for both eagerly and lazily parsed functions. Currently "yield" just compiles as "return". BUG=v8:2355 TEST=mjsunit/harmony/generators-parsing Review URL: https://codereview.chromium.org/12646003 Patch from Andy Wingo <wingo@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-04-02 17:34:59 +00:00
yangguo@chromium.org	443f85eed9	Add test to check that Function.caller must not expose native functions. R=svenpanne@chromium.org BUG=v8:105 Review URL: https://chromiumcodereview.appspot.com/13166002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-28 14:31:48 +00:00
yangguo@chromium.org	a3f0f942a3	Always allocate symbols in old space. Keys are expected to be tenured. This now not only includes internalized strings, but also symbols. R=rossberg@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/13158002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-28 13:52:31 +00:00
dslomov@chromium.org	47d8af7616	Canonicalize NaNs on store to Fast(Float\|Double) arrays Also treat holey NaN coming from external float/double arrays correctly BUG=2596 Review URL: https://codereview.chromium.org/12918028 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-28 13:30:16 +00:00
dslomov@chromium.org	944c577c7b	First steps towards implementing ArrayBuffer &co in V8 BUG= Review URL: https://codereview.chromium.org/13064003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-28 12:50:18 +00:00
rossberg@chromium.org	15ab3a0612	ES6 symbols: symbol properties should not cause going into slow mode. R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/13042013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-28 12:01:46 +00:00
yangguo@chromium.org	9155d20282	Stack trace API: poison stack frames below the first strict mode frame. Function and receiver objects are not accessible for poisoned frames. R=rossberg@chromium.org BUG=v8:2564 Review URL: https://chromiumcodereview.appspot.com/13150003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14085 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-28 10:40:07 +00:00
yangguo@chromium.org	a942fcd984	Add test case for missing deopt sequence after forced deopt. R=danno@chromium.org BUG=217858 Review URL: https://chromiumcodereview.appspot.com/13042005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-27 09:58:32 +00:00
yangguo@chromium.org	bb632dc49d	Only copy with, block and catch scopes in DebugEvaluate. R=ulan@chromium.org BUG=171715 Review URL: https://chromiumcodereview.appspot.com/13093003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-26 17:46:16 +00:00
danno@chromium.org	c3486bc4eb	Remove bogus test flags R=verwaest@chromium.org Review URL: https://codereview.chromium.org/12872007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14072 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-25 17:59:15 +00:00
danno@chromium.org	dfd9ea8087	Fix store_mode bug involving polymorphism with external and JS arrays. Review URL: https://codereview.chromium.org/12987014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-25 15:19:22 +00:00
verwaest@chromium.org	a8b3215afa	Change LookupForWrite to always do a full lookup and check the result. If we find a property in the prototype-chain that we can overwrite, and we have a transition, keep the holder in the lookup-result as the actual holder. We will need it for the consistency-check in GenerateStoreField. By directly checking the entire chain we avoid having to lazily bail out to a copy of the miss stub while generating the Field Store IC. Currently this CL disallows a normal non-receiver holder, given that that would require a positive lookup + details verification to ensure the property did not become read-only. This fixes the regressions in the attached tests. Review URL: https://chromiumcodereview.appspot.com/12810006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-25 12:55:27 +00:00
yangguo@chromium.org	b347a0dcae	Correctly materialize arguments object in Runtime_DebugEvaluate. The problem was that if the # arguments specified in the function declaration and the # arguments passed to the function are not the same, we use an arguments adapter frame to make it work. This confuses the existing implementation to materialize the arguments object. R=peter.rybin@gmail.com BUG=222893 Review URL: https://chromiumcodereview.appspot.com/12674027 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-25 10:01:53 +00:00
adamk@chromium.org	9bebd23d5c	Fix %GetArrayKeys to not skip non-enumerable indices This is one step in the direction of fixing a range of small bugs in the array methods when dealing with non-standard element attributes. Added tests exercising this behavior for shift and unshift. For Proxies and Interceptors, the behavior of %GetArrayKeys is now to just return an interval, rather than trying to list all their indexed properties. In the Proxy case, this seems like the only way to avoid an observable difference between smart and non-smart array methods. For Interceptors, the usual case (in WebKit, anyway) is for them to have all indices in [0, length), so enumerating them won't be any better than simply iterating over that range. Review URL: https://codereview.chromium.org/12653010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14057 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-22 18:04:32 +00:00
rossberg@chromium.org	52aec4722d	ES6 symbols: prevent reflection, proxy, and observe APIs from leaking symbols R=svenpanne@chromium.org BUG=v8:2158 Review URL: https://codereview.chromium.org/12422019 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14056 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-22 17:27:44 +00:00
rossberg@chromium.org	2657e432e4	ES6 symbols: implement name property Adds string-valued name property to symbols, and uses it for pretty-printing. Requires allocating symbols in pointer space, with a custom iterator to skip the unboxed hash. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/12459026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-22 16:51:28 +00:00
rossberg@chromium.org	83d4a41dec	ES6 symbols: turn symbols into a proper primitive type (qua last week's TC39) Specifically: - Install Symbol constructor function on the global object. - Adjust code generation for typeof. - Remove IsSymbol built-in, IS_SYMBOL macro now defined using typeof. - Remove hack that allowed symbols as constructor results, and some other special cases. - Remove symbol_delegate and GetDelegate function. - Extend ToBoolean stub to handle symbols. - Extend ToNumber to return NaN on symbols. - Poison symbol's toString function, and thereby ToString on symbols. R=mstarzinger@chromium.org BUG=v8:2158 Review URL: https://codereview.chromium.org/12957004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-22 16:33:50 +00:00
adamk@chromium.org	51a888ff48	Fix bogus left-shifts in Array tests Review URL: https://codereview.chromium.org/12729014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14050 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-22 15:08:30 +00:00
yangguo@chromium.org	27b0979347	Restore correct regression test for crbug/146910. For some reason (rebase conflicts?) the regression test introduced in r12547 was overwritten by r13340. The test in question already exists in regress-latin-1 R=dcarney@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/13023003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-22 09:04:36 +00:00
yangguo@chromium.org	006b1a88a0	Fix JSON.stringifier's slow path wrt external strings. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12825016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14042 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-22 08:42:38 +00:00
yangguo@chromium.org	5fcc52fcb9	Simplify debug evaluate. R=peter.rybin@gmail.com BUG=v8:2585, 173608 Review URL: https://chromiumcodereview.appspot.com/12953002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-21 08:50:29 +00:00
yangguo@chromium.org	b522319a98	Extend test coverage for JSON.stringify's slow path. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12702009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14008 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-20 14:07:30 +00:00
danno@chromium.org	ffd0c712e8	Implement many KeyedStoreStubs using Crankshaft - Addition of a compiled hydrogen stub for KeyedStores. - Inlining of "grow" stubs into OPTIMIZED_FUNCTIONs - Addition of new "ignore OOB" ic stub that silently swallows out-of-bounds stores to external typed arrays. - Addition of new "copy-on-write" ic stub that inlines allocation and copying operations for cow array - New stub are generated with Crankshaft, so they are automatically inlined into OPTIMIZED_FUNCTIONs Review URL: https://codereview.chromium.org/12221064 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-20 10:37:13 +00:00
verwaest@chromium.org	002ba9c76d	Turn Flags into a uint32_t typedef. We cannot rely on C++ compilers inferring the int-type from the enum value range. Whereas Linux/OSX find uint32_t as type for [0,MaxUInt32], Windows insists it's int. Update the test to execute its original intent on all platforms: 1 value larger than max arguments, 1 smaller than max arguments (on all platforms). This makes the test run a lot faster. BUG=chromium:194749 Review URL: https://chromiumcodereview.appspot.com/12507010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-19 13:11:49 +00:00
verwaest@chromium.org	010f36f94b	Raise the limit since it is 2**16 (65536) on x64. Review URL: https://chromiumcodereview.appspot.com/12700012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-18 15:49:33 +00:00
jkummerow@chromium.org	e2cd7aa423	Fix detection of \|handle_smi\| case in HOptimizedGraphBuilder::HandlePolymorphicCallNamed BUG=chromium:196583 Review URL: https://codereview.chromium.org/12620014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13963 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-18 12:41:52 +00:00
mmassi@chromium.org	73e83b0b0f	Handling expression decomposition and array bounds check hoisting: working code with lots of debugging PrintFs, postdominance check still missing. Review URL: https://codereview.chromium.org/12377072 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-18 08:06:00 +00:00
mstarzinger@chromium.org	9aa25ad1a0	Allow inlining of functions containing function literals. R=yangguo@chromium.org BUG=v8:1322 TEST=mjsunit/compiler/inline-literals Review URL: https://codereview.chromium.org/10702036 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13945 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-14 14:29:10 +00:00
adamk@chromium.org	004452bff9	Use InternalArray in Object.getOwnPropertyNames() implementation Review URL: https://codereview.chromium.org/12342003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-12 20:15:03 +00:00
yangguo@chromium.org	479e39a058	Parallel recompilation: remove interrupt for code generation. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12488006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-12 18:03:18 +00:00
yangguo@chromium.org	173d9e8f4a	Correctly override parallel recompilation flag for test case. R=mstarzinger@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12655006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13915 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-12 17:33:51 +00:00
yangguo@chromium.org	b85237a0bc	Fix white space matching in latin-1 strings wrt \u00a0. R=dcarney@chromium.org BUG=181422 Review URL: https://chromiumcodereview.appspot.com/12644008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-11 11:52:11 +00:00
svenpanne@chromium.org	e44d3b7a87	Fixed register allocation corner case. The predicate CanBeSpilled had a bug, prohibiting the necessary spilling and correct splitting of live ranges. Removed a redundant assertion immediately done by the callee anyway. Thanks to Slava for help with that issue and the entertaining historical background of the whole story... ;-) BUG=177883 Review URL: https://codereview.chromium.org/12631012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13891 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-11 09:49:00 +00:00
mstarzinger@chromium.org	d70523dce6	Restore Function()'s expected string representation. R=rossberg@chromium.org BUG=v8:2470 TEST=mjsunit/regress/regress-2470 Review URL: https://codereview.chromium.org/12687002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13880 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-08 11:47:20 +00:00
mstarzinger@chromium.org	4b0395cc23	Harden Function()'s parsing of function literals. R=rossberg@chromium.org BUG=v8:2470 TEST=mjsunit/regress/regress-2470 Review URL: https://codereview.chromium.org/12613007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-07 15:46:14 +00:00
rossberg@chromium.org	accbbd2c10	ES6 symbols: refine test for getOwnPropertyNames R=mstarzinger@chromium.org BUG=v8:2158 Review URL: https://codereview.chromium.org/12432005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13866 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-07 15:43:47 +00:00
yangguo@chromium.org	3a497dfd51	Insert missing type cast in JSON.stringify. R=dcarney@chromium.org BUG=v8:2570 Review URL: https://chromiumcodereview.appspot.com/12599003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-07 09:58:27 +00:00
danno@chromium.org	bbc599f334	Unify grow mode and stub kind In the process, ensure that transition-causing element stores handle all cases of the transitioned receiver map. Review URL: https://codereview.chromium.org/12390031 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-06 21:51:07 +00:00
yangguo@chromium.org	a62cfd1db0	Fix Array.length, String.length and Function.prototype LoadICs on x64. R=jkummerow@chromium.org BUG=v8:2568 Review URL: https://chromiumcodereview.appspot.com/12545004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-06 18:19:35 +00:00
rossberg@chromium.org	bdc65b3e1e	ES6 symbols: filter symbols form for-in loops and Object.keys R=verwaest@chromium.org BUG=v8:2158 Review URL: https://codereview.chromium.org/12455002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-06 13:55:21 +00:00
rossberg@chromium.org	29e6b4437f	ES6 symbols: enable symbols as weak map keys R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/12456004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-05 17:24:08 +00:00
adamk@chromium.org	7fe9bd5a09	Properly handle misses for StoreArrayLengthStub on ia32 and x64 Both failed to generate a miss if the key wasn't "length". ARM and MIPS were already correct. BUG=v8:2566 Review URL: https://codereview.chromium.org/12378085 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13828 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-05 16:31:11 +00:00
yangguo@chromium.org	03375a68d7	Details wrt parallel recompilation. This includes: - actually release handles kept by compilation info when compilation completes. - do not use parallel recompilation on single core CPUs. - artificially delay parallel recompilation for debugging. - fix outdated assertions wrt optimization status. - add "parallel" option to %OptimizeFunctionOnNextCall. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12442002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-05 16:22:08 +00:00
ulan@chromium.org	be2b1a980f	Improve integer division on ARM in favor of power of 2 constant divisor BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/12052032 Patch from Rajeev R Krithivasan <rkrithiv@codeaurora.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13819 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-05 08:47:59 +00:00
mstarzinger@chromium.org	2aabf6257d	Add workaround for redefinition of __proto__ property. This is a temporary workaround when the __proto__ property is being redefined (e.g. by Object.freeze()) to not loose the foreign callback. Once the __proto__ property is a real JavaScript accessor this hack is no longer necessary. This change also makes __proto__ configurable. R=rossberg@chromium.org BUG=v8:2565 TEST=mjsunit/regress/regress-2565 Review URL: https://codereview.chromium.org/12398010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-04 17:53:40 +00:00
rossberg@chromium.org	5c93b18eb2	ES6 symbols: Allow symbols as property names Since symbols and strings share a common representation, most of this change is about consistently replacing 'String' with 'Name' in all places where property names are expected. In particular, no new logic at all is necessary for maps, property dictionaries, or transitions. :) The only places where an actual case distinction is needed have to do with generated type checks, and with conversions of names to strings (especially in logger and profiler). Left in some TODOs wrt to the API: interceptors and native getters don't accept symbols as property names yet, because that would require extending the external v8.h. (Baseline CL: https://codereview.chromium.org/12296026/) R=verwaest@chromium.org,mstarzinger@chromium.org BUG=v8:2158 Review URL: https://codereview.chromium.org/12330012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-04 15:00:57 +00:00
mvstanton@chromium.org	c4caf766bf	Allocation Info Tracking, continued. Addresses missing cases for array literals. Adds support for "new Array()" call sites. This isn't complete yet, I have to run with --noinline_new. BUG= Review URL: https://codereview.chromium.org/11818021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-01 16:06:34 +00:00
yangguo@chromium.org	358311e8ec	Limit EatAtLeast recursion by a budget. BUG=178790 Review URL: https://chromiumcodereview.appspot.com/12380026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-01 14:50:14 +00:00
rossberg@chromium.org	090d09d685	ES6 symbols: Implement Symbol intrinsic and basic functionality - Add --harmony-symbols flag. - Add Symbol constructor; allow symbols as (unreplaced) return value from constructors. - Introduce %CreateSymbol and %_IsSymbol natives and respective instructions. - Extend 'typeof' code generation to handle symbols. - Extend CompareIC with a UNIQUE_NAMES state that (uniformly) handles internalized strings and symbols. - Property lookup delegates to SymbolDelegate object for symbols, which only carries the toString method. - Extend Object.prototype.toString to recognise symbols. Per the current draft spec, symbols are actually pseudo objects that are frozen with a null prototype and only one property (toString). For simplicity, we do not treat them as proper objects for now, although typeof will return "object". Only property access works as if they were (frozen) objects (via the internal delegate object). (Baseline CL: https://codereview.chromium.org/12223071/) R=mstarzinger@chromium.org BUG=v8:2158 Review URL: https://codereview.chromium.org/12296026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-03-01 13:28:55 +00:00
yangguo@chromium.org	5c264ade8e	Fix wrong test in r13766 (Insert conversion to string in string.replace). R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12315130 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-27 15:36:02 +00:00
yangguo@chromium.org	6e64bdfc6e	Insert conversion to string in string.replace. (missing since r13761) R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12316158 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-27 15:12:30 +00:00
yangguo@chromium.org	2a3063a7c3	Handle negative input in inlined Math.round on Intel CPUs. R=jkummerow@chromium.org BUG=v8:2451 Review URL: https://chromiumcodereview.appspot.com/12342037 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-27 14:44:57 +00:00
mstarzinger@chromium.org	ea5e9edac4	Fix materialization of arguments objects with unknown values. This fixes the deoptimizer to materialize arguments objects of correct length even in cases where the actual argument values are unknown and were optimized away by Crankshaft. This can happen if only the length property or the identity of an arguments object is used. R=svenpanne@chromium.org BUG=chromium:163530 TEST=mjsunit/regress/regress-crbug-163530 Review URL: https://codereview.chromium.org/12335132 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-27 14:37:51 +00:00
yangguo@chromium.org	4cbe7100e6	Refactor implementation for String.prototype.replace. R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12177015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13761 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-27 14:14:45 +00:00
ulan@chromium.org	211f4a7be0	Disable regress-crbug-160010 for Android because it triggers OOM. R=yangguo@chromium.org Review URL: https://chromiumcodereview.appspot.com/12314150 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-27 12:14:21 +00:00
jkummerow@chromium.org	732a2af96a	Clean up mjsunit/array-bounds-check-removal Review URL: https://codereview.chromium.org/12317142 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-27 10:50:37 +00:00
ulan@chromium.org	87265114c4	Emit VMLS for multiply-subtract on ARM. BUG=none Review URL: https://chromiumcodereview.appspot.com/12319113 Patch from Hans Wennborg <hans@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13748 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-27 10:24:40 +00:00
dcarney@chromium.org	52a015b1af	Fix overflow in WriteQuoteJsonString and SlowQuoteJsonString R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/12326120 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-26 11:02:39 +00:00
mstarzinger@chromium.org	ce1e10f5fc	Make __proto__ a foreign callback on Object.prototype. This moves the __proto__ property to Object.prototype and turns it into a callback property actually present in the descriptor array as opposed to a hack in the properties lookup. For now it still is a "magic" data property using foreign callbacks and not an accessor property visible to JavaScript. The second effect of this change is that JSON.parse() no longer treats the __proto__ property specially, it will be defined as any other data property. Note that object literals still have their special handling. R=rossberg@chromium.org BUG=v8:621,v8:1949,v8:2441 TEST=mjsunit,cctest,test262 Review URL: https://codereview.chromium.org/12212011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-26 10:46:00 +00:00
yangguo@chromium.org	0d63cef35b	Constant fold math and string operations. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12315005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-21 11:40:37 +00:00
mstarzinger@chromium.org	300413b5a9	Fix f.apply() optimization when declared arguments are mutated. R=verwaest@chromium.org BUG=v8:2539 TEST=mjsunit/regress/regress-2539 Review URL: https://codereview.chromium.org/12255033 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-14 15:12:49 +00:00
mstarzinger@chromium.org	05e95eee0e	Allow full inlining of f.apply(this, arguments) calls. This allows Crankshaft to completely inline a f.apply() dispatch if the exact number of arguments is known and the function is constant. The deoptimizer doesn't generate the f.apply() frame during deoptimization, so the materialized frames look like f.apply() did a tailcall. R=jkummerow@chromium.org TEST=mjsunit/compiler/inline-function-apply Review URL: https://codereview.chromium.org/12263004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-14 09:55:50 +00:00
jkummerow@chromium.org	19dab057b4	Fix NegateCompareOp and InvertCompareOp BUG=v8:2537 Review URL: https://codereview.chromium.org/12217136 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-13 14:36:19 +00:00
jkummerow@chromium.org	b09cc0be50	Adjust the stack-size value for big-array-literal.js Review URL: https://codereview.chromium.org/12114002 Patch from Haitao Feng <haitao.feng@intel.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13623 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-07 15:45:47 +00:00
jkummerow@chromium.org	e83ff197bf	Add regression test for r13617 Many thanks to Vyacheslav Egorov for coming up with this test! BUG=173907 Review URL: https://codereview.chromium.org/12212066 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-07 15:38:24 +00:00
mstarzinger@chromium.org	79607d20e6	Make the GC stress builder go green. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/12218034 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-06 13:21:28 +00:00
adamk@chromium.org	dbf50cf948	Object.observe: change array truncation logic to efficiently handle large sparse arrays Review URL: https://codereview.chromium.org/12041084 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-04 21:03:08 +00:00
verwaest@chromium.org	aca87c2fcd	Tag stubs that rely on instance types as MEGAMORPHIC. BUG=chromium:173974 Review URL: https://chromiumcodereview.appspot.com/12178017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-04 13:12:03 +00:00
danno@chromium.org	0c3575c874	Generate the TransitionElementsStub using Crankshaft This includes: * Adding support for saving callee-clobbered double registers in Crankshaft code. * Adding a new "HTrapAllocationMemento" hydrogen instruction to handle AllocationSiteInfo data in crankshafted stubs. * Adding a new "HAllocate" hydrogen instruction that can allocate raw memory from the GC in crankshafted code. * Support for manipulation of the hole in HChange instructions for Crankshafted stubs. * Utility routines to manually build loops and if statements containing hydrogen code. Review URL: https://codereview.chromium.org/11659022 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-02-04 12:01:59 +00:00
adamk@chromium.org	c001d928df	Object.observe: don't unnecessarily emit oldValue for reconfigurations of data properties When a data property has its attributes changed but its value remains the same, don't emit an oldValue. This makes the API more consistent by only emitting oldValue when the value of a property has actually changed (or been removed, in the case of a reconfiguration as an accessor property or a deletion). Review URL: https://codereview.chromium.org/11820004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13565 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-30 21:07:28 +00:00
yangguo@chromium.org	c5883d442e	Add option to limit tick processor to a time range. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/12077043 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-29 14:41:02 +00:00
verwaest@chromium.org	c8636a2809	Do not try to collect the map if the monomorphic IC stub has no map. This is necessary for monomorphic stubs that rely on instance types, such as ArrayLength, StringLength and FunctionPrototype. BUG=chromium:172345 Review URL: https://chromiumcodereview.appspot.com/12082023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13526 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-28 13:19:53 +00:00
mstarzinger@chromium.org	fe8e97798e	Allow inlining of multiple closures from shared function. This allows Crankshaft to allow inlining of multiple different closures that were all derived from the same shared function info. This pattern appears when libraries provide generic closures that are used over and over again at different call-sites. R=jkummerow@chromium.org TEST=mjsunit/compiler/inline-closures Review URL: https://codereview.chromium.org/12071002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13522 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-25 16:55:00 +00:00
yangguo@chromium.org	24ec13cbd2	Fix additional spec violations wrt RegExp.lastIndex. R=svenpanne@chromium.org BUG=v8:2437 Review URL: https://chromiumcodereview.appspot.com/12033099 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-25 10:53:26 +00:00
mstarzinger@chromium.org	44ffa0dcd3	Allow monomorphic loads when static type is known. This allows Crankshaft to generate monomorphic loads when the receiver type is statically known even though the load site has polymorphic type feedback. This applies to inlined constructor calls and literals. R=jkummerow@chromium.org TEST=mjsunit/compiler/property-static Review URL: https://codereview.chromium.org/12051058 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13500 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-24 17:54:30 +00:00
ulan@chromium.org	e6224d275f	Make embedded maps in optimized code weak. Each map has a weak array of dependent codes, where the map tracks all the optimized codes that embed it. Old space GC either clears the dead dependent codes from the array if the corresponding map is alive or deoptimizes the live dependent codes if the map is dead. BUG=v8:2073 R=mstarzinger@chromium.org Review URL: https://chromiumcodereview.appspot.com/11575007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-24 11:55:05 +00:00
ulan@chromium.org	d29826544e	Correctly set kCanBeDivByZero flag for HMathFloorOfDiv. After r13289 the divisor can be non-constant, so we should check for zero. BUG=171641 R=yangguo@chromium.org Review URL: https://chromiumcodereview.appspot.com/12047050 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-23 15:58:49 +00:00
yangguo@chromium.org	9296975c04	Correctly reset lastIndex in an RegExp object. R=svenpanne@chromium.org BUG=170856 Review URL: https://chromiumcodereview.appspot.com/11896060 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-23 12:28:16 +00:00
ulan@chromium.org	79a0e3b017	Fix pattern detection for replacing shifts by rotation. BUG=2499 R=svenpanne@chromium.org Review URL: https://chromiumcodereview.appspot.com/12047015 Patch from Hirofumi Mako <mkhrfm@gmail.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-22 13:55:22 +00:00
mstarzinger@chromium.org	f8d5260af7	Allow loading constant function from proto chain. This enables Crankshaft to use HConstant for loading constant functions on the prototype chain when building a monomorphic load. This pattern appears in several JavaScript frameworks. R=svenpanne@chromium.org TEST=mjsunit/compiler/proto-chain-constant Review URL: https://codereview.chromium.org/12052008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13463 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-22 12:03:35 +00:00
mvstanton@chromium.org	90d0f18007	Incorrect ARM assembly in MacroAssembler::TestJSArrayForAllocationSiteInfo Restored test code in allocation-site-info.js that was failing on ARM because of this bug. BUG= Review URL: https://codereview.chromium.org/12045017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-22 10:49:23 +00:00
mvstanton@chromium.org	c3746b4388	allocation-site-info.js broken on arm with new changes. Reverting to previous version until diagnosed. Regress-2185.js test takes too long on slow path when allocation site info is discovered. BUG= Review URL: https://codereview.chromium.org/12049003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13456 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-21 16:15:08 +00:00
yangguo@chromium.org	0c822b21cb	Fix some latin-1 webkit units tests R=yangguo@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11962035 Patch from Dan Carney <dcarney@google.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-21 16:11:31 +00:00
yangguo@chromium.org	7f331f6280	Make HCheckPrototypeMaps compatible with parallel recompilation. HCheckPrototypeMaps currently records the prototype and the holder of the prototype chain (both ends of the chain) and assumes that the chain elements and their maps did not change in during the entirety of Crankshaft. The actual traversal of the prototype chain happens in Lithium at code generation. With parallel compilation, this assumption is not longer correct. R=mstarzinger@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11864013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13454 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-21 15:49:00 +00:00
mvstanton@chromium.org	3414a514cd	Fixed test failure. A test case erroneously expected a transition to a double array, but the array remains FAST_SMI. In person LGTM from Danno... BUG= Review URL: https://codereview.chromium.org/12038008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13447 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-21 13:21:53 +00:00
mvstanton@chromium.org	d7d917e6f0	Out of bounds memory access in TestJSArrayForAllocationSiteInfo. The function intended to check the map pointer of an AllocationSiteInfo object, but neglected to subtract an offset to do so. BUG=169928 Review URL: https://codereview.chromium.org/11931037 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-21 12:26:29 +00:00
jkummerow@chromium.org	7924492ce3	tools/run-tests.py: Fixes for Windows Review URL: https://codereview.chromium.org/11926015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13436 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-18 14:55:23 +00:00
yangguo@chromium.org	284a28e797	Temporarily disable deferred stack trace formatting. R=mstarzinger@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11859027 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-18 13:05:03 +00:00
mvstanton@chromium.org	7884216804	Additional work to get array literal allocation tracking working, even with --always-opt BUG= Review URL: https://codereview.chromium.org/11817017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-17 08:41:27 +00:00
mstarzinger@chromium.org	0484ddcf50	Fix arguments materialization for inlined apply(). This fixes materialization of the arguments object in case the constant function check if TryCallApply() inside an inlined frame fails. R=svenpanne@chromium.org BUG=v8:2489 TEST=mjsunit/regress/regress-2489 Review URL: https://codereview.chromium.org/11931012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-16 09:25:45 +00:00
yangguo@chromium.org	f15f294127	Sync laziness between BuildFunctionInfo and MakeFunctionInfo. BuildFunctionInfo compiles the function eagerly when there are debug break points. However, the AST may have been parsed lazily since MakeFunctionInfo does not check for debug break points. This fixes a regression introduced in r11866. BUG=147497 Review URL: https://chromiumcodereview.appspot.com/11661008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13382 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-15 10:16:52 +00:00
yangguo@chromium.org	eadcc1c10c	Reland r13188, r13194, r13256 (Deferred formatting of error stack trace during GC). BUG= Review URL: https://chromiumcodereview.appspot.com/11880018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13371 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-14 13:19:27 +00:00
mstarzinger@chromium.org	c5cff2c75a	Make recent regression test resilient against GC stress. R=danno@chromium.org TEST=mjsunit/regress/regress-165637 Review URL: https://codereview.chromium.org/11824062 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-10 14:21:27 +00:00
mstarzinger@chromium.org	1079642c97	Fix missing exception check in typed array constructor (2). This fixes another crash when the the typed array constructor accesses an array that has a throwing accessor defined on one of it's elements. R=verwaest@chromium.org BUG=chromium:168545 TEST=mjsunit/regress/regress-crbug-168545.js Review URL: https://codereview.chromium.org/11791052 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-10 11:45:29 +00:00
yangguo@chromium.org	e41c17084f	Continues Latin-1 support. All tests pass with ENABLE_LATIN_1 flag. R=yangguo@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11818025 Patch from Dan Carney <dcarney@google.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-09 15:47:53 +00:00
yangguo@chromium.org	45f20e366a	Introduce ENABLE_LATIN_1 compile flag Mostly a bunch of renaming when flag is disabled. R=yangguo@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11759008 Patch from Dan Carney <dcarney@google.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-09 10:30:54 +00:00
svenpanne@chromium.org	0aacbf9619	Added %FlattenString and use it to speed up a regression test. Flattening strings is relatively costly and by doing it after every duplication we avoid combinatorial explosion. Note that flattening could have been done by e.g. using a regular expression, too, but this is just another implementation detail and %FlattenString seems general enough to be useful in other tests, too. Review URL: https://codereview.chromium.org/11828014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-09 09:32:12 +00:00
mvstanton@chromium.org	529f801fde	Adapt Danno's Track Allocation Info idea to fast literals. When allocating a literal array, we store an AllocationSiteInfo object right after the JSArray, with a pointer to the boilerplate object. Later, if the array transitions we check for the continued existence of the temporary AllocationSiteInfo object (has no roots). If found, we'll use it to transition the boilerplate array as well. Danno's original changeset: https://codereview.chromium.org/10615002/ Review URL: https://codereview.chromium.org/11663005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-08 09:03:16 +00:00
mstarzinger@chromium.org	0e46919c32	Fix missing exception check in typed array constructor. The typed array constructor might fail if the first argument is an object with a length property. Accessing the property can cause an exception to be thrown and an explicit check needs to be performed. R=verwaest@chromium.org BUG=chromium:168545 TEST=mjsunit/regress/regress-crbug-168545.js Review URL: https://codereview.chromium.org/11777014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13325 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-07 14:01:04 +00:00
danno@chromium.org	4246ac3009	Generalize calling to C++ on stub deopt Remove code specific to KeyedLoadICs in DoCompiledStubFrame on all platforms, driving stub frame translation by the register parameter information found in a stub's CodeStubInterfaceDescriptor. Review URL: https://codereview.chromium.org/11635015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-07 10:06:11 +00:00
yangguo@chromium.org	4ee20d857b	Check for read-only-ness when preparing for array sort. R=verwaest@chromium.org BUG=v8:2419 Review URL: https://chromiumcodereview.appspot.com/11759022 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-01-04 15:24:47 +00:00
yangguo@chromium.org	e536abb777	Handle non-constant divisor in MathFloorOfDiv, on ia32/x64 Zheng Liu zheng.z.liu@intel.com Review URL: https://chromiumcodereview.appspot.com/11624022 Patch from Zheng Liu <zheng.z.liu@intel.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-28 15:52:17 +00:00
yangguo@chromium.org	2f821f1ed9	Revert r13188, r13194, r13256 (Deferred formatting of error stack trace during GC). R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11678006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-27 13:12:27 +00:00
ulan@chromium.org	b64f834383	Fix x64 MathMinMax for negative untagged int32 arguments. An untagged int32 has zeros in the upper half even if it is negative. Using cmpq to compare such numbers will incorrectly ignore the sign. BUG=164442 R=mvstanton@chromium.org Review URL: https://chromiumcodereview.appspot.com/11665007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-21 17:52:00 +00:00
danno@chromium.org	653a66f527	ARM: Use division instructions in lithium and stubs BUG=none TEST=Added to test/mjsunit/math-floor-of-div.js, math-floor-of-div-nosudiv.js Review URL: https://codereview.chromium.org/11316105 Patch from Martyn Capewell <m.m.capewell@googlemail.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-20 16:31:19 +00:00
yangguo@chromium.org	a3f16f8e65	Fix several bugs in error stack trace formatting. GetScriptWrapper can be called recursively: GetScriptWrapper -> GC -> DeferredFormatStackTrace -> GetScriptWrapper GC-unsafe code in ErrorObjectList::DeferredFormatStackTrace Enable overwriting Error.prepareStackTrace by itself while not causing infinity recursion when it triggers an exception. R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11649037 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-20 16:25:26 +00:00
rossberg@chromium.org	97eba9d3cd	Object.observe: fix observation for optimised in/decrement and compound assignment. R=svenpanne@chromium.org BUG=v8:2409 Review URL: https://codereview.chromium.org/11642042 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-20 15:03:30 +00:00
rossberg@chromium.org	d2ed67a958	Object.observe: temporarily disable one test to unbreak ARM. R=danno@chromium.org BUG= Review URL: https://codereview.chromium.org/11646004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-20 14:12:41 +00:00
yangguo@chromium.org	362218a037	Deopt on overflow in integer mod. R=ulan@chromium.org BUG=166379 Review URL: https://chromiumcodereview.appspot.com/11618017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-19 12:01:22 +00:00
rossberg@chromium.org	c9da5fadcb	Object.observe: Change semantics of deliverChangeRecords to iterate. Added test for recursive change generation. R=yangguo@chromium.org BUG=v8:2409 Review URL: https://codereview.chromium.org/11593028 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13239 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-19 09:51:46 +00:00
danno@chromium.org	1f4b4625ff	Re-land Crankshaft-generated KeyedLoad stubs. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/11528003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-18 16:25:45 +00:00
ulan@chromium.org	8574054b59	Correctly handle negative codes in String.fromCharCode() BUG=166553 R=yangguo@chromium.org Review URL: https://chromiumcodereview.appspot.com/11576069 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13235 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-18 12:37:57 +00:00
rossberg@chromium.org	c6bb497437	Simplify implementation of assignment-to-const checks. Also, add test that assignment to function name is a syntax error with harmony scoping. Does not fix issue 2243 directly, but with ES6, the required behaviour will change to what is implemented already anyway. R=yangguo@chromium.org BUG=v8:2243 Review URL: https://codereview.chromium.org/11607016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13234 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-18 12:00:50 +00:00
yangguo@chromium.org	6e953d51af	Make sure error message formatting does not have side effects. R=vegorov@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11598011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-17 14:00:50 +00:00
peter.rybin@gmail.com	133957e743	Fix set variable value bug: a function argument must be updated in 2 places Review URL: https://codereview.chromium.org/11519020 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-14 18:36:51 +00:00
rossberg@chromium.org	1080d2aade	Object.oberve: assertions to narrow down flaky crashes with array length mutation. R=mstarzinger@chromium.org BUG=v8:2409 Review URL: https://codereview.chromium.org/11566027 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-14 14:19:18 +00:00
rossberg@chromium.org	fb5a5e22ec	Object.observe: Make array length and other magic data properties work correctly. Also, disable TestFastElementsLength test for now, since it flakes on buildbots for yet unknown reasons. R=mstarzinger@chromium.org BUG=v8:2409 Review URL: https://codereview.chromium.org/11554019 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-13 09:31:44 +00:00
danno@chromium.org	facad070e9	Remove over-zealous hole checking in Array.slice() R=jkummerow@chromium.org BUG=chromium:165637 TEST=regress-165637.js Review URL: https://codereview.chromium.org/11442054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-12 15:20:45 +00:00
rossberg@chromium.org	76375de29d	Object.observe: prevent observed objects from using fast elements. This is necessary because polymorphic stores generally do not perform a map check but only an instance type check, which misses out on changes in the observation status. Unfortunately, there currently is no efficient way in V8 to maintain that optimisation in the presence of Object.observe. R=mstarzinger@chromium.org BUG=v8:2409 Review URL: https://codereview.chromium.org/11477006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-12 11:38:24 +00:00
peter.rybin@gmail.com	6eef2f0682	Issue 2399 part 2: In debugger allow modifying local variable values Review URL: https://codereview.chromium.org/11412310 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-11 23:27:38 +00:00
mmassi@chromium.org	ae54f9cfe0	Fix for when array bounds check elimination tries to modify a phi index. BUG= Review URL: https://chromiumcodereview.appspot.com/11486007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13193 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-11 14:23:04 +00:00
mstarzinger@chromium.org	07077798af	Disable GC stress for mjsunit/fast-prototype. R=yangguo@chromium.org TEST=mjsunit/fast-prototype --gc-interval=500 --stress-compaction Review URL: https://codereview.chromium.org/11534004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-11 10:33:04 +00:00
yangguo@chromium.org	72dfb27909	Fire 'stack' getter of error objects after GC. BUG=v8:2340 Review URL: https://chromiumcodereview.appspot.com/11377158 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-11 10:14:01 +00:00
danno@chromium.org	64fc1f99cb	Revert 13157, 13145 and 13140: Crankshaft code stubs. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/11498006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-10 11:09:12 +00:00
yangguo@chromium.org	c70a0f9334	Improve integer division on IA32 and X64 If the divisor is a Power-of-2 constant, we could use shifts instead of the expensive idiv instructions, which also loose the register constraints. Review URL: https://chromiumcodereview.appspot.com/11478043 Patch from Yuqiang Xian <yuqiang.xian@intel.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-10 11:02:22 +00:00
rossberg@chromium.org	9a0623f296	Object.observe support for Function 'prototype' property BUG=v8:2409 Review URL: https://codereview.chromium.org/11416353 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-10 10:53:57 +00:00
rossberg@chromium.org	3348b5c2b4	Allow lazy compilation (and thus optimisation) of functions inside eval. For strict-mode eval, this requires _disabling_ lazy parsing of inner functions, because we need to collect their free variables to do allocation for the eval scope properly. R=mstarzinger@chromium.org BUG=v8:2315 Review URL: https://codereview.chromium.org/11438042 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13161 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-07 10:35:50 +00:00
yangguo@chromium.org	3388f92e63	Fix spec violations in methods of Number.prototype. R=svenpanne@chromium.org BUG=v8:2443 Review URL: https://chromiumcodereview.appspot.com/11465005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13160 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-07 10:20:35 +00:00
yangguo@chromium.org	276c790c61	Iterate through all arguments for side effects in Math.min/max. R=svenpanne@chromium.org BUG=v8:2444 Review URL: https://chromiumcodereview.appspot.com/11444030 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13150 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-06 13:13:38 +00:00
yangguo@chromium.org	2200972f48	Update test expectations. Test failure has been fixed in r13050. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11450004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-06 13:13:01 +00:00
yangguo@chromium.org	c75ca45000	Improve array to string conversion. BUG=v8:2435 Review URL: https://chromiumcodereview.appspot.com/11348349 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-05 15:49:22 +00:00
yangguo@chromium.org	6c92aba643	Fix spec violations related to regexp.lastIndex BUG=v8:2437, v8:2438 Review URL: https://chromiumcodereview.appspot.com/11451005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13143 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-05 12:32:25 +00:00
rossberg@chromium.org	6b16d0bcae	Make Object.observe on the global object functional The approach in this change is to handle the unwrapping/wrapping of the global object transparently with respect to the JS implementation of Object.observe. An alternate approach would be to add a runtime method like %IsJSGlobalProxy and %UnwrapJSGlobalProxy, but it seems ugly to give JS (even implementation JS) access to the unwrapped global. BUG=v8:2409 Review URL: https://codereview.chromium.org/11414094 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-05 12:03:57 +00:00
rossberg@chromium.org	23850c16b2	Object.observe: notify of __proto__ changes BUG=v8:2409 Review URL: https://codereview.chromium.org/11299260 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13141 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-05 11:47:45 +00:00
danno@chromium.org	f19959cd22	Enable stub generation using Hydrogen/Lithium (again) This initial implementation generates only KeyedLoadICs using the new Hydrogen stub infrastructure. Committed: https://code.google.com/p/v8/source/detail?r=13105 Committed: https://code.google.com/p/v8/source/detail?r=13117 Review URL: https://codereview.chromium.org/10701054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-05 11:04:10 +00:00
peter.rybin@gmail.com	be4418bae0	Issue 2429, core implementation and the protocol change Review URL: https://codereview.chromium.org/11421100 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13123 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-03 21:47:39 +00:00
peter.rybin@gmail.com	4b3e67070e	Issue 2399 part 1: In debugger allow modifying local variable values Review URL: https://codereview.chromium.org/11415042 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-03 20:29:29 +00:00
danno@chromium.org	66f6a8182c	Revert 13117: "Enable stub generation using Hydrogen/Lithium (again)" TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/11415261 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-03 17:16:51 +00:00
yangguo@chromium.org	702cc25def	Optimize non-ASCII string splitting with single-character search pattern Review URL: https://chromiumcodereview.appspot.com/11299163 Patch from Ben Noordhuis <ben@c9.io>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13119 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-03 16:48:17 +00:00
danno@chromium.org	78b09625d5	Enable stub generation using Hydrogen/Lithium (again) This initial implementation generates only KeyedLoadICs using the new Hydrogen stub infrastructure. Committed: https://code.google.com/p/v8/source/detail?r=13105 Review URL: https://codereview.chromium.org/10701054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-03 15:51:05 +00:00
rossberg@chromium.org	45f42b04c1	When notifying observers of a truncated array, don't call getters on deleted element indices BUG=v8:2409 Review URL: https://codereview.chromium.org/11414177 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-12-03 13:34:08 +00:00
danno@chromium.org	0a3bcc8c05	Revert 13105: "Enable stub generation using Hydrogen/Lithium." TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/11414262 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-30 17:45:45 +00:00
danno@chromium.org	c115ff4e33	Enable stub generation using Hydrogen/Lithium. This initial implementation generates only KeyedLoadICs using the new Hydrogen stub infrastructure. Review URL: https://codereview.chromium.org/10701054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13105 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-30 17:31:30 +00:00
verwaest@chromium.org	7553f0d68e	CopyPackedSmiToDoubleElements should fill the FixedDoubleArray with holes BUG=v8:2433 Review URL: https://chromiumcodereview.appspot.com/11280223 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-29 08:34:19 +00:00
yangguo@chromium.org	028f85a244	Include more information in --prof log. Main changes: - include timestamps in profile ticks - include code kind in code create events - time execution in external code - changed plot-timer-events.js to show the code kind being executed R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11428025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-28 11:01:10 +00:00
verwaest@chromium.org	09b1574baa	Make ElementsAccessors more tolerant of varying backing store types This avoids bogus calls to Fixed*Array::cast() when FastElements-backed objects are empty (and thus backed by empty_fixed_array). Review URL: https://chromiumcodereview.appspot.com/11299190 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-28 08:41:45 +00:00
verwaest@chromium.org	1b0e373f09	Avoid double initialization of arrays. Review URL: https://chromiumcodereview.appspot.com/11413179 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-27 12:01:14 +00:00
verwaest@chromium.org	beeb751278	Ensure we do not clobber the register holding the elements backing store. Review URL: https://chromiumcodereview.appspot.com/11316168 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-26 15:58:27 +00:00
verwaest@chromium.org	ebeaad6cb5	Ensure double arrays are filled with holes when extended from variations of empty arrays. BUG=162085 Review URL: https://chromiumcodereview.appspot.com/11414155 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13056 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-26 14:29:21 +00:00
jkummerow@chromium.org	79563b22c9	Faster implementation of Math.exp() Review URL: https://codereview.chromium.org/11418149 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-26 13:12:35 +00:00
rossberg@chromium.org	5593b956b2	Censor .caller if it is a strict function instead of throwing. For details, see: http://www.mail-archive.com/es-discuss@mozilla.org/msg19322.html https://bugs.ecmascript.org/show_bug.cgi?id=310 R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/11417140 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13049 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-23 15:47:58 +00:00
rossberg@chromium.org	21b7af787f	Fix strict mode test case, so that it succeeds for the right reason. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/11348196 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13048 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-23 15:45:03 +00:00
rossberg@chromium.org	085bf78c70	Object.observe: Tests for __define{G,S}etter__. R=adamk@chromium.org,rafaelw@chromium.org BUG= Review URL: https://codereview.chromium.org/11348193 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13047 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-23 15:43:54 +00:00
danno@chromium.org	6db4bc2f4d	Force small array literals to have FAST_ELEMENTs R=verwaest@chromium.org Review URL: https://codereview.chromium.org/11414139 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13042 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-23 13:23:39 +00:00
mmassi@chromium.org	a0582112f8	Revert r13025 and r13026 (they introduced a bug on arm and regressed octane crypto). BUG= Review URL: https://chromiumcodereview.appspot.com/11316151 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13039 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-23 10:53:03 +00:00
rossberg@chromium.org	07481867a1	Object.observe: More tests for accessor reconfiguration. R=adamk@chromium.org,rafaelw@chromium.org BUG= Review URL: https://codereview.chromium.org/11280118 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13035 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-22 10:31:42 +00:00
rossberg@chromium.org	ce05280bfc	Get rid of static module allocation, do it in code. Modules now have their own local scope, represented by their own context. Module instance objects have an accessor for every export that forwards access to the respective slot from the module's context. (Exports that are modules themselves, however, are simple data properties.) All modules have a _hosting_ scope/context, which (currently) is the (innermost) enclosing global scope. To deal with recursion, nested modules are hosted by the same scope as global ones. For every (global or nested) module literal, the hosting context has an internal slot that points directly to the respective module context. This enables quick access to (statically resolved) module members by 2-dimensional access through the hosting context. For example, module A { let x; module B { let y; } } module C { let z; } allocates contexts as follows: [header\| .A \| .B \| .C \| A \| C ] (global) \| \| \| \| \| +-- [header\| z ] (module) \| \| \| +------- [header\| y ] (module) \| +------------ [header\| x \| B ] (module) Here, .A, .B, .C are the internal slots pointing to the hosted module contexts, whereas A, B, C hold the actual instance objects (note that every module context also points to the respective instance object through its extension slot in the header). To deal with arbitrary recursion and aliases between modules, they are created and initialized in several stages. Each stage applies to all modules in the hosting global scope, including nested ones. 1. Allocate: for each module _literal_, allocate the module contexts and respective instance object and wire them up. This happens in the PushModuleContext runtime function, as generated by AllocateModules (invoked by VisitDeclarations in the hosting scope). 2. Bind: for each module _declaration_ (i.e. literals as well as aliases), assign the respective instance object to respective local variables. This happens in VisitModuleDeclaration, and uses the instance objects created in the previous stage. For each module _literal_, this phase also constructs a module descriptor for the next stage. This happens in VisitModuleLiteral. 3. Populate: invoke the DeclareModules runtime function to populate each _instance_ object with accessors for it exports. This is generated by DeclareModules (invoked by VisitDeclarations in the hosting scope again), and uses the descriptors generated in the previous stage. 4. Initialize: execute the module bodies (and other code) in sequence. This happens by the separate statements generated for module bodies. To reenter the module scopes properly, the parser inserted ModuleStatements. R=mstarzinger@chromium.org,svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/11093074 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-22 10:25:22 +00:00
rossberg@chromium.org	4751776dce	Object.observe: Unblacklist some tests involving indexed properties These were erroneously disabled because they were expecting indexed properties to be of Number type when appearing as the "name" in change records. But the "name" property will always be a string. Fixed assertRecordsEqual() to enforce this in expectations. BUG=v8:2409 Review URL: https://codereview.chromium.org/11280105 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-21 12:50:49 +00:00
mmassi@chromium.org	5e7f30a596	Use the property load IC for accessing the array length. BUG= Review URL: https://chromiumcodereview.appspot.com/11299004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-21 11:49:15 +00:00
yangguo@chromium.org	89bc2eb93f	Actually relax test expectations for known failing test. This corrects r13011. R=mstarzinger@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11415093 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-21 09:32:06 +00:00
jkummerow@chromium.org	a956594fc2	Fix corner case in x64 compare stubs. BUG=v8:2416 Review URL: https://codereview.chromium.org/11413087 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-20 15:57:10 +00:00
rossberg@chromium.org	6add3222ed	Object.observe: Add test case covering most special cases. Things not working yet are currently blacklisted in the test (see TODOs). R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/11377157 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-20 14:45:21 +00:00
yangguo@chromium.org	bfbca55d02	Relax test expectations for known failing test. BUG= Review URL: https://chromiumcodereview.appspot.com/11299100 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-20 12:31:41 +00:00
rossberg@chromium.org	1570d62721	Object.observe/unobserve now return object BUG=v8:2418 Review URL: https://codereview.chromium.org/11419078 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13009 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-20 10:38:14 +00:00
verwaest@chromium.org	08cfda49f2	Ensure CopyElementsImpl is always executed so it fills in holes even if from_size is 0. Allow FixedDoubleArray::cast to also support FixedArray with size 0. Review URL: https://chromiumcodereview.appspot.com/11280054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-19 15:00:34 +00:00
yangguo@chromium.org	d2a6e7b40d	Fix test failures. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11414030 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12992 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-16 14:24:19 +00:00
rossberg@chromium.org	8d79ff46d0	Clean-up refactoring to eliminate GetLocalElementKind. Eliminates substantial amounts of fragile code duplication and special casing. Also fixes "a".propertyIsEnumerable(0) to correctly return true. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/11420011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-16 13:28:34 +00:00
mstarzinger@chromium.org	3d1582c474	Fix Array.prototype.join evaluation order. R=yangguo@chromium.org BUG=v8:2263 TEST=mjsunit/regress/regress-2263 Review URL: https://codereview.chromium.org/11280025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12989 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-16 12:45:23 +00:00
yangguo@chromium.org	af6f7742e0	Fix test failures. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11299033 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-16 11:58:21 +00:00
yangguo@chromium.org	63f109aaa5	Introduce helper functions to test parallel recompilation. BUG= Review URL: https://chromiumcodereview.appspot.com/11419012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12986 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-16 10:57:50 +00:00
rossberg@chromium.org	2e76922c79	Object.observe: Use [[DefineOwnProperty]] to create properties of changeRecord. Note: The test here requires https://codereview.chromium.org/11364237/ to land in order to pass because Object.freeze calls Object.getOwnPropertyNames(). BUG=v8:2411 Review URL: https://codereview.chromium.org/11377171 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12983 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-16 09:35:27 +00:00
rossberg@chromium.org	af824eab8f	When using an Object as a set in Object.getOwnPropertyNames, null out the proto Also apply the same fix elsewhere in v8natives.js BUG=v8:2410 Review URL: https://codereview.chromium.org/11364237 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12982 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-16 09:32:39 +00:00
verwaest@chromium.org	a08194c83a	Support all fast elements kinds in the major array operations. Currently missing support for unshift. BUG= Review URL: https://chromiumcodereview.appspot.com/11377132 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-15 12:19:14 +00:00
rossberg@chromium.org	4fb992a872	Object.observe: Handle oldValue for elements with accessors properly. Extended ElementAccessor interface to allow querying PropertyType and AccessorPair. Also added respective functionality to JSObject. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/11358234 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-15 11:31:40 +00:00
rossberg@chromium.org	5e7b796479	Object.observe: Move notification of JSArray length changes to JSArray::SetElementsLength The previous implementation in Accessors::ArraySetLength failed when array length was set through StoreIC_ArrayLength. But that stub and the accessor both delegate to JSArray::SetElementsLength, so moving the code there allows notifications to be sent in both cases. Review URL: https://codereview.chromium.org/11275292 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12962 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-14 16:51:21 +00:00
jkummerow@chromium.org	1c086d1202	Lattice-based representation inference, powered by left/right specific type feedback for BinaryOps and comparisons Review URL: https://chromiumcodereview.appspot.com/10837165 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-14 15:59:45 +00:00
ulan@chromium.org	74492ab2d4	Emit VMLA for multiply-add on ARM Review URL: https://chromiumcodereview.appspot.com/11293061 Patch from Hans Wennborg <hans@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-14 11:01:18 +00:00
yangguo@chromium.org	4783d3c31b	Remove 'type' and 'arguments' properties from Error object. R=svenpanne@chromium.org BUG=v8:2397 Review URL: https://chromiumcodereview.appspot.com/11358214 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12956 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-14 09:14:47 +00:00
peter.rybin@gmail.com	bb53dc6890	Issue 2368: LiveEdit crashes when new object/array literal is added Review URL: https://codereview.chromium.org/11191039 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12952 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-13 19:13:27 +00:00
rossberg@chromium.org	36c3d01589	Object.unobserve(obj, callback) now throws a TypeError when callback is not a function. Review URL: https://codereview.chromium.org/11293248 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12950 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-13 15:50:59 +00:00
yangguo@chromium.org	693ee09cf3	Correctly check for stack overflow even when interrupt is pending. BUG=v8:214 Review URL: https://chromiumcodereview.appspot.com/11362007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-12 14:56:25 +00:00
yangguo@chromium.org	4c27298d27	Collect stack trace on stack overflow. BUG=v8:2394 Review URL: https://chromiumcodereview.appspot.com/11275186 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-12 14:54:29 +00:00
yangguo@chromium.org	e3e899fe53	Correctly fix test expectations. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11369183 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12931 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-12 14:07:21 +00:00
yangguo@chromium.org	eea60ff76a	Fix test expectations. R=jkummerow@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11361217 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12928 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-12 12:29:15 +00:00
yangguo@chromium.org	4cca6c6081	Make formatting error message side-effect-free. BUG=v8:2398 Review URL: https://chromiumcodereview.appspot.com/11359130 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-12 10:33:20 +00:00
yangguo@chromium.org	ef1b3d3a76	Fix length check in JSON.stringify. R=verwaest@chromium.org BUG=160010 Review URL: https://chromiumcodereview.appspot.com/11410031 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12925 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-12 10:20:07 +00:00
rossberg@chromium.org	0e7306cc92	Implement Object.getNotifier() and remove Object.notify() Updated all tests to use getNotifier or actual object mutation instead of notify, and added tests for new behavior of getNotifier. Review URL: https://codereview.chromium.org/11369154 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-09 16:14:42 +00:00
rossberg@chromium.org	af7bfe0e27	Minimal implementation and tests of observable array methods Bail out of any special-casing in array methods. Further optimization is possible, but can be left for later. Review URL: https://codereview.chromium.org/11369151 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-09 12:28:22 +00:00
rossberg@chromium.org	13f8fb47da	Add more test coverage for setting Array.length Covers truncation of holey arrays and defineProperty('length'). Review URL: https://codereview.chromium.org/11369150 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12915 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-09 11:00:13 +00:00
rossberg@chromium.org	b72e5811e7	Object.observe: notify when element addition causes array growth Review URL: https://codereview.chromium.org/11369135 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12914 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-09 10:57:54 +00:00
mstarzinger@chromium.org	2d69a2b12e	ES6: Add support for Set and Map clear method http://wiki.ecmascript.org/doku.php?id=harmony:specification_drafts, section 15.14.5.3 and 15.14.5.2 BUG=v8:2400 Review URL: https://codereview.chromium.org/11409002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-09 09:01:29 +00:00
yangguo@chromium.org	64da47559c	Turn message property of the error object into a data property. R=svenpanne@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11368142 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12908 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-09 08:22:02 +00:00
rossberg@chromium.org	2af4744889	Handle Object.observe notifications for setting Array.length Also handles notification of deleted properties when an array is truncated by setting length. Review URL: https://codereview.chromium.org/11338048 Patch from Adam Klein <adamk@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-08 16:12:12 +00:00
rossberg@chromium.org	8eb704257f	Object.observe: Fixed missing case for turning off ICs. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/11358122 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-08 13:15:54 +00:00
rossberg@chromium.org	fbc6e0d883	Object.observe: generate change records for indexed properties. Details: - Extend ElementAccessors with GetAttributes method. - Add HasLocalElement, Get[Local]ElementAttribute methods to JSReceiver/JSObject. - Otherwise, mirror implementation for named properties. Cannot correctly handle the cases yet where an accessor is redefined or deleted. Also fixed handling of object info table. (Based on CL https://codereview.chromium.org/11362115/) R=verwaest@chromium.org,mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/11365111 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-08 12:58:08 +00:00
mstarzinger@chromium.org	a31889e2de	Fix slack tracking when instance prototype changes. This fixes a corner case when the instance prototype of a function is changed while inobject slack tracking is still in progress. This caused the intial map to be unrelated for functions with the same shared info and hence the shared construct stub is no longer generic enough to work for all those functions. R=danno@chromium.org BUG=chromium:157019 TEST=mjsunit/regress/regress-crbug-157019 Review URL: https://codereview.chromium.org/11293059 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-08 11:56:44 +00:00
rossberg@chromium.org	e059e64c98	Object.observe: include oldValue in change records, plus more accurate distinction of different change types. Required handlifying more code. Also fixed a handlification bug in JSProxy::GetElementAttributeWithHandler. R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/11362115 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12888 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-07 14:14:50 +00:00
yangguo@chromium.org	ecb6126e45	Remove check for recursion depth for JSON.stringify. R=mstarzinger@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11368119 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-07 12:12:52 +00:00
mstarzinger@chromium.org	e405ff84b4	ES6: Adding support for size to Set and Map Section 15.14.5.10 and 15.16.5.7 in the October 26, 2012 ES6 draft, http://wiki.ecmascript.org/doku.php?id=harmony:specification_drafts This adds a getter for "size" to Set.prototype and Map.prototype which reflects the number of elements in the Set and Map respectively. BUG=v8:2395 Review URL: https://codereview.chromium.org/11360089 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12875 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-06 18:14:45 +00:00
rossberg@chromium.org	b80cbd7922	Object.observe: generate change records for named properties. In more detail: - Set observation bit for observed objects (and make NormalizedMapCache respect it). - Mutation of observed objects is always delegated from ICs to runtime. - Introduce JS runtime function for notifying generated changes. - Invoke this function in the appropriate places (including some local refactoring). - Inclusion of oldValue field is not yet implemented, nor element properties. Also, shortened flag to --harmony-observation. R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/11347037 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-06 12:32:36 +00:00
ulan@chromium.org	f106c9c9f7	Add rotate-right instruction to hydrogen and use it instead of bitwise operations of the form ((x >>> i) \| (x << (32 - i))). This CL is based on https://chromiumcodereview.appspot.com/10984057/ by Jay Conrod <dconrod@codeaurora.org>. R=danno@chromium.org,mstarzinger@chromium.org,dconrod@codeaurora.org Review URL: https://chromiumcodereview.appspot.com/11033005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-05 13:28:10 +00:00
yangguo@chromium.org	e452c10702	Add fast path for FastProperty objects in JSON.stringify. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11363078 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-05 12:59:35 +00:00
yangguo@chromium.org	e26012e771	Fix JSON.stringify wrt harmony proxies. BUG= Review URL: https://chromiumcodereview.appspot.com/11312063 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-05 10:53:56 +00:00
svenpanne@chromium.org	9de1d40d28	Improve handling of property loads on the proto chain. Previously Crankshaft emitted a generic load for these, now we emit a load of a named field, guarded by a proto chain check. LCheckPrototypeMaps now returns the holder, which is for free, because it already had to check its map as the last step, anyway. This is in sync with what StubCompiler::CheckPrototype does. Review URL: https://codereview.chromium.org/11338030 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-05 08:53:54 +00:00
yangguo@chromium.org	e8d91b424c	Handle edge cases in basic JSON.stringify. BUG= Review URL: https://chromiumcodereview.appspot.com/11315009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-02 14:46:57 +00:00
verwaest@chromium.org	14abf05bd5	Ensure reducing the length of an array doesn't make it go holey. Also only transition and/or change anything to the backing store if we are actually going to delete anything. BUG= Review URL: https://chromiumcodereview.appspot.com/11358011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-11-02 10:24:56 +00:00
yangguo@chromium.org	fe7ec01096	Fix handling arrays with holes in JSON.stringify. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11273112 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-30 15:29:34 +00:00
yangguo@chromium.org	8ed2e560ea	Treat leading zeros in JSON.parse correctly. R=verwaest@chromium.org BUG=158185 Review URL: https://chromiumcodereview.appspot.com/11273075 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-29 12:01:29 +00:00
mstarzinger@chromium.org	e363cd3425	Fix ugly typo in GenerateNewNonStrictFast. R=svenpanne@chromium.org BUG=chromium:157520 TEST=mjsunit/regress/regress-crbug-157520 Review URL: https://codereview.chromium.org/11300008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12826 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-26 10:55:25 +00:00
yangguo@chromium.org	f6ed7f5e23	Relax test expectations for json-recursive.js R=mvstanton@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11311002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-26 07:52:18 +00:00
rossberg@chromium.org	ae93cf665d	Initial JS stub implementation of Object.observe. Adds support for .object/.unobserve/.notify/.deliverChangeRecords. No delivery mechanism is implemented for end-of-microtask. Review URL: https://codereview.chromium.org/11225058 Patch from Rafael Weinstein <rafaelw@google.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-25 14:56:44 +00:00
yangguo@chromium.org	e91473f057	Relax test expectations to appease mac build. R=mstarzinger@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11272029 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-25 12:39:41 +00:00
yangguo@chromium.org	58c82e93b3	Catch stack overflow in JSON.parse. BUG= Review URL: https://chromiumcodereview.appspot.com/11275039 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-25 12:36:40 +00:00
yangguo@chromium.org	e40b33d39e	Correctly check for stack limit in JSON.stringify. Changes include: - inline functions in a way as not to waste stack space. - reset StackReserveSize to the value prior to r12808. - check stack overflow dynamically. R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11271021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-25 12:18:24 +00:00
yangguo@chromium.org	b2d41f8fe8	Fix stack overflow in JSON.stringify. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11265011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-24 15:49:59 +00:00
yangguo@chromium.org	e50ee08ad6	Reland JSON.stringify reimplementation. BUG= Review URL: https://chromiumcodereview.appspot.com/11189112 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-22 14:22:58 +00:00
jkummerow@chromium.org	5ea870f855	tools/run-tests.py: A few timeout-related fixes Review URL: https://codereview.chromium.org/11230029 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-22 14:13:01 +00:00
yangguo@chromium.org	e41250a390	Revert r12760 (JSON.stringify). R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11225026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-22 11:11:22 +00:00
yangguo@chromium.org	8148f972e8	Stress GC less by allocating exponentially growing string chunks in JSON.stringify. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11232002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-19 12:39:43 +00:00
yangguo@chromium.org	f910052543	Always invoke the default Array.sort functions from builtin functions, part 2. R=vegorov@chromium.org BUG=v8:2372 Review URL: https://chromiumcodereview.appspot.com/11175007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-19 12:30:18 +00:00
ulan@chromium.org	06a9f51ccb	Adjust Android test expectations. Disable long running tests: - test-threads/ThreadJoinSelf in release and debug modes. - regress/regress-1122 in debug mode. Disable failing test: - preparser/strict-octal-regexp (v8 issue 2265). R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/11185073 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-19 09:28:23 +00:00
verwaest@chromium.org	fa53250dd2	Fixed json regression BUG=v8:2374 Review URL: https://chromiumcodereview.appspot.com/11186059 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-19 08:23:45 +00:00
verwaest@chromium.org	7bc94a92c5	Fixed error introduced in r12761. BUG=2373 Review URL: https://chromiumcodereview.appspot.com/11198068 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-18 18:43:19 +00:00
yangguo@chromium.org	7a653c1675	Reimplement a simpler version of JSON.stringify. BUG= Review URL: https://chromiumcodereview.appspot.com/11186025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-18 14:42:26 +00:00
yangguo@chromium.org	a7f3edb818	Make sure the fast case of ScanJsonString bails out to the slow case correctly. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/11185050 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-18 13:15:05 +00:00
fschneider@chromium.org	971e834a8d	Always invoke the default Array.sort functions from builtin functions. TEST=mjsunit/regress/regress-builtin-array-op.js BUG=v8:2372 Review URL: https://chromiumcodereview.appspot.com/10559005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12752 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-18 11:18:08 +00:00
mstarzinger@chromium.org	02490829dd	Fix bug in deletion of indexed properties The delete operator always return true in case of indexed property. It should return false if an indexed property can't be deleted (eg. DontDelete attribute is set or a string object is the holder). Contributed by Peter Varga <pvarga@inf.u-szeged.hu> BUG=none TEST=mjsunit/delete-non-configurable Review URL: https://codereview.chromium.org/11094021 Patch from Peter Varga <pvarga@inf.u-szeged.hu>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-15 15:23:22 +00:00
verwaest@chromium.org	7c28995e5d	Invalidate the enum cache when converting a transition across which the descriptors are shared. Review URL: https://chromiumcodereview.appspot.com/11145017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-15 08:38:51 +00:00
ulan@chromium.org	c969afe137	Reland r12342: Flush monomorphic ICs on context disposal instead of context exit. The crashes that caused r12342 to be reverted are fixed in r12563. R=mstarzinger@chromium.org Review URL: https://chromiumcodereview.appspot.com/11092081 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-12 13:49:12 +00:00
verwaest@chromium.org	b75705f07b	Don't clear EnumLength but rather copy the enum cache. Added regression test for crashes from chromecrash. Review URL: https://chromiumcodereview.appspot.com/11103036 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-11 15:33:34 +00:00
rossberg@chromium.org	348736efaa	Find a stack limit for the test that works on both Win32 and Linux64. R=mstarzinger@chromium.org BUG=151625 Review URL: https://codereview.chromium.org/11086073 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-11 13:10:24 +00:00
rossberg@chromium.org	ddbd426821	Increase stack size for test to work on x64. R=jkummerow@chromium.org BUG=151625 Review URL: https://codereview.chromium.org/11098070 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-11 12:11:46 +00:00
rossberg@chromium.org	00132da734	Bump variable limit further to 2^17. R=jkummerow@chromium.org BUG=151625 Review URL: https://codereview.chromium.org/11099063 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-11 11:40:10 +00:00
verwaest@chromium.org	dde1cdfb8e	Fix transition conversion from CONSTANT_FUNCTION to FIELD. Review URL: https://chromiumcodereview.appspot.com/11094044 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-10 12:31:50 +00:00
verwaest@chromium.org	55e924c595	Fix CNLT regression. This happens when a map A with no descriptors in fast_holey_elements mode first gets some properties, making it share descriptor arrays with a map B to which it transitions. Then map A transitions elements kind to dictionary_elements in map C. C stores the empty_descriptor_array in its own transition array. When adding a property to C, C transitions to D and shares the descriptors. If D dies, a CNLT clears the transition array of C, making the descriptor array of A (and thus also of B) shine through. If a property is now added to an object in state C, it'll inherit all the properties of A (and B). If those properties had high field indices, we do not have a large enough backing store for the single newly added property, and we'll write out of bounds. BUG=chromium:151749 Review URL: https://chromiumcodereview.appspot.com/11017054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-10 12:29:44 +00:00
svenpanne@chromium.org	5d11c5ee69	Fixed Accessors::FunctionGetPrototype's proto chain traversal. Actually it didn't traverse that far... ;-) Did some cleanup on the way. R=rossberg@chromium.org BUG=chrome:143967 TEST=regress/regress-143967.js Review URL: https://codereview.chromium.org/11087004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-08 12:58:46 +00:00
rossberg@chromium.org	329cf12363	Make sure that names of temporaries do not clash with real variables. R=mstarzinger@chromium.org BUG=v8:2322 Review URL: https://codereview.chromium.org/11035054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-05 12:47:34 +00:00
rossberg@chromium.org	b07f38a46b	Reject local module declarations. R=mstarzinger@chromium.org BUG=150628 Review URL: https://codereview.chromium.org/11033025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-05 09:14:08 +00:00
rossberg@chromium.org	3f7b5c338a	Reject uses of lexical for-loop variable on the RHS. R=mstarzinger@chromium.org BUG=v8:2322 Review URL: https://codereview.chromium.org/11031045 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12664 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-05 09:07:53 +00:00
verwaest@chromium.org	efe955587e	Allow optimistically hoisting elements transitions over accesses. Review URL: https://chromiumcodereview.appspot.com/10972011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-10-01 16:22:43 +00:00
mmassi@chromium.org	8fbfad63cd	Avoid wrong imul deopt on ia32 and x64 (fixes v8 bug 2339). BUG=v8:2339 Review URL: https://chromiumcodereview.appspot.com/10963032 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-26 09:57:30 +00:00
erik.corry@gmail.com	72e9f1bea1	x64 and ARM: Fix issue 2346 (order of operations in keyed store on arrays) and turn get-own-property-descriptor.js test into a regression test. Review URL: https://chromiumcodereview.appspot.com/10985017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-25 13:35:42 +00:00
rossberg@chromium.org	20b1c426cf	Bump number of allowed variables per scope to 65535, to address GWT. R=jkummerow@chromium.org BUG=151625 Review URL: https://codereview.chromium.org/10965063 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12600 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 16:22:17 +00:00
jkummerow@chromium.org	43f038d4cd	Split test/mjsunit/debug-stepout-scope into smaller chunks Review URL: https://codereview.chromium.org/10969061 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 11:18:29 +00:00
jkummerow@chromium.org	8a3ec89824	Delete test/mjsunit/regress-1969. It was flaky, and its usefulness was doubtful. Review URL: https://codereview.chromium.org/10961075 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:48:14 +00:00
jkummerow@chromium.org	cc6fe90b2b	Remove trailing whitespace R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/10969064 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:44:04 +00:00
jkummerow@chromium.org	1e1470fca0	Speed up test/mjsunit/compiler/regress-or Review URL: https://codereview.chromium.org/10969063 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12593 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:08:01 +00:00
jkummerow@chromium.org	6dc2af06dc	Speed up test/mjsunit/compiler/regress-gvn Review URL: https://codereview.chromium.org/10956059 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:07:09 +00:00
jkummerow@chromium.org	d600358e6d	Split test/mjsunit/numops-fuzz into smaller chunks Review URL: https://codereview.chromium.org/10961065 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:06:06 +00:00
jkummerow@chromium.org	fbf5965db4	Split test/mjsunit/mul-exhaustive into smaller chunks Review URL: https://codereview.chromium.org/10958064 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:04:58 +00:00
jkummerow@chromium.org	a2fc134169	Split test/mjsunit/fuzz-natives into smaller chunks Review URL: https://codereview.chromium.org/10970058 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:03:49 +00:00
jkummerow@chromium.org	1bfbfc34ad	Split test/mjsunit/math-floor into smaller chunks Review URL: https://codereview.chromium.org/10967064 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:02:44 +00:00
jkummerow@chromium.org	bafa150f99	Speed up test/mjsunit/greedy.js Review URL: https://codereview.chromium.org/10969062 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:01:35 +00:00
jkummerow@chromium.org	d88069821c	Speed up test/mjsunit/debug-multiple-breakpoints Review URL: https://codereview.chromium.org/10961064 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 10:00:25 +00:00
jkummerow@chromium.org	6a617a7b23	Speed up test/mjsunit/d8-os by reducing sleep times Review URL: https://codereview.chromium.org/10973003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 09:57:16 +00:00
jkummerow@chromium.org	cf0cae7eb1	Speed up test/mjsunit/regress/regress-crbug-119926 Review URL: https://codereview.chromium.org/10958063 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 09:56:11 +00:00
jkummerow@chromium.org	975d6e2170	First commit of new tools/run-tests.py Review URL: https://codereview.chromium.org/10919265 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-24 09:38:46 +00:00
verwaest@chromium.org	083ee63a83	Fix CNLT for enum indices. Review URL: https://chromiumcodereview.appspot.com/10958015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-20 15:18:00 +00:00
verwaest@chromium.org	ea31f868e8	Deopt on storing undefined into double elements. Review URL: https://chromiumcodereview.appspot.com/10963010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12568 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-20 13:41:00 +00:00
ulan@chromium.org	a0dfdfc273	Revert r12530 "Tentatively reenable previous failing test." BUG=v8:2341 R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/10964015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-20 11:28:33 +00:00
jkummerow@chromium.org	a8e502fe60	Fix LBoundsCheck on x64 to handle (stack slot + constant) correctly BUG=150729 Review URL: https://codereview.chromium.org/10959009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-20 09:56:24 +00:00
jkummerow@chromium.org	83da019a46	Move regress-2286.js where it belongs Review URL: https://codereview.chromium.org/10957013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-20 09:55:19 +00:00
mmassi@chromium.org	9dc822ca13	Fixed minus zero test (fixes v8:2133). BUG=v8:2133 Review URL: https://chromiumcodereview.appspot.com/10937013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-19 12:48:49 +00:00
mstarzinger@chromium.org	c012afb6d4	Fix setting array length to zero for slow elements. R=verwaest@chromium.org BUG=chromium:146910 TEST=mjsunit/regress/regress-crbug-146910 Review URL: https://codereview.chromium.org/10937026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12547 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-19 11:52:33 +00:00
mstarzinger@chromium.org	f0dcaf9a19	Fix lost arguments dropping in HLeaveInlined. This fixes HleaveInlined to correctly drop pushed arguments on all code paths and addresses a corner case where the arguments stack height mismatched at an OSR entry point. R=jkummerow@chromium.org BUG=chromium:150545 TEST=mjsunit/regress/regress-crbug-150545 Review URL: https://codereview.chromium.org/10938016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-19 08:13:46 +00:00
yangguo@chromium.org	783d10197a	Tentatively reenable previous failing test. R=mstarzinger@chromium.org BUG=v8:2261 Review URL: https://chromiumcodereview.appspot.com/10907254 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-17 14:19:11 +00:00
yangguo@chromium.org	73462594ea	Change regress-2318 to trigger more quickly and reliably. BUG=v8:2336 Review URL: https://chromiumcodereview.appspot.com/10913294 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-17 13:21:59 +00:00
erik.corry@gmail.com	bafcfe5427	Fix misplaced assert in heap.cc. Bug=2336 Review URL: https://chromiumcodereview.appspot.com/10911334 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-17 11:38:24 +00:00
yangguo@chromium.org	cb72bf5735	Fix debugger's eval when close to stack overflow. R=verwaest@chromium.org BUG=v8:2318 Review URL: https://chromiumcodereview.appspot.com/10914290 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-14 13:40:32 +00:00
verwaest@chromium.org	ad4746c8a3	CNLT with descriptors but no valid enum fields has to clear the EnumCache. Review URL: https://chromiumcodereview.appspot.com/10928204 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-14 13:15:43 +00:00
mstarzinger@chromium.org	77a7d9f539	Fix caching of optimized code for OSR. This makes sure we do not share optimized code across closures that were optimized using OSR (for a particular OSR entry AST id) even if caching of optimized code kicks in. R=danno@chromium.org BUG=v8:2326 TEST=mjsunit/regress/regress-2326 Review URL: https://codereview.chromium.org/10933088 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-14 10:41:31 +00:00
verwaest@chromium.org	1d1adaf9d3	Ensure correct enumeration indices in the dict BUG=chromium:148376 Review URL: https://chromiumcodereview.appspot.com/10908216 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12494 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-13 08:52:55 +00:00
mmassi@chromium.org	22aed1cddd	Fixed bounds check removal by restricting it to int32 indexes (and reenabled both ABCR and index dehoisting). BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10905232 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-12 17:00:25 +00:00
yangguo@chromium.org	67d0506622	Correctly initialize regexp global cache. R=ulan@chromium.org BUG=148378 Review URL: https://chromiumcodereview.appspot.com/10905239 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12491 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-12 15:26:43 +00:00
mstarzinger@chromium.org	f37f504de5	Fix arguments object materialization during deopt. This fixes materialization of arguments objects for strict mode functions during deoptimization. We materialize arguments from the stack area where optimized code pushes the arguments when entering the inlined environment. For adapted invocations we use the arguments adaptor frame for materialization. R=svenpanne@chromium.org BUG=v8:2261 TEST=mjsunit/regress/regress-2261,mjsunit/compiler/inline-arguments Review URL: https://chromiumcodereview.appspot.com/10908194 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12489 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-12 12:28:42 +00:00
ulan@chromium.org	a9162af1af	Fix delta computation in DoDeferredInstanceOfKnownGlobal() for ARM. BUG=v8:2314 R=yangguo@chromium.org Review URL: https://chromiumcodereview.appspot.com/10908195 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12478 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-11 11:36:48 +00:00
peter.rybin@gmail.com	bda5ce9cd6	Introduce InternalProperty type and expose internal properties for bound functions Committed: https://code.google.com/p/v8/source/detail?r=12346 Review URL: https://chromiumcodereview.appspot.com/10834376 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-10 23:17:04 +00:00
mstarzinger@chromium.org	f6cd2403e3	Fix deoptimizer for shared optimized code. The deoptimizer searched the stack for activations of the same function to determine whether to trigger lazy deopting. Since we share optimized code we actually need to search for activations of the same code (but potentially different functions). R=jkummerow@chromium.org BUG=chromium:147475 TEST=mjsunit/regress/regress-crbug-147475 Review URL: https://chromiumcodereview.appspot.com/10917162 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12473 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-10 11:05:17 +00:00
yangguo@chromium.org	1a0c14f12c	Add checks to runtime functions. BUG= Review URL: https://chromiumcodereview.appspot.com/10915062 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-10 08:35:26 +00:00
svenpanne@chromium.org	7af6883098	Fixed deoptimization of inlined getters. It is necessary to explicitly handle the internal frame lying between the caller of the getter and the getter itself in the deoptimizer: When the getter is inlined, leaving the internal frame restores the correct context. BUG=http://crbug/134609 TEST=mjsunit/regress/regress-crbug-134609 Review URL: https://chromiumcodereview.appspot.com/10910110 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-07 09:01:54 +00:00
erik.corry@gmail.com	9ff7ec1c4a	Fix binding in new Function(). Review URL: https://chromiumcodereview.appspot.com/10916114 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12442 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-05 11:45:58 +00:00
erik.corry@gmail.com	e5df02834b	Fix some corner cases in skipping native methods using caller. Review URL: https://chromiumcodereview.appspot.com/10911063 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12439 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-05 08:19:49 +00:00
verwaest@chromium.org	0c24942be7	Fixed test expectation. Review URL: https://chromiumcodereview.appspot.com/10913062 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-04 09:54:36 +00:00
verwaest@chromium.org	a8638c1570	Support register as right operand in min/max support. R=jkummerow@chromium.org BUG=chromium:145961 TEST=mjsunit/regress/regress-crbug-145961.js Review URL: https://chromiumcodereview.appspot.com/10914072 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-09-04 09:35:43 +00:00
yangguo@chromium.org	ddfae013a6	Disable test that triggers known bug. BUG=v8:2261 Review URL: https://chromiumcodereview.appspot.com/10910029 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-31 12:02:02 +00:00
yangguo@chromium.org	5dd51bafef	Cache results in SearchRegExpMultiple. BUG= Review URL: https://chromiumcodereview.appspot.com/10837290 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-31 09:28:01 +00:00
verwaest@chromium.org	90db487390	Elements load depends on the type of the receiver. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/10918005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12413 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-30 17:31:32 +00:00
rossberg@chromium.org	b0067e9cd5	Disable test that triggers known bug. R=verwaest@chromium.org BUG=v8:2261 Review URL: https://chromiumcodereview.appspot.com/10896005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-28 14:17:55 +00:00
rossberg@chromium.org	ccc827a6f8	Allocate block-scoped global bindings to global context. - The global object has a reference to the current global scope chain. Running a script adds to the chain if it contains global lexical declarations. - Scripts are executed relative to a global, not a native context. - Harmony let and const bindings are allocated to the innermost global context; var and function still live on the global object. (Lexical bindings are not reflected on the global object at all, but that will probably change later using accessors, as for modules.) - Compilation of scripts now needs a (global) context (previously only eval did). - The global scope chain represents one logical scope, so collision tests take the chain into account. R=svenpanne@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/10872084 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12398 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-28 11:25:08 +00:00
yangguo@chromium.org	7cbca775ee	Reland regexp global optimizations. BUG= Review URL: https://chromiumcodereview.appspot.com/10872010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-28 09:37:41 +00:00
ulan@chromium.org	7b1d13affc	Revert r12342 "Flush monomorphic ICs on context disposal instead of context exit." because of canary channel crashes. BUG=144230 R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/10868068 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-27 16:08:27 +00:00
danno@chromium.org	3544e2e875	Disable speculative LICM when it may lead to unnecessary deopts BUG=v8:2250 R=vegorov@chromium.org TEST=tests/mjsunit/regress/regress-2250.js Review URL: https://chromiumcodereview.appspot.com/10867033 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-23 21:08:58 +00:00
vegorov@chromium.org	106a83252d	Fix DoDeferredNumberTagU to keep the value in xmm1 instead of xmm0 on x64. xmm0 is not saved across runtime call on x64 because MacroAssembler::EnterExitFrameEpilogue preserves only allocatable XMM registers unlike on ia32 where it preserves all registers. Cleanup handling of shifts: SHR can deoptimize only when its a shift by 0, all other shift never deoptimize. Fix type inference for i-to-t change instruction. On X64 this ensures that write-barrier is generated correctly. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/10868032 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12373 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-23 16:14:01 +00:00
vegorov@chromium.org	f476d4d431	Allow uint32 value on optimized frames if they are consumed by safe operations. Safe operations are those that either do not observe unsignedness or have special support for uint32 values: - all binary bitwise operations: they perform ToInt32 on inputs; - >> and << shifts: they perform ToInt32 on left hand side and ToUint32 on right hand side; - >>> shift: it performs ToUint32 on both inputs; - stores to integer external arrays (not pixel, float or double ones): these stores are "bitwise"; - HChange: special support added for conversions of uint32 values to double and tagged values; - HSimulate: special support added for deoptimization with uint32 values in registers and stack slots; - HPhi: phis that have only safe uses and only uint32 operands are uint32 themselves. BUG=v8:2097 TEST=test/mjsunit/compiler/uint32.js Review URL: https://chromiumcodereview.appspot.com/10778029 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12367 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-22 15:44:17 +00:00
ulan@chromium.org	efc26f9b2b	Fix rounding in Uint8ClampedArray setter. According to Web IDL spec, we should round to the nearest integer, choosing the even integer if it lies halfway between two. R=yangguo@chromium.org,kbr@chromium.org BUG=v8:2294 Review URL: https://chromiumcodereview.appspot.com/10831409 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12364 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-22 14:27:11 +00:00
verwaest@chromium.org	5df5eea066	Check that index and length are Smi in bounds check. BUG=chromium:142218 R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/10829456 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-21 16:46:25 +00:00
yangguo@chromium.org	2b2f28cd2a	Revert r12346 (Introduce InternalProperty type and expose internal properties for bound functions) Original CL: https://chromiumcodereview.appspot.com/10834376 BUG= Review URL: https://chromiumcodereview.appspot.com/10834428 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-21 09:48:26 +00:00
peter.rybin@gmail.com	cfc4c37768	Introduce InternalProperty type and expose internal properties for bound functions Review URL: https://chromiumcodereview.appspot.com/10834376 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-20 21:49:19 +00:00
ulan@chromium.org	27fb8c2cf6	Flush monomorphic ICs on context disposal instead of context exit. R=mstarzinger@chromium.org Review URL: https://chromiumcodereview.appspot.com/10836189 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-20 12:09:03 +00:00
yangguo@chromium.org	3a1c290b2c	Add input check to %DebugSetScriptSource. R=verwaest@chromium.org BUG=v8:2296 Review URL: https://chromiumcodereview.appspot.com/10837308 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-17 15:21:15 +00:00
svenpanne@chromium.org	b10d5d7f08	Deoptimization support for accessors. Highlights of this CL: * Introduced a new opcode in the deoptimizer for a setter stub frame. * Added a global setter stub for returning after deoptimizing a setter. * We do not need special deopt support for getters, although the getter stub creates an internal frame. The normal machinery works just right for this case, although we generate a stack that can never occur during normal fullcode execution. If this hurts us one day, we can parameterize and reuse the setter deopt machinery. Review URL: https://chromiumcodereview.appspot.com/10855098 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-17 10:43:32 +00:00
svenpanne@chromium.org	f5f8ebd4ed	Fix accessor lookup in crankshaft. Seeing monomorphic type feedback plus an AccessorPair does not necessarily imply that the corresponding getter/setter is really there, so we have to check for this explictly. TEST=mjsunit/object-define-property Review URL: https://chromiumcodereview.appspot.com/10825384 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-16 10:35:39 +00:00
mstarzinger@chromium.org	886c0fa4f7	Extend constructor inlining test case. This makes sure that deoptimization really happens in each hydrogen context by not using binary operations but loads instead. This is needed because we cannot clear BinaryOpICs explicitly. R=svenpanne@chromium.org TEST=mjsunit/compiler/inline-construct Review URL: https://chromiumcodereview.appspot.com/10825382 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-16 09:13:25 +00:00
erik.corry@gmail.com	ee3a66b273	Fix bug in compare IC. BUG=2291 Review URL: https://chromiumcodereview.appspot.com/10830334 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-15 15:08:42 +00:00
svenpanne@chromium.org	1ee6c0e30b	Improved constructor inlining unit tests. Currently we inline functions with different contexts only on ia32, so we have to move the helper functions for the various contexts to the top level. Further more, "new Object()" seems to prevent inlining, too, so we us a simple object literal. Although things get consistently inlined now, something strange seems to happen in test/effect contexts: The DEOPT output seems to contain too few frames, and we don't get any DEOPT ouput after the first time for those contexts. This has to be investigated... TBR=mstarzinger@chromium.org Review URL: https://chromiumcodereview.appspot.com/10836258 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-15 09:39:13 +00:00
yangguo@chromium.org	28c892938e	Ensure capacity when adding parts in String.replace. R=ulan@chromium.org BUG=v8:2289 TEST=regress-2289.js Review URL: https://chromiumcodereview.appspot.com/10830304 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-14 11:33:12 +00:00
yangguo@chromium.org	d3733ce1e3	Prevent segfault on undefined inline runtime call. R=mstarzinger@chromium.org BUG=v8:2286 Review URL: https://chromiumcodereview.appspot.com/10828282 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-14 10:06:34 +00:00
yangguo@chromium.org	3605fcbe63	Fix indexing bug in regexp, part 2. The previous fix initialized the start index incorrectly. BUG= Review URL: https://chromiumcodereview.appspot.com/10834291 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12302 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-13 15:53:40 +00:00
mstarzinger@chromium.org	e77f24f44e	Remove prototype of global builtins object. R=yangguo@chromium.org BUG=v8:2284 TEST=mjsunit/regress/regress-2284 Review URL: https://chromiumcodereview.appspot.com/10854116 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-13 15:34:49 +00:00
yangguo@chromium.org	960b1af12f	Fix wrong indexing in global regexp. R=ulan@chromium.org BUG=142087 Review URL: https://chromiumcodereview.appspot.com/10824278 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-13 15:26:46 +00:00
yangguo@chromium.org	f30099dacf	Check for function in %_CallFunction. R=mstarzinger@chromium.org BUG=v8:2285 Review URL: https://chromiumcodereview.appspot.com/10854115 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-13 12:11:26 +00:00
yangguo@chromium.org	bc9df090c7	Fix array-iteration test case. R=verwaest@chromium.org BUG=v8:2282 Review URL: https://chromiumcodereview.appspot.com/10827295 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12297 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2012-08-13 08:32:17 +00:00

... 5 6 7 8 9 ...

2282 Commits