verwaest@chromium.org
cd6f3ef088
Only use the non-strict-arguments-stub if the store site is non-strict.
...
BUG=349874
LOG=N
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/176843018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:19:06 +00:00
jkummerow@chromium.org
5ea3f0004a
Let HTransitionElementsKind take part in RestoreActualValues phase
...
BUG=chromium:349853
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/183753005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 12:13:49 +00:00
yangguo@chromium.org
285f253af1
Remove outdated assertion scope.
...
R=jkummerow@chromium.org
BUG=349870
LOG=N
Review URL: https://codereview.chromium.org/182003004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 11:51:53 +00:00
yangguo@chromium.org
e2e2f4050d
Fix issues with JSON stringify replacer array
...
If the replacer array contains a property key we should include the
property even if the property is non enumerable or if it is a non own
property.
String and Number wrappers in the replacer array should be treated as
string and number values.
R=yangguo@chromium.org
BUG=v8:3200, v8:3201
LOG=Y
Review URL: https://codereview.chromium.org/187053003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:50:53 +00:00
verwaest@chromium.org
7bf33c53eb
Use Representation::Integer32() for smi types on 32-bit-tagged systems.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/187353005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:49:10 +00:00
verwaest@chromium.org
f913c3b492
Also delete force representations that have no uses.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/187773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-06 09:47:27 +00:00
jarin@chromium.org
52fd520c96
Fix materialization of captured objects in adapted arguments.
...
R=mstarzinger@chromium.org
BUG=348512
LOG=N
Review URL: https://codereview.chromium.org/183063006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:57:18 +00:00
jarin@chromium.org
7ac668f753
Deoptimization fix for HPushArgument.
...
HPushArgument should never be used in a simulation environment
because the slot addresses for the arguments can be off (e.g.,
due to on-stack arguments object of an inlined caller).
R=mstarzinger@chromium.org
BUG=v8:3183
LOG=N
Review URL: https://codereview.chromium.org/178193026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 12:45:46 +00:00
yangguo@chromium.org
26e4f4cc1c
Handle exception when retrieving toJSON function in JSON.stringify.
...
R=mvstanton@chromium.org
BUG=349335
LOG=N
Review URL: https://codereview.chromium.org/187603002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 10:54:35 +00:00
jkummerow@chromium.org
3df5573195
x64: Fix LMathMinMax for constant Smi right-hand operands
...
BUG=chromium:349079
LOG=y
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/186593003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 09:49:07 +00:00
mstarzinger@chromium.org
ee8cbc4fc8
Fix issue with setting __proto__ on a value
...
LOG=N
BUG=v8:3172
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/174113003
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-05 08:58:38 +00:00
verwaest@chromium.org
1aeaeb2b90
Allow objects with "" properties to stay fast.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/184453003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 12:43:05 +00:00
yangguo@chromium.org
b1a271a02c
Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique.
...
R=titzer@chromium.org
BUG=348280
LOG=N
Review URL: https://codereview.chromium.org/183383006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-04 08:08:08 +00:00
ulan@chromium.org
b9e0b87a5a
Clear optimized code cache in shared function info when code gets deoptimized.
...
This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info.
This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js).
This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache.
BUG=343609
LOG=Y
TEST=mjsunit/regress/regress-343609.js
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-03 11:11:39 +00:00
rossberg@chromium.org
5543263c19
Move all Harmony-only tests to harmony/
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/178583005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:26:32 +00:00
ishell@chromium.org
c2601aea8a
Check elimination did not mark some dead blocks.
...
R=danno@chromium.org
Review URL: https://codereview.chromium.org/180483003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 14:16:38 +00:00
svenpanne@chromium.org
e9273332ef
Fixed constant folding for Math.clz32.
...
LOG=y
BUG=347906
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184353002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 13:07:10 +00:00
jochen@chromium.org
ba981e58d5
Make a64.release a quickcheck target
...
I marked all tests as slow that take more than a minute on my machine.
With this, a64.release.quickcheck takes two minutes which is about as
fast as arm.optdebug.quickcheck.
BUG=none
R=ulan@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/183763008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:46:13 +00:00
mvstanton@chromium.org
b1ffc7901f
A JSArray may have a filler map in the elements pointer.
...
We already have code that expects this, but incorrectly asserted that the
filler map case would never happen when allocation folding is turned on.
However, even folding has it's limits, bailing out of continued folding
when the object size grows too large. Therefore, it's a general problem
when verifying JSArray objects, that we might encounter a filler map
in elements().
Discovered by ClusterFuzz crbug 347903.
R=hpayer@chromium.org
LOG=N
BUG=347903
Review URL: https://codereview.chromium.org/184493002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:29:19 +00:00
yangguo@chromium.org
5c186bb197
Evict from optimized code map in sync with removing from optimized functions list.
...
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/184443002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 12:27:31 +00:00
bmeurer@chromium.org
70242fe3bb
Fix JSObject::PrintTransitions.
...
BUG=347912
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/183683005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:41:07 +00:00
hpayer@chromium.org
38ca2629be
Fix representation generalization for doubles.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/184393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 11:07:10 +00:00
dcarney@chromium.org
98d1cedac4
Get array_function from NativeContext
...
R=mvstanton@chromium.org
LOG=N
BUG=347528
Review URL: https://codereview.chromium.org/184173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 10:01:27 +00:00
bmeurer@chromium.org
5945f9ebb9
Fix handling of constant global variable assignments.
...
BUG=347904
LOG=y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/184303003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 09:40:12 +00:00
svenpanne@chromium.org
c4e90c15b8
Removed bogus ASSERT.
...
LOG=y
BUG=347542
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/183763007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-28 08:45:07 +00:00
ishell@chromium.org
2ab83cf192
HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included.
...
BUG=347543
LOG=N
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/180803005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 17:33:25 +00:00
rafaelw@chromium.org
d9a66ad941
Runtime::RunMicrotask should silent return if no pending microtask work (rather than asserting)
...
R=rossberg@chromium.org , rossberg
BUG=347532
Review URL: https://codereview.chromium.org/181013008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 16:49:55 +00:00
verwaest@chromium.org
aa14020bc7
Fix putting of prototype transitions. The length is also subject to GC, just like entry.
...
BUG=347536
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/183193003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 16:07:44 +00:00
jarin@chromium.org
05b98492a4
Handle arguments objects in frame when materializing arguments
...
R=mstarzinger@chromium.org
BUG=347262
Review URL: https://codereview.chromium.org/177293009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 15:12:12 +00:00
yangguo@chromium.org
6912a248ca
Fix bogus assertion in SetFastDoubleElements.
...
R=danno@chromium.org
BUG=347530
LOG=N
Review URL: https://codereview.chromium.org/181433016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 14:45:53 +00:00
mvstanton@chromium.org
b8f8cfabca
Fix for Clusterfuzz issue 343928.
...
The problem was that the debugger didn't expect that a JSFunction could
have a GlobalContext, which it can with harmony scoping.
BUG=343928
R=yangguo@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/183103003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-27 13:25:05 +00:00
ishell@chromium.org
1ae7e8a1e5
Fix for failing asserts in HBoundsCheck code generation on x64: index register should be zero extended.
...
BUG=345820
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/180013002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 16:33:54 +00:00
verwaest@chromium.org
d5caecccc5
Revert "Use stability to only conditionally flush information from the CheckMaps table."
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/180023002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 16:11:58 +00:00
jkummerow@chromium.org
e7e93cd433
Mark HCompareMap as having Tagged representation
...
BUG=chromium:346636
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/176923013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 15:09:47 +00:00
rossberg@chromium.org
63f1970c6c
Fix crasher in Object.getOwnPropertySymbols
...
R=arv@chromium.org , mstarzinger@chromium.org
BUG=346141
LOG=Y
Review URL: https://codereview.chromium.org/177883002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 12:01:34 +00:00
bmeurer@chromium.org
77f597d387
Don't eliminate loads with incompatible types or representations.
...
BUG=346343
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/179553002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19536 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:55:50 +00:00
ishell@chromium.org
6c1659becf
Fix for a smi stores optimization on x64 with a regression test.
...
BUG=345715
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/178833002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:55:02 +00:00
dcarney@chromium.org
cb05cff594
negative bounds checking on realm calls
...
R=rossberg@chromium.org
LOG=N
BUG=344285
Review URL: https://codereview.chromium.org/169393002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-25 09:15:05 +00:00
jkummerow@chromium.org
37b6fd07c1
Fix optimistic BCE to back off after deopt
...
BUG=v8:3176
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/177523002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-24 13:15:31 +00:00
verwaest@chromium.org
84b366516e
Don't turn objects with empty-string properties into fast-mode.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/165743003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-20 16:11:48 +00:00
rossberg@chromium.org
0d34254f8d
Upgrade Symbol implementation to match current ES6 behavior.
...
Refresh the implementation of Symbols to catch up with what the
specification now mandates:
* The global Symbol() function manufactures new Symbol values,
optionally with a string description attached.
* Invoking Symbol() as a constructor will now throw.
* ToString() over Symbol values still throws, and
Object.prototype.toString() stringifies like before.
* A Symbol value is wrapped in a Symbol object either implicitly if
it is the receiver, or explicitly done via Object(symbolValue) or
(new Object(symbolValue).)
* The Symbol.prototype.toString() method no longer throws on Symbol
wrapper objects (nor Symbol values.) Ditto for Symbol.prototype.valueOf().
* Symbol.prototype.toString() stringifies as "Symbol("<description>"),
valueOf() returns the wrapper's Symbol value.
* ToPrimitive() over Symbol wrapper objects now throws.
Overall, this provides a stricter separation between Symbol values and
wrapper objects than before, and the explicit fetching out of the
description (nee name) via the "name" property is no longer supported
(by the spec nor the implementation.)
Adjusted existing Symbol test files to fit current, adding some extra
tests for new/changed behavior.
LOG=N
R=arv@chromium.org , rossberg@chromium.org , arv, rossberg
BUG=v8:3053
Review URL: https://codereview.chromium.org/118553003
Patch from Sigbjorn Finne <sigbjornf@opera.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 14:19:42 +00:00
yangguo@chromium.org
139134acc2
Harmony: optimize Math.clz32.
...
R=svenpanne@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/172133003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19487 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 13:51:49 +00:00
yangguo@chromium.org
84cf85598d
Harmony: implement Math.cbrt, Math.expm1 and Math.log1p.
...
BUG=v8:2938
LOG=N
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/163563003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 13:49:59 +00:00
ishell@chromium.org
1342cb8b00
Bugfix in check elimination with a regression test.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/172173003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 12:34:50 +00:00
rossberg@chromium.org
13d99fe778
ES6: Tighten up Object.prototype.__proto__
...
The spec requires that we throw under certain conditions.
BUG=v8:3064
LOG=y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/103853006
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 11:59:05 +00:00
jkummerow@chromium.org
6e3b81a7b2
Fix Hydrogen bounds check elimination
...
When combining bounds checks, they must all be moved before the first load/store
that they are guarding.
BUG=chromium:344186
LOG=y
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/172093002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-19 10:30:39 +00:00
alexandre.rames@arm.com
62116e2c12
A64: Let the MacroAssembler resolve branches to distant targets.
...
Code generation would fail when assembling a branch to a label that is bound
outside the immediate range of the instruction. A64 is sensitive to this, as the
various branching instructions have different ranges, going down to +-32KB for
TBZ/TBNZ. The MacroAssembler is augmented to handle branches to targets that
may exceed the immediate range of instructions.
When branching backward to a label exceeding the instruction range, the
MacroAssembler can simply tweak the generated code to use an unconditional
branch with a longer range. For example instead of
B(cond, &label);
the MacroAssembler can generate:
b(InvertCondition(cond), &done);
b(&label);
bind(&done);
Since the target is not known when the branch is emitted, forward branches uses
a different mechanism. The MacroAssembler keeps track of forward branches to
unbound labels. When the code generation approaches the end of the range of a
branch, a veneer is generated for the branch.
BUG=v8:3148
LOG=Y
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/169893002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 13:15:32 +00:00
verwaest@chromium.org
60c08a8bf2
Directly store the transition target on LookupResult in TransitionResult.
...
BUG=chromium:343964
LOG=N
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/170343003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 12:19:32 +00:00
yangguo@chromium.org
be7b023a5c
Harmony: implement Math.clz32
...
R=dslomov@chromium.org , svenpanne@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/169783002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:49:35 +00:00
svenpanne@chromium.org
dbce27047e
Fixed and improved code for integral division. Fixed and extended tests.
...
Arithmetic right shifting is *not* division in two's complement
representation, only in one's complement. So we convert to one's
complement, shift, and go back to two's complement. By permutating the
last steps, one can get efficient branch-free code. This insight comes
from the paleozoic era of computer science, see the paper from 1976:
Guy Lewis Steele Jr.: "Arithmetic Shifting Considered Harmful"
ftp://publications.ai.mit.edu/ai-publications/pdf/AIM-378.pdf
This results in better and more correct code than our previous
"neg/shift/neg" dance.
LOG=y
BUG=v8:3151
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/166793002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:45:27 +00:00
yangguo@chromium.org
9ffe004ae4
Harmony: implement Math.fround.
...
R=jarin@chromium.org
BUG=v8:2938
LOG=N
Review URL: https://codereview.chromium.org/169513002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-18 10:43:06 +00:00
mvstanton@chromium.org
8bcdbc354f
Revert "Add a premonomorphic state to the call target cache."
...
This reverts commit r19402
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/169713002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19412 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 14:22:18 +00:00
mvstanton@chromium.org
be731e6c95
Add a premonomorphic state to the call target cache.
...
From a CL by kasperl: https://codereview.chromium.org/162903004/
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/163413003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 11:59:45 +00:00
jarin@chromium.org
4c7ed144e1
Comparison in effect context lazy deopt fix.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/163623002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-16 05:51:10 +00:00
ulan@chromium.org
6744ff61ae
Fix dictionary element load to pass correct elements kind.
...
Using FAST_SMI_ELEMENTS triggers optimization on 64-bit architectures that load
only the higher 32 bits of the element. If the element is a pointer to undefined
that has 0 in the higher half than it is erroneously treated as SMI 0.
BUG=v8:3158
LOG=N
TEST=mjsunit/sparse-array-reverse,mjsunit/regress/regress-3158.js
R=danno@chromium.org , ishell@chromium.org
Review URL: https://codereview.chromium.org/166653005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 15:52:24 +00:00
yangguo@chromium.org
68c7523e63
Fix assignment of function name constant.
...
If it's shadowed by a variable of the same name and both are forcibly
context-allocated, the function is assigned to the wrong context slot.
R=rossberg@chromium.org
BUG=v8:3138
LOG=Y
Review URL: https://codereview.chromium.org/159903008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 12:40:47 +00:00
jarin@chromium.org
8acefb33fe
Test and fix for polymorphic named call deoptimization.
...
The fix removes wrong simulates from the number branch of polymorphic
call/field access handling.
The change also fixes the same thing for polymorphic named field
access even thourgh the field access is probably safe in practice
(because it cannot deoptimize). It is better to keep all our simulates
in sync with full codegen.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/166503002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 12:02:39 +00:00
yangguo@chromium.org
a676bc1bbf
Fix typed array error message.
...
R=dslomov@chromium.org
BUG=v8:3159
LOG=N
Review URL: https://codereview.chromium.org/163293002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-14 09:33:03 +00:00
verwaest@chromium.org
e0960e19aa
Fix polymorphic inlining of accessors in a test-context.
...
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/164003002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 16:55:38 +00:00
m.m.capewell@googlemail.com
028ff21445
A64: Fix some int32 accesses in lithium
...
This fixes mjsunit/sin-cos. There are further int32 accesses being investigated.
BUG=
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/163553005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 15:49:01 +00:00
ishell@chromium.org
6bb57517c0
Restore of compare-objeq-elim test accidentally removed in r19229.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/162903005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-13 12:22:24 +00:00
rafaelw@chromium.org
6b5a4cdef2
V8 Microtask Queue & API
...
This patch generalizes Object.observe callbacks and promise resolution into a FIFO queue called a "microtask queue".
It also exposes new V8 API which exposes the microtask queue to the embedder. In particular, it allows the embedder to
-schedule a microtask (EnqueueExternalMicrotask)
-run the microtask queue (RunMicrotasks)
-control whether the microtask queue is run automatically within V8 when the last script exits (SetAutorunMicrotasks).
R=dcarney@chromium.org , rossberg@chromium.org , dcarney, rossberg, svenpanne
BUG=
Review URL: https://codereview.chromium.org/154283002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 22:04:19 +00:00
verwaest@chromium.org
161b2f689a
Reland: "Use stability to only conditionally flush information from the CheckMaps table."
...
BUG=
R=ishell@chromium.org
Original CL: https://codereview.chromium.org/153823003
Review URL: https://codereview.chromium.org/153653007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:48:12 +00:00
verwaest@chromium.org
7b7e3658f7
Don't propagate information through phis in loop headers.
...
To properly do this, we'd have to iterate over CompareMaps (and their bodies) handling phis, until we have learned enough to decide which paths can be taken. For now, just disable learning from phis in loop headers.
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/147023005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:30:41 +00:00
rmcilroy@chromium.org
26e8009997
[a64]: Disable failing sparse-array-reverse on a64 debug builds.
...
BUG=v8:3158
LOG=N
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/160633002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 18:22:28 +00:00
verwaest@chromium.org
75432b7696
Revert "Use stability to only conditionally flush information from the CheckMaps table."
...
R=ishell@chromium.org
BUG=
Review URL: https://codereview.chromium.org/137863005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:38:42 +00:00
verwaest@chromium.org
2b7d33572a
Use stability to only conditionally flush information from the CheckMaps table.
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/153823003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 15:07:41 +00:00
jarin@chromium.org
af29e31a11
Fix for (One|Two)ByteSeqStringSetChar evaluation order/deopt.
...
This makes the evaluation order consistent between full codegen
and Hydrogen (so that deopt does not screw up stack).
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/159983008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 13:31:24 +00:00
jochen@chromium.org
b0fcc801e9
A64: Skip tests failing on gc stress bots
...
BUG=none
TBR=ulan@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/160353002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 12:18:36 +00:00
jochen@chromium.org
96a1886637
A64: Skip more known failures
...
TBR=ulan@chromium.org
BUG=none
LOG=n
Review URL: https://codereview.chromium.org/160073007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19318 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 11:57:50 +00:00
ulan@chromium.org
e95bc7eec8
Merge experimental/a64 to bleeding_edge.
...
BUG=v8:3113
LOG=Y
R=jochen@chromium.org , rmcilroy@chromium.org , rodolph.perfetta@arm.com
Review URL: https://codereview.chromium.org/148293020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-12 09:19:30 +00:00
jarin@chromium.org
21bf99e53e
Fix environment of the optimized version of the _SetValueOf intrinsic.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/158723006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 16:11:53 +00:00
ishell@chromium.org
994f0f6dda
Fix for a smi stores optimization on x64 with a test case.
...
BUG=338425
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/152923006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19288 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 16:02:18 +00:00
yangguo@chromium.org
0870702436
Harmony: fix spec violation in Math.cosh.
...
R=jarin@chromium.org
BUG=v8:3141
LOG=N
Review URL: https://codereview.chromium.org/159353003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19272 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 11:48:32 +00:00
yangguo@chromium.org
f78bfaa857
Fix spec violations in JSON.stringify wrt replacer array.
...
R=verwaest@chromium.org
BUG=v8:3135
LOG=Y
Review URL: https://codereview.chromium.org/146623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 10:45:39 +00:00
mvstanton@chromium.org
95ad971d0f
Fix gcstress test failure
...
Map collection complicates a test that wants to assert on code opt/deopt
because of prototype-chain changes. It can happen that a gc occurs
in the stack guard at the start of optimized function foo that deopts
function foo because of a map being collected and deoptimizing it's
dependent code.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/159653002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-11 09:06:13 +00:00
ishell@chromium.org
f46da9d43b
Reland of r19102: Check elimination improvement: propagation of state through phis is supported, CheckMap narrowing implemented with tests.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/146623006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 15:32:54 +00:00
yangguo@chromium.org
b618d2a42a
Fix inconsistencies wrt whitespaces.
...
This relands r19196 with fixes.
BUG=v8:3109
LOG=Y
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/141323007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 12:43:10 +00:00
mstarzinger@chromium.org
23bfeabcfd
Remove duplicate third-party test cases.
...
Some of the third-party test cases in the mjsunit test suite were
originally taken from WebKit and are now fully covered by the equally
named test suite.
Mapping of test cases:
- array-isarray.js -> test/webkit/Array-isArray.js
- array-splice-webkit.js -> test/webkit/array-splice.js
R=machenbach@chromium.org
BUG=
Review URL: https://codereview.chromium.org/158803002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-10 11:29:59 +00:00
rossberg@chromium.org
e8175a3e9f
Revert "Make Function.length and Function.name configurable properties."
...
Plenty of test failures on test262, Mozilla, Webkit. Will have to investigate.
TBR=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/139983003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 15:29:18 +00:00
rossberg@chromium.org
7317b71f02
Make Function.length and Function.name configurable properties.
...
ES6 makes the Function object properties "length" and "name"
configurable; switch the implementation over to follow that.
Doing so exposed a problem in the handling of non-writable, but
configurable properties backed by foreign callback accessors
internally. As an optimization, if such an accessor property is
re-defined with a new value, its setter was passed the new value
directly, keeping the property as an accessor property. However, this
is not correct should the property be non-writable, as its setter will
then simply ignore the updated value. Adjust the enabling logic for
this optimization accordingly, along with adding a test.
LOG=N
R=rossberg@chromium.org , rossberg
BUG=v8:3045
Review URL: https://codereview.chromium.org/116083006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 14:55:30 +00:00
yangguo@chromium.org
db1a685b8f
Revert "Fix inconsistencies wrt whitespaces."
...
This reverts r19196.
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/147443008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 14:13:00 +00:00
yangguo@chromium.org
d0f57e1195
Fix inconsistencies wrt whitespaces.
...
\u0085 (NEL) is now considered a whitespace in accordance to http://www.unicode.org/Public/6.3.0/ucd/PropList.txt
R=mstarzinger@chromium.org
BUG=v8:3109
LOG=Y
Review URL: https://codereview.chromium.org/146983007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 12:34:45 +00:00
rafaelw@chromium.org
41039c4f13
Revert "Implement Microtask Delivery Queue"
...
TBR=adamk,rossberg
BUG=
Review URL: https://codereview.chromium.org/150103012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-07 01:08:50 +00:00
rossberg@chromium.org
01f5601129
ES6: Remove __proto__ setter poison pill
...
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-set-object.prototype.__proto__
The __proto__ setter should be reusable on other objects.
BUG=v8:2804
LOG=y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/103343005
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 16:09:45 +00:00
jarin@chromium.org
476881ce5b
Test and fix for _CallFunction intrinsic deoptimization.
...
I have also cleaned up HOptimizedGraphBuilder::GenerateCallFunction
to use IfBuilder.
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/131343013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 12:42:26 +00:00
jarin@chromium.org
eb502fe599
Binary operation deoptimization fix.
...
R=jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/132453009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-06 09:36:55 +00:00
verwaest@chromium.org
7dc05b57fd
Move failing ASSERT on ARM to a more sane place.
...
Objects can actually be stored into themselves. This fails when no write
barrier is needed (eg, the object was just allocated).
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/148733005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-05 10:12:14 +00:00
rafaelw@chromium.org
7de9fc0a12
Implement Microtask Delivery Queue
...
R=rossberg@chromium.org , rossberg
BUG=
Review URL: https://codereview.chromium.org/131413008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 19:58:49 +00:00
dslomov@chromium.org
a03d31394c
Check the offset argument of TypedArray.set for fitting into Smi.
...
R=jkummerow@chromium.org
BUG=340125
LOG=Y
Review URL: https://codereview.chromium.org/145623009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-04 09:53:05 +00:00
yangguo@chromium.org
9e70f6a4e7
Fix short-circuiting logical and/or in HOptimizedGraphBuilder.
...
R=jkummerow@chromium.org
BUG=336148
LOG=Y
Review URL: https://codereview.chromium.org/143263022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 14:29:34 +00:00
verwaest@chromium.org
db7124dc28
Return a valid map for PropertyAccessInfos with Boolean type.
...
BUG=340064
LOG=N
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/152603002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-03 10:20:32 +00:00
machenbach@chromium.org
d34938fe34
Fix expectations for new regression test.
...
TBR=jarin@chromium.org
Review URL: https://codereview.chromium.org/150853004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19013 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-01 09:56:20 +00:00
verwaest@chromium.org
ae7a209e71
Remove CallICs
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/148223002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:52:17 +00:00
machenbach@chromium.org
30fb7b83b3
[Sheriff] Mark new regression test flaky on linux 32.
...
BUG=
TBR=jarin@chromium.org
Review URL: https://codereview.chromium.org/148483004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:47:52 +00:00
jarin@chromium.org
3c2363f4b4
Simpler repro for bug 2989.
...
We do not correctly handle accesses to f.arguments after one
of the argument has changed (where f is crankshafted).
R=machenbach@chromium.org
BUG=v8:2989
LOG=n
Review URL: https://codereview.chromium.org/151403003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 16:12:58 +00:00
machenbach@chromium.org
275437023f
[Sheriff] Mark new regression test as flaky.
...
BUG=336820
LOG=n
R=bmeurer@chromium.org
TBR=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/139923007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 13:56:00 +00:00
bmeurer@chromium.org
3214cf11ff
Don't crash in Array.join() if the resulting string exceeds the max string length.
...
LOG=y
BUG=336820
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/144533003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18986 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:21:17 +00:00
ishell@chromium.org
2aa17c6e62
Load elimination fix: load should not be replaced with another load if the former is not dominated by the latter.
...
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/151333003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18985 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:03:32 +00:00
hpayer@chromium.org
27c385bf69
Revert "[Sheriff] Mark profviz flaky on GC stress."
...
This reverts commit f70687c1e5ef15254887e0619939e25a834e936e.
BUG=
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/148493006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:59:22 +00:00