Commit Graph

2855 Commits

Author SHA1 Message Date
jarin@chromium.org
c3cd2f0301 Fix %SetFlags("--stress-compaction")
BUG=369943
LOG=N
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/261253006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 10:39:08 +00:00
jkummerow@chromium.org
e7a34f3fd9 Harden runtime functions (part 6).
Also blacklist LiveEdit-related functions from generated runtime tests.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/279593004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 09:37:26 +00:00
adamk@chromium.org
92b895a761 Harden %SetIsObserved with RUNTIME_ASSERTs
Now throws if its argument is already observed, or if the argument is
the global proxy.

BUG=371782
LOG=Y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/274163002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 08:49:51 +00:00
jarin@chromium.org
cbf8c3f460 Make escape analysis preserve all representations required by HCompareNumericAndBranch.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/257803012

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 08:43:18 +00:00
adamk@chromium.org
fb70df076b Object.observe: avoid accessing acceptList properties more than once
BUG=v8:3315
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/270763003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 18:22:28 +00:00
verwaest@chromium.org
03905e4753 Directly create API functions with readonly prototypes rather than converting. Remove FunctionSetReadOnlyPrototype.
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/274463003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 17:59:15 +00:00
verwaest@chromium.org
8db908784e Array Iterator prototype should not have a constructor.
BUG=v8:3293
LOG=Y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/258793005

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21234 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 16:37:04 +00:00
ishell@chromium.org
99f2e4d5ac Fix typos in unit test for Array.prototype.fill()
BUG=
LOG=y
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/277953002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 16:11:50 +00:00
yangguo@chromium.org
bd93673f40 Shorten autogenerated error message for functions only.
R=yangguo@chromium.org, Yang, rossberg@chromium.org
BUG=v8:3019, chromium:331971
LOG=Y

Review URL: https://codereview.chromium.org/271733005

Patch from Andrey Adaykin <aandrey@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 13:14:09 +00:00
jarin@chromium.org
3976ebef93 Make new space iterable for --log-gc and --heap-stats options
R=hpayer@chromium.org
BUG=370827
TEST=test/mjsunit/regress/regress-370827.js
LOG=N

Review URL: https://codereview.chromium.org/272503005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21209 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 09:23:10 +00:00
hpayer@chromium.org
de21c8a245 Simplify ConfigureHeap and change --max_new_space_size to --max_semi_space_size.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/271843005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21204 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 08:38:27 +00:00
bmeurer@chromium.org
7c45d49861 Improve Array.shift() performance for small arrays.
TEST=mjsunit/array-shift,mjsunit/array-shift2,mjsunit/array-shift3
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/279743002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 08:28:25 +00:00
jkummerow@chromium.org
bf490ae0bd Skip generated runtime tests that require i18nsupport as needed
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/267343003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-08 14:34:37 +00:00
jkummerow@chromium.org
9866670c26 Add test case generator for runtime functions
R=dslomov@chromium.org, machenbach@chromium.org

Review URL: https://codereview.chromium.org/250923002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-08 13:11:59 +00:00
ulan@chromium.org
8999a006be Fix index register assignment in LoadFieldByIndex for arm, arm64, and mips.
This instruciton clobbers the index register.

BUG=368243
LOG=N
TEST=mjsunit/regress/regress-368243
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/269273003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-08 08:51:51 +00:00
jkummerow@chromium.org
e1bbd26794 Refactor mjsunit/fuzz-natives-* into a separate test suite.
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/252143002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-07 12:31:26 +00:00
rossberg@chromium.org
5c9ad091e9 Revert "Prevent liveedit on or under generators with open activations"
Seems to crash some tests on buildbots.

TBR=ishell@chromium.org
CC=wingo@igalia.com,yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/273433002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 16:02:18 +00:00
wingo@igalia.com
ab96529a4a Prevent liveedit on or under generators with open activations
R=yangguo@chromium.org
LOG=N
TEST=mjsunit/harmony/generators-debug-liveedit.js
BUG=

Review URL: https://codereview.chromium.org/266983004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 14:57:52 +00:00
rossberg@chromium.org
ae0a36ee32 Re^3-land "Ship promises and weak collections"
R=jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/266243003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 14:48:34 +00:00
ishell@chromium.org
9be0c4d378 Fixed jump in non-SSE4.1 implementation of LMathFloor instruction on x64.
BUG=chromium:370384
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/261853009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 14:20:46 +00:00
ulan@chromium.org
a872ffdabc Do not call setters of read-only accessors.
BUG=
TEST=mjsunit/readonly-accessor
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/271433002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 08:34:48 +00:00
hpayer@chromium.org
dde49c9dc3 Set max new space size in tests to proper MB value.
Revert "Limit old space size in test which require a large new space."

This reverts commit r21103.

Revert "Remove max space limits in tests."

This reverts commit r21104.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/263103006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-05 16:48:33 +00:00
wingo@igalia.com
275bfa1b61 Relocate suspended generator activations when enabling debug mode
R=yangguo@chromium.org
BUG=v8:3289
LOG=N

Review URL: https://codereview.chromium.org/264973014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-05 14:31:51 +00:00
jochen@chromium.org
8554da5c68 Revert r21141.
Relocate suspended generator activations when enabling debug mode

BUG=v8:3289
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/262193003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-05 13:28:21 +00:00
wingo@igalia.com
9a9943b564 Relocate suspended generator activations when enabling debug mode
R=yangguo@chromium.org
BUG=v8:3289
LOG=N

Review URL: https://codereview.chromium.org/260423002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21141 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-05 12:57:14 +00:00
adamk@chromium.org
5ea893074c Fix ObjectNotifierPerformChange leak after r21126
Due to overlapping names of natives and runtime functions, the wrong
context was used for Notifier.prototype.performChange. The leak test
has been augmented to properly cover the leaky case, and the test
now passes.

Also tightened up type checks in runtime.cc and removed Object.observe
functions from knownIssues in fuzz-natives-part2.js.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/264793015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 21:29:15 +00:00
rafaelw@chromium.org
72a090f3ee Build cleanup following r21126. Marking Native* methods in object-observe.js as knownProblems in fuzz-natives
TBR=verwaest

Review URL: https://codereview.chromium.org/265883009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21127 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 17:31:27 +00:00
rafaelw@chromium.org
1b270ef5ea Re-enable Object.observe and add enforcement for security invariants.
This patch reverts r21062 which disabled Object.observe and the relevant tests.

It also adds enforcement for the following three invariants:

1) No observer may receive a change record describing changes to an object which is in different security origin (context have differing security tokens)

2) No observer may receive a change record whose context's security token is different from that of the object described by the change.

3) Object.getNotifier will return null if the caller and the provided object are in differing security origins

Further, it ensures that the global object can never be observed nor a notifier retrieved for it.

Tests are included.
R=verwaest@chromium.org, rossberg
LOG=Y

Review URL: https://codereview.chromium.org/265503002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 13:55:11 +00:00
ishell@chromium.org
b4c1eda032 Checks for empty array case added before casting elements to FixedDoubleArray.
BUG=chromium:369450
LOG=N
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/264973008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 11:30:24 +00:00
svenpanne@chromium.org
7bfc426fc9 Object.defineProperty shouldn't be a hint that we're constructing a dictionary.
BUG=362870
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/261583004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 06:02:00 +00:00
hpayer@chromium.org
56d0b9757e Remove max space limits in tests.
BUG=

Review URL: https://codereview.chromium.org/263703003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21104 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 19:32:47 +00:00
hpayer@chromium.org
3dd05f8fc7 Limit old space size in test which require a large new space.
BUG=

Review URL: https://codereview.chromium.org/265673003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21103 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 18:57:25 +00:00
yangguo@chromium.org
7e367ae0ed Reland "Trigger exception debug event for promises at the throw site."
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/266533003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21097 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 15:17:51 +00:00
yangguo@chromium.org
792af58115 Revert "Trigger exception debug event for promises at the throw site."
This reverts r21092.

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/262533009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 14:51:41 +00:00
mvstanton@chromium.org
287f65aec9 CallICStub with a "never patch" approach by default. Patching will
occur only when custom feedback needs to be gathered (future CLs).

Now rebased on https://codereview.chromium.org/254623002/, which moves the type feedback vector to the SharedFunctionInfo.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/247373002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 14:33:35 +00:00
yangguo@chromium.org
eed0e7e7a3 Trigger exception debug event for promises at the throw site.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/260723002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21092 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 14:17:40 +00:00
alexandre.rames@arm.com
67ea9e4b42 ARM64: Generate optimized code for Math.floor and Math.round with double outputs.
R=jkummerow@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/258793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 13:38:00 +00:00
mvstanton@chromium.org
5e2ee2bac2 A new test needs to exit early on non-internationalization builds.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/265513003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 09:04:17 +00:00
mstarzinger@chromium.org
129c58c47d Fix some more missing ToObject on Array.prototype.
R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/254103002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 08:52:00 +00:00
dslomov@chromium.org
ace15fa612 ES6: Add support for Array.prototype.fill()
BUG=v8:3273
LOG=Y
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/240873002

Patch from Adrian Perez <aperez@igalia.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 08:28:29 +00:00
mvstanton@chromium.org
0c3e70a3b6 Bugfix: internationalization routines fail on monkeypatching.
Calls to Object.defineProperty() and Object.apply() are not safe.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/253903003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 07:36:12 +00:00
danno@chromium.org
55fbf13ec1 disable Object.observe
R=danno@chromium.org, danno
BUG=

Review URL: https://codereview.chromium.org/252063003

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21062 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-29 15:11:57 +00:00
rossberg@chromium.org
cf3a3a8844 Revert "PromiseThen should ignore non-function parameters."
Wrong Blink test expectations, need to fix later.

TBR=machenbach@chromium.org
BUG=

Review URL: https://codereview.chromium.org/251813004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 15:57:25 +00:00
rossberg@chromium.org
f40feecb4d PromiseThen should ignore non-function parameters.
When non-function parameters are given, PromiseThen should work as if
undefined parameters were given.

BUG=347455
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/180723011

Patch from Yutaka Hirano <yhirano@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 15:19:15 +00:00
yangguo@chromium.org
1a9649ae13 Error stack getter should not overwrite itself with a data property.
R=ulan@chromium.org
BUG=v8:3294
LOG=Y

Review URL: https://codereview.chromium.org/258933007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 12:14:36 +00:00
yangguo@chromium.org
da0ca2afc2 Expose promise value through promise mirror.
R=rossberg@chromium.org, yurys@chromium.org
BUG=v8:3093
LOG=Y

Review URL: https://codereview.chromium.org/258823012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21003 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 08:33:23 +00:00
yangguo@chromium.org
81a101678f Expose promise status through promise mirror.
R=aandrey@chromium.org, rossberg@chromium.org, yurys@chromium.org
BUG=v8:3093
LOG=Y

Review URL: https://codereview.chromium.org/257803005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 14:01:01 +00:00
jarin@chromium.org
ff884e06ae Fix materialization of accessor frames with captured receivers
I have fixed skipping of the receiver object to materialize captured
objects. This is done with a new DoTranslateSkip method.

We should consider unifying DoTranslateSkip, DoTranslateObject and
DoTranslateCommand as they do the almost the same thing - they only
differ in where they store the result.

The change also turns bunch of ASSERTs into CHECKs.

R=mstarzinger@chromium.org
BUG=359441
TEST=test/mjsunit/regress/regress-359441.js
LOG=N

Review URL: https://codereview.chromium.org/225283006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 12:58:15 +00:00
jarin@chromium.org
d557425a0c Preserve Smi representation of non-escaping fields.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/251493004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 11:29:02 +00:00
verwaest@chromium.org
d2179f2062 Don't adopt the AST id from previous if id is none, since previous may have mismatching expected stack height.
Additionally, harden merging of simulates after instructions with side effects and ensure there's a simulate before HEnterInlined.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/252583004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 09:52:11 +00:00