AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
5,375 Commits 1 Branch 0 Tags 839 MiB
c52e397db6
Commit Graph

4624 Commits

Author SHA1 Message Date
antonm@chromium.org
5d3430a509 Fix forging of object's identity hashes. 
Do not do standard property lookup on hidden properties object as it might
reach Object.prototype which can be altered to forge identity hashes.
Instead do only local lookup.

Review URL: http://codereview.chromium.org/6472001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 14:09:52 +00:00
fschneider@chromium.org
5b753cecb6 Check holder before optimizing calls to global functions. 
In the case where the function is not found in the global object,
we have to generate a generic call.

BUG=v8:1106
TEST=mjsunit/regress/regress-1106.js

Review URL: http://codereview.chromium.org/6483010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 12:33:51 +00:00
vegorov@chromium.org
49adfd0f0a Bailout from PrepareSlowElementsForSort when hiting a key outside of smi-range. 
BUG=v8:1131
TEST=test/mjsunit/regress/regress-1131.js

Review URL: http://codereview.chromium.org/6469006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6726 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 12:33:34 +00:00
danno@chromium.org
1bd9f602be Implement crankshaft support for pixel array loads. 
Review URL: http://codereview.chromium.org/6410112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6725 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 12:02:36 +00:00
fschneider@chromium.org
73fe82426f Strengthen requirements for fixed registers at calls. 
Already done on ia-32. This change is for x64 and ARM.
We now always require fixed input registers at calls to
avoid overlap with temp registers.

This fixes the affected instructions on ARM.

Review URL: http://codereview.chromium.org/6471021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 10:31:55 +00:00
kmillikin@chromium.org
c0fd053982 Fix a representation change bug in the Hydrogen graph construction. 
We could try to treat an HPhi as an HInstruction because the code did
not properly handle the case of a phi in a block with itself as one of
the predecessors.

BUG=v8:1134

Review URL: http://codereview.chromium.org/6471020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6721 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 10:28:59 +00:00
kmillikin@chromium.org
e88f25f6dc Insert a space to please our presubmit overlords. 
Review URL: http://codereview.chromium.org/6480027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 09:16:33 +00:00
fschneider@chromium.org
de06cd58a3 Fix bug in register requirements for function.apply. 
Whenever we use a fixed temp at a call that can eagerly deopt we
now allow fixed register exclusively to avoid any overlap.

Review URL: http://codereview.chromium.org/6479014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6714 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 09:12:38 +00:00
kmillikin@chromium.org
ebebcae4c2 Allow esi to be an allocatable register on IA32. 
Make esi available to the register allocator rather than dedicating it
permanently to the context.

The context is still passed in register esi to JavaScript and to the runtime
as part of the calling convention.  Because some stubs might end up calling
JS or the runtime, it is also conservatively passed to stubs.

Roughly half the calls have been modified to use the context as an input
value in fixed register esi.  The other half are marked as calls or deferred
code so esi is spilled and can be explicitly set.

It is no longer necessary to restore the context to esi after a call that
might change it.

Review URL: http://codereview.chromium.org/6452001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 09:00:50 +00:00
antonm@chromium.org
2f17f3e5d7 Do not invoke any setters when forming stack trace JS object. 
Review URL: http://codereview.chromium.org/6463022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 19:34:04 +00:00
antonm@chromium.org
47a22dcecd Reapply http://code.google.com/p/v8/source/detail?r=6555 
Compare JSObjects by identity immediately.

When invoking EQUALS JS builtin, 1st argument is passed as a receiver and
if it's a global object, it gets overwritten with global proxy object and
thus one gets incorrect results.

BUG=v8:1082

TBR=ricow@chromium.org

Review URL: http://codereview.chromium.org/6461028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 19:09:26 +00:00
kmillikin@chromium.org
dc91c4218b Make optimized Function.prototype.apply safe for non-JSObject first arguments. 
If we have a property access of the form this.x, where the access site sees
the global object, we can specialize the IC stub so that it performs a map
check without first performing a heap object check.

Ensure that we do not get in JS code with a non-JSObject this value by
deoptimizing at Function.prototype.apply if the first argument is not a
JSObject.

BUG=v8:1128

Review URL: http://codereview.chromium.org/6463025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 16:43:23 +00:00
whesse@chromium.org
e0422e5401 Make VS2005 project files compile without errors: changelist http://codereview.chromium.org/6286135/. 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 15:58:55 +00:00
sgjesse@chromium.org
dabc590527 ARM: Add type-feedback recording for compare 
Change the comparison in the full code generator to use CompareIC instead of the CompareStub to record the types. This also implements the patching in the full code generator where the inlined smi code is de-activated by default to call the CompareIC once and then activating the inlined smi code by patching the code.

Fixed the smi comparison in the ICCompareStub.

Fixed ToBooleanStub to ensure that the scratch register used is not the input. Use r9 as default as that will never be input with Crankshaft.

Implemented lithium instruction CmpTAndBranch.

Make sure that the lithium instruction CmpID have operands in registrers as the current optimized code expects that.
Review URL: http://codereview.chromium.org/6461017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 14:57:24 +00:00
ager@chromium.org
d5851dcde0 x64: Enable inline smi code patching to reenable the inlined code in 
the code generated by the full code generator after my previous
change.

The generated code is the same as on ia32 and so is the patching.

Review URL: http://codereview.chromium.org/6456023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 14:51:38 +00:00
erik.corry@gmail.com
6cfac3c48b Prepare push to trunk. Now working on version 3.1.4. 
Review URL: http://codereview.chromium.org/6458026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 14:41:22 +00:00
lrn@chromium.org
d358e2ecd3 Fix incorrect asserts in scanner. 
BUG=v8::1126
TEST=test/mjsunit/regress/regress-1126.js

Review URL: http://codereview.chromium.org/6459021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 14:16:25 +00:00
whesse@chromium.org
8d3d77055c Fix assert error on ARM triggered by large numbers of function parameters. 
Review URL: http://codereview.chromium.org/6458027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 13:56:35 +00:00
whesse@chromium.org
afec61e870 Fix typo in r6697: Use assertThrows correctly in the added test regress-1122.js. 
Review URL: http://codereview.chromium.org/6460030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 13:16:40 +00:00
whesse@chromium.org
602d5cf427 Fix a bug that occurs when functions are defined with more than 16,382 parameters. 
Review URL: http://codereview.chromium.org/6447007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 12:46:22 +00:00
fschneider@chromium.org
eec7bc8e60 Change the code for materializing double constants on ia32. 
Instead of using the stack, use a temporary integer register
and avoid memory access.

Review URL: http://codereview.chromium.org/6452002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 12:39:15 +00:00
ricow@chromium.org
baa3eed710 Change our zap values from hex numbers tagged as a heap object to hex numbers tagged as a failure. 
Since our zap values are valid heap object addreses we might hit asserts if a heap object gets the value of a zap constant as its address. 

Review URL: http://codereview.chromium.org/6456022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6695 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 12:35:18 +00:00
kmillikin@chromium.org
991a1cae12 Fix an assertion failure in stack trace construction. 
When constructing stack traces we interpret the deoptimization data for
optimized frames to find the receiver value.  This value could sometimes be
eliminated from the deoptimization data if we though it was unused.

BUG=v8:1118

Review URL: http://codereview.chromium.org/6465023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 11:45:50 +00:00
antonm@chromium.org
d724993138 Use GC-safe version when setting elements. 
BUG=1125
TEST=test/mjsunit/regress/regress-1125.js

Review URL: http://codereview.chromium.org/6463001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 11:38:10 +00:00
antonm@chromium.org
492ef6ee7a Do sanity check of exception state when returning from native to JS. 
If --debug-code is on, check that returned value and Top::has_pending_exception
agree on exception state.

Review URL: http://codereview.chromium.org/6450004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 20:13:08 +00:00
antonm@chromium.org
cf30cefda7 Check if Array.prototype.__proto__ has been reset to null. 
BUG=v8:1121
TEST=test/mjsunit/regress/regress-1121.js

Review URL: http://codereview.chromium.org/6454004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:56:44 +00:00
ager@chromium.org
40dd216b53 Port fix for duplicate AST ID for deoptimization to ARM and x64. 
Review URL: http://codereview.chromium.org/6458001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:42:24 +00:00
antonm@chromium.org
0273e8185b Propagate exceptions thrown when setting elements. 
Plus use more robust path when formatting messages---work
directly with fixed arrays.

BUG=v8:1107
TEST=test/mjsunit/getter-in-prototype.js,test/mjsunit/regress/regress-1107.js

Review URL: http://codereview.chromium.org/6451004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:42:14 +00:00
antonm@chromium.org
e300c3cccc We cannot assert that v8 is running in fatal error callback. 
BUG=v8:1111

Review URL: http://codereview.chromium.org/6450005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:19:42 +00:00
antonm@chromium.org
da8b72f2b8 1) Return failure if any of property sets failed; 
2) We cannot assert the declared property will go to the extension in the presence of callbacks and interceptors.

BUG=1119
TEST=test/mjsunit/regress/regress-1119.js

Review URL: http://codereview.chromium.org/6454011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:04:17 +00:00
ager@chromium.org
096c21522b Fix wrong assumption in parser that parsing a function literal cannot throw an exception. 
Review URL: http://codereview.chromium.org/6453009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 18:46:13 +00:00
ager@chromium.org
a9a9111938 ARM: Fix condition usage in DeoptimizeIf(). 
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6447003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 18:09:19 +00:00
vegorov@chromium.org
721b60d3f5 Check for overflow when bumping new space's top in inlined allocation. 
BUG=v8:1109
TEST=test/mjsunit/regress/regress-1109.js

Review URL: http://codereview.chromium.org/6453005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 17:25:40 +00:00
ager@chromium.org
8c6c273236 Fix issues with using defineProperty on the global proxy object. 
Review URL: http://codereview.chromium.org/6452004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 16:31:58 +00:00
kmillikin@chromium.org
27ed4d3a1a Prepare for bailout with the proper state at labeled block entries. 
The state here should be NO_REGISTERS.  It was spuriously changed to from
NO_REGISTERS to TOS_REG when TOS_EAX was renamed to TOS_REG.

BUG=v8:1113

Review URL: http://codereview.chromium.org/6452007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6682 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 15:51:49 +00:00
ricow@chromium.org
f64966085e x64: Add MulI and DivI to lithium instructions. 
Review URL: http://codereview.chromium.org/6448001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 14:37:50 +00:00
lrn@chromium.org
2f32f27e8f Correct propagation of exceptions from setters. 
BUG=v8:1105
TEST=test/mjsunit/regress/regress-1105.js

Review URL: http://codereview.chromium.org/6451003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 14:04:27 +00:00
kmillikin@chromium.org
bf3c3eb9cb Fix a possible duplicate AST ID for deoptimization. 
For redeclarations of variables that alias the parameters in functions
using arguments, we need to avoid re-visiting the shared variable
rewrite.

BUG=v8:1104

Review URL: http://codereview.chromium.org/6453004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 14:00:22 +00:00
whesse@chromium.org
39c855bd48 Bailout from crankshaft if a global property is found in the prototype chain of the global object, not on the global object itself. 
Review URL: http://codereview.chromium.org/6449002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6678 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 13:28:09 +00:00
ricow@chromium.org
20f2c1c98a Make sure that we do not call is_extensible on the global proxy. 
When calling Object.isExtensible we did not do a check for the global
js proxy. This caused the check on the extensible bit on the map to
return true, even when the bit was set to false on the global js
object.


Review URL: http://codereview.chromium.org/6450003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 13:09:07 +00:00
vegorov@chromium.org
a2c9ca7464 Speedup decodeURI/decodeURIComponent by switching from charAt(i) to charCodeAt(i) in Decode. 
Original patch by Alexander Karpinsky.

Review URL: http://codereview.chromium.org/6440001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 13:01:34 +00:00
ricow@chromium.org
81787f986b Make sure that we never call prevent extension on the global proxy, 
but instead call this on the global object.

BUG: 1103

Review URL: http://codereview.chromium.org/6454001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 12:41:16 +00:00
lrn@chromium.org
48fadffcc4 Fix bug in JSON.parse for objects containing "__proto__" as key. 
It added the __proto__ key as a normal key, which made it visible
in enumeration, while reading still hit the hard-coded accessor.

Review URL: http://codereview.chromium.org/6451002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 11:38:15 +00:00
whesse@chromium.org
46e82e2f7e X64 Crankshaft: Implement DoCodeStub on X64 platform. 
Review URL: http://codereview.chromium.org/6451001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 11:26:42 +00:00
fschneider@chromium.org
f740d1adbe Refactor lithium instructions for constants. 
1. Remove unnecessary superlcass LConstant.
2. Use hydrogen accessor instead of duplicating the value.

Review URL: http://codereview.chromium.org/6410120

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6672 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 10:45:21 +00:00
vegorov@chromium.org
76cf30d9c8 Support %_IsConstructCall in the Crankshaft pipeline. 
Provide special case for f.bind(obj).

Review URL: http://codereview.chromium.org/6368138

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 10:08:47 +00:00
whesse@chromium.org
fde8419697 X64 Crankshaft: Use TypeRecordingBinaryStub in crankshaft. 
Review URL: http://codereview.chromium.org/6449001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 09:43:24 +00:00
ager@chromium.org
52cfd6ab16 Fixed a number of issues on x64 crankshaft port: 
- Don't use SmiSub when overflow can occur. It asserts that overflow
  does not happen.

- Actually use CompareICs and signal to crankshaft whether or not smi
  code was inlined.

- Fix bug in CmpI where 64 bits were compared instead of 32 bits.

- Implement Throw, DeferredStackCheck, StoreKeyedFastElement in
  lithium backend.

BUG=
TEST=

Review URL: http://codereview.chromium.org/6312193

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 07:49:59 +00:00
lrn@chromium.org
254915608e X64: Add Crankshaft operation LoadGlobal. 
Copied some serializer-related checks and counters from ia32.

Review URL: http://codereview.chromium.org/6312186

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6667 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-07 14:15:05 +00:00
ager@chromium.org
596b25511d x64: Implement SmiUntag, SmiTag, LoadHeapObject and LoadNamedGeneric 
in the lithium backend.

Review URL: http://codereview.chromium.org/6312185

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-07 14:11:53 +00:00
lrn@chromium.org
19be2622bb X64: Disable crankshaft if serializerion is enabled. 
Review URL: http://codereview.chromium.org/6413017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-07 13:41:02 +00:00
ricow@chromium.org
7baa1198cd Prepare push to trunk. Now working on version 3.1.3. 
Review URL: http://codereview.chromium.org/6286145

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-07 12:33:21 +00:00
kmillikin@chromium.org
919610969c Do not compile the unreachable body of functions with illegal redeclarations. 
Revision 6635 added an assert on IA32 that there were no 'const' parameters.
This assert could be hit at compile time because we compiled the unreachable
body of functions with illegal redeclarations, which are thrown at runtime.

Review URL: http://codereview.chromium.org/6286144

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-07 09:55:42 +00:00
sandholm@chromium.org
f64976e62d Improve ScanJsonNumber. 
Review URL: http://codereview.chromium.org/6334106

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-07 08:57:06 +00:00
sgjesse@chromium.org
247beac285 Fix an issue in DoMulI and address mjsunit test failure. 
BUG=v8:1098
TEST=mjsunit/compiler/regress-intoverflow.js

Patch by Rodolph Perfetta from ARM Ltd.

Review URL: http://codereview.chromium.org/6312151


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-07 07:39:40 +00:00
peterhal@chromium.org
39957aa741 Issue 117 - strict mode and future reserved words 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6653 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 18:36:37 +00:00
mmaly@chromium.org
87233c49c8 Pass strict mode to eval. 
Code review feedback.

Code Review URL: http://codereview.chromium.org/6286043/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 18:15:49 +00:00
vegorov@chromium.org
10f715e3ff Restore context after LApplyArguments. 
BUG=v8:1099
TEST=test/mjsunit/regress/regress-1099.js

Review URL: http://codereview.chromium.org/6246106

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 15:42:02 +00:00
lrn@chromium.org
19b734fd82 Fix potential overwriting of debug jumps of following code. 
Add JSArrayLength, CallKnownFunction, and InstanceType operations.
Remove LadGlobal and StoreGlobal again (they fail).

Review URL: http://codereview.chromium.org/6347067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 14:09:03 +00:00
fschneider@chromium.org
d86ac17a6e Fix ARM debug build. Insert missing declaration. 
Review URL: http://codereview.chromium.org/6250160

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6640 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 13:46:09 +00:00
antonm@chromium.org
aecb05354b Landing for Zaheer Ahmad. 
Direct call api functions (arm implementation)

See: http://codereview.chromium.org/6170001/

Review URL: http://codereview.chromium.org/6286078

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 13:43:38 +00:00
fschneider@chromium.org
17da434b29 Remove instruction summaries. 
Instead of constructing a temporary container for all LOperands of each
instruction, the register works directly on the LIR instructions that
 provide an abstract interface for input/output/temp operands.

This saves allocation of zone memory and speeds up LIR construction,
but makes iterating over all uses in the register allocator slightly
more expensive because environment uses are stored in a linked list of
environments. We can fix this by using a flat representation of LOperands.


Review URL: http://codereview.chromium.org/6352006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6638 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 13:28:23 +00:00
whesse@chromium.org
f1acd1299d X64 Crankshaft: Port TaggedToI to X64. 
Review URL: http://codereview.chromium.org/6368097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 13:16:51 +00:00
ricow@chromium.org
8a7889182e Make sure that we don't actually overwrite a property that has failed access checsk with Object.defineProperty. 
Review URL: http://codereview.chromium.org/6246103

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6636 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 12:14:56 +00:00
kmillikin@chromium.org
32cd13ebf1 Remove the redundant load on every context lookup. 
There was an unnecessary load on every statically-resolved context lookup.
Remove it.

This revealed a hidden bug in const initializers inside 'with'.  They claim
to be statically resolved (having slot type CONTEXT) but they occur in a
spot where the runtime context chain and the static scope chain do not
agree.  This is fixed by special casing const initializers in the backend.

Review URL: http://codereview.chromium.org/6384020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 12:06:41 +00:00
karlklose@chromium.org
f4575b5d39 ARM: Implement DoCmpID and DoCmpIDAndBranch in the lithium code generator. 
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6379007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 11:22:18 +00:00
whesse@chromium.org
c5de2c95fa X64 Crankshaft: Add bit operations and shifts to x64 crankshaft. 
Review URL: http://codereview.chromium.org/6246099

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 11:10:39 +00:00
sgjesse@chromium.org
8d4e0bb39c ARM: Add support for and, or and xor to the type recording binary op stub. 
Review URL: http://codereview.chromium.org/6250126

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 10:52:19 +00:00
vegorov@chromium.org
b254d727a6 Fix compliance bug in decodeURI/decodeURIComponent. 
Review URL: http://codereview.chromium.org/6349105

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6630 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 10:38:49 +00:00
sgjesse@chromium.org
84de496896 Implements DoubleToI on ARM. Refactor some VFP code at the same time and 
fix the simulator behaviour.

BUG=none
TEST=added to cctest/test-assembler-arm.cc

Patch by Rodolph Perfetta from ARM Ltd.

Review URL: http://codereview.chromium.org/6368053


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 07:08:50 +00:00
ager@chromium.org
3a214b8f50 x64: Implemented object, array and function literals in lithium codegen. 
Review URL: http://codereview.chromium.org/6371019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-04 06:54:45 +00:00
peterhal@chromium.org
c894b1f317 Fix bugs 992, 1083 and 1092 
My previous patch added an assert which uncovered 1092 in the sputnik tests.
This patch adds the fix for 1092, which is to ensure that NormalizeProperties
does not get called for a JSGlobalProxy along all code paths.

Add sputnik tests to .gitignore.

BUG=
TEST=

Review URL: http://codereview.chromium.org/6286060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 19:29:10 +00:00
antonm@chromium.org
710fbd2cfb Do proper security checks when accessing elements with getOwnPropertyDescriptor. 
This extends logic applied to regular properties to elements.

Review URL: http://codereview.chromium.org/6246055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 18:09:51 +00:00
ager@chromium.org
c554faa74d X64: Implement FixedArrayLength, BoundsCheck, LoadElements, 
LoadKeyedFastElement in lithium codegen.

Tested locally by hardcoding DoTaggedToI to convert smis to untagged.

Review URL: http://codereview.chromium.org/6312124

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 17:01:10 +00:00
ager@chromium.org
8cdcbd7064 Don't use eax on x64. :) 
TBR=ricow

Review URL: http://codereview.chromium.org/6312122

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 16:07:52 +00:00
ager@chromium.org
63d1b2c7f4 X64: Implement DoCallConstantFunction, DoLeaveInlined and DoCompareMap 
in lithium-x64.

Review URL: http://codereview.chromium.org/6410060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6623 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 15:40:20 +00:00
whesse@chromium.org
13e8360d94 X64 Crankshaft: Add TypeRecordingBinaryStub to X64 
Review URL: http://codereview.chromium.org/6366028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 15:36:44 +00:00
ager@chromium.org
015e72bbf5 Minor cleanup in messages.js. Remove unused variables and fix formatting. 
Review URL: http://codereview.chromium.org/6410058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 14:02:13 +00:00
ricow@chromium.org
a2aa84873e Add regression test for the deoptimizer immediately followed by gc bug. 
In addition to the regression test I changed the gc-extension to take
a boolean flag specifying if compaction should be used (default is
false, existing tests will not change behaviour)

The regression test is disabled on arm and x64 with crankshaft
enabled. I made a bug to track this:
http://code.google.com/p/v8/issues/detail?id=1094


Review URL: http://codereview.chromium.org/6312118

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 13:47:27 +00:00
kmillikin@chromium.org
97ccdd1e99 Introduce a hydrogen value for contexts, support context slot assignment. 
Each context in the context chain has a corresponding hydrogen value.
The context values are used for global object lookup and context slot
lookup.  Add simple (non-compound) assignment to context slots.

Review URL: http://codereview.chromium.org/6390003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 13:10:28 +00:00
danno@chromium.org
a2fb4a12bb Create specialized code stubs for PixelArray loads. 
Review URL: http://codereview.chromium.org/6287030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 12:50:50 +00:00
antonm@chromium.org
0da3dc3e43 Properly process getOwnPropertyDescriptor for elements on global proxy object. 
We need to go down to actual global object to perform those operations.

Review URL: http://codereview.chromium.org/6246054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 10:19:41 +00:00
kmillikin@chromium.org
e4a4804546 Streamline the code for patching optimized code for lazy deopt. 
Rewrite the lazy deopt patching code on IA32 to use addresses throughout,
rather than offsets and a base address.

Also, rename a couple of ambiguous Code fields from _start to _offset.

Review URL: http://codereview.chromium.org/6334083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 10:07:22 +00:00
fschneider@chromium.org
26287403ae Fix bug in pretenuring function literals from optimized code. 
Review URL: http://codereview.chromium.org/6368074

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6610 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 09:10:54 +00:00
sgjesse@chromium.org
d86e430630 Implements Modulo operation on ARM for DoArithmeticD. 
BUG=none
TEST=none

Patch by Rodolph Perfetta from ARM Ltd.

Review URL: http://codereview.chromium.org/6248004


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 08:59:14 +00:00
mikhail.naganov@gmail.com
2d9c65901b Heap profiler: fix removed DOM wrappers reporting. 
Aggregated snapshots: don't report unreachable objects.
Full snapshots: restore forcing GC prior to taking a snapshot.

I played with the repro page provided for the bug and found that GC
must be performed prior to taking a snapshot even if we only report
reachable objects. GC allows weak handles to finalize.  Now heap
profiler produces aligned results for the repro page in both modes.

BUG=crbug/70434
TEST=none

Review URL: http://codereview.chromium.org/6410030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6598 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 08:45:38 +00:00
ager@chromium.org
25eb1a57c2 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 
directory to make it easy for embedders to reproduce the copyright
notice for binary redistribution.

Removed now obsolete strongtalk directory.

Review URL: http://codereview.chromium.org/6349067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6593 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-03 07:10:06 +00:00
antonm@chromium.org
fed5622671 Better security checks when accessing named properties via Object.getOwnPropertyDescriptor. 
Current approach returns undefined descriptor if caller is not granted v8::HAS_ACCESS.
If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS check is
performed and value property of the descriptor is set to undefined if caller doesn't
have proper access.  For JS accessors both v8::GET_ACCESS and v8::SET_ACCESS are checked
and affect if getter and setter would be stored in the descriptor.

Review URL: http://codereview.chromium.org/6286020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 17:44:29 +00:00
kmillikin@chromium.org
f0573de367 Prepare push to trunk. Now working on version 3.1.2. 
Review URL: http://codereview.chromium.org/6312090

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 16:02:11 +00:00
kmillikin@chromium.org
ca936dae9e More of the fix for V8 issue 1079. 
The arguments property of functions, if we find an optimized frame for
the function, is always a freshly allocated object.  We never try to
find an existing arguments object.

Review URL: http://codereview.chromium.org/6349050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 15:08:29 +00:00
antonm@chromium.org
be1f20f828 Follow up to r6540: remove early return from C++ builtin as well. 
Review URL: http://codereview.chromium.org/6347037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 14:17:47 +00:00
erik.corry@gmail.com
0097f005fd Fix code generation bug on ARM in classic codegen. 
Review URL: http://codereview.chromium.org/6246045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 14:14:55 +00:00
kmillikin@chromium.org
63593f0996 Fix x64 DEBUG build. 
TBR=whesse@chromium

Review URL: http://codereview.chromium.org/6349049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 14:08:30 +00:00
lrn@chromium.org
2d15eb9a90 Fix bug in object literals with large array indexes as strings. 
Review URL: http://codereview.chromium.org/6410028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 14:02:58 +00:00
kmillikin@chromium.org
f1149734fc Partial fix for V8 issue 1079. 
Record a safepoint with a deoptimization id for throw in optimized code.  We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw).  For
hygiene we use the actual ID of the throw expression.  Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit.  This is required to insert a simulate between the throw and the exit.

Make our optimized treatment of Function.prototype.apply act like a call and
have side effects.  This ensures that it will get a lazy deoptimization
environment.  Use that deoptimization ID in the safepoint for the call.

Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction.  Record the
environment and use the deoptimization ID at the safepoint.

Review URL: http://codereview.chromium.org/6250105

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 13:55:29 +00:00
vegorov@chromium.org
09b3041a57 GDBJIT: emit .eh_frame section on x64. 
This enables proper stack unwinding on x64.

Currently this requires V8 to be compiled without snapshot and --gdbjit-full to be enabled.

Original patch by Sanjoy Das (http://codereview.chromium.org/6371011/)

Review URL: http://codereview.chromium.org/6250104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 13:32:18 +00:00
ager@chromium.org
73a4ecfae1 A MessageObject is a purely internal object to hold information about 
an error message that needs to be generated and reported. This change
hides all of the error information from JavaScript code so user
callbacks cannot get hold of it.

Review URL: http://codereview.chromium.org/6368051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 13:31:52 +00:00
whesse@chromium.org
a5f94a4862 Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5). These are not equal to sqrt(-0) and 1/sqrt(-0). Add tests for these cases. Fixes V8 issue 1088. 
BUG=1088
TEST=test/mjsunit/math-pow.js

Review URL: http://codereview.chromium.org/6368050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 12:54:58 +00:00
karlklose@chromium.org
8152635387 Extract platform independent part of RevertStackCheckCode. 
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6349046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 11:58:24 +00:00
sgjesse@chromium.org
8fe563cba6 ARM: Refactor duplicated floating point code in type recording binary operation stub. 
Review URL: http://codereview.chromium.org/6334045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 10:30:41 +00:00
vegorov@chromium.org
6751627615 Require typed input representation for HTypeof hydrogen instruction. 
BUG=http://code.google.com/p/chromium/issues/detail?id=71647
TEST=test/mjsunit/regress/regress-71647.js

Review URL: http://codereview.chromium.org/6410025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 09:52:57 +00:00
ricow@chromium.org
cb0a7bc748 This fixes the issue with the deoptimizer trashing the reloc info before patching the code. 
If we, immediately after the deoptimization, but before actually
running the patched code, get a compacting GC, the addresses from the
calls might no longer be valid.

I have validated that this works by patching the existing code to
always do a compacting gc after we finish deoptimizing. I will create
a real regression test for this, but this includes additional code for
allowing us to force a deopt/opt from javascript test code. I will
land this in a seperate change.


Review URL: http://codereview.chromium.org/6349043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6565 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 09:40:09 +00:00
ricow@chromium.org
0dd951ee84 Revert revision 6555 as it causes win32 debug to fail. 
Review URL: http://codereview.chromium.org/6349044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-02 08:14:06 +00:00
vegorov@chromium.org
2c93e885f3 Switch from template functions overloading to partial template specialization. 
This should fix compilation on old GCC.

Review URL: http://codereview.chromium.org/6350012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6563 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 20:47:53 +00:00
peterhal@chromium.org
5ca89179d7 Revert "Fix bugs 992 and 1083" 
This reverts commit 6561 as the new assert caused failures in sputnik.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 20:08:01 +00:00
peterhal@chromium.org
9c89aa6dd9 Fix bugs 992 and 1083 
Fixes JS portion of DefineOwnProperty when there is
an existing property and the new descriptor is generic.

Makes code follow spec steps more closely.

Fixes typo for check for unchanged enumerable in step 6.

Adds regression tests.
Fixes errors in object-define-property test

Don't normalize the JSGlobalProxy. Gets webkit http/tests/security/xss-DENIED-defineProperty.html working.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 17:08:14 +00:00
sgjesse@chromium.org
a453a3ce65 ARM: Add multiplication and modulus to the type recording binary operation stub. 
For now the smi part only handles power of two right hand side operands.

Fixed a bug when loading floating point value into core registers with VFP supported.
Review URL: http://codereview.chromium.org/6312059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 16:38:25 +00:00
mmaly@chromium.org
a0c96dc3fb Fix error message name. 
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 16:08:44 +00:00
vegorov@chromium.org
03e1036fde Fix control flow resolution bug in lithium register allocator. 
Review URL: http://codereview.chromium.org/6312057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 14:33:23 +00:00
antonm@chromium.org
32a631d8bc Compare JSObjects by identity immediately. 
When invoking EQUALS JS builtin, 1st argument is passed as a receiver and
if it's a global object, it gets overwritten with global proxy object and
thus one gets incorrect results.

BUG=v8::1082

Review URL: http://codereview.chromium.org/6287018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 13:29:37 +00:00
ager@chromium.org
471c0d2983 Avoid callbacks to user code during error formatting in a couple of 
other situations.

Do not use overwritten Object.prototype.hasOwnProperty and
Array.prototype.pop. Do not use split and join in the error formatting
implementation. They are too big to control and their generality is
not needed.

Review URL: http://codereview.chromium.org/6287041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6552 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 12:31:16 +00:00
karlklose@chromium.org
5264d17d8f Change OSR stack check patching to use the stack check table. 
Change OSR stack check patching to use the stack check table to iterate over the calls to stack guards platform independent. Introduce Deoptimizer::PatchStackCheckAt for each platform to perform the platform specific patch at a given pc.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6392027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6551 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-01 11:18:45 +00:00
mmaly@chromium.org
aa779b3842 Fix V8 bug 1084: allow "\0" in strict mode as valid escape sequence. 
http://code.google.com/p/v8/issues/detail?id=1084

Code Review URL: http://codereview.chromium.org/6386014/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-31 22:35:27 +00:00
antonm@chromium.org
a38a8ffab0 ArraySplice builtin should return empty array and not alter receiver if invoked with no arguments. 
Review URL: http://codereview.chromium.org/6357025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-31 14:54:53 +00:00
antonm@chromium.org
1023f569b9 Perform security checks before fetching the value in Object.getOwnPropertyDescriptor. 
Review URL: http://codereview.chromium.org/6386022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-31 13:49:15 +00:00
whesse@chromium.org
cc90e3e54b Fix typo in Changelog, date in version.cc. 
Review URL: http://codereview.chromium.org/6287016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-31 12:37:19 +00:00
fschneider@chromium.org
4e7ddab6dc Fix a bug in the placement of minus-zero checks and in GVN. 
1. The placement of checks for negative zero has to be computed after
all conversion instructions have been inserted. I separated the code
into its own phase.

2. GVN need to take instruction flags into account when comparing
instructions for redundancy.

Review URL: http://codereview.chromium.org/6260035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-31 12:36:54 +00:00
whesse@chromium.org
09368a0af6 Prepare push to trunk. Now working on version 3.1.1. 
Review URL: http://codereview.chromium.org/6347035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-31 10:25:44 +00:00
ager@chromium.org
8198db7934 ARM: Add support for DoMathAbs with double inputs. 
Adds vabs instruction to simulator, assembler, disassembler and tests.

BUG=none
TEST=Added to cctest.

Review URL: http://codereview.chromium.org/6366016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-31 10:16:28 +00:00
ager@chromium.org
0a9004aa07 Adding vendor prefix to Locale class (becoming v8Locale) to minimize risk of future changes. 
Review URL: http://codereview.chromium.org/6332022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-31 09:58:12 +00:00
fschneider@chromium.org
e3366d8bf5 Fix bug in tail call of builtin in the ToNumber stub on ARM. 
Review URL: http://codereview.chromium.org/6255017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-28 17:24:10 +00:00
kmillikin@chromium.org
78b9981b90 Revert "Add custom typed ICs for pixel array loads. " 
This change caused failures in (out of bounds) keyed loads of strings.

TBR'd.

Review URL: http://codereview.chromium.org/6298019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-28 15:07:04 +00:00
fschneider@chromium.org
24843d6310 Introduce ToNumber stub and use it in non-optimized code for to-number conversion. 
This stub is used for increment/decrement operations and unary plus.
The resulting code is more compact and faster than calling a JS builtin.


Review URL: http://codereview.chromium.org/6350021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-28 14:18:26 +00:00
danno@chromium.org
afd0906204 Add custom typed ICs for pixel array loads. 
Review URL: http://codereview.chromium.org/6323002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6526 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-28 14:06:20 +00:00
ager@chromium.org
f8b74a1541 Avoid using Function.prototype.call in a number of places in our 
builtins files. We should always use %_CallFunction for a couple of
reasons: it cannot be overwritten and it does not wrap basic types in
wrapper objects.

Review URL: http://codereview.chromium.org/6349018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6524 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-28 10:33:10 +00:00
ager@chromium.org
4968d50d8f Prepare push to trunk. Now working on version 3.1.0. 
Review URL: http://codereview.chromium.org/6286014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-28 07:55:43 +00:00
antonm@chromium.org
c5c4f0eda5 Revert "Unification: introduce ExternalReference::pending_exception_address()." 
This reverts r6518.

TBR=ager@chromium.org

Review URL: http://codereview.chromium.org/6359015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 18:21:07 +00:00
antonm@chromium.org
bea909a9bf Unification: introduce ExternalReference::pending_exception_address(). 
Review URL: http://codereview.chromium.org/6335016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 18:10:45 +00:00
ricow@chromium.org
b4a2e91d45 Implement DoGlobalReceiver and DoCheckFunction lithium instructions on x64 
Review URL: http://codereview.chromium.org/6277024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 16:41:43 +00:00
antonm@chromium.org
1c144edd95 Do not set result_ prematurely. 
If ConfigureGlobalObjects below will fail, we still decide that initialidation
went smoothly as we check emptiness of result_ handle to see if initialisation
failed or not.

Review URL: http://codereview.chromium.org/6347021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6516 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 16:17:13 +00:00
antonm@chromium.org
67f3a0e7f5 Better name for ShouldReturnException which actually should be ShouldReportException. 
Review URL: http://codereview.chromium.org/6368019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6515 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 14:25:37 +00:00
fschneider@chromium.org
d82332ebb7 Cleanup unused code from the type oracle. 
Review URL: http://codereview.chromium.org/6135004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 14:04:07 +00:00
vegorov@chromium.org
af81c537b2 Fix id for HandleScope::DeleteExtensions and Factory::arguments_marker() in serializer. 
Review URL: http://codereview.chromium.org/6357020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 13:17:34 +00:00
lrn@chromium.org
35a85c1b06 X64 Crankshaft: Added yet more operations. 
Added operations:
DoStoreGlobal
DoLoadNamedField
DoStoreNamedField
DoCheckPrototypeMaps
DoEnterInlined

Review URL: http://codereview.chromium.org/6308019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 13:02:48 +00:00
lrn@chromium.org
4f11447073 X64 Crankshaft: Reapply reverted operations with DoLoadGlobal disabled. 
Review URL: http://codereview.chromium.org/6397002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 11:58:31 +00:00
sgjesse@chromium.org
3e811483f2 Change an invalid assert 
BUG=v8:1079
Review URL: http://codereview.chromium.org/6332019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 11:55:58 +00:00
ager@chromium.org
dc61921bbf Fix reintroduction of global variables that have been deleted. 
Deletion of global properties puts 'the hole' in the global property
cell and updates the property details in the property dictionary with
the information that the property has been deleted. When setting
global properties that have been deleted in generated code we just
store the new value in the global property cell. This does not update
the property details in the property dictionary. Therefore, it looks
like the property is not there eventhough it was just reintroduced.

Perform 'the hole' checks in generated code for global property stores
and bail out of ICs and optimized code if storing to a property cell
that contains 'the hole'.

Review URL: http://codereview.chromium.org/6306014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6508 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 08:35:39 +00:00
karlklose@chromium.org
592089419d ARM: Implement DoInstanceOfAndBranch in the lithium code generator. 
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6364007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6507 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-27 03:22:08 +00:00
sgjesse@chromium.org
4c6329c8f8 ARM: Try to fix broken commit r6504 
Commit contained wrong assert and was missing call to the runtime system for MUL.

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/6338019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 21:15:46 +00:00
karlklose@chromium.org
3141494c3e Refactor recording of safepoints. 
Refactor SafepointTableBuilder::DefineSafepoint and ARM LCodeGen::RecordSafepoint to use an enum for different kinds of safepoints. This change removes a lot of duplicated code and makes it easier to include new kinds of safepoints in the future. The remaining variants of LCodeGen::RecordSafepoint remain as a convinient way to record common safepoint kinds.

BUG=http://code.google.com/p/v8/issues/detail?id=1043
TEST=none

Review URL: http://codereview.chromium.org/6341008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6505 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 20:48:48 +00:00
sgjesse@chromium.org
33c591b4ad ARM: Add multiplication to the type recording binary operation stub 
Review URL: http://codereview.chromium.org/6391004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 20:25:33 +00:00
mmaly@chromium.org
d07f1d62ff Strict mode eval/arguments LHS. 
Review URL: http://codereview.chromium.org/6335013/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 19:21:46 +00:00
mmaly@chromium.org
498e3ce3cc Compress Variable class. 
Review Link: http://codereview.chromium.org/6246019/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6502 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 18:15:43 +00:00
kmillikin@chromium.org
c1bbd04dce Remove the HInstruction utilities taking flag mask arguments. 
It is a type error to treat a flag (an enum) as if it were a flag mask (an
int derived from shifting a bit by the enum value).  It is error prone to
have functions that take flag mask arguments because they will silently
accept flags.

Review URL: http://codereview.chromium.org/6373011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6500 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 17:32:02 +00:00
kmillikin@chromium.org
09e967b38f Use more detailed compilation info for inlined functions. 
Construct the statically-known compilation info for inlined functions using
the target closure (which knows about its scope chain) and not from the
shared function info (which doesn't).

Review URL: http://codereview.chromium.org/6397004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 17:30:22 +00:00
fschneider@chromium.org
38b91a4ffe Fix issue 1076 by resetting labels of switch-clauses before use. 
If we compile a function literal twice with the full code generator,
we must make sure that the labels embedded in the AST are reset.

BUG=1076

Review URL: http://codereview.chromium.org/6339014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6496 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 15:28:17 +00:00
ager@chromium.org
eb3970c822 Fix another message object leak. 
Review URL: http://codereview.chromium.org/6269021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 15:16:13 +00:00
antonm@chromium.org
be9f5d8548 Fix indentation. 
TBR=serya@chromium.org

Review URL: http://codereview.chromium.org/6260021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6494 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 15:02:02 +00:00
kmillikin@chromium.org
884221f8f0 Change the default implementation of DataEquals for Hydrogen instructions. 
The former default was true. The new default is false and the default
implementation is UNREACHABLE so it asserts in debug builds.  The function
is overridden in all concrete instruction classes that might have the flag
kUseGVN set.

Review URL: http://codereview.chromium.org/6255013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 14:51:21 +00:00
whesse@chromium.org
75c6bffbd1 X64 Crankshaft: Fix compilation error on Windows X64. 
Review URL: http://codereview.chromium.org/6338018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-01-26 13:54:25 +00:00