AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
7,758 Commits 1 Branch 0 Tags 839 MiB
c78825991a
Commit Graph

2545 Commits

Author SHA1 Message Date
yangguo@chromium.org
4b4d75f84e Fixing crash of StringHash test. 
Review URL: http://codereview.chromium.org/8520010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9962 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-10 17:01:32 +00:00
rossberg@chromium.org
a9c1b834f8 A more holistic test case for proxies. 
Depends on http://codereview.chromium.org/8318014/

R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8392038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-10 16:24:43 +00:00
rossberg@chromium.org
830763bda4 Fixing test cases for correct assertSame. 
Leaving out derived construct trap for now, which I'm working on separately.

R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8506020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-10 15:48:07 +00:00
yangguo@chromium.org
07ee3e6e5c Fixing generated hash function on all platforms. 
BUG=v8:1808
TEST=cctest/test-hashing.cc

Review URL: http://codereview.chromium.org/8512004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9956 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-10 14:26:57 +00:00
rossberg@chromium.org
8caa6eb732 Fix instanceof a function proxy. 
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8520001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9954 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-10 13:39:22 +00:00
yangguo@chromium.org
dbd3578e3e MIPS: Fix the cctest QuietSignalingNaNs for MIPS. 
MIPS uses a different NAN bit pattern to represent quiet or
signalling NANs than does x86 or ARM.

BUG=
TEST=

Review URL: http://codereview.chromium.org/8510007
Patch from Gergely Kis <gergely@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-10 08:25:23 +00:00
yangguo@chromium.org
6157562994 Simplify StringCharCodeAt in non-crankshaft codegen. 
TEST=test/mjsunit/string-slices.js

Review URL: http://codereview.chromium.org/8510005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-09 14:32:51 +00:00
yurys@chromium.org
8b7bcc4e80 Add getters for column number and script id to v8::Function 
Review URL: http://codereview.chromium.org/8508008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-09 14:18:30 +00:00
mstarzinger@chromium.org
4391aff4a3 Temporarily skip one Mozilla regression test. 
R=erik.corry@gmail.com
BUG=v8:1817
TEST=mozilla/js1_5/Regress/regress-360969-05

Review URL: http://codereview.chromium.org/8508006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9931 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-09 13:11:11 +00:00
yangguo@chromium.org
53c6077cee Fixing issue 103259. 
BUG=103259
TEST=regress-103259.js

Review URL: http://codereview.chromium.org/8498011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 14:59:40 +00:00
rossberg@chromium.org
f936aac43e Make _CallFunction proxy-aware. 
Change calling convention for CallFunction stub.
Some fixes regarding strict mode call traps.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8318014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9916 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 14:39:37 +00:00
keuchel@chromium.org
72dba271eb Reapply r9870 "Remove some initialization checks based on source positions.". 
This reverts r9896 "Revert r9870 due to browser-test failures." See below for
the diff from the previous version for the ia32 platform. The code for other
platforms has been changed accordingly.

TEST=mjsunit/compiler/lazy-const-lookup.js

diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index 2cbf518..1990f2f 100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -1258,13 +1258,17 @@ void FullCodeGenerator::EmitVariableLoad(VariableProxy* proxy) {
         // binding is initialized:
         //   function() { f(); let x = 1; function f() { x = 2; } }
         //
-        // Check that we always have valid source position.
-        ASSERT(var->initializer_position() != RelocInfo::kNoPosition);
-        ASSERT(proxy->position() != RelocInfo::kNoPosition);
-        bool skip_init_check =
-            var->mode() != CONST &&
-            var->scope()->DeclarationScope() == scope()->DeclarationScope() &&
-            var->initializer_position() < proxy->position();
+        bool skip_init_check;
+        if (var->scope()->DeclarationScope() != scope()->DeclarationScope()) {
+          skip_init_check = false;
+        } else {
+          // Check that we always have valid source position.
+          ASSERT(var->initializer_position() != RelocInfo::kNoPosition);
+          ASSERT(proxy->position() != RelocInfo::kNoPosition);
+          skip_init_check = var->mode() != CONST &&
+              var->initializer_position() < proxy->position();
+        }
+
         if (!skip_init_check) {
           // Let and const need a read barrier.
           Label done;

Review URL: http://codereview.chromium.org/8479034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9915 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 13:28:53 +00:00
ulan@chromium.org
0d536dec26 Shrink the new space and uncommit marking deque on low memory notification. 
BUG=v8:1669
TEST=cctest/test-heap/CollectingAllAvailableGarbageShrinksNewSpace

Review URL: http://codereview.chromium.org/8065003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9912 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 12:42:02 +00:00
mstarzinger@chromium.org
e24c612a5e Fix setting array length to be ES5 conform. 
This also refactors the way we set the length of an arrays' backing
store to use the new elements accessor interface. The actual fix is in
DictionaryElementsAccessor::SetLengthWithoutNormalize() where we first
search for non-deletable elements according to ES5 section 15.4.5.2
specifications.

Snippet from the specification: Attempting to set the length property of
an Array object to a value that is numerically less than or equal to the
largest numeric property name of an existing array indexed non-deletable
property of the array will result in the length being set to a numeric
value that is one greater than that largest numeric property name.

R=danno@chromium.org
TEST=test262/15.4.4.??-7-b-16

Review URL: http://codereview.chromium.org/8372064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9911 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 11:59:56 +00:00
fschneider@chromium.org
4627023b38 Revert r9901 to make tree green again. 
There was a test failure on x64 mozilla tests.

TBR=ricow@chromium.org
Review URL: http://codereview.chromium.org/8495011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 09:56:09 +00:00
fschneider@chromium.org
cac3008437 [hydrogen] optimize switch with string clauses 
Hydrogen should optimize not only SMI clauses, but clauses with string literals
too.

Patch from fedor.indutny <fedor.indutny@gmail.com>.

R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8373029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 09:08:33 +00:00
mstarzinger@chromium.org
bca8d42e3b Revert r9596 due to page-cycler regressions. 
R=vegorov@chromium.org

Review URL: http://codereview.chromium.org/8463006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-04 13:05:16 +00:00
jkummerow@chromium.org
9625d5d4a0 Fix Array.{splice,slice} to set proper ElementsKind of result 
TEST=mjsunit/elements-kind.js

Review URL: http://codereview.chromium.org/8430036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-04 12:47:58 +00:00
jkummerow@chromium.org
f2787a42b0 Fix JSObject::EnsureCanContainElements to correctly iterate over Arguments 
TEST=mjsunit/elements-kind.js

Review URL: http://codereview.chromium.org/8437094

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9881 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-04 12:31:44 +00:00
jkummerow@chromium.org
8450c60d47 Fix Runtime_ArrayConcat to handle FAST_DOUBLE_ELEMENTS 
TEST=mjsunit/elements-kind.js; stanford-crypto-sha256-iterative in debug mode

Review URL: http://codereview.chromium.org/8334028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9880 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-04 12:19:35 +00:00
mstarzinger@chromium.org
0bbfb46aa6 Fix Harmony sets and maps to allow undefined as keys. 
This uses a global sentinel as a replacement for undefined keys, which
are not supported internally but required for Harmony sets and maps.

R=rossberg@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections

Review URL: http://codereview.chromium.org/8439069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-03 14:33:58 +00:00
mstarzinger@chromium.org
79cadcc947 Fix Harmony sets and maps to allow null as key. 
This changes the internal convention for marking deleted entries in hash
tables from null_value to the_hole_value, which is consistent with other
usages of the_hole.

R=rossberg@chromium.org,kmillikin@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections

Review URL: http://codereview.chromium.org/8343056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9871 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-03 14:17:05 +00:00
keuchel@chromium.org
80d1b898fb Fix gcc-4.6 warnings. 
BUG=v8:1806

Review URL: http://codereview.chromium.org/8386072

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-03 08:59:01 +00:00
lrn@chromium.org
65b9ab93af Merged Scanner and JavaScriptScanner. 
JavaScriptScanner had become the only concrete subclass of Scanner, so there
was no longer a need for the distinction.

Also fixed up comments.

Review URL: http://codereview.chromium.org/8384003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9854 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-01 07:47:15 +00:00
danno@chromium.org
0766a138a6 Add and use ElementsKind side effect 
Also partition side effects into observable and not observable, with only observable requiring Simulates and non-observable changes able to participate in GVN and code hoisting.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8380017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-31 14:15:10 +00:00
mstarzinger@chromium.org
358d7c2078 Adapt date test to be timezone independant. 
R=yangguo@chromium.org
BUG=v8:1792
TEST=mjsunit/date

Review URL: http://codereview.chromium.org/8423004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-31 11:15:23 +00:00
lrn@chromium.org
30465596e6 Make eval consider anything on the form eval(args...) a potential direct cal 
Previously we omitted all cases where the global eval property was shadowed,
even if by a variable holding the same value. ES5 requires us to treat these
as direct calls.

We still throw if calling indirect eval with a detached global object.

BUG=v8:994
TEST=mjsunit/eval.js

Review URL: http://codereview.chromium.org/8343054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-31 09:38:52 +00:00
mstarzinger@chromium.org
00bafbbc9d Mark Test262 test cases for known issue 1772. 
R=svenpanne@chromium.org
BUG=v8:1772
TEST=test262

Review URL: http://codereview.chromium.org/8341111

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-28 13:03:55 +00:00
danno@chromium.org
6d7d6d4e4e Force transition to FAST_ELEMENTS on out-of-bounds KeyedLoads. 
Proactively ensure that that objects don't get FAST_DOUBLE_ELEMENTS to reduce the number of double boxing operations when generated code calls the runtime frequently to satisfy KeyedLoad requests.

Review URL: http://codereview.chromium.org/8416014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-28 10:35:38 +00:00
mstarzinger@chromium.org
6d950a748f Fix assertSame for unit testing harness. 
Using isNaN() here is bogus because it performs an implicit toNumber()
conversion, hence something like assertSame(undefined, {}) would not
throw an exception. These are not the NaNs you are looking for.

R=rossberg@chromium.org
TEST=mjsunit

Review URL: http://codereview.chromium.org/8400056

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-28 09:09:51 +00:00
mstarzinger@chromium.org
cd9bc6c3a6 Fix error handling in Date.prototype.toISOString. 
This fixes Date.prototyoe.toISOString to throw a RangeError exception
for invalid time values. It also includes a fix to removes the arbitrary
(and completely bogus) range limit on the date value during construction
of a Date object. Note that we still have bogus range limits on the year
and month values.

R=lrn@chromium.org
BUG=v8:1792
TEST=mjsunit/date,test262/15.9.5.43-0-*

Review URL: http://codereview.chromium.org/8392036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-28 08:45:04 +00:00
fschneider@chromium.org
a5b40e27b8 Revert r9805. 
It did not fix the original problem, but instead introduced new ones.

R=vegorov@chromium.org
Review URL: http://codereview.chromium.org/8404037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-27 12:12:53 +00:00
mstarzinger@chromium.org
973383f4e9 Mark Test262 test cases for known issue 1790. 
R=lrn@chromium.org
BUG=v8:1790
TEST=test262/15.4.4.22-9-9

Review URL: http://codereview.chromium.org/8396042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-27 07:50:40 +00:00
ricow@chromium.org
d9597f0086 Skip live edit debug tests, these are flaky because in the case of osr we will get wrong frame heights. 
Review URL: http://codereview.chromium.org/8401029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-27 07:10:25 +00:00
lrn@chromium.org
a9edfefa58 Remove special-casing of calls to RegExp test and exec methods with no argument. 
Matches new JSC behavior. Fix issue 75740.

BUG=75740
TEST=mjsunit/regexp-static

Review URL: http://codereview.chromium.org/6677020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-26 12:51:07 +00:00
mstarzinger@chromium.org
d0ce626477 Fix identity hash code function to respect flag. 
The flag passed to JSObject::GetIdentityHash() was not respected so far
and an indentity hash code was generated even when the flag requested
not to do so. This could lead to a rare corner cases (for which a test
case was added) where a GC request would have been dropped.

R=rossberg@chromium.org
TEST=cctest/test-dictionary

Review URL: http://codereview.chromium.org/8390047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-26 12:23:40 +00:00
mstarzinger@chromium.org
5a33ffd7e8 Fix Error.prototype.toString to be ES5 conform. 
R=lrn@chromium.org
TEST=test262/15.11.4.4-8-1,mjsunit/error-tostring

Review URL: http://codereview.chromium.org/8341021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-26 10:41:52 +00:00
fschneider@chromium.org
2d4bb1803d Fix bug in inlining call-as-function when inlining multiple levels deep. 
This change fixes a off-by-one level error when dropping the
function from the environment. The function of the outermost
environment was not dropped.

BUG=v8:1785
TEST=test/mjsunit/compiler/regress-inline-callfunctionstub.js
Review URL: http://codereview.chromium.org/8341019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-26 10:31:06 +00:00
rossberg@chromium.org
f7d56eb602 Handle proxies in KeyedStoreIC::Store, instead of just ignoring them. 
R=mstarzinger@chromium.org
BUG=v8:1543
TEST=

Review URL: http://codereview.chromium.org/8391005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-26 09:31:40 +00:00
fschneider@chromium.org
f8f8c672b6 Temporarily skip failing test to make sure builders cycle green. 
R=mstarzinger@chromium.org
Review URL: http://codereview.chromium.org/8393005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9779 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 16:11:53 +00:00
vegorov@chromium.org
f8c2d3847f Take loop side-effects into account when collecting side-effects on the path between two blocks. 
R=fschneider@chromium.org
BUG=100409
TEST=test/mjsunit/regress/regress-100409.js

Review URL: http://codereview.chromium.org/8395002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 15:39:55 +00:00
mstarzinger@chromium.org
622d35dc0e Implement Harmony sets and maps. 
This implementation extends the internal ObjectHashTable to be able to
hold arbitrary objects (e.g. Smis, Strings, ...) as keys by applying
specialized hashing functions to primitive types. Equality of keys is
defined using the internal SameValue function.

R=rossberg@chromium.org
BUG=v8:1622
TEST=mjsunit/harmony/collections

Review URL: http://codereview.chromium.org/8372027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 14:14:56 +00:00
keuchel@chromium.org
e8bccc2cb0 Block scoped const variables. 
This implements block scoped 'const' declared variables in harmony mode. They
have a temporal dead zone semantics similar to 'let' bindings, i.e. accessing
uninitialized 'const' bindings in throws a ReferenceError.

As for 'let' bindings, the semantics of 'const' bindings in global scope is not
correctly implemented yet. Furthermore assignments to 'const's are silently
ignored. Another CL will introduce treatment of those assignments as early
errors.

Review URL: http://codereview.chromium.org/7992005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 08:33:08 +00:00
rossberg@chromium.org
46dde044de Adapt to latest spec changes for Proxy.create[Function]. 
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8271005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9761 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 16:25:30 +00:00
rossberg@chromium.org
70dc2fe968 Implement for-in loop for proxies. 
Fix related corner case for Object.keys.
Remove obsolete GET_KEYS builtin.

R=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8256015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 15:56:18 +00:00
yangguo@chromium.org
f92da58e13 Handle COW-arrays correctly when converting smi->double fast elements. 
TEST=mjsunit/elements-transition.js

Review URL: http://codereview.chromium.org/8383002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 15:06:20 +00:00
fschneider@chromium.org
53e7502fa0 Fix bug in environment simulation after inlined call-as-function. 
This change is based on my previous change enabling inlining calls-as-function
fixing the bugs related to deoptimization.

The function value on top of the environment was dropped too late in the old code.
As a result we could get a wrong value on top after deoptimization.

This change includes r9619. It was reverted because of test failures that are fixed
with this patch.
Review URL: http://codereview.chromium.org/8360001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 13:53:08 +00:00
keuchel@chromium.org
c6464d500b Replace boolean indications of strict mode by an enum value. 
Review URL: http://codereview.chromium.org/8344082

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 07:47:22 +00:00
mikhail.naganov@gmail.com
fa0d4ecf43 The detailed heap snapshot generator was slightly adjusted for tracking sliced strings. 
BUG=v8:1779
TEST=cctest/test-heap-profiler/HeapSnapshotSlicedString

Review URL: http://codereview.chromium.org/8362028
Patch from Ilya Tikhonovsky <loislo@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9742 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-21 13:05:37 +00:00
keuchel@chromium.org
666c4be29f Reapply r9673 "Scope tree serialization and ScopeIterator cleanup." 
This also includes the two fixes from r9674 and r9675. Here's the diff
to the previous CL.

 --- a/src/runtime.cc
 +++ b/src/runtime.cc
 @@ -11133,17 +11133,26 @@ class ScopeIterator {
        context_(Context::cast(frame->context())),
        nested_scope_chain_(4) {

 +    // Catch the case when the debugger stops in an internal function.
 +    Handle<SharedFunctionInfo> shared_info(function_->shared());
 +    if (shared_info->script() == isolate->heap()->undefined_value()) {
 +      if (shared_info->scope_info()->HasContext()) Next();
 +      return;
 +    }
 +
      // Check whether we are in global code or function code. If there is a stack
      // slot for .result then this function has been created for evaluating
      // global code and it is not a real function.
      // Checking for the existence of .result seems fragile, but the scope info
      // saved with the code object does not otherwise have that information.
 -    int index = function_->shared()->scope_info()->
 +    int index = shared_info->scope_info()->
          StackSlotIndex(isolate_->heap()->result_symbol());

      // Reparse the code and analyze the scopes.
      ZoneScope zone_scope(isolate, DELETE_ON_EXIT);
 -    Handle<SharedFunctionInfo> shared_info(function_->shared());
      Handle<Script> script(Script::cast(shared_info->script()));
      Scope* scope;
      if (index >= 0) {

Review URL: http://codereview.chromium.org/8344046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-21 10:26:59 +00:00
kmillikin@chromium.org
e3792a6830 Handlify the stub cache lookup and patching for CallIC and KeyedCallIC. 
R=ulan@chromium.org,vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8357010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9729 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-20 17:08:53 +00:00
lrn@chromium.org
a47caee095 Make builtin functions be skipped in stack traces. 
Does include exposed builtin functions ("native functions").

Review URL: http://codereview.chromium.org/8345039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-20 12:31:33 +00:00
erik.corry@gmail.com
8f9721bbbf Shave 39% from snapshot size. 
Review URL: http://codereview.chromium.org/8344079

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-20 12:27:10 +00:00
mstarzinger@chromium.org
d107773867 Adapt sputnik test expectations to last change. 
The version of Sputnik which we test against uses the obsolete ES3
specification when it comes to Function.prototype.apply, ignore some
test cases that are supposed to fail according to ES5.

TBR=rossberg@chromium.org
TEST=sputnik

Review URL: http://codereview.chromium.org/8355005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 15:34:32 +00:00
mstarzinger@chromium.org
67c9a03922 Fix handling Function.apply for non-array arguments. 
R=rossberg@chromium.org
TEST=mjsunit/apply,test262

Review URL: http://codereview.chromium.org/8342034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 13:56:18 +00:00
sgjesse@chromium.org
663bc0fb78 Temporarily skip asserts in test mjsunit/debug-step-3.js until issue is resolved 
R=kmillikin@chromium.org

BUG=v8:1782
TEST=mjsunit/debug-step-3.js

Review URL: http://codereview.chromium.org//8356001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 13:47:53 +00:00
mstarzinger@chromium.org
6742176949 Fix Array.filter to use internal array for result. 
In built-in code we use arrays for internal computations. This makes it
possible to affect the built-in code by putting getters or setters on
the array prototype chain. Using internal arrays prevents those issues.

Related to: http://code.google.com/p/v8/source/detail?r=7040

R=svenpanne@chromium.org
TEST=test262/15.4.4.20-9-b-6

Review URL: http://codereview.chromium.org/8353006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 13:44:29 +00:00
jkummerow@chromium.org
439e4600df Adjust elements-kind.js expectation when --smi-only-arrays is off 
TEST=mjsunit/elements-kind passes both with and without --smi-only-arrays flag

Review URL: http://codereview.chromium.org/8356002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 12:44:50 +00:00
yangguo@chromium.org
372c16161c Optimize fast element conversion in arm using batch store/loads. 
Review URL: http://codereview.chromium.org/8353002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 12:15:15 +00:00
keuchel@chromium.org
17cc6d313f Revert 9673, 9674 and 9675 because of failing webkit tests. 
This reverts commits
r9673: "Scope tree serialization and ScopeIterator cleanup."
r9674: "Use OS::SNPrintF instead of snprintf."
r9675: "Use int instead of size_t, StrLength instead of strlen."

Review URL: http://codereview.chromium.org/8353003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 12:15:02 +00:00
jkummerow@chromium.org
3a9d6c04ba Introduce HTransitionElementsKind instruction. 
TEST=mjsunit/elements-kind

Review URL: http://codereview.chromium.org/8305001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 12:10:18 +00:00
danno@chromium.org
e5f23399b4 Support array literals with FAST_DOUBLE_ELEMENTS ElementsKind. 
BUG=none
TEST=test/mjsunit/array-literal.js

Review URL: http://codereview.chromium.org/8258015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 11:36:55 +00:00
svenpanne@chromium.org
d0fe04447e Fixed evaluation order issue in defineProperties. 
This is not covered by test262 yet, but it really makes sense and matches Firefox's behaviour.

TEST=mjsunit/define-properties.js
Review URL: http://codereview.chromium.org/8349031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 09:52:08 +00:00
mstarzinger@chromium.org
b3eba9e764 Fix handling of non-object receivers for array builtins. 
R=svenpanne@chromium.org
BUG=chromium:100702
TEST=mjsunit/regress/regress-100702

Review URL: http://codereview.chromium.org/8347034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 09:24:37 +00:00
mstarzinger@chromium.org
8b181d4de6 Fix updating of property attributes for elements. 
This fixes updating of property attributes for data elements when
attributes are already present on a dictionary element but get removed
by a subsequent redefinition of that element.

R=rossberg@chromium.org
BUG=v8:1772
TEST=test262/15.2.3.6-4-82-18

Review URL: http://codereview.chromium.org/8337017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 09:06:15 +00:00
yangguo@chromium.org
8472de004b Porting r9605 to arm (elements kind conversion in generated code). 
Review URL: http://codereview.chromium.org/8329022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 09:04:35 +00:00
svenpanne@chromium.org
140ae348d2 Recognize special comparisons via pattern matching on the hydrogen graph, 2nd attempt. 
This time, we initially leave the HTypeof instruction in the Hydrogen graph,
even for the special cases. We later try to remove this instruction (and any
HConstant) in the canonicalization pass, if possible. Always removing the
HTypeof during the initial graph construction is wrong if e.g. it is used in an
HSimulate.

The removals can be generalized a bit, but this will happen in a separate CL.

TEST=mjsunit/optimized-typeof.js
Review URL: http://codereview.chromium.org/8334021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 07:35:30 +00:00
mstarzinger@chromium.org
c4d25c8f37 Fix updating of property attributes for elements. 
This fixes updating of property attributes for getters and setters on
dictionary elements while redefining. This just updates the property
details on the existing element.

R=rossberg@chromium.org
BUG=v8:1772
TEST=test262

Review URL: http://codereview.chromium.org/8337013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 13:49:19 +00:00
sgjesse@chromium.org
a58c963c67 Reapply "Support for precise stepping in functions compiled before debugging was started (step 2)" 
This is reapplying r9501 with this single change which seemed to be causing most (all) of the failures for r9501.

--- a/src/debug.cc
+++ b/src/debug.cc
@@ -2230,6 +2230,7 @@ Debugger::Debugger(Isolate* isolate)
       compiling_natives_(false),
       is_loading_debugger_(false),
       never_unload_debugger_(false),
+      force_debugger_active_(true),
       message_handler_(NULL),
       debugger_unload_pending_(false),
       host_dispatch_handler_(NULL),

R=kmillikin@chromium.org

BUG=
TEST=

Review URL: http://codereview.chromium.org//8337009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 13:40:33 +00:00
lrn@chromium.org
cefbb1e7f8 Make bound functions have poisoned .caller and .arguments. 
Also makes func.caller return null if the caller is a bound function,
matching JSC.
Fix bug preventing poisoned setters from triggering.

TEST=mjsunit/function-bind, mjsunit/strict-mode

Review URL: http://codereview.chromium.org/8333019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 12:26:53 +00:00
keuchel@chromium.org
96a2c24a16 Use int instead of size_t, StrLength instead of strlen. 
Review URL: http://codereview.chromium.org/8339013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 10:08:33 +00:00
keuchel@chromium.org
69afd18e56 Use OS::SNPrintF instead of snprintf. 
Review URL: http://codereview.chromium.org/8339011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 09:48:13 +00:00
keuchel@chromium.org
4e5643a648 Scope tree serialization and ScopeIterator cleanup. 
The intention is to store enough scope information for the debugger to
handle stack allocation of block scoped variables introduced by
http://codereview.chromium.org/7860045/ .

This CL is based on
http://codereview.chromium.org/7904008/ .

Review URL: http://codereview.chromium.org/7979001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 08:46:46 +00:00
yangguo@chromium.org
d7f3985e33 Rolling back r9662. 
Review URL: http://codereview.chromium.org/8321001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 13:39:56 +00:00
mstarzinger@chromium.org
18125191ce Mark Test262 test cases for known issue 893. 
R=lrn@chromium.org
BUG=v8:893
TEST=test262

Review URL: http://codereview.chromium.org/8320001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:58:32 +00:00
yangguo@chromium.org
d2434953e2 Changes around ascii-check for strings wrt external strings. 
Review URL: http://codereview.chromium.org/8312015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:49:34 +00:00
erikcorry
dac0b853e1 Improve speed of Utf8Write by always flattening the string first and 
detecting the ASCII case.  Also rewrite Utf8Length to work on an
unflattened string.  Bug: http://code.google.com/p/v8/issues/detail?id=1665
Review URL: http://codereview.chromium.org/8304021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:48:31 +00:00
lrn@chromium.org
2bbf3bbee7 Make native syntax an early error in the preparser. 
Previously the preparser always accepted natives syntax and let the
real parser throw the syntax error. In ES5, it should be an early error,
so the preparser must catch the error.
The perparser library does not expose parsing for natives syntax, it's
only used internally.

Review URL: http://codereview.chromium.org/8306024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:45:52 +00:00
lrn@chromium.org
5152d2e0da Reimplement Function.prototype.bind. 
Make instanceof work correctly.

BUG=v8:893

Review URL: http://codereview.chromium.org/8199004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:44:16 +00:00
keuchel@chromium.org
6f4e70a1dc Let bound iteration variables in for-loops 
TEST=mjsunit/harmony/block-for.js

Review URL: http://codereview.chromium.org/7837028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:19:06 +00:00
keuchel@chromium.org
f93c69308f Disallow function declarations in statement positions in harmony mode. 
Review URL: http://codereview.chromium.org/8306025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 11:59:08 +00:00
yangguo@chromium.org
92fdeff125 Porting r9605 to x64 (elements kind conversion in generated code). 
Review URL: http://codereview.chromium.org/8271007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 10:44:47 +00:00
lrn@chromium.org
50ef25e0f3 Remove redundant allow-natives flag from CompilationInfo. 
Just use script being native and FLAG_allow_natives_syntax directly.

Review URL: http://codereview.chromium.org/8314018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 09:02:26 +00:00
mstarzinger@chromium.org
ac712f13c3 Fix evaluation order of GT and LTE operators. 
According to the ES5 spec all ">" and "<=" expressions should be be
evaluated left-to-right. This obsoletes old hacks for reversing the
order to be ES3 compliant.

R=lrn@chromium.org
BUG=v8:1752

Review URL: http://codereview.chromium.org/8275035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 07:43:40 +00:00
ricow@chromium.org
fe74726099 Remove timeout test expectation for OutOfMemoryNested 
This has already been fixed, we not actually use the constraints.
Review URL: http://codereview.chromium.org/8276029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-14 09:10:29 +00:00
rossberg@chromium.org
4753976194 Fix handling of this in direct calls to function proxies. 
Fix & tweak some proxy-related error messages.

R=kmillikin@chromium.org
BUG=v8:1543
TEST=

Review URL: http://codereview.chromium.org/8229008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-13 15:55:57 +00:00
yangguo@chromium.org
00a5287d2f Fixing test failures in arm and x64 due to missing implementation introduced in r9605. 
Review URL: http://codereview.chromium.org/8261007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-13 12:03:33 +00:00
yangguo@chromium.org
fae807b3bb Elements kind conversion in generated code (ia32). 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8241003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9605 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-13 10:53:31 +00:00
mstarzinger@chromium.org
d32c330ecf Fix special handling of DefineOwnProperty on arrays. 
According to the ES5 spec the implementation of DefineOwnProperty() has
to special case handling of arrays. This is a preliminary implementation
correctly handling definition of array index properties, defining length
properties is not completely covered yet.

R=rossberg@chromium.org
TEST=test262

Review URL: http://codereview.chromium.org/8221002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9596 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-12 14:47:13 +00:00
rossberg@chromium.org
1abf3ed0a4 Introduce collective --harmony flag. 
Shorten --harmony-block-scoping to --harmony-scoping.

R=keuchel@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8226017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-12 12:23:06 +00:00
jkummerow@chromium.org
ddacdf847b Make elements_kind map transition test conditional on smi element support 
TEST=mjsunit/element-kind passes even without --smi-only-arrays

Review URL: http://codereview.chromium.org/8230008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 10:02:42 +00:00
jkummerow@chromium.org
184fdcf28b Track elements_kind transitions in KeyedStoreICs. 
Review URL: http://codereview.chromium.org/8166017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 09:33:00 +00:00
yangguo@chromium.org
3249530ef0 Fixing issue 1757 (string slices of external strings). 
BUG=v8:1757
TEST=regress-1757.js

Review URL: http://codereview.chromium.org/8217011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 16:09:03 +00:00
kmillikin@chromium.org
fa18fdb206 Add a regression test for an already fixed issue. 
Add a regression test for Chromium issue 99167.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8222002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 10:46:27 +00:00
rossberg@chromium.org
357b45dea5 Tests for evil side-effects during 'internal methods'. 
R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8200002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 09:59:03 +00:00
rossberg@chromium.org
8898b97dc4 Separate tests specific to function proxies in a separate file. 
R=mstarzinger@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8218003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 08:58:44 +00:00
mstarzinger@chromium.org
e340163301 Fixed status file of es5conform test suite. 
R=erik.corry@gmail.com
TEST=es5conform

Review URL: http://codereview.chromium.org/8202005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9552 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-07 15:02:42 +00:00
erik.corry@gmail.com
338ab857b9 Remove a static initializer that could potentially slow down startup time. 
BUG=1753
Review URL: http://codereview.chromium.org/8198005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9551 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-07 14:41:08 +00:00
mstarzinger@chromium.org
cd6a982b52 Fix string whitespace trimming of byte order marks. 
R=rossberg@chromium.org
TEST=test262

Review URL: http://codereview.chromium.org/8195006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-07 14:33:46 +00:00
mstarzinger@chromium.org
e699434266 Fix some array functions to behave as specified. 
This fixes the handling of primitives and the order of how side effects
are visible in some array functions as specified by the ES5.

R=rossberg@chromium.org
TEST=test262

Review URL: http://codereview.chromium.org/8197002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-07 14:07:33 +00:00