erik.corry@gmail.com
657422c29a
Use the syntax of a property addition as a hint for controlling the fast-mode vs. dictionary mode heursitics on objects.
...
Review URL: https://chromiumcodereview.appspot.com/10537050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11732 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-07 12:08:07 +00:00
erik.corry@gmail.com
911d447b96
Keep track of which maps are associated with prototype objects so we can tune the fast-case vs. hash map heuristics accordingly.
...
This is a reland of r11681 https://chromiumcodereview.appspot.com/10448011 , which was reverted because of layout test failures that were actually caused by the long-standing issue fixed in https://chromiumcodereview.appspot.com/10515006 (r11706).
Review URL: https://chromiumcodereview.appspot.com/10532021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-06 10:17:26 +00:00
rossberg@chromium.org
4ea1fc0d27
Remove one more case behind --es5_readonly flag.
...
Plus add a couple of assertions.
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10535011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-05 16:56:53 +00:00
rossberg@chromium.org
c13dd2ece6
Put inherited readonliness behind a flag,
...
since it currently breaks WebKit bindings massively.
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10535007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11714 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-05 12:39:07 +00:00
verwaest@chromium.org
a85f4e4226
ClearNonLiveTransitions has to hold on to non-map values.
...
This ensures that we don't accidentally throw away getters and/or setters that are still needed. To make sure the bug gets triggered, we have to construct a situation where the map is on the live side of a live->non-live transition. This ensures that the map is passed to ClearNonLiveTransitions.
BUG=v8:2163
TEST=test/mjsunit/regress/regress-2163.js
Review URL: https://chromiumcodereview.appspot.com/10535004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-05 11:36:57 +00:00
erik.corry@gmail.com
0a856e0bd7
Fix bug in __proto__ assignment transition cache where we forget the next enumeration index resulting in wrong iteration order.
...
Review URL: https://chromiumcodereview.appspot.com/10515006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-04 12:07:46 +00:00
yangguo@chromium.org
85e3fba8a3
Remove unnecessary code for non-zero-length global regexps.
...
Also fixing a bug in the arm implementation.
BUG=
TEST=regexp-global.js
Review URL: https://chromiumcodereview.appspot.com/10383280
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-04 08:49:17 +00:00
rossberg@chromium.org
f6017d36f2
Clean up d8 ArrayBuffer implementation and fix bug in readbuffer:
...
- Separate CreateExternalArrayBuffer function.
- Properly create buffers for arrays constructed with size argument only.
- Finalization of data array is tied to buffer object exclusively.
- Get rid of hidden buffer reference in array objects and size header in data.
- Use 'new' instead of 'malloc' in readbuffer.
- Test cases for additional array and buffer properties.
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10459047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-01 11:46:05 +00:00
erik.corry@gmail.com
ae4fcd9702
Limit work done analyzing regexps with very large fanout.
...
BUG=128821
Review URL: https://chromiumcodereview.appspot.com/10448117
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-01 11:28:52 +00:00
rossberg@chromium.org
e4c472a7af
Implement correct checking for inherited readonliness on assignment.
...
Removes 6 out of 8 of our remaining unintentional failures on test262.
Also fixes treatment of inherited setters added after the fact.
Specifically:
- In the runtime, when looking for setter callbacks in the prototype chain,
also look for read-only properties. If one is found, reject (exception in
strict mode). If a proxy is found, invoke proper trap.
Note: this folds in the CanPut function from the spec and avoids an extra
lookup over the prototype chain.
- In generated code for stores, insert a test for the maps from the prototype
chain, but only up to the object where the property already exists (which
may be the object itself).
In Hydrogen, if the found property is read-only or not cacheable (e.g. a
proxy), bail out; in a stub, generate an unconditional miss (to get an
exception in strict mode).
- Add test cases and adapt existing test expectations.
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10388047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-01 10:51:36 +00:00
erik.corry@gmail.com
047a7cfee0
Avoid overdeep recursion in regexp where a guarded expression with a
...
minimum repetition count is inside another quantifier.
Bug=129926
Review URL: https://chromiumcodereview.appspot.com/10451092
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-31 11:59:04 +00:00
erik.corry@gmail.com
b7b43e9af9
Revert r11681 https://chromiumcodereview.appspot.com/10448011
...
(Keep track of which maps are associated with prototype objects so we can tune the fast-case vs. hash map heuristics accordingly.).
Reverting because the dict-mode to fast case transformation loses the iteration order information.
Review URL: https://chromiumcodereview.appspot.com/10448097
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-31 09:27:39 +00:00
erik.corry@gmail.com
8cf2af4392
Keep track of which maps are associated with prototype objects
...
so we can tune the fast-case vs. hash map heuristics accordingly.
Review URL: https://chromiumcodereview.appspot.com/10448011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-30 14:40:57 +00:00
rossberg@chromium.org
50fdcca1da
Proxies: Fix receiver for setters inherited from proxies.
...
R=mstarzinger@chromium.org
BUG=v8:1543
TEST=
Review URL: https://chromiumcodereview.appspot.com/10451064
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-29 14:00:56 +00:00
rossberg@chromium.org
7a7ea0b547
Proxies: Fix ToStringArray function so that it does not reject some keys.
...
R=mstarzinger@chromium.org
BUG=v8:1543
TEST=
Review URL: https://chromiumcodereview.appspot.com/10453053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-29 13:57:55 +00:00
svenpanne@chromium.org
39f88f1b26
Fixed JSObject::SetPropertyForResult (issue 2153)
...
AccessorPairs containing only holes are maps were handled incorrectly.
BUG=v8:2153
TEST=mjsunit/regress/regress-2153.js
Review URL: https://chromiumcodereview.appspot.com/10453054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11672 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-29 12:42:22 +00:00
yangguo@chromium.org
e885a82c29
Fix test.
...
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10442030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-25 11:03:28 +00:00
yangguo@chromium.org
24a1503d28
Fix creating substring in string.replace(<global regexp>, <function>).
...
BUG=
TEST=regexp-global.js
Review URL: https://chromiumcodereview.appspot.com/10454032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-25 10:52:38 +00:00
yangguo@chromium.org
86c2a15691
messages.js: Get better function names in stack traces.
...
CallSite.getFunctionName() is able to retrieve names for functions better than
getFunction().name. Use it in CallSite.toString().
Code by marja@chromium.org .
BUG=NONE
TEST=stack-traces.js: Added testClassNames.
Review URL: https://chromiumcodereview.appspot.com/10384196
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-24 11:00:05 +00:00
svenpanne@chromium.org
ff216c9cea
Re-land: Use map transitions when defining accessor properties.
...
This is basically r11496, with the following changes:
* Set back pointers in maps (cherry-picked from r11528)
* Fixed size calculation in CopyInsert, as proposed by mstarzinger/rossberg
* DefineFastAccessor uses GetCallbackObject instead of GetValue (for __proto__)
* Put the code under a new flag, which is disabled by default
* Cut down the corresponding regression test
* Adapted bootup memory test, we actually only need a bit more memory on 64bit without snapshots, which can easily explained by more live maps lying around. Note that the snapshot variants are back to their previous limits.
Next steps: Investigate any performance degradationswith the flag enabled, and finally remove the flag when things are OK. Furthermore, GetCallbackObject should be merged into GetValue, the distinction is confusing and error-prone.
Review URL: https://chromiumcodereview.appspot.com/10445009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-24 10:40:24 +00:00
danno@chromium.org
17ec52b6cd
Fix build and test failures from packed array optimizations.
...
R=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10332317
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11638 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-23 21:15:14 +00:00
mstarzinger@chromium.org
7e613579be
Fix RegExp.prototype.toString for incompatible receivers.
...
BUG=v8:1981
TEST=mjsunit/regexp
Review URL: https://chromiumcodereview.appspot.com/10426005
Patch from Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-23 20:48:08 +00:00
danno@chromium.org
9910edbb9a
Implement tracking and optimizations of packed arrays
...
R=jkummerow@chromium.org
TEST=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10170030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11636 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-23 14:24:29 +00:00
yangguo@chromium.org
578fc3cc2d
Implement loop for global regexps in regexp assembler.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10386090
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11623 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-22 14:05:44 +00:00
ulan@chromium.org
15b796bec8
Disable optimization for functions that have scopes that cannot be reconstructed from the context chain.
...
BUG=v8:2071
TEST=mjsunit/regress/regress-2071.js
Review URL: https://chromiumcodereview.appspot.com/10388164
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-18 13:06:16 +00:00
yangguo@chromium.org
81720ffe84
Amend regression test.
...
R=rossberg@chromium.org
BUG=128146
TEST=
Review URL: https://chromiumcodereview.appspot.com/10382196
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-16 12:26:11 +00:00
yangguo@chromium.org
62b35e2174
Add missing test for transcendental functions.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10389169
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-16 11:15:30 +00:00
yangguo@chromium.org
ec1fc618ff
Revert r11496.
...
CL being reverted: https://chromiumcodereview.appspot.com/10238005
BUG=128146
TEST=regress-128146
Review URL: https://chromiumcodereview.appspot.com/10386166
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-16 11:07:54 +00:00
danno@chromium.org
7966fb3d8c
Always transition empty FAST_DOUBLE_ARRAYs on push
...
R=mstarzinger@chromium.org
BUG=chromium:128018
TEST=test/mjsunit/regress/regress-128018.js
Review URL: https://chromiumcodereview.appspot.com/10387130
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-15 16:17:53 +00:00
jkummerow@chromium.org
1819105559
Prepare for using GYP build on buildbots
...
Review URL: https://chromiumcodereview.appspot.com/10383128
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11546 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-11 12:18:09 +00:00
danno@chromium.org
159ee25bbf
Properly set ElementsKind of empty FAST_DOUBLE_ELEMENTS arrays when transitioning.
...
R=jkummerow@chromium.org
BUG=chromium:117409
TEST=test/mjsunit/regress/regress-117409.js
Review URL: https://chromiumcodereview.appspot.com/10386045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-09 15:18:50 +00:00
rossberg@chromium.org
9f04d73350
Make Error.prototype.name writable again, as required by the spec and the web.
...
Address http://code.google.com/p/chromium/issues/detail?id=69187 by instead
ignoring getters on ReferenceError.prototype.name in Error.prototype.toString.
And while we're at it, do the same for SyntaxError and TypeError, and the
properties "message", "type", and "arguments" on all of them, which
potentially have similar issues.
R=danno@chromium.org
BUG=69187
TEST=
Review URL: https://chromiumcodereview.appspot.com/10234004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-09 12:35:11 +00:00
erik.corry@gmail.com
681f2951c6
Regexp: Fix overflow in min-match-length calculation. Crbug=126412.
...
Review URL: https://chromiumcodereview.appspot.com/10384053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11525 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-08 12:18:08 +00:00
erik.corry@gmail.com
80256c7452
Fix crash bug in VisitChoice (bug=126272).
...
Review URL: https://chromiumcodereview.appspot.com/10332035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-07 13:23:56 +00:00
jkummerow@chromium.org
63263a9aa9
Fix unsigned-Smi check in MappedArgumentsLookup
...
BUG=126414
TEST=mjsunit/regress/regress-crbug-126414
Review URL: https://chromiumcodereview.appspot.com/10375033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-07 10:05:39 +00:00
mstarzinger@chromium.org
11d24334fc
Implement ClearFunctionTypeFeedback for test cases.
...
R=danno@chromium.org
TEST=mjsunit/compiler/inline-construct
Review URL: https://chromiumcodereview.appspot.com/10332010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-04 09:16:38 +00:00
peter.rybin@gmail.com
885c142d24
Fix mjsunit.status for new liveedit test
...
Review URL: https://chromiumcodereview.appspot.com/10353016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 18:53:40 +00:00
peter.rybin@gmail.com
1719a1499a
Fix issue 825 (LiveEdit vs. function with no locals) in core and for ia32.
...
Review URL: https://chromiumcodereview.appspot.com/10263002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11502 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 17:31:34 +00:00
svenpanne@chromium.org
065cc14449
Use map transitions when defining accessor properties.
...
AccessorPairs can now contain map transitions, which is similar to our current
handling of CONSTANT_FUNCTION/CONSTANT_TRANSITION, but generalized to a pair for
holding info about the getter and the setter. This way we can achieve map
sharing for objects with accessor properties, which is a prerequisite for making
them fast via inlining. We fall back to the previous way of handling accessor
properties when sharing is not possible or we don't handle a special case.
Note: When an exisiting accessor property is redefined we could in principle
move the AccessorPair out of the descriptor into the object itself (again just
like the way we do something similar for CONSTANT_FUNCTION/CONSTANT_TRANSITION),
but this would require a new property kind for holding a pair of values. Perhaps
we can implement this later, but for now this hopefully rare case is handled
like before, losing map sharing and potentially creating more maps than strictly
necessary.
Review URL: https://chromiumcodereview.appspot.com/10238005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11496 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 12:41:40 +00:00
yangguo@chromium.org
b42ab19d2e
Modify two regression tests to actually fail when failing.
...
BUG=
TEST=regress-1639, regress-1639-2
Review URL: https://chromiumcodereview.appspot.com/10315009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 11:52:56 +00:00
erik.corry@gmail.com
baf7ebd6da
Fix assert triggered in fast/regex/pcre-test-4.html We were not filtering out
...
all the nodes that had non-ASCII characters. That has been fixed, but because
of the protection against over-deep recursion when filtering it is wrong to
assert that all nodes were filtered. This change therefore also makes sure we
can cope with non-filtered nodes by adding back some code removed in
https://chromiumcodereview.appspot.com/10174017/
Review URL: https://chromiumcodereview.appspot.com/10358008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11487 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-03 08:22:12 +00:00
danno@chromium.org
908e77a53a
Ensure reload of elements pointer in StoreFastDoubleElement stub.
...
R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-125515.js
BUG=chromium:125515
Review URL: https://chromiumcodereview.appspot.com/10260014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-05-02 09:58:42 +00:00
jkummerow@chromium.org
f6dacfe83a
Fixed corner cases in truncation behavior when storing to TypedArrays.
...
Also simplified ia32 KeyedStoreStubCompiler::GenerateStoreExternalArray a bit.
BUG=v8:2110
TEST=mjsunit/regress/regress-2110
Review URL: https://chromiumcodereview.appspot.com/10260011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-30 15:17:59 +00:00
mstarzinger@chromium.org
b54ca31fb2
Fix LFastLiteral to check boilerplate elements kind.
...
Adds a missing check that the elements kind of the boilerplate object
still has the expected elements kind, unoptimized code can transition
the boilerplate. Corner cases might cause the optimized code to be
reentered again.
R=danno@chromium.org
TEST=mjsunit/regress/regress-fast-literal-transition
Review URL: https://chromiumcodereview.appspot.com/10254006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-30 14:59:13 +00:00
peter.rybin@gmail.com
569eba39f5
Issue 2081: Expose function's (closure's) inner context in debugger.
...
This is against the correct branch (bleeding_edge).
Review URL: https://chromiumcodereview.appspot.com/10171003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-26 20:16:53 +00:00
erik.corry@gmail.com
292e007cf3
Remove more assumptions from debug tests. Even though a function
...
is optimized, does not mean all frames on the stack are optimized.
Also, when we ask for the list of scripts we may get more or less
depending on GC timing. Also fixed a presubmit error and made
%GetOptimizationStatus a little more honest.
Review URL: https://chromiumcodereview.appspot.com/10234007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-26 13:44:18 +00:00
erik.corry@gmail.com
ad4f2b996b
Remove unwarranted assumptions about inlining from a debugger test.
...
Review URL: https://chromiumcodereview.appspot.com/10239003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11449 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-26 11:58:34 +00:00
erik.corry@gmail.com
d511b69e86
Regexp: Remove nodes from the regexp that cannot match because
...
they contain non-ASCII characters and the input string is ASCII.
Remove unused Clone() method.
Review URL: https://chromiumcodereview.appspot.com/10174017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-26 09:11:19 +00:00
mmassi@chromium.org
93113da5a2
Eliminate redundant array bound checks (checks already performed earlier in the DT).
...
As a special case, for checks on index expressions with the form (expr + constant) if a smaller constant is checked later in the DT also eliminate the check.
Finally, if a larger constant is checked later in the same BB do the more general check (larger constant) earlier instead of the less general one.
This will not cause useless deoptimizations because, since we are in the same BB, all the checks would have been executed anyway.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10032029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11437 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-25 14:32:27 +00:00
mstarzinger@chromium.org
21fc0fef6a
Fix deopted construct stub frame to contain code object.
...
R=danno@chromium.org
BUG=chromium:124594
TEST=mjsunit/regress/regress-124594
Review URL: https://chromiumcodereview.appspot.com/10155024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11436 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-25 13:22:04 +00:00
erik.corry@gmail.com
f6f954484c
Make --stress-compaction more stressful.
...
Review URL: https://chromiumcodereview.appspot.com/10141007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-25 11:35:32 +00:00
fschneider@chromium.org
6e713a269d
Optimise Math.floor(x/y) to use integer division for specific divisor.
...
Landing for Rodolph Perfetta <rodolph.perfetta@gmail.com>.
Original CL: http://codereview.chromium.org/9638018/
Review URL: https://chromiumcodereview.appspot.com/10197010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11427 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-24 15:59:07 +00:00
erik.corry@gmail.com
c436c70f8b
Fix some bugs in accessing details of the lastest regexp
...
match. Sometimes were were not updating it when we should
and sometimes we were leaving the lastMatchInfoOverride in
place when we should be using the updated regular last match
info. Small optimization for zero length match in
String.prototype.replace.
Review URL: https://chromiumcodereview.appspot.com/10184004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-23 18:56:07 +00:00
mstarzinger@chromium.org
e3be59512a
Fix source property of empty RegExp objects.
...
R=rossberg@chromium.org
BUG=v8:1982
TEST=test262/15.10.4.1-5
Review URL: https://chromiumcodereview.appspot.com/10134010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-23 13:59:43 +00:00
yangguo@chromium.org
717dbba694
Disabling stepping into callback function of String.replace.
...
This is being done due to performance concerns.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10134006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-20 15:20:52 +00:00
rossberg@chromium.org
c8aea7a184
Put new global var semantics behind a flag until WebKit tests are cleaned up.
...
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10163003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-20 13:35:09 +00:00
yangguo@chromium.org
f516037a6f
Enable stepping into callback passed to builtins (e.g. Array.forEach).
...
BUG=109564
TEST=
Review URL: https://chromiumcodereview.appspot.com/10078014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-20 11:06:12 +00:00
svenpanne@chromium.org
cac8bbff6e
Replaced the --limit-inling flag by three separate flags and bumped hard limits.
...
This change makes experiments with inlining limits much easier. Note that the
default values for the limits keep their old values for now. Renamed things a
bit for more consistency.
Review URL: https://chromiumcodereview.appspot.com/10162001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-20 10:42:12 +00:00
fschneider@chromium.org
0556f87851
Optimize ~~(expr) in optimized code.
...
~~ is commonly used to truncate a value to int32 (ToInt32).
This change avoid actually emitting the bitwise operations, and
just truncates the subexpression of ~~.
BUG=v8:2037
TEST=test/mjsunit/compiler/optimize-bitnot.js
Review URL: https://chromiumcodereview.appspot.com/10123007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-19 13:24:15 +00:00
mstarzinger@chromium.org
57739100f3
Fix missing GVN flag for new-space promotion.
...
R=vegorov@chromium.org
BUG=chromium:123919
TEST=mjsunit/regress/regress-123919
Review URL: https://chromiumcodereview.appspot.com/10119016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11382 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-19 07:49:11 +00:00
mstarzinger@chromium.org
47d07b8a7b
Fix fast array literals to ignore prototype chain.
...
This makes sure that boilerplate objects for array literals with
non-constant elements (which will contain the hole at non-constant
positions) will not cause prototype chain lookups when generating
optimized code.
R=erik.corry@gmail.com
BUG=chromium:123512
TEST=mjsunit/regress/regress-123512
Review URL: https://chromiumcodereview.appspot.com/10105025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-17 11:12:37 +00:00
mstarzinger@chromium.org
f7cd1e41f8
Fix illegal escape-sequences to throw syntax errors.
...
R=erik.corry@gmail.com
TEST=test262/S7.8.4_A6.*,test262/S7.8.4_A7.*
Review URL: https://chromiumcodereview.appspot.com/9490006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-16 15:54:02 +00:00
rossberg@chromium.org
ab26fb6b21
Implement rudimentary module linking.
...
Constructs the (generally cyclic) graph of module instance objects
and populates their exports. Any exports other than nested modules
are currently set to 'undefined' (but already present as properties).
Details:
- Added new type JSModule for instance objects: a JSObject carrying a context.
- Statically allocate instance objects for all module literals (in parser 8-}).
- Extend interfaces to record and unify concrete instance objects,
and to support iteration over members.
- Introduce new runtime function for pushing module contexts.
- Generate code for allocating, initializing, and setting module contexts,
and for populating instance objects from module literals.
Currently, all non-module exports are still initialized with 'undefined'.
- Module aliases are resolved statically, so no special code is required.
- Make sure that code containing module constructs is never optimized
(macrofy AST node construction flag setting while we're at it).
- Add test case checking linkage.
Baseline: http://codereview.chromium.org/9722043/
R=svenpanne@chromium.org ,mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9844002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-16 14:43:27 +00:00
rossberg@chromium.org
62945585fd
Implement ES5 erratum: global declarations shadow inherited properties.
...
I also discovered that our treatment of const declarations is inconsistent
when inside a global eval under 'with' (i.e., when created by
DeclareContextSlots). That is,
var x;
eval("const x = 9")
and
var x;
eval("with({}) const x = 9")
differ (the former assigns 9, the latter throws). This appears to be an
oversight from earlier changes to our const semantics (the latter shouldn't
throw either). Fixing this is a separate issue, though (and one that doesn't
seem quite worthwhile).
R=mstarzinger@chromium.org
BUG=v8:1991,80591
TEST=
Review URL: https://chromiumcodereview.appspot.com/10067010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11333 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-16 13:20:50 +00:00
erik.corry@gmail.com
b32ff09a49
Regexp.rightContext was still not quite right. Fixed and
...
added more tests.
Review URL: https://chromiumcodereview.appspot.com/10008104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-13 11:03:22 +00:00
vegorov@chromium.org
69952d78af
Untabify test/mjsunit/regress/regress-119609.js.
...
TBR=kmillikin@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10067017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-12 20:29:48 +00:00
vegorov@chromium.org
ec4c772746
Return LOOKUP variable instead of CONTEXT for non-context allocated outer scope parameters.
...
R=kmillikin@chromium.org
BUG=chromium:119609
TEST=test/mjsunit/regress/regress-119609.js
Review URL: https://chromiumcodereview.appspot.com/10010046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-12 19:32:29 +00:00
jkummerow@chromium.org
14e181709b
Fix regular and ElementsKind transitions interfering with each other
...
R=danno@chromium.org
BUG=122271
TEST=mjsunit/regress/regress-crbug-122271
Review URL: https://chromiumcodereview.appspot.com/10038010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11286 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-12 12:30:32 +00:00
erikcorry
32f16418ea
Regexp: Fix rightContext in the lastMatchInfoOverride
...
case.
Review URL: http://codereview.chromium.org/10068010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-12 12:13:18 +00:00
vegorov@chromium.org
983d521fe9
Reland arguments access support for inlined functions (r11109,r11118).
...
When pushing arguments use correct initial values instead of fetching them from the environment which can be modified.
R=fschneider@chromium.org
TEST=test/mjsunit/compiler/inline-arguments.js
Review URL: https://chromiumcodereview.appspot.com/10033028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11274 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-11 13:40:55 +00:00
erikcorry
f90e665e9a
Ensure that a call to String.prototype.match with a
...
global regexp after a call to String.prototype.replace
with a function argument sets the last match info
correctly. Bug=2058
Review URL: http://codereview.chromium.org/10029009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-10 10:42:25 +00:00
danno@chromium.org
ed5d288ac1
Adjust stack limit again to avoid overflow on 64 bit windows
...
Also add additional stack check.
R=mstarzinger@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10006010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11238 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 14:01:39 +00:00
ulan@chromium.org
3861063018
Check for NaN in inlined versions of Math.min, Math.max.
...
R=danno@chromium.org
BUG=V8:2056
TEST=mjsunit/regress/regress-2056.js
Review URL: https://chromiumcodereview.appspot.com/10006008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11237 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 13:24:52 +00:00
danno@chromium.org
3c6f5774d2
Fix stack overflows on Windows x64.
...
R=mstarzinger@chromium.org
TEST=win 64 not red anymore
Review URL: https://chromiumcodereview.appspot.com/10008005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 12:32:35 +00:00
danno@chromium.org
7bd1274baa
Rollback 11231: Add regression test case for issue 2025.
...
TBR=ulan@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10006006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 08:35:32 +00:00
danno@chromium.org
db34072379
Add regression test case for issue 2025.
...
R=ulan@chromium.org
BUG=v8:2056
TEST=test/mjsunit/regress/regress-2056.js
Review URL: https://chromiumcodereview.appspot.com/10006004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-05 08:08:05 +00:00
mstarzinger@chromium.org
47aa3254c2
Fix rewriter to not treat throw as an expression.
...
Now we can correctly optimize top level code that contains a throw (or
return) as it's last statement.
R=ulan@chromium.org
BUG=v8:2054
TEST=mjsunit/regress/regress-2054
Review URL: https://chromiumcodereview.appspot.com/9969146
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-04 13:41:05 +00:00
mstarzinger@chromium.org
7b59b1d5ac
Fix array boilerplate object transitioning.
...
Array literal boilerplate objects can be transitioned while existing
un-transitioned clones are still being populated. This adds a check that
prevents us from performing the same transition twice.
R=danno@chromium.org
BUG=v8:2055
TEST=mjsunit/regress/regress-2055
Review URL: https://chromiumcodereview.appspot.com/9950095
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-03 16:54:28 +00:00
danno@chromium.org
8dc9bc962f
Don't crash on stack overflow entering the debugger.
...
R=ager@chromium.org , sgjesse@chromium.org
BUG=chromium:119429
TEST= test/mjsunit/regress/regress-119429.js
Review URL: https://chromiumcodereview.appspot.com/9965101
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-03 13:45:56 +00:00
danno@chromium.org
d9437722da
Properly support shrinking arrays in CopyDictionaryToObjectElements.
...
R=mstarzinger@chromium.org
BUG=chromium:121407
TEST=test/mjsunit/regress/regress-121407.js
Review URL: https://chromiumcodereview.appspot.com/9968056
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11214 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-03 08:13:59 +00:00
mstarzinger@chromium.org
5798bc27aa
Fix hidden properties to ignore [[Extensible]].
...
The [[Extensible]] property prevented the very first hidden property
from being added. If any hidden property was added to the object before
preventing extension, adding subsequent hidden properties would have
succeed however.
R=svenpanne@chromium.org
BUG=v8:2034
TEST=mjsunit/regress/regress-2034
Review URL: https://chromiumcodereview.appspot.com/9844025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-02 08:26:30 +00:00
vegorov@chromium.org
8360ec877e
Ensure that arguments object is materialized when deoptimizing from inlined function.
...
Lithium translation rebuilds hydrogen environments from scratch so we have to ensure that arguments object is correctly bound on function entry otherwise deoptimization will not materialize it.
This fix was implemented as part of r11109 and then reverted.
R=danno@chromium.org
BUG=v8:2045
TEST=test/mjsunit/regress/regress-2045.js
Review URL: https://chromiumcodereview.appspot.com/9963008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-30 13:22:39 +00:00
erik.corry@gmail.com
356cf1ed0a
RegExp: Add support for table-based character class
...
code generation. This is performance neutral for
all our tests, but a factor 6 faster for the Unicode
based regexp in the new test (and much more compact
code).
Review URL: https://chromiumcodereview.appspot.com/9854020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-30 07:43:48 +00:00
mstarzinger@chromium.org
552393c383
Add missing regression test for r11173.
...
R=svenpanne@chromium.org
BUG=chromium:12009
TEST=mjsunit/regress/regress-120099
Review URL: https://chromiumcodereview.appspot.com/9873027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-28 15:17:14 +00:00
mstarzinger@chromium.org
057371da13
Fix polymorphic load on named fields.
...
This fixes polymorphic loads to correctly compare in-object offsets
instead of indices, because indices might coincide even though the
actual slot is different because of different instance sizes.
R=danno@chromium.org
BUG=v8:2030
TEST=mjsunit/regress/regress-2030,mjsunit/mirror-array
Review URL: https://chromiumcodereview.appspot.com/9864028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-27 10:42:38 +00:00
erik.corry@gmail.com
6cb333cadf
Fix broken test.
...
Review URL: https://chromiumcodereview.appspot.com/9865019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-27 09:10:58 +00:00
erik.corry@gmail.com
bfb1e9e702
Fix edge case for case independent regexp character classes.
...
http://code.google.com/p/v8/issues/detail?id=2032
Review URL: https://chromiumcodereview.appspot.com/9860029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-27 08:42:37 +00:00
ulan@chromium.org
a47d1c0714
Fix the return type of the date set methods.
...
Date set methods (setMinutes, setHours, etc.) should return the time value as a number instead of JSDate.
R=jkummerow@chromium.org
TEST=test/mjsunit/regress/regress-2027.js
Review URL: https://chromiumcodereview.appspot.com/9809010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-26 10:13:03 +00:00
jkummerow@chromium.org
4e405b6945
Fix missing write barrier in CopyObjectToObjectElements.
...
Passing the write barrier mode as a parameter does not make sense, as the elements kind specific copiers know best whether a write barrier is needed or not.
BUG=119926
TEST=mjsunit/regress/regress-crbug-119926
R=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9808111
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11134 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-25 15:16:06 +00:00
danno@chromium.org
8833c99552
Check double array bounds in HasElementImpl.
...
R=jkummerow@chromium.org
BUG=chromium:119925
TEST=test/mjsunit/regress/regress-119925.js
Review URL: https://chromiumcodereview.appspot.com/9808110
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-25 14:21:51 +00:00
vegorov@chromium.org
3ccc885c78
Revert arguments access support for inlined functions (r11109,r11118).
...
We are inserting HPushArgument instructions after HEnterInlined based on the environment at the point of the first arguments access. Which might create use before def if there are redundant phis in the environment.
Review URL: https://chromiumcodereview.appspot.com/9837041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11128 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-23 15:39:34 +00:00
rossberg@chromium.org
00346bd1da
Fix use of proxies as f.prototype properties.
...
R=mstarzinger@chromium.org
BUG=v8:2021
TEST=
Review URL: https://chromiumcodereview.appspot.com/9837008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-23 10:25:14 +00:00
vegorov@chromium.org
b7dca5d5a7
Support arguments object access from inlined functions.
...
R=fschneider@chromium.org
TEST=test/mjsunit/compiler/inline-arguments.js
Review URL: https://chromiumcodereview.appspot.com/9837002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-22 13:53:28 +00:00
vegorov@chromium.org
790219ec55
Use correct arguments adaptation environment when inlining function containing arguments.
...
R=mstarzinger@google.com
BUG=V8:2014
TEST=test/mjsunit/compile/inline-arguments.js
Review URL: https://chromiumcodereview.appspot.com/9750007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-20 18:15:31 +00:00
yangguo@chromium.org
184b7a8915
Experimental profiler: split RegExp.test() for better optimization.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9701064
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 17:21:42 +00:00
pfeldman@chromium.org
26aaa3b005
Debugger: naive implementation of "step into Function.prototype.bind".
...
Review URL: https://chromiumcodereview.appspot.com/9705018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11058 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 14:17:22 +00:00
mstarzinger@chromium.org
79a98de9f7
Fix declarations escaping global strict eval.
...
According to ES5 10.4.2(3), eval calls of strict code always require
their own lexical and variable environment. For now we just add a new
scope when we parse the strict mode directive. The clean solution would
be to always have this sope present (even for global eval calls) and
adapt variable binding to cope with that.
R=rossberg@chromium.org
BUG=v8:1624
TEST=mjsunit/regress/regress-1624,test262/S10.4.2.1_A1
Review URL: https://chromiumcodereview.appspot.com/9703021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11057 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 13:02:21 +00:00
pfeldman@chromium.org
100bc51eae
Debugger: add ability to set script source from within OnBeforeCompile.
...
Review URL: https://chromiumcodereview.appspot.com/9677043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 11:51:26 +00:00
danno@chromium.org
beb012be45
Don't use an explicit s0 in ClampDoubleToUint8.
...
R=fschneider@chromium.org
BUG=v8:2004
TEST=test/mjsunit/pixel-array-rounding.js
Review URL: https://chromiumcodereview.appspot.com/9702027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-15 09:52:48 +00:00
mstarzinger@chromium.org
2c7f0edd48
Fix wrapping of receiver for non-strict callbacks.
...
R=rossberg@chromium.org
BUG=v8:1973
TEST=mjsunit/regress/regress-1973
Review URL: https://chromiumcodereview.appspot.com/9705020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11050 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-14 17:42:19 +00:00
rossberg@chromium.org
46001aa54c
Function declarations shall not overwrite read-only global properties.
...
R=mstarzinger@chromium.org
BUG=115452
TEST=mjsunit/regress/regress-115452
Review URL: https://chromiumcodereview.appspot.com/9696035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-14 13:51:00 +00:00
vegorov@chromium.org
262c8bddd5
Always create HArgumentsObject on function entry.
...
We do not know if we are going to need it and creating it lazyly might cause us to insert it at the block that does not dominate all uses.
R=mstarzinger@chromium.org
TEST=mjsunit/compiler/inline-arguments.js
Review URL: https://chromiumcodereview.appspot.com/9692046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11024 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-13 14:45:03 +00:00
kmillikin@chromium.org
7d6fd56fd5
Ensure there is a smi check of the receiver for global load and call ICs.
...
There was a comment that, for such ICs specialized to the global object,
they were always contextual loads. This is very brittle. It is a
micro-optimization that relies too much on the way that things happen to
work today.
Instead, never omit the smi check because it's safer.
R=vegorov@chromium.org
BUG=117794
TEST=regress-117794.js
Review URL: https://chromiumcodereview.appspot.com/9691038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-13 11:39:30 +00:00
yangguo@chromium.org
7659beafb1
Ensure consistency of Math.sqrt on Intel platforms.
...
BUG=
TEST=regress-sqrt.js
Review URL: https://chromiumcodereview.appspot.com/9690010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11012 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-12 14:56:04 +00:00
vegorov@chromium.org
da03f56b1f
Inline functions that use arguments object in f.apply(o, arguments) pattern.
...
Support arguments materialization after deoptimization in all frames (not only in topmost one).
R=fschneider@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9643001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11008 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-12 12:49:41 +00:00
ulan@chromium.org
cb2f2a2391
Fix compile errors on Windows introduced by r10983.
...
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9652030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10987 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-09 13:01:32 +00:00
ulan@chromium.org
1767fef60b
Implement date library functions in C++.
...
Developed together with Andreas Rossberg based on:
https://chromiumcodereview.appspot.com/9117034/
https://chromiumcodereview.appspot.com/9307083/
R=rossberg@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9572008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10983 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-09 12:07:29 +00:00
rossberg@chromium.org
8604da7f06
New class for Date objects: caches individual date components.
...
First step, cache slots not used yet.
R=ulan@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9117034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10981 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-09 11:11:55 +00:00
rossberg@chromium.org
dbb95bc5f0
Fix minifier to distinguish regexps from divisions (to some extent).
...
Rrraaa, I have to say, doing program rewriting via regexp rules is an inherently broken idea...
R=mstarzinger@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9644001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-08 16:38:44 +00:00
rossberg@chromium.org
448b620dad
Basic interface inference for modules.
...
All module expressions, and all variables that might refer to modules,
are assigned interfaces (module types) that are resolved using
unification. This is necessary to deal with the highly recursive
nature of ES6 modules, which does not allow any kind of bottom-up
strategy for resolving module names and paths.
Error messages are rudimental right now. Probably need to track
more information to make them nicer.
R=svenpanne@chromium.org
BUG=v8:1569
TEST=
Review URL: https://chromiumcodereview.appspot.com/9615009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-08 13:03:07 +00:00
mstarzinger@chromium.org
1d89a176ec
Implement Object.is and Number.is[Finite,NaN] functions.
...
R=rossberg@chromium.org
TEST=mjsunit/object-is,mjsunit/number-is
Review URL: https://chromiumcodereview.appspot.com/9630009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10965 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-08 12:49:24 +00:00
yangguo@chromium.org
13689a4f13
Set debug break slot at init of loop variable in a for loop.
...
BUG=102153
TEST=regress-102153.js
Review URL: https://chromiumcodereview.appspot.com/9625011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10963 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-08 10:21:43 +00:00
svenpanne@chromium.org
1729e3c0dd
Make the runtime entry for setting/changing accessors "atomic".
...
Previously, there were 1 or 2 calls to the runtime when accessors were changed
or set. This doesn't really work well with property attributes, leading to some
hacks and complicates things even further when trying to share maps in presence
of accessors. Therefore, the runtime entry now takes the full triple (getter,
setter, attributes), where the getter and/or the setter can be null in case they
shouldn't be changed.
For now, we do basically the same on the native side as we did before on the
JavaScript side, but this will change in future CLs, the current CL is already
large enough.
Note that object literals with a getter and a setter for the same property still
do 2 calls, but this is a little bit more tricky to fix and will be handled in a
separate CL.
Review URL: https://chromiumcodereview.appspot.com/9616016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10956 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-07 13:24:44 +00:00
yangguo@chromium.org
67540abe08
Fix compile with debuggersupport=off.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9546051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10952 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-07 10:57:36 +00:00
svenpanne@chromium.org
64340007e0
Never let the hole escape...
...
Review URL: https://chromiumcodereview.appspot.com/9605042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10951 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-07 10:03:32 +00:00
mstarzinger@chromium.org
8c2708de6d
Fix Error.prototype.toString to throw TypeError.
...
R=rossberg@chromium.org
BUG=v8:1980
TEST=mjsunit/function-call,mjsunit/regress/regress-1980
Review URL: https://chromiumcodereview.appspot.com/9568005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-05 13:57:48 +00:00
mstarzinger@chromium.org
240e818f0c
Fix inlining of strict mode constructors.
...
Inlined strict mode functions (that are not called as methods) will get
their receiver reset to undefined. This should not happen when inlining
constructors.
This change also simplifies the test suite to reuse the same closures
into which constructors get inlined and use gc() to force V8 to forget
collected type feedback.
R=vegorov@chromium.org
TEST=mjsunit/compiler/inline-construct
Review URL: https://chromiumcodereview.appspot.com/9597017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-05 12:46:50 +00:00
yangguo@chromium.org
f2699b66cf
Revert r10908 due to flakiness and crashes.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9580007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-02 15:00:52 +00:00
yangguo@chromium.org
12f2099993
Ensure consistent result of transcendental functions.
...
BUG=
TEST=regress-transcendental.js
Review URL: https://chromiumcodereview.appspot.com/9572009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10908 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-02 14:33:15 +00:00
danno@chromium.org
57a0c6c6e3
Inline ordered relational compares of mixed double/undefined values.
...
Allow Crankshaft to inline ordered relational comparisons (<, >, <=, >=) that have undefined arguments in addition to double value arguments (rather than calling the generic Compare stub).
R=fschneider@chromium.org
TEST=test/mjsunit/comparison-ops-and-undefined.js
Review URL: https://chromiumcodereview.appspot.com/9584006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-02 13:40:14 +00:00
fschneider@chromium.org
1e40f7ac2c
Fix a register assignment bug in typed array stores without SSE3 available.
...
The old code used a separate HToInt32 instruction which had a wrong register
constraint for the input register which caused wrong result when the stored value
is used after a typed array store. (UseRegister instead of UseTempRegister) when no
SSE3 is available.
This change fixes it by replacing HToInt32 with the corresponding HChange
instruction which has correct register contraints.
TEST=mjsunit/compiler/regress-toint32.js
Review URL: https://chromiumcodereview.appspot.com/9565007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10891 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-01 12:45:46 +00:00
mstarzinger@chromium.org
fd5640cf7a
Implement inlined object allocation in Crankshaft.
...
Generates inlined code for object allocation specific to the initial map
of the given constructor function. Also forces completion of inobject
slack tracking while crankshafting to finalize instance size of these
objects.
R=vegorov@chromium.org
TEST=mjsunit/compiler/alloc-object
Review URL: https://chromiumcodereview.appspot.com/9370019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10881 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-03-01 11:10:28 +00:00
rossberg@chromium.org
b89c0a962c
AST extensions and parsing for import & export declarations.
...
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9496003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10866 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-29 12:12:52 +00:00
mstarzinger@chromium.org
fb8eb04bfd
Implement inlining of constructor calls.
...
R=vegorov@chromium.org ,kmillikin@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9304001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-28 09:05:55 +00:00
vegorov@chromium.org
9b55ebaa3a
When compiling for-in pass correct context value to the increment instruction.
...
Additionally force increment instruction to use int32 representation.
R=fschneider@google.com
BUG=http://crbug.com/115646
TEST=test/mjsunit/compiler/optimized-for-in.js
Review URL: https://chromiumcodereview.appspot.com/9463052
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-27 14:37:27 +00:00
yangguo@chromium.org
32e2b0319e
Update break points set with partial file name after compile.
...
BUG=v8:1853
Review URL: https://chromiumcodereview.appspot.com/9460059
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-27 11:52:08 +00:00
rossberg@chromium.org
becd8dd11c
Make 'module' a context-sensitive keyword.
...
Baseline: http://codereview.chromium.org/9401008/
R=lrn@chromium.org ,mstarzinger@chromium.org
BUG=v8:1957
TEST=mjsunit/harmony/module-parsing
Review URL: https://chromiumcodereview.appspot.com/9422001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-24 15:53:09 +00:00
mstarzinger@chromium.org
36a91e30f7
Fix redefining of attributes on aliased arguments.
...
This allows elements of the non-strict arguments object to be redefined
with custom attributes and still maintain an alias into the context.
Such a slow alias is maintained by placing a special marker into the
dictionary backing store of the arguments object.
R=rossberg@chromium.org
BUG=v8:1772
TEST=test262,mjsunit/object-define-property
Review URL: https://chromiumcodereview.appspot.com/9460004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-24 14:34:01 +00:00
mstarzinger@chromium.org
9f83b4ee36
Fix Object.getOwnPropertyDescriptor in string elements.
...
This fixes Object.getOwnPropertyDescriptor to report string character
elements as enumerable in accordance with the spec.
BUG=v8:862
TEST=mjsunit/get-own-property-descriptor
Review URL: https://chromiumcodereview.appspot.com/9447053
Patch from Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10822 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-24 11:58:09 +00:00
yangguo@chromium.org
baabb87dae
Fix HConstant's hash function for smis on x64.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9466003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-24 10:59:12 +00:00
yangguo@chromium.org
8affd2bead
Skip regress-1969 in x64.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9455015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-23 14:50:08 +00:00
mstarzinger@chromium.org
30dcdb6a36
Revert r10811 because of test flakiness.
...
TBR=vegorov@chromium.org
BUG=v8:1322
Review URL: https://chromiumcodereview.appspot.com/9453012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-23 14:12:44 +00:00
yangguo@chromium.org
671084074d
Lazy removal of dead HValues in GVN from use lists.
...
BUG=v8:1969
TEST=regress/regress-1969
Review URL: https://chromiumcodereview.appspot.com/9455011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-23 13:59:35 +00:00
mstarzinger@chromium.org
c1b97fe842
Allow inlining of functions containing function literals.
...
R=fschneider@chromium.org ,vegorov@chromium.org
BUG=v8:1322
TEST=mjsunit/compiler/inline-literals
Review URL: https://chromiumcodereview.appspot.com/9453007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-23 12:24:03 +00:00
vegorov@chromium.org
5bb6a8399d
Support OSR in for-in loops.
...
Modify PreProcessOsrEntry to work with OSR entries that have non-empty expression stack.
Modify graph builder to take for-in state from environment instead of directly referencing emitted instructions.
Extend %OptimizeFunctionOnNextCall with an argument to force OSR to make writing OSR tests easier: %OptimizeFunctionOnNextCall(f, "osr").
R=fschneider@chromium.org
TEST=test/mjsunit/compiler/optimized-for-in.js
Review URL: https://chromiumcodereview.appspot.com/9431030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-22 16:45:35 +00:00
vegorov@chromium.org
6703dddac4
Support fast case for-in in Crankshaft.
...
Only JSObject enumerables with enum cache (fast case properties, no interceptors, no enumerable properties on the prototype) are supported.
HLoadKeyedGeneric with keys produced by for-in enumeration are recognized and rewritten into direct property load by index. For this enum-cache was extended to store property indices in a separate array (see handles.cc).
New hydrogen instructions:
- HForInPrepareMap: checks for-in fast case preconditions and returns map that contains enum-cache;
- HForInCacheArray: extracts enum-cache array from the map;
- HCheckMapValue: map check with HValue map instead of immediate;
- HLoadFieldByIndex: load fast property by it's index, positive indexes denote in-object properties, negative - out of object properties;
Changed hydrogen instructions:
- HLoadKeyedFastElement: added hole check suppression for loads from internal FixedArrays that are knows to have no holes inside.
R=fschneider@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9425045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-22 12:47:42 +00:00
rossberg@chromium.org
e414be5fc6
After assignment return right hand side value instead of undefined
...
when Object.isExtensible(o) === false
Added corresponding tests
ES5 description: http://es5.github.com/#x11.13.1
Related issue: http://code.google.com/p/v8/issues/detail?id=1901
Contributed by ioseb.dzmanashvili@gmail.com
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9429002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-21 14:09:45 +00:00
vegorov@chromium.org
f5c8ac9839
On ia32 LFunctionLiteral instruction should get context from esi register instead of stack slot.
...
This makes LFunctionLiteral safe even when it is used from inside inlined function.
All other architectures were implementing LFunctionLiteral correctly.
R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-inlining-function-literal-context.js
Review URL: https://chromiumcodereview.appspot.com/9425061
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-21 12:10:04 +00:00
mstarzinger@chromium.org
417a01accf
Fix RegExp white-space character class to match BOMs.
...
R=rossberg@chromium.org
TEST=test262/S15.10.2.12_A?_T1,mjsunit/regexp
Review URL: https://chromiumcodereview.appspot.com/9426032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-20 17:50:53 +00:00
rossberg@chromium.org
958b3bf470
Parsing of basic module declarations (no imports/exports yet).
...
Module definitions are not compiled or otherwise executed yet.
Toplevel module identifiers are bound but never initialized.
R=kmillikin@chromium.org ,mstarzinger@google.com
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9401008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-20 14:02:59 +00:00
rossberg@chromium.org
1336b913d0
Make built-ins strict mode conforming, and support a --use-strict flag.
...
* Turned all uses of 'const' into 'var'.
* Turned all uses of local 'function' into 'var'.
* Added a couple of missing toplevel 'var' declarations.
One consequence is that the properties on the builtin object are no longer
non-writable, and I had to adapt one test. Is that a problem?
Unfortunately, we cannot actually switch the library scripts to strict mode
by default, because that makes observable things like poisoned .caller properties
for library functions.
Also removed dead flag code in Compiler::Compile.
R=yangguo@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9415010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-20 13:48:24 +00:00
yangguo@chromium.org
30bcc481e1
Enable inlining for Math.min/max in more cases.
...
Review URL: https://chromiumcodereview.appspot.com/9372021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-20 13:21:15 +00:00
mstarzinger@chromium.org
e423637898
Fix sequence of element access in array builtins.
...
R=rossberg@chromium.org
BUG=v8:1790
TEST=mjsunit/regress/regress-1790,test262/15.4.4.22-9-9
Review URL: https://chromiumcodereview.appspot.com/9419044
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-17 10:06:26 +00:00
mstarzinger@chromium.org
1dd2b094a5
Implement fast literal support in Crankshaft.
...
This extends the current support for nested object literals we already
have in Crankshaft, to also support nested array literals and mixed
nested literals containing arrays and objects. All three types are
generated by the unified HFastLiteral instruction.
All previous upper bounds on nested literal graphs remain unchanged,
keeping the size of generated code in check.
The main intention is to boost performance of two-dimensional array
literals containing constant elements (aka. matrices).
R=danno@chromium.org
TEST=mjsunit/compiler/literals-optimized
Review URL: https://chromiumcodereview.appspot.com/9403018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 17:32:30 +00:00
mstarzinger@chromium.org
15c368ce4c
Revert r10721 because of test flakiness.
...
TBR=fschneider@chromium.org
BUG=v8:1322
Review URL: https://chromiumcodereview.appspot.com/9417013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 17:13:37 +00:00
danno@chromium.org
a07e129e9a
Relax TransitionElementsKind DependsOn/Changes dependencies.
...
Ensure that GVN eliminates all transitions that are dominated by an equivalent transition, even if there is a DependsOn-changing instruction in between.
R=fschneider@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9365057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10731 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 15:37:52 +00:00
mstarzinger@chromium.org
acb83c06f4
Allow inlining of functions containing function literals.
...
R=fschneider@chromium.org
BUG=v8:1322
TEST=mjsunit/compiler/inline-literals
Review URL: https://chromiumcodereview.appspot.com/9419005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10721 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 14:01:41 +00:00
yangguo@chromium.org
cc2780403a
Ensure using byte registers for byte instructions on ia32 and x64.
...
BUG=v8:1945
TEST=regress-1945.js
Review URL: https://chromiumcodereview.appspot.com/9418005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 12:48:02 +00:00
danno@chromium.org
bd79e299e5
Uniformly handle 'undefined' store to Float64Array and Float32Array.
...
Previous behavior diverged in ICs and Crankshaft. When storing to a Float32Array or Float64Array, the ICs treated undefined as zero while Crankshaft treated it as NaN. Now both ICs and Crankshaft treat it as NaN, which is consistent with the WebGL & ECMAScript spec.
R=mstarzinger@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9402008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10714 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-16 07:58:07 +00:00
yangguo@chromium.org
01e46b955f
Initialize internal arrays with the correct map.
...
BUG=v8:1878
TEST=regress-1878.js
Review URL: https://chromiumcodereview.appspot.com/9402009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-15 13:45:42 +00:00
danno@chromium.org
71cd77e22c
Fix crashing bugs in store-and-grow IC for double values.
...
R=jkummerow@chromium.org
BUG=chromium:113924
TEST=test/mjsunit/regress/regress-113924.js
Review URL: https://chromiumcodereview.appspot.com/9365055
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-14 15:09:49 +00:00
jkummerow@chromium.org
4233bf8348
Initial support for count-based profiling
...
(behind FLAG_count_based_interrupts; only on ia32)
Review URL: https://chromiumcodereview.appspot.com/9373028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-14 14:00:31 +00:00
rossberg@chromium.org
559f5eecad
Don't treat function parameters as let-bound variables in Harmony mode.
...
R=ulan@chromium.org
BUG=v8:1942
TEST=
Review URL: https://chromiumcodereview.appspot.com/9365054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-14 13:47:54 +00:00
mstarzinger@chromium.org
0db91d40e9
Allow inlining of functions containing object literals.
...
R=fschneider@chromium.org
BUG=v8:1322
TEST=mjsunit/compiler/inline-literals
Review URL: https://chromiumcodereview.appspot.com/9388007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-14 08:57:10 +00:00
yangguo@chromium.org
fff8eba038
Fix test expectations for the tickprocessor.
...
Review URL: https://chromiumcodereview.appspot.com/9388003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10682 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-13 10:24:55 +00:00
danno@chromium.org
f0c4b87f34
Implement KeyedStoreICs to grow arrays on out-of-bound stores.
...
Supports growing non-COW JSArray by a single element if the backing store has room, and initial allocation of a backing store for the store to index zero of an empty array to kPreallocatedArrayElements elements (e.g. the [] array literal).
Review URL: https://chromiumcodereview.appspot.com/9310117
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-10 12:36:05 +00:00
danno@chromium.org
9cc595a295
Add asserts to try to flush out test flakiness.
...
R=mstarzinger@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9358033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-09 17:29:26 +00:00
danno@chromium.org
256975f314
Ensure expected behavior for transition hosting tests by flushing ICs
...
R=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9373027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-09 14:55:32 +00:00
mstarzinger@chromium.org
19a62a22fc
Fix d8-os unit test to be skipped for isolates.
...
This test sets the umask on a per-process basis and hence cannot be
used in multi-threaded runs.
R=yangguo@chromium.org
TEST=mjsunit/d8-os
Review URL: https://chromiumcodereview.appspot.com/9372018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-09 09:52:38 +00:00
danno@chromium.org
d949c64688
Improve GVN handling of ElementTransitions.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9141016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-09 08:58:19 +00:00
fschneider@chromium.org
b8b50400d2
Inline builtin Math functions functions in more cases.
...
Until now we only could inline as specialized HIR instructions when called
as a method (e.g. Math.abs)
It is very common practice to abbreviate calls to those functions by defining
a global or local variable like:
var a = Math.abs;
var x = a(123);
This change allows inlining them when called as a function (global or local).
Review URL: https://chromiumcodereview.appspot.com/9365013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10640 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 12:08:46 +00:00
mstarzinger@chromium.org
8e1399c761
Fix d8-os unit test to work with isolates.
...
We cannot use chdir to set the working directory on a per-isolate basis,
hence we need to specify absolute directories instead for this test to
work properly on multi-threaded runs.
R=yangguo@chromium.org
TEST=mjsunit/d8-os
Review URL: https://chromiumcodereview.appspot.com/9348051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 10:59:19 +00:00
mstarzinger@chromium.org
f034a3f0ea
Enable membrane example for proxies again.
...
R=rossberg@chromium.org
BUG=v8:1845
TEST=mjsunit/harmony/proxies-example-membrane
Review URL: https://chromiumcodereview.appspot.com/9365011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 10:14:18 +00:00
yangguo@chromium.org
3e58827710
Fix elements transition bug related to array.concat.
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9358018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 09:50:13 +00:00
lrn@chromium.org
f0a87d7c34
Fix handling of 'c: if (0) break c; else ()' where a parser optimization
...
leaves a trailing ";" after removing the break.
Review URL: https://chromiumcodereview.appspot.com/9159043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-08 08:40:11 +00:00
fschneider@chromium.org
cb5164c0b0
Speed up two unit tests to avoid timeouts and make tests finish faster.
...
Review URL: https://chromiumcodereview.appspot.com/9309118
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-06 11:40:24 +00:00
ulan@chromium.org
8093e397e4
Do not ignore an empty context with extension when creating a scope object.
...
Runtime_DebugEvaluate creates an empty context which is not correctly handled in FullCodeGenerator::ContextSlotOperandCheckExtensions because the corresponding scope indicates that it has no context.
BUG=crbug.com/107996
TEST=test/mjsunit/regress/regress-crbug-107996.js
Review URL: https://chromiumcodereview.appspot.com/9310027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10582 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-02-02 09:35:12 +00:00
mstarzinger@chromium.org
5dc4859fa4
Fix test case to correctly check expected result.
...
R=vegorov@chromium.org
TEST=mjsunit/regress/regress-1229
Review URL: https://chromiumcodereview.appspot.com/9303032
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-31 12:31:24 +00:00
danno@chromium.org
57525ef893
Store transitioned JSArray maps in global context
...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9073007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10523 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-26 21:47:57 +00:00
vegorov@chromium.org
67d72eab45
When preparing heap for breakpoints make sure not to flush away non-optimized code for inlined functions.
...
Debug::PrepareForBreakPoints was not fully populating active_functions list.
R=erik.corry@gmail.com
TEST=test/mjsunit/regress/regress-debug-code-recompilation.js
Review URL: https://chromiumcodereview.appspot.com/9290013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-25 15:11:59 +00:00
vegorov@chromium.org
189aee91de
Untabify test/mjsunit/debug-evaluate-locals-optimized-double.js.
...
TBR=danno@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9284016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-24 08:48:33 +00:00
vegorov@chromium.org
04289e8d17
Support inlining at call-sites with mismatched number of arguments.
...
Review URL: https://chromiumcodereview.appspot.com/9265004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-24 08:43:12 +00:00
rossberg@chromium.org
c61665604b
Fix handling of function proxies in higher-order array and string methods,
...
which use yet another way to determine strict vs non-strict function receivers.
R=kmillikin@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9270004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-20 13:59:37 +00:00
vegorov@chromium.org
704c92ce95
Ensure that LRandom restores rsi after call to the C function on x64.
...
R=ulan@chromium.org
BUG=http://crbug.com/110509
TEST=test/mjsunit/regress/regress-110509.js
Review URL: https://chromiumcodereview.appspot.com/9265003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-19 08:43:34 +00:00
yangguo@chromium.org
6d0d6a5695
Recursion limit for one-char string replace and retire String::kMinNonFlatLength.
...
TEST=mjsunit/string-replace-one-char.js
Review URL: https://chromiumcodereview.appspot.com/9231017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-17 14:29:17 +00:00
yangguo@chromium.org
ddc0144490
Fixing issue 1898 (using HChange outside the insert-representation-changes phase).
...
BUG=v8:1898
TEST=mjsunit/regress/regress-1898.js
Review URL: http://codereview.chromium.org/9190047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-13 07:48:44 +00:00
yangguo@chromium.org
339c9c12e7
Inlining Math.min and Math.max in crankshaft.
...
BUG=v8:1325
TEST=
Review URL: http://codereview.chromium.org/9147034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10391 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 15:43:33 +00:00
danno@chromium.org
a42da8e38d
Correct nits in d8 ArrayBuffer() implementation
...
TBR=jkummerow@chromium.org
BUG=none
TEST=external-array.js
Review URL: http://codereview.chromium.org/9185006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 15:10:56 +00:00
danno@chromium.org
6ce13906dc
Add primitive WebGL ArrayBuffer() support to d8
...
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/9114050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10389 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 14:42:58 +00:00
vegorov@chromium.org
c4d3a110a2
Adjust position recorded for call expressions.
...
For calls of the form ident(...) record position of the identifier as the position of the call. For other calls record positions of the opening parenthesis.
This guarantees that for expressions of the form function(){}() call position will not intersect with positions recorded for function literal which is used by the debugger for scope chain resolution.
R=kmillikin@chromium.org
BUG=http://crbug.com/109195
TEST=test/mjsunit/regress/regress-109195.js
Review URL: http://codereview.chromium.org/9125001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-06 10:26:17 +00:00
mstarzinger@chromium.org
e79274abe6
Fix handling of bogus receivers for Harmony collections.
...
R=rossberg@chromium.org
BUG=v8:1884
TEST=mjsunit/harmony/collections
Review URL: http://codereview.chromium.org/9074003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-05 12:55:06 +00:00
erik.corry@gmail.com
81a0271004
Randomize the seed used for string hashing. This helps guard against
...
CPU-eating DOS attacks against node.js servers. Based on code from
Bert Belder. This version only solves the issue for those that compile
V8 themselves or those that do not use snapshots. A snapshot-based
precompiled V8 will still have predictable string hash codes.
Review URL: http://codereview.chromium.org/9086006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-04 15:12:15 +00:00
danno@chromium.org
f648626eb9
Reland 10309: Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY
...
TBR=jkummerow@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/9051014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 14:28:14 +00:00
danno@chromium.org
5d85a04472
Rollback 10309
...
TBR=jkummerow@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/8968042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 13:42:21 +00:00
danno@chromium.org
dff0e36d2d
Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY
...
BUG=v8:1849
TEST=test/mjsunit/regress/regress-1849.js
Review URL: http://codereview.chromium.org/8968028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-30 12:54:23 +00:00
danno@chromium.org
aa38094bf0
Ensure that InternalArrays remain InternalArrays regardless of how they are constructed.
...
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js
Review URL: http://codereview.chromium.org/9016041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03
Avoid embedding new space objects into code objects in the lithium gap resolver.
...
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js
Review URL: http://codereview.chromium.org/8960004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-23 10:39:01 +00:00
mstarzinger@chromium.org
04f0e33229
Fix handling of foreign callbacks in DefineOwnProperty.
...
We use foreign callbacks to make some properties shadow internal values
but still behave as data properties from within JavaScript. This means
when a value is passed to Object.defineProperty() on such a property,
it should update the internal value instead of redefinind the property
and destroying the shadowing.
R=rossberg@chromium.org
BUG=v8:1530
TEST=mjsunit/regress/regress-1530,test262/S15.3.3.1_A4
Review URL: http://codereview.chromium.org/8996008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-20 08:49:51 +00:00
jkummerow@chromium.org
0438c76185
Fix outdated test expectations for array literal crankshafting
...
TEST=nosnap builder green
Review URL: http://codereview.chromium.org/8915006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 13:32:34 +00:00
jkummerow@chromium.org
106973c3d2
Create missing boilerplate for array literals instead of deoptimizing
...
BUG=107370
TEST=new additions to mjsunit/array-literal-transitions
Review URL: http://codereview.chromium.org/8914006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 13:01:27 +00:00
yangguo@chromium.org
4cd99d7cb9
Handle external strings in generated code when concatenating short strings.
...
TEST=string-external-cached.js
Review URL: http://codereview.chromium.org/8931025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 10:32:22 +00:00
fschneider@chromium.org
cf8e2b01e4
Landing forgotten mjsunit test file from previous CL.
...
Patch by Fedor Indutny <fedor.indutny@gmail.com>.
Original code review: http://codereview.chromium.org/8857001/
Review URL: http://codereview.chromium.org/8935006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 17:13:47 +00:00
jkummerow@chromium.org
91efb313eb
Fix crash in d8 when external array ctor hits stack overflow
...
BUG=100859
TEST=mjsunit/regress/regress-crbug-100859
Review URL: http://codereview.chromium.org/8898021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 13:51:58 +00:00
yangguo@chromium.org
94f9aa3a0d
Avoid using an invalid working directory in mjsunit/d8-os.
...
This test deleted its working directory and then tried to run several
shell commands which caused a failure on nfs.
Changes:
-TEST_DIR is only removed at the very end of the test
-the working directory is changed to /tmp at the beginning so that
every iteration (when running with --stress-opt) has a valid working directory
BUG=
TEST=
Review URL: http://codereview.chromium.org/8936004
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 12:57:33 +00:00
yangguo@chromium.org
a7f0c72e2d
Fixing bug introduced in r10210 that crashes v8 raytrace benchmark.
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/8889047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10226 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 12:11:56 +00:00
yangguo@chromium.org
ce86c1bfb1
Avoid bailing out to runtime for short substrings.
...
This significantly improves the speed for creating short substrings (less than 13 characters) from slices, flat cons strings and external strings.
TEST=string-external-cached.js, string-slices.js
Review URL: http://codereview.chromium.org/8889012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 10:04:58 +00:00
keuchel@chromium.org
f1649cf39c
Hydrogen support for context allocated harmony bindings.
...
This CL adds support for loading from and storing to context slots
belonging to harmony let or const bound variables. Checks for the
hole value are performed and the function is deoptimized if they fail.
The full-codegen generated code will take care of properly throwing
a reference error in these cases.
TEST=mjsunit/harmony/block-let-crankshaft.js
Review URL: http://codereview.chromium.org/8820015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 09:50:30 +00:00
danno@chromium.org
ef54f5690f
Support Smi->Double->HeapObject transitions in constructed Arrays.
...
Also several bugs with Smi/double elements handling and make Ensure* routines more flexible.
BUG=none
TEST=test/mjsunit/array-construct-transition.js
Review URL: http://codereview.chromium.org/8820014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 08:50:19 +00:00
vegorov@chromium.org
a457040ca6
Ensure that non-optimized code objects are not flushed for inlined functions.
...
Collector was flushing them if optimized code was reachable only through the stack (not through the JSFunction object) which happens when you have a pending lazy deoptimization.
Also prevent v8::Script::New from leaking internal objects allocated by the compiler into outer HandleScope.
R=kmillikin@chromium.org
BUG=http://crbug.com/97116
TEST=test/mjsunit/regress/regress-97116.js
Review URL: http://codereview.chromium.org/8888011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-08 16:07:07 +00:00
fschneider@chromium.org
c1662a199b
Fix a bug with register use in optimized Math.round.
...
We're not allowed to modify the input register and have to
use a temporary instead, otherwise the result of expressions
containing Math.round can be wrong.
BUG=106351
TEST=test/mjsunit/compiler/regress-106351.js
Review URL: http://codereview.chromium.org/8833007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-07 10:13:46 +00:00