AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
12,080 Commits 1 Branch 0 Tags 839 MiB
cfa91762ac
Commit Graph

2149 Commits

Author SHA1 Message Date
dslomov@chromium.org
cfa91762ac Allow parameterless typed array constructors. 
ES6 spec tacitly allows them, and they are allowed in Firefox and in
WebKit/Blink.

R=bmeurer@chromium.org,rossberg@chromium.org

Review URL: https://codereview.chromium.org/18769005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-09 19:34:21 +00:00
yangguo@chromium.org
b99ca1ab12 Do not implicitly convert receivers for builtin functions when inspecting frames. 
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/18900004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-09 13:58:11 +00:00
mvstanton@chromium.org
c1e19bfc35 Bugfix: The general array constructor stub did not handle the case 
properly when it is called with a function pointer in the type cell,
instead assuming that an AllocationSite object should be present. The
case where this can happen is if the cell is uninitialized, then the
first constructor call made is to the Array function of a different
context. In that case, we'll store the function pointer in the cell,
and then go ahead and call the array constructor stub too. The bug is
fixed by checking for the AllocationSite object map. If not found, the
constructor stub goes forward with a default ElementsKind, just as in
several other cases.

A test in allocation-site-info.js was beefed up to make sure the state
chain described above is traversed.

BUG=
R=hpayer@chromium.org, hpayer@google.com

Review URL: https://codereview.chromium.org/18277006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-08 14:41:54 +00:00
jkummerow@chromium.org
ed6d2d5c44 Add a test case for Phi representations 
BUG=chromium:167394
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/18838002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-08 13:43:43 +00:00
jkummerow@chromium.org
f0811f4e6f Fix and cleanup can_be_minus_zero computation 
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/18434004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15546 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-08 11:15:24 +00:00
mvstanton@chromium.org
faaa90d13c Allocation-site-info test, removed TODOs. 
Some code was commented out earlier as a todo. Now the code can be reenabled,
because allocation site feedback is working there again.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/18753005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-08 09:11:56 +00:00
danno@chromium.org
bd50e6d38f Refactoring and cleanup of control instructions 
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/18331004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-05 10:40:14 +00:00
danno@chromium.org
345cc98a25 Generate StoreGlobal stubs with Hydrogen 
- Constants globals are inlined into Hydrogen code using code dependencies that invalidate the Crankshafted code when global PropertyCells or the global object change.
- The more general case generates code that is just as good as the hand-written assembly stubs on all platforms.

R=rossberg@chromium.org, ulan@chromium.org

Committed: http://code.google.com/p/v8/source/detail?r=15419

Review URL: https://codereview.chromium.org/16925008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15512 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-05 10:34:02 +00:00
rossberg@chromium.org
929e193fc2 Tweak error message 
R=yangguo@chromium.org
BUG=v8:2758

Review URL: https://codereview.chromium.org/18759002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-05 08:34:31 +00:00
yurys@chromium.org
9ef762b683 Do not store fp and sp values in TickSample 
Their values are not used neither by the tick processor nor by CpuProfiler so it is just a waste of space.

TickSample used to be a transport for grabbed register values to TickSample::Trace, now they are passed in a special structure RegisterState which is allocated on the stack for the sampling period.

Some common pieces were moved from platform-dependent code into Sampler::SampleStack and TickSample::Init.

BUG=None
R=jkummerow@chromium.org, loislo@chromium.org

Review URL: https://codereview.chromium.org/18620002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-03 16:20:59 +00:00
jkummerow@chromium.org
dd37adc4f1 Change mjsunit tests to work with and without the i18n extension 
BUG=v8:2745
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/18187006

Patch from Jochen Eisinger <jochen@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-03 15:33:11 +00:00
ulan@chromium.org
74d147a25d Enable weak embedded maps in optimized code. 
If the top optimized code in call stack is at the point that does not support
deoptimization, then treat the maps in the code as strong pointers.

Note that other optimized code in call stack must support deoptimization
because of the call instruction with side-effects.

BUG=217858,v8:2073
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16955008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15452 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-02 15:15:58 +00:00
danno@chromium.org
77c20c30a3 Revert r15419: "Generate StoreGlobal stubs with Hydrogen" 
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/18357004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15427 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 15:12:21 +00:00
mstarzinger@chromium.org
493d1f1c21 Implement WeakMap.prototype.clear function. 
R=rossberg@chromium.org
BUG=v8:2753
TEST=mjsunit/harmony/collections

Review URL: https://codereview.chromium.org/18352002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 13:56:48 +00:00
prybin@chromium.org
488da00542 Debug: support breakpoints set in the middle of statement (try #2 after rollback) 
Review URL: https://codereview.chromium.org/18349004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 13:44:10 +00:00
danno@chromium.org
a3bce19868 Generate StoreGlobal stubs with Hydrogen 
- Constants globals are inlined into Hydrogen code using code dependencies that invalidate the Crankshafted code when global PropertyCells or the global object change.
- The more general case generates code that is just as good as the hand-written assembly stubs on all platforms.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/16925008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 13:22:13 +00:00
prybin@chromium.org
fe22b45965 Revert "Debug: support breakpoints set in the middle of statement" 
Review URL: https://codereview.chromium.org/18326007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 13:05:21 +00:00
prybin@chromium.org
f997bacb16 Debug: support breakpoints set in the middle of statement 
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/16093040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 12:54:13 +00:00
mvstanton@chromium.org
4aed3b8e84 Test fix - array-feedback.js has a test that only make sense when 
running crankshaft. Allow the test to tolerate --nocrankshaft.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/18328002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-01 09:00:14 +00:00
jkummerow@chromium.org
05b94f13c8 Add %_DebugBreakInOptimizedCode() pseudo function call to insert int3/stop instructions into optimized code 
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/17870002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15392 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-28 15:48:38 +00:00
mvstanton@chromium.org
83519ec87a Hydrogen array constructor cleanup and improvements 
* Cleanup of LCallNewArray::PrintDataTo() method
* Created HCallNewArray::PrintDataTo()
* Created many more tests in array-constructor-feedback.js
* Removed redundant instructions in
  GenerateRecordCallTarget
* Bugfix in CreateArrayDispatchOneArgument: on a call to
  new Array(0), we'd like to set the type feedback cell to
  a packed elements kind, but we shouldn't do it if the
  cell contains the megamorphic sentinel.
* When used from crankshaft, ArrayConstructorStubs can
  avoid verifying that the function being called is the
  array function from the current native context, relying
  instead on the fact that crankshaft issues an
  HCheckFunction to protect the constructor call. (this
  new minor key is used in LCodeGen::DoCallNewArray(), and
  influences code generation in
  CodeStubGraphBuilderBase::BuildArrayConstructor()).
* Optimization: the array constructor specialized for
  FAST_SMI_ELEMENTS can save some instructions by looking
  up the correct map on the passed in constructor, rather
  than indexing into the array of cached maps per element
  kind.

BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/17091002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15383 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-28 13:16:14 +00:00
yangguo@chromium.org
85d7a36ee0 Abort optimization when debugger is turned on. 
BUG=v8:2751
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/18198003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-28 11:34:51 +00:00
titzer@chromium.org
98f3dab73b Fix elements-kind test to disable optimization of important functions under test; add simpler versions of elements kind test. 
Review URL: https://codereview.chromium.org/17872002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-27 08:46:46 +00:00
dslomov@chromium.org
ef189ecd82 Do not allow invocation of ArrayBuffer and array buffer views' constructors as functions. 
ES6 bug 695 (https://bugs.ecmascript.org/show_bug.cgi?id=695).
This never worked in WebKit, so no compatibility issues.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/17904007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-27 07:42:08 +00:00
titzer@chromium.org
bfa9fe95dc Change PC for OSR entries to point to something more sensible (i.e. the first UnknownOsrValue), removing the need to record spilled OSR values and the need for duplicate deopt entries. 
Review URL: https://codereview.chromium.org/16381006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-26 08:43:27 +00:00
mvstanton@chromium.org
081134ecd1 Removed flag optimize-constructed-arrays. 
This eliminates a large amount of hand-written assembly in the platforms.

BUG=
R=danno@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/16453002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-25 16:31:07 +00:00
peter.rybin@gmail.com
42a10a9dfe Allow debugger evaluate expressions to mute local variables 
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/17636007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-25 13:48:43 +00:00
dslomov@chromium.org
e6e0ee0708 Update typed arrays behavior to match ES6 rev 15. Remove TO_POSITIVE_INTEGER and throw on negative length arguments. 
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/17572009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-24 13:58:52 +00:00
dslomov@chromium.org
91eb5f8d25 DataView implementation. 
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/17153011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-21 13:02:38 +00:00
yangguo@chromium.org
b7b92bd9ac Short-circuit embedded cons strings. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/17418003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-21 09:24:30 +00:00
yangguo@chromium.org
928cbcdc8d Skip parallel recompilation tests if parallel recompilation is disabled. 
Parallel recompilation is usually disabled on single-core systems.

R=jkummerow@chromium.org
BUG=v8:2733

Review URL: https://codereview.chromium.org/17261021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-20 11:01:33 +00:00
wingo@igalia.com
f7ba3a7bb1 Fix stack frame reconstruction for generators with formal arguments 
The formal parameter count was always being treated as an untagged
integer, but it is actually a Smi on ia32 and arm.

R=mstarzinger@chromium.org
BUG=v8:2355
TEST=mjsunit/harmony/generators-iteration

Review URL: https://codereview.chromium.org/17485002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15230 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-20 10:48:34 +00:00
verwaest@chromium.org
2ca5c6cd03 Fix using monomorphic store instruction for polymorphic stores. 
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16875008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15214 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 18:07:35 +00:00
mvstanton@chromium.org
7f0f022792 Bugfix in hydrogen array literal code generation. 
If an array literal contains some non-constant elements, is of type SMI, and
then the boilerplate transitions to double or fast sometime after we've
crankshafted the code, then we could incorrectly store smis in double arrays.

BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/17334004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15207 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 13:48:50 +00:00
svenpanne@chromium.org
010d9aba16 Avoid relying on monkey-patchable things in String.prototype.split. 
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/17391016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15206 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 12:25:40 +00:00
yangguo@chromium.org
1be45275c6 Fix test for bots that force --parallel-recompilation as shell flag. 
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16914006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 09:32:05 +00:00
mvstanton@chromium.org
c70b41684d Use type feedback for Array (non-constructor) call sites. 
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/17155010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15201 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 09:25:24 +00:00
yangguo@chromium.org
627872ec67 Do not modify FLAG_parallel_recompilation after start up. 
R=jkummerow@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/17202006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-18 14:25:24 +00:00
mstarzinger@chromium.org
0524263a27 Remove obsolete elements kind check for array literals. 
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/17378005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-18 13:32:06 +00:00
svenpanne@chromium.org
fb7310b1fd Fixed read-only attribute of Function.length in strict mode. 
R=cira@chromium.org

Review URL: https://codereview.chromium.org/17006006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-18 07:51:50 +00:00
palfia@homejinni.com
f8fc5c443e Allow running mjsunit/manual-parallel-recompile on single-core systems. 
- Add an %IsParallelSupported() builtin function to  make possible to check support of parallel processing from JavaScripts.
- Change the test script that if parallel recompilation is forced on a single core CPU, expect that it won't be recompiled in parallel.
- Change the  JSFunction::MarkForParallelRecompilation() to fall back gracefully if parallel recompilation is not supported.

BUG=v8:2733
TEST=mjsunit/manual-parallel-recompile

Review URL: https://codereview.chromium.org/17277002
Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15184 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-17 16:27:18 +00:00
palfia@homejinni.com
93609033e1 MIPS: Optimise Math.floor(x/y) to use integer division for MIPS. 
Use div instruction if some divisors do not have magic number.

Based on commit r11427 (318a9598).

This commit also ports commit r15161 (554d45c1).

BUG=

Review URL: https://codereview.chromium.org/16951016
Patch from Dusan Milosavljevic <Dusan.Milosavljevic@rt-rk.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15181 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-17 15:06:41 +00:00
mvstanton@chromium.org
5b2c1a50d9 HCheckFunction is needed to protect new array constructors in 
crankshafted code.

BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/16944006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-13 14:29:01 +00:00
wingo@igalia.com
d73dace0f5 Delegating yield does not re-box result objects 
Delegating yield (yield*) should just pass on the iterator results it
receives instead of re-boxing them.

R=rossberg@chromium.org
TEST=mjsunit/harmony/generators-iteration
BUG=

Review URL: https://codereview.chromium.org/16695006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15113 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-13 10:57:11 +00:00
wingo@igalia.com
09fcac5e39 Use keyed-call inline caches in delegating yield 
Since we can't assume anything about the shape of the iterator in a
yield* (delegating yield), use an IC to do the next() and throw()
iterator method calls.

BUG=v8:2691
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-2691

Review URL: https://codereview.chromium.org/15455002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15111 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-13 10:18:28 +00:00
mvstanton@chromium.org
75afb8ce79 Fix for bug 245480. Calling new Array(a) with a single argument could result in creating a holey array with a packed elements kind. 
BUG=245480
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/16341004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 18:04:16 +00:00
mstarzinger@chromium.org
93ab1864ea Allow the deoptimizer translation to track de-materialized objects. 
This allows the deoptimizer to materialize objects (e.g. the arguments
object) while deopting without having a consective stack area holding
the object values. The LEnvironment explicitly tracks locations for
these values and preserves them in the translation.

R=svenpanne@chromium.org
TEST=mjsunit/compiler/inline-arguments

Review URL: https://codereview.chromium.org/16779004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 14:22:49 +00:00
wingo@igalia.com
cc27c4c41b GeneratorFunction() makes generator instances 
The current specification has GeneratorFunction() be like Function(),
except that it makes generator instances.  This commit implements that
behavior.  It also fills in a piece of the implementation where
otherwise calling GeneratorFunction or GeneratorFunctionPrototype would
cause an abort because they have no code.

R=mstarzinger@chromium.org
TEST=mjsunit/harmony/generators-iteration
TEST=mjsunit/harmony/generators-runtime
BUG=v8:2355,v8:2680

Review URL: https://codereview.chromium.org/15218004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 12:52:16 +00:00
wingo@igalia.com
1fb2f4b358 For-of statements do not permit initializers. 
R=rossberg@chromium.org
BUG=v8:2720

Review URL: https://codereview.chromium.org/16739008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 12:37:44 +00:00
wingo@igalia.com
418ddc800a Allocate generator result objects before unwinding try handlers 
When a generator suspends, it saves its state out to the heap and
unwinds try handlers but doesn't pop anything off the stack.  Instead it
relies on no GC happening between the suspend and the return from the
generator.  However this was not the case: boxing the result object
could cause GC, which would try to traverse the stack but would
misinterpret words from unwound try handlers as heap objects.

This CL changes to allocate the result objects before the suspend.  It
also removes the generators-iteration skip introduced in r15065.

R=mstarzinger@chromium.org
TEST=mjsunit/harmony/generators-iteration
BUG=

Review URL: https://codereview.chromium.org/16801006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15079 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 11:02:51 +00:00