sandholm@chromium.org
ba229754ea
Fix JSON issue with arrays.
...
Review URL: http://codereview.chromium.org/7089003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8100 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 10:47:38 +00:00
ricow@chromium.org
7eb6f5c1ba
Correctly set the length of string before creating filler object in the json parser (fixes crbug 84186).
...
Testcase created based on the supplied test case from the bug report, but using json parse directly instead of through the chrome javascript console.
Review URL: http://codereview.chromium.org/7084023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-30 06:04:36 +00:00
danno@chromium.org
c2394e0a71
Prevent deopt on double value assignment to typed arrays
...
Implement truncation of double and tagged values when assigning to an element of a typed arrays in order to avoid depots.
BUG=1313
TEST=test/mjsunit/external-array.js
Review URL: http://codereview.chromium.org/6961019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 12:07:22 +00:00
ager@chromium.org
c832c467a4
Revert "Pass undefined to JS builtins when called with implicit receiver."
...
Presubmit and failing test.
TBR=lrn@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7071009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8075 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 11:22:29 +00:00
kmillikin@chromium.org
f8b01f369e
Add a simple test for inlining of arguments accesses.
...
R=whesse@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7062018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 11:17:15 +00:00
ager@chromium.org
19b718fe73
Pass undefined to JS builtins when called with implicit receiver.
...
A couple of corner cases have to be treated specially to not break
everything: eval and getter/setter definitions.
R=lrn@chromium.org
BUG=v8:1365
TEST=mjsunit/regress/regress-1365.js
Review URL: http://codereview.chromium.org/7068009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8073 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 11:07:48 +00:00
lrn@chromium.org
02c4e8bfcb
Make RegExp objects not callable.
...
Review URL: http://codereview.chromium.org/6930006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-26 07:35:09 +00:00
erik.corry@gmail.com
fbf76fc86a
Fix GC-unsafe corner case in bit-not on ARM
...
Review URL: http://codereview.chromium.org/6987009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8055 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-25 10:35:00 +00:00
ricow@chromium.org
f675db651d
Change calls to undefined property setters to not throw (fixes issue 1355).
...
We currently throw when there is only a getter defined on the
property, but this should only be the case in strict mode.
Review URL: http://codereview.chromium.org/7064027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8054 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-25 08:37:38 +00:00
ager@chromium.org
6f775f2fb0
Fix calls of strict mode function with an implicit receiver.
...
Only IA32 version for now. I'll start porting.
Strict mode functions are to get 'undefined' as the receiver when
called with an implicit receiver. Modes are bad! It forces us to have
checks on all function calls.
This change attempts to limit the cost by passing information about
whether or not a call is with an implicit or explicit receiver in ecx
as part of the calling convention. The cost is setting ecx on all
calls and checking ecx on entry to strict mode functions.
Implicit/explicit receiver state has to be maintained by ICs. Various
stubs have to not clobber ecx or save and restore it.
CallFunction stub needs to check if the receiver is implicit when it
doesn't know from the context.
Review URL: http://codereview.chromium.org/7039036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 14:01:36 +00:00
sgjesse@chromium.org
eff2946b9b
Handle changes to the Object prototype in fast handling of arrays
...
R=ager@chromium.org
BUG=v8:1403
TEST=test/mjsunit/regress/regress-1403.js
Review URL: http://codereview.chromium.org//7067019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 12:28:10 +00:00
ricow@chromium.org
ab67432ed0
Change strict mode poison pill to be the samme type error function (fixes issue 1387).
...
We are now following the spec, and with regards to the error message we are following firefox (webkit still has different type errors in their nightly)
Review URL: http://codereview.chromium.org/7067017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 11:07:06 +00:00
sgjesse@chromium.org
fbd106d9cd
MIPS: arch-independent changes to support mips.
...
This change supports all non-crankshaft features except serialization.
This must be built after the changes in http://codereview.chromium.org/6966031
are landed.
BUG=
TEST=
Review URL: http://codereview.chromium.org//7039058
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-24 07:56:20 +00:00
danno@chromium.org
780df33019
SMI checks for receiver in KeyedLoad/Store (done right this time)
...
R=ager@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/7059013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7998 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-23 13:42:33 +00:00
sgjesse@chromium.org
825a433900
Add regression test for issue 1401
...
R=ager@chromium.org
BUG=v8:1401
TEST=test/regress/regress-1401.js
Review URL: http://codereview.chromium.org//7062002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-23 13:03:45 +00:00
ager@chromium.org
98778dc802
Remove execScript from V8. No longer present i neither Firefox nor Safari.
...
R=ricow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7046002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-19 08:10:27 +00:00
vegorov@chromium.org
7fba506f23
Add regression test for http://crbug.com/82769
...
Review URL: http://codereview.chromium.org/7034025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-18 12:46:21 +00:00
fschneider@chromium.org
66911961cf
Fix bug in optimized compiler's switch-statement.
...
In the case where the default-clause occurs as the first clause,
the case-blocks were not wired up correctly.
BUG=v8:1394
TEST=mjsunit/compiler/regress-1394.js
Review URL: http://codereview.chromium.org/7037023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-18 11:06:07 +00:00
whesse@chromium.org
0eca2b4fc1
Fix error in postfix ++ in Crankshaft.
...
Add HForceRepresentation, to represent the implicit ToNumber applied to the input of a count operation.
BUG=v8:1389
TEST=
Review URL: http://codereview.chromium.org/7033008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-17 11:41:59 +00:00
danno@chromium.org
daa1be1226
Support conversion of clamped double values for pixel arrays in Crankshaft.
...
BUG=1313
TEST=test/mjsunit/external-array.js
Review URL: http://codereview.chromium.org/7014033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-16 14:10:56 +00:00
sgjesse@chromium.org
230a56abda
Limit the number of local variables in a function
...
Review URL: http://codereview.chromium.org//7003030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-16 08:27:52 +00:00
ricow@chromium.org
964dbff40d
Only send null or undefined as receiver for es5 natives, not generally
...
for builtin functions.
Review URL: http://codereview.chromium.org/7012012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-13 07:26:44 +00:00
ager@chromium.org
8a0b1f5bc9
Allow closures to be optimized if outer contexts that call eval are all in strict mode.
...
R=kmillikin@chromium.org
BUG=
TEST=mjsunit/compiler/eval-introduced-closure.js
Review URL: http://codereview.chromium.org/6993008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7853 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-11 11:26:11 +00:00
ricow@chromium.org
7f8a918f08
Allow strict mode flag as extraicstate for keyed external array store ic
...
We currently hit an assertion in computeflags, but the extra_ic_state is used to pass the strict mode flag in.
BUG: 1383
Review URL: http://codereview.chromium.org/7003022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-11 08:53:46 +00:00
jkummerow@chromium.org
944a388412
Avoid using a register for constant external array indices.
...
This CL is based on and obsoletes CL 6879037.
TEST=mjsunit/external-array.js
Review URL: http://codereview.chromium.org/6902112
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-10 15:25:17 +00:00
jkummerow@chromium.org
1eedd8056d
Fix timeout of test regress-1118.js
...
TEST=mjsunit/regress/regress-1118.js no longer times out when run in the ARM simulator.
Review URL: http://codereview.chromium.org/6994010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-10 15:07:30 +00:00
jkummerow@chromium.org
89c64653bf
Expose optimization info via runtime functions
...
TEST=mjsunit/assert-opt-and-deopt.js
Review URL: http://codereview.chromium.org/6879108
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-09 08:58:57 +00:00
ager@chromium.org
0961b1a936
Check that receiver is JSObject on API calls.
...
R=sgjesse@chromium.org
BUG=v8:1369
TEST=mjsunit/regress/regress-1369.js
Review URL: http://codereview.chromium.org/6931056
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-06 14:14:16 +00:00
karlklose@chromium.org
d43066050a
Replace loops by OptimizeFunctionOnNextCall in regress-1085 and regress-1210.
...
Review URL: http://codereview.chromium.org/6938001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-06 09:10:28 +00:00
ricow@chromium.org
e0eb110130
Reapply 7763, including arm and x64 variants.
...
The only difference to revision 7763 is the implementation in the
builtins file for arm and x64, plus a move of Array.prototype.toString
and Array.prototype.toLocaleString from should throw on null or
undefined to the non generic test cases in the function-call test (due
to us not currently supporting generic cases with these to functions)
Review URL: http://codereview.chromium.org/6928007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-05 05:21:30 +00:00
ricow@chromium.org
797cbc68b7
Delete empty test/mjsunit/function-call.js file
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 14:20:19 +00:00
karlklose@chromium.org
8b917d4d96
Replace long running loops by OptimizeFunctionOnNextCall in some tests that are often timing out on ARM.
...
Review URL: http://codereview.chromium.org/6910022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:53:08 +00:00
ricow@chromium.org
4d890da191
Revert 7763, missing implementation on x64 and arm for call and apply with null or undefined.
...
Review URL: http://codereview.chromium.org/6913024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:45:19 +00:00
ricow@chromium.org
2b730c2bf6
Don't exchange null and undefined with the global object in function.prototype.{call, apply} for natives.
...
This makes us compatible with firefox in throwing an exception when
call is invoked on a builtin with null as the this argument.
Review URL: http://codereview.chromium.org/6902104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 13:19:04 +00:00
lrn@chromium.org
569574b7bf
Fix implementation of == to correctly convert Date objects to primitives.
...
Fix issue 1356
BUG=v8:1356
TEST=mjsunit/double-equals
Review URL: http://codereview.chromium.org/6912021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7761 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 12:15:14 +00:00
lrn@chromium.org
d1411602a7
Don't allow whitespace after sign characters in parseInt.
...
BUG=v8:955
TEST=mjsunit/regress/regress-955
Review URL: http://codereview.chromium.org/6903171
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-03 07:11:17 +00:00
ager@chromium.org
ccafbca61d
Use JSON.parse instead of eval for the debugger JSON protocol.
...
R=sgjesse@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/6903172
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7748 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-02 14:20:34 +00:00
kmillikin@chromium.org
1af840ad4c
Be more discriminating about uses of the arguments object in optimized code.
...
Because we track the value of the arguments object, we need to check
values whenever plugged into a forbidden value context. It is not
enough to check at only variable references as we did previously.
R=fschneider@chromium.org
BUG=1351
TEST=regress-1351.js
Review URL: http://codereview.chromium.org/6902202
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-02 11:35:51 +00:00
mmaly@chromium.org
796ac25a4f
Strict mode eval declares its locals in its own environment.
...
BUG=
TEST=strict-mode.js
Review URL: http://codereview.chromium.org/6883200
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-29 15:31:39 +00:00
lrn@chromium.org
f470cf2777
Handle join of sparse arrays with non-empty separator more efficiently.
...
BUG=v8:1028
Review URL: http://codereview.chromium.org/6902144
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-29 08:53:36 +00:00
vegorov@chromium.org
1c950e04cc
Fix missing writebarrier in ArraySplice builtin.
...
Review URL: http://codereview.chromium.org/6883227
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-28 16:03:40 +00:00
kmillikin@chromium.org
dc28280a82
Fix a bug in a corner case of direct eval detection.
...
The corner case is calling a function named 'eval' that is looked up at
runtime and found in a non-global context (but not an extension object).
The bug is that we used the function itself as the receiver rather than
using the global object.
R=ager@chromium.org
TEST=has been added to the eval mjsunit test
Review URL: http://codereview.chromium.org/6893057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-28 05:04:48 +00:00
jkummerow@chromium.org
bc8f6943bb
Support Float64Arrays
...
BUG=None
TEST=mjsunit/external-arrays.js; updated cctest; existing unit tests
Review URL: http://codereview.chromium.org/6879009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-21 07:15:43 +00:00
karlklose@chromium.org
3b6fe22c4d
Make throw inlineable only if the exception is inlineable.
...
BUG=1337
TEST=regress-1337
Review URL: http://codereview.chromium.org/6881079
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-20 09:15:52 +00:00
yurys@chromium.org
5d70a291fe
Fix debuger evaluation on a breakpoint inside eval
...
Corresponding Chromium issue: http://code.google.com/p/chromium/issues/detail?id=74412
Review URL: http://codereview.chromium.org/6875005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 14:09:45 +00:00
lrn@chromium.org
7aec228dbb
Cleanup of mjsunit.js code and make assertEquals more strict.
...
Encapsulate the helper functions in mjsunit.js.
Now only exposes the exception class and the assertXXX functions.
Make assertEquals use === instead of ==.
This prevents a lot of possiblefalse positives in tests, and avoids
having to do assertTrue(expected === actual) when you need it.
Fixed some tests that were either buggy or assuming == test.
Review URL: http://codereview.chromium.org/6869007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 11:35:36 +00:00
karlklose@chromium.org
dab8f48ebc
ARM: Implement correct rounding in the lithium codegenerator.
...
This patch provides testing for values that have a fraction part of 0.5 and uses a different rounding method for them. The original method of VFPTruncating the value with round-to-nearest is not correct because it does not round to the larger number in case of a tie.
BUG=http://code.google.com/p/v8/issues/detail?id=958
Review URL: http://codereview.chromium.org/6840051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 11:29:01 +00:00
ricow@chromium.org
cfb5a7ee78
Reapply 7581, Fix tools/test.py to allow CTRL+C to work correctly again.
...
Buildbot now has python 2.6
Also, remove some semicolons.
Review URL: http://codereview.chromium.org/6871007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-15 09:41:09 +00:00
lrn@chromium.org
3bbcab1ca9
X64: Use roundsd for DoMathFloor.
...
TEST=mjsunit/math-floor
Review URL: http://codereview.chromium.org/6835021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-14 09:05:43 +00:00
whesse@chromium.org
98c17a2bf3
Adjust mjsunit.status to account for math-round test passing on ARM when crankshaft is disabled.
...
Review URL: http://codereview.chromium.org/6840013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-13 14:03:24 +00:00
fschneider@chromium.org
9783526239
Enable inlining functions containing throw.
...
After Kevin's change to the graph builder to allow aborting graph construction
inside arbitrary expressions this just works.
BUG=v8:1143
Review URL: http://codereview.chromium.org/6839017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7605 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-13 13:09:58 +00:00
lrn@chromium.org
caee8a3ccf
Fix Math.round in runtime.cc and x64 optimized code.
...
Make math-round.js test check both normal and optimized version.
Add some cases to the tests.
BUG=v8:958
TEST=mjsunit/math-round
Review URL: http://codereview.chromium.org/6837018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-13 09:35:56 +00:00
jkummerow@chromium.org
1d774ac5ca
Fix load/store of external float arrays on ARM
...
BUG=1323
TEST=mjsunit/regress/regress-1323.js, run with simulator=arm
Review URL: http://codereview.chromium.org/6822054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-12 15:20:26 +00:00
ricow@chromium.org
6baa8a2bde
Revert 7581, you can't have try except finally toghetter until python 2.5
...
We have some 2.4 versions on the windows buildbots, I will try to have these updated and reapply.
Review URL: http://codereview.chromium.org/6821069
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-12 07:46:17 +00:00
ricow@chromium.org
7c0b1af4d7
Fix tools/test.py to allow CTRL+C to work correctly again.
...
This also changes the AfterRun functions to allow None as the passed in parameter.
Review URL: http://codereview.chromium.org/6824040
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-12 06:26:38 +00:00
jkummerow@chromium.org
ed968b1042
Introduce runtime function %OptimizeFunctionOnNextCall to manually trigger optimization.
...
TEST=existing unit tests still pass
Review URL: http://codereview.chromium.org/6821009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-11 13:24:50 +00:00
mmaly@chromium.org
164e3a4173
Strict mode fixes.
...
- mutual inlining strict and non-strict functions in crankshaft.
- assignment to undefined variable with eval in scope.
- propagation of strict mode through lazy compilation.
BUG=
TEST=test/mjsunit/strict-mode.js test/mjsunit/strict-mode-opt.js
Review URL: http://codereview.chromium.org/6814012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-08 14:30:10 +00:00
vegorov@chromium.org
8a8d3bbbee
In LCodeGen::DoDeferredLInstanceOfKnownGlobal emit safepoint with registers for the call to stub.
...
Review URL: http://codereview.chromium.org/6793017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-07 13:32:45 +00:00
jkummerow@chromium.org
adf509f159
Make "length" and "BYTES_PER_ELEMENT" properties of typed arrays accessible.
...
Review URL: http://codereview.chromium.org/6805010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-07 08:24:56 +00:00
yurys@chromium.org
c2e7beb952
Debugger: show local scope before with for functions created inside with block
...
Review URL: http://codereview.chromium.org/6804015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-06 17:54:39 +00:00
peterhal@chromium.org
e3d788329a
1309 fix
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/6800018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-06 16:22:06 +00:00
jkummerow@chromium.org
348a4e44f5
Add regression test for overlapping key and value registers.
...
Review URL: http://codereview.chromium.org/6804007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-06 11:01:07 +00:00
sgjesse@chromium.org
1244225ba8
Extend crankshaft support for global stores
...
All global stores are now supported in crankshaft by using the normal store IC when other optimizations are not possible due to the state of the global object.
R=fschneider@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org//6693066
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-04 15:03:34 +00:00
sgjesse@chromium.org
1e8079fcc9
Increase coverage of global loads in optimized code
...
In the cases where a global property cell cannot be used in the optimized code
use standard load ic to get the property instead of bailing out.
This is re-committing r7212 and r7215 which where reverted in r7239 with the addition of recoring the source position in the hydrogen code for the LoadGlobalCell instruction. To record that position an optional position field has been added to the variable proxy AST node.
Review URL: http://codereview.chromium.org/6758007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-01 11:54:04 +00:00
vegorov@chromium.org
ae65366f0b
Fix SlotRef::SlotAddress for parameters indices.
...
Fix %NewObjectFromBound to correctly handle optimized frames (including those with inlined functions).
Fix %_IsConstructCall handling in hydrogen: when called from inlined function return false constant directly instead of emiting HIsConstructCall.
Fix success case in TraceInline.
BUG=v8:1229
TEST=test/mjsunit/regress/regress-1229.js
Review URL: http://codereview.chromium.org/6740023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-04-01 11:41:36 +00:00
ricow@chromium.org
b4bae54ef2
Decrease number of runs in mjsunit/compiler/pic.js (Test still gets optimized, even without --stress-opt)
...
Review URL: http://codereview.chromium.org/6731049
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7414 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-29 13:20:05 +00:00
sgjesse@chromium.org
1eb224c2a2
ARM: Check for minus zero when converting binary operation result to smi
...
The result of an Int32 binary operation will be converted to a smi if it fits. However a minus zero check was missing.
BUG=v8:1278
TEST=test/mjsunit/regress/regress-1278.js
R=ager@chromium.org
Review URL: http://codereview.chromium.org/6755009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-29 07:43:27 +00:00
ricow@chromium.org
e0c7d3cf08
Run array-length less times to make the builder green.
...
We still get this method optimized even without --always-opt flag.
Review URL: http://codereview.chromium.org/6719029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-28 08:51:08 +00:00
ricow@chromium.org
fb6d7e17df
Follow jsc on not throwing when trying to add a property to a non-extensible object.
...
This change makes us compatible with Safari on not throwing when trying to add a property to a non-extensible object.
Review URL: http://codereview.chromium.org/6712059
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-28 06:11:08 +00:00
lrn@chromium.org
40f9a7db8e
Fix test that can fail for small denormals.
...
Review URL: http://codereview.chromium.org/6736027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7373 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-25 14:03:42 +00:00
lrn@chromium.org
1a15a9e6a9
Fix typo in math-sqrt.js
...
Review URL: http://codereview.chromium.org/6696109
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7372 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-25 13:48:17 +00:00
lrn@chromium.org
0c6fbad874
Add more tests to mul-exhaustive for constant left/right operands.
...
Make MJSUnit able to distinguish 0 and -0.
Review URL: http://codereview.chromium.org/6688062
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-25 13:24:20 +00:00
fschneider@chromium.org
e6cbf659d1
Fix bug that caused invalid code motion for certain loads instructions.
...
The dependency flags of instructions depending on a previous check have to
be a super-set of the flags of the check instructions.
Review URL: http://codereview.chromium.org/6730025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7343 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-24 11:37:24 +00:00
ager@chromium.org
a7d44c49a5
Add regression test.
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-24 11:03:08 +00:00
mmaly@chromium.org
7346fbba81
Implement poison pill for non-strict mode function.caller
...
when caller is strict mode function.
Review URL: http://codereview.chromium.org/6713059/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-23 03:45:48 +00:00
mikhail.naganov@gmail.com
cbbe713464
Change the way sampler / profiler handle external callbacks.
...
This should fix test-profile-generator/RecordStackTraceAtStartProfiling flakinness.
R=vitalyr@chromium.org
BUG=1261
TEST=test-profile-generator/RecordStackTraceAtStartProfiling
Review URL: http://codereview.chromium.org/6708056
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7294 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-21 18:13:27 +00:00
ricow@chromium.org
4bb55fd341
Change cctests to use variant flags as part of the name for the serilization file.
...
Because we run all tests three times with different variant flags (to
test crankshaft) we might end up in a situation where we try to write
to the same serilization file from two different threads
simultaneously. The patch concats the variant flags at the end of the
serialization file name.
Review URL: http://codereview.chromium.org/6688068
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-21 12:57:25 +00:00
vitalyr@chromium.org
7976ca2cbc
Merge isolates to bleeding_edge.
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7271 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-18 20:35:07 +00:00
vitalyr@chromium.org
76e226f832
Revert r7268: it borked the history.
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-18 19:41:05 +00:00
vitalyr@chromium.org
6ff7fdebd3
Merge isolates to bleeding_edge.
...
Review URL: http://codereview.chromium.org/6685088
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-18 18:49:56 +00:00
mmaly@chromium.org
4cbf3478d8
Implement strict mode ThrowTypeError functions for arguments object.
...
* Reverse order of arguments in-object fields for length and callee.
* Introduce arguments ThrowTypeError functions (caller/callee).
* Create strict mode arguments boilerplate object.
* Strict mode "new arguments object" stub.
* Runtime arguments object allocation.
* Update es5conform test expectations.
Review URL: http://codereview.chromium.org/6698015/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 20:28:41 +00:00
mmaly@chromium.org
1d1018aec7
Strict mode ThrowTypeError functions for
...
- function.caller
- function.arguments
Review URL: http://codereview.chromium.org/6694044/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 20:28:17 +00:00
vitalyr@chromium.org
e26ae48786
Remove empty test/mjsunit/compiler/global-accessors.js to make lint happy.
...
Review URL: http://codereview.chromium.org/6712001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 16:12:13 +00:00
ricow@chromium.org
d6caa8872a
Revert revisions 7215 and 7212.
...
This caueses line positions to be off by one in certain cases, causing webkit http/tests/inspector/console-xhr-logging to fail.
Review URL: http://codereview.chromium.org/6667077
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7239 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 14:30:48 +00:00
vegorov@chromium.org
c83f0a715e
Make HDeoptimize to explicitly use environment values.
...
Otherwise dead phi elimination can actually remove some of the implicitly used phis.
BUG=1257
TEST=test/mjsunit/regress/regress-1257.js
Review URL: http://codereview.chromium.org/6672066
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 12:22:49 +00:00
sgjesse@chromium.org
1a6c821b05
Increase coverage of global loads in optimized code
...
In the cases where a global property cell cannot be used in the optimized code use standard load ic to get the property instead of bailing out.
Review URL: http://codereview.chromium.org/6665026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-17 08:16:12 +00:00
erik.corry@gmail.com
5ea0364a6a
Fix incorrect assumption on bit-and on ARM
...
Review URL: http://codereview.chromium.org/6696037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 21:56:12 +00:00
ricow@chromium.org
e8ff324583
Follow Safari on not throwing when __defineGetter__ fails.
...
In addition, this fixes defineOwnProperty to actually not throw when
the should_throw flag is false (we had no usage of this priorly).
Review URL: http://codereview.chromium.org/6695018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 14:19:18 +00:00
ricow@chromium.org
7cb35bcfa5
Reapply 7143 after fixing issue 1250
...
Review URL: http://codereview.chromium.org/6698027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7175 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 12:25:13 +00:00
ager@chromium.org
6428822811
Revert "Strict mode ThrowTypeError functions for"
...
TBR=mmaly@chromium.org
Review URL: http://codereview.chromium.org/6696018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-15 11:01:21 +00:00
mmaly@chromium.org
80bd958df2
Strict mode ThrowTypeError functions for
...
- function.caller
- function.arguments
Review URL: http://codereview.chromium.org/6691003/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7168 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-14 17:46:37 +00:00
whesse@chromium.org
f6e1b82fd4
Fix a problem where Object.getOwnPropertyDescriptor and related functions unintentionally called toString on the values of an object's properties. Fixes issue 1233.
...
Review URL: http://codereview.chromium.org/6677017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 13:57:20 +00:00
ricow@chromium.org
c00631b86e
Fix presubmit by deleting regress-1240 not deleted by last patch.
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 09:08:52 +00:00
ricow@chromium.org
f2730d2ab8
Revert revision 7143, this causes a number of webkit tests to fail.
...
This includes a security test. Reverting to investigate further.
Review URL: http://codereview.chromium.org/6673019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 09:02:54 +00:00
ricow@chromium.org
fa9e57e326
Change __defineGetter__ and __defineSetter__ to respect non-configurable.
...
This makes us compatible with firefox. Earlier on we were somehow
compatible with safari - which will allow defining a getter even when
an existing getter is present and non-configurable. We would, however,
in addition to overwriting the getter also change configurable to
true. The approach used by firefox seems much more sound, i.e., why
should it be possible to use __defineGetter__ or __defineSetter__ to
overwrite a non-configurable getter or setter respectively.
I will file a bug on the webkit bugtracker.
Review URL: http://codereview.chromium.org/6658037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7143 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-11 08:05:59 +00:00
whesse@chromium.org
b7d7aa8ad2
Fix error in sin-cos.js test introduced in r7129.
...
Review URL: http://codereview.chromium.org/6659034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-10 14:04:18 +00:00
whesse@chromium.org
fc8f77e398
X64 Crankshaft: Fix error in computation of sine and cosine.
...
Review URL: http://codereview.chromium.org/6646047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-10 13:34:23 +00:00
lrn@chromium.org
a8b41a0edd
Fix bug in X64 RegExpExec stub.
...
Used incorrect register for referencing RegExp data, so it always failed
to match the fast case.
When modifiying the object layout, it was possible to make it crash instead.
BUG=v8:1236
TEST=test/mjsunit/regress/regress-1236.js
Review URL: http://codereview.chromium.org/6635041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-08 14:15:25 +00:00
mmaly@chromium.org
927f341d3c
Strict mode arguments do not share binding with formal parameters.
...
Move strict mode flag from TemporaryScope to Scope so that it can be accessed from variable binding code.
Arguments do not alias in strict mode (ia32, x64 and arm, codegen and full codegen).
Hydrogen tolerates null arguments_shadow().
In codegen-<arch> arguments object is allocated eagerly to capture values before they get modified.
Review URL: http://codereview.chromium.org/6625048/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-07 19:23:46 +00:00
kmillikin@chromium.org
4a9056cbce
Fix a stack-height mismatch during deoptimization.
...
When deoptimizing after a conditional expression in an effect context, we
should not see the value of the conditional expression.
BUG=v8:1237
Review URL: http://codereview.chromium.org/6625057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-07 17:01:12 +00:00
mmaly@chromium.org
3c51baa1ac
Throw if setting length of a string in strict mode.
...
BUG=
TEST=test/mjsunit/strict-mode.js
Review URL: http://codereview.chromium.org/6623002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-04 21:12:29 +00:00
mmaly@chromium.org
9dc156ac62
Passing strict mode throughout SetElement.
...
Throw if assigning to read only element.
Adding tests for element assignment in strict mode.
Fix tests for strict mode SetElement.
Review URL: http://codereview.chromium.org/6613005/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-04 00:21:52 +00:00
mmaly@chromium.org
1d040083b0
Assignment to read only properties throws in strict mode.
...
Review URL: http://codereview.chromium.org/6594037/
Revert "Revert "Assignment to read only properties throws in strict mode.""
This reverts commit aefcd82e1d36d458dd071ebf4777340f08aa67b1.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7007 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-02 04:53:43 +00:00
vitalyr@chromium.org
d9b0c93d23
Allow eval to be overridden with a callable non-function object.
...
We simply need to remove early checks in the resolve eval runtime
functions. CallFunctionStub that follows will handle non-functions in
the right way.
Review URL: http://codereview.chromium.org/6591075
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 19:05:06 +00:00
fschneider@chromium.org
8a72161585
Add lazy deoptimization environment to instanceof by marking it as a call.
...
This fixes an assert when an exception is thrown inside instanceof.
BUG=v8:1207
TEST=mjsunit/regress/regress-1207.js
Review URL: http://codereview.chromium.org/6588083
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 15:37:24 +00:00
sgjesse@chromium.org
7b0f5d4110
ARM: Support inlined version of %_FastAsciiArrayJoin on ARM
...
Review URL: http://codereview.chromium.org/6594071
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 14:09:23 +00:00
ricow@chromium.org
78a21647b9
Remove exception for mjsunit/regress/regress-deopt-gc on arm and x64.
...
This was wrongly marked as skip since we do not need to patch reloc info on x64 and arm when doing deoptization (issue 1094).
Review URL: http://codereview.chromium.org/6597067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 11:36:45 +00:00
kmillikin@chromium.org
6b1530ea6d
Fix a stack height mismatch when deoptimizing.
...
When deoptimizing from the key subexpression of a keyed arguments access,
the unoptimized code expects to find the value of the receiver on the
expression stack. The environment of the optimizing compiler did not
contain this value during evaluation of the key subexpression.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6981 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 09:32:45 +00:00
ricow@chromium.org
c63d9c97cf
Do not allow non-configurable global properties to be made configurable (fixes issue 1213).
...
We do not currently check that a global property is actually
configurable before overwriting it with a new property.
Review URL: http://codereview.chromium.org/6597045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 08:09:17 +00:00
mmaly@chromium.org
749b69853a
Revert "Assignment to read only properties throws in strict mode."
...
This reverts commit 503f2a501e504f330821f247074e731aa649b1f0.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 06:10:41 +00:00
mmaly@chromium.org
98aea3c353
Assignment to read only properties throws in strict mode.
...
Review URL: http://codereview.chromium.org/6594037/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 01:42:37 +00:00
mmaly@chromium.org
bb0c22f11c
Strict mode - allow function only in SourceElements.
...
Review URL: http://codereview.chromium.org/6598023/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6975 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 19:07:02 +00:00
mmaly@chromium.org
180b6ec6b4
Disable const in strict mode.
...
Using const in strict mode yields SyntaxError.
Review URL: http://codereview.chromium.org/6592031/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6974 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 18:38:17 +00:00
ager@chromium.org
7c561be519
Remove Error.prototype.toStrings prototype property.
...
I did not use the helper function for adding this builtin function which meant that I missed the removal of the prototype property.
BUG=
TEST=
Review URL: http://codereview.chromium.org/6588050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 13:29:05 +00:00
vegorov@chromium.org
88b70c8941
When checking number of parameters in MakeCrankshaft code don't forget about receiver.
...
BUG=v8:1209
TEST=test/mjsunit/regress/regress-1209.js
Review URL: http://codereview.chromium.org/6591042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 13:20:10 +00:00
lrn@chromium.org
485f4ea0d9
Clear exceptions set during attempts to lazily optimize.
...
Resubmit of patch for issue 1145 with a few additions:
- Now also clears exceptions when calling Runtime_LazyRecompile.
- Sets function where parsing fails to not be optimizable.
BUG=v8:1145
TEST=test/mjsunit/regress/regress-1145.js
Review URL: http://codereview.chromium.org/6469050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6945 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-25 11:17:31 +00:00
antonm@chromium.org
da463ab484
Get property may throw an exception thanks to JS accessors.
...
Check result before and bail out if exception has been thrown.
BUG=v8:1172
TEST=test/mjsunit/regress/regress-1172-bis.js
Review URL: http://codereview.chromium.org/6580030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6939 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-24 17:42:56 +00:00
lrn@chromium.org
68f1c73a06
Fix array concat to follow the specification in the presence of element getters.
...
Also fix issue 1175 and 1177.
BUG=v8:1175
Review URL: http://codereview.chromium.org/6568007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-24 14:00:52 +00:00
karlklose@chromium.org
5572d24fc5
ARM: Fix DoubleToI.
...
BUG=1811
TEST=test/mjsunit/regress/regress-1181.js
Review URL: http://codereview.chromium.org/6573004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6925 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-24 10:07:35 +00:00
ager@chromium.org
ae328e61b0
Properly reset external catcher if exception couldn't be externally caught.
...
We can wrongly assume that exception which is not intended to be caught
by external try/catch should be caught if this exception inherits
external catcher from some previous exception. To prevent that,
clear external catcher when processing exceptions which cannot be
externally caught.
BUG=v8:1184
TEST=test/mjsunit/regress/regress-1184.js
Review URL: http://codereview.chromium.org/6538081
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-23 06:55:47 +00:00
mmaly@chromium.org
3ff7aa0ea9
Fix for bug http://code.google.com/p/v8/issues/detail?id=1176 .
...
Review URL: http://codereview.chromium.org/6469083/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6904 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 17:20:25 +00:00
mikhail.naganov@gmail.com
56788625b6
Fix CPU profiling for Crankshaft.
...
The main issue was due to multiple recompilations of functions. Now
code objects are grouped by function using SFI object address.
JSFunction objects are no longer tracked, instead we track SFI object
moves. To pick a correct code version, we now sample return addresses
instead of JSFunction addresses.
tools/{linux|mac|windows}-tickprocessor scripts differentiate
between code optimization states for the same function
(using * and ~ prefixes introduced earlier).
DevTools CPU profiler treats all variants of function code as
a single function.
ll_prof treats each optimized variant as a separate entry, because
it can disassemble each one of them.
tickprocessor.py not updated -- it is deprecated and will be removed.
BUG=v8/1087,b/3178160
TEST=all existing tests pass, including Chromium layout tests
Review URL: http://codereview.chromium.org/6551011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 16:31:24 +00:00
ricow@chromium.org
45c63ffa6a
Add more generic version of reloc info padding to ensure enough space for reloc patching during deoptimization (fixes issue 1174).
...
The old version only added extra space when we did indirect calls, but
the problem remains the same with normal calls that can be represented
as a single byte. When doing patching each call will always be at
least 2 bytes long because we use RUNTIME_ENTY as the reloc mode.
Review URL: http://codereview.chromium.org/6541053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 12:28:33 +00:00
ricow@chromium.org
8162d9029d
Fix second half of issue 1151, the first change (r6765) only fixed FunctionGetPrototype, not FunctionSetPrototype.
...
Review URL: http://codereview.chromium.org/6548008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 12:27:36 +00:00
fschneider@chromium.org
031062d246
Fix bug with input representation of HValueOf.
...
The class did not correctly implement the RequiredInputRepresentation.
I changed this functions to be abstract so that all hydrogen classes
must implement it.
As a convention instructions with zero input operands return None as input
representation.
Instructions that can handle all input representations without converting before
also have None as required input representation (e.g. HTest)
All other instructions need a proper required input representation.
Review URL: http://codereview.chromium.org/6538088
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6891 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 12:14:53 +00:00
mmaly@chromium.org
fb20f7fc75
CallIC and KeyedCallIC not wrapping this for strict mode functions.
...
Fix CallIC and KeyedCallIC to correctly use Handle<Object>.
Review URL: http://codereview.chromium.org/6523052
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 00:39:21 +00:00
kmillikin@chromium.org
123dbb2f5e
Change the baseline compiler to match the Hydrogen graph builder.
...
The Hydrogen graph translation does not build a branch for unary negation in
an effect context, so the baseline compiler should not do so either.
Review URL: http://codereview.chromium.org/6546050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6871 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-21 16:49:39 +00:00
antonm@chromium.org
e79bfcaf3f
Use [[DefineOwnProperty]] to put 'constructor' field on the protoype object.
...
That better follows ECMA-262 (see 13.2 Creating Function Objects) and allows
to ignore nasty JS accessors for 'constructor' property.
BUG=v8:1172
TEST=test/mjsunit/regress/regress-1172.js
Review URL: http://codereview.chromium.org/6531037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-18 10:53:38 +00:00
mmaly@chromium.org
f0df4a6c9e
Revert "This is not wrapped for strict mode and builtin functions."
...
This reverts commit 6845
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 21:56:37 +00:00
ager@chromium.org
963472c516
Change behavior of global declarations in the presence of setters.
...
Call accessors in the global object prototype when initializing global
variables. Function declarations are special cased for compatibility
with Safari and setters are not called for them. If this special
casing was not done webkit layout tests would fail.
Make the declaration of global const variables in the presence of
callbacks a redeclaration error.
Handle const context slot declarations conflicting with a CALLBACK as
a redeclaration error. That is, unless it is on a context extension
object which is not a real object and therefore conceptually have no
accessors in prototype chains. Accessors in prototype chains of
context extension objects are explicitly ignored in SetProperty.
Review URL: http://codereview.chromium.org/6534029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 21:04:53 +00:00
mmaly@chromium.org
bb7b014988
This is not wrapped for strict mode and builtin functions.
...
CallIC and KeyedCallIC do not wrap this when calling builtin
and strict mode functions.
Review URL: http://codereview.chromium.org/6523052
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6845 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 17:52:03 +00:00
ager@chromium.org
65addc5165
Revert change to const and global variable declarations. It causes
...
may WebKit layout test failures.
I will look into it tomorrow.
TBR=kmillikin@chromium.org
Review URL: http://codereview.chromium.org/6537021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 16:54:49 +00:00
ager@chromium.org
dc38755aba
Call accessors in the global object prototype when initializing global
...
variables.
Make the declaration of global const variables in the presence of
callbacks a redeclaration error.
Handle const context slot declarations conflicting with a CALLBACK as
a redeclaration error. That is, unless it is on a context extension
object which is not a real object and therefore conceptually have no
accessors in prototype chains. Accessors in prototype chains of
context extension objects are explicitly ignored in SetProperty.
Review URL: http://codereview.chromium.org/6519050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6841 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 16:30:15 +00:00
lrn@chromium.org
246560b902
Revert 6832.
...
The test contains a syntax error that shouldn't be detected, but it sometimes is.
TBR: kmillikin@chromium.org
Review URL: http://codereview.chromium.org/6519049
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 14:13:25 +00:00
kmillikin@chromium.org
b02107284a
Fix incorrect deoptimization for logical not in an effect context.
...
The baseline compiler does not materialize a value for expressions of
the form !expr in an effect context so the graph translation should
not produce such an environment, otherwise we risk targeting it by
deoptimization.
BUG=v8:1167
Review URL: http://codereview.chromium.org/6537018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 13:05:49 +00:00
lrn@chromium.org
cf50c5e27c
Handle exceptions thrown while parsing lazy functions for inlining.
...
We currently leave the exception as pending without returning a Failure::Exception() value. This is either caught immediately if running with --debug-code, or caught later by an assert in debug mode.
This change makes the pending exception be cleared before returning from the failed optimization attempt.
BUG=v8::1145
TEST=test/mjsunit/regress/regress-1145.js
Review URL: http://codereview.chromium.org/6524039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 12:23:18 +00:00
kmillikin@chromium.org
82cdd48b2f
Fix a bug in deoptimization after logical expressions in an effect context.
...
When deoptimizing to after an expression of the form (expr0 || expr1)
or (expr0 && expr1) in an effect context, the unoptimized code could
incorrectly see the value of the expression.
Handle the short-circuit binary operators specially in effect contexts.
This fixes the issue and will generate better code when the left
subexpression is boolean-valued.
BUG=v8:1166
Review URL: http://codereview.chromium.org/6519046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 11:06:50 +00:00
ager@chromium.org
a0364d795d
Handle indexed properties on value objects correctly.
...
As with named properties, search the value wrapper prototypes for properties.
Review URL: http://codereview.chromium.org/6526046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6810 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-16 12:10:48 +00:00
lrn@chromium.org
9ec16dfe68
Fix bug 1137. No longer allow the RegExp /(*)/.
...
BUG=v8:1137
TEST=test/mjsunit/regexp.js
Review URL: http://codereview.chromium.org/6499016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6802 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-16 08:10:47 +00:00
mmaly@chromium.org
582cf097e9
Strict mode "this" transformation in Function.call/Function.apply.
...
In strict mode the transformation of "this" is skipped.
Code review feedback.
Testing memory operand against 8 bit IMM on ia32 and x64.
Review URL: http://codereview.chromium.org/6524006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 18:57:37 +00:00
vitalyr@chromium.org
4143e4c097
Fix issue 1160: check array elements in ArrayJoin.
...
Review URL: http://codereview.chromium.org/6529020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 15:12:51 +00:00
ricow@chromium.org
a8d4360d65
Make sure we always have room for patching the reloc info during lazy deoptimization (fixes issue 1156).
...
Before we could have calls to builtins that would not be in the
relocation info since this used a register as target. Whenever we have
this case (from lithium codegen) we now emit a comment in the reloc
info.
Review URL: http://codereview.chromium.org/6499015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6795 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 14:36:12 +00:00
ricow@chromium.org
0648103e8c
x64: Port OSR to the x64 platform.
...
Review URL: http://codereview.chromium.org/6515012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 13:37:10 +00:00
mmaly@chromium.org
9adaeb6a17
Strict mode delete of non-configurable property.
...
Strict mode flag is passed to runtime DELETE function
and then to JSObject::Delete(Property/Element) as STRICT_DELETION enum.
When deleting non-configurable property/eleemnt, TypeError is thrown.
Adding mozilla test to .gitignore.
Incorporate CR feedback.
Review URL: http://codereview.chromium.org/6515005/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 23:41:47 +00:00
mmaly@chromium.org
7e6bbab2c8
Strict mode delete of unqualified identifier.
...
SyntaxError is reported in strict mode when deleting
an unqualified identifier. (11.4.1 of Ecma-262 5th ed)
Review URL: http://codereview.chromium.org/6516003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 18:44:26 +00:00
antonm@chromium.org
186d832c79
Introduce new runtime function to make join with lower memory usage.
...
Do not use generic StringBuilderConcat which requires array passed
to keep both elements and separator (which roughly double size
of the array). That should be faster as well.
BUG=crbug.com/54580
Review URL: http://codereview.chromium.org/6520004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 17:25:12 +00:00
whesse@chromium.org
1e4800b918
X64 Crankshaft: Fix error in pushed register indices for safepoints. Fixes issue 1153.
...
BUG=1153
TEST=mjsunit/date-parse
Review URL: http://codereview.chromium.org/6518007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 16:02:02 +00:00
whesse@chromium.org
7233a930b5
X64 Crankshaft: Add test that fails on x64 Crankshaft build to list of skipped mjsunit tests. Fix comments and remove unused function from date.js.
...
BUG=1153
TEST=mjsunit/date-parse
Review URL: http://codereview.chromium.org/6516011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 13:57:15 +00:00
fschneider@chromium.org
ad70b7de39
Fix a potential crash bug in keyed calls for non-string keys.
...
BUG=v8:1146
Review URL: http://codereview.chromium.org/6517010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 13:13:41 +00:00
kmillikin@chromium.org
c73ce4f126
Fix a duplicate AST ID recorded for for/in.
...
Avoid visiting the subexpressions of a variable that rewrites to a property
when occurring as the 'left-hand side' of for/in.
BUG=v8:1149
Review URL: http://codereview.chromium.org/6475009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 12:51:25 +00:00
karlklose@chromium.org
e0552d77cf
ARM: Implement PatchStackCheckCodeAt and RevertStackCheckCode.
...
Remove a failing test expectation from mjsunit.status.
Review URL: http://codereview.chromium.org/6410029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 12:07:48 +00:00
ricow@chromium.org
34eeb88ee4
Use ForceSetObjectProperty in DefineOrRedefineDataProperty (fixes crbug 72736).
...
The current version uses SetObjectProperty which will not set the
value in case this is a readonly property. The spec explictly says
that a configurable but non writable property can have its value
changed with Object.defineProperty (because the same thing can be
accomplished by doing 3 calls (set writable to true, update the value,
set writable to false).
Review URL: http://codereview.chromium.org/6518004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 10:43:21 +00:00
ricow@chromium.org
6d9fde492c
Do not allow calls to SetProtoType on functions that should not have a prototype (fixes issue 1151)
...
Review URL: http://codereview.chromium.org/6518003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 09:37:56 +00:00
ricow@chromium.org
46bde305b5
Add support for the global object in Object.keys (fixes issue 1150)
...
We do not currently handle the case where the JSGlobalProxy is passed
as argument to LocalKeys in runtime.cc.
Review URL: http://codereview.chromium.org/6516008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 07:49:13 +00:00
mmaly@chromium.org
e0be3072b5
Implement assignment to undefined reference in ES5 Strict Mode.
...
Strict mode assignment to undefined reference.
Simple assignments (x = <value>) use CODE_TARGET_CONTEXT.
StoreIC stores its own strictness in extra_ic_state.
The strcitness is propagated as further ic stubs are generated.
Details:
* ReferenceError on assignment to non-resolvable reference in strict mode.
* Fix es5conform test expectation file.
* Add es5conform test suite into .gitignore.
* Fix Xcode project.
* Change implemented in virtual frame code generator, as well as full-codegen
for all architectures.
* Fix debugger test.
* Fix comment for CODE_TARGET_CONTEXT
* Implement remaining StoreIC stubs to be strict mode aware.
* Trace extra_ic_state() for ic code stubs.
Code Review URL: http://codereview.chromium.org/6474026/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-13 16:19:53 +00:00
mmaly@chromium.org
3f4701df7f
Revert r6756. Check failed on V8 arm - debug - crankshaft.
...
Need to investigate.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 23:25:07 +00:00
mmaly@chromium.org
fd6338bdda
Implement assignment to undefined reference in ES5 Strict Mode.
...
Strict mode assignment to undefined reference.
Simple assignments (x = <value>) use CODE_TARGET_CONTEXT.
StoreIC stores its own strictness in extra_ic_state.
The strcitness is propagated as further ic stubs are generated.
Details:
* ReferenceError on assignment to non-resolvable reference in strict mode.
* Fix es5conform test expectation file.
* Add es5conform test suite into .gitignore.
* Fix Xcode project.
* Change implemented in virtual frame code generator, as well as full-codegen
for all architectures.
* Fix debugger test.
* Fix comment for CODE_TARGET_CONTEXT
* Implement remaining StoreIC stubs to be strict mode aware.
* Trace extra_ic_state() for ic code stubs.
Code Review URL: http://codereview.chromium.org/6474026/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 21:39:59 +00:00
antonm@chromium.org
e96c24bf03
Properly treat exceptions thrown while compiling.
...
BUG=v8:1132
TEST=test/mjsunit/regress/regress-1132.js
Review URL: http://codereview.chromium.org/6487021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 14:26:56 +00:00
lrn@chromium.org
fdfbdfbcf5
Fix typo in ASSERT in object-verifier for RegExp.
...
BUG=v8::1129
TEST=test/mjsunit/regress/regress-1129.js
Review URL: http://codereview.chromium.org/6476027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 16:43:01 +00:00
antonm@chromium.org
ab24485760
Bypass JS accessors when building error array.
...
In the presence of JS accessors for elements on Object.prototype JSArray::SetFastElement
may throw or its behaviour can be altered. Instead operate on plain FixedArrays and
turn them into JSArry later.
BUG=v8:1130
TEST=test/mjsunit/regress/regress-1130.js
Review URL: http://codereview.chromium.org/6481001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 15:02:13 +00:00
fschneider@chromium.org
5b753cecb6
Check holder before optimizing calls to global functions.
...
In the case where the function is not found in the global object,
we have to generate a generic call.
BUG=v8:1106
TEST=mjsunit/regress/regress-1106.js
Review URL: http://codereview.chromium.org/6483010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 12:33:51 +00:00
vegorov@chromium.org
49adfd0f0a
Bailout from PrepareSlowElementsForSort when hiting a key outside of smi-range.
...
BUG=v8:1131
TEST=test/mjsunit/regress/regress-1131.js
Review URL: http://codereview.chromium.org/6469006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6726 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 12:33:34 +00:00
mikhail.naganov@gmail.com
12e62e7154
Shorten constructor names in JS tickprocessor.
...
As they are no more used in DevTools profiler, there is no
need to prefix them with "devtools.profiler" namespace.
Review URL: http://codereview.chromium.org/6456025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 07:47:28 +00:00
kmillikin@chromium.org
dc91c4218b
Make optimized Function.prototype.apply safe for non-JSObject first arguments.
...
If we have a property access of the form this.x, where the access site sees
the global object, we can specialize the IC stub so that it performs a map
check without first performing a heap object check.
Ensure that we do not get in JS code with a non-JSObject this value by
deoptimizing at Function.prototype.apply if the first argument is not a
JSObject.
BUG=v8:1128
Review URL: http://codereview.chromium.org/6463025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 16:43:23 +00:00
whesse@chromium.org
0fb5a1fd1a
Add a regression test for issue 1106, optimized access to the prototype chain of the global object.
...
Review URL: http://codereview.chromium.org/6459023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 15:50:39 +00:00
lrn@chromium.org
d358e2ecd3
Fix incorrect asserts in scanner.
...
BUG=v8::1126
TEST=test/mjsunit/regress/regress-1126.js
Review URL: http://codereview.chromium.org/6459021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 14:16:25 +00:00
whesse@chromium.org
afec61e870
Fix typo in r6697: Use assertThrows correctly in the added test regress-1122.js.
...
Review URL: http://codereview.chromium.org/6460030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 13:16:40 +00:00
whesse@chromium.org
602d5cf427
Fix a bug that occurs when functions are defined with more than 16,382 parameters.
...
Review URL: http://codereview.chromium.org/6447007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 12:46:22 +00:00
kmillikin@chromium.org
991a1cae12
Fix an assertion failure in stack trace construction.
...
When constructing stack traces we interpret the deoptimization data for
optimized frames to find the receiver value. This value could sometimes be
eliminated from the deoptimization data if we though it was unused.
BUG=v8:1118
Review URL: http://codereview.chromium.org/6465023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 11:45:50 +00:00
antonm@chromium.org
d724993138
Use GC-safe version when setting elements.
...
BUG=1125
TEST=test/mjsunit/regress/regress-1125.js
Review URL: http://codereview.chromium.org/6463001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 11:38:10 +00:00
antonm@chromium.org
cf30cefda7
Check if Array.prototype.__proto__ has been reset to null.
...
BUG=v8:1121
TEST=test/mjsunit/regress/regress-1121.js
Review URL: http://codereview.chromium.org/6454004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 19:56:44 +00:00
antonm@chromium.org
0273e8185b
Propagate exceptions thrown when setting elements.
...
Plus use more robust path when formatting messages---work
directly with fixed arrays.
BUG=v8:1107
TEST=test/mjsunit/getter-in-prototype.js,test/mjsunit/regress/regress-1107.js
Review URL: http://codereview.chromium.org/6451004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 19:42:14 +00:00
antonm@chromium.org
da8b72f2b8
1) Return failure if any of property sets failed;
...
2) We cannot assert the declared property will go to the extension in the presence of callbacks and interceptors.
BUG=1119
TEST=test/mjsunit/regress/regress-1119.js
Review URL: http://codereview.chromium.org/6454011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 19:04:17 +00:00
ager@chromium.org
096c21522b
Fix wrong assumption in parser that parsing a function literal cannot throw an exception.
...
Review URL: http://codereview.chromium.org/6453009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 18:46:13 +00:00
ager@chromium.org
8c6c273236
Fix issues with using defineProperty on the global proxy object.
...
Review URL: http://codereview.chromium.org/6452004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 16:31:58 +00:00
ricow@chromium.org
f64966085e
x64: Add MulI and DivI to lithium instructions.
...
Review URL: http://codereview.chromium.org/6448001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:37:50 +00:00
lrn@chromium.org
2f32f27e8f
Correct propagation of exceptions from setters.
...
BUG=v8:1105
TEST=test/mjsunit/regress/regress-1105.js
Review URL: http://codereview.chromium.org/6451003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:04:27 +00:00
kmillikin@chromium.org
bf3c3eb9cb
Fix a possible duplicate AST ID for deoptimization.
...
For redeclarations of variables that alias the parameters in functions
using arguments, we need to avoid re-visiting the shared variable
rewrite.
BUG=v8:1104
Review URL: http://codereview.chromium.org/6453004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 14:00:22 +00:00
ricow@chromium.org
20f2c1c98a
Make sure that we do not call is_extensible on the global proxy.
...
When calling Object.isExtensible we did not do a check for the global
js proxy. This caused the check on the extensible bit on the map to
return true, even when the bit was set to false on the global js
object.
Review URL: http://codereview.chromium.org/6450003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 13:09:07 +00:00
ricow@chromium.org
81787f986b
Make sure that we never call prevent extension on the global proxy,
...
but instead call this on the global object.
BUG: 1103
Review URL: http://codereview.chromium.org/6454001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 12:41:16 +00:00
lrn@chromium.org
48fadffcc4
Fix bug in JSON.parse for objects containing "__proto__" as key.
...
It added the __proto__ key as a normal key, which made it visible
in enumeration, while reading still hit the hard-coded accessor.
Review URL: http://codereview.chromium.org/6451002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 11:38:15 +00:00
peterhal@chromium.org
39957aa741
Issue 117 - strict mode and future reserved words
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6653 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 18:36:37 +00:00
mmaly@chromium.org
87233c49c8
Pass strict mode to eval.
...
Code review feedback.
Code Review URL: http://codereview.chromium.org/6286043/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 18:15:49 +00:00
vegorov@chromium.org
10f715e3ff
Restore context after LApplyArguments.
...
BUG=v8:1099
TEST=test/mjsunit/regress/regress-1099.js
Review URL: http://codereview.chromium.org/6246106
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-04 15:42:02 +00:00
peterhal@chromium.org
c894b1f317
Fix bugs 992, 1083 and 1092
...
My previous patch added an assert which uncovered 1092 in the sputnik tests.
This patch adds the fix for 1092, which is to ensure that NormalizeProperties
does not get called for a JSGlobalProxy along all code paths.
Add sputnik tests to .gitignore.
BUG=
TEST=
Review URL: http://codereview.chromium.org/6286060
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 19:29:10 +00:00
ricow@chromium.org
a2aa84873e
Add regression test for the deoptimizer immediately followed by gc bug.
...
In addition to the regression test I changed the gc-extension to take
a boolean flag specifying if compaction should be used (default is
false, existing tests will not change behaviour)
The regression test is disabled on arm and x64 with crankshaft
enabled. I made a bug to track this:
http://code.google.com/p/v8/issues/detail?id=1094
Review URL: http://codereview.chromium.org/6312118
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 13:47:27 +00:00
danno@chromium.org
a2fb4a12bb
Create specialized code stubs for PixelArray loads.
...
Review URL: http://codereview.chromium.org/6287030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 12:50:50 +00:00
antonm@chromium.org
0da3dc3e43
Properly process getOwnPropertyDescriptor for elements on global proxy object.
...
We need to go down to actual global object to perform those operations.
Review URL: http://codereview.chromium.org/6246054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 10:19:41 +00:00
kmillikin@chromium.org
ca936dae9e
More of the fix for V8 issue 1079.
...
The arguments property of functions, if we find an optimized frame for
the function, is always a freshly allocated object. We never try to
find an existing arguments object.
Review URL: http://codereview.chromium.org/6349050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 15:08:29 +00:00
erik.corry@gmail.com
0097f005fd
Fix code generation bug on ARM in classic codegen.
...
Review URL: http://codereview.chromium.org/6246045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 14:14:55 +00:00
lrn@chromium.org
2d15eb9a90
Fix bug in object literals with large array indexes as strings.
...
Review URL: http://codereview.chromium.org/6410028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 14:02:58 +00:00
kmillikin@chromium.org
f1149734fc
Partial fix for V8 issue 1079.
...
Record a safepoint with a deoptimization id for throw in optimized code. We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw). For
hygiene we use the actual ID of the throw expression. Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit. This is required to insert a simulate between the throw and the exit.
Make our optimized treatment of Function.prototype.apply act like a call and
have side effects. This ensures that it will get a lazy deoptimization
environment. Use that deoptimization ID in the safepoint for the call.
Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction. Record the
environment and use the deoptimization ID at the safepoint.
Review URL: http://codereview.chromium.org/6250105
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 13:55:29 +00:00
whesse@chromium.org
a5f94a4862
Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5). These are not equal to sqrt(-0) and 1/sqrt(-0). Add tests for these cases. Fixes V8 issue 1088.
...
BUG=1088
TEST=test/mjsunit/math-pow.js
Review URL: http://codereview.chromium.org/6368050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 12:54:58 +00:00
vegorov@chromium.org
6751627615
Require typed input representation for HTypeof hydrogen instruction.
...
BUG=http://code.google.com/p/chromium/issues/detail?id=71647
TEST=test/mjsunit/regress/regress-71647.js
Review URL: http://codereview.chromium.org/6410025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 09:52:57 +00:00
peterhal@chromium.org
5ca89179d7
Revert "Fix bugs 992 and 1083"
...
This reverts commit 6561 as the new assert caused failures in sputnik.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 20:08:01 +00:00
peterhal@chromium.org
9c89aa6dd9
Fix bugs 992 and 1083
...
Fixes JS portion of DefineOwnProperty when there is
an existing property and the new descriptor is generic.
Makes code follow spec steps more closely.
Fixes typo for check for unchanged enumerable in step 6.
Adds regression tests.
Fixes errors in object-define-property test
Don't normalize the JSGlobalProxy. Gets webkit http/tests/security/xss-DENIED-defineProperty.html working.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 17:08:14 +00:00
ager@chromium.org
471c0d2983
Avoid callbacks to user code during error formatting in a couple of
...
other situations.
Do not use overwritten Object.prototype.hasOwnProperty and
Array.prototype.pop. Do not use split and join in the error formatting
implementation. They are too big to control and their generality is
not needed.
Review URL: http://codereview.chromium.org/6287041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6552 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-01 12:31:16 +00:00
mmaly@chromium.org
aa779b3842
Fix V8 bug 1084: allow "\0" in strict mode as valid escape sequence.
...
http://code.google.com/p/v8/issues/detail?id=1084
Code Review URL: http://codereview.chromium.org/6386014/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 22:35:27 +00:00
antonm@chromium.org
a38a8ffab0
ArraySplice builtin should return empty array and not alter receiver if invoked with no arguments.
...
Review URL: http://codereview.chromium.org/6357025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 14:54:53 +00:00
fschneider@chromium.org
4e7ddab6dc
Fix a bug in the placement of minus-zero checks and in GVN.
...
1. The placement of checks for negative zero has to be computed after
all conversion instructions have been inserted. I separated the code
into its own phase.
2. GVN need to take instruction flags into account when comparing
instructions for redundancy.
Review URL: http://codereview.chromium.org/6260035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 12:36:54 +00:00