AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
8,119 Commits 1 Branch 0 Tags 839 MiB
d714d8511b
Commit Graph

1389 Commits

Author SHA1 Message Date
fschneider@chromium.org
b8b50400d2 Inline builtin Math functions functions in more cases. 
Until now we only could inline as specialized HIR instructions when called
as a method (e.g. Math.abs)

It is very common practice to abbreviate calls to those functions by defining
a global or local variable like:

var a = Math.abs;
var x = a(123);

This change allows inlining them when called as a function (global or local).
Review URL: https://chromiumcodereview.appspot.com/9365013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10640 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 12:08:46 +00:00
mstarzinger@chromium.org
8e1399c761 Fix d8-os unit test to work with isolates. 
We cannot use chdir to set the working directory on a per-isolate basis,
hence we need to specify absolute directories instead for this test to
work properly on multi-threaded runs.

R=yangguo@chromium.org
TEST=mjsunit/d8-os

Review URL: https://chromiumcodereview.appspot.com/9348051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 10:59:19 +00:00
mstarzinger@chromium.org
f034a3f0ea Enable membrane example for proxies again. 
R=rossberg@chromium.org
BUG=v8:1845
TEST=mjsunit/harmony/proxies-example-membrane

Review URL: https://chromiumcodereview.appspot.com/9365011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 10:14:18 +00:00
yangguo@chromium.org
3e58827710 Fix elements transition bug related to array.concat. 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9358018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 09:50:13 +00:00
lrn@chromium.org
f0a87d7c34 Fix handling of 'c: if (0) break c; else ()' where a parser optimization 
leaves a trailing ";" after removing the break.

Review URL: https://chromiumcodereview.appspot.com/9159043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-08 08:40:11 +00:00
fschneider@chromium.org
cb5164c0b0 Speed up two unit tests to avoid timeouts and make tests finish faster. 
Review URL: https://chromiumcodereview.appspot.com/9309118

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-06 11:40:24 +00:00
ulan@chromium.org
8093e397e4 Do not ignore an empty context with extension when creating a scope object. 
Runtime_DebugEvaluate creates an empty context which is not correctly handled in FullCodeGenerator::ContextSlotOperandCheckExtensions because the corresponding scope indicates that it has no context.

BUG=crbug.com/107996
TEST=test/mjsunit/regress/regress-crbug-107996.js

Review URL: https://chromiumcodereview.appspot.com/9310027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10582 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-02 09:35:12 +00:00
mstarzinger@chromium.org
5dc4859fa4 Fix test case to correctly check expected result. 
R=vegorov@chromium.org
TEST=mjsunit/regress/regress-1229

Review URL: https://chromiumcodereview.appspot.com/9303032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-31 12:31:24 +00:00
danno@chromium.org
57525ef893 Store transitioned JSArray maps in global context 
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9073007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10523 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-26 21:47:57 +00:00
vegorov@chromium.org
67d72eab45 When preparing heap for breakpoints make sure not to flush away non-optimized code for inlined functions. 
Debug::PrepareForBreakPoints was not fully populating active_functions list.

R=erik.corry@gmail.com
TEST=test/mjsunit/regress/regress-debug-code-recompilation.js

Review URL: https://chromiumcodereview.appspot.com/9290013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-25 15:11:59 +00:00
vegorov@chromium.org
189aee91de Untabify test/mjsunit/debug-evaluate-locals-optimized-double.js. 
TBR=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9284016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-24 08:48:33 +00:00
vegorov@chromium.org
04289e8d17 Support inlining at call-sites with mismatched number of arguments. 
Review URL: https://chromiumcodereview.appspot.com/9265004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-24 08:43:12 +00:00
rossberg@chromium.org
c61665604b Fix handling of function proxies in higher-order array and string methods, 
which use yet another way to determine strict vs non-strict function receivers.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9270004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-20 13:59:37 +00:00
vegorov@chromium.org
704c92ce95 Ensure that LRandom restores rsi after call to the C function on x64. 
R=ulan@chromium.org
BUG=http://crbug.com/110509
TEST=test/mjsunit/regress/regress-110509.js

Review URL: https://chromiumcodereview.appspot.com/9265003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-19 08:43:34 +00:00
yangguo@chromium.org
6d0d6a5695 Recursion limit for one-char string replace and retire String::kMinNonFlatLength. 
TEST=mjsunit/string-replace-one-char.js

Review URL: https://chromiumcodereview.appspot.com/9231017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-17 14:29:17 +00:00
yangguo@chromium.org
ddc0144490 Fixing issue 1898 (using HChange outside the insert-representation-changes phase). 
BUG=v8:1898
TEST=mjsunit/regress/regress-1898.js

Review URL: http://codereview.chromium.org/9190047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-13 07:48:44 +00:00
yangguo@chromium.org
339c9c12e7 Inlining Math.min and Math.max in crankshaft. 
BUG=v8:1325
TEST=

Review URL: http://codereview.chromium.org/9147034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10391 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-11 15:43:33 +00:00
danno@chromium.org
a42da8e38d Correct nits in d8 ArrayBuffer() implementation 
TBR=jkummerow@chromium.org
BUG=none
TEST=external-array.js

Review URL: http://codereview.chromium.org/9185006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-11 15:10:56 +00:00
danno@chromium.org
6ce13906dc Add primitive WebGL ArrayBuffer() support to d8 
R=jkummerow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/9114050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10389 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-11 14:42:58 +00:00
vegorov@chromium.org
c4d3a110a2 Adjust position recorded for call expressions. 
For calls of the form ident(...) record position of the identifier as the position of the call. For other calls record positions of the opening parenthesis.

This guarantees that for expressions of the form function(){}() call position will not intersect with positions recorded for function literal which is used by the debugger for scope chain resolution.

R=kmillikin@chromium.org
BUG=http://crbug.com/109195
TEST=test/mjsunit/regress/regress-109195.js

Review URL: http://codereview.chromium.org/9125001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-06 10:26:17 +00:00
mstarzinger@chromium.org
e79274abe6 Fix handling of bogus receivers for Harmony collections. 
R=rossberg@chromium.org
BUG=v8:1884
TEST=mjsunit/harmony/collections

Review URL: http://codereview.chromium.org/9074003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-05 12:55:06 +00:00
erik.corry@gmail.com
81a0271004 Randomize the seed used for string hashing. This helps guard against 
CPU-eating DOS attacks against node.js servers.  Based on code from
Bert Belder.  This version only solves the issue for those that compile
V8 themselves or those that do not use snapshots.  A snapshot-based
precompiled V8 will still have predictable string hash codes.
Review URL: http://codereview.chromium.org/9086006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-04 15:12:15 +00:00
danno@chromium.org
f648626eb9 Reland 10309: Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY 
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/9051014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 14:28:14 +00:00
danno@chromium.org
5d85a04472 Rollback 10309 
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8968042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 13:42:21 +00:00
danno@chromium.org
dff0e36d2d Ensure large Smi-only arrays don't transition to FAST_DOUBLE_ARRAY 
BUG=v8:1849
TEST=test/mjsunit/regress/regress-1849.js

Review URL: http://codereview.chromium.org/8968028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-30 12:54:23 +00:00
danno@chromium.org
aa38094bf0 Ensure that InternalArrays remain InternalArrays regardless of how they are constructed. 
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js

Review URL: http://codereview.chromium.org/9016041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03 Avoid embedding new space objects into code objects in the lithium gap resolver. 
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js

Review URL: http://codereview.chromium.org/8960004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-23 10:39:01 +00:00
mstarzinger@chromium.org
04f0e33229 Fix handling of foreign callbacks in DefineOwnProperty. 
We use foreign callbacks to make some properties shadow internal values
but still behave as data properties from within JavaScript. This means
when a value is passed to Object.defineProperty() on such a property,
it should update the internal value instead of redefinind the property
and destroying the shadowing.

R=rossberg@chromium.org
BUG=v8:1530
TEST=mjsunit/regress/regress-1530,test262/S15.3.3.1_A4

Review URL: http://codereview.chromium.org/8996008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-20 08:49:51 +00:00
jkummerow@chromium.org
0438c76185 Fix outdated test expectations for array literal crankshafting 
TEST=nosnap builder green

Review URL: http://codereview.chromium.org/8915006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-14 13:32:34 +00:00
jkummerow@chromium.org
106973c3d2 Create missing boilerplate for array literals instead of deoptimizing 
BUG=107370
TEST=new additions to mjsunit/array-literal-transitions

Review URL: http://codereview.chromium.org/8914006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-14 13:01:27 +00:00
yangguo@chromium.org
4cd99d7cb9 Handle external strings in generated code when concatenating short strings. 
TEST=string-external-cached.js

Review URL: http://codereview.chromium.org/8931025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-14 10:32:22 +00:00
fschneider@chromium.org
cf8e2b01e4 Landing forgotten mjsunit test file from previous CL. 
Patch by Fedor Indutny <fedor.indutny@gmail.com>.

Original code review: http://codereview.chromium.org/8857001/
Review URL: http://codereview.chromium.org/8935006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-13 17:13:47 +00:00
jkummerow@chromium.org
91efb313eb Fix crash in d8 when external array ctor hits stack overflow 
BUG=100859
TEST=mjsunit/regress/regress-crbug-100859

Review URL: http://codereview.chromium.org/8898021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-13 13:51:58 +00:00
yangguo@chromium.org
94f9aa3a0d Avoid using an invalid working directory in mjsunit/d8-os. 
This test deleted its working directory and then tried to run several
shell commands which caused a failure on nfs.

Changes:
-TEST_DIR is only removed at the very end of the test
-the working directory is changed to /tmp at the beginning so that
 every iteration (when running with --stress-opt) has a valid working directory

BUG=
TEST=

Review URL: http://codereview.chromium.org/8936004
Patch from Daniel Kalmar <kalmard@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-13 12:57:33 +00:00
yangguo@chromium.org
a7f0c72e2d Fixing bug introduced in r10210 that crashes v8 raytrace benchmark. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8889047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10226 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-09 12:11:56 +00:00
yangguo@chromium.org
ce86c1bfb1 Avoid bailing out to runtime for short substrings. 
This significantly improves the speed for creating short substrings (less than 13 characters) from slices, flat cons strings and external strings.

TEST=string-external-cached.js, string-slices.js

Review URL: http://codereview.chromium.org/8889012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-09 10:04:58 +00:00
keuchel@chromium.org
f1649cf39c Hydrogen support for context allocated harmony bindings. 
This CL adds support for loading from and storing to context slots
belonging to harmony let or const bound variables. Checks for the
hole value are performed and the function is deoptimized if they fail.
The full-codegen generated code will take care of properly throwing
a reference error in these cases.

TEST=mjsunit/harmony/block-let-crankshaft.js

Review URL: http://codereview.chromium.org/8820015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-09 09:50:30 +00:00
danno@chromium.org
ef54f5690f Support Smi->Double->HeapObject transitions in constructed Arrays. 
Also several bugs with Smi/double elements handling and make Ensure* routines more flexible.

BUG=none
TEST=test/mjsunit/array-construct-transition.js

Review URL: http://codereview.chromium.org/8820014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-09 08:50:19 +00:00
vegorov@chromium.org
a457040ca6 Ensure that non-optimized code objects are not flushed for inlined functions. 
Collector was flushing them if optimized code was reachable only through the stack (not through the JSFunction object) which happens when you have a pending lazy deoptimization.

Also prevent v8::Script::New from leaking internal objects allocated by the compiler into outer HandleScope.

R=kmillikin@chromium.org
BUG=http://crbug.com/97116
TEST=test/mjsunit/regress/regress-97116.js

Review URL: http://codereview.chromium.org/8888011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-08 16:07:07 +00:00
fschneider@chromium.org
c1662a199b Fix a bug with register use in optimized Math.round. 
We're not allowed to modify the input register and have to
use a temporary instead, otherwise the result of expressions
containing Math.round can be wrong.

BUG=106351
TEST=test/mjsunit/compiler/regress-106351.js
Review URL: http://codereview.chromium.org/8833007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-07 10:13:46 +00:00
danno@chromium.org
b5b91b5add Fix nosnap build test failures. 
TBR=jkummerow@chromium.org
BUG=none
TEST=less waterfall redness

Review URL: http://codereview.chromium.org/8828004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10184 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 22:27:15 +00:00
yangguo@chromium.org
e9688608cd Fix presubmit. 
Review URL: http://codereview.chromium.org/8821016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 13:30:22 +00:00
yangguo@chromium.org
72827079ac Fixing mozilla test failures regarding Math.pow. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8820011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 13:14:46 +00:00
keuchel@chromium.org
8b34f4630b Hydrogen support for stack local harmony bindings in function scope. 
This is the first CL in a series that add support for the harmony scoping
features to crankshaft. This CL specifically adds support for stack
allocated 'let' and 'const' declared variables in function scopes.

TEST=mjsunit/harmony/block-let-crankshaft.js

Review URL: http://codereview.chromium.org/8806012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 09:41:06 +00:00
yangguo@chromium.org
8e6655c676 Stop skipping regress-397.js 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8804013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 09:20:55 +00:00
yangguo@chromium.org
fe2049fcb8 Fixing fix for MathPowHalf on ARM. 
Review URL: http://codereview.chromium.org/8817012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10167 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 09:20:00 +00:00
yangguo@chromium.org
b37ee7bcce Fixing MathPowHalf on ARM. 
BUG=v8:397
TEST=regress-397.js

Review URL: http://codereview.chromium.org/8800009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 08:28:12 +00:00
keuchel@chromium.org
08b4262512 Statically check for assignments to const in harmony mode. 
The ES.next draft rev 4 in section 11.13 reads:
It is a Syntax Error if the AssignmentExpression is contained in extended code
and the LeftHandSideExpression is an Identifier that does not statically resolve
to a declarative environment record binding or if the resolved binding is an
immutable binding.

This CL adds corresponding static checks for the immutable binding case.

TEST=mjsunit/harmony/block-const-assign

Review URL: http://codereview.chromium.org/8688007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10156 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-05 14:43:28 +00:00
mstarzinger@chromium.org
993d650f15 MIPS: updated test .status files based mostly on the ARM version. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8572032
Patch from Gergely Kis <gergely@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-05 11:44:17 +00:00
yangguo@chromium.org
c0e7884752 Temporarily disable regress-397 until fix has been ported to all platforms. 
Review URL: http://codereview.chromium.org/8775051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-02 13:42:51 +00:00