AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
8,522 Commits 1 Branch 0 Tags 839 MiB
d71c60e086
Commit Graph

1540 Commits

Author SHA1 Message Date
erik.corry@gmail.com
81a0271004 Randomize the seed used for string hashing. This helps guard against 
CPU-eating DOS attacks against node.js servers.  Based on code from
Bert Belder.  This version only solves the issue for those that compile
V8 themselves or those that do not use snapshots.  A snapshot-based
precompiled V8 will still have predictable string hash codes.
Review URL: http://codereview.chromium.org/9086006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-04 15:12:15 +00:00
danno@chromium.org
79f18cae93 Undo allocation of half-formed array during elements transition 
R=vegorov@chromium.org
BUG=none
TEST=no asserts in debug tests with smi-only-array on

Review URL: http://codereview.chromium.org/9015023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-01-03 09:39:34 +00:00
danno@chromium.org
cab07f5523 Add InternalArrayCodeGeneric 
R=whesse@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/9006051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-29 12:19:34 +00:00
danno@chromium.org
aa38094bf0 Ensure that InternalArrays remain InternalArrays regardless of how they are constructed. 
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js

Review URL: http://codereview.chromium.org/9016041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03 Avoid embedding new space objects into code objects in the lithium gap resolver. 
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js

Review URL: http://codereview.chromium.org/8960004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-23 10:39:01 +00:00
fschneider@chromium.org
70056762f1 Remove unnecessary environment from LStoreKeyedFastElements. 
This was a left-over from a time when bounds-check was performed
as part of this instruction.

I also refactored and improved the code for smi-only arrays.

R=vegorov@chromium.org
Review URL: http://codereview.chromium.org/9023006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-22 16:23:47 +00:00
kmillikin@chromium.org
d8acc2dfbe Clean up handling of global cell stores in the optimizing compiler. 
Tell the register allocator the value is not overwritten.  Never use
temporary registers on ia32, avoid them on x64 and ARM.  Restore the
original copyright date on assembler.cc.

R=fschneider@chromium.org
BUG=v8:1870
TEST=

Review URL: http://codereview.chromium.org/8965038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10280 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-20 10:57:12 +00:00
yangguo@chromium.org
626b61f967 Porting r10252 to ARM (handle external strings in generated code when concatenating short strings). 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8913010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10262 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-15 11:04:58 +00:00
mstarzinger@chromium.org
502039a6bd Fix invalid usage of StoreIC_ArrayLength optimization. 
This introduces an additional check into the StoreIC_ArrayLength builtin
checking that the array still has fast properties. Redifinitions of the
length property that would cause it's type or attributes to change, will
switch to slow properties, thereby invalidating said optimization.

R=svenpanne@chromium.org
BUG=v8:1756
TEST=test262

Review URL: http://codereview.chromium.org/8895025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-14 12:46:32 +00:00
yangguo@chromium.org
33a9e76808 Porting r10221 to ARM (avoid bailing out to runtime for short substrings). 
Review URL: http://codereview.chromium.org/8923002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-14 10:22:33 +00:00
fschneider@chromium.org
626454a61a [hydrogen] don't bailout assignments to consts 
If constant variable is allocated in CONTEXT

Patch by Fedor Indutny <fedor.indutny@gmail.com>.

BUG=
TEST=
R=vegorov@chromium.org
Review URL: http://codereview.chromium.org/8857001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-13 17:10:34 +00:00
yangguo@chromium.org
a7f0c72e2d Fixing bug introduced in r10210 that crashes v8 raytrace benchmark. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8889047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10226 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-09 12:11:56 +00:00
keuchel@chromium.org
f1649cf39c Hydrogen support for context allocated harmony bindings. 
This CL adds support for loading from and storing to context slots
belonging to harmony let or const bound variables. Checks for the
hole value are performed and the function is deoptimized if they fail.
The full-codegen generated code will take care of properly throwing
a reference error in these cases.

TEST=mjsunit/harmony/block-let-crankshaft.js

Review URL: http://codereview.chromium.org/8820015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-09 09:50:30 +00:00
ricow@chromium.org
ec66c36fbf Reland 10216 - Optimize the equality check case of ICCompare stubs. 
Now with arm and x64 support. Additionally, added default unreachable case to switch statement in CompareIC::TargetState to make win and mac compilers happy.

Reviewer guide:
This is an exact copy of 10216 except:
src/arm/*
src/x64/*
src/ic.cc (added default case to swith in CompareIC::TargetState)
Review URL: http://codereview.chromium.org/8872060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-09 09:26:14 +00:00
danno@chromium.org
ef54f5690f Support Smi->Double->HeapObject transitions in constructed Arrays. 
Also several bugs with Smi/double elements handling and make Ensure* routines more flexible.

BUG=none
TEST=test/mjsunit/array-construct-transition.js

Review URL: http://codereview.chromium.org/8820014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-09 08:50:19 +00:00
yangguo@chromium.org
636e10d065 Port Math.pow inlining to ARM. 
TEST=math-pow.js

Review URL: http://codereview.chromium.org/8840008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10210 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-07 16:55:00 +00:00
fschneider@chromium.org
c1662a199b Fix a bug with register use in optimized Math.round. 
We're not allowed to modify the input register and have to
use a temporary instead, otherwise the result of expressions
containing Math.round can be wrong.

BUG=106351
TEST=test/mjsunit/compiler/regress-106351.js
Review URL: http://codereview.chromium.org/8833007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-07 10:13:46 +00:00
erik.corry@gmail.com
f6eab29d73 Remove write barriers for cells on x64, ARM and MIPS. 
Review URL: http://codereview.chromium.org/8834005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-07 08:49:06 +00:00
fschneider@chromium.org
066822a2cf Port to x64 and ARM and some refactoring of ia32. 
Review URL: http://codereview.chromium.org/8111006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 12:11:08 +00:00
yangguo@chromium.org
087737cbcd Fix presubmit. 
Review URL: http://codereview.chromium.org/8816010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10170 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 09:37:50 +00:00
yangguo@chromium.org
fe2049fcb8 Fixing fix for MathPowHalf on ARM. 
Review URL: http://codereview.chromium.org/8817012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10167 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 09:20:00 +00:00
yangguo@chromium.org
b37ee7bcce Fixing MathPowHalf on ARM. 
BUG=v8:397
TEST=regress-397.js

Review URL: http://codereview.chromium.org/8800009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-06 08:28:12 +00:00
danno@chromium.org
25e3d2706d Optimize Crankshaft array literal initialization from boilerplate. 
BUG=none
TEST=test/mjsunit/array-literal-transitions.js

Review URL: http://codereview.chromium.org/8747009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-02 12:42:35 +00:00
yangguo@chromium.org
d5fdb76028 Implement Math.pow using FPU instructions and inline it in crankshaft (ia32). 
Review URL: http://codereview.chromium.org/8749002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-02 08:06:37 +00:00
fschneider@chromium.org
8f7a1f7808 Revert r10118 from bleeding edge. 
It causes several test failures which I need to investigate.
Review URL: http://codereview.chromium.org/8769008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-01 16:57:54 +00:00
fschneider@chromium.org
4ca20a1d35 Simplify stack check instruction in Crankshaft. 
So far we had two types of stack checks: one used for function entries
and one used at loop back edges which uses a deferred code object to
avoid spilling of registers in the loop.

After refactoring lazy deoptimization the first stack check can also
use deferred code. This change removes the first type of stack check
instruction in Crankshaft and uses a deferred stack check in all
places.
Review URL: http://codereview.chromium.org/8775002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-12-01 09:54:05 +00:00
fschneider@chromium.org
9418d56858 Fix bug when generating padding to ensure space for lazy deoptimization. 
BUG=v8:1846
Review URL: http://codereview.chromium.org/8725030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-29 12:39:28 +00:00
danno@chromium.org
a7decc7e7e Port array literal changes on ARM. 
Includes general array boilerplate copier and re-introduction FAST_ELEMENT optimizations in full-codegen.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8472005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10085 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-29 12:09:06 +00:00
kmillikin@chromium.org
0a7010458a Remove the static qualifier from functions in header files. 
This shaves 416+ KB, just under 1% off the size of the debug d8 executable
on Linux (mostly because the CheckHelper functions for assertions were
getting separate copies for each compilation unit).  The difference in
release builds is negligible---a size reduction of 0.1%.

Also, change namespace-level 'static const' variables to remove the static
storage class as it's the default.

R=danno@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8680013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-29 10:56:11 +00:00
yangguo@chromium.org
d542a2fb75 Add external strings support to regexp in generated code. 
TEST=test/mjsunit/string-external-cached.js

Review URL: http://codereview.chromium.org/8680010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-25 14:04:47 +00:00
yangguo@chromium.org
04aa022e51 Fixing build errors on arm. 
Review URL: http://codereview.chromium.org/8698005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-25 13:38:43 +00:00
yangguo@chromium.org
dcc05b9fca Implement Math.tan in generated code. 
Review URL: http://codereview.chromium.org/8700004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10067 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-25 13:15:31 +00:00
yangguo@chromium.org
50e5aaa73f Catch non-string subject in RegExpExecStub. 
There is no test case to trigger any crash. This is only to guard against the case that the native function is called with unsafe arguments.

Review URL: http://codereview.chromium.org/8554004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-24 18:36:24 +00:00
keuchel@chromium.org
1e9a7267ab Introduce extended mode. 
This CL introduces a third mode next to the non-strict
(henceforth called 'classic mode') and 'strict mode'
which is called 'extended mode' as in the current
ES.next specification drafts. The extended mode is based on
the 'strict mode' and adds new functionality to it. This
means that most of the semantics of these two modes
coincide.

The 'extended mode' is entered instead of the 'strict mode'
during parsing when using the 'strict mode' directive
"use strict" and when the the harmony-scoping flag is
active. This should be changed once it is fully specified how the 'extended mode' is entered.

This change introduces a new 3 valued enum LanguageMode
(see globals.h) corresponding to the modes which is mostly
used by the frontend code. This includes the following
components:
* (Pre)Parser
* Compiler
* SharedFunctionInfo, Scope and ScopeInfo
* runtime functions: StoreContextSlot,
  ResolvePossiblyDirectEval, InitializeVarGlobal,
  DeclareGlobals

The old enum StrictModeFlag is still used in the backend
when the distinction between the 'strict mode' and the 'extended mode' does not matter. This includes:
* SetProperty runtime function, Delete builtin
* StoreIC and KeyedStoreIC
* StubCache

Review URL: http://codereview.chromium.org/8417035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10062 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-24 15:17:04 +00:00
mstarzinger@chromium.org
7e7d4dfd64 Implement crankshaft support for nested object literals. 
This generates optimized code for deep-copying of nested object literal
boilerplates which are statically known. Most of the boilerplates have
already been generated at crankshaft time, so this optimization should
kick in for virtually every object literal. Only nested object literal
graphs up to a certain depth and containing up to a certain total number
of properties are considered for this optimization. This will prevent
explosion of code size due to large object literals (e.g. eval on JSON).
Improves splay performance because object literals are created often.

R=fschneider@chromium.org

Review URL: http://codereview.chromium.org/8640001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-24 13:42:52 +00:00
yangguo@chromium.org
304d49cd17 Porting r10023 and r10054 to arm (pointer cache for external strings). 
Review URL: http://codereview.chromium.org/8682010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-24 11:07:39 +00:00
mstarzinger@chromium.org
83b01d84a1 ARM: Implement code stub for object literal creation. 
This just ports r10036 to the ARM codegenerator. Please see the original
revision for a detailed description.

R=erik.corry@gmail.com

Review URL: http://codereview.chromium.org/8638012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10056 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-23 15:01:20 +00:00
fschneider@chromium.org
8fbf1d5017 Landing: [hydrogen] optimize switch with string clauses. Patch by Fedor Indutny <fedor.indutny@gmail.com>. 
Original code review: http://codereview.chromium.org/8373029/
Review URL: http://codereview.chromium.org/8589019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-17 13:57:55 +00:00
yangguo@chromium.org
85b693c9e8 Change generated code for substring not to bail out to runtime system. 
There is no need to bail out to runtime system when creating sliced strings of external strings since the string content is unimportant.

Review URL: http://codereview.chromium.org/8513016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10012 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-17 08:40:40 +00:00
fschneider@chromium.org
8480569467 Fix lazy deoptimization at HInvokeFunction and enable target-recording call-function stub. 
Changes the way we do lazy deoptimization:

1. For side-effect instructions, we insert the lazy-deopt call at
the following LLazyBailout instruction.

     CALL
     GAP
     LAZY-BAILOUT ==> lazy-deopt-call

2. For other instructions (StackCheck) we insert it right after the
instruction since the deopt targets an earlier deoptimization environment.

   STACK-CHECK
   GAP ==> lazy-deopt-call

The pc of the lazy-deopt call that will be patched in is recorded in the
deoptimization input data. Each Lithium instruction can have 0..n safepoints.
All safepoints get the deoptimization index of the associated LAZY-BAILOUT
instruction. On lazy deoptimization we use the return-pc to find the safepoint.
The safepoint tells us the deoptimization index, which in turn finds us the
PC where to insert the lazy-deopt-call.

Additional changes:
 * RegExpLiteral marked it as having side-effects so that it 
   gets an explicitlazy-bailout instruction (instead of
   treating it specially like stack-checks)
 * Enable target recording CallFunctionStub to achieve
   more inlining on optimized code.

BUG=v8:1789
TEST=jslint and uglify run without crashing, mjsunit/compiler/regress-lazy-deopt.js
Review URL: http://codereview.chromium.org/8492004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-16 08:44:30 +00:00
keuchel@chromium.org
b153dcfebf Make eval compilation cache calling scope sensitive. 
Review URL: http://codereview.chromium.org/8518001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-14 08:58:47 +00:00
danno@chromium.org
8bdb3ffbca ARM: Implement runtime function for array literal transitions. 
Also simplify ia32 and x64 handing of the trace_elements_transition flag.

R=jkummerow@chromium.org
BUG=none
TEST=array-literal-transitions.js

Review URL: http://codereview.chromium.org/8539011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9979 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-11 14:49:16 +00:00
kmillikin@chromium.org
e49d533b50 Reapply "Add a level of indirection to exception handler addresses." 
Original commit message:

Add a level of indirection to exception handler addresses.

To support deoptimization of exception handlers, the handler address in the
stack is converted to a pair of code object and an index into a separate
table of code offsets.  The index part is invariant under deoptimization.
The index is packed into the handler state field so that handler size does
not change.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8538011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-11 13:48:14 +00:00
kmillikin@chromium.org
66ff8828a0 Revert "Add a level of indirection to exception handler addresses." 
This reverts r9975.  This change broke (at least) snapshots on x64.

TBR=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8540005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-11 13:13:35 +00:00
kmillikin@chromium.org
1635117db9 Add a level of indirection to exception handler addresses. 
To support deoptimization of exception handlers, the handler address in the
stack is converted to a pair of code object and an index into a separate
table of code offsets.  The index part is invariant under deoptimization.
The index is packed into the handler state field so that handler size does
not change.

R=vegorov@chromium.org,fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8462010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9975 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-11 12:51:42 +00:00
mstarzinger@chromium.org
5834284848 Refactor embedded pointer visitors for the serializer 
This patch continues the refactoring that started in r9597 and
extends it with support for the serializer.
This is required for MIPS support in the serializer.

Review URL: http://codereview.chromium.org/8467010
Patch from Gergely Kis <gergely@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-11 12:28:42 +00:00
erik.corry@gmail.com
58870fa9e5 ARM: Check that address given to __ RecordWrite is correct. 
Review URL: http://codereview.chromium.org/8511052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9963 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-11 08:23:06 +00:00
yangguo@chromium.org
07ee3e6e5c Fixing generated hash function on all platforms. 
BUG=v8:1808
TEST=cctest/test-hashing.cc

Review URL: http://codereview.chromium.org/8512004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9956 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-10 14:26:57 +00:00
yangguo@chromium.org
2e5cb9b49f MIPS: Simplify StringCharCodeAt in non-crankshaft codegen. 
Port r9936 (61034d).

BUG=
TEST=

Review URL: http://codereview.chromium.org/8506024
Patch from Gergely Kis <gergely@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-10 08:07:39 +00:00
kmillikin@chromium.org
cefa4cc148 Get rid of CodeStub::TryGetCode. 
This function is no longer needed.  It was only used (overly defensively)
when fetching the stack check stub for on-stack replacement patching.

R=vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8510013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-09 15:44:13 +00:00
yangguo@chromium.org
8dcfcdd7da Fixing presubmit. 
Review URL: http://codereview.chromium.org/8510012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9939 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-09 15:06:10 +00:00
yangguo@chromium.org
97798860a0 Repeat last debugger command in the arm simulator when command input is empty. 
Review URL: http://codereview.chromium.org/8506015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9937 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-09 14:37:04 +00:00
yangguo@chromium.org
6157562994 Simplify StringCharCodeAt in non-crankshaft codegen. 
TEST=test/mjsunit/string-slices.js

Review URL: http://codereview.chromium.org/8510005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-09 14:32:51 +00:00
rossberg@chromium.org
f936aac43e Make _CallFunction proxy-aware. 
Change calling convention for CallFunction stub.
Some fixes regarding strict mode call traps.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8318014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9916 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 14:39:37 +00:00
keuchel@chromium.org
72dba271eb Reapply r9870 "Remove some initialization checks based on source positions.". 
This reverts r9896 "Revert r9870 due to browser-test failures." See below for
the diff from the previous version for the ia32 platform. The code for other
platforms has been changed accordingly.

TEST=mjsunit/compiler/lazy-const-lookup.js

diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index 2cbf518..1990f2f 100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -1258,13 +1258,17 @@ void FullCodeGenerator::EmitVariableLoad(VariableProxy* proxy) {
         // binding is initialized:
         //   function() { f(); let x = 1; function f() { x = 2; } }
         //
-        // Check that we always have valid source position.
-        ASSERT(var->initializer_position() != RelocInfo::kNoPosition);
-        ASSERT(proxy->position() != RelocInfo::kNoPosition);
-        bool skip_init_check =
-            var->mode() != CONST &&
-            var->scope()->DeclarationScope() == scope()->DeclarationScope() &&
-            var->initializer_position() < proxy->position();
+        bool skip_init_check;
+        if (var->scope()->DeclarationScope() != scope()->DeclarationScope()) {
+          skip_init_check = false;
+        } else {
+          // Check that we always have valid source position.
+          ASSERT(var->initializer_position() != RelocInfo::kNoPosition);
+          ASSERT(proxy->position() != RelocInfo::kNoPosition);
+          skip_init_check = var->mode() != CONST &&
+              var->initializer_position() < proxy->position();
+        }
+
         if (!skip_init_check) {
           // Let and const need a read barrier.
           Label done;

Review URL: http://codereview.chromium.org/8479034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9915 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 13:28:53 +00:00
kmillikin@chromium.org
aee8ae0548 Tighten the code for MacroAssembler::ThrowUncatchable. 
Test at the bottom in the unwind loop.  Eliminate the possibility of a
useless move to the eax/rax/r0 register (currently impossible because
this function has two call sites).  Do not explicitly zero the context
because we've already saved 0 as the context in the handler.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8493008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 11:09:00 +00:00
fschneider@chromium.org
4627023b38 Revert r9901 to make tree green again. 
There was a test failure on x64 mozilla tests.

TBR=ricow@chromium.org
Review URL: http://codereview.chromium.org/8495011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 09:56:09 +00:00
fschneider@chromium.org
cac3008437 [hydrogen] optimize switch with string clauses 
Hydrogen should optimize not only SMI clauses, but clauses with string literals
too.

Patch from fedor.indutny <fedor.indutny@gmail.com>.

R=vegorov@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8373029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-08 09:08:33 +00:00
keuchel@chromium.org
c0d0bf863a Revert r9870 due to browser-test failures. 
This reverts commit 4d5b5f12aac932ad892c7b6f152b6168708d4210.

Review URL: http://codereview.chromium.org/8493006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-07 12:33:58 +00:00
yangguo@chromium.org
2944545888 Adding assertions to fast elements conversion. 
Review URL: http://codereview.chromium.org/8437092

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9875 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-03 16:24:24 +00:00
keuchel@chromium.org
fd21937812 Remove some initialization checks based on source positions. 
This depends on
http://codereview.chromium.org/8352039 and
http://codereview.chromium.org/8423005 .

Review URL: http://codereview.chromium.org/8422010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9870 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-03 12:05:48 +00:00
keuchel@chromium.org
58123bff56 Remove some unnecessary binding initialization checks. 
This depends on http://codereview.chromium.org/8352039/ .

Review URL: http://codereview.chromium.org/8423005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9869 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-03 11:59:51 +00:00
kmillikin@chromium.org
4e4a901d96 Remove the forward-bailout stack from the non-optimizing compiler. 
This was pretty heavyweight.  It was kept in just for a few corner cases
that assumed it was there.  We can work around them by making sure that the
expression in a reified test context is always really the expression that
was visited in that context; and by inspecting the context manually and
consing up a pair of extra AST IDs for the unusual case of unary not in a
value AST context.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8386037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-02 16:53:32 +00:00
fschneider@chromium.org
aa34b432de Remove one-line helper used in two places. 
Review URL: http://codereview.chromium.org/8387067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-11-01 12:25:18 +00:00
danno@chromium.org
0766a138a6 Add and use ElementsKind side effect 
Also partition side effects into observable and not observable, with only observable requiring Simulates and non-observable changes able to participate in GVN and code hoisting.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8380017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-31 14:15:10 +00:00
fschneider@chromium.org
0df9569fe5 Merge IR classes for different bitwise operations AND, OR and XOR into one class. 
Since we already have only one LIR class, it does not make much sense to separate
them at the HIR level.
Review URL: http://codereview.chromium.org/8426005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-31 13:06:26 +00:00
lrn@chromium.org
30465596e6 Make eval consider anything on the form eval(args...) a potential direct cal 
Previously we omitted all cases where the global eval property was shadowed,
even if by a variable holding the same value. ES5 requires us to treat these
as direct calls.

We still throw if calling indirect eval with a detached global object.

BUG=v8:994
TEST=mjsunit/eval.js

Review URL: http://codereview.chromium.org/8343054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-31 09:38:52 +00:00
ulan@chromium.org
fa8a71df9a Handlify CompileConstructStub. Based on 8391045. 
R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8399032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-28 14:08:43 +00:00
kmillikin@chromium.org
0df252b38b Handlify the remaining CallStubCompiler functions. 
Also, handlify functions for loading with interceptors and callbacks.
Remove some unneeded code.  Rename Foreign::address() because it
confusingly shadows HeapObject::address() which does something quite
different.

R=vegorov@chromium.org,ulan@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8391045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-28 12:37:29 +00:00
yangguo@chromium.org
b56466f4da Fixing dead code in empty array init. 
TEST=set JSArray::kPreallocatedArrayElements to larger than 4.

Review URL: http://codereview.chromium.org/8381014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-27 11:11:59 +00:00
yangguo@chromium.org
2923136f95 Fixing performance regression in issue 1787. 
BUG=v8:1787

Review URL: http://codereview.chromium.org/8390050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-27 07:59:12 +00:00
ulan@chromium.org
405d57fe00 Handlify CompileStoreCallback, CompileStoreInterceptor. 
R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8390045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-26 12:35:12 +00:00
ulan@chromium.org
beb0bbe3a9 Handlify simple functions of [keyed] store stub compiler. 
Handlified functions: CompileStoreField, CompileStoreGlobal, CompileStoreElement, CompileStorePolymorphic.

Based on 8375053.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8393003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-26 10:45:24 +00:00
ulan@chromium.org
a2fff744e0 Handlify CompileLoadGlobal, CompileLoadElement, CompileLoadPolymorphic. 
R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8375053

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-26 09:58:32 +00:00
ulan@chromium.org
abeb5a4d93 Handlify simple functions of [keyed] load stub compiler. 
Handlified functions: CompileLoadNonexistent, CompileLoadField,
CompileLoadConstant, CompileLoadArrayLength, CompileLoadStringLength,
CompileLoadFunctionPrototype.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8383033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 12:26:07 +00:00
kmillikin@chromium.org
e05c04e5fa Handlify CallStubCompiler::CompileCallField. 
This function relies on a number of helpers for checking prototypes and
probing dictionaries.  It is not possible to wrap these helpers to retry
after allocation failure in a safe way---the assembler has no way to undo
what it has already assembled.

These functions have all been duplicated with handle and raw versions.  The
raw versions will eventually be removed completely.

R=ulan@chromium.org,vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8332003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 09:24:49 +00:00
keuchel@chromium.org
e8bccc2cb0 Block scoped const variables. 
This implements block scoped 'const' declared variables in harmony mode. They
have a temporal dead zone semantics similar to 'let' bindings, i.e. accessing
uninitialized 'const' bindings in throws a ReferenceError.

As for 'let' bindings, the semantics of 'const' bindings in global scope is not
correctly implemented yet. Furthermore assignments to 'const's are silently
ignored. Another CL will introduce treatment of those assignments as early
errors.

Review URL: http://codereview.chromium.org/7992005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-25 08:33:08 +00:00
rossberg@chromium.org
70dc2fe968 Implement for-in loop for proxies. 
Fix related corner case for Object.keys.
Remove obsolete GET_KEYS builtin.

R=ricow@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8256015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 15:56:18 +00:00
lrn@chromium.org
7ab6e55f78 Moved random generator state to global context. 
Change Random to take global context, not isolate.

BUG=v8:864

Review URL: http://codereview.chromium.org/8162014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 12:12:21 +00:00
yangguo@chromium.org
215c26e3d3 Further improvements upon r9747. 
Review URL: http://codereview.chromium.org/8372028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 11:16:38 +00:00
kmillikin@chromium.org
ef31d0480a Handlify the remaining stub compiler functions for call ICs. 
Handlify StubCompiler functions for CallIC and KeyedCallIC cases
Megamorphic, Arguments, DebugBreak, and DebugPrepareStepIn.

R=ulan@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8372029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 10:55:00 +00:00
kmillikin@chromium.org
ec007b46d1 Handlify call cases for pre-monomorphic, normal, and miss. 
These cases turn out to be easy.  There is a lingering raw pointer
implementation of TryCompileCallMiss because it's need by some of the
unconverted call stubs.

R=ulan@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8366036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 09:33:11 +00:00
yangguo@chromium.org
5f7f79b012 Refactor and clean up array allocation across platforms. 
Review URL: http://codereview.chromium.org/8359034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 07:55:50 +00:00
keuchel@chromium.org
c6464d500b Replace boolean indications of strict mode by an enum value. 
Review URL: http://codereview.chromium.org/8344082

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-24 07:47:22 +00:00
vegorov@chromium.org
b9f6ae21b8 Fix compilation on ARM and x64 broken by r9738 
R=erik.corry@gmail.com

Review URL: http://codereview.chromium.org/8359026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-21 10:53:02 +00:00
vegorov@chromium.org
3474190711 Fix CountLeadingZeros on non-ARMv5 hardware. 
R=erik.corry@gmail.com

Review URL: http://codereview.chromium.org/8361030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-21 10:33:12 +00:00
kmillikin@chromium.org
937006f761 Handlify StubCompiler::CompileCallInitialize. 
CallIC::GenerateInitialize and KeyedCallIC::GenerateInitialize are
verified safe for GC.

R=ulan@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8361028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-21 10:19:16 +00:00
fschneider@chromium.org
171846dbd1 Avoid static initializers in assember-arm.h. 
Patch by joth@chromium.org.

BUG=v8:1784
Review URL: http://codereview.chromium.org/8367001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9732 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-21 09:55:25 +00:00
kmillikin@chromium.org
e3792a6830 Handlify the stub cache lookup and patching for CallIC and KeyedCallIC. 
R=ulan@chromium.org,vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8357010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9729 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-20 17:08:53 +00:00
yangguo@chromium.org
bd5e694a9c Refactor elements kind conversion. 
Review URL: http://codereview.chromium.org/8355035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9724 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-20 12:36:45 +00:00
erik.corry@gmail.com
8f9721bbbf Shave 39% from snapshot size. 
Review URL: http://codereview.chromium.org/8344079

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-20 12:27:10 +00:00
whesse@chromium.org
388813581e Speed up comparison with a constant. 
Improve optimized code for comparison of an int32 against a constant, or comparison of two double constants.  Contributed by m.m.capewell.

Original codereview is http://codereview.chromium.org/7489045/.
This cl is just created in order to commit the change.

BUG=
TEST=

Review URL: http://codereview.chromium.org/8352040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-20 10:26:45 +00:00
danno@chromium.org
c868f0c4a4 Fix x64 and ARM builds. 
TBR=jkummerow@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8358001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-20 10:07:54 +00:00
yangguo@chromium.org
372c16161c Optimize fast element conversion in arm using batch store/loads. 
Review URL: http://codereview.chromium.org/8353002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 12:15:15 +00:00
jkummerow@chromium.org
3a9d6c04ba Introduce HTransitionElementsKind instruction. 
TEST=mjsunit/elements-kind

Review URL: http://codereview.chromium.org/8305001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 12:10:18 +00:00
fschneider@chromium.org
2791cd5a2c Allow inlining of named function expressions containing ThisFunction reference. 
Named function expression have an implicit local variable that
refers to the current function (ThisFunction). Before we only could inline
anonymous function expressions like:

A.prototype.foo = function() {}

as opposed to

A.prototype.foo = function foo() {}

This change enables inlining function of expressions like this.
Review URL: http://codereview.chromium.org/8346032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 11:41:22 +00:00
danno@chromium.org
e5f23399b4 Support array literals with FAST_DOUBLE_ELEMENTS ElementsKind. 
BUG=none
TEST=test/mjsunit/array-literal.js

Review URL: http://codereview.chromium.org/8258015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 11:36:55 +00:00
vegorov@chromium.org
e27d8fcbdc RegExpMacroAssembler::CheckStackGuardState should update input string pointer when it is moved or changed by GC. 
If input string was cons-string it might undergo short-circuiting during GC. This does not change input start if underlying seq-string (first element of cons-string) does not move but this makes input-string pointer on the native regexp's frame invalid.

R=lrn@chromium.org

Review URL: http://codereview.chromium.org/8343001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 11:01:02 +00:00
yangguo@chromium.org
96dc1fde46 Bugfix for r9690. 
BUG=arm debug test of mjsunit/elements-transition segfaults

Review URL: http://codereview.chromium.org/8342032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 10:44:20 +00:00
yangguo@chromium.org
8472de004b Porting r9605 to arm (elements kind conversion in generated code). 
Review URL: http://codereview.chromium.org/8329022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 09:04:35 +00:00
fschneider@chromium.org
e8a26d1eb1 Add write barrier helper for code patching and refactor stack check patching. 
The new helper avoids expensive FindCodeForInnerPointer invocation when we have
the host code object available. It is used when patching stack checks.

Also some comments on the ARM platform are corrected.
Review URL: http://codereview.chromium.org/8330021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 15:07:42 +00:00
vegorov@chromium.org
75dc771098 Increase ARM/MIPS simulators stack safety margin to 512 bytes 
R=erik.corry@gmail.com
BUG=v8:1773

Review URL: http://codereview.chromium.org/8337014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 14:41:45 +00:00
lrn@chromium.org
b15cfedf38 Fix bug in instanceof of bound functions on ARM. 
Implement same on Mips.

BUG=v8:1774
TEST=mjsunit/function-bind

Review URL: http://codereview.chromium.org/8337012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 11:30:29 +00:00
kmillikin@chromium.org
56c763f023 Make the GC aware of JSReceiver pointers in LookupResults. 
The LookupResult utility class is used in handlified code, but it can
contain a raw pointer to the lookup's holder object.  Create a per-thread
stack of live LookupResults and iterate all the live ones on GC.

R=vegorov@chromium.org,erik.corry@gmail.com
BUG=
TEST=

Review URL: http://codereview.chromium.org/8341009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 11:18:55 +00:00
keuchel@chromium.org
7d89f0f3c8 Replace calls_eval() by calls_non_strict_eval() where possible. 
Review URL: http://codereview.chromium.org/8321002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 15:19:34 +00:00
lrn@chromium.org
5152d2e0da Reimplement Function.prototype.bind. 
Make instanceof work correctly.

BUG=v8:893

Review URL: http://codereview.chromium.org/8199004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:44:16 +00:00
keuchel@chromium.org
0706a98b2a Introduce with scope and rework variable resolution. 
Review URL: http://codereview.chromium.org/7904008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 09:29:37 +00:00
mstarzinger@chromium.org
ac712f13c3 Fix evaluation order of GT and LTE operators. 
According to the ES5 spec all ">" and "<=" expressions should be be
evaluated left-to-right. This obsoletes old hacks for reversing the
order to be ES3 compliant.

R=lrn@chromium.org
BUG=v8:1752

Review URL: http://codereview.chromium.org/8275035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 07:43:40 +00:00
fschneider@chromium.org
212e4ae7d4 Eliminate write barrier for global stores at compile time if value stored is a smi. 
Omit smi check inside write barriers if the value is known to be a heap object.

Refine inferred types of some instructions.
Review URL: http://codereview.chromium.org/8256016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-14 07:45:18 +00:00
mstarzinger@chromium.org
1da890af54 Refactor how embedded pointers are visited. 
This refactoring (almost) gets rid of the requirement to get the target
object address for an object pointer embedded in code objects. This is
not possible on MIPS as pointers are encoded using two instructions. All
usages of RelocInfo::target_object_address() are (almost) obsoleted by
this change. The serializer still uses it, so MIPS will not yet work
with snapshots turned on.

R=danno@chromium.org,vegorov@chromium.org

Review URL: http://codereview.chromium.org/8245007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9597 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-12 15:43:41 +00:00
rossberg@chromium.org
1abf3ed0a4 Introduce collective --harmony flag. 
Shorten --harmony-block-scoping to --harmony-scoping.

R=keuchel@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8226017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-12 12:23:06 +00:00
jkummerow@chromium.org
312c534a6c Refactor and fix polymorphic KeyedStoreIC creation 
Review URL: http://codereview.chromium.org/8233011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 16:02:45 +00:00
yangguo@chromium.org
cef39a6657 Fixing a bug in arm as pointed out in issue 1759. 
BUG=v8:1759

Review URL: http://codereview.chromium.org/8229012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 15:56:06 +00:00
jkummerow@chromium.org
184fdcf28b Track elements_kind transitions in KeyedStoreICs. 
Review URL: http://codereview.chromium.org/8166017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 09:33:00 +00:00
erik.corry@gmail.com
f900fc9d80 Remove some unused and unneeded flags. 
Review URL: http://codereview.chromium.org/8228004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 09:28:06 +00:00
fschneider@chromium.org
876fa09feb Move declaration of SerializedScopeInfo from variables.h to objects.h 
This eliminates compile-errors when assigning Handle<SerializedScopeInfo> to
Handle<Object> in a place where the declaration was not available because
variables.h was not included.

As a result I had to also move the enum Variable::Mode to v8globals.h and
rename it to VariableMode.
Review URL: http://codereview.chromium.org/8221004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 08:41:19 +00:00
yangguo@chromium.org
3249530ef0 Fixing issue 1757 (string slices of external strings). 
BUG=v8:1757
TEST=regress-1757.js

Review URL: http://codereview.chromium.org/8217011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 16:09:03 +00:00
danno@chromium.org
3b07abbdbe Activate smi-only optimizations for large array literals. 
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8177005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 08:31:06 +00:00
keuchel@chromium.org
c1cf622fe9 Fast allocation of block contexts. 
Review URL: http://codereview.chromium.org/8066002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9542 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-06 15:59:02 +00:00
keuchel@chromium.org
80048c14b1 Fix load of potentially eval-shadowed let bindings. 
BUG=
TEST=test/mjsunit/harmony/block-let-semantics.js

Review URL: http://codereview.chromium.org/8118032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-06 15:24:20 +00:00
yangguo@chromium.org
b1e83c54c5 Porting r9456 to arm (Optimize KeyedStoreGeneric for Smi arrays). 
Review URL: http://codereview.chromium.org/8065004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-05 11:39:34 +00:00
vegorov@chromium.org
a7c373c2d2 Fix Kraken segfaults on ARM. 
DoStoreKeyedFastElement was passing incorrect slot address (off by 1) to the RecordWrite.

R=erik.corry@gmail.com
BUG=v8:1742

Review URL: http://codereview.chromium.org/8139026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-05 10:50:24 +00:00
yangguo@chromium.org
3c812247aa Simplify compares in KeyedStoreIC::GenerateGeneric. 
Review URL: http://codereview.chromium.org/8068024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 12:17:08 +00:00
fschneider@chromium.org
976d5f3797 Clean list of external references from internal objects like the hole value. 
Review URL: http://codereview.chromium.org/8114032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 09:07:50 +00:00
vegorov@chromium.org
36ae5f3811 Pass correct anchor_slot for EMBEDDED_OBJECT pointers from code objects. 
Correctly initialize newly created large-object pages when incremental marking with compaction is in progress.

R=erik.corry@gmail.com
BUG=v8:1737

Review URL: http://codereview.chromium.org/8070002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-28 17:45:58 +00:00
erik.corry@gmail.com
0b26be298d Fix the no-VFP3 build on ARM. 
Review URL: http://codereview.chromium.org/8066008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9468 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-28 13:20:09 +00:00
erik.corry@gmail.com
07ba7ad073 Move the is_pregenerated flag so it does not overlap other flags. 
Remove the before-or-after InstanceOf stub rule, which was too
subtle and lacked checking ssertions.
Unify the way the CEntry stub is pregenerated so that it is done
in the same way.
Review URL: http://codereview.chromium.org/8065006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-28 12:23:40 +00:00
erik.corry@gmail.com
99ed7bdb29 Fix the build on ARM. 
Review URL: http://codereview.chromium.org/8065005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-28 11:00:41 +00:00
erik.corry@gmail.com
bbcafaa2d5 Make sure we don't flush the pregenerated stubs, since they need 
to be always present, so that we can call them from other stubs
without trying to generate stubs while we are generating stubs.
Review URL: http://codereview.chromium.org/8052029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-28 10:32:12 +00:00
fschneider@chromium.org
27e1a8d414 Improve our simple elimination of hole checks. 
Currently we avoid checking for the hole value after array loads, if the
result is only used by instructions that definitely deoptimize in case
of the hole value (HChange instructions).

This change performs the same procedure for loading from deleteable/read-only
global variable where we can also avoid the check in the same cases.
Review URL: http://codereview.chromium.org/8054008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9453 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-27 13:03:19 +00:00
kmillikin@chromium.org
bcb781d76a Record function call targets, use them for inlining. 
Introduce a version of the CallFunctionStub that records monomorphic
call targets in a one-element cache in the instruction stream.  Use
the cache for inlining attempts in the optimizing backend.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7966038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9449 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-27 11:42:02 +00:00
vegorov@chromium.org
0df7441668 Tighten up assertions checking GC-safety of stub calls. 
Ensure that stubs are properly pregenerated on all platforms.

R=erik.corry@gmail.com
BUG=v8:1729

Review URL: http://codereview.chromium.org/8041035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9447 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-27 10:53:22 +00:00
jkummerow@chromium.org
0455aadbeb Add Crankshaft support for smi-only elements 
Review URL: http://codereview.chromium.org/8002019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 12:09:04 +00:00
fschneider@chromium.org
ba6cd937ff Add code comments to deferred code objects to make debugging easier. 
Review URL: http://codereview.chromium.org/8046003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 09:32:10 +00:00
yangguo@chromium.org
e6509e77d2 Small refactor to KeyedStoreIC::GenerateGeneric to make it slightly faster. 
Review URL: http://codereview.chromium.org/8008016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 07:36:44 +00:00
yangguo@chromium.org
37606380ab Porting r9392 to arm (smi-only arrays). 
Review URL: http://codereview.chromium.org/7995002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9411 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-23 09:31:20 +00:00
ricow@chromium.org
bb2cf02849 Fix arm compilation, missing isolate pointer 
Review URL: http://codereview.chromium.org/7988007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 16:27:05 +00:00
vegorov@chromium.org
bfd048173f Notify collector about lazily deoptimized code objects. 
All slots that were recorded on these objects during incremental marking should be ignored as they are no longer valid.

To filter such invalidated slots out during slots buffers iteration we set all markbits under the invalidated code object to 1 after the code space was swept and before slots buffers are processed.

R=erik.corry@gmail.com
BUG=v8:1713
TEST=test/mjsunit/regress/regress-1713.js

Review URL: http://codereview.chromium.org/7983045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 16:01:35 +00:00
danno@chromium.org
f48c9f6557 Basic support for tracking smi-only arrays on ia32. 
Activated by the flag --smi-only-arrays

Currently not crankshaft support, using flag on non-ia32 platforms will lead to write barrier misses and crashes.

BUG=none
TEST=elements_kind.js

Review URL: http://codereview.chromium.org/7901016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9392 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 11:30:04 +00:00
rossberg@chromium.org
fdade92c20 Reorganize object type enum, such that proxies are no longer in the middle 
of the range of proper JS objects.

Unfortunately, callable types no longer form a range now. However, there
are only two anyway. We put them at either end of the range of JS object
types so that certain compares can be combined.

R=erik.corry@gmail.com,kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7737036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-21 14:46:54 +00:00
mstarzinger@chromium.org
3fabe323f2 Add kHeaderSize constant to SeqString. 
This prevents potential misuse of SeqString::kHeaderSize as in the
case of live byte counting in incremental marking stub. All stubs
picked up the undefined size constant SeqString::kHeaderSize, thus
the computed size of all strings was off by two pointers slots.

R=lrn@chromium.org
BUG=v8:1672
TEST=mjsunit/object-seal.js,...

Review URL: http://codereview.chromium.org/7971009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9349 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 16:33:03 +00:00
erik.corry@gmail.com
c8fe713986 Put back the asserts in RememberedSetHelper, but correct this time. 
Fix some incorrect comments.
Review URL: http://codereview.chromium.org/7977005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 13:32:27 +00:00
yangguo@chromium.org
fdffe67205 Initialize pre-allocated fields of JSObject with undefined. 
BUG=94873

Review URL: http://codereview.chromium.org/7929001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 10:06:23 +00:00
svenpanne@chromium.org
d4bb00230b Make newer GCCs happier: Fixed NULL vs. 0 confusion. 
Review URL: http://codereview.chromium.org/7970008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9333 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 09:43:58 +00:00
kmillikin@chromium.org
22ef98dc66 Fix a deoptimization bug. 
We reset the count of outgoing arguments, used for the index in the
frame's outgoing arguments, for each level of inlining.  This could
result in the arguments overlapping, rather than stacking on top of
each other.

R=whesse@chromium.org,fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7932022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 07:14:30 +00:00
erik.corry@gmail.com
d8b8825474 ARM: Pregenerate some stubs that we call from other stubs. 
BUG=1696
Review URL: http://codereview.chromium.org/7956002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9329 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-19 18:50:06 +00:00
vegorov@chromium.org
ac36cb4504 Merge experimental/gc branch to the bleeding_edge. 
Review URL: http://codereview.chromium.org/7945009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-19 18:36:47 +00:00
svenpanne@chromium.org
cf63503cad Unify the handling of comparinsons against null and undefined. 
Although this patch is not small, most parts of it are rather mechanical:

 * First of all, the concept of a 'nil-like' value is introduced, which can be
   null or undefined. They are treated symmetrically regarding comparisons, so
   it makes sense to handle them in a uniform manner. It is a mystery why
   JavaScript defines two of those beasts, when even *one* is a design wart...

 * Extended and renamed a few things which now handle undefined in addition to
   null.

 * Made the parts of the full code generator and the hydrogen generation which
   deal with comparisons a bit more similar regarding their handling of special
   cases.

 * Refactored the syntactical detection of special cases for comparisons,
   hopefully making them a bit more readable and less copy-n-paste-oriented.
   Things like this should really be a one-liner in any sane programming
   language... :-P

 * Cut down the length of the argument lists of a few functions to something
   less insane, making them more easily understandable locally. This involves
   minor code duplication, but this was a good tradeoff and can be remedied
   later if necessary.

 * Replaced some boolean arguments with more readable enums.

 * Fixed a TODO: Values which are definitely a Smi or unboxed can never be equal
   to null or undefined.
Review URL: http://codereview.chromium.org/7918012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-19 14:50:33 +00:00
erik.corry@gmail.com
b84214a5be Fix a harmless assert and a genuine bug in the GC-safety of stub 
generation on ARM without VFP3.
Review URL: http://codereview.chromium.org/7937004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9319 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-19 07:38:48 +00:00
erik.corry@gmail.com
ff5e1c9822 Fix asserts and GC unsafeness in stub generation, bug=1689. 
Review URL: http://codereview.chromium.org/7920006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-16 13:06:51 +00:00