AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
10,808 Commits 1 Branch 0 Tags 839 MiB
de17fa5b4c
Commit Graph

929 Commits

Author SHA1 Message Date
verwaest@chromium.org
36a26b5394 Separate MEGAMORPHIC and GENERIC ic states 
Review URL: https://chromiumcodereview.appspot.com/11824063

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-16 15:02:58 +00:00
svenpanne@chromium.org
b5e4485a34 Add some runtime checks to MayNamedAccess 
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11877027
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-16 08:54:04 +00:00
mstarzinger@chromium.org
b93b2b98b8 Fix shared function info code replacement. 
This fixes a corner case when the unoptimized code for a shared function
info is replaced while the function is enqueued as a flushing candidate.
Since the link field is stored within the code object, the candidates
list got destroyed.

R=hpayer@chromium.org
BUG=v8:169209
TEST=cctest/test-heap/Regress169209

Review URL: https://codereview.chromium.org/11818052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-11 13:13:11 +00:00
verwaest@chromium.org
7cb764b780 Combine DEBUG_BREAK and DEBUG_PREPARE_STEP_IN into one IC stub kind DEBUG_STUB, encoding DEBUG_BREAK and DEBUG_PREPARE_STEP_IN as extra ic state. 
Review URL: https://chromiumcodereview.appspot.com/11821049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13352 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-10 14:15:12 +00:00
yangguo@chromium.org
e41c17084f Continues Latin-1 support. All tests pass with ENABLE_LATIN_1 flag. 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11818025
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-09 15:47:53 +00:00
jkummerow@chromium.org
aee9febccc Some more instrumentation to narrow down Failure leaks. 
The basic idea is to tag OOM-Failure objects with an ID indicating where they were created. This requires changes to equality comparisons.

Note to MIPS folks: I'm planning to revert this CL in a couple of days, so feel free to skip porting the platform-specific changes.

BUG=chromium:156010

Review URL: https://codereview.chromium.org/11818023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-09 12:29:06 +00:00
yangguo@chromium.org
45f20e366a Introduce ENABLE_LATIN_1 compile flag 
Mostly a bunch of renaming when flag is disabled.

R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11759008
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-09 10:30:54 +00:00
mvstanton@chromium.org
467b75208f Test fix: missing check for JSArray. 
BUG=

Review URL: https://codereview.chromium.org/11801036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-08 10:22:12 +00:00
mvstanton@chromium.org
529f801fde Adapt Danno's Track Allocation Info idea to fast literals. When allocating a literal array, 
we store an AllocationSiteInfo object right after the JSArray, with a pointer to the
boilerplate object. Later, if the array transitions we check for the continued existence
of the temporary AllocationSiteInfo object (has no roots). If found, we'll use it to
transition the boilerplate array as well.

Danno's original changeset: https://codereview.chromium.org/10615002/

Review URL: https://codereview.chromium.org/11663005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-08 09:03:16 +00:00
verwaest@chromium.org
50d82ca796 Introduce POLYMORPHIC 
Review URL: https://chromiumcodereview.appspot.com/11747022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13329 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-07 15:36:26 +00:00
yangguo@chromium.org
61f4012989 Use C++ style type casts. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11644097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-07 15:02:56 +00:00
yangguo@chromium.org
4ee20d857b Check for read-only-ness when preparing for array sort. 
R=verwaest@chromium.org
BUG=v8:2419

Review URL: https://chromiumcodereview.appspot.com/11759022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-04 15:24:47 +00:00
yangguo@chromium.org
04ccb975f4 Remove InputBuffer 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11727004
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-03 09:18:01 +00:00
verwaest@chromium.org
537d1d89b0 Move CopyElements to the accessor of the target. 
Review URL: https://chromiumcodereview.appspot.com/11416238

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13292 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-01-02 10:09:42 +00:00
yangguo@chromium.org
bccef0c712 Reland r13275 and 13276 (Remove most uses of StringInputBuffer). 
R=dcarney@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11727003
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13291 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-31 11:13:50 +00:00
yangguo@chromium.org
121f3f6020 Revert r13275 and 13276 (Remove most uses of StringInputBuffer). 
This is due to test failures in test-mark-compact/BootUpMemoryUse.

R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11688003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-27 10:03:17 +00:00
yangguo@chromium.org
6e6140728b Fix build warnings. 
TBR=dcarney@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11669020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13276 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-24 08:52:32 +00:00
yangguo@chromium.org
7f074acd8d Remove most uses of StringInputBuffer 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11638037
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-24 08:29:48 +00:00
svenpanne@chromium.org
3cff9a2a4a Refactored deopt tracing and FindOptimizedCode. Fixed a bug when printing stubs. 
Review URL: https://codereview.chromium.org/11636046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-21 07:18:56 +00:00
svenpanne@chromium.org
9b00a57a92 Refactoring only: Extracted method to print deopt location. 
Review URL: https://codereview.chromium.org/11640041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-20 11:53:42 +00:00
yangguo@chromium.org
eedcaf1866 Remove Utf8InputBuffer 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11649018
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13248 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-20 09:20:37 +00:00
rossberg@chromium.org
75dac95604 Fix treatment of hidden prototypes in SetProperty. 
R=svenpanne@chromium.org
BUG=v8:2457

Review URL: https://codereview.chromium.org/11644021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-19 15:17:01 +00:00
yangguo@chromium.org
9569b20db2 Replace the use CharacterStreams in Heap::AllocateSymbolInternal and String::ComputeHash 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11593007
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-19 13:27:20 +00:00
danno@chromium.org
1f4b4625ff Re-land Crankshaft-generated KeyedLoad stubs. 
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11528003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-18 16:25:45 +00:00
yangguo@chromium.org
19a6575ea3 Rename LookupSymbol calls to use Utf8 or OneByte in names. 
R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11597007
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-17 15:56:16 +00:00
rossberg@chromium.org
fb5a5e22ec Object.observe: Make array length and other magic data properties work correctly. 
Also, disable TestFastElementsLength test for now, since it flakes on buildbots for yet unknown reasons.

R=mstarzinger@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11554019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13213 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-13 09:31:44 +00:00
rossberg@chromium.org
76375de29d Object.observe: prevent observed objects from using fast elements. 
This is necessary because polymorphic stores generally
do not perform a map check but only an instance type check,
which misses out on changes in the observation status.
Unfortunately, there currently is no efficient way in V8
to maintain that optimisation in the presence of Object.observe.

R=mstarzinger@chromium.org
BUG=v8:2409

Review URL: https://codereview.chromium.org/11477006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-12 11:38:24 +00:00
mstarzinger@chromium.org
4e42a3295a Clear optimized code map during incremental marking. 
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/11458011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-11 17:28:40 +00:00
mstarzinger@chromium.org
ca3ea142be Fix missing printing of deoptimizer input data. 
R=rossberg@chromium.org
TEST=mjsunit/compiler/inline-arguments --print-all-code

Review URL: https://codereview.chromium.org/11537005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-11 12:19:19 +00:00
yangguo@chromium.org
f02af74575 Cleanup StringCharacterStream and add initial test cases. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11438046
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-11 10:22:15 +00:00
danno@chromium.org
64fc1f99cb Revert 13157, 13145 and 13140: Crankshaft code stubs. 
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/11498006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-10 11:09:12 +00:00
rossberg@chromium.org
9a0623f296 Object.observe support for Function 'prototype' property 
BUG=v8:2409

Review URL: https://codereview.chromium.org/11416353
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-10 10:53:57 +00:00
rossberg@chromium.org
4d73627313 Handlify JSObject::SetDictionaryElement, which may call back into JS. 
Fixes flaky crasher in proxies.js test.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11471028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-07 12:58:09 +00:00
yangguo@chromium.org
a2d0b05a11 Add StringBufferStream 
add a class StringBufferStream which will replace
StringInputBuffer and SafeStringInputBuffer and requires no
ascii/two byte encoding scheme

R=yangguo@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11428106
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-06 11:49:15 +00:00
yangguo@chromium.org
c75ca45000 Improve array to string conversion. 
BUG=v8:2435

Review URL: https://chromiumcodereview.appspot.com/11348349

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-05 15:49:22 +00:00
rossberg@chromium.org
6b16d0bcae Make Object.observe on the global object functional 
The approach in this change is to handle the unwrapping/wrapping of the global object transparently with respect to the JS implementation of Object.observe. An alternate approach would be to add a runtime method like %IsJSGlobalProxy and %UnwrapJSGlobalProxy, but it seems ugly to give JS (even implementation JS) access to the unwrapped global.

BUG=v8:2409

Review URL: https://codereview.chromium.org/11414094
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-05 12:03:57 +00:00
danno@chromium.org
f19959cd22 Enable stub generation using Hydrogen/Lithium (again) 
This initial implementation generates only KeyedLoadICs using the new Hydrogen stub infrastructure.

Committed: https://code.google.com/p/v8/source/detail?r=13105

Committed: https://code.google.com/p/v8/source/detail?r=13117

Review URL: https://codereview.chromium.org/10701054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-05 11:04:10 +00:00
yangguo@chromium.org
e6d4b7709f Remove some dead code. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11412322

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-04 15:30:22 +00:00
danno@chromium.org
9598ccd851 Remove extraneous forced rejuvenations in code aging 
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/11421219

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-04 08:58:59 +00:00
danno@chromium.org
66f6a8182c Revert 13117: "Enable stub generation using Hydrogen/Lithium (again)" 
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/11415261

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13120 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-03 17:16:51 +00:00
danno@chromium.org
78b09625d5 Enable stub generation using Hydrogen/Lithium (again) 
This initial implementation generates only KeyedLoadICs using the new Hydrogen stub infrastructure.

Committed: https://code.google.com/p/v8/source/detail?r=13105

Review URL: https://codereview.chromium.org/10701054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-03 15:51:05 +00:00
rossberg@chromium.org
45f42b04c1 When notifying observers of a truncated array, don't call getters on deleted element indices 
BUG=v8:2409

Review URL: https://codereview.chromium.org/11414177

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-12-03 13:34:08 +00:00
danno@chromium.org
0a3bcc8c05 Revert 13105: "Enable stub generation using Hydrogen/Lithium." 
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/11414262

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-30 17:45:45 +00:00
danno@chromium.org
c115ff4e33 Enable stub generation using Hydrogen/Lithium. 
This initial implementation generates only KeyedLoadICs using the new Hydrogen stub infrastructure.

Review URL: https://codereview.chromium.org/10701054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13105 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-30 17:31:30 +00:00
danno@chromium.org
5a40f006f9 Remove unused private member variables found by clang -Wunused-private-field 
Review URL: https://codereview.chromium.org/11414207
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-29 15:13:49 +00:00
svenpanne@chromium.org
5a4e0f1c79 Simplify and fix code aging. 
Making the code size predictable is hard, and to make things even more
complicated, the start of a function can contain various stuff like calls to a
profiling hook, receiver adjustment or dynamic frame alignment. Instead of
tackling all these problems separately, we now simply record the offset where
patching should happen later in the Code object itself.

Review URL: https://codereview.chromium.org/11316218

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13081 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-29 07:38:00 +00:00
vegorov@chromium.org
18d987e505 Relax restrictions on CONSTANT_FUNCTION descriptors in TransformPropertiesToFastFor. 
Since r10174 they are not required to be in new space.

R=danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11418181

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-28 14:02:30 +00:00
verwaest@chromium.org
e4be39edef Properly handle-ify method calls to map() and GetLocalElementAccessorPair() 
These are likely causing some of the flaky crashes in Object.observe code. I've reorganized some of the code to minimize the number of necessary calls to map() (by saving the result of map()->is_observed() in a local bool).

Also move down an unnecessarily early call to Uint32ToString when sending an element deletion notification.

Review URL: https://chromiumcodereview.appspot.com/11316202

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-28 08:35:46 +00:00
verwaest@chromium.org
1b0e373f09 Avoid double initialization of arrays. 
Review URL: https://chromiumcodereview.appspot.com/11413179

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-27 12:01:14 +00:00
rossberg@chromium.org
93579d9d3e Make indexed intercepted methods enumerable by default. 
R=ulan@chromium.org
BUG=162606

Review URL: https://codereview.chromium.org/11348222

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-26 12:55:47 +00:00
verwaest@chromium.org
2c1ac55213 - Initialize the result array with holes if we concat a double array into an object array, since it may cause a marking step while boxing a double. 
- Ensure we go holey if we are concatting any holey array.

Review URL: https://chromiumcodereview.appspot.com/11413142

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13038 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-22 16:22:57 +00:00
rossberg@chromium.org
ce05280bfc Get rid of static module allocation, do it in code. 
Modules now have their own local scope, represented by their own context.
Module instance objects have an accessor for every export that forwards
access to the respective slot from the module's context. (Exports that are
modules themselves, however, are simple data properties.)

All modules have a _hosting_ scope/context, which (currently) is the
(innermost) enclosing global scope. To deal with recursion, nested modules
are hosted by the same scope as global ones.

For every (global or nested) module literal, the hosting context has an
internal slot that points directly to the respective module context. This
enables quick access to (statically resolved) module members by 2-dimensional
access through the hosting context. For example,

  module A {
    let x;
    module B { let y; }
  }
  module C { let z; }

allocates contexts as follows:

[header| .A | .B | .C | A | C ]  (global)
          |    |    |
          |    |    +-- [header| z ]  (module)
          |    |
          |    +------- [header| y ]  (module)
          |
          +------------ [header| x | B ]  (module)

Here, .A, .B, .C are the internal slots pointing to the hosted module
contexts, whereas A, B, C hold the actual instance objects (note that every
module context also points to the respective instance object through its
extension slot in the header).

To deal with arbitrary recursion and aliases between modules,
they are created and initialized in several stages. Each stage applies to
all modules in the hosting global scope, including nested ones.

1. Allocate: for each module _literal_, allocate the module contexts and
   respective instance object and wire them up. This happens in the
   PushModuleContext runtime function, as generated by AllocateModules
   (invoked by VisitDeclarations in the hosting scope).

2. Bind: for each module _declaration_ (i.e. literals as well as aliases),
   assign the respective instance object to respective local variables. This
   happens in VisitModuleDeclaration, and uses the instance objects created
   in the previous stage.
   For each module _literal_, this phase also constructs a module descriptor
   for the next stage. This happens in VisitModuleLiteral.

3. Populate: invoke the DeclareModules runtime function to populate each
   _instance_ object with accessors for it exports. This is generated by
   DeclareModules (invoked by VisitDeclarations in the hosting scope again),
   and uses the descriptors generated in the previous stage.

4. Initialize: execute the module bodies (and other code) in sequence. This
   happens by the separate statements generated for module bodies. To reenter
   the module scopes properly, the parser inserted ModuleStatements.

R=mstarzinger@chromium.org,svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11093074

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-22 10:25:22 +00:00
yangguo@chromium.org
36f5b6d41f Rename IsAsciiRepresentation 
This is a straight rename:

IsAsciiRepresentation -> IsOneByteRepresentation
IsAsciiRepresentationUnderneath -> IsOneByteRepresentationUnderneath
AllocateRawAsciiString -> AllocateRawOneByteString
AllocateStringFromAscii -> AllocateStringFromOneByte

R=yangguo@chromium.org,
BUG=

Review URL: https://chromiumcodereview.appspot.com/11308066
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-21 10:01:05 +00:00
rossberg@chromium.org
0f6d0d28dd Fix and clean up treatment of hidden prototypes. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11413068

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13012 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-20 12:32:29 +00:00
rossberg@chromium.org
8d79ff46d0 Clean-up refactoring to eliminate GetLocalElementKind. 
Eliminates substantial amounts of fragile code duplication and special casing.

Also fixes "a".propertyIsEnumerable(0) to correctly return true.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11420011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-16 13:28:34 +00:00
svenpanne@chromium.org
d5f589808d Removed a bunch of GetExistingThreadLocal calls by threading the Isolate. 
For Octane, the number of calls go down from 7341629 to 1947880, i.e. they are
reduced by more than 73%. TLS access is not especially cheap, so this exercise
seems worthwhile.

Review URL: https://codereview.chromium.org/11412007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12979 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-16 08:38:11 +00:00
yangguo@chromium.org
3699616609 Rename SeqAsciiString 
This is a straight rename:

NewRawAsciiString -> NewRawOneByteString
SeqAscii -> SeqOneByte

SeqOneByteString cannot yet take non-ascii data.

R=yangguo@chromium.org,
BUG=

Review URL: https://chromiumcodereview.appspot.com/11411005
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-15 13:31:27 +00:00
rossberg@chromium.org
4fb992a872 Object.observe: Handle oldValue for elements with accessors properly. 
Extended ElementAccessor interface to allow querying PropertyType and
AccessorPair. Also added respective functionality to JSObject.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11358234

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-15 11:31:40 +00:00
rossberg@chromium.org
5e7b796479 Object.observe: Move notification of JSArray length changes to JSArray::SetElementsLength 
The previous implementation in Accessors::ArraySetLength failed when array length was set through StoreIC_ArrayLength. But that stub and the accessor both delegate to JSArray::SetElementsLength, so moving the code there allows notifications to be sent in both cases.

Review URL: https://codereview.chromium.org/11275292
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12962 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-14 16:51:21 +00:00
jkummerow@chromium.org
1c086d1202 Lattice-based representation inference, powered by left/right specific type feedback for BinaryOps and comparisons 
Review URL: https://chromiumcodereview.appspot.com/10837165

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-14 15:59:45 +00:00
rossberg@chromium.org
dcb6abd460 Restructure JSObject::SetElement for performance. 
Wins back ~1500 points on Octane/Gameboy that we lost with
https://codereview.chromium.org/11365111 (CL 12900), presumably
by lowering register pressure and/or handlification overhead.
Hopefully benefits other regressions as well.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11275283

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-13 15:47:46 +00:00
mmassi@chromium.org
ce682a2489 Allow property indexes to refer to slots inside the object header. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11365221

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-13 11:07:04 +00:00
svenpanne@chromium.org
073dfc0a6f Fixed Code::FindCodeAgeSequence logic, removing a dead method on the way. 
Review URL: https://codereview.chromium.org/11364177

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12930 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-12 13:27:36 +00:00
rossberg@chromium.org
92e783bc28 Minor cleanup and optimisation of element methods. 
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11365175

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-12 11:08:34 +00:00
svenpanne@chromium.org
130c4041c7 Keep the number of descriptors below DescriptorArray::kMaxNumberOfDescriptors even for accessors 
Review URL: https://codereview.chromium.org/11362182

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12916 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-09 11:30:05 +00:00
rossberg@chromium.org
b72e5811e7 Object.observe: notify when element addition causes array growth 
Review URL: https://codereview.chromium.org/11369135
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12914 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-09 10:57:54 +00:00
svenpanne@chromium.org
e4cbac8dfd Fixed assertion. 
The name in question is not necessarily a symbol, so we have to use Equals instead of ==.

BUG=http://www.playescapegoat.com/

Review URL: https://codereview.chromium.org/11368141

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-09 07:26:05 +00:00
rossberg@chromium.org
2af4744889 Handle Object.observe notifications for setting Array.length 
Also handles notification of deleted properties when an array
is truncated by setting length.

Review URL: https://codereview.chromium.org/11338048
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 16:12:12 +00:00
rossberg@chromium.org
c203f05474 Delivery logic for Object.observe 
This CL has two parts: the first is the logic itself, whereby each observer callback is assigned
a "priority" number the first time it's passed as an observer to Object.observe(), and that
priority is used to determine the order of delivery.

The second part invokes the above logic as part of the API, when the JS stack winds down to
zero.

Added several tests via the API, as the delivery logic isn't testable from a JS test
(it runs after such a test would exit).

Review URL: https://codereview.chromium.org/11266011
Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 13:44:59 +00:00
rossberg@chromium.org
8eb704257f Object.observe: Fixed missing case for turning off ICs. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11358122

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 13:15:54 +00:00
rossberg@chromium.org
fbc6e0d883 Object.observe: generate change records for indexed properties. 
Details:
- Extend ElementAccessors with GetAttributes method.
- Add HasLocalElement, Get[Local]ElementAttribute methods to JSReceiver/JSObject.
- Otherwise, mirror implementation for named properties.

Cannot correctly handle the cases yet where an accessor is redefined or deleted.

Also fixed handling of object info table.

(Based on CL https://codereview.chromium.org/11362115/)

R=verwaest@chromium.org,mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11365111

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 12:58:08 +00:00
danno@chromium.org
bd4e114b8e Add code again to allow reclaiming old unexecuted functions. 
When code objects in the heap for FUNCTIONs and OPTIMIZED_FUNCTIONs are marked by the GC, their prologue is patched with a call to a stub that removes the patch. This allows the collector to quickly identify code objects that haven't been executed since the last full collection (they are the ones that sill contain the patch). The functionality is currently disabled, but can be activated by specifying the "--age-code".

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/10837037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 12:18:11 +00:00
yangguo@chromium.org
943c10bb87 Rename kAsciiStringTag to kOneByteStringTag 
This is just a rename. After commit, I'll begin with the semantic changes.
Until those are complete, kOneByteStringTag will have the same meaning as
kAsciiStringTag.

BUG=

Review URL: https://chromiumcodereview.appspot.com/11293168
Patch from Dan Carney <dcarney@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12897 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 12:14:29 +00:00
mstarzinger@chromium.org
a31889e2de Fix slack tracking when instance prototype changes. 
This fixes a corner case when the instance prototype of a function is
changed while inobject slack tracking is still in progress. This caused
the intial map to be unrelated for functions with the same shared info
and hence the shared construct stub is no longer generic enough to work
for all those functions.

R=danno@chromium.org
BUG=chromium:157019
TEST=mjsunit/regress/regress-crbug-157019

Review URL: https://codereview.chromium.org/11293059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-08 11:56:44 +00:00
rossberg@chromium.org
e059e64c98 Object.observe: include oldValue in change records, 
plus more accurate distinction of different change types.

Required handlifying more code.

Also fixed a handlification bug in JSProxy::GetElementAttributeWithHandler.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11362115

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12888 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-07 14:14:50 +00:00
rossberg@chromium.org
b80cbd7922 Object.observe: generate change records for named properties. 
In more detail:
- Set observation bit for observed objects (and make NormalizedMapCache respect it).
- Mutation of observed objects is always delegated from ICs to runtime.
- Introduce JS runtime function for notifying generated changes.
- Invoke this function in the appropriate places (including some local refactoring).
- Inclusion of oldValue field is not yet implemented, nor element properties.

Also, shortened flag to --harmony-observation.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/11347037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-06 12:32:36 +00:00
verwaest@chromium.org
f95d9502c3 Removed duplicate line. 
Review URL: https://chromiumcodereview.appspot.com/11359055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12860 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-05 15:37:04 +00:00
verwaest@chromium.org
384ab895e8 Remove superfluous setting of bitfield3. 
Review URL: https://chromiumcodereview.appspot.com/11367093

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-05 14:43:11 +00:00
mstarzinger@chromium.org
b55988625d Get rid of obsolete unchecked accessors. 
R=yangguo@chromium.org
BUG=v8:1490

Review URL: https://codereview.chromium.org/11271020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-25 11:52:37 +00:00
mstarzinger@chromium.org
34d98a804d Fix deletion of hidden property with inline-stored hash. 
R=yangguo@chromium.org
BUG=chromium:157124
TEST=cctest/test-api/Regress157124

Review URL: https://codereview.chromium.org/11233033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12785 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-22 12:50:51 +00:00
yangguo@chromium.org
3c5e899378 Fix two-char hash to use correct fallback for zero hashes. 
R=verwaest@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/11228004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-22 10:38:40 +00:00
verwaest@chromium.org
b61933ba10 Eagerly follow transitions to existing maps while json parsing. 
Review URL: https://chromiumcodereview.appspot.com/11184006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-17 14:09:42 +00:00
verwaest@chromium.org
72424b3987 Move DescriptorArray into the map. 
Review URL: https://chromiumcodereview.appspot.com/11188031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-17 13:04:49 +00:00
mstarzinger@chromium.org
02490829dd Fix bug in deletion of indexed properties 
The delete operator always return true in case of indexed property. It
should return false if an indexed property can't be deleted (eg.
DontDelete attribute is set or a string object is the holder).

Contributed by Peter Varga <pvarga@inf.u-szeged.hu>

BUG=none
TEST=mjsunit/delete-non-configurable

Review URL: https://codereview.chromium.org/11094021
Patch from Peter Varga <pvarga@inf.u-szeged.hu>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-15 15:23:22 +00:00
verwaest@chromium.org
7c28995e5d Invalidate the enum cache when converting a transition across which the descriptors are shared. 
Review URL: https://chromiumcodereview.appspot.com/11145017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-15 08:38:51 +00:00
mvstanton@chromium.org
b3c0ed8245 Enable --verify-heap in release mode 
R=mstarzinger@chromium.org
BUG=v8:2120

Review URL: https://codereview.chromium.org/11118018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-12 11:41:14 +00:00
verwaest@chromium.org
9ecabf526c Make EnumCacheBridge immutable. 
Review URL: https://chromiumcodereview.appspot.com/11048051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-12 08:16:49 +00:00
verwaest@chromium.org
b75705f07b Don't clear EnumLength but rather copy the enum cache. Added regression test for crashes from chromecrash. 
Review URL: https://chromiumcodereview.appspot.com/11103036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 15:33:34 +00:00
verwaest@chromium.org
ad6a21c0d0 Remove descriptors pointer. 
Secondary changes:
- don't transfer ownership back on CNLT
- turned debugging checks back into ASSERT

Review URL: https://chromiumcodereview.appspot.com/11099064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-11 12:01:19 +00:00
verwaest@chromium.org
c2a9d49393 Transition ownership back if the descriptors were shared via elements transitions. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/11091044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-10 13:13:35 +00:00
verwaest@chromium.org
dde1cdfb8e Fix transition conversion from CONSTANT_FUNCTION to FIELD. 
Review URL: https://chromiumcodereview.appspot.com/11094044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-10 12:31:50 +00:00
verwaest@chromium.org
55e924c595 Fix CNLT regression. 
This happens when a map A with no descriptors in fast_holey_elements
mode first gets some properties, making it share descriptor arrays with
a map B to which it transitions. Then map A transitions elements kind to
dictionary_elements in map C. C stores the empty_descriptor_array in its
own transition array. When adding a property to C, C transitions to D
and shares the descriptors. If D dies, a CNLT clears the transition
array of C, making the descriptor array of A (and thus also of B) shine
through. If a property is now added to an object in state C, it'll inherit
all the properties of A (and B). If those properties had high field indices,
we do not have a large enough backing store for the single newly added
property, and we'll write out of bounds.

BUG=chromium:151749

Review URL: https://chromiumcodereview.appspot.com/11017054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-10 12:29:44 +00:00
verwaest@chromium.org
15ebb22b6f Off-by-one error in zapping objects after right trimming. 
Review URL: https://chromiumcodereview.appspot.com/11013012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-10-01 09:48:07 +00:00
verwaest@chromium.org
6fd0e69156 Restore the descriptor array before returning allocation failure. 
BUG=chromium:151750

Review URL: https://chromiumcodereview.appspot.com/10989076

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-28 10:15:58 +00:00
verwaest@chromium.org
f623eefddb Only use OwnDescriptors to decide whether to go slow or not. 
Review URL: https://chromiumcodereview.appspot.com/10996044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-27 13:55:50 +00:00
yangguo@chromium.org
681eda652d Fast path for symbol lookup in JSON.parse. 
R=verwaest@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10969069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12598 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-24 14:23:46 +00:00
verwaest@chromium.org
ab94a69d3d Remove whitespace 
Review URL: https://chromiumcodereview.appspot.com/10949018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12546 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 11:09:07 +00:00
verwaest@chromium.org
947663aaa3 Use NumberOfOwnDescriptors/EnumLength for counting properties on fast objects. 
Also split CNLT into small functions.

Review URL: https://chromiumcodereview.appspot.com/10950023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 10:06:02 +00:00
verwaest@chromium.org
8b57f2694b Reduce space usage of simple transitions and descriptors holders. 
Review URL: https://chromiumcodereview.appspot.com/10915260

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 09:54:10 +00:00
verwaest@chromium.org
1b9c319da2 Clear EnumIndices as well on CNLT. 
BUG=

Review URL: https://chromiumcodereview.appspot.com/10944011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12542 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-09-19 08:08:02 +00:00