AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
7,368 Commits 1 Branch 0 Tags 839 MiB
e27d8fcbdc
Commit Graph

1425 Commits

Author SHA1 Message Date
vegorov@chromium.org
e27d8fcbdc RegExpMacroAssembler::CheckStackGuardState should update input string pointer when it is moved or changed by GC. 
If input string was cons-string it might undergo short-circuiting during GC. This does not change input start if underlying seq-string (first element of cons-string) does not move but this makes input-string pointer on the native regexp's frame invalid.

R=lrn@chromium.org

Review URL: http://codereview.chromium.org/8343001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-19 11:01:02 +00:00
fschneider@chromium.org
e8a26d1eb1 Add write barrier helper for code patching and refactor stack check patching. 
The new helper avoids expensive FindCodeForInnerPointer invocation when we have
the host code object available. It is used when patching stack checks.

Also some comments on the ARM platform are corrected.
Review URL: http://codereview.chromium.org/8330021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 15:07:42 +00:00
kmillikin@chromium.org
56c763f023 Make the GC aware of JSReceiver pointers in LookupResults. 
The LookupResult utility class is used in handlified code, but it can
contain a raw pointer to the lookup's holder object.  Create a per-thread
stack of live LookupResults and iterate all the live ones on GC.

R=vegorov@chromium.org,erik.corry@gmail.com
BUG=
TEST=

Review URL: http://codereview.chromium.org/8341009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-18 11:18:55 +00:00
keuchel@chromium.org
7d89f0f3c8 Replace calls_eval() by calls_non_strict_eval() where possible. 
Review URL: http://codereview.chromium.org/8321002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 15:19:34 +00:00
lrn@chromium.org
5152d2e0da Reimplement Function.prototype.bind. 
Make instanceof work correctly.

BUG=v8:893

Review URL: http://codereview.chromium.org/8199004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 12:44:16 +00:00
yangguo@chromium.org
92fdeff125 Porting r9605 to x64 (elements kind conversion in generated code). 
Review URL: http://codereview.chromium.org/8271007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 10:44:47 +00:00
keuchel@chromium.org
0706a98b2a Introduce with scope and rework variable resolution. 
Review URL: http://codereview.chromium.org/7904008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 09:29:37 +00:00
mstarzinger@chromium.org
ac712f13c3 Fix evaluation order of GT and LTE operators. 
According to the ES5 spec all ">" and "<=" expressions should be be
evaluated left-to-right. This obsoletes old hacks for reversing the
order to be ES3 compliant.

R=lrn@chromium.org
BUG=v8:1752

Review URL: http://codereview.chromium.org/8275035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-17 07:43:40 +00:00
fschneider@chromium.org
948a323819 Revert r9619. 
It causes an assertion with deoptimizing from inlined code.
Review URL: http://codereview.chromium.org/8277034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9636 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-14 12:26:29 +00:00
fschneider@chromium.org
c68fc4126f Revert last revert. 
TBR=whesse@chromium.org
Review URL: http://codereview.chromium.org/8286023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-14 12:03:53 +00:00
fschneider@chromium.org
85ab75df50 Revert r9619. 
TBR=whesse@chromium.org
Review URL: http://codereview.chromium.org/8286022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-14 11:56:07 +00:00
fschneider@chromium.org
34534588fb Fix a number of bugs with inlining calls as function. 
1. Record AST id for CallFunctionStub.

2. Correctly extract cached target from CallFunctionStub inline cache.

3. Fix a bug when inling call as a function in effect or value context:
   Handle abnormal exits correcty.

4. Fix a bug when inlining call as a function in test context: drop function
   correctly from true and false block.

5. Avoid inlining mutually recursive functions by checking the stack of function
   states before inlining. This was not a bug, but is just a more general
   check to avoid recursive inlining.
Review URL: http://codereview.chromium.org/8258012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-14 08:43:27 +00:00
fschneider@chromium.org
212e4ae7d4 Eliminate write barrier for global stores at compile time if value stored is a smi. 
Omit smi check inside write barriers if the value is known to be a heap object.

Refine inferred types of some instructions.
Review URL: http://codereview.chromium.org/8256016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-14 07:45:18 +00:00
yangguo@chromium.org
fae807b3bb Elements kind conversion in generated code (ia32). 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8241003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9605 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-13 10:53:31 +00:00
mstarzinger@chromium.org
1da890af54 Refactor how embedded pointers are visited. 
This refactoring (almost) gets rid of the requirement to get the target
object address for an object pointer embedded in code objects. This is
not possible on MIPS as pointers are encoded using two instructions. All
usages of RelocInfo::target_object_address() are (almost) obsoleted by
this change. The serializer still uses it, so MIPS will not yet work
with snapshots turned on.

R=danno@chromium.org,vegorov@chromium.org

Review URL: http://codereview.chromium.org/8245007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9597 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-12 15:43:41 +00:00
rossberg@chromium.org
1abf3ed0a4 Introduce collective --harmony flag. 
Shorten --harmony-block-scoping to --harmony-scoping.

R=keuchel@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8226017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-12 12:23:06 +00:00
jkummerow@chromium.org
312c534a6c Refactor and fix polymorphic KeyedStoreIC creation 
Review URL: http://codereview.chromium.org/8233011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 16:02:45 +00:00
jkummerow@chromium.org
184fdcf28b Track elements_kind transitions in KeyedStoreICs. 
Review URL: http://codereview.chromium.org/8166017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 09:33:00 +00:00
erik.corry@gmail.com
f900fc9d80 Remove some unused and unneeded flags. 
Review URL: http://codereview.chromium.org/8228004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 09:28:06 +00:00
fschneider@chromium.org
876fa09feb Move declaration of SerializedScopeInfo from variables.h to objects.h 
This eliminates compile-errors when assigning Handle<SerializedScopeInfo> to
Handle<Object> in a place where the declaration was not available because
variables.h was not included.

As a result I had to also move the enum Variable::Mode to v8globals.h and
rename it to VariableMode.
Review URL: http://codereview.chromium.org/8221004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-11 08:41:19 +00:00
yangguo@chromium.org
3249530ef0 Fixing issue 1757 (string slices of external strings). 
BUG=v8:1757
TEST=regress-1757.js

Review URL: http://codereview.chromium.org/8217011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 16:09:03 +00:00
danno@chromium.org
3b07abbdbe Activate smi-only optimizations for large array literals. 
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/8177005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-10 08:31:06 +00:00
keuchel@chromium.org
c1cf622fe9 Fast allocation of block contexts. 
Review URL: http://codereview.chromium.org/8066002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9542 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-06 15:59:02 +00:00
keuchel@chromium.org
80048c14b1 Fix load of potentially eval-shadowed let bindings. 
BUG=
TEST=test/mjsunit/harmony/block-let-semantics.js

Review URL: http://codereview.chromium.org/8118032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-06 15:24:20 +00:00
yangguo@chromium.org
3c812247aa Simplify compares in KeyedStoreIC::GenerateGeneric. 
Review URL: http://codereview.chromium.org/8068024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 12:17:08 +00:00
vegorov@chromium.org
777df2d878 Adjust contents of kAheadOfTime to match write-barrier stub called from CompileArrayPushCall. 
R=erik.corry@gmail.com
BUG=v8:1729

Review URL: http://codereview.chromium.org/8113034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 11:38:12 +00:00
fschneider@chromium.org
976d5f3797 Clean list of external references from internal objects like the hole value. 
Review URL: http://codereview.chromium.org/8114032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-04 09:07:50 +00:00
kmillikin@chromium.org
a4e0103708 Clean up the x86 assembler API. 
The API is inconsistent about when a register must be coerced to an operand
and when it can be used as a register.  Simplify usage by never requiring it
to be wrapped.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8086021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9507 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-10-03 11:44:39 +00:00
yangguo@chromium.org
5ed752de96 Porting r9456 to x64 (Optimize KeyedStoreGeneric for Smi arrays). 
Review URL: http://codereview.chromium.org/8054043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-29 14:08:21 +00:00
vegorov@chromium.org
36ae5f3811 Pass correct anchor_slot for EMBEDDED_OBJECT pointers from code objects. 
Correctly initialize newly created large-object pages when incremental marking with compaction is in progress.

R=erik.corry@gmail.com
BUG=v8:1737

Review URL: http://codereview.chromium.org/8070002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-28 17:45:58 +00:00
erik.corry@gmail.com
07ba7ad073 Move the is_pregenerated flag so it does not overlap other flags. 
Remove the before-or-after InstanceOf stub rule, which was too
subtle and lacked checking ssertions.
Unify the way the CEntry stub is pregenerated so that it is done
in the same way.
Review URL: http://codereview.chromium.org/8065006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-28 12:23:40 +00:00
erik.corry@gmail.com
bbcafaa2d5 Make sure we don't flush the pregenerated stubs, since they need 
to be always present, so that we can call them from other stubs
without trying to generate stubs while we are generating stubs.
Review URL: http://codereview.chromium.org/8052029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-28 10:32:12 +00:00
danno@chromium.org
1b5a2381ec Optimize KeyedStoreGeneric for Smi arrays. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/8022002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9456 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-27 16:15:29 +00:00
vegorov@chromium.org
f2ff85ad71 CallFunctionStub was missing a write-barrier for write into the global cell. 
R=fschneider@chromium.org
BUG=v8:1733

Review URL: http://codereview.chromium.org/8054012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-27 13:45:13 +00:00
fschneider@chromium.org
27e1a8d414 Improve our simple elimination of hole checks. 
Currently we avoid checking for the hole value after array loads, if the
result is only used by instructions that definitely deoptimize in case
of the hole value (HChange instructions).

This change performs the same procedure for loading from deleteable/read-only
global variable where we can also avoid the check in the same cases.
Review URL: http://codereview.chromium.org/8054008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9453 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-27 13:03:19 +00:00
kmillikin@chromium.org
bcb781d76a Record function call targets, use them for inlining. 
Introduce a version of the CallFunctionStub that records monomorphic
call targets in a one-element cache in the instruction stream.  Use
the cache for inlining attempts in the optimizing backend.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7966038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9449 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-27 11:42:02 +00:00
vegorov@chromium.org
0df7441668 Tighten up assertions checking GC-safety of stub calls. 
Ensure that stubs are properly pregenerated on all platforms.

R=erik.corry@gmail.com
BUG=v8:1729

Review URL: http://codereview.chromium.org/8041035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9447 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-27 10:53:22 +00:00
jkummerow@chromium.org
0455aadbeb Add Crankshaft support for smi-only elements 
Review URL: http://codereview.chromium.org/8002019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 12:09:04 +00:00
fschneider@chromium.org
ba6cd937ff Add code comments to deferred code objects to make debugging easier. 
Review URL: http://codereview.chromium.org/8046003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 09:32:10 +00:00
kmillikin@chromium.org
883f32695b Enable inlining functions with contexts different than their caller. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/7925007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 09:17:56 +00:00
yangguo@chromium.org
e6509e77d2 Small refactor to KeyedStoreIC::GenerateGeneric to make it slightly faster. 
Review URL: http://codereview.chromium.org/8008016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9418 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-26 07:36:44 +00:00
yangguo@chromium.org
65b1ea22fe Porting r9392 to x64 (smi-only arrays). 
Review URL: http://codereview.chromium.org/7992003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-23 14:19:04 +00:00
whesse@chromium.org
2e40bc244a Add dynamic stack frame alignment to optimized functions with untagged doubles on the stack. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/7976024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9415 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-23 13:28:17 +00:00
vegorov@chromium.org
bfd048173f Notify collector about lazily deoptimized code objects. 
All slots that were recorded on these objects during incremental marking should be ignored as they are no longer valid.

To filter such invalidated slots out during slots buffers iteration we set all markbits under the invalidated code object to 1 after the code space was swept and before slots buffers are processed.

R=erik.corry@gmail.com
BUG=v8:1713
TEST=test/mjsunit/regress/regress-1713.js

Review URL: http://codereview.chromium.org/7983045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 16:01:35 +00:00
danno@chromium.org
f48c9f6557 Basic support for tracking smi-only arrays on ia32. 
Activated by the flag --smi-only-arrays

Currently not crankshaft support, using flag on non-ia32 platforms will lead to write barrier misses and crashes.

BUG=none
TEST=elements_kind.js

Review URL: http://codereview.chromium.org/7901016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9392 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-22 11:30:04 +00:00
rossberg@chromium.org
fdade92c20 Reorganize object type enum, such that proxies are no longer in the middle 
of the range of proper JS objects.

Unfortunately, callable types no longer form a range now. However, there
are only two anyway. We put them at either end of the range of JS object
types so that certain compares can be combined.

R=erik.corry@gmail.com,kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7737036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-21 14:46:54 +00:00
erik.corry@gmail.com
c8fe713986 Put back the asserts in RememberedSetHelper, but correct this time. 
Fix some incorrect comments.
Review URL: http://codereview.chromium.org/7977005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 13:32:27 +00:00
vegorov@chromium.org
867bb733af Remove incorrect debug-code assertion. 
We should not use slot address to find out the page. This does not work for large pages.

Also this assertion is not always true (violated during incremental marking).

R=erik.corry@gmail.com
TEST=mozilla/js1_5/extensions/regress-371636

Review URL: http://codereview.chromium.org/7981001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9339 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 11:30:18 +00:00
lrn@chromium.org
610281f4ee Fix calculation of live-bytes in pages. 
The "live bytes" count is *really* a "marked black" count - i.e., the count of bytes *known* to be live.

Fix aggravating bug on X64 where assembler code used a value that was off
by a factor of 2^31.

Ensure that sweeping clears live-bytes. Added other missing increments.

Added print statements to trace live-byte modifications, under a flag.

Still a few cases of undercounting left.

(New issue to merge from GC branch to bleeding_edge)

Review URL: http://codereview.chromium.org/7970009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 11:20:00 +00:00
yangguo@chromium.org
fdffe67205 Initialize pre-allocated fields of JSObject with undefined. 
BUG=94873

Review URL: http://codereview.chromium.org/7929001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-20 10:06:23 +00:00