Commit Graph

3334 Commits

Author SHA1 Message Date
rossberg@chromium.org
8023c9f564 Implement basic code generation for arrow functions
Implements code generation for arrow functions by desugaring them into
a FunctionLiteral. For the moment, a normal FUNCTION_SCOPE is used, so
"this" and "arguments" behave as in normal functions. Implementing the
correct scoping rules is to be done later on.

BUG=v8:2700
LOG=
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/382893003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22495 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-21 09:58:01 +00:00
yangguo@chromium.org
1eacdd55a0 Implement String.prototype.codePointAt and String.fromCodePoint.
Contributed by Mathias Bynens <mathiasb@opera.com>.

TBR=mathiasb@opera.com, rossberg@chromium.org
BUG=v8:2840
LOG=Y

Review URL: https://codereview.chromium.org/406863003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-21 08:45:32 +00:00
yangguo@chromium.org
219e763155 Expose the content of Maps and WeakMaps through MapMirror.
BUG=v8:3291
LOG=N
R=aandrey@chromium.org, yangguo@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=22452

Review URL: https://codereview.chromium.org/398513005

Patch from Alexandra Mikhaylova <amikhaylova@google.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-21 08:07:04 +00:00
danno@chromium.org
1d2a4b8333 Remove experimental flags that are now required
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/397253002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-18 07:17:21 +00:00
yangguo@chromium.org
e3d9037121 Revert "Expose the content of Maps and WeakMaps through MapMirror."
This reverts r22452.

TBR=amikhaylova@google.com

Review URL: https://codereview.chromium.org/399963002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22454 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-17 16:43:52 +00:00
yangguo@chromium.org
4116944ced Expose the content of Maps and WeakMaps through MapMirror.
BUG=v8:3291
LOG=N
R=aandrey@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/398513005

Patch from Alexandra Mikhaylova <amikhaylova@google.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22452 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-17 15:07:59 +00:00
yangguo@chromium.org
f61b67ce0b Limit stack size when testing stack overflow in JSON.stringify.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/397073004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22451 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-17 13:23:02 +00:00
rodolph.perfetta@arm.com
56ec59bd26 ARM64: always restore regexp register cache after a C function call.
BUG=v8:3444
TEST=mjsunit/regress/regress-regexp-nocase.js
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/392403002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22443 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-17 09:55:48 +00:00
yangguo@chromium.org
d1333142e2 Ship ES6 Math functions.
R=rossberg@chromium.org
BUG=v8:2938
LOG=Y

Review URL: https://codereview.chromium.org/394833002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-16 14:00:15 +00:00
rossberg@chromium.org
96dd1c7831 Make ToPrimitive throw on symbol wrappers
R=mstarzinger@chromium.org
BUG=v8:3442
LOG=Y

Review URL: https://codereview.chromium.org/389263003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-16 09:26:11 +00:00
yangguo@chromium.org
49ae3081d2 Error.captureStackTrace should define "stack" property as configurable.
R=verwaest@chromium.org
BUG=393988
LOG=N

Review URL: https://codereview.chromium.org/396063008

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-16 07:55:05 +00:00
verwaest@chromium.org
1d55a634a9 Replace AddProperty by AddNamedProperty to speed up the common case
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/384003003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-14 14:05:30 +00:00
verwaest@chromium.org
aa7198dfdd This CL simplifies var / const by ensuring the behavior is consistent in itself, and with regular JS semantics; between regular var/const and eval-ed var/const.
Legacy const is changed so that a declaration declares a configurable, but non-writable, slot, and the initializer reconfigures it (when possible) to non-configurable non-writable. This avoids the need for "the hole" as marker value in JSContextExtensionObjects and GlobalObjects. Undefined is used instead.

BUG=
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/379893002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-14 14:01:04 +00:00
rossberg@chromium.org
942fe1914f Reland "Include symbol properties in Object.{create,defineProperties}"
Second try; implementation that doesn't rely on external arrays.

R=mstarzinger@chromium.org
BUG=v8:3440

Review URL: https://codereview.chromium.org/391713002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-14 14:00:33 +00:00
rossberg@chromium.org
f2536bf7af Revert "Include symbol properties in Object.{create,defineProperties}"
TBR=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/394443002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22373 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-14 12:27:08 +00:00
rossberg@chromium.org
5c8d0d18f0 Include symbol properties in Object.{create,defineProperties}
R=mstarzinger@chromium.org
BUG=v8:3440
LOG=Y

Review URL: https://codereview.chromium.org/391683002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-14 10:59:29 +00:00
jarin@chromium.org
457de26330 Fix arm64 deoptimization from double registers (reverts r20613).
This reverts "ARM64: Use pair memory access in deoptimizer entry", r20613. It does not really make sense to micro-optimize the deoptimizer as it is the ultra-slow path. Moreover, the original code was easier to read (in addition to being correct).

BUG=391313
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/389583003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-11 19:30:09 +00:00
dslomov@chromium.org
4db1f68077 Disabling flakes.Filed 3433, 3434, 3435.
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/382083003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-11 11:20:37 +00:00
rossberg@chromium.org
e274edc8b8 Make let usable as an identifier in ES6 sloppy mode.
All of our mjsunit suite now runs through with --harmony-scoping enabled, up to expected failures (tests checking syntax errors for const/function in strict mode).

R=marja@chromium.org, ulan@chromium.org
BUG=v8:2198
LOG=Y

Review URL: https://codereview.chromium.org/378303003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-10 14:06:37 +00:00
mstarzinger@chromium.org
91efa58849 Drop deprecated --es5-readonly flag from test suite.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/377273002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-09 14:37:58 +00:00
rossberg@chromium.org
23753270ba Fix several issues with ES6 redeclaration checks
R=ulan@chromium.org
BUG=v8:3426
LOG=Y

Review URL: https://codereview.chromium.org/377513006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-09 11:35:05 +00:00
dusan.milosavljevic@rt-rk.com
a0f6878a06 Add mips64 port.
Summary:

- Changes in common code are mainly boilerplate changes,
gyp and test status files updates.

- On mips64 simulator all tests pass from all test units.

- Current issues: mjsunit JS debugger tests fail randomly on HW in release mode.
Corresponding tests are skipped on HW.

- Skipped tests on mips64: test-heap/ReleaseOverReservedPages, mjsunit/debug-*

TEST=
BUG=
R=danno@chromium.org, plind44@gmail.com, ulan@chromium.org

Review URL: https://codereview.chromium.org/371923006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22297 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-09 11:08:26 +00:00
mstarzinger@chromium.org
50beec9738 Follow-up to a pre-existing regression test.
R=yangguo@chromium.org
BUG=v8:1530,v8:1872
TEST=mjsunit/regress/regress-1530
LOG=N

Review URL: https://codereview.chromium.org/378233006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-09 10:23:58 +00:00
ulan@chromium.org
68036255ea Fix for-loop with const/let and empty condition/iteration statements.
BUG=v8:3425, v8:3424
LOG=N
TEST=mjsunit/harmony/empty-for.js
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/377833003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22290 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-09 07:50:11 +00:00
aandrey@chromium.org
6872ad5c46 Change some names in Promise instrumentation events.
TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/374103002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22284 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-08 14:45:57 +00:00
verwaest@chromium.org
ad6202d989 Fix computed properties on object literals with a double as propertyname.
BUG=390732
LOG=y
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/371973002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-07 17:08:54 +00:00
verwaest@chromium.org
168523b542 Revert "Treat ExecutableAccessorInfo as regular data properties."
Temporarily revert since blink has some properties like this on the
prototype chain where it expects accessorpair-behavior (e.g.,
window.onload).

TBR=dslomov@chromium.org
BUG=

Review URL: https://codereview.chromium.org/378583002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-07 16:18:15 +00:00
verwaest@chromium.org
251ae22156 Treat ExecutableAccessorInfo as regular data properties.
BUG=
R=dcarney@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/368783006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22236 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-07 11:00:44 +00:00
rossberg@chromium.org
7aff3023ae Avoid brittle use of .bind in Promise.all
R=yangguo@chromium.org
BUG=v8:3420
LOG=Y

Review URL: https://codereview.chromium.org/366103005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-07 09:47:43 +00:00
yangguo@chromium.org
29b59adbf6 Revert "Remove unnecessary check in RegExpExecStub."
This reverts r22203 and r22205.

TBR=danno@chromium.org

Review URL: https://codereview.chromium.org/369063005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-03 20:21:00 +00:00
aandrey@chromium.org
952a986dd1 Introduce debug events for Microtask queue.
R=yangguo@chromium.org, adamk@chromium.org, rafaelw@chromium.org, rossberg@chromium.org
BUG=chromium:272416
LOG=Y

Review URL: https://codereview.chromium.org/362783002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22204 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-03 15:56:01 +00:00
yangguo@chromium.org
7acb28a120 Fix assertion failure in mjsunit/regexp-stack-overflow.
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/364213003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-03 14:57:55 +00:00
yangguo@chromium.org
87dfaa8951 Remove unnecessary check in RegExpExecStub.
R=ulan@chromium.org
BUG=v8:592
LOG=N

Review URL: https://codereview.chromium.org/363313002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-03 14:03:10 +00:00
yangguo@chromium.org
a0c10d119a Revert "Turn old space cons strings into regular external strings (not short)."
This reverts commits r22192 and r22194.

TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/367113003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-03 12:24:41 +00:00
yangguo@chromium.org
6574f33d2a Turn old space cons strings into regular external strings (not short).
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/368223002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-03 11:46:31 +00:00
ishell@chromium.org
2fba190240 One of the fast cases in JSObject::MigrateFastToFast() should not be taken if the number of fields did not change.
BUG=chromium:390918
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/363073002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 19:10:19 +00:00
verwaest@chromium.org
a1dd1a262c Revert "Remove special ExecutableAccessorInfo handling based on flag"
Temporarily reverting until we figure out how to handle the API cases that use accessors to lazily compute values.
dataAttributeGetterCustom in V8MessageEventCustom (at least) overwrites itself with the computed value using ForceSet. We can either force such clients to first use ForceDelete before caching, use some other caching mechanism; or provide an API for lazily computed properties.

TBR=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/365903005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 16:59:04 +00:00
verwaest@chromium.org
2350d46146 Remove special ExecutableAccessorInfo handling based on flag
This additionally removes special "prototype" handling for O.o, since it's broken; and added test.

BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/368853003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 15:28:29 +00:00
yangguo@chromium.org
f353ff668a Harden Runtime_LiveEditCheckAndDropActivations against unsafe args.
R=jarin@chromium.org
BUG=390925
LOG=N

Review URL: https://codereview.chromium.org/362983004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 15:09:44 +00:00
yangguo@chromium.org
44d6ef37ab Reland "Fix stack trace accessor behavior."
BUG=v8:3404
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/349033007

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 14:18:10 +00:00
wingo@igalia.com
341d61867c Allow yield expressions without a RHS.
R=marja@chromium.org
BUG=

Review URL: https://codereview.chromium.org/348893007

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22163 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 13:48:28 +00:00
yangguo@chromium.org
a481d753d0 Stack traces exposed to Javascript should omit extensions.
R=marja@chromium.org
BUG=v8:311
LOG=Y

Review URL: https://codereview.chromium.org/363893003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22162 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 13:36:29 +00:00
ishell@chromium.org
8bf1b45e5b Mark mjsunit/migrations test in debug mode as TIMEOUT
Review URL: https://codereview.chromium.org/362953002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 09:57:27 +00:00
marja@chromium.org
7717f2366f Handle "//# sourceURL" comments in the Parser instead of the JS.
BUG=v8:2948
LOG=N
R=svenpanne@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/316173002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 07:01:31 +00:00
ishell@chromium.org
e65cc42189 Skip mjsunit/migrations test in debug mode to avoid timeout failures.
TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/364663002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 17:39:16 +00:00
rossberg@chromium.org
8a25b88722 Make freeze & friends ignore private properties
R=verwaest@chromium.org
BUG=v8:3419
LOG=Y

Review URL: https://codereview.chromium.org/355123006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 15:47:41 +00:00
ishell@chromium.org
2c94151e6e Reland r22082 "Replace HeapNumber as doublebox with an explicit MutableHeapNumber."
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/334323003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 15:02:31 +00:00
mvstanton@chromium.org
e3af6b1821 Test mjsunit/allocation-site-info is flaky without explicit gc()
It started failing on arm64 nosnap during a test case where complex nested
literal arrays are created.

R=machenbach@chromium.org
BUG=

Review URL: https://codereview.chromium.org/367703002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 14:51:11 +00:00
verwaest@chromium.org
26eae0c429 Clean up the global object naming madness.
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/352173006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22117 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 12:12:34 +00:00
verwaest@chromium.org
cf094f48e9 Improve error reporting for duplicate object template properties.
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/359413007

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22112 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 10:00:19 +00:00
rossberg@chromium.org
28eda86ae7 Make Map.set() and Set.add() chainable
From the Harmony draft:

https://people.mozilla.org/~jorendorff/es6-draft.html#sec-map.prototype.set
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-weakmap.prototype.set
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-set.prototype.add
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-weakset.prototype.add

BUG=v8:3410
R=arv@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/359173002

Patch from caitp <caitpotter88@gmail.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22111 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 09:49:25 +00:00
yangguo@chromium.org
f2cc802d7e Mark long-running tests as TIMEOUT for gc stress.
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/360233003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22108 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 08:32:47 +00:00
rossberg@chromium.org
7b04a68d23 ES6: Add missing Set.prototype.keys function
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-set.prototype.keys

The value of the keys property is just the initial value of the values
function.

BUG=v8:3411
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/353293003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22099 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 14:37:07 +00:00
yangguo@chromium.org
5d408ee73d Revert "Fix stack trace accessor behavior."
This reverts r22089.

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/360033002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 13:16:42 +00:00
yangguo@chromium.org
e1d80e2858 Fix stack trace accessor behavior.
R=verwaest@chromium.org
BUG=v8:3404
LOG=N

Review URL: https://codereview.chromium.org/343563009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 11:48:20 +00:00
yangguo@chromium.org
f6c4178aa7 Introduce debug events for promises.
R=aandrey@chromium.org, rossberg@chromium.org
BUG=v8:3093
LOG=Y

Review URL: https://codereview.chromium.org/357603005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22086 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 11:12:42 +00:00
ishell@chromium.org
d1190c503d Revert "Replace HeapNumber as doublebox with an explicit MutableHeapNumber."
This reverts commit r22082 for breaking arm64 build.

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/360023003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 10:19:31 +00:00
ishell@chromium.org
cea1824f58 Replace HeapNumber as doublebox with an explicit MutableHeapNumber.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/355793003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 09:44:43 +00:00
danno@chromium.org
9176485c8b Support non-internalized string key lookups in Hydrogen KeyedLoadIC
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/356213003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-28 00:33:04 +00:00
verwaest@chromium.org
8945c69855 Don't leak the global object in the Function constructor.
BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/359713005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-27 13:50:37 +00:00
verwaest@chromium.org
63431b23d1 Split SetProperty(...attributes, strictmode) into DefineProperty(...attributes) and SetProperty(...strictmode)
BUG=
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/351853005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-27 13:48:37 +00:00
yangguo@chromium.org
0133d96be3 Remove script collected debug event.
R=yurys@chromium.org

Review URL: https://codereview.chromium.org/358873005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22063 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-27 12:10:43 +00:00
mstarzinger@chromium.org
7a4054b7d7 Allow inlining of functions containing %_Arguments.
R=svenpanne@chromium.org
TEST=mjsunit/compiler/inline-arguments

Review URL: https://codereview.chromium.org/356773002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-27 11:04:35 +00:00
yurys@chromium.org
0339d069d9 Add OnCompileError handler and v8::CompileError debug event.
This event is generated when the parser can not generate code.

R=vsevik@chromium.org, yangguo@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/264333007

Patch from Alexey Kozyatinskiy <kozyatinskiy@google.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22043 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-26 16:03:52 +00:00
yangguo@chromium.org
e26102ac24 Suppress GC stress failure for a test that asserts code being optimized.
The reason is that GC stress causes additional deopts that the test
originally did not foresee.

R=marja@chromium.org

Review URL: https://codereview.chromium.org/355973003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22034 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-26 09:49:17 +00:00
yangguo@chromium.org
a2d15ce518 Compile optimized code with active debugger but no break points.
R=ulan@chromium.org
BUG=386492
LOG=Y

Review URL: https://codereview.chromium.org/356713004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22029 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-26 06:32:51 +00:00
danno@chromium.org
8313c523b3 Optimize Map/Set.prototype.forEach
Instead of using an iterator result object and an entries array
(for Map) we introduce a new runtime function that uses an array
as an out param.

On the Map ForEach perf test this leads to a 2.5x performance
improvement. On the overall Map and Set tests this leads to a 18%
and 13% improvement respectively.

BUG=None
LOG=Y
R=danno@chromium.org

Review URL: https://codereview.chromium.org/355663002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-26 00:40:45 +00:00
danno@chromium.org
eaca750b29 Remove distinction between hidden and normal runtime functions
R=jkummerow@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/346413004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22018 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-25 15:26:10 +00:00
yangguo@chromium.org
6f2368627c Blacklist failing test from GC stress runs.
The test expects a function not to deopt. However GC stress causes
the code to be marked for deopt for a reason we are not testing against.

R=marja@chromium.org

Review URL: https://codereview.chromium.org/354853002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22010 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-25 12:18:19 +00:00
yangguo@chromium.org
3247a71c78 Do not unnecessarily expose execution state in debug event data.
When we fire a debug event, we create duplicate execution state objects,
one as argument for the debug event listener, one as property on the
debug event data object. The latter is never used by chrome.

R=yurys@chromium.org

Review URL: https://codereview.chromium.org/355793002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-25 09:13:09 +00:00
yangguo@chromium.org
50cc3a5ba8 Suppress ASAN for non-compatible test case.
This test calls quit() to exit d8 without proper tear down.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/356623003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-25 09:05:28 +00:00
wingo@igalia.com
bf8e802f1a Add @@iterator, .entries(), .values(), .keys() support to typed arrays
R=arv@chromium.org, rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/336403002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-25 08:46:53 +00:00
yangguo@chromium.org
4fa6a27ae2 Fix mjsunit's assertOptimized and assertUnoptimized.
This was broken some time ago by a refactor.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/349423003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-25 08:01:13 +00:00
wingo@igalia.com
699bc8f73d Add @@iterator support for strings
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/335423002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-25 07:43:14 +00:00
wingo@igalia.com
f6dfa63c9d Add @@iterator to Array.prototype
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/338323003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-25 07:32:57 +00:00
yangguo@chromium.org
58bf19e9d5 Remove bogus assertions in HCompareObjectEqAndBranch.
R=jkummerow@chromium.org, danno@chromium.org
BUG=387636
LOG=Y

Review URL: https://codereview.chromium.org/331863015

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21959 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-24 09:33:05 +00:00
yangguo@chromium.org
438f49a322 Do not eagerly update allow_osr_at_loop_nesting_level.
Having debug break points prevents OSR. That causes
allow_osr_at_loop_nesting_level and the actually patched state
to go out of sync.

R=jkummerow@chromium.org
BUG=387599
LOG=Y

Review URL: https://codereview.chromium.org/346223007

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-24 09:31:30 +00:00
adamk@chromium.org
257adcf0ed Map/Set: Implement constructor parameter handling
When an iterable object is passed in as the argument to the Map and Set
constructor the elements of the iterable object are used to populate the
Map and Set.

http://people.mozilla.org/~jorendorff/es6-draft.html#sec-map-iterable
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-set-iterable

BUG=v8:3398
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/345613003

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21950 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 18:05:57 +00:00
alph@chromium.org
f61854fe0a Support LiveEdit on Arm64
BUG=368580
LOG=Y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/339663007

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21937 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 13:20:26 +00:00
yangguo@chromium.org
2411bc9447 Harden %FunctionBindArguments wrt optimized code cache.
R=jkummerow@chromium.org
BUG=387627
LOG=N

Review URL: https://codereview.chromium.org/345463005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 13:17:42 +00:00
mvstanton@chromium.org
c0179a50da Re-land "Clusterfuzz identified overflow check needed in dehoisting."
BUG=380092
LOG=N
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/335063005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 09:09:05 +00:00
verwaest@chromium.org
d06afb3ce0 Remove AccessControl from AccessorPairs, as it's an invalid usecase of AllCan*
BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/332863003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 09:02:16 +00:00
yangguo@chromium.org
ba2d7da5a9 Introduce intrinsic to expose debug state to generated code.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/332673002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21908 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 07:10:25 +00:00
jarin@chromium.org
e56faa9909 Add missing map check to optimized f.apply(...)
This is a cutdown version of https://codereview.chromium.org/346473002/, which aimed to fix f.call and f.apply. Optimized f.call was removed by r21887, this is what was left.

BUG=386034
LOG=N
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/348623002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 05:50:06 +00:00
palfia@homejinni.com
57d0b53eed MIPS: Support LiveEdit.
Port r21895 (210f7aa)

BUG=368580
LOG=Y
R=jkummerow@chromium.org, palfia@homejinni.com

Review URL: https://codereview.chromium.org/349703002

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-20 20:52:57 +00:00
jkummerow@chromium.org
1d35d6d871 Array.concat: properly go to dictionary mode when required
BUG=chromium:387031
LOG=y
R=danno@chromium.org

Review URL: https://codereview.chromium.org/342333002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-20 15:40:21 +00:00
wingo@igalia.com
b7d18d0eff Fix stack capture on overflow for Error.stackTraceLimit == Infinity
Bug found by Andrew Paprocki <andrew@ishiboo.com>.

R=mstarzinger@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/345533002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-20 14:27:55 +00:00
mstarzinger@chromium.org
5eb7ce9040 Remove obsolete --harmony-promises flag from tests.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/345053002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-20 10:47:50 +00:00
alph@chromium.org
969759fd3f Support LiveEdit on ARM
BUG=368580
LOG=Y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/344573004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21895 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-20 09:41:14 +00:00
dcarney@chromium.org
bd3f8a524e Revert "Optimize Function.prototype.call"
This reverts commit r21840.

R=danno@chromium.org
LOG=y
BUG=chromium:385565

Review URL: https://codereview.chromium.org/347573002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21887 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-18 14:04:41 +00:00
mstarzinger@chromium.org
d5cb9ee440 Drop obsolete ES6 TODOs about activating extended mode.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/338363002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21877 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-17 15:22:38 +00:00
yangguo@chromium.org
11368af66d Interrupts must not mask stack overflow.
R=jarin@chromium.org
BUG=385002
LOG=N

Review URL: https://codereview.chromium.org/339883002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-17 13:54:49 +00:00
jarin@chromium.org
f69bb7fcc3 Do not eliminate bounds checks for "<const> - x".
Before this change, bounds check elimination treated "<const> - x" as
"x - <const>".

R=yangguo@chromium.org
BUG=385054
TEST=test/mjsunit/regress/regress-385054.js
LOG=N

Review URL: https://codereview.chromium.org/339583003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-16 13:43:50 +00:00
bmeurer@chromium.org
2591003da5 Add unit test for regression in GVN caused by field type tracking.
BUG=v8:3347
LOG=n
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/333273004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-16 13:21:42 +00:00
bmeurer@chromium.org
4642c2e18c Revert "GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same."
This reverts commit r21830 for tanking performance on Deltablue.

TBR=ishell@chromium.org

Review URL: https://codereview.chromium.org/336223002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-16 13:03:59 +00:00
jkummerow@chromium.org
aae24ae40b Fix representation of Phis for mutable-heapnumber-in-object-literal properties
BUG=v8:3392
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/328343004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-16 08:41:29 +00:00
verwaest@chromium.org
7005abf03b Optimize Function.prototype.call
- May inline the function, or call it directly, instead of going through call
- Supports arguments object escaping when it escapes to builtins (preparation for slice.call(arguments, ...) optimization)
- Both .call and .apply now support inlining when calling builtins indirectly

BUG=
R=verwaest@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/335683002

Patch from Petka Antonov <p.antonov@partner.samsung.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-13 12:52:23 +00:00
jkummerow@chromium.org
6e29768eb6 Have one, long-lived map for bound functions.
This avoids creating a new map for every bound function. Bonus: some cleanup in Runtime_FunctionBindArguments.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/335653002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-13 12:19:04 +00:00
jkummerow@chromium.org
8334faa0e0 Allow all Names to be fast property names
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/329393005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-13 09:59:39 +00:00
ulan@chromium.org
0f69ed32f3 Disable regress/regress-2653 until deopt_every_n_garbage_collections is fixed.
BUG=3389
LOG=N
R=marja@chromium.org

Review URL: https://codereview.chromium.org/331823003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-13 08:05:34 +00:00
ishell@chromium.org
41e9d916c4 GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/331493006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-13 07:51:45 +00:00
wingo@igalia.com
dfb1c7dc9e For-of calls [Symbol.iterator]() on RHS to get iterator
R=rossberg@chromium.org
BUG=http://code.google.com/p/v8/issues/detail?id=2735
LOG=N

Review URL: https://codereview.chromium.org/332663004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-12 17:31:54 +00:00
jkummerow@chromium.org
301ae7dd56 Optimize prototype chain when creating initial maps for functions used as constructors
Review URL: https://codereview.chromium.org/332783002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-12 16:41:56 +00:00
danno@chromium.org
634cb5e8a1 Revert "Revert "Reland 21774: Generate KeyedLoadGeneric with Hydrogen""
This CL tickled an unrelated arm64 bug which was is fixed separately.

The MIPS port (originally landed 21784) is also included.

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/331633002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-12 09:58:10 +00:00
wingo@igalia.com
8e165acbdf Add @@iterator for generator objects
R=arv@chromium.org, rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/328093002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-12 08:53:07 +00:00
dcarney@chromium.org
44b0e2110e filter cross context eval
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/294073002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-12 08:28:19 +00:00
danno@chromium.org
c17e79293b Revert "Reland 21774: Generate KeyedLoadGeneric with Hydrogen"
Due to lingering arm64 failures in Test262

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/332663003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-12 07:38:49 +00:00
danno@chromium.org
905d777d8f Reland 21774: Generate KeyedLoadGeneric with Hydrogen
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/57123002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-11 21:44:50 +00:00
danno@chromium.org
006bdafecc Revert 21774: "Generate KeyedLoadGeneric with Hydrogen"
Due to arm64 and GCMole failures

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/329253003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-11 16:33:44 +00:00
danno@chromium.org
3b9039abc3 Generate KeyedLoadGeneric with Hydrogen
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/57123002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-11 14:56:38 +00:00
svenpanne@chromium.org
23fc5b75a8 Fixed flooring division by a power of 2, once again...
Avoid right shifts by zero bits: On ARM it actually means shifting by
32 bits (correctness issue) and on other platforms they are useless
(performance issue). This is fix for the fix in r20544.

BUG=v8:3259
LOG=y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/324403003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-11 13:29:25 +00:00
svenpanne@chromium.org
2931f09144 Fix unsigned comparisons.
Instead of marking the comparison instruction itself as Uint32, we
look at its arguments. This is more consistent what HChange does.

BUG=v8:3380
TEST=mjsunit/regress/regress-3380
LOG=y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/325133004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-11 09:09:15 +00:00
mstarzinger@chromium.org
f5e866d36e Add arity checks to mjsunit's assertEquals and assertSame
BUG=None
LOG=n
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/309173003

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21748 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 15:19:27 +00:00
yangguo@chromium.org
81f0444880 Do not merge adjourning ranges when calculating percentages in plot.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/319703009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 14:46:30 +00:00
danno@chromium.org
7c56c0e864 Reland 21720: Introduce FieldIndex to unify and abstract property/field offset
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/300283002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 14:01:08 +00:00
bmeurer@chromium.org
0fcd89161b Fix invalid attributes when generalizing because of incompatible map change.
BUG=382143
LOG=y
TEST=mjsunit/regress/regress-382143
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/324933003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 12:24:54 +00:00
yangguo@chromium.org
dc7fe989ae Do not clear mirror cache when fetching loaded scripts.
R=yurys@chromium.org
BUG=376534
LOG=N

Review URL: https://codereview.chromium.org/309313002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 09:42:41 +00:00
yangguo@chromium.org
1f8adc1503 Log IC misses as timer events.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/318983005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 09:34:18 +00:00
ishell@chromium.org
6dc967e2e0 Bugfix in inlined versions of Array.indexOf() and Array.lastIndexOf() with a regression test.
BUG=chromium:381534
LOG=N
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/319343002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 09:01:45 +00:00
bmeurer@chromium.org
7eea77bc5c Fix missing smi check in inlined indexOf/lastIndexOf.
BUG=382513
LOG=y
R=danno@chromium.org

Review URL: https://codereview.chromium.org/313233005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 04:26:15 +00:00
mvstanton@chromium.org
2714fd2399 Revert "Re-land Clusterfuzz identified overflow check needed in dehoisting."
This reverts commit r21712

TBR=danno@chromium.org

Review URL: https://codereview.chromium.org/315843005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-06 13:16:24 +00:00
mvstanton@chromium.org
c0cb82274c Re-land Clusterfuzz identified overflow check needed in dehoisting.
Overflow check needs to be smarter.

BUG=380092
R=danno@google.com, danno@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/317963004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-06 13:00:07 +00:00
mvstanton@chromium.org
35933119fe Revert "Clusterfuzz identified overflow check needed in dehoisting."
This reverts commit r21708, due to ASAN-reported issue.

TBR=danno@chromium.org

Review URL: https://codereview.chromium.org/318073002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-06 09:47:14 +00:00
mvstanton@chromium.org
7d2d0839ad Clusterfuzz identified overflow check needed in dehoisting.
BUG=380092
R=danno@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/315593002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-06 09:12:16 +00:00
yangguo@chromium.org
eb1f184386 Mark arm div tests as PASS/FAIL.
R=machenbach@chromium.org
BUG=v8:3259
LOG=N

Review URL: https://codereview.chromium.org/318943002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-05 12:53:36 +00:00
ulan@chromium.org
c8b2fa454a Preliminary support for block contexts in hydrogen.
Patch from Steven Keuchel <keuchel@chromium.org>

BUG=v8:2198
LOG=N
TEST=mjsunit/harmony/block-let-crankshaft.js
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/307593002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-05 07:33:01 +00:00
yangguo@chromium.org
61a5a413d7 Extend bounds check elimination to constant keys.
R=jkummerow@chromium.org
BUG=v8:3367
LOG=N

Review URL: https://codereview.chromium.org/310333004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21672 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-04 11:52:17 +00:00
bmeurer@chromium.org
9244429707 Fix invalid loop condition for Array.lastIndexOf().
BUG=380512
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/313073003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-04 08:21:39 +00:00
yangguo@chromium.org
feed21b6d5 Add option to disable MirrorCache.
R=yurys@chromium.org

Review URL: https://codereview.chromium.org/307383002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21644 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-03 14:27:19 +00:00
mvstanton@chromium.org
d19aaa2b1c Revert "Reland "Make 'name' property on functions configurable.""
This reverts commit r21609 due to browser test failures.

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/313583002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-03 11:52:07 +00:00
mvstanton@chromium.org
848a9af6b4 %ObjectFreeze needs to exclude non-fast-path objects.
ClusterFuzz will call it with sloppy arguments and similar cases.

BUG=380049
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/315533002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-03 07:59:36 +00:00
mvstanton@chromium.org
adeaedf547 When flag --nouse-osr is set, don't allow osr from hidden runtime calls.
BUG=379770
R=yangguo@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/310773003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-03 07:45:40 +00:00
adamk@chromium.org
509a1a405c ES6: Add support for values/keys/entries for Map and Set
This allows code like this:

  var map = new Map();
  map.set(1, 'One');
  ...
  var iter = map.values();
  var res;
  while (!(res = iter.next()).done) {
    print(res.value);
  }

BUG=v8:1793
LOG=Y
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/259883002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-03 00:34:01 +00:00
mstarzinger@chromium.org
d6500b6cf7 Reland "Make 'name' property on functions configurable."
R=rossberg@chromium.org
BUG=v8:3333
LOG=N

Review URL: https://codereview.chromium.org/303463006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-02 13:35:26 +00:00
jkummerow@chromium.org
f6a249c6d0 Inlined optimized runtime functions: expose Runtime versions for direct testing, skip Hydrogen versions
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/302703004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21585 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-30 17:07:38 +00:00
bmeurer@chromium.org
5cd009a004 HRor and HSar can deoptimize.
BUG=v8:3359
LOG=y
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/309483002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-30 16:12:25 +00:00
rafaelw@chromium.org
74f92f21da Simplify, speed-up correct-context ObjectObserve calls
The original patch which ensured that Object.observe did allocations in the correct context regressed performance about 12%. This patch gets back most of that (about 11%) by simply returning the correct function which is then directly callable from JS, rather than by making the call from the runtime function. A side-effect is that their implementation is shorter.

LOG=Y
BUG=NONE
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/307543008

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-28 19:13:41 +00:00
mvstanton@chromium.org
8c54a373dd Changing the attributes of a data property implemented with
ExecutableAccessorInfo turns the property into a field. Better
to keep it as a callback, and correctly deal with the changed
property attributes.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/262053011

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-28 09:58:27 +00:00
mstarzinger@chromium.org
6b33e50701 Revert "Make 'name' property on functions configurable."
R=danno@google.com, danno@chromium.org

Review URL: https://codereview.chromium.org/297163009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-27 15:00:26 +00:00
yangguo@chromium.org
db8f7e0383 Cache optimization status getter in mjsunit.js
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/300003007

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21522 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-27 12:52:15 +00:00
yangguo@chromium.org
620555b495 Do not break in native code (including non-builtin debugger code).
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/300773002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-27 12:21:40 +00:00
yangguo@chromium.org
2097644fcf Do not (eagerly) trigger exception in mjsunit.js.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/301673002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-27 11:53:12 +00:00
yangguo@chromium.org
94b4aef7d6 Fix arm64 gc stress issue.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/306483002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-27 06:35:45 +00:00
mvstanton@chromium.org
d755611e93 Reland "Customized support for feedback on calls to Array." and follow-up fixes.
Comparing one CallIC::State to another was not done correctly, leading to a failure to patch a CallIC when transitioning from monomorphic Array to megamorphic.

BUG=chromium:377198,chromium:377290
LOG=Y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/305493003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-26 13:59:24 +00:00
mstarzinger@chromium.org
82b3b2a367 Make 'name' property on functions configurable.
R=rossberg@chromium.org
BUG=v8:3333
LOG=N

Review URL: https://codereview.chromium.org/296413003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-26 11:42:56 +00:00
jkummerow@chromium.org
60e665627d Revert "Customized support for feedback on calls to Array." and follow-up fixes.
This reverts r21429, r21434, r21435, r21440, r21445.

BUG=chromium:377198
LOG=y
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/300693002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-26 09:04:00 +00:00
ulan@chromium.org
3fcda0e576 Make let variables fresh in each iteration of a for-loop.
BUG=v8:2198
LOG=N
TEST=mjsunit/harmony/block-for
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/292743009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21480 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-26 08:07:02 +00:00
yangguo@chromium.org
32f433c12e Fix leak in debug mirror cache.
When fetching loaded scripts, mirror objects are created and cached.
If the cache is not cleared, it holds script objects alive.

This also fixes a minor issue with script unloading.

R=ulan@chromium.org
BUG=376534
LOG=N

Review URL: https://codereview.chromium.org/296953005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-26 07:05:56 +00:00
danno@chromium.org
9c485e182b Introduce x87 port
Support x87-only platform (ia32 without SSE)

R=danno@chromium.org

Review URL: https://codereview.chromium.org/293743005

Patch from Weiliang Lin <weiliang.lin@intel.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21469 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-23 16:37:27 +00:00
mstarzinger@chromium.org
cf448aa15f Fix representation inference for mutable double boxes.
R=jarin@chromium.org
BUG=v8:3307
TEST=mjsunit/regress/regress-3307
LOG=N

Review URL: https://codereview.chromium.org/298723014

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21467 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-23 14:02:08 +00:00
ishell@chromium.org
7c55f645d5 Cleanup after inobject slack tracking improvement.
1) %SetExpectedNumberOfProperties() function removed.
2) Obsolete SharedFunctionInfo::BeforeVisitingPointers() removed.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/289283018

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-23 12:55:57 +00:00
rossberg@chromium.org
06f746a576 Consistently say 'own' property
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/291153005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-22 15:27:57 +00:00
jarin@chromium.org
3d0bf69cd8 Attempt no. 3 to fix Heap::IsHeapIterable and HeapIterator.
Now we remember new space's top pointer after the last GC to find out if there was a new space allocation since the last GC.

Unfortunately, this not completely safe - the debugger has a callback hook (that can call to JS) at the end of the GC epilogue that can in theory allocate and possibly make the heap non-iterable. We can only hope this does not happen.

BUG=373283
R=hpayer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/291193005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-22 11:13:37 +00:00
mvstanton@chromium.org
e443c89206 Customized support for feedback on calls to Array.
Gather transition feedback on array calls, and inline the Array
function call when it makes sense.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/279423005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21429 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-22 09:30:02 +00:00
ulan@chromium.org
e56594f10a Fix Array.prototype.push and Array.prototype.unshift for read-only length.
BUG=
R=mstarzinger@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/279773002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21423 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-22 08:09:57 +00:00
yangguo@chromium.org
ab3afc5722 Reland "Prevent liveedit on or under generators with open activations"
The change relative to the previous CL is a logic change in
DropActivationsInActiveThreadImpl.  The previous CL skipped the matcher
unless the frame was a JS frame; this was correct for
MultipleFunctionTarget but not for SingleFrameTarget.

I have not been able to reproduce the original failures on either
architecture (ia32 or x64; stack frame dropping is unsupported on other
architectures).

R=yangguo@chromium.org
LOG=N
TEST=mjsunit/harmony/generators-debug-liveedit.js
BUG=

Review URL: https://codereview.chromium.org/270283002

Patch from Andy Wingo <wingo@igalia.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21419 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-22 07:32:59 +00:00
yangguo@chromium.org
d9736047b7 Implement Mirror object for Symbols.
R=rossberg@chromium.org, yurys@chromium.org
BUG=v8:3290
LOG=Y

Review URL: https://codereview.chromium.org/297513006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21414 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-21 15:13:50 +00:00
jarin@chromium.org
02f1a1b987 Revert "Fix Heap::IsHeapIterable." (again)
This reverts commit r21397.

TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/299813002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21404 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-21 09:49:18 +00:00
adamk@chromium.org
fa55c02b11 Allow debugger to step into Map and Set forEach callbacks
BUG=v8:3341
LOG=Y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/293083005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-21 09:25:50 +00:00
jkummerow@chromium.org
58661c150f Fix ArrayShift hydrogen support
BUG=chromium:374838
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/299713003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-21 08:51:29 +00:00
adamk@chromium.org
6717ac656a Array Iterator next should check for own property
Since we are using private symbols for the internal slots we need to
check for a local property.

BUG=None
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/268363011

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-21 08:05:11 +00:00
jarin@chromium.org
58a130da6e Reland "Fix Heap::IsHeapIterable."
This relands r21388 (+ handlification of an offending function).

BUG=373283
LOG=N
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/294903003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-21 06:44:38 +00:00
adamk@chromium.org
70c3a714a1 ES6 Map/Set iterators/forEach improvements
This changes how Map/Set interacts with its iterators. When the
underlying table is rehashed or cleared, we create a new table (like
before) but we add a reference from the old table to the new table. We
also add an array describing how to transition the iterator from the
old table to the new table.

When Next is called on the iterator it checks if there is a newer table
that it should transition to. If there is, it updates the index based
on the previously recorded changes and finally changes itself to point
at the new table.

With these changes Map/Set no longer keeps the iterators alive. Also,
as before, the iterators keep the underlying table(s) alive but not the
actual Map/Set.

BUG=v8:1793
LOG=Y
R=mstarzinger@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/289503002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21389 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-20 14:22:05 +00:00
jarin@chromium.org
014bf8b407 Revert "Fix Heap::IsHeapIterable."
This reverts commit r21387.

TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/291193002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-20 14:03:38 +00:00
jarin@chromium.org
dd4c82bbb3 Fix Heap::IsHeapIterable.
We only consider heap iterable if the new space is empty (in addition to the exisiting old space check).

The change also moves the iterability forcing + allocation prevention gadgets to HeapIterator so that it is impossible to miss them when iterating the heap.

R=hpayer@chromium.org
BUG=373283
LOG=N

Review URL: https://codereview.chromium.org/285693006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-20 13:19:21 +00:00
yangguo@chromium.org
cf49b6e3ca Reland "Simplify debugger state."
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/299653002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-20 08:52:42 +00:00
dcarney@chromium.org
1b70812e7d filter out .caller from other worlds
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/261103002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-19 13:45:45 +00:00
wingo@igalia.com
6382a25fa7 Poison .arguments and .caller for generator functions
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/270133003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-19 10:47:00 +00:00
adamk@chromium.org
35b8b0b27a Move microtask queueing logic from JavaScript to C++
This avoids the appearence of a leak due to storing a JSObject
as the microtask_state in the strong root list, and allows callers
to call Isolate::RunMicrotasks() without having any v8::Context
available (as at least Blink has interest in doing).

The queue is now a strong root, represented as a FixedArray of JSFunctions
(or empty_fixed_array, if it's empty); it doubles in size when it needs to grow.
The number of elements in the queue is stored in Isolate::pending_microtask_count().

LOG=Y
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/290633010

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21356 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-19 07:57:04 +00:00
svenpanne@chromium.org
7ac5dfbd3e Revert "Simplify debugger state."
This reverts r21346, it broke the layout tests.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/292713002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-19 07:06:44 +00:00
yangguo@chromium.org
2d1a75d608 Simplify debugger state.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/287873005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-16 14:58:03 +00:00
rossberg@chromium.org
417610e24a Stage ES6 symbols
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/286133002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-16 14:42:02 +00:00
jkummerow@chromium.org
48c39e57b2 Expand C++ macros in tools/generate-runtime-tests.py to increase coverage
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/290513002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-16 13:16:08 +00:00
yangguo@chromium.org
75a7a3157f Use %DebugGetProperty in debug mirror to check for Promise.
R=aandrey@chromium.org, amikhaylova@google.com

Review URL: https://codereview.chromium.org/283373003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21339 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-16 13:06:20 +00:00
rossberg@chromium.org
98849dd1ce Drop thenable coercion cache
R=dslomov@chromium.org
BUG=372788
LOG=Y

Review URL: https://codereview.chromium.org/281753004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-14 10:44:34 +00:00
jkummerow@chromium.org
f5631f7378 Avoid name clashes of builtins and runtime functions.
This makes it possible to use %Percent() notation to call any given builtin or runtime function in tests.

R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/280243002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-14 08:51:10 +00:00
jarin@chromium.org
2b4bfce298 Prevent interference of allocation sites with array-natives-elements test.
This should make the arm64 build green again.

R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/285663005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21288 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-13 10:31:53 +00:00
yangguo@chromium.org
df296a2be0 Revert "Read internal properties [[PromiseStatus]] and [[PromiseValue]] of the promise."
This reverts r21266.

TBR=danno@chromium.org

Review URL: https://codereview.chromium.org/273423008

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 13:38:39 +00:00
yangguo@chromium.org
b785aeda44 Read internal properties [[PromiseStatus]] and [[PromiseValue]] of the promise.
BUG=v8:3093
LOG=N
R=aandrey@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/273653007

Patch from Alexandra Mikhaylova <amikhaylova@google.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 12:42:35 +00:00
jarin@chromium.org
c3cd2f0301 Fix %SetFlags("--stress-compaction")
BUG=369943
LOG=N
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/261253006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 10:39:08 +00:00
jkummerow@chromium.org
e7a34f3fd9 Harden runtime functions (part 6).
Also blacklist LiveEdit-related functions from generated runtime tests.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/279593004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 09:37:26 +00:00
adamk@chromium.org
92b895a761 Harden %SetIsObserved with RUNTIME_ASSERTs
Now throws if its argument is already observed, or if the argument is
the global proxy.

BUG=371782
LOG=Y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/274163002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 08:49:51 +00:00
jarin@chromium.org
cbf8c3f460 Make escape analysis preserve all representations required by HCompareNumericAndBranch.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/257803012

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-12 08:43:18 +00:00
adamk@chromium.org
fb70df076b Object.observe: avoid accessing acceptList properties more than once
BUG=v8:3315
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/270763003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 18:22:28 +00:00
verwaest@chromium.org
03905e4753 Directly create API functions with readonly prototypes rather than converting. Remove FunctionSetReadOnlyPrototype.
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/274463003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 17:59:15 +00:00
verwaest@chromium.org
8db908784e Array Iterator prototype should not have a constructor.
BUG=v8:3293
LOG=Y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/258793005

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21234 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 16:37:04 +00:00
ishell@chromium.org
99f2e4d5ac Fix typos in unit test for Array.prototype.fill()
BUG=
LOG=y
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/277953002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 16:11:50 +00:00
yangguo@chromium.org
bd93673f40 Shorten autogenerated error message for functions only.
R=yangguo@chromium.org, Yang, rossberg@chromium.org
BUG=v8:3019, chromium:331971
LOG=Y

Review URL: https://codereview.chromium.org/271733005

Patch from Andrey Adaykin <aandrey@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 13:14:09 +00:00
jarin@chromium.org
3976ebef93 Make new space iterable for --log-gc and --heap-stats options
R=hpayer@chromium.org
BUG=370827
TEST=test/mjsunit/regress/regress-370827.js
LOG=N

Review URL: https://codereview.chromium.org/272503005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21209 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 09:23:10 +00:00
hpayer@chromium.org
de21c8a245 Simplify ConfigureHeap and change --max_new_space_size to --max_semi_space_size.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/271843005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21204 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 08:38:27 +00:00
bmeurer@chromium.org
7c45d49861 Improve Array.shift() performance for small arrays.
TEST=mjsunit/array-shift,mjsunit/array-shift2,mjsunit/array-shift3
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/279743002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-09 08:28:25 +00:00
jkummerow@chromium.org
bf490ae0bd Skip generated runtime tests that require i18nsupport as needed
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/267343003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-08 14:34:37 +00:00
jkummerow@chromium.org
9866670c26 Add test case generator for runtime functions
R=dslomov@chromium.org, machenbach@chromium.org

Review URL: https://codereview.chromium.org/250923002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-08 13:11:59 +00:00
ulan@chromium.org
8999a006be Fix index register assignment in LoadFieldByIndex for arm, arm64, and mips.
This instruciton clobbers the index register.

BUG=368243
LOG=N
TEST=mjsunit/regress/regress-368243
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/269273003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-08 08:51:51 +00:00
jkummerow@chromium.org
e1bbd26794 Refactor mjsunit/fuzz-natives-* into a separate test suite.
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/252143002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-07 12:31:26 +00:00
rossberg@chromium.org
5c9ad091e9 Revert "Prevent liveedit on or under generators with open activations"
Seems to crash some tests on buildbots.

TBR=ishell@chromium.org
CC=wingo@igalia.com,yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/273433002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 16:02:18 +00:00
wingo@igalia.com
ab96529a4a Prevent liveedit on or under generators with open activations
R=yangguo@chromium.org
LOG=N
TEST=mjsunit/harmony/generators-debug-liveedit.js
BUG=

Review URL: https://codereview.chromium.org/266983004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 14:57:52 +00:00
rossberg@chromium.org
ae0a36ee32 Re^3-land "Ship promises and weak collections"
R=jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/266243003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 14:48:34 +00:00
ishell@chromium.org
9be0c4d378 Fixed jump in non-SSE4.1 implementation of LMathFloor instruction on x64.
BUG=chromium:370384
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/261853009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 14:20:46 +00:00
ulan@chromium.org
a872ffdabc Do not call setters of read-only accessors.
BUG=
TEST=mjsunit/readonly-accessor
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/271433002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-06 08:34:48 +00:00
hpayer@chromium.org
dde49c9dc3 Set max new space size in tests to proper MB value.
Revert "Limit old space size in test which require a large new space."

This reverts commit r21103.

Revert "Remove max space limits in tests."

This reverts commit r21104.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/263103006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-05 16:48:33 +00:00
wingo@igalia.com
275bfa1b61 Relocate suspended generator activations when enabling debug mode
R=yangguo@chromium.org
BUG=v8:3289
LOG=N

Review URL: https://codereview.chromium.org/264973014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-05 14:31:51 +00:00
jochen@chromium.org
8554da5c68 Revert r21141.
Relocate suspended generator activations when enabling debug mode

BUG=v8:3289
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/262193003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-05 13:28:21 +00:00
wingo@igalia.com
9a9943b564 Relocate suspended generator activations when enabling debug mode
R=yangguo@chromium.org
BUG=v8:3289
LOG=N

Review URL: https://codereview.chromium.org/260423002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21141 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-05 12:57:14 +00:00
adamk@chromium.org
5ea893074c Fix ObjectNotifierPerformChange leak after r21126
Due to overlapping names of natives and runtime functions, the wrong
context was used for Notifier.prototype.performChange. The leak test
has been augmented to properly cover the leaky case, and the test
now passes.

Also tightened up type checks in runtime.cc and removed Object.observe
functions from knownIssues in fuzz-natives-part2.js.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/264793015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 21:29:15 +00:00
rafaelw@chromium.org
72a090f3ee Build cleanup following r21126. Marking Native* methods in object-observe.js as knownProblems in fuzz-natives
TBR=verwaest

Review URL: https://codereview.chromium.org/265883009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21127 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 17:31:27 +00:00
rafaelw@chromium.org
1b270ef5ea Re-enable Object.observe and add enforcement for security invariants.
This patch reverts r21062 which disabled Object.observe and the relevant tests.

It also adds enforcement for the following three invariants:

1) No observer may receive a change record describing changes to an object which is in different security origin (context have differing security tokens)

2) No observer may receive a change record whose context's security token is different from that of the object described by the change.

3) Object.getNotifier will return null if the caller and the provided object are in differing security origins

Further, it ensures that the global object can never be observed nor a notifier retrieved for it.

Tests are included.
R=verwaest@chromium.org, rossberg
LOG=Y

Review URL: https://codereview.chromium.org/265503002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 13:55:11 +00:00
ishell@chromium.org
b4c1eda032 Checks for empty array case added before casting elements to FixedDoubleArray.
BUG=chromium:369450
LOG=N
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/264973008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 11:30:24 +00:00
svenpanne@chromium.org
7bfc426fc9 Object.defineProperty shouldn't be a hint that we're constructing a dictionary.
BUG=362870
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/261583004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-05-02 06:02:00 +00:00
hpayer@chromium.org
56d0b9757e Remove max space limits in tests.
BUG=

Review URL: https://codereview.chromium.org/263703003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21104 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 19:32:47 +00:00
hpayer@chromium.org
3dd05f8fc7 Limit old space size in test which require a large new space.
BUG=

Review URL: https://codereview.chromium.org/265673003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21103 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 18:57:25 +00:00
yangguo@chromium.org
7e367ae0ed Reland "Trigger exception debug event for promises at the throw site."
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/266533003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21097 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 15:17:51 +00:00
yangguo@chromium.org
792af58115 Revert "Trigger exception debug event for promises at the throw site."
This reverts r21092.

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/262533009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 14:51:41 +00:00
mvstanton@chromium.org
287f65aec9 CallICStub with a "never patch" approach by default. Patching will
occur only when custom feedback needs to be gathered (future CLs).

Now rebased on https://codereview.chromium.org/254623002/, which moves the type feedback vector to the SharedFunctionInfo.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/247373002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 14:33:35 +00:00
yangguo@chromium.org
eed0e7e7a3 Trigger exception debug event for promises at the throw site.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/260723002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21092 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 14:17:40 +00:00
alexandre.rames@arm.com
67ea9e4b42 ARM64: Generate optimized code for Math.floor and Math.round with double outputs.
R=jkummerow@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/258793002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 13:38:00 +00:00
mvstanton@chromium.org
5e2ee2bac2 A new test needs to exit early on non-internationalization builds.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/265513003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 09:04:17 +00:00
mstarzinger@chromium.org
129c58c47d Fix some more missing ToObject on Array.prototype.
R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/254103002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 08:52:00 +00:00
dslomov@chromium.org
ace15fa612 ES6: Add support for Array.prototype.fill()
BUG=v8:3273
LOG=Y
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/240873002

Patch from Adrian Perez <aperez@igalia.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 08:28:29 +00:00
mvstanton@chromium.org
0c3e70a3b6 Bugfix: internationalization routines fail on monkeypatching.
Calls to Object.defineProperty() and Object.apply() are not safe.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/253903003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-30 07:36:12 +00:00
danno@chromium.org
55fbf13ec1 disable Object.observe
R=danno@chromium.org, danno
BUG=

Review URL: https://codereview.chromium.org/252063003

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21062 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-29 15:11:57 +00:00
rossberg@chromium.org
cf3a3a8844 Revert "PromiseThen should ignore non-function parameters."
Wrong Blink test expectations, need to fix later.

TBR=machenbach@chromium.org
BUG=

Review URL: https://codereview.chromium.org/251813004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 15:57:25 +00:00
rossberg@chromium.org
f40feecb4d PromiseThen should ignore non-function parameters.
When non-function parameters are given, PromiseThen should work as if
undefined parameters were given.

BUG=347455
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/180723011

Patch from Yutaka Hirano <yhirano@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 15:19:15 +00:00
yangguo@chromium.org
1a9649ae13 Error stack getter should not overwrite itself with a data property.
R=ulan@chromium.org
BUG=v8:3294
LOG=Y

Review URL: https://codereview.chromium.org/258933007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 12:14:36 +00:00
yangguo@chromium.org
da0ca2afc2 Expose promise value through promise mirror.
R=rossberg@chromium.org, yurys@chromium.org
BUG=v8:3093
LOG=Y

Review URL: https://codereview.chromium.org/258823012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21003 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-28 08:33:23 +00:00
yangguo@chromium.org
81a101678f Expose promise status through promise mirror.
R=aandrey@chromium.org, rossberg@chromium.org, yurys@chromium.org
BUG=v8:3093
LOG=Y

Review URL: https://codereview.chromium.org/257803005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 14:01:01 +00:00
jarin@chromium.org
ff884e06ae Fix materialization of accessor frames with captured receivers
I have fixed skipping of the receiver object to materialize captured
objects. This is done with a new DoTranslateSkip method.

We should consider unifying DoTranslateSkip, DoTranslateObject and
DoTranslateCommand as they do the almost the same thing - they only
differ in where they store the result.

The change also turns bunch of ASSERTs into CHECKs.

R=mstarzinger@chromium.org
BUG=359441
TEST=test/mjsunit/regress/regress-359441.js
LOG=N

Review URL: https://codereview.chromium.org/225283006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 12:58:15 +00:00
jarin@chromium.org
d557425a0c Preserve Smi representation of non-escaping fields.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/251493004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 11:29:02 +00:00
verwaest@chromium.org
d2179f2062 Don't adopt the AST id from previous if id is none, since previous may have mismatching expected stack height.
Additionally, harden merging of simulates after instructions with side effects and ensure there's a simulate before HEnterInlined.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/252583004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 09:52:11 +00:00
hpayer@chromium.org
20107bf2d8 Remove lazy sweeping.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/254603002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 09:50:42 +00:00
wingo@igalia.com
df07a82771 Add tests for generator/debugger interaction
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/247003004


Review URL: https://codereview.chromium.org/256733004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 09:35:41 +00:00
yangguo@chromium.org
28f5cf398e Trigger debug event on not yet caught exception in promises.
R=aandrey@chromium.org, rossberg@chromium.org, yurys@chromium.org
BUG=v8:3093
LOG=Y

Review URL: https://codereview.chromium.org/249503002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20956 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-25 07:03:05 +00:00
verwaest@chromium.org
a55821eef2 Mark the simulate before EnterInlined with BailoutId::None(), and set ReturnId on EnterInlined. When merging simulates into the simulate before enter-inlined, adopt the last AST id that gets merged into it.
BUG=v8:3282
LOG=n
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/257583004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 15:20:53 +00:00
ulan@chromium.org
72358c7fed Convert function.length to API-style accessor.
TEST=mjsunit/function-length-accessor
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/257423009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20937 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 11:24:13 +00:00
bmeurer@chromium.org
f95b815d5b Revert "Add tests for generator/debugger interaction"
This reverts commit r20921 for breaking the ARM/ARM64 bots.

TBR=wingo@igalia.com

Review URL: https://codereview.chromium.org/255563003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 08:26:16 +00:00
bmeurer@chromium.org
052f9e9b6d Make DescriptorArray::IsMoreGeneralThan() and DescriptorArray::Merge() compatible again.
BUG=365172
LOG=y
TEST=mjsunit/regress/regress-365172-[1-3]
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/255513005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 08:07:14 +00:00
wingo@igalia.com
9d5d1764f9 Add tests for generator/debugger interaction
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/247003004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 07:24:38 +00:00
jarin@chromium.org
8c57b45042 Fix C++ type of Factory::NewFixedDoubleArray.
The change fixes the C++ type of Factory::NewFixedDoubleArray to
reflect the empty array case, where we return an empty
FixedArray (rather than FixedDoubleArray).

R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/249593002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-24 05:29:00 +00:00
wingo@igalia.com
2194f3f858 Move bug 3280 regression test to mjsunit/harmony
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/248483004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 15:01:30 +00:00
jarin@chromium.org
cd3b9b8950 Fix the Array.push simulate for non-effect context.
R=danno@google.com, danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/246543007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20912 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 14:26:53 +00:00
danno@chromium.org
2aa8941ad4 Fix deoptimization problem with inlined Array.push()
R=jarin@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/247573008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20911 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 13:20:28 +00:00
mstarzinger@chromium.org
66ec299808 Fix ToObject and Object.isSealed in four Array builtins.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-builtinbust-6

Review URL: https://codereview.chromium.org/240223006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 12:48:32 +00:00
jarin@chromium.org
783eb25a8c Avoid setting transitions in-place for cached maps when observed
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/246523004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 09:21:24 +00:00
wingo@igalia.com
e12ae547cf Avoid exposing compiler-allocated temporaries to the debugger
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/245963006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-23 08:58:41 +00:00
adamk@chromium.org
71750f7be8 Fix issue with Map/SetIterator and types
BUG=v8:3281
LOG=N
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/246993003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-22 18:14:46 +00:00
danno@chromium.org
b4fa81dbca Insert HSimulate immediately after Crankshaft-inlined push.
R=jarin@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/247383002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-22 12:55:40 +00:00
wingo@igalia.com
a2ac40aca7 Context-allocate all parameters in generators
Generator function scopes have forced context allocation.  Ensure that
all variables in such scopes get context allocation -- even unused
variables.

This fixes an assertion when reifying generator scopes in the debugger.

R=yangguo@chromium.org
LOG=Y
BUG=v8:3280

Review URL: https://codereview.chromium.org/246733003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-22 11:34:16 +00:00
adamk@chromium.org
3308cb5857 ES6: Add support for Map/Set forEach
This implements MapIterator and SetIterator which matches
the same constructs in the ES6 spec. However, these 2
iterators are not exposed to user code yet. They are only
used internally to implement Map.prototype.forEach and
Set.prototype.forEach.

Each iterator has a reference to the OrderedHashTable where
it directly accesses the hash table's entries.

The OrderedHashTable has a reference to the newest iterator
and each iterator has a reference to the next and previous
iterator, effectively creating a double linked list.

When the OrderedHashTable is mutated (or replaced) all the
iterators are updated.

When the iterator iterates passed the end of the data table
it closes itself. Closed iterators no longer have a
reference to the OrderedHashTable and they are removed from
the double linked list. In the case of Map/Set forEach, we
manually call Close on the iterator in case an exception was
thrown so that the iterator never reached the end.

At this point the OrderedHashTable keeps all the non finished
iterators alive but since the only thing we currently expose
is forEach there are no unfinished iterators outside a forEach
call. Once we expose the iterators to user code we will need
to make the references from the OrderedHashTable to the
iterators weak and have some mechanism to close an iterator
when it is garbage collected.

BUG=1793, 2323
LOG=Y
R=adamk@chromium.org
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/238063009

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 17:45:32 +00:00
danno@chromium.org
59b3dc5812 Remove hand-written assembly ArrayPush stubs
R=mstarzinger@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/233293005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-17 11:37:59 +00:00
adamk@chromium.org
91618cf1e9 Revert "ES6: Add support for Map/Set forEach"
This reverts https://code.google.com/p/v8/source/detail?r=20823

It broke Windows builds. Will need to find a Windows try bot to figure
out why.

TBR=mstarzinger@chromium.org,arv@chromium.org

Review URL: https://codereview.chromium.org/238973011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 21:19:25 +00:00
adamk@chromium.org
7c300d1f83 ES6: Add support for Map/Set forEach
This implements MapIterator and SetIterator which matches
the same constructs in the ES6 spec. However, these 2
iterators are not exposed to user code yet. They are only
used internally to implement Map.prototype.forEach and
Set.prototype.forEach.

Each iterator has a reference to the OrderedHashTable where
it directly accesses the hash table's entries.

The OrderedHashTable has a reference to the newest iterator
and each iterator has a reference to the next and previous
iterator, effectively creating a double linked list.

When the OrderedHashTable is mutated (or replaced) all the
iterators are updated.

When the iterator iterates passed the end of the data table
it closes itself. Closed iterators no longer have a
reference to the OrderedHashTable and they are removed from
the double linked list. In the case of Map/Set forEach, we
manually call Close on the iterator in case an exception was
thrown so that the iterator never reached the end.

At this point the OrderedHashTable keeps all the non finished
iterators alive but since the only thing we currently expose
is forEach there are no unfinished iterators outside a forEach
call. Once we expose the iterators to user code we will need
to make the references from the OrderedHashTable to the
iterators weak and have some mechanism to close an iterator
when it is garbage collected.

BUG=1793,2323
LOG=Y
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/240323003

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 21:12:27 +00:00
bmeurer@chromium.org
42c67d5fa2 Allow merging of monomorphic accesses to tracked fields.
Also add stability dependency only on maps that can transition,
and delay adding the dependencies until we are actually using
them, either in a HLoadNamedField or an HCheckMaps.

TEST=mjsunit/field-type-tracking
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/239923004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 11:41:09 +00:00
bmeurer@chromium.org
63a477b29b Clear invalid field maps in PropertyAccessInfo.
BUG=363956
TEST=mjsunit/regress/regress-363956
LOG=y
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/239623005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 09:48:32 +00:00
adamk@chromium.org
a44e10cad6 Revert "ES6: Add support for Map/Set forEach"
This reverts commit https://code.google.com/p/v8/source/detail?r=20781.

It broke the Win32 builders.

TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/239163012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 01:03:56 +00:00
adamk@chromium.org
a1af5a2a2f ES6: Add support for Map/Set forEach
This implements MapIterator and SetIterator which matches
the same constructs in the ES6 spec. However, these 2
iterators are not exposed to user code yet. They are only
used internally to implement Map.prototype.forEach and
Set.prototype.forEach.

Each iterator has a reference to the OrderedHashTable where
it directly accesses the hash table's entries.

The OrderedHashTable has a reference to the newest iterator
and each iterator has a reference to the next and previous
iterator, effectively creating a double linked list.

When the OrderedHashTable is mutated (or replaced) all the
iterators are updated.

When the iterator iterates passed the end of the data table
it closes itself. Closed iterators no longer have a
reference to the OrderedHashTable and they are removed from
the double linked list. In the case of Map/Set forEach, we
manually call Close on the iterator in case an exception was
thrown so that the iterator never reached the end.

At this point the OrderedHashTable keeps all the non finished
iterators alive but since the only thing we currently expose
is forEach there are no unfinished iterators outside a forEach
call. Once we expose the iterators to user code we will need
to make the references from the OrderedHashTable to the
iterators weak and have some mechanism to close an iterator
when it is garbage collected.

BUG=1793,2323
LOG=Y
R=adamk@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/236143002

Patch from Erik Arvidsson <arv@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-16 00:40:03 +00:00
plind44@gmail.com
5a016958c6 MIPS: Add big-endian support for MIPS.
Important notices:

- The snapshot cannot be created for big-endian target in cross-compilation
  environment on little-endian host using simulator.

- In order to have i18n support working on big-endian target, the icudt46b.dat and
  icudt46b_dat.S files should be generated and upstreamed to ICU repo.

- The mjsunit 'nans' test is endian dependent, it is skipped for mips target.

- The zlib and Mandreel from Octane 2.0 benchmark are endian dependent due to
  use of typed arrays.

TEST=
BUG=
R=jkummerow@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/228943009

Patch from Dusan Milosavljevic <Dusan.Milosavljevic@rt-rk.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 16:39:21 +00:00
mstarzinger@chromium.org
e51d6462a7 Fix bogus call to Object.hasOwnProperty in Array builtin.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-builtinbust-5

Review URL: https://codereview.chromium.org/239033002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 12:52:41 +00:00
ulan@chromium.org
a50aca97a2 Reland r20692 "Check stack limit in ArgumentAdaptorTrampoline."
BUG=353058
LOG=N
TEST=mjsunit/regress/regress-353058
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/236633006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 08:26:26 +00:00
mstarzinger@chromium.org
39137c81e6 Fix bogus Object.isSealed check in some Array builtins.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/237253002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 08:25:42 +00:00
bmeurer@chromium.org
6b4d4b7287 Reland "Track field types.".
This is an initial step towards tracking the exact types instead of just
the representations of fields. It adds support to track up to one map of
heap object field values, eliminating various map checks on values
loaded from such fields, at the cost of making stores to such fields
slightly more expensive.

Issues with transitioning stores and fast object literals in Crankshaft
fixed.

TEST=mjsunit/field-type-tracking
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/238773002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-15 07:36:47 +00:00
ulan@chromium.org
8b445aaa5f Fix result of LCodeGen::DoWrapReceiver for strict functions and builtins.
BUG=362128
LOG=Y
TEST=mjsunit/regress/regress-362128
R=jacob.bramley@arm.com

Review URL: https://codereview.chromium.org/226363007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:58:18 +00:00
mstarzinger@chromium.org
b280ad6c44 Try to switch Array builtins into strict mode.
R=rossberg@chromium.org
TEST=mjsunit,test262,webkit

Review URL: https://codereview.chromium.org/233083003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 11:24:40 +00:00
jarin@chromium.org
c1a3ab6b4f Revert "Track field types."
Revert r20701.

TBR=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/236843002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 08:24:15 +00:00
bmeurer@chromium.org
9cf3909975 Track field types.
This is an initial step towards tracking the exact types instead of just the representations of fields. It adds support to track up to one map of heap object field values, eliminating various map checks on values loaded from such fields, at the cost of making stores to such fields slightly more expensive.

TEST=mjsunit/field-type-tracking
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/167303005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-14 06:29:15 +00:00
ulan@chromium.org
68bbdaf28d Skip mjsunit/regress/regress-353058 for ASAN and ARM until r20692 is relanded.
TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/232463005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 17:03:35 +00:00
ulan@chromium.org
4268ce0abd Check stack limit in ArgumentAdaptorTrampoline.
BUG=353058
LOG=N
TEST=mjsunit/regress/regress-353058
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/215853005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:39:19 +00:00
ulan@chromium.org
49d951d043 Do not call user defined getter of Error.stackTraceLimit.
Handlify GetNormalizedProperty.

BUG=360733
LOG=N
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/233243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 13:16:36 +00:00
jarin@chromium.org
166ec11e43 Avoid type assertion on object comparison in Hydrogen - the comparison is unreachable because of previous checks.
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/232053004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:45:24 +00:00
jarin@chromium.org
fd988331ea There is no definition for HArgumentsObject, so LDummyUse confuses the register allocator. I have recently made similar fix for HCapturedObject (see https://codereview.chromium.org/222283002/).
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/226613007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-11 06:29:51 +00:00
danno@chromium.org
2e9902b22a Partially fix semantics of Array.push()
Semantics of elements accessors are now preserved in all optimized code paths
through Array.push(). Previously it was possible to have inconsistent behavior
between optimized and unoptimized code, and there were cases where element
accessors were completely ingored.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/232873002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 13:17:48 +00:00
svenpanne@chromium.org
5bddec047d Do not use ranges after range analysis.
Due to the SSA vs. SSI difference, we are only allowed to use the
flags computed during range analysis, not the ranges themselves. For
the case at hand, there is no such flag, so the condition is simply
remvoed.

BUG=361608
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/232553004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 09:40:17 +00:00
bmeurer@chromium.org
5a564648dd Improve reproducibility of test runs.
Add random seed to run-tests.py, using either a user supplied
value or a random number generated by random.SystemRandom().
This same random seed is passed to all test cases, making sure
that we can easily reproduce test failures that depend on
random numbers (i.e. bugs related to our handwritten ASLR).

Also fix all uses of rand() to make use of our RNG class
instead.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/231443002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-10 07:25:49 +00:00
jarin@chromium.org
008a70c47b Revert "Make new space iterable when transitioning double array to objects"
This reverts r20603.

BUG=

Review URL: https://codereview.chromium.org/230863003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:39:03 +00:00
jarin@chromium.org
57d70c149c Avoid hydrogen compare-objects-equal assertions in dead code
ClusterFuzz test is triggering assertions for dead code. This fix issues
HDeoptimize instruction when it finds out that the compare instruction
is dead (because of previous checks).

R=yangguo@chromium.org
BUG=359491
LOG=N

Review URL: https://codereview.chromium.org/228883005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 13:08:28 +00:00
yangguo@chromium.org
4df132a878 Fix argument expectation Runtime_StringParseInt.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/230693002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 12:33:51 +00:00
jarin@chromium.org
69d5b3c155 Make new space iterable when transitioning double array to objects
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/228643002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 09:50:08 +00:00
mstarzinger@chromium.org
e3aec7a587 Fix return value of push() and unshift() on Array.prototype.
R=ulan@chromium.org
TEST=mjsunit/regress/regress-builtinbust-3

Review URL: https://codereview.chromium.org/230453002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 09:14:56 +00:00
jarin@chromium.org
05670b63bf Add stack overflow check for inlined property getter
We should check for overflow for each inlined property getter;
otherwise, we can get an overflow from inlining property getter while
still having pending overflow exception from some previous inlined
getter (in the same polymorphic access).

R=verwaest@chromium.org
TEST=test/mjsunit/regress/regress-inline-getter-near-stack-limit.js

Review URL: https://codereview.chromium.org/220813003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-09 07:35:12 +00:00
bmeurer@chromium.org
48e0d81205 Fix invalid local property lookup for transitions.
BUG=361025
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/224903023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-08 09:36:04 +00:00
hpayer@chromium.org
7f54e1999c Remove gc greedy mode.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/227553005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 14:22:32 +00:00
yangguo@chromium.org
e7f0beeaa6 Make String.prototype.contains throw when passing a regular expression
Contributed by Mathias Bynens <mathiasb@opera.com>.

TEST=mjsunit/harmony
BUG=v8:3261
LOG=Y
R=yangguo@chromium.org, arv@chromium.org, ishell@chromium.org

Review URL: https://codereview.chromium.org/227113005

Patch from Mathias Bynens <mathiasb@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 10:24:01 +00:00
jarin@chromium.org
c19764595f Dead code elimination of inlined arguments objects causes wrong deopt info to be generated - instead of materializing the arguments, we get 'undefined'.
Golem says the change is perf-neutral.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/208683006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 08:42:34 +00:00
svenpanne@chromium.org
814be9b1b6 Yet another regression test for range analysis.
BUG=v8:3204
LOG=y
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/224723016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 08:04:25 +00:00
mvstanton@chromium.org
eaacd968f1 Fix for v8:3255 Grow KeyedStoreIC doesn't respect String value wrappers
BUG=v8:3255
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/226053002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-07 07:52:24 +00:00
hpayer@chromium.org
5230d8d330 Make sure value is a heap number when reusing the double box in BinaryOpICStub.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/216823005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-04 08:46:49 +00:00
mstarzinger@chromium.org
775d9b022f Use premordial Object.isSealed/isFrozen in builtins.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/223473002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 12:23:35 +00:00
jarin@chromium.org
fe37026116 When freezing global object, go through the property cell
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/223613002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20469 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 10:43:56 +00:00
jarin@chromium.org
42d2d3cb9d Do not generate LDummyUse instruction for HCapturedObject
LDummyUse confuses the register allocator (since there is no definition
for the use).

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/222283002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 07:35:13 +00:00
jarin@chromium.org
0b53ed2d2b Check in Lithium that allocation size in Smi range.
This is to avoid triggering an assertion from Smi::FromInt. The
generated code is unreachable, so it is not a real bug.

R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/221743005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-03 07:04:46 +00:00
rossberg@chromium.org
2fda95eb80 Make stray 'return' an early error
As required by the spec, and implemented by other browsers.

(Plus minor clean-up for redeclaration TypeErrors.)

R=marja@chromium.org
BUG=
LOG=Y

Review URL: https://codereview.chromium.org/220473014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-02 12:38:01 +00:00
jkummerow@chromium.org
511edabed2 Fix HGraphBuilder::BuildAddStringLengths
length == String::kMaxLength is fine and should not bail out.

BUG=chromium:357052
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/222113002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-02 12:24:42 +00:00
rossberg@chromium.org
45118bfdfb Make invalid LHSs that are calls late errors
Necessary for web legacy compatibility.

Also fold in additional strict mode checks into LHS checks.
Minor constness clean-ups on the way.

R=marja@chromium.org
BUG=chromium:358346
LOG=Y

Review URL: https://codereview.chromium.org/217823003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-02 11:03:05 +00:00
dslomov@chromium.org
19c354b7b0 Support typed arrays in IsMoreGeneralElementsKindTransition.
R=verwaest@chromium.org
BUG=357054
LOG=Y

Review URL: https://codereview.chromium.org/220403004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20410 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 16:41:35 +00:00
yangguo@chromium.org
64901004be Smi immediates are not supported on x64. Do not use it.
R=jkummerow@chromium.org
BUG=358059
LOG=N

Review URL: https://codereview.chromium.org/217083003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 15:32:06 +00:00
mvstanton@chromium.org
d93c906acc Monomorphic prototype failures should be reserved for already-seen keys.
We incorrectly mark a KeyedStoreIC miss as a monomorphic prototype
failure even though it's the first time a particular (string) key has
been seen.

BUG=358088
R=verwaest@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/219313002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 14:16:54 +00:00
yangguo@chromium.org
10abff3498 Remove internalized cons string types.
Currently, internalizing a cons string could result in either an
in-place converted internalized cons string or a newly created
internalized sequential string, depending on allocation success.

The former could end up being embedded into an IC, which is not
supported.

R=mstarzinger@chromium.org
BUG=357103
LOG=N

Review URL: https://codereview.chromium.org/218993011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-04-01 11:30:31 +00:00
jarin@chromium.org
5607582f3b We should perform the illegal redeclaration check earlier so that we do not confuse the AST typer with missing type feedback nodes.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/218493007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 16:45:46 +00:00
rossberg@chromium.org
282a7ca14e Fix Type::Intersect to skip uninhabited bitsets
R=verwaest@chromium.org, bmeurer@chromium.org
BUG=chromium:357330
LOG=Y

Review URL: https://codereview.chromium.org/219333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 15:53:21 +00:00
dslomov@chromium.org
b3148d921e Fix PrepareKeyedOperand on arm.
When additional_offset is specified, the 'key' operand can be negative
and still pass the bounds check. Therefore, when converting key from
Smi, arithmetic and not logical shift must be used.

R=verwaest@chromium.org
BUG=358057
LOG=Y

Review URL: https://codereview.chromium.org/219473002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 15:14:28 +00:00
jarin@chromium.org
d02e1f2c25 Fix left trimming check for large objects
BUG=358090
TEST=test/mjsunit/regress/regress-358090.js
LOG=N
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/213833008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 15:01:46 +00:00
verwaest@chromium.org
019e27d8db Reland and fix "Fix LoadFieldByIndex to take mutable heap-numbers into account.""
BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/218663005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 14:21:04 +00:00
yangguo@chromium.org
c0fa861726 Do not check for interrupt when allocating stack locals.
R=dcarney@chromium.org
BUG=357137
LOG=N

Review URL: https://codereview.chromium.org/219373004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20357 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 14:14:54 +00:00
jochen@chromium.org
163044e7ba Revert 20348 - "Fix LoadFieldByIndex to take mutable heap-numbers into account."
Reason for revert: crashes benchmarks/sunspider/string-fasta on ia32.debug

This also reverts r20350 and r20352

> Fix LoadFieldByIndex to take mutable heap-numbers into account.
>
> BUG=
> R=ishell@chromium.org
>
> Review URL: https://codereview.chromium.org/213213002

BUG=none
LOG=n
TBR=verwaest@chromium.org

Revert "Use sarq on x64"

This reverts commit e2a8ef9321345c6bc091054443bf2b9535ff6b1c.

Revert "Don't | int and bool"

This reverts commit c90d713d3a8ceba4fec41933a63beb6e50a3d7c0.

Review URL: https://codereview.chromium.org/219393002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 13:23:32 +00:00
jochen@chromium.org
b7039334ae Revert 20313 - "Ship promises and weak collections"
> R=mstarzinger@chromium.org
> BUG=
>
> Committed: https://code.google.com/p/v8/source/detail?r=20211
>
> Review URL: https://codereview.chromium.org/206163004

R=rossberg@chromium.org
TBR=rossberg@chromium.org
LOG=y
BUG=n

Review URL: https://codereview.chromium.org/219303002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 12:40:32 +00:00
verwaest@chromium.org
55a6318560 Fix LoadFieldByIndex to take mutable heap-numbers into account.
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/213213002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 11:59:29 +00:00
jarin@chromium.org
d65fe51ca0 Add missing lazy deopt point for the TransitionElementsKind instruction.
R=mvstanton@chromium.org, yangguo@chromium.org
BUG=357105
TEST=test/mjsunit/regress/regress-357105.js
LOG=N

Review URL: https://codereview.chromium.org/216963002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 11:58:53 +00:00
jochen@chromium.org
a2f82479c4 Skip crashing harmony mjsunit tests on NaCL
BUG=none
TBR=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/219043002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-31 07:54:22 +00:00
dslomov@chromium.org
bd353dc3a0 Inline internal getters for typed arrays & friends.
R=hpayer@chromium.org, yangguo@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=20330

Review URL: https://codereview.chromium.org/212603014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-28 15:25:24 +00:00
dslomov@chromium.org
c873e813c5 Revert "Inline internal getters for typed arrays & friends."
This reverts commit r20330 for breaking arm64 nosnap tests.

TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/216993002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-28 13:33:50 +00:00
dslomov@chromium.org
6d91c1e77f Inline internal getters for typed arrays & friends.
R=hpayer@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/212603014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-28 12:02:52 +00:00
jarin@chromium.org
9e655afdb4 Reland "Fix property enum cache creation to include only own properties"
Reland r20308 (reverted by r20310).

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/216383003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-28 06:59:20 +00:00
adamk@chromium.org
c2bbd9f9e2 Don't pass the hole to SetElement when creating Array.observe change records
Also added comments to remind us why we were using the hole here in the first
place (it's used for the case where Object.observe, rather than Array.observe,
has been called on Array that's undergoing truncation).

BUG=356589
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/213823002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20316 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-27 18:29:07 +00:00
rossberg@chromium.org
826cf64fd3 Ship promises and weak collections
R=mstarzinger@chromium.org
BUG=

Committed: https://code.google.com/p/v8/source/detail?r=20211

Review URL: https://codereview.chromium.org/206163004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-27 16:42:34 +00:00
jarin@chromium.org
af74f1206e Revert "Fix property enum cache creation to include only own properties"
This reverts commit 4cf47a20b4846cf050ea4844433e9c57654da34e.

BUG=

Review URL: https://codereview.chromium.org/214893002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-27 16:18:42 +00:00
rossberg@chromium.org
ddedf5c309 Harden internal uses of .chain
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/212553009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-27 16:11:23 +00:00
jarin@chromium.org
4608bdeccc With this fix, we only create the enum cache for own property descriptors (originally we cached all descriptors in the map). The problem was that the size of all descriptors could be trimmed during GC triggered by allocating the storage for the cache, so we could have ended up with a wrong storage size.
This is really Toon's fix, I have only created a small repro case.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/212673011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-27 15:33:06 +00:00
dslomov@chromium.org
4cdfb46a6d Fix JSObject::SetElement for fixed typed array elements.
R=ulan@chromium.org
BUG=357108
LOG=N

Review URL: https://codereview.chromium.org/214543003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-27 12:54:26 +00:00
svenpanne@chromium.org
fe58e3d7b8 Removed 'executable' bits from mjsunit tests.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/214413006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-27 12:32:27 +00:00
ulan@chromium.org
5eabc4b802 Run tests on android_arm64.
R=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/210773003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-27 10:06:53 +00:00
yangguo@chromium.org
9be61ddb8a Hide some runtime functions.
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/212163004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-26 15:51:48 +00:00
danno@chromium.org
0a0f12b841 [x64] Improve key value sign-extension of dehoisted LoadKeyed/StoreKeyed
Instead of sign-extending at key use, definitions that can be used as keys are sign extended immediately after the definition.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/179773002

Patch from Weiliang Lin <weiliang.lin@intel.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20284 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-26 15:51:08 +00:00
jarin@chromium.org
10606aa756 Fix missing representation for the result of HIsSmiAndBranch.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/211273010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20280 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-26 13:14:08 +00:00
dslomov@chromium.org
76b8f25edb This implements allocating small typed arrays in heap.
R=mvstanton@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/150813004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-26 12:50:13 +00:00
svenpanne@chromium.org
58c45cdd03 Mark debug-stepout-scope-part8 as flaky for ARM gc-stress.
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/212253005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-26 08:57:21 +00:00
dslomov@chromium.org
f66af4feb4 Refactor optimized in hydrogen only runtime functions.
This splits all runtime function into 3 categories:
1) RUNTIME: implemented in runtime and called from both full and optimized code.
2) RUNTIME_HIDDEN: implemented in runtime, never called directly from JS builtins.
3) INLINE: inlined in both full and optimized code
4) INLINE_OPTIMIZED: inlined in optimized code, implemented in runtime for full code.

R=yangguo@chromium.org, yannguo@chromium.org

Review URL: https://codereview.chromium.org/209353006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 14:26:55 +00:00
verwaest@chromium.org
c432f7166c Don't convert dictionary sloppy arguments to fast double mode.
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/207683006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 14:14:58 +00:00
dslomov@chromium.org
cdc9812756 Revert "This implements allocating small typed arrays in heap."
This reverts commit r20244 for breaking Win64 build and webkit tests.

TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/208503007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 14:12:58 +00:00
ulan@chromium.org
cb0f49c18a Add index check in DoAccessArgumentsAt.
BUG=355523
LOG=N
TEST=mjsunit/regress/regress-355523
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/210053003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 13:26:41 +00:00
dslomov@chromium.org
654b6a27d1 This implements allocating small typed arrays in heap.
R=mvstanton@chromium.org, verwaest@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=20240

Review URL: https://codereview.chromium.org/150813004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 13:21:58 +00:00
dslomov@chromium.org
727bc2153e Revert "This implements allocating small typed arrays in heap."
This reverts commit r20240 for breaking Windows build.

TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/211003003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 12:58:22 +00:00
dslomov@chromium.org
de690b656f Allow to neuter array buffer twice in tests.
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/209083005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 12:55:10 +00:00
dslomov@chromium.org
322a474bf2 This implements allocating small typed arrays in heap.
R=mvstanton@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/150813004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 12:51:49 +00:00
rossberg@chromium.org
2e1b16de2a Revert "Ship promises and weak collections"
Reason: breaks Blink layout tests.

R=machenbach@chromium.org
BUG=

Review URL: https://codereview.chromium.org/210853003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 10:57:52 +00:00
yangguo@chromium.org
793d4cb0b6 Fix issues when changing FLAG_concurrent_recompilation after init.
R=jarin@chromium.org
BUG=356053
LOG=N

Review URL: https://codereview.chromium.org/210363005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 09:38:48 +00:00
yangguo@chromium.org
82f630a9f7 Reland "No longer OOM on invalid string length."
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/210683003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 09:09:24 +00:00
titzer@chromium.org
3c31102025 First implementation of store elimination.
BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/100253004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-25 09:06:16 +00:00
jarin@chromium.org
b765d3cdb9 Revert the (wrong) fix of the argument index check asserion.
R=ishell@chromium.org
BUG=

Review URL: https://codereview.chromium.org/208423017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 21:32:19 +00:00
jarin@chromium.org
56f2006605 Fix to get around an assertion that triggers when generating code that happens to be dead because the assertion is checked a bit earlier at runtime.
R=ishell@chromium.org
BUG=355486
LOG=N

Review URL: https://codereview.chromium.org/201573011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 20:51:36 +00:00
rossberg@chromium.org
33be68c2fa Ship promises and weak collections
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/206163004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 16:59:04 +00:00
verwaest@chromium.org
e18e650582 Ensure the constant operand for heap-object store-named-field is not a smi.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/210193002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 16:25:48 +00:00
rossberg@chromium.org
6704bbce82 Spec adjustments for well-known symbols
R=arv@chromium.org, mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/208423013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20204 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 15:45:52 +00:00
yangguo@chromium.org
72932ae417 Revert "No longer OOM on invalid string length."
This reverts r20202.

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/210143002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 15:36:15 +00:00
yangguo@chromium.org
531217502c No longer OOM on invalid string length.
R=ishell@chromium.org
BUG=v8:3060
LOG=Y

Review URL: https://codereview.chromium.org/207613005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 15:01:17 +00:00
yangguo@chromium.org
9c0f5be8d1 Correctly convert micro-sign to its upper case.
R=dcarney@chromium.org
BUG=355485
LOG=N

Review URL: https://codereview.chromium.org/209323007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20197 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 14:16:14 +00:00
yangguo@chromium.org
f1bacf8fff Fix DebugEvaluate for generators.
R=mstarzinger@chromium.org
BUG=v8:3225
LOG=N

Review URL: https://codereview.chromium.org/207153004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 14:10:57 +00:00
jkummerow@chromium.org
55d5b02244 Delete mjsunit/string-oom-slow-* tests.
They are too slow, and there is no feasible way to speed them up.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/205553005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20186 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 10:37:16 +00:00
yangguo@chromium.org
15951521cc Refactor inlined typed array runtime functions.
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/203443002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-24 08:22:24 +00:00
ulan@chromium.org
50ca2eb9f6 Add option to run ScopeIterator faster giving up nested scope chain.
We'd like to be able to trade nested scope chain info (consisting of with, block and catch scopes) in favor of speed in some cases.

BUG=chromium:340285
LOG=N
R=ulan@chromium.org, pfeldman, ulan, yangguo

Review URL: https://codereview.chromium.org/203463011

Patch from Andrey Adaykin <aandrey@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20162 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-21 12:30:58 +00:00
ulan@chromium.org
fc2563f108 Visit return statement of inlined function in value context.
BUG=354357
LOG=N
TEST=mjsunit/regress/regress-354357.js
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/206413005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-21 12:14:44 +00:00
ulan@chromium.org
f20a9473f3 Ensure that lazy deopt sequence does not override calls.
BUG=354433
LOG=N
TEST=mjsunit/regress/regress-354433.js
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/198463006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-21 11:02:15 +00:00