AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
5,347 Commits 1 Branch 0 Tags 839 MiB
e8c012c99a
Commit Graph

1793 Commits

Author SHA1 Message Date
ager@chromium.org
a504d4bc01 Blargh. Yet another shot in the dark attempt to fix win64 compile. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/6480116

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6819 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 13:42:26 +00:00
ager@chromium.org
cde03d2fba Another attempt to fix win64 compile. 
BUG=
TEST=

Review URL: http://codereview.chromium.org/6525051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6818 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 13:37:26 +00:00
danno@chromium.org
12b4e0efe7 Implement crankshaft support for pixel array stores. 
Review URL: http://codereview.chromium.org/6528013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 13:31:12 +00:00
ager@chromium.org
4235110a82 Speculative fix for win64 build breakage. 
strstr returns a pointer and we are using an int to store a pointer difference. Using intptr_t instead.

Review URL: http://codereview.chromium.org/6529049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 13:24:40 +00:00
ager@chromium.org
a0364d795d Handle indexed properties on value objects correctly. 
As with named properties, search the value wrapper prototypes for properties.

Review URL: http://codereview.chromium.org/6526046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6810 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 12:10:48 +00:00
antonm@chromium.org
6b4ff18b5b Properly process try/finally blocks. 
In some circumstances, try/finally block can actually catch the exception:

function f() {
  try {
    throw 42;
  } finally {
    return 0;
  }
}

Therefore when propagating exception to v8::TryCatch, we must be sure
there is no try/finally blocks as well.

When bulding the messages we should be more conservative and expect that
any v8::TryCatch with no JS try/catch in between can potentionally
be the right exception handler.

Plus various minor refactorings.

BUG=1147
TEST=cctest/test-api/TryCatchAndFinallyHidingException, cctest/test-api/TryCatchAndFinally

Review URL: http://codereview.chromium.org/6526016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6809 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 11:40:48 +00:00
lrn@chromium.org
9ec16dfe68 Fix bug 1137. No longer allow the RegExp /(*)/. 
BUG=v8:1137
TEST=test/mjsunit/regexp.js

Review URL: http://codereview.chromium.org/6499016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6802 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-16 08:10:47 +00:00
mmaly@chromium.org
582cf097e9 Strict mode "this" transformation in Function.call/Function.apply. 
In strict mode the transformation of "this" is skipped.

Code review feedback.
Testing memory operand against 8 bit IMM on ia32 and x64.

Review URL: http://codereview.chromium.org/6524006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 18:57:37 +00:00
vitalyr@chromium.org
4143e4c097 Fix issue 1160: check array elements in ArrayJoin. 
Review URL: http://codereview.chromium.org/6529020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 15:12:51 +00:00
ricow@chromium.org
a8d4360d65 Make sure we always have room for patching the reloc info during lazy deoptimization (fixes issue 1156). 
Before we could have calls to builtins that would not be in the
relocation info since this used a register as target. Whenever we have
this case (from lithium codegen) we now emit a comment in the reloc
info.

Review URL: http://codereview.chromium.org/6499015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6795 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 14:36:12 +00:00
ricow@chromium.org
0648103e8c x64: Port OSR to the x64 platform. 
Review URL: http://codereview.chromium.org/6515012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 13:37:10 +00:00
ricow@chromium.org
4d07390196 Add access check when Object.keys is called on the global js proxy (fixes issue 1154) 
I will land access checks for a range of ES5 features in another patch (we added a bunch of cases like this in the past few weeks, i.e., cases where we simply use the global object instead of the js global proxy).


Review URL: http://codereview.chromium.org/6499013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-15 10:39:22 +00:00
mmaly@chromium.org
9adaeb6a17 Strict mode delete of non-configurable property. 
Strict mode flag is passed to runtime DELETE function
and then to JSObject::Delete(Property/Element) as STRICT_DELETION enum.
When deleting non-configurable property/eleemnt, TypeError is thrown.
Adding mozilla test to .gitignore.
Incorporate CR feedback.

Review URL: http://codereview.chromium.org/6515005/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 23:41:47 +00:00
danno@chromium.org
36088cb64f Implement specialized IC code stubs for pixel array stores. 
Review URL: http://codereview.chromium.org/6478027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 21:21:33 +00:00
mmaly@chromium.org
7e6bbab2c8 Strict mode delete of unqualified identifier. 
SyntaxError is reported in strict mode when deleting
an unqualified identifier. (11.4.1 of Ecma-262 5th ed)

Review URL: http://codereview.chromium.org/6516003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 18:44:26 +00:00
antonm@chromium.org
186d832c79 Introduce new runtime function to make join with lower memory usage. 
Do not use generic StringBuilderConcat which requires array passed
to keep both elements and separator (which roughly double size
of the array).  That should be faster as well.

BUG=crbug.com/54580

Review URL: http://codereview.chromium.org/6520004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 17:25:12 +00:00
whesse@chromium.org
1e4800b918 X64 Crankshaft: Fix error in pushed register indices for safepoints. Fixes issue 1153. 
BUG=1153
TEST=mjsunit/date-parse

Review URL: http://codereview.chromium.org/6518007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 16:02:02 +00:00
whesse@chromium.org
7233a930b5 X64 Crankshaft: Add test that fails on x64 Crankshaft build to list of skipped mjsunit tests. Fix comments and remove unused function from date.js. 
BUG=1153
TEST=mjsunit/date-parse
Review URL: http://codereview.chromium.org/6516011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 13:57:15 +00:00
fschneider@chromium.org
ad70b7de39 Fix a potential crash bug in keyed calls for non-string keys. 
BUG=v8:1146

Review URL: http://codereview.chromium.org/6517010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 13:13:41 +00:00
kmillikin@chromium.org
c73ce4f126 Fix a duplicate AST ID recorded for for/in. 
Avoid visiting the subexpressions of a variable that rewrites to a property
when occurring as the 'left-hand side' of for/in.

BUG=v8:1149

Review URL: http://codereview.chromium.org/6475009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 12:51:25 +00:00
karlklose@chromium.org
e0552d77cf ARM: Implement PatchStackCheckCodeAt and RevertStackCheckCode. 
Remove a failing test expectation from mjsunit.status.

Review URL: http://codereview.chromium.org/6410029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 12:07:48 +00:00
ricow@chromium.org
34eeb88ee4 Use ForceSetObjectProperty in DefineOrRedefineDataProperty (fixes crbug 72736). 
The current version uses SetObjectProperty which will not set the
value in case this is a readonly property. The spec explictly says
that a configurable but non writable property can have its value
changed with Object.defineProperty (because the same thing can be
accomplished by doing 3 calls (set writable to true, update the value,
set writable to false).


Review URL: http://codereview.chromium.org/6518004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 10:43:21 +00:00
ricow@chromium.org
6d9fde492c Do not allow calls to SetProtoType on functions that should not have a prototype (fixes issue 1151) 
Review URL: http://codereview.chromium.org/6518003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 09:37:56 +00:00
ricow@chromium.org
46bde305b5 Add support for the global object in Object.keys (fixes issue 1150) 
We do not currently handle the case where the JSGlobalProxy is passed
as argument to LocalKeys in runtime.cc.

Review URL: http://codereview.chromium.org/6516008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-14 07:49:13 +00:00
mmaly@chromium.org
e0be3072b5 Implement assignment to undefined reference in ES5 Strict Mode. 
Strict mode assignment to undefined reference.
Simple assignments (x = <value>) use CODE_TARGET_CONTEXT.
StoreIC stores its own strictness in extra_ic_state.
The strcitness is propagated as further ic stubs are generated.

Details:
* ReferenceError on assignment to non-resolvable reference in strict mode.
* Fix es5conform test expectation file.
* Add es5conform test suite into .gitignore.
* Fix Xcode project.
* Change implemented in virtual frame code generator, as well as full-codegen
  for all architectures.
* Fix debugger test.
* Fix comment for CODE_TARGET_CONTEXT
* Implement remaining StoreIC stubs to be strict mode aware.
* Trace extra_ic_state() for ic code stubs.

Code Review URL: http://codereview.chromium.org/6474026/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-13 16:19:53 +00:00
mmaly@chromium.org
3f4701df7f Revert r6756. Check failed on V8 arm - debug - crankshaft. 
Need to investigate.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-11 23:25:07 +00:00
mmaly@chromium.org
fd6338bdda Implement assignment to undefined reference in ES5 Strict Mode. 
Strict mode assignment to undefined reference.
Simple assignments (x = <value>) use CODE_TARGET_CONTEXT.
StoreIC stores its own strictness in extra_ic_state.
The strcitness is propagated as further ic stubs are generated.

Details:
* ReferenceError on assignment to non-resolvable reference in strict mode.
* Fix es5conform test expectation file.
* Add es5conform test suite into .gitignore.
* Fix Xcode project.
* Change implemented in virtual frame code generator, as well as full-codegen
  for all architectures.
* Fix debugger test.
* Fix comment for CODE_TARGET_CONTEXT
* Implement remaining StoreIC stubs to be strict mode aware.
* Trace extra_ic_state() for ic code stubs.

Code Review URL: http://codereview.chromium.org/6474026/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-11 21:39:59 +00:00
antonm@chromium.org
e96c24bf03 Properly treat exceptions thrown while compiling. 
BUG=v8:1132
TEST=test/mjsunit/regress/regress-1132.js

Review URL: http://codereview.chromium.org/6487021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-11 14:26:56 +00:00
lrn@chromium.org
fdfbdfbcf5 Fix typo in ASSERT in object-verifier for RegExp. 
BUG=v8::1129
TEST=test/mjsunit/regress/regress-1129.js

Review URL: http://codereview.chromium.org/6476027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 16:43:01 +00:00
ricow@chromium.org
512a02764f X64: Add DoCallNamed, DoContext, DoCallGlobal, and DoLoadFunctionPrototype lithium instructions. 
Review URL: http://codereview.chromium.org/6471025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 16:33:01 +00:00
antonm@chromium.org
ab24485760 Bypass JS accessors when building error array. 
In the presence of JS accessors for elements on Object.prototype JSArray::SetFastElement
may throw or its behaviour can be altered.  Instead operate on plain FixedArrays and
turn them into JSArry later.

BUG=v8:1130
TEST=test/mjsunit/regress/regress-1130.js

Review URL: http://codereview.chromium.org/6481001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 15:02:13 +00:00
antonm@chromium.org
5d3430a509 Fix forging of object's identity hashes. 
Do not do standard property lookup on hidden properties object as it might
reach Object.prototype which can be altered to forge identity hashes.
Instead do only local lookup.

Review URL: http://codereview.chromium.org/6472001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 14:09:52 +00:00
fschneider@chromium.org
5b753cecb6 Check holder before optimizing calls to global functions. 
In the case where the function is not found in the global object,
we have to generate a generic call.

BUG=v8:1106
TEST=mjsunit/regress/regress-1106.js

Review URL: http://codereview.chromium.org/6483010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 12:33:51 +00:00
vegorov@chromium.org
49adfd0f0a Bailout from PrepareSlowElementsForSort when hiting a key outside of smi-range. 
BUG=v8:1131
TEST=test/mjsunit/regress/regress-1131.js

Review URL: http://codereview.chromium.org/6469006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6726 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 12:33:34 +00:00
danno@chromium.org
1bd9f602be Implement crankshaft support for pixel array loads. 
Review URL: http://codereview.chromium.org/6410112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6725 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 12:02:36 +00:00
mikhail.naganov@gmail.com
12e62e7154 Shorten constructor names in JS tickprocessor. 
As they are no more used in DevTools profiler, there is no
need to prefix them with "devtools.profiler" namespace.

Review URL: http://codereview.chromium.org/6456025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-10 07:47:28 +00:00
antonm@chromium.org
2f17f3e5d7 Do not invoke any setters when forming stack trace JS object. 
Review URL: http://codereview.chromium.org/6463022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 19:34:04 +00:00
antonm@chromium.org
47a22dcecd Reapply http://code.google.com/p/v8/source/detail?r=6555 
Compare JSObjects by identity immediately.

When invoking EQUALS JS builtin, 1st argument is passed as a receiver and
if it's a global object, it gets overwritten with global proxy object and
thus one gets incorrect results.

BUG=v8:1082

TBR=ricow@chromium.org

Review URL: http://codereview.chromium.org/6461028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 19:09:26 +00:00
kmillikin@chromium.org
dc91c4218b Make optimized Function.prototype.apply safe for non-JSObject first arguments. 
If we have a property access of the form this.x, where the access site sees
the global object, we can specialize the IC stub so that it performs a map
check without first performing a heap object check.

Ensure that we do not get in JS code with a non-JSObject this value by
deoptimizing at Function.prototype.apply if the first argument is not a
JSObject.

BUG=v8:1128

Review URL: http://codereview.chromium.org/6463025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 16:43:23 +00:00
whesse@chromium.org
0fb5a1fd1a Add a regression test for issue 1106, optimized access to the prototype chain of the global object. 
Review URL: http://codereview.chromium.org/6459023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 15:50:39 +00:00
lrn@chromium.org
d358e2ecd3 Fix incorrect asserts in scanner. 
BUG=v8::1126
TEST=test/mjsunit/regress/regress-1126.js

Review URL: http://codereview.chromium.org/6459021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 14:16:25 +00:00
floitschV8@gmail.com
96c4f62b73 Add two tests to strtod. 
Review URL: http://codereview.chromium.org/6461018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 14:12:31 +00:00
whesse@chromium.org
afec61e870 Fix typo in r6697: Use assertThrows correctly in the added test regress-1122.js. 
Review URL: http://codereview.chromium.org/6460030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 13:16:40 +00:00
whesse@chromium.org
602d5cf427 Fix a bug that occurs when functions are defined with more than 16,382 parameters. 
Review URL: http://codereview.chromium.org/6447007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 12:46:22 +00:00
fschneider@chromium.org
eec7bc8e60 Change the code for materializing double constants on ia32. 
Instead of using the stack, use a temporary integer register
and avoid memory access.

Review URL: http://codereview.chromium.org/6452002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 12:39:15 +00:00
kmillikin@chromium.org
991a1cae12 Fix an assertion failure in stack trace construction. 
When constructing stack traces we interpret the deoptimization data for
optimized frames to find the receiver value.  This value could sometimes be
eliminated from the deoptimization data if we though it was unused.

BUG=v8:1118

Review URL: http://codereview.chromium.org/6465023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 11:45:50 +00:00
antonm@chromium.org
d724993138 Use GC-safe version when setting elements. 
BUG=1125
TEST=test/mjsunit/regress/regress-1125.js

Review URL: http://codereview.chromium.org/6463001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-09 11:38:10 +00:00
antonm@chromium.org
cf30cefda7 Check if Array.prototype.__proto__ has been reset to null. 
BUG=v8:1121
TEST=test/mjsunit/regress/regress-1121.js

Review URL: http://codereview.chromium.org/6454004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:56:44 +00:00
antonm@chromium.org
0273e8185b Propagate exceptions thrown when setting elements. 
Plus use more robust path when formatting messages---work
directly with fixed arrays.

BUG=v8:1107
TEST=test/mjsunit/getter-in-prototype.js,test/mjsunit/regress/regress-1107.js

Review URL: http://codereview.chromium.org/6451004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:42:14 +00:00
antonm@chromium.org
da8b72f2b8 1) Return failure if any of property sets failed; 
2) We cannot assert the declared property will go to the extension in the presence of callbacks and interceptors.

BUG=1119
TEST=test/mjsunit/regress/regress-1119.js

Review URL: http://codereview.chromium.org/6454011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-02-08 19:04:17 +00:00