AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jkummerow@chromium.org	8a1812f252	Fix lazy deopt after tagged binary ops Also add policing code to ensure that optimized frames can in fact lazily deopt at their respective current PC when we patch them for lazy bailout. BUG=chromium:350434 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/194703008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 09:59:36 +00:00
dslomov@chromium.org	f6dac13dcb	Revert "Enable Object.observe by default" This reverts commit r19734 for breeaking ChromiumOS browser tests. 'OpenSpecialTypes/FileManagerBrowserTest.Test/3' started to time out, bisecting the roll led to this change. http://build.chromium.org/p/chromium.chromiumos/builders/Linux%20ChromiumOS%20Tests%20%282%29/builds/22224 TBR=rafaelw@chromium.org,rossberg@chromium.org BUG=v8:2409 LOG=Y Review URL: https://codereview.chromium.org/195123005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 18:15:44 +00:00
rossberg@chromium.org	85800eff3f	Fix issue with getOwnPropertySymbols and hidden properties When getting the symbols of an object we need to ignore the hidden properties of the prototype object since the hidden properties are represented by a single string key and we will not include that hidden string in the found names. BUG=350864 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/192883005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 16:46:35 +00:00
dcarney@chromium.org	62fc099334	fix bad access check check R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/195163002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 15:12:47 +00:00
rossberg@chromium.org	3f702d4bf9	Mode clean-up pt 1: rename classic/non-strict mode to sloppy mode R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/177683002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 14:39:08 +00:00
yangguo@chromium.org	6e1507331e	Fix bug in constant folding object comparisons. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/195063002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 13:34:01 +00:00
yangguo@chromium.org	dda0aa88b0	Revert "Mark mjsunit/string-case as flaky." This reverts r19760 since the issue has been fixed in r19755. R=dslomov@google.com, dslomov@chromium.org BUG=v8:3208 LOG=N Review URL: https://codereview.chromium.org/194823002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 11:38:53 +00:00
mvstanton@chromium.org	819d9f62d0	Fix for 350887: CHECK failure on new_length->IsSmi() In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to optimize setting array length if the new length is a smi. However, we refuse to set an array length to less than the index of the highest non-configurable array element. This index may be outside of smi range. Handle this case accordingly. BUG=350887 LOG=N R=dslomov@chromium.org Review URL: https://codereview.chromium.org/194803002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 10:30:10 +00:00
yangguo@chromium.org	1634e7de38	Fix assertion in RegExp parser to correctly expect stack overflow. Advance() always checks for stack overflow. If stack indeed overflowed, current() would hold the kEndMarker. ParseOctalLiteral does not expect this in the assertion, which causes assertion failure. R=mvstanton@chromium.org BUG=350865 LOG=N Review URL: https://codereview.chromium.org/192773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 15:52:10 +00:00
yangguo@chromium.org	e25d51cc85	Fix constant folding of %_IsMinusZero. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/190793015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 15:06:54 +00:00
dslomov@chromium.org	9eefbda27f	Mark mjsunit/string-case as flaky. BUG=v8:3208 LOG=N R=machenbach@chromium.org Review URL: https://codereview.chromium.org/192573004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 14:52:05 +00:00
yangguo@chromium.org	78d23e5662	Implement KnownSuccessor method to some control instructions. R=jkummerow@chromium.org BUG=v8:3118 LOG=N Review URL: https://codereview.chromium.org/174863002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 14:50:01 +00:00
verwaest@chromium.org	1180803953	Reland and fix "Allow ICs to be generated for own global proxy." BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/176793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 12:23:05 +00:00
rossberg@chromium.org	710ee827b5	Promise.all and Promise.race should reject non-array parameter. Promise.all and Promise.race should reject the returned Promise if an invalid parameter is given. Since they don't support iterable now, they should reject the Promise if a non-array parameter is given. BUG=347453 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/182613003 Patch from Yutaka Hirano <yhirano@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 12:01:06 +00:00
bmeurer@chromium.org	bf86e624d4	Reland "Handle non-power-of-2 divisors in division-like operations". Fixed the flooring div bug and added a test case. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/191293012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 10:39:17 +00:00
rafaelw@chromium.org	6503dfb72b	Reland "Enable Object.observe by default" Original Issue: https://codereview.chromium.org/183683022/ TBR=rossberg BUG=v8:2409 LOG=Y Review URL: https://codereview.chromium.org/189513010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-08 04:41:06 +00:00
rafaelw@chromium.org	0cc44c14e5	Revert "Enable Object.observe by default" TBR=rossberg BUG= Review URL: https://codereview.chromium.org/190853007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-08 03:54:42 +00:00
rafaelw@chromium.org	dcf9842e07	Enable Object.observe by default R=rossberg@chromium.org, rossberg BUG=v8:2409 LOG=Y Review URL: https://codereview.chromium.org/183683022 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-08 02:47:53 +00:00
yangguo@chromium.org	4f15fd2977	Reland "Introduce intrinsics for double values in Javascript." This relands r19704 with a fix to the test case. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/189823003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 14:58:41 +00:00
ulan@chromium.org	06af80d42d	Introduce Runtime_GetAllScopesDetails to get all scopes at once for a frame. This will reduce heavy ScopeIterator instantiations. Once incorporated into chromium, will give 30% speed boost. BUG=chromium:340285 LOG=Y R=ulan@chromium.org, Yang, rossberg, ulan Review URL: https://codereview.chromium.org/181063008 Patch from Andrey Adaykin <aandrey@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 11:03:35 +00:00
yangguo@chromium.org	143902bebf	Revert "Introduce intrinsics for double values in Javascript." This reverts r19704. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/189533008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 09:49:28 +00:00
verwaest@chromium.org	8a3d715250	Revert "Use Representation::Integer32() for smi types on 32-bit-tagged systems." Due to performance regression. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/189843006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 09:29:07 +00:00
yangguo@chromium.org	2aefde4443	Introduce intrinsics for double values in Javascript. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/178583006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 09:05:10 +00:00
yangguo@chromium.org	ea8368f471	Use fast path for sliced and external strings in ConvertCase. R=dcarney@chromium.org BUG=v8:3180 LOG=N Review URL: https://codereview.chromium.org/180063002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-07 08:36:18 +00:00
ishell@chromium.org	997ce05289	Fix for failing asserts in HBoundsCheck code generation on x64: use proper cmp operation width instead of asserting that Integer32 values should be zero extended. Similar to chromium:345820. BUG=349465 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/188703002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 16:22:47 +00:00
jkummerow@chromium.org	1cc0bafc07	Fix HConstants with Smi-ranged HeapNumber values BUG=chromium:349878 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/186123003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 16:21:09 +00:00
ulan@chromium.org	5af7d10af5	Mark mjsunit/whitespaces as slow and timeout for a64. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/182253008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 14:15:40 +00:00
mvstanton@chromium.org	6115a006fd	Bugfix for 349874: we incorrectly believe we saw a growing store When we set an out of bounds array index, the index might be so large that it causes the array to go to dictionary mode. It's better to avoid "learning" that this was a growing store in that case. This fix also partially reverts a fix for bug 347543, as this fix is comprehensive and satisfies that repro case as well (partial revert of v19591). BUG=349874 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/188643002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 13:07:51 +00:00
verwaest@chromium.org	cd6f3ef088	Only use the non-strict-arguments-stub if the store site is non-strict. BUG=349874 LOG=N R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/176843018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 12:19:06 +00:00
jkummerow@chromium.org	5ea3f0004a	Let HTransitionElementsKind take part in RestoreActualValues phase BUG=chromium:349853 LOG=n R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/183753005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 12:13:49 +00:00
yangguo@chromium.org	285f253af1	Remove outdated assertion scope. R=jkummerow@chromium.org BUG=349870 LOG=N Review URL: https://codereview.chromium.org/182003004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 11:51:53 +00:00
yangguo@chromium.org	e2e2f4050d	Fix issues with JSON stringify replacer array If the replacer array contains a property key we should include the property even if the property is non enumerable or if it is a non own property. String and Number wrappers in the replacer array should be treated as string and number values. R=yangguo@chromium.org BUG=v8:3200, v8:3201 LOG=Y Review URL: https://codereview.chromium.org/187053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:50:53 +00:00
verwaest@chromium.org	7bf33c53eb	Use Representation::Integer32() for smi types on 32-bit-tagged systems. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/187353005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:49:10 +00:00
verwaest@chromium.org	f913c3b492	Also delete force representations that have no uses. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/187773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-06 09:47:27 +00:00
jarin@chromium.org	52fd520c96	Fix materialization of captured objects in adapted arguments. R=mstarzinger@chromium.org BUG=348512 LOG=N Review URL: https://codereview.chromium.org/183063006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 12:57:18 +00:00
jarin@chromium.org	7ac668f753	Deoptimization fix for HPushArgument. HPushArgument should never be used in a simulation environment because the slot addresses for the arguments can be off (e.g., due to on-stack arguments object of an inlined caller). R=mstarzinger@chromium.org BUG=v8:3183 LOG=N Review URL: https://codereview.chromium.org/178193026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 12:45:46 +00:00
yangguo@chromium.org	26e4f4cc1c	Handle exception when retrieving toJSON function in JSON.stringify. R=mvstanton@chromium.org BUG=349335 LOG=N Review URL: https://codereview.chromium.org/187603002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 10:54:35 +00:00
jkummerow@chromium.org	3df5573195	x64: Fix LMathMinMax for constant Smi right-hand operands BUG=chromium:349079 LOG=y R=titzer@chromium.org Review URL: https://codereview.chromium.org/186593003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 09:49:07 +00:00
mstarzinger@chromium.org	ee8cbc4fc8	Fix issue with setting __proto__ on a value LOG=N BUG=v8:3172 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/174113003 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 08:58:38 +00:00
verwaest@chromium.org	1aeaeb2b90	Allow objects with "" properties to stay fast. R=danno@chromium.org Review URL: https://codereview.chromium.org/184453003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-04 12:43:05 +00:00
yangguo@chromium.org	b1a271a02c	Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique. R=titzer@chromium.org BUG=348280 LOG=N Review URL: https://codereview.chromium.org/183383006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-04 08:08:08 +00:00
ulan@chromium.org	b9e0b87a5a	Clear optimized code cache in shared function info when code gets deoptimized. This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info. This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js). This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache. BUG=343609 LOG=Y TEST=mjsunit/regress/regress-343609.js R=yangguo@chromium.org Review URL: https://codereview.chromium.org/184923002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-03 11:11:39 +00:00
rossberg@chromium.org	5543263c19	Move all Harmony-only tests to harmony/ R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/178583005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 14:26:32 +00:00
ishell@chromium.org	c2601aea8a	Check elimination did not mark some dead blocks. R=danno@chromium.org Review URL: https://codereview.chromium.org/180483003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 14:16:38 +00:00
svenpanne@chromium.org	e9273332ef	Fixed constant folding for Math.clz32. LOG=y BUG=347906 R=yangguo@chromium.org Review URL: https://codereview.chromium.org/184353002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 13:07:10 +00:00
jochen@chromium.org	ba981e58d5	Make a64.release a quickcheck target I marked all tests as slow that take more than a minute on my machine. With this, a64.release.quickcheck takes two minutes which is about as fast as arm.optdebug.quickcheck. BUG=none R=ulan@chromium.org LOG=n Review URL: https://codereview.chromium.org/183763008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 12:46:13 +00:00
mvstanton@chromium.org	b1ffc7901f	A JSArray may have a filler map in the elements pointer. We already have code that expects this, but incorrectly asserted that the filler map case would never happen when allocation folding is turned on. However, even folding has it's limits, bailing out of continued folding when the object size grows too large. Therefore, it's a general problem when verifying JSArray objects, that we might encounter a filler map in elements(). Discovered by ClusterFuzz crbug 347903. R=hpayer@chromium.org LOG=N BUG=347903 Review URL: https://codereview.chromium.org/184493002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 12:29:19 +00:00
yangguo@chromium.org	5c186bb197	Evict from optimized code map in sync with removing from optimized functions list. R=ulan@chromium.org Review URL: https://codereview.chromium.org/184443002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 12:27:31 +00:00
bmeurer@chromium.org	70242fe3bb	Fix JSObject::PrintTransitions. BUG=347912 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/183683005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 11:41:07 +00:00
hpayer@chromium.org	38ca2629be	Fix representation generalization for doubles. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/184393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 11:07:10 +00:00
dcarney@chromium.org	98d1cedac4	Get array_function from NativeContext R=mvstanton@chromium.org LOG=N BUG=347528 Review URL: https://codereview.chromium.org/184173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 10:01:27 +00:00
bmeurer@chromium.org	5945f9ebb9	Fix handling of constant global variable assignments. BUG=347904 LOG=y R=hpayer@chromium.org Review URL: https://codereview.chromium.org/184303003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 09:40:12 +00:00
svenpanne@chromium.org	c4e90c15b8	Removed bogus ASSERT. LOG=y BUG=347542 R=yangguo@chromium.org Review URL: https://codereview.chromium.org/183763007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 08:45:07 +00:00
ishell@chromium.org	2ab83cf192	HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included. BUG=347543 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/180803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 17:33:25 +00:00
rafaelw@chromium.org	d9a66ad941	Runtime::RunMicrotask should silent return if no pending microtask work (rather than asserting) R=rossberg@chromium.org, rossberg BUG=347532 Review URL: https://codereview.chromium.org/181013008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 16:49:55 +00:00
verwaest@chromium.org	aa14020bc7	Fix putting of prototype transitions. The length is also subject to GC, just like entry. BUG=347536 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/183193003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 16:07:44 +00:00
jarin@chromium.org	05b98492a4	Handle arguments objects in frame when materializing arguments R=mstarzinger@chromium.org BUG=347262 Review URL: https://codereview.chromium.org/177293009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 15:12:12 +00:00
yangguo@chromium.org	6912a248ca	Fix bogus assertion in SetFastDoubleElements. R=danno@chromium.org BUG=347530 LOG=N Review URL: https://codereview.chromium.org/181433016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 14:45:53 +00:00
mvstanton@chromium.org	b8f8cfabca	Fix for Clusterfuzz issue 343928. The problem was that the debugger didn't expect that a JSFunction could have a GlobalContext, which it can with harmony scoping. BUG=343928 R=yangguo@chromium.org LOG=N Review URL: https://codereview.chromium.org/183103003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 13:25:05 +00:00
ishell@chromium.org	1ae7e8a1e5	Fix for failing asserts in HBoundsCheck code generation on x64: index register should be zero extended. BUG=345820 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/180013002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 16:33:54 +00:00
verwaest@chromium.org	d5caecccc5	Revert "Use stability to only conditionally flush information from the CheckMaps table." R=ishell@chromium.org Review URL: https://codereview.chromium.org/180023002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 16:11:58 +00:00
jkummerow@chromium.org	e7e93cd433	Mark HCompareMap as having Tagged representation BUG=chromium:346636 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/176923013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 15:09:47 +00:00
rossberg@chromium.org	63f1970c6c	Fix crasher in Object.getOwnPropertySymbols R=arv@chromium.org, mstarzinger@chromium.org BUG=346141 LOG=Y Review URL: https://codereview.chromium.org/177883002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 12:01:34 +00:00
bmeurer@chromium.org	77f597d387	Don't eliminate loads with incompatible types or representations. BUG=346343 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/179553002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19536 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:55:50 +00:00
ishell@chromium.org	6c1659becf	Fix for a smi stores optimization on x64 with a regression test. BUG=345715 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/178833002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:55:02 +00:00
dcarney@chromium.org	cb05cff594	negative bounds checking on realm calls R=rossberg@chromium.org LOG=N BUG=344285 Review URL: https://codereview.chromium.org/169393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:15:05 +00:00
jkummerow@chromium.org	37b6fd07c1	Fix optimistic BCE to back off after deopt BUG=v8:3176 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/177523002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-24 13:15:31 +00:00
verwaest@chromium.org	84b366516e	Don't turn objects with empty-string properties into fast-mode. R=ishell@chromium.org Review URL: https://codereview.chromium.org/165743003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-20 16:11:48 +00:00
rossberg@chromium.org	0d34254f8d	Upgrade Symbol implementation to match current ES6 behavior. Refresh the implementation of Symbols to catch up with what the specification now mandates: * The global Symbol() function manufactures new Symbol values, optionally with a string description attached. * Invoking Symbol() as a constructor will now throw. * ToString() over Symbol values still throws, and Object.prototype.toString() stringifies like before. * A Symbol value is wrapped in a Symbol object either implicitly if it is the receiver, or explicitly done via Object(symbolValue) or (new Object(symbolValue).) * The Symbol.prototype.toString() method no longer throws on Symbol wrapper objects (nor Symbol values.) Ditto for Symbol.prototype.valueOf(). * Symbol.prototype.toString() stringifies as "Symbol("<description>"), valueOf() returns the wrapper's Symbol value. * ToPrimitive() over Symbol wrapper objects now throws. Overall, this provides a stricter separation between Symbol values and wrapper objects than before, and the explicit fetching out of the description (nee name) via the "name" property is no longer supported (by the spec nor the implementation.) Adjusted existing Symbol test files to fit current, adding some extra tests for new/changed behavior. LOG=N R=arv@chromium.org, rossberg@chromium.org, arv, rossberg BUG=v8:3053 Review URL: https://codereview.chromium.org/118553003 Patch from Sigbjorn Finne <sigbjornf@opera.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 14:19:42 +00:00
yangguo@chromium.org	139134acc2	Harmony: optimize Math.clz32. R=svenpanne@chromium.org BUG=v8:2938 LOG=N Review URL: https://codereview.chromium.org/172133003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19487 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 13:51:49 +00:00
yangguo@chromium.org	84cf85598d	Harmony: implement Math.cbrt, Math.expm1 and Math.log1p. BUG=v8:2938 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/163563003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 13:49:59 +00:00
ishell@chromium.org	1342cb8b00	Bugfix in check elimination with a regression test. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/172173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 12:34:50 +00:00
rossberg@chromium.org	13d99fe778	ES6: Tighten up Object.prototype.__proto__ The spec requires that we throw under certain conditions. BUG=v8:3064 LOG=y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/103853006 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19479 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 11:59:05 +00:00
jkummerow@chromium.org	6e3b81a7b2	Fix Hydrogen bounds check elimination When combining bounds checks, they must all be moved before the first load/store that they are guarding. BUG=chromium:344186 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/172093002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 10:30:39 +00:00
alexandre.rames@arm.com	62116e2c12	A64: Let the MacroAssembler resolve branches to distant targets. Code generation would fail when assembling a branch to a label that is bound outside the immediate range of the instruction. A64 is sensitive to this, as the various branching instructions have different ranges, going down to +-32KB for TBZ/TBNZ. The MacroAssembler is augmented to handle branches to targets that may exceed the immediate range of instructions. When branching backward to a label exceeding the instruction range, the MacroAssembler can simply tweak the generated code to use an unconditional branch with a longer range. For example instead of B(cond, &label); the MacroAssembler can generate: b(InvertCondition(cond), &done); b(&label); bind(&done); Since the target is not known when the branch is emitted, forward branches uses a different mechanism. The MacroAssembler keeps track of forward branches to unbound labels. When the code generation approaches the end of the range of a branch, a veneer is generated for the branch. BUG=v8:3148 LOG=Y R=ulan@chromium.org Review URL: https://codereview.chromium.org/169893002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 13:15:32 +00:00
verwaest@chromium.org	60c08a8bf2	Directly store the transition target on LookupResult in TransitionResult. BUG=chromium:343964 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/170343003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 12:19:32 +00:00
yangguo@chromium.org	be7b023a5c	Harmony: implement Math.clz32 R=dslomov@chromium.org, svenpanne@chromium.org BUG=v8:2938 LOG=N Review URL: https://codereview.chromium.org/169783002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 10:49:35 +00:00
svenpanne@chromium.org	dbce27047e	Fixed and improved code for integral division. Fixed and extended tests. Arithmetic right shifting is not division in two's complement representation, only in one's complement. So we convert to one's complement, shift, and go back to two's complement. By permutating the last steps, one can get efficient branch-free code. This insight comes from the paleozoic era of computer science, see the paper from 1976: Guy Lewis Steele Jr.: "Arithmetic Shifting Considered Harmful" ftp://publications.ai.mit.edu/ai-publications/pdf/AIM-378.pdf This results in better and more correct code than our previous "neg/shift/neg" dance. LOG=y BUG=v8:3151 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/166793002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 10:45:27 +00:00
yangguo@chromium.org	9ffe004ae4	Harmony: implement Math.fround. R=jarin@chromium.org BUG=v8:2938 LOG=N Review URL: https://codereview.chromium.org/169513002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 10:43:06 +00:00
mvstanton@chromium.org	8bcdbc354f	Revert "Add a premonomorphic state to the call target cache." This reverts commit r19402 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/169713002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19412 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-17 14:22:18 +00:00
mvstanton@chromium.org	be731e6c95	Add a premonomorphic state to the call target cache. From a CL by kasperl: https://codereview.chromium.org/162903004/ R=verwaest@chromium.org Review URL: https://codereview.chromium.org/163413003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-17 11:59:45 +00:00
jarin@chromium.org	4c7ed144e1	Comparison in effect context lazy deopt fix. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/163623002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-16 05:51:10 +00:00
ulan@chromium.org	6744ff61ae	Fix dictionary element load to pass correct elements kind. Using FAST_SMI_ELEMENTS triggers optimization on 64-bit architectures that load only the higher 32 bits of the element. If the element is a pointer to undefined that has 0 in the higher half than it is erroneously treated as SMI 0. BUG=v8:3158 LOG=N TEST=mjsunit/sparse-array-reverse,mjsunit/regress/regress-3158.js R=danno@chromium.org, ishell@chromium.org Review URL: https://codereview.chromium.org/166653005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 15:52:24 +00:00
yangguo@chromium.org	68c7523e63	Fix assignment of function name constant. If it's shadowed by a variable of the same name and both are forcibly context-allocated, the function is assigned to the wrong context slot. R=rossberg@chromium.org BUG=v8:3138 LOG=Y Review URL: https://codereview.chromium.org/159903008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 12:40:47 +00:00
jarin@chromium.org	8acefb33fe	Test and fix for polymorphic named call deoptimization. The fix removes wrong simulates from the number branch of polymorphic call/field access handling. The change also fixes the same thing for polymorphic named field access even thourgh the field access is probably safe in practice (because it cannot deoptimize). It is better to keep all our simulates in sync with full codegen. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/166503002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 12:02:39 +00:00
yangguo@chromium.org	a676bc1bbf	Fix typed array error message. R=dslomov@chromium.org BUG=v8:3159 LOG=N Review URL: https://codereview.chromium.org/163293002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 09:33:03 +00:00
verwaest@chromium.org	e0960e19aa	Fix polymorphic inlining of accessors in a test-context. R=ishell@chromium.org Review URL: https://codereview.chromium.org/164003002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-13 16:55:38 +00:00
m.m.capewell@googlemail.com	028ff21445	A64: Fix some int32 accesses in lithium This fixes mjsunit/sin-cos. There are further int32 accesses being investigated. BUG= R=jochen@chromium.org Review URL: https://codereview.chromium.org/163553005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-13 15:49:01 +00:00
ishell@chromium.org	6bb57517c0	Restore of compare-objeq-elim test accidentally removed in r19229. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/162903005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-13 12:22:24 +00:00
rafaelw@chromium.org	6b5a4cdef2	V8 Microtask Queue & API This patch generalizes Object.observe callbacks and promise resolution into a FIFO queue called a "microtask queue". It also exposes new V8 API which exposes the microtask queue to the embedder. In particular, it allows the embedder to -schedule a microtask (EnqueueExternalMicrotask) -run the microtask queue (RunMicrotasks) -control whether the microtask queue is run automatically within V8 when the last script exits (SetAutorunMicrotasks). R=dcarney@chromium.org, rossberg@chromium.org, dcarney, rossberg, svenpanne BUG= Review URL: https://codereview.chromium.org/154283002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 22:04:19 +00:00
verwaest@chromium.org	161b2f689a	Reland: "Use stability to only conditionally flush information from the CheckMaps table." BUG= R=ishell@chromium.org Original CL: https://codereview.chromium.org/153823003 Review URL: https://codereview.chromium.org/153653007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 18:48:12 +00:00
verwaest@chromium.org	7b7e3658f7	Don't propagate information through phis in loop headers. To properly do this, we'd have to iterate over CompareMaps (and their bodies) handling phis, until we have learned enough to decide which paths can be taken. For now, just disable learning from phis in loop headers. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/147023005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 18:30:41 +00:00
rmcilroy@chromium.org	26e8009997	[a64]: Disable failing sparse-array-reverse on a64 debug builds. BUG=v8:3158 LOG=N R=ulan@chromium.org Review URL: https://codereview.chromium.org/160633002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 18:22:28 +00:00
verwaest@chromium.org	75432b7696	Revert "Use stability to only conditionally flush information from the CheckMaps table." R=ishell@chromium.org BUG= Review URL: https://codereview.chromium.org/137863005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 15:38:42 +00:00
verwaest@chromium.org	2b7d33572a	Use stability to only conditionally flush information from the CheckMaps table. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/153823003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 15:07:41 +00:00
jarin@chromium.org	af29e31a11	Fix for (One\|Two)ByteSeqStringSetChar evaluation order/deopt. This makes the evaluation order consistent between full codegen and Hydrogen (so that deopt does not screw up stack). R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/159983008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 13:31:24 +00:00
jochen@chromium.org	b0fcc801e9	A64: Skip tests failing on gc stress bots BUG=none TBR=ulan@chromium.org LOG=n Review URL: https://codereview.chromium.org/160353002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 12:18:36 +00:00
jochen@chromium.org	96a1886637	A64: Skip more known failures TBR=ulan@chromium.org BUG=none LOG=n Review URL: https://codereview.chromium.org/160073007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19318 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 11:57:50 +00:00
ulan@chromium.org	e95bc7eec8	Merge experimental/a64 to bleeding_edge. BUG=v8:3113 LOG=Y R=jochen@chromium.org, rmcilroy@chromium.org, rodolph.perfetta@arm.com Review URL: https://codereview.chromium.org/148293020 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 09:19:30 +00:00
jarin@chromium.org	21bf99e53e	Fix environment of the optimized version of the _SetValueOf intrinsic. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/158723006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-11 16:11:53 +00:00
ishell@chromium.org	994f0f6dda	Fix for a smi stores optimization on x64 with a test case. BUG=338425 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/152923006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19288 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-11 16:02:18 +00:00
yangguo@chromium.org	0870702436	Harmony: fix spec violation in Math.cosh. R=jarin@chromium.org BUG=v8:3141 LOG=N Review URL: https://codereview.chromium.org/159353003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19272 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-11 11:48:32 +00:00
yangguo@chromium.org	f78bfaa857	Fix spec violations in JSON.stringify wrt replacer array. R=verwaest@chromium.org BUG=v8:3135 LOG=Y Review URL: https://codereview.chromium.org/146623009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-11 10:45:39 +00:00
mvstanton@chromium.org	95ad971d0f	Fix gcstress test failure Map collection complicates a test that wants to assert on code opt/deopt because of prototype-chain changes. It can happen that a gc occurs in the stack guard at the start of optimized function foo that deopts function foo because of a map being collected and deoptimizing it's dependent code. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/159653002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-11 09:06:13 +00:00
ishell@chromium.org	f46da9d43b	Reland of r19102: Check elimination improvement: propagation of state through phis is supported, CheckMap narrowing implemented with tests. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/146623006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-10 15:32:54 +00:00
yangguo@chromium.org	b618d2a42a	Fix inconsistencies wrt whitespaces. This relands r19196 with fixes. BUG=v8:3109 LOG=Y R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/141323007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-10 12:43:10 +00:00
mstarzinger@chromium.org	23bfeabcfd	Remove duplicate third-party test cases. Some of the third-party test cases in the mjsunit test suite were originally taken from WebKit and are now fully covered by the equally named test suite. Mapping of test cases: - array-isarray.js -> test/webkit/Array-isArray.js - array-splice-webkit.js -> test/webkit/array-splice.js R=machenbach@chromium.org BUG= Review URL: https://codereview.chromium.org/158803002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-10 11:29:59 +00:00
rossberg@chromium.org	e8175a3e9f	Revert "Make Function.length and Function.name configurable properties." Plenty of test failures on test262, Mozilla, Webkit. Will have to investigate. TBR=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/139983003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-07 15:29:18 +00:00
rossberg@chromium.org	7317b71f02	Make Function.length and Function.name configurable properties. ES6 makes the Function object properties "length" and "name" configurable; switch the implementation over to follow that. Doing so exposed a problem in the handling of non-writable, but configurable properties backed by foreign callback accessors internally. As an optimization, if such an accessor property is re-defined with a new value, its setter was passed the new value directly, keeping the property as an accessor property. However, this is not correct should the property be non-writable, as its setter will then simply ignore the updated value. Adjust the enabling logic for this optimization accordingly, along with adding a test. LOG=N R=rossberg@chromium.org, rossberg BUG=v8:3045 Review URL: https://codereview.chromium.org/116083006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-07 14:55:30 +00:00
yangguo@chromium.org	db1a685b8f	Revert "Fix inconsistencies wrt whitespaces." This reverts r19196. TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/147443008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-07 14:13:00 +00:00
yangguo@chromium.org	d0f57e1195	Fix inconsistencies wrt whitespaces. \u0085 (NEL) is now considered a whitespace in accordance to http://www.unicode.org/Public/6.3.0/ucd/PropList.txt R=mstarzinger@chromium.org BUG=v8:3109 LOG=Y Review URL: https://codereview.chromium.org/146983007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-07 12:34:45 +00:00
rafaelw@chromium.org	41039c4f13	Revert "Implement Microtask Delivery Queue" TBR=adamk,rossberg BUG= Review URL: https://codereview.chromium.org/150103012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19176 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-07 01:08:50 +00:00
rossberg@chromium.org	01f5601129	ES6: Remove __proto__ setter poison pill http://people.mozilla.org/~jorendorff/es6-draft.html#sec-set-object.prototype.__proto__ The __proto__ setter should be reusable on other objects. BUG=v8:2804 LOG=y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/103343005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-06 16:09:45 +00:00
jarin@chromium.org	476881ce5b	Test and fix for _CallFunction intrinsic deoptimization. I have also cleaned up HOptimizedGraphBuilder::GenerateCallFunction to use IfBuilder. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/131343013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-06 12:42:26 +00:00
jarin@chromium.org	eb502fe599	Binary operation deoptimization fix. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/132453009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-06 09:36:55 +00:00
verwaest@chromium.org	7dc05b57fd	Move failing ASSERT on ARM to a more sane place. Objects can actually be stored into themselves. This fails when no write barrier is needed (eg, the object was just allocated). R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/148733005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-05 10:12:14 +00:00
rafaelw@chromium.org	7de9fc0a12	Implement Microtask Delivery Queue R=rossberg@chromium.org, rossberg BUG= Review URL: https://codereview.chromium.org/131413008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19084 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-04 19:58:49 +00:00
dslomov@chromium.org	a03d31394c	Check the offset argument of TypedArray.set for fitting into Smi. R=jkummerow@chromium.org BUG=340125 LOG=Y Review URL: https://codereview.chromium.org/145623009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-04 09:53:05 +00:00
yangguo@chromium.org	9e70f6a4e7	Fix short-circuiting logical and/or in HOptimizedGraphBuilder. R=jkummerow@chromium.org BUG=336148 LOG=Y Review URL: https://codereview.chromium.org/143263022 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-03 14:29:34 +00:00
verwaest@chromium.org	db7124dc28	Return a valid map for PropertyAccessInfos with Boolean type. BUG=340064 LOG=N R=dcarney@chromium.org Review URL: https://codereview.chromium.org/152603002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-03 10:20:32 +00:00
machenbach@chromium.org	d34938fe34	Fix expectations for new regression test. TBR=jarin@chromium.org Review URL: https://codereview.chromium.org/150853004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19013 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-01 09:56:20 +00:00
verwaest@chromium.org	ae7a209e71	Remove CallICs BUG= R=dcarney@chromium.org Review URL: https://codereview.chromium.org/148223002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 16:52:17 +00:00
machenbach@chromium.org	30fb7b83b3	[Sheriff] Mark new regression test flaky on linux 32. BUG= TBR=jarin@chromium.org Review URL: https://codereview.chromium.org/148483004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 16:47:52 +00:00
jarin@chromium.org	3c2363f4b4	Simpler repro for bug 2989. We do not correctly handle accesses to f.arguments after one of the argument has changed (where f is crankshafted). R=machenbach@chromium.org BUG=v8:2989 LOG=n Review URL: https://codereview.chromium.org/151403003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 16:12:58 +00:00
machenbach@chromium.org	275437023f	[Sheriff] Mark new regression test as flaky. BUG=336820 LOG=n R=bmeurer@chromium.org TBR=bmeurer@chromium.org Review URL: https://codereview.chromium.org/139923007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 13:56:00 +00:00
bmeurer@chromium.org	3214cf11ff	Don't crash in Array.join() if the resulting string exceeds the max string length. LOG=y BUG=336820 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/144533003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18986 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 12:21:17 +00:00
ishell@chromium.org	2aa17c6e62	Load elimination fix: load should not be replaced with another load if the former is not dominated by the latter. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/151333003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18985 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 12:03:32 +00:00
hpayer@chromium.org	27c385bf69	Revert "[Sheriff] Mark profviz flaky on GC stress." This reverts commit f70687c1e5ef15254887e0619939e25a834e936e. BUG= R=machenbach@chromium.org Review URL: https://codereview.chromium.org/148493006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 09:59:22 +00:00
verwaest@chromium.org	bef13f739c	Fix regression caused by supporting inlining accesses to non-JSObjects TBR=dcarney@chromium.org BUG= Review URL: https://codereview.chromium.org/150983002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 00:29:04 +00:00
machenbach@chromium.org	c3c064360d	Disable unsuitable tests in ASAN mode. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/148963010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-30 12:52:22 +00:00
verwaest@chromium.org	73529a7d14	Support loads from primitive values. This also changes load computation to use HeapTypes rather than Maps. TODO: move conversion between maps and heaptypes earlier in the process, already in the oracle. BUG= R=dcarney@chromium.org Review URL: https://codereview.chromium.org/147763006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-30 11:30:38 +00:00
jarin@chromium.org	99ce5a2484	The current version is passing all the existing test + a bunch of new tests (packaged in the change list, too). The patch extends the SlotRef object to describe captured and duplicated objects. Since the SlotRefs are not independent of each other anymore, there is a new SlotRefValueBuilder class that stores the SlotRefs and later materializes the objects from the SlotRefs. Note that unlike the previous implementation of SlotRefs, we now build the SlotRef entries for the entire frame, not just the particular function. This is because duplicate objects might refer to previous captured objects (that might live inside other inlined function's part of the frame). We also need to store the materialized objects between other potential invocations of the same arguments object so that we materialize each captured object at most once. The materialized objects of frames live in the new MaterielizedObjectStore object (contained in Isolate), indexed by the frame's FP address. Each argument materialization (and deoptimization) tries to lookup its captured objects in the store before building new ones. Deoptimization also removes the materialized objects from the store. We also schedule a lazy deopt to be sure that we always get rid of the materialized objects and that the optmized function adopts the materialized objects (instead of happily computing with its captured representations). Concerns: - Is the FP address the right key for a frame? (Note that deoptimizer's representation of frame is different from the argument object materializer's one - it is not easy to find common ground.) - Performance is suboptimal in several places, but a quick local run of benchmarks does not seem to show a perf hit. Examples of possible improvements: smarter generation of SlotRefs (build other functions' SlotRefs only for captured objects and only if necessary), smarter lookup of stored materialized objects. - Ideally, we would like to share the code for argument materialization with deoptimizer's materializer. However, the supporting data structures (mainly the frame descriptor) are quite different in each case, so it looks more like a separate project. Thanks for any feedback. R=danno@chromium.org, mstarzinger@chromium.org LOG=N BUG= Committed: https://code.google.com/p/v8/source/detail?r=18918 Review URL: https://codereview.chromium.org/103243005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-30 10:33:53 +00:00
machenbach@chromium.org	f815198288	[Sheriff] Mark profviz flaky on GC stress. BUG= TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/149763002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-29 20:50:51 +00:00
jarin@chromium.org	ec51f26b9e	Revert "Captured arguments object materialization" R=jarin@chromium.org Review URL: https://codereview.chromium.org/130803009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-29 15:49:48 +00:00
jarin@chromium.org	868ad01ecb	This is a preview of the captured arguments object materialization, mostly to make sure that it is going in the right direction. The current version is passing all the existing test + a bunch of new tests (packaged in the change list, too). The patch extends the SlotRef object to describe captured and duplicated objects. Since the SlotRefs are not independent of each other anymore, there is a new SlotRefValueBuilder class that stores the SlotRefs and later materializes the objects from the SlotRefs. Note that unlike the previous implementation of SlotRefs, we now build the SlotRef entries for the entire frame, not just the particular function. This is because duplicate objects might refer to previous captured objects (that might live inside other inlined function's part of the frame). We also need to store the materialized objects between other potential invocations of the same arguments object so that we materialize each captured object at most once. The materialized objects of frames live in the new MaterielizedObjectStore object (contained in Isolate), indexed by the frame's FP address. Each argument materialization (and deoptimization) tries to lookup its captured objects in the store before building new ones. Deoptimization also removes the materialized objects from the store. We also schedule a lazy deopt to be sure that we always get rid of the materialized objects and that the optmized function adopts the materialized objects (instead of happily computing with its captured representations). Concerns: - Is there a simpler/more correct way to store the already-materialized objects? (At the moment there is a custom root reference to JSArray containing frames' FixedArrays with their captured objects.) - Is the FP address the right key for a frame? (Note that deoptimizer's representation of frame is different from the argument object materializer's one - it is not easy to find common ground.) - Performance is suboptimal in several places, but a quick local run of benchmarks does not seem to show a perf hit. Examples of possible improvements: smarter generation of SlotRefs (build other functions' SlotRefs only for captured objects and only if necessary), smarter lookup of stored materialized objects. - Ideally, we would like to share the code for argument materialization with deoptimizer's materializer. However, the supporting data structures (mainly the frame descriptor) are quite different in each case, so it looks more like a separate project. Thanks for any feedback. R=mstarzinger@chromium.org, danno@chromium.org LOG=N BUG= Review URL: https://codereview.chromium.org/103243005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-29 15:14:15 +00:00
svenpanne@chromium.org	abe807db7f	ES6: Map and Set needs to normalize minus zero BUG=v8:3069 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/147143003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-29 07:27:05 +00:00
ishell@chromium.org	d330d4801d	Load elimination fix with a test case. R=titzer@chromium.org, verwaest@chromium.org Review URL: https://codereview.chromium.org/143413019 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-28 16:45:04 +00:00
mvstanton@chromium.org	371d6f6a98	We shouldn't throw under FLAG_debug_code, rather abort. Throwing under FLAG_debug_code confuses the rest of our infrastructure which expects a safe point at the site of call into the runtime for throw. We were doing that to make a clusterfuzz test happy, but the better solution is to assert/abort under debug_code, and prevent clusterfuzz from fuzzing on internal APIs that crash on incorrect values. We'll need to alter the fuzzer to turn off fuzzing for: string-natives.js lithium/SeqStringSetChar.js regress/regress-seqstrsetchar-ex3.js regress/regress-seqstrsetchar-ex1.js regress/regress-crbug-320922.js So as to prevent the fuzzer from running %_OneByteSeqStringSetChar() and %_TwoByteSeqStringSetChar(). BUG= R=hpayer@chromium.org, machenbach@chromium.org Review URL: https://codereview.chromium.org/139903005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18878 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-28 11:53:11 +00:00
ishell@chromium.org	1776dffa56	Make `String.prototype.{starts,ends}With` throw when passing a regular expression Contributed by Mathias Bynens <mathiasb@opera.com>. TEST=mjsunit/harmony BUG=v8:3070 LOG=Y R=arv@chromium.org, ishell@chromium.org Review URL: https://codereview.chromium.org/120683002 Patch from Mathias Bynens <mathiasb@opera.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18870 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-28 10:31:05 +00:00
machenbach@chromium.org	fd4a006eb3	[Sheriff] Fix status file entry. BUG= TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/148183007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18861 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-27 16:46:16 +00:00
hpayer@chromium.org	e624346e68	Skip regression test 320948 temporarily. BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/131503008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-27 15:59:10 +00:00
hpayer@chromium.org	86cf9ca690	Enable concurrent sweeping. BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/146833012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-27 14:37:22 +00:00
dslomov@chromium.org	1a67b7f86a	External Array renaming and boilerplate scrapping Replaced symbolic names with correct JS name (byte -> int8, unsigned int -> uint32 etc). Using macros to scrap the boilerplate BUG= R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/145133013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-24 16:01:15 +00:00
verwaest@chromium.org	21532ddfdc	Reland ArrayPop / ArrayPush. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/138443012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-24 11:47:53 +00:00
machenbach@chromium.org	cde3ed1fe3	Speed up some mjsunit test cases and clean up test expectations for arm and mips. Many skipped test cases already run very fast. Removing the corresponding expectations. BUG= R=jkummerow@chromium.org, mvstanton@chromium.org Review URL: https://codereview.chromium.org/138503008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-24 11:36:45 +00:00
jkummerow@chromium.org	ee4e034d70	Revert broken ArrayPop changes This reverts: r18749 "Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."", r18790 "Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.", and r18798 "MIPS: Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft." For causing crashes on Canary. BUG=chromium:337686 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/146003006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-24 08:32:50 +00:00
machenbach@chromium.org	ca0d99196d	Disable SetAllocationTimeout in fuzz-natives test since it has varargs. BUG= R=mstarzinger@chromium.org TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/145803002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-23 16:33:35 +00:00
verwaest@chromium.org	6b60546b16	Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/137693003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-23 16:20:25 +00:00
hpayer@chromium.org	83a1df2354	Remove Heap::MaxRegularSpaceAllocationSize and use Page::MaxRegularHeapObjectSize instead. BUG= R=mstarzinger@chromium.org, mvstanton@chromium.org Review URL: https://codereview.chromium.org/141653016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-23 13:02:27 +00:00
hpayer@chromium.org	a92e87e100	Make the full object memory size of a page available for a single allocation. BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/145493004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-23 12:13:20 +00:00
machenbach@chromium.org	c159485fb1	[Sheriff] Temporarily mark test as flaky. BUG= TBR=mvstanton@chromium.org Review URL: https://codereview.chromium.org/145593002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-23 10:54:30 +00:00
verwaest@chromium.org	f30330325e	Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs." BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/144913003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-22 13:22:58 +00:00
dslomov@chromium.org	33d7e64b51	ES6: Implement Object.setPrototypeOf This reverts commit bdc89ae76c15f3ef2626f8849744500248aec3ba. This is a revert of the revert with test/webkit updated as needed. Original CL Description: http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.setprototypeof This just exposes the internal %SetPrototype and adds all the required type checks as specified. BUG=v8:2675 LOG=Y R=dslomov@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/144193005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-22 12:15:57 +00:00
svenpanne@chromium.org	b4949cfd62	Fixed floor-of-div optimization. We removed an HDiv by hand which was still used by an HChange. The solution is letting dead code removal do the cleanup. Removed a fragile "optimization" (looking through an HChange), too, this obviously never triggered and is hard to get right given all our global invariants and state/type/... changes. The repro is a bit tricky, because you need inlining to make our representations and types disagree in this case. LOG=y BUG=334708 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/143903016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-22 11:54:51 +00:00
machenbach@chromium.org	1864f7388e	Add infrastructure for skipping tests in GC stress mode. Also move the GC stress configuration from the buildbot to the test runner. BUG= R=jkummerow@chromium.org, mvstanton@chromium.org Review URL: https://codereview.chromium.org/141653008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-21 12:41:25 +00:00
machenbach@chromium.org	63cd984538	[Sheriff] Temporarily mark array-literal-feedback as flaky for GC stress. The test is blocking the v8 lkgr. It will be unmarked again after there is infrastructure to disable it on GC stress only. BUG= TBR=mvstanton@chromium.org Review URL: https://codereview.chromium.org/143463004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-21 07:58:54 +00:00
machenbach@chromium.org	3be4500877	[Sheriff] Temporarily mark two mjsunit tests as flaky. The tests are blocking the v8 lkgr. They will be unmarked again after there is infrastructure to disable them on GC stress only. TBR=mvstanton@chromium.org BUG= Review URL: https://codereview.chromium.org/139343008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-20 19:05:31 +00:00
titzer@chromium.org	5771b0975a	Fix representation requirement in HReturn. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/143523002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-20 19:00:11 +00:00
verwaest@chromium.org	9f64f43a1c	Turn ArrayPush into a stub specialized on the elements kind and argc. BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/143213003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-20 17:09:24 +00:00
dslomov@chromium.org	5b7b4b99b7	Revert "ES6: Implement Object.setPrototypeOf" This reverts commit r18685 for breaking WebKit tests. TBR=arv@chromium.org git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-20 10:59:07 +00:00
dslomov@chromium.org	1e3a14da44	ES6: Implement Object.setPrototypeOf http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.setprototypeof This just exposes the internal %SetPrototype and adds all the required type checks as specified. BUG=v8:2675 LOG=Y R=dslomov@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/141913002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-20 10:38:01 +00:00
verwaest@chromium.org	ef52aeb701	Remove special ArrayCode CallIC. Once Call ICs are replaced by LoadIC + CallFunctionStub, we'll need a new way of tracking this information. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/141073006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-17 11:24:36 +00:00
mvstanton@chromium.org	155ef100e9	Fix logic error in assert in IsUndeclaredGlobal() Recent changes in IC logic meant that CallStubs no longer use the Contextual bit. IsUndeclaredGlobal() needed to adjust for that. In fact, now the CL has morphed to remove the notion of storing contextual state in the IC at all, it just becomes some extra ic state of the load ic. This took some adjustment in harmony code to use the global receiver for certain stores. Now it's clearer that only LoadICs actually record any information about contextual or not. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/140943002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-17 11:08:24 +00:00
verwaest@chromium.org	53f46c5214	Get rid of ContextualMode for call ICs. BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/137083002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 16:15:05 +00:00
mstarzinger@chromium.org	4d338985b9	Closed generator returns a completed object instead of throwing a error From ES6 rev20 draft, closed generator returns completed object (the value is `undefined` and done is `true`). Since a error thrown in generator is propagated to the caller without setting status of a thrown generator to "completed", once a generator is suspended by a error, status becomes "executing" forever. This is filed as v8:3096 LOG=N BUG=v8:3097 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/136003003 Patch from Yusuke Suzuki <yusukesuzuki@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 15:19:34 +00:00
jkummerow@chromium.org	be4c1bdac2	Fix test after r18586 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/138063003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 14:00:10 +00:00
jkummerow@chromium.org	1ed94acf0c	Turn Runtime_MigrateInstance into Runtime_TryMigrateInstance because it must not cause lazy deopts because it is called from deferred code that cannot handle lazy deopts. Hat tip to Ben for doing most of the debugging work, and to Toon for writing the regression test. BUG=chromium:315252 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/131243003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 13:41:09 +00:00
verwaest@chromium.org	f2245a9cf9	Make the strict-mode calling convention for contextual calls the default one. BUG= R=dcarney@chromium.org Review URL: https://codereview.chromium.org/131663003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 12:04:10 +00:00
hpayer@chromium.org	dcf7f73ec0	Enable allocation site pretenuring. Disable elements-kind.js unit test temporarily on gc stress builders. BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/136813002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-13 17:11:36 +00:00
jarin@chromium.org	c0f622a45b	Fix of Hydrogen environment building for function "apply" calls. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/133773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-11 13:59:04 +00:00
bmeurer@chromium.org	967d6499d2	Revert "Temporarily disable performance.now() in the d8 shell." This reverts commit r18529. R=hpayer@chromium.org Review URL: https://codereview.chromium.org/133523003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-10 12:07:29 +00:00
bmeurer@chromium.org	1b1c27d916	Temporarily disable performance.now() in the d8 shell. Review URL: https://codereview.chromium.org/133663002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-10 11:17:57 +00:00
rossberg@chromium.org	014a86ef8c	ES6: Add Object.getOwnPropertySymbols http://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.getownpropertysymbols This allows you to get the symbols used as property keys for an object. var object = {}; var sym = Symbol(); object[sym] = 42; assert(Object.getOwnPropertySymbols(object)[0] === sym); This is only available with --harmony-symbols BUG=v8:3049 R=rossberg@chromium.org, rossberg LOG=Y Review URL: https://codereview.chromium.org/108083005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18520 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-09 15:57:30 +00:00
rossberg@chromium.org	3286bc71e3	Promises: some adaptations to spec - Rename Promise.{resolved,rejected,deferred} to Promise.{resolve,reject,defer} - Rename Promise.one to Promise.race - Make all failures asynchronous, EXCEPT type errors for resolver - Disallow non-construct call to Promise constructor - Don't make combinators go through public this.defer Also, don't bother using IsCallable. R=dslomov@chromium.org, yhirano@chromium.org BUG= Review URL: https://codereview.chromium.org/99573002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18515 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-09 13:00:56 +00:00
ulan@chromium.org	8db7aaa03d	Correctly handle instances without elements in polymorphic keyed load/store. BUG=331416 TEST=mjsunit/regress/regress-331416.js LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/121893003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-08 09:57:28 +00:00
ulan@chromium.org	43d1c23e2a	Fix selection of popular pages in store buffer. BUG=331444 TEST=mjsunit/regress/regress-331444.js LOG=Y R=hpayer@chromium.org Review URL: https://codereview.chromium.org/125983002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-08 09:49:37 +00:00
jkummerow@chromium.org	7761059a98	Fix d8's Shell::ReadBuffer after r18227 BUG=v8:3085 LOG=N R=jochen@chromium.org Review URL: https://codereview.chromium.org/127853003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-08 09:48:38 +00:00
mstarzinger@chromium.org	127c660eab	Upgrade Number constructor to ES6. Add missing constants, predicates and functions to the Number constructor to have it offer what ES6 now specifies. That is, extend it with: * isInteger(), isSafeInteger() * parseInt(), parseFloat() * EPSILON, MIN_SAFE_INTEGER, MAX_SAFE_INTEGER LOG=N R=mstarzinger@chromium.org BUG=v8:3082 Review URL: https://codereview.chromium.org/124573002 Patch from Sigbjorn Finne <sigbjornf@opera.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18480 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-08 09:09:49 +00:00
mvstanton@chromium.org	fc5834343f	Remove flag track-allocation-sites. The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag. R=verwaest@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=18385 Review URL: https://codereview.chromium.org/104923010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-07 15:58:25 +00:00
jarin@chromium.org	acf24331e3	Fixed Lithium environment generation bug for captured objects (created by escape analysis). Added several tests that expose the bug. Summary: LCodegen::AddToTranslation assumes that Lithium environments are generated by depth-first traversal, but LChunkBuilder::CreateEnvironment was generating them in breadth-first fashion. This fixes the CreateEnvironment to traverse the captured objects depth-first. Note: It might be worth considering representing LEnvironment by a list with the same order as the serialized translation representation rather than having two lists with a subtle relationship between them (and then serialize in a slightly different order again). R=titzer@chromium.org, mstarzinger@chromium.org LOG=N BUG= Review URL: https://codereview.chromium.org/93803003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18470 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-07 14:36:26 +00:00
mvstanton@chromium.org	e3e7daf01c	We need to know if a load, store or call IC is assumed to be on the global object. Previously, this information was stored in RelocInfo. A more logical place for this kind of structural information is ExtraICState. Storing it there makes it easier for us to gather type feedback from these sites too. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/96083005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18466 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-07 14:14:34 +00:00
verwaest@chromium.org	4615e9edac	Reland v8:18458 "Load the global proxy from the context of the target function." BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/104013008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-07 10:46:39 +00:00
rossberg@chromium.org	2879f2104c	Revert "Load the global proxy from the context of the target function." This reverts commit https://code.google.com/p/v8/source/detail?r=18458, since it exhibits a bug that breaks some tests. TBR=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/93863006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-07 09:55:25 +00:00
verwaest@chromium.org	5b40c38679	Load the global proxy from the context of the target function. BUG= R=dcarney@chromium.org Review URL: https://codereview.chromium.org/111613003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-07 08:21:17 +00:00
ulan@chromium.org	711bcbb0e3	ARM: fix loading of global object in LWrapReceiver. Since r16993 the cp register is handled by registers allocator, and we cannot assume that the cp always contains the context. BUG=318420 LOG=Y TEST=test/mjsunit/regress/regress-318420.js R=verwaest@chromium.org Review URL: https://codereview.chromium.org/121703002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-27 14:38:00 +00:00
ulan@chromium.org	7ac7a7ea99	Fix a race between concurrent recompilation and OSR. If concurrent recompilation finishes before OSR, then OSR replaces the old optimized code without evicting it from the optimized code map. New functions can get the old optimized code from the optimized code map, but the old code could be already deoptimized. BUG=330046 TEST=test/mjsunit/regress-330046.js LOG=Y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/109033003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-27 09:22:56 +00:00
yangguo@chromium.org	2a4be7067c	Refactor the compiling pipeline. Goals: - easier to read, more suitable identifiers. - better distinction between compiling optimized/unoptimized code - compiler does not install code on the function. - easier to add features (e.g. caching optimized code for osr). - remove unnecessary code. R=titzer@chromium.org Review URL: https://codereview.chromium.org/110203002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 14:30:35 +00:00
yangguo@chromium.org	f7929d2a87	Reland "Handlify concat string and substring." This relands commit r17490. BUG= R=ulan@chromium.org Review URL: https://codereview.chromium.org/114943004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18408 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 12:37:56 +00:00
yangguo@chromium.org	8c10fc6aee	Harmony: implement math.hypot. R=jarin@chromium.org BUG=v8:2938 LOG=N Review URL: https://codereview.chromium.org/118303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 11:13:39 +00:00
yangguo@chromium.org	2e2676a843	Harmony: implement Math.log2 and Math.log10. R=jarin@chromium.org BUG=v8:2938 LOG=N Review URL: https://codereview.chromium.org/119093006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 10:54:47 +00:00
yangguo@chromium.org	cd7d61cfc2	Fix small spec violation in String.prototype.split. Also slightly extended the test coverage. R=rossberg@chromium.org BUG=v8:3026 LOG=Y Review URL: https://codereview.chromium.org/119093002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18405 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 10:01:22 +00:00
yangguo@chromium.org	c61d07e03f	Correctly resolve forcibly context allocated parameters in debug-evaluate. R=ulan@chromium.org BUG=325676 LOG=Y Review URL: https://codereview.chromium.org/107243006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 08:37:03 +00:00
titzer@chromium.org	be32761a67	Improve load elimination handling of transitioning stores. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/106973005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-20 12:12:41 +00:00
rossberg@chromium.org	b882bddcfd	Make a strict function's "name" property non-writable. Set [[Writable]] to false for the "name" property of strict functions as well, mirroring what non-strict functions have it as. LOG=N R=rossberg@chromium.org TEST=mjsunit/regress/regress-270142 BUG=270142 Review URL: https://codereview.chromium.org/99203006 Patch from Sigbjorn Finne <sigbjornf@opera.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-20 12:06:11 +00:00
hpayer@chromium.org	f583b73b70	Revert "Remove flag track-allocation-sites." This reverts commit 6c430da40efe388035504d3603756aa8c46ed1dc. BUG= Review URL: https://codereview.chromium.org/109303006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-20 12:04:34 +00:00
mvstanton@chromium.org	e654c88fab	Remove flag track-allocation-sites. The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/104923010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-20 11:46:31 +00:00
titzer@chromium.org	1f679a58f7	Improve check elimination with branch sensitivity on HCompareObjectEqAndBranch. BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/106733002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-19 17:42:21 +00:00
jkummerow@chromium.org	3c76ecd732	Fix switch statements with non-Smi integer labels and no type feedback BUG=chromium:329709 LOG=Y R=hpayer@chromium.org Review URL: https://codereview.chromium.org/98643010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-19 14:25:58 +00:00
verwaest@chromium.org	fb7218dc3d	Enable optimization of functions with generic switches. R=jkummerow@chromium.org, titzer@chromium.org Review URL: https://chromiumcodereview.appspot.com/110123002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-18 11:44:38 +00:00
yangguo@chromium.org	213b05b5b9	Fix off-by-one error in AstTyper, part 2. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/112933002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-12 15:19:57 +00:00
jkummerow@chromium.org	48ff79a300	Fix polymorphic inlined calls with migrating prototypes LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/104793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-12 14:57:00 +00:00
ulan@chromium.org	cc401095fb	Initialize Date parse cache with SMI instead of double to workaround sharing mutable heap numbers in snapshot. This is the only field in the snapshot that was tracked as double. R=verwaest@chromium.org TEST=mjsunit/regress/regress-280531.js BUG=280531 LOG=Y Review URL: https://chromiumcodereview.appspot.com/112003005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-11 13:11:44 +00:00
yangguo@chromium.org	5bc64b9fa5	Fix off-by-one error in AstTyper. This causes the first parameter to be confused with the first stack local when we collect type information. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/105943007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18296 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-11 11:34:09 +00:00
hpayer@chromium.org	75a84eca0b	Added regression test for escape analysis. BUG= R=jarin@chromium.org Review URL: https://codereview.chromium.org/99133011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18290 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-10 15:54:20 +00:00
titzer@chromium.org	3de79abd85	Add a regression test for boolean concatenation in strings. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/106743010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-10 14:05:25 +00:00
svenpanne@chromium.org	e1db6d86a9	Avoid FP exceptions when doing integer division. BUG=v8:3039 R=titzer@chromium.org Review URL: https://codereview.chromium.org/104003004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-09 10:15:19 +00:00
mvstanton@chromium.org	b807f4f82f	Bugfix: HCheckInstanceType::GetCheckMaskAndTag used an incorrect mask. The mask to check for an internalized string was incorrectly formed. Hat tip to Weiliang Lin for discovering the bug. BUG=v8:3038 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/108033002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-06 09:43:07 +00:00
verwaest@chromium.org	8a4df124a4	Fix loop side-effects of deoptimizing loops with a nested live OSR loop. R=titzer@chromium.org Review URL: https://chromiumcodereview.appspot.com/106723002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-05 18:31:06 +00:00
machenbach@chromium.org	d8a757c669	Add tests and extension verifying CHECK and ASSERT. The new native functions can also be used in blink tests to ensure that V8 asserts are turned on where they should be. BUG= R=dslomov@chromium.org Review URL: https://codereview.chromium.org/105953005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18262 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-05 17:26:22 +00:00
yangguo@chromium.org	34f0b745b8	Reland "Implement hyperbolic math functions for ES6." BUG=v8:2938 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/104173002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-05 12:36:42 +00:00
yangguo@chromium.org	3e689544af	Revert "Implement hyperbolic math functions for ES6." BUG= Review URL: https://codereview.chromium.org/104003002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18248 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-04 08:53:17 +00:00
yangguo@chromium.org	d1e0c338f3	Implement hyperbolic math functions for ES6. R=jarin@chromium.org BUG=v8:2938 LOG=Y Review URL: https://codereview.chromium.org/102023003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-04 08:32:18 +00:00
titzer@chromium.org	1d6710c933	Add some test cases with dead loops. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/98323004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-03 18:04:45 +00:00
verwaest@chromium.org	d4eaae37d1	Check whether the receiver to a keyed-call is actually a heapobject. BUG=325225 LOG=n R=dslomov@chromium.org Review URL: https://chromiumcodereview.appspot.com/101863004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-03 17:59:31 +00:00
titzer@chromium.org	16c4c14fac	Check elimination: Learn from if(CompareMap(x)) on true branch. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/99043002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18210 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-02 18:34:33 +00:00
bmeurer@chromium.org	aa83f2900a	Fix invalid assertion with OSR in BuildBinaryOperation. BUG=v8:3032 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/98623004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-02 13:12:07 +00:00
yangguo@chromium.org	3d062847a4	Make sin-cos test case compatible with --always-osr. R=machenbach@chromium.org Review URL: https://codereview.chromium.org/98893002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-02 12:56:54 +00:00
mstarzinger@chromium.org	db915fe97e	Handle captured objects in OptimizedFrame::Summarize. R=yangguo@chromium.org BUG=v8:3029 TEST=mjsunit/regress/regress-3029 LOG=N Review URL: https://codereview.chromium.org/96773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-02 12:11:02 +00:00
mvstanton@chromium.org	5ba1304d60	Array builtins need to be prevented from changing frozen objects, and changing structure on sealed objects. BUG=299979 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/80623002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-29 15:22:16 +00:00
yangguo@chromium.org	f235194518	Fix bug in inlining Function.apply. R=jkummerow@chromium.org BUG=323942 LOG=Y Review URL: https://codereview.chromium.org/95123003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18135 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-28 15:30:17 +00:00
titzer@chromium.org	bbdd21ebb0	Fix load elimination: can only .Equals() GVN-able instructions. BUG= R=yangguo@chromium.org Review URL: https://codereview.chromium.org/95193002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-28 15:27:42 +00:00
dslomov@chromium.org	7372596615	Ensure that length is Smi in TypedArrayFromArrayLike constructor. R=jkummerow@chromium.org BUG=324028 LOG=Y Review URL: https://codereview.chromium.org/94473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-28 15:22:36 +00:00
mstarzinger@chromium.org	d53e38777f	Fix missing bounds check in n-arguments Array constructor. LOG=N R=mvstanton@chromium.org BUG=v8:3027 TEST=mjsunit/regress/regress-3027 Review URL: https://codereview.chromium.org/92103003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-28 09:29:57 +00:00
yangguo@chromium.org	ea43173cf4	Shorten autogenerated error message. R=rossberg@chromium.org BUG=v8:3019 LOG=Y Review URL: https://codereview.chromium.org/88393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18115 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-28 08:59:45 +00:00
rossberg@chromium.org	e943623b12	Harmony promises Based on prototype at https://github.com/rossberg-chromium/js-promise which informed the latest spec draft version at https://github.com/domenic/promises-unwrapping/blob/master/README.md Activated by --harmony-promises. Feature complete with respect to the draft spec, plus the addition of .when and .deferred methods. Final naming and other possible deviations from the current draft will hopefully be resolved soon after the next TC39 meeting. This CL also generalises the Object.observe delivery loop into a simplistic microtask loop. Currently, all observer events are delivered before invoking any promise handler in a single fixpoint iteration. It's not clear yet what the final semantics is supposed to be (should there be a global event ordering?), but it will probably require a more thorough event loop abstraction inside V8 once we get there. R=dslomov@chromium.org, yhirano@chromium.org BUG= Review URL: https://codereview.chromium.org/64223010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18113 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-27 17:21:40 +00:00
machenbach@chromium.org	c95173b2eb	Increase test runner speed. Let the test runner preserve the order of test suites to let suites with long running tests run first. Mark some tests as slow that can now be skipped via --slow-tests=skip. BUG= R=yangguo@chromium.org Review URL: https://codereview.chromium.org/88343002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18086 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-26 16:53:04 +00:00
yangguo@chromium.org	ab96631177	Increase precision for base conversion for large integers. R=jkummerow@chromium.org BUG=v8:3025 LOG=Y Review URL: https://codereview.chromium.org/88583002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-26 15:48:13 +00:00
yangguo@chromium.org	afd8e5a305	Speed up long-running test cases. R=ishell@chromium.org Review URL: https://codereview.chromium.org/85163003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-26 11:32:39 +00:00
yangguo@chromium.org	4716b292db	Make some ARM test cases faster. R=ishell@chromium.org Review URL: https://codereview.chromium.org/85473004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-26 10:43:44 +00:00
dslomov@chromium.org	c3a4d718ce	Generate TypedArrayInitialize builtin in hydrogen. R=danno@chromium.org Review URL: https://codereview.chromium.org/59023003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-25 14:41:46 +00:00
mvstanton@chromium.org	81b22bbf96	A performance regression in array literal creation was caused by refactoring that eliminated a special fast case for shallow arrays. At the same time the general case got a bit slower. This CL restores most of the performance without coding the special fast case. The virtual dispatching is unnecessary because we know what we want to do at compile time. A flag was added to Runtime::CreateArrayLiteral. The flags delivers information about shallowness but also whether or not allocation mementos should be created. This is useful for crankshafted code. BUG=v8:3008 LOG=Y R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/77293003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18046 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-25 12:41:27 +00:00
yangguo@chromium.org	aa3518a0f3	Make sure files end with exactly one new line and police this in presubmit. The changes are (excluding presubmit.py) mechanical. I added the following lines after the check and iterated the presubmit script until all errors went away: f = open(name, "w"); if contents.endswith('\n\n'): f.write(contents[0:-1]) else: f.write(contents + '\n') R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/82803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-22 13:50:39 +00:00
ulan@chromium.org	21fb1401bd	Restore saved caller FP registers on stub failure and preserve FP registers on NotifyStubFailure. In debug mode, clobber FP registers on each runtime call to increase chances of catching such bugs. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/78283002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-22 10:21:47 +00:00
yangguo@chromium.org	e5f187995d	Mark flaky debug test as failing. The issues are known. For the time being, we mark it as failing. R=machenbach@chromium.org BUG=v8:2921, v8:3005 LOG=N Review URL: https://codereview.chromium.org/77723008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-20 17:09:17 +00:00
yangguo@chromium.org	2c7ebfa7f0	Increase precision when finding the remainder after division by pi/2. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/66703005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-20 15:04:37 +00:00
svenpanne@chromium.org	8f88467bf6	Removed unused --preallocate-message-memory flag. It results in a lot of dead code, and Isolate::PrintStack itself crashes most of the time when something went wrong earlier. Furthermore, we have plans do get better information into the minidump, anyway. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/78003002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-20 12:35:58 +00:00
danno@chromium.org	06c7620302	Fixed crashes exposed though fuzzing. The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set. R=yangguo@chromium.org TEST=test/mjsunit/regress/regress-320948.js BUG=chromium:320948 LOG=Y Review URL: https://codereview.chromium.org/72813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-19 16:41:07 +00:00
jkummerow@chromium.org	37443768bf	Fix register trashing in Emit*ByteSeqStringSetChar This is currently not observable without --allow-natives-syntax because all internal usages are safe, but it deserves to be fixed nonetheless. BUG=chromium:320922 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/67103003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-19 12:59:09 +00:00
mvstanton@chromium.org	bff41483dc	Bugfix: dependent code field in AllocationSite was keeping code objects alive even after context death. BUG=320532 LOG=Y R=ulan@chromium.org Review URL: https://codereview.chromium.org/62803008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-19 10:17:33 +00:00
dslomov@chromium.org	6749e57f47	Fix data view accessors to throw execptions on offsets bigger than size_t. R=jkummerow@chromium.org BUG=v8:3013 LOG=Y Review URL: https://codereview.chromium.org/74583003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17840 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-18 15:16:22 +00:00
dslomov@chromium.org	cb6e8b334d	Revert "Fix data view accessors to throw execptions on offsets bigger than size_t." This reverts commit r17838 for breaking arm build. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/75213005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-18 15:05:05 +00:00
dslomov@chromium.org	dd5c7ec89e	Fix data view accessors to throw execptions on offsets bigger than size_t. R=jkummerow@chromium.org BUG=v8:3013 LOG=Y Review URL: https://codereview.chromium.org/74583003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17838 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-18 14:58:16 +00:00
dslomov@chromium.org	4228132e74	Use mock ArrayBuffer allocator to avoid really allocating 1Gb. R=jkummerow@chromium.org BUG=v8:3014 LOG=N Review URL: https://codereview.chromium.org/61623009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-18 14:50:45 +00:00
dslomov@chromium.org	99133912bd	Generate DataViewInitialize built-in in hydrogen. R=bmeurer@chromium.org, mvstanton@chromium.org Review URL: https://codereview.chromium.org/66843011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-18 13:57:49 +00:00
danno@chromium.org	f27f2fa420	Match max property descriptor length to corresponding bit fields BUG=v8:3010 R=verwaest@chromium.org LOG=N Review URL: https://codereview.chromium.org/72333004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-18 11:44:06 +00:00
mstarzinger@chromium.org	ed034b39e5	Fix bogus allocation limit in allocation folding. R=ishell@chromium.org TEST=mjsunit/allocation-folding Review URL: https://codereview.chromium.org/73563004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 18:44:59 +00:00
dslomov@chromium.org	7832aab75c	Add suppressions for regress-319722-ArrayBuffer. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/59093007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 17:40:21 +00:00
jkummerow@chromium.org	c9b41c6995	Limit size of dehoistable array indices LOG=Y BUG=chromium:319835,chromium:319860 R=dslomov@chromium.org Review URL: https://codereview.chromium.org/74113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 17:24:10 +00:00
dslomov@chromium.org	7936ca39be	Limit the size for typed arrays to MaxSmi. R=jkummerow@chromium.org LOG=Y BUG=319722 Review URL: https://codereview.chromium.org/73943004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 16:37:15 +00:00
dslomov@chromium.org	c01aa1fc1f	Revert "Limit the size for typed arrays to MaxSmi." This reverts commit r17798 for allocating too much memroy in tests. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/74093002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 16:25:51 +00:00

... 3 4 5 6 7 ...

2836 Commits