AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jkummerow@chromium.org	ea74f0f85a	Avoid some unnecessary fast-properties map creations. (1) When we have just normalized and re-fastified a map, we don't need to copy it again to set the is_prototype bit. (2) When defining accessors causes a non-prototype object to go slow, don't force re-fastification. BUG=v8:3267 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/706243002 Cr-Commit-Position: refs/heads/master@{#25221} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-07 16:33:47 +00:00
marja@chromium.org	2b026851ac	Scanner: disallow unicode escapes in regexp flags. The spec explicitly forbids them. V8 never handled them properly either, just the Scanner accepted them (it had code to add them literally to the LiteralBuffer) and later on, Regexp constructor disallowed them. According to the spec, unicode escapes in regexp flags should be an early error ("It is a Syntax Error if IdentifierPart contains a Unicode escape sequence."). Note that Scanner is still more relaxed about regexp flags than the spec. Especially, it accepts any identifier parts (not just a small set of letters) and doesn't check for duplicates. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/700373003 Cr-Commit-Position: refs/heads/master@{#25215} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-07 14:32:19 +00:00
ishell@chromium.org	e1f93a82f2	Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136. BUG=chromium:430846 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/704183002 Cr-Commit-Position: refs/heads/master@{#25185} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-06 11:50:33 +00:00
jarin@chromium.org	91eeae5849	[turbofan] Fix deopt for assignments in non-effect context. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/701853002 Cr-Commit-Position: refs/heads/master@{#25151} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-05 13:09:14 +00:00
ishell@chromium.org	33dde8d92c	TransitionArray now uses <is_data_property, name, attributes> tuple as a key, which allows to have several entries for the same property name. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/661133002 Cr-Commit-Position: refs/heads/master@{#25136} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-05 09:26:48 +00:00
rossberg@chromium.org	357882a8e5	`1..isPrototypeOf.call(null)` should return false, not throw TypeError. BUG=v8:3483 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/433413002 Cr-Commit-Position: refs/heads/master@{#25116} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-11-04 16:14:18 +00:00
mstarzinger@chromium.org	cd3273b562	Properly handle stack overflows in the AST graph builder. R=jarin@chromium.org BUG=chromium:429159 TEST=mjsunit/regress/regress-crbug-429159 LOG=N Review URL: https://codereview.chromium.org/697473006 Cr-Commit-Position: refs/heads/master@{#25037} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-31 14:02:46 +00:00
yangguo@chromium.org	76292d2daf	Fix assertion scope in Runtime_GetScript. The HeapIterator implies DisallowHeapAllocation, but Script::GetWrapper may allocate. LOG=N R=jkummerow@chromium.org BUG=chromium:410033 Review URL: https://codereview.chromium.org/680283002 Cr-Commit-Position: refs/heads/master@{#25001} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-30 07:25:43 +00:00
yangguo@chromium.org	64cef0b2e9	Reland "In PrepareForBreakPoints, also purge shared function info not referenced by functions." BUG=chromium:424142 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/692453002 Cr-Commit-Position: refs/heads/master@{#24970} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24970 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-29 10:19:44 +00:00
yangguo@chromium.org	67b76ebaea	Revert "In PrepareForBreakPoints, also purge shared function info not referenced by functions." This reverts commit r24964. TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/687163002 Cr-Commit-Position: refs/heads/master@{#24966} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-29 09:23:10 +00:00
yangguo@chromium.org	7668c4c29a	In PrepareForBreakPoints, also purge shared function info not referenced by functions. R=ulan@chromium.org BUG=chromium:424142 LOG=N Review URL: https://codereview.chromium.org/685753002 Cr-Commit-Position: refs/heads/master@{#24964} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-29 08:11:41 +00:00
yangguo@chromium.org	0dfbf83468	Use shared function info for eval cache key. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/678843004 Cr-Commit-Position: refs/heads/master@{#24927} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-28 10:01:44 +00:00
yangguo@chromium.org	efc01f4736	Prevent recursion in the debug event listener. R=ulan@chromium.org BUG=chromium:409614 LOG=N Review URL: https://codereview.chromium.org/684573005 Cr-Commit-Position: refs/heads/master@{#24924} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24924 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-28 09:44:43 +00:00
adamk@chromium.org	f1954232b0	SimpleMove now calls [[Has]] before [[Get]] when moving elements BUG=v8:3643 LOG=n R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/678753002 Cr-Commit-Position: refs/heads/master@{#24907} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-27 13:05:13 +00:00
jarin@chromium.org	23df66ee24	Add more missing deopts BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/639883002 Cr-Commit-Position: refs/heads/master@{#24886} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-26 10:25:48 +00:00
adamk@chromium.org	c9ea8d6512	SimpleSlice now calls [[Get]] before [[Has]] when generating copy SparseSlice does not need this (non-optimal) reordering since its callers guarantee that [[Get]] has no side effects on the passed-in array. BUG=v8:3643 LOG=n R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/674003002 Cr-Commit-Position: refs/heads/master@{#24884} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-24 18:08:13 +00:00
adamk@chromium.org	02d37b8f10	Widen definition of %HasComplexElements() to include non-enumerability This avoids using the Sparse methods on objects with non-enumerable elements, which can cause the 'enumerable: false' bit to get lost in the operation. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/672323003 Cr-Commit-Position: refs/heads/master@{#24883} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-24 18:04:13 +00:00
adamk@chromium.org	0ef073d556	Fix sparse versions of Array slice/splice to use [[DefineOwnProperty]] to generate return value BUG=chromium:423633 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/673893002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 21:13:29 +00:00
adamk@chromium.org	5f1ae66d56	Narrow cases where Sparse/Smart versions of Array methods are used Added a new %HasComplexElements runtime function (meaning elements that are non-writable, non-configurable, or have getters and setters) and use it in UseSparseVariant to filter out cases where the sparse optimizations can cause V8 to fall out of spec compliance. Renamed SmartMove/SmartSlice to SparseMove/SparseSlice and guarded them with the new and improved UseSparseVariant. These two changes combine let us pass nearly every test in bug-2615.js, as well as fixing reverse and join on sparse arrays. Note that there are various test changes in this patch that correct existing tests to match the correct-by-spec behavior. This patch depends on https://codereview.chromium.org/666883009, which better-aligns the behavior of SmartMove with SimpleMove. BUG=v8:2615,v8:3612,v8:3621 LOG=y R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/656423004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24855 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 18:21:50 +00:00
ishell@chromium.org	5509cc2c07	Fixed mutable heap numbers leak in JSON parser. BUG=chromium:423687 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/669403002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 14:41:39 +00:00
dslomov@chromium.org	96105a90fc	harmony-scoping: Allow 'const' iteration variables in strict mode. R=rossberg@chromium.org BUG=v8:2506 LOG=N Committed: https://code.google.com/p/v8/source/detail?r=24834 Review URL: https://codereview.chromium.org/671913002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 12:30:20 +00:00
dslomov@chromium.org	707ed29a51	Revert "harmony-scoping: Allow 'const' iteration variables in strict mode." This reverts commit r24834 for breaking debug tests. TBR=bmeurer@chromium.org Review URL: https://codereview.chromium.org/672193002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 11:55:19 +00:00
dslomov@chromium.org	b54f7d3c46	harmony-scoping: Allow 'const' iteration variables in strict mode. R=rossberg@chromium.org BUG=v8:2506 LOG=N Review URL: https://codereview.chromium.org/671913002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-23 11:18:50 +00:00
rodolph.perfetta@arm.com	ecbfc43f37	ARM64: Fix stack manipulation. Builtins::Generate_StringConstructCode was claiming stack space instead of giving it back. BUG=chromium:425585 LOG=Y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/672623003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-22 18:24:20 +00:00
dslomov@chromium.org	b664c12235	Flatten the string in StringToDouble function. R=yangguo@chromium.org BUG=chromium:425551 LOG=N Review URL: https://codereview.chromium.org/654763003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-22 08:19:05 +00:00
adamk@chromium.org	b6d0113abc	Array.prototype.{slice,splice} should use [[DefineOwnProperty]] to generate return value BUG=chromium:423633 LOG=N R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/649063003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24784 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-21 17:46:42 +00:00
mvstanton@chromium.org	8330178b4c	The issue is that by handling strings with map/handler pairs instead of a special version of the keyed load stub (https://code.google.com/p/v8/source/detail?r=24661), I allowed polymorphism between string and non-string types in the IC. Before, the IC would go generic. Then, at crankshaft time, we special case when we only saw strings. The error here is that crankshaft can't emit code that handles polymorphism between string and non-string types. The choice is either to get that to happen (I don't deem this necessary from a performance point of view, an IC with such type feedback before would have gone generic), or simply check for the case of "polymorphic with some string maps" and require crankshaft to go generic. I'll do the latter. BUG=425519 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/667923004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-21 13:04:51 +00:00
yangguo@chromium.org	83ddaa0df7	Fix break location calculation. R=ulan@chromium.org BUG=chromium:419663 LOG=Y Review URL: https://codereview.chromium.org/658723005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-17 14:11:01 +00:00
adamk@chromium.org	ae7161e4cb	Revert "Remove SmartMove, bringing Array methods further into spec compliance" This reverts https://code.google.com/p/v8/source/detail?r=24647 It caused test failures in Array methods in Linux64 OptimizeForSize. BUG=v8:2615 TBR=verwaest@chromium.org LOG=N Review URL: https://codereview.chromium.org/656683003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-15 23:53:02 +00:00
adamk@chromium.org	bb885a79db	Remove SmartMove, bringing Array methods further into spec compliance This is one step towards a single codepath for each method in array.js. This patch is based on rafaelw's https://codereview.chromium.org/349073002 BUG=v8:2615 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/455933002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24647 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-15 23:36:58 +00:00
adamk@chromium.org	a6ff3f7f4a	Handle exceptions thrown by Array.observe machinery BUG=chromium:417709 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/651323003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-15 18:22:20 +00:00
verwaest@chromium.org	23868b419c	Optimize Function.prototype.call BUG= R=verwaest@chromium.org, jarin@chromium.org, jkummerow@chromium.org Review URL: https://codereview.chromium.org/588573002 Patch from Petka Antonov <p.antonov@partner.samsung.com>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-15 12:22:15 +00:00
yangguo@chromium.org	9a21ba499c	Catch exceptions thrown when enqueuing change records. R=ishell@chromium.org BUG=chromium:417709 LOG=N Review URL: https://codereview.chromium.org/653593002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-14 14:46:11 +00:00
ulan@chromium.org	29296d7e50	Fix computation of UTC time from local time at DST change points. This also reverts r23606, which was an incorrect fix. BUG=v8:3116,chromium:417640,chromium:415424 LOG=Y TEST=mjsunit/regress/regress-3116.js R=yangguo@chromium.org Review URL: https://codereview.chromium.org/639383002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-09 14:17:33 +00:00
jkummerow@chromium.org	1bb52d0da8	Fix Hydrogen's BuildStore() BUG=chromium:417508 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/612423002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-10-01 13:17:34 +00:00
jarin@chromium.org	5b742b356d	Adding more missing deoptimization points in Turbofan. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/595863002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-29 13:37:58 +00:00
jarin@chromium.org	b11c925142	Disable merging simulates across captured objects. BUG=chromium:416730 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/607453002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-25 12:16:32 +00:00
yangguo@chromium.org	86b3c3eea7	Insert materialized context at the right place in DebugEvaluate. R=aandrey@chromium.org, ulan@chromium.org BUG=chromium:323936 LOG=N Review URL: https://codereview.chromium.org/599113002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-25 09:33:40 +00:00
jkummerow@chromium.org	1903e560b0	Non-JSArrays must always have holey elements. Drive-by cleanup: remove unused elements_kind_ field in CallNew. BUG=chromium:416558 LOG=n R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/595333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-25 08:25:25 +00:00
mvstanton@chromium.org	b0b59073ac	Fix IC cache confusion on String.prototype.length BUG=416416 LOG=N R=jarin@chromium.org Review URL: https://codereview.chromium.org/587363002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-24 09:33:04 +00:00
jarin@chromium.org	9ef343c18d	[Turbofan] Insert nops for lazy bailout patching, fix translation of literals. The code for EnsureSpaceForLazyDeopt is taken from lithium-codegen-*. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/562033003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-23 08:46:18 +00:00
verwaest@chromium.org	83f64e8c1f	Fix escaped index JSON parsing BUG=416449 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/592813002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-22 15:21:19 +00:00
mstarzinger@chromium.org	429924b780	Fix typed lowering to number comparison. R=titzer@chromium.org TEST=mjsunit/regress/regress-3564 BUG=v8:3564 LOG=N Review URL: https://codereview.chromium.org/574653002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-16 11:33:30 +00:00
mstarzinger@chromium.org	d313551a3e	Disable lowering to StringAdd due to various issues. R=titzer@chromium.org Review URL: https://codereview.chromium.org/566303003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-16 08:29:46 +00:00
yangguo@chromium.org	7cb82a76b4	Reland "Remove V8_HOST_CAN_READ_UNALIGNED and its uses." BUG=chromium:412967 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/571903002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-15 10:54:49 +00:00
jarin@chromium.org	00e90b7e6e	Remove deoptimization by patching the call stack. We go back to patching the code for lazy deoptimization because ICs need the on-stack return address to read/update the IC address/state. The change also fixes bunch of tests, mostly by adding more deoptimization points. (We still need to add code to ensure lazy deopt patching does not overwrite ICs and other lazy deopts; this is coming next.) BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/568783002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-15 09:21:39 +00:00
jarin@chromium.org	e401262400	Reland "Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic." This relands commit r23899. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/565093002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23910 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 10:58:43 +00:00
jarin@chromium.org	bc0674d0a7	Revert "Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic." This reverts commit r23899. TBR=ulan@chromium.org Review URL: https://codereview.chromium.org/552253003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:49:22 +00:00
jkummerow@chromium.org	b4375b77ec	Fix Smi vs. HeapObject confusion in HConstants. Representation and HType should agree with each other. BUG=chromium:412215 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/556563005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:44:14 +00:00
jarin@chromium.org	91e97f8371	Change the order of arguments of the (One\|Two)ByteSeqStringSetChar intrinsic. This makes the syntactic order consistent with the evaluation order. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/561133005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-12 08:18:29 +00:00
rossberg@chromium.org	fc71f7fdb3	Fix inaccurate type condition in Hydrogen R=bmeurer@chromium.org BUG=chromium:412210 LOG=Y Review URL: https://codereview.chromium.org/550453003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 12:13:34 +00:00
jkummerow@chromium.org	bd97fcaed0	Fix regress-crbug-412203.js R=ulan@chromium.org Review URL: https://codereview.chromium.org/563733002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23869 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 11:47:39 +00:00
jkummerow@chromium.org	11f7584d0a	Fix ElementsKind handling of prototypes in Array.concat Double elements, typed elements, and sloppy arguments elements were all erroneously marked UNREACHABLE. BUG=chromium:412203 LOG=n R=ulan@chromium.org Review URL: https://codereview.chromium.org/560463002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-11 10:04:13 +00:00
ulan@chromium.org	d66ed1176f	Don't inline Array functions if receiver map is not extensible. BUG=405517 LOG=N TEST=mjsunit/regress/regress-crbug-405517.js R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/552333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23828 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 09:22:13 +00:00
ulan@chromium.org	99301fc8c5	Fix regress-411210 after r23824. BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/559863004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 08:48:40 +00:00
hpayer@chromium.org	ed37edc5c0	Remove guard page mechanism from promotion queue. BUG=chromium:411210 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/557243002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-10 07:51:29 +00:00
jarin@chromium.org	01d63e43b2	Handle non-object constants in HConstant::GetMonomorphicJSObjectMap. R=ulan@chromium.org BUG=chromium:412162 LOG=N Review URL: https://codereview.chromium.org/552243002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 12:58:34 +00:00
jkummerow@chromium.org	fd3e505fb6	Hydrogen: bailout when there is a throw statement in a non-effect context. This mirrors the behavior of the compilation pipeline before recent OptimizeFunctionOnNextCall changes. BUG=chromium:412208 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/558593002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 12:16:33 +00:00
yangguo@chromium.org	4b0c076052	Turn old space cons strings into regular external strings (not short). R=hpayer@chromium.org BUG=v8:3530 LOG=N Review URL: https://codereview.chromium.org/368223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-09 11:41:56 +00:00
jarin@chromium.org	83af12c21b	Harden OptimizeFunctionOnNextCall. BUG=411237 LOG=N R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/547553003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 15:13:44 +00:00
verwaest@chromium.org	1dddf69fdc	Allocate a new empty number dictionary when resetting elements BUG=410332 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/545773003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 11:38:22 +00:00
jarin@chromium.org	b74fae5511	Fix EvacuateJSFunction to obtain the target address from the forwarding pointer. R=mstarzinger@chromium.org BUG=410912 LOG=N Review URL: https://codereview.chromium.org/541353003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23722 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-05 09:38:04 +00:00
titzer@chromium.org	4923810a68	Remove redundant --always-full-compiler flag. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/538613006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 16:29:47 +00:00
jarin@chromium.org	1afada8d04	Ignore numbers as values of --expose-natives-as flag. R=yangguo@chromium.org BUG=408036 LOG=N Review URL: https://codereview.chromium.org/534943004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 15:05:06 +00:00
bmeurer@chromium.org	0baf275e20	Enforce correct number comparisons when inlining Array.indexOf. TEST=mjsunit/regress/regress-crbug-407946 BUG=407946 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/536393003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-04 12:25:57 +00:00
jarin@chromium.org	7572e779d0	Exclude LoadMutableDouble and FunctionBindArguments from fuzzing. BUG=409542,410262 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/535153002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-03 14:28:46 +00:00
verwaest@chromium.org	03b0237e1d	Fix loading non-configurable non-writable value from a constant with mismatching type feedback BUG=410209 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/534093003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-03 12:13:46 +00:00
jarin@chromium.org	a668cd6fc8	Context deoptimization and removal of the deoptimization block in Turbofan This adds context deoptimization to Turbofan and Crankshaft (also submitted separately as https://codereview.chromium.org/515723004/). The second patchset removes the deoptimization/continuation block from calls. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/522873002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23547 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-01 09:31:14 +00:00
jarin@chromium.org	73da434b8e	Fix manual allocation folding of RegExpConstructResult. R=mstarzinger@chromium.org BUG=409533 LOG=N Review URL: https://codereview.chromium.org/532453003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-09-01 08:08:31 +00:00
verwaest@chromium.org	2a37ab79ad	Fixed inlining of constant values Use CopyToRepresentation to elide HForceRepresentation of HConstant BUG=v8:3529 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/507613002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-26 11:34:25 +00:00
yangguo@chromium.org	ba09fa35fd	Handle null receiver in sloppy mode in %GetFrameDetails. R=jarin@chromium.org BUG=405922 LOG=N Review URL: https://codereview.chromium.org/492303006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-22 12:55:23 +00:00
bmeurer@chromium.org	0142786cea	Don't inline Array.shift() if receiver map is not extensible. TEST=mjsunit/regress/regress-crbug-405517 BUG=405517 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/491863002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-21 06:23:44 +00:00
yangguo@chromium.org	f7947b8ec4	Fix --expose-debug-as with number as argument. R=jkummerow@chromium.org BUG=405491 LOG=N Review URL: https://codereview.chromium.org/468803004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-20 11:52:22 +00:00
hpayer@chromium.org	91599ffc6c	Do not install fillers when right trimming large objects. BUG= R=jarin@chromium.org Review URL: https://codereview.chromium.org/487703002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-19 08:35:39 +00:00
jkummerow@chromium.org	dacca11cb9	Correctly handle holes when concat()ing double arrays BUG=chromium:403409 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/468863003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-18 08:51:35 +00:00
dslomov@chromium.org	eebb61a3f9	Fix OrderedHashTabelIterator accessors. They might be undefined for uninitialized iterators. The rest of the code is ready for this eventuality. R=arv@chromium.org, adamk@chromium.org BUG=403292 LOG=N Review URL: https://codereview.chromium.org/468813003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-14 10:24:19 +00:00
yangguo@chromium.org	413b20b6c1	Make %DebugPushPromise more robust wrt fuzzing. If %DebugPushPromise and throwing is called outside its intended context, we may encounter assertion failures. R=hpayer@chromium.org BUG=401915 LOG=N Review URL: https://codereview.chromium.org/453933002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-11 07:59:10 +00:00
adamk@chromium.org	bcf8b05072	Enable ES6 Map and Set by default In doing so also remove all references to the --harmony-collections flag. Due to the way context snapshotting works, it's not possible to simply enable the flag by default. Depends on ES6 Symbols: https://codereview.chromium.org/421313004 BUG=v8:1622 LOG=Y R=arv@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/427723002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-05 19:37:32 +00:00
adamk@chromium.org	d8c30bd8e7	Enable ES6 Symbols by default In doing so also remove all references to the --harmony-symbols flag. Due to the way context snapshotting works, it's not possible to simply enable the flag by default. BUG=v8:2158 LOG=Y R=dslomov@chromium.org Review URL: https://codereview.chromium.org/421313004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-08-04 18:17:54 +00:00
mstarzinger@chromium.org	57c315d0b3	Fix handling of potential string additions in hydrogen. R=titzer@chromium.org TEST=mjsunit/regress/regress-3476 BUG=v8:3476 LOG=N Review URL: https://codereview.chromium.org/423083004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 14:53:11 +00:00
verwaest@chromium.org	f08d2690c6	Fix Object.freeze with field type tracking. Keep the descriptor properly intact while update the field type. BUG=v8:3458 LOG=y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/424093002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 13:30:29 +00:00
mvstanton@chromium.org	6980c4277c	CallIC customization stubs must accept that a vector slot is cleared. The CallIC Array custom IC stub read from the type vector, expecting to get an AllocationSite. But there are paths in the system where a type vector can be re-created with default values, even though we currently grant an exception to clearing of vector slots with AllocationSites in them at gc time. BUG=392114 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/418023002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-29 11:53:30 +00:00
danno@chromium.org	afcfa7d2b7	Keep new arrays allocated with 'new Array(N)' in fast mode (revisited) Also explicit length setting with a.length = N should remain in fast mode. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/416403002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-28 13:12:26 +00:00
verwaest@chromium.org	60df9dabad	In GrowMode, force the value to the right representation to avoid deopts between storing the length and storing the value. BUG=16459193 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/419683004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-25 11:48:25 +00:00
verwaest@chromium.org	77a37e44f6	Fix issue with setters and their holders in accessors.cc BUG=3462 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/417793002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 16:42:54 +00:00
danno@chromium.org	b5a5148260	Revert 22595: "Keep new arrays allocated with 'new Array(N)' in fast mode" Due to failures in mjsunit/array-functions-prototype-misc TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/417953004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 13:38:05 +00:00
danno@chromium.org	ac89b17813	Keep new arrays allocated with 'new Array(N)' in fast mode Also explicit length setting with a.length = N should remain in fast mode. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/397593008 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-24 12:08:23 +00:00
verwaest@chromium.org	6798779031	Fix ArrayLengthSetter to not throw on non-extensible receivers. BUG=v8:3460 LOG=n R=ishell@chromium.org Review URL: https://codereview.chromium.org/411983003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-23 20:27:32 +00:00
danno@chromium.org	1d2a4b8333	Remove experimental flags that are now required R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/397253002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-18 07:17:21 +00:00
rodolph.perfetta@arm.com	56ec59bd26	ARM64: always restore regexp register cache after a C function call. BUG=v8:3444 TEST=mjsunit/regress/regress-regexp-nocase.js LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/392403002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22443 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-17 09:55:48 +00:00
yangguo@chromium.org	49ae3081d2	Error.captureStackTrace should define "stack" property as configurable. R=verwaest@chromium.org BUG=393988 LOG=N Review URL: https://codereview.chromium.org/396063008 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-16 07:55:05 +00:00
verwaest@chromium.org	1d55a634a9	Replace AddProperty by AddNamedProperty to speed up the common case BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/384003003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-14 14:05:30 +00:00
verwaest@chromium.org	aa7198dfdd	This CL simplifies var / const by ensuring the behavior is consistent in itself, and with regular JS semantics; between regular var/const and eval-ed var/const. Legacy const is changed so that a declaration declares a configurable, but non-writable, slot, and the initializer reconfigures it (when possible) to non-configurable non-writable. This avoids the need for "the hole" as marker value in JSContextExtensionObjects and GlobalObjects. Undefined is used instead. BUG= R=rossberg@chromium.org Review URL: https://codereview.chromium.org/379893002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-14 14:01:04 +00:00
jarin@chromium.org	457de26330	Fix arm64 deoptimization from double registers (reverts r20613). This reverts "ARM64: Use pair memory access in deoptimizer entry", r20613. It does not really make sense to micro-optimize the deoptimizer as it is the ultra-slow path. Moreover, the original code was easier to read (in addition to being correct). BUG=391313 LOG=N R=ulan@chromium.org Review URL: https://codereview.chromium.org/389583003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-11 19:30:09 +00:00
mstarzinger@chromium.org	50beec9738	Follow-up to a pre-existing regression test. R=yangguo@chromium.org BUG=v8:1530,v8:1872 TEST=mjsunit/regress/regress-1530 LOG=N Review URL: https://codereview.chromium.org/378233006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-09 10:23:58 +00:00
verwaest@chromium.org	ad6202d989	Fix computed properties on object literals with a double as propertyname. BUG=390732 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/371973002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-07 17:08:54 +00:00
yangguo@chromium.org	a0c10d119a	Revert "Turn old space cons strings into regular external strings (not short)." This reverts commits r22192 and r22194. TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/367113003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-03 12:24:41 +00:00
yangguo@chromium.org	6574f33d2a	Turn old space cons strings into regular external strings (not short). R=hpayer@chromium.org Review URL: https://codereview.chromium.org/368223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-03 11:46:31 +00:00
ishell@chromium.org	2fba190240	One of the fast cases in JSObject::MigrateFastToFast() should not be taken if the number of fields did not change. BUG=chromium:390918 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/363073002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 19:10:19 +00:00
yangguo@chromium.org	f353ff668a	Harden Runtime_LiveEditCheckAndDropActivations against unsafe args. R=jarin@chromium.org BUG=390925 LOG=N Review URL: https://codereview.chromium.org/362983004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 15:09:44 +00:00
yangguo@chromium.org	44d6ef37ab	Reland "Fix stack trace accessor behavior." BUG=v8:3404 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/349033007 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-07-02 14:18:10 +00:00
yangguo@chromium.org	5d408ee73d	Revert "Fix stack trace accessor behavior." This reverts r22089. TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/360033002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-30 13:16:42 +00:00
yangguo@chromium.org	e1d80e2858	Fix stack trace accessor behavior. R=verwaest@chromium.org BUG=v8:3404 LOG=N Review URL: https://codereview.chromium.org/343563009 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-30 11:48:20 +00:00
verwaest@chromium.org	8945c69855	Don't leak the global object in the Function constructor. BUG= R=dcarney@chromium.org Review URL: https://codereview.chromium.org/359713005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 13:50:37 +00:00
verwaest@chromium.org	63431b23d1	Split SetProperty(...attributes, strictmode) into DefineProperty(...attributes) and SetProperty(...strictmode) BUG= R=rossberg@chromium.org Review URL: https://codereview.chromium.org/351853005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 13:48:37 +00:00
yangguo@chromium.org	0133d96be3	Remove script collected debug event. R=yurys@chromium.org Review URL: https://codereview.chromium.org/358873005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22063 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-27 12:10:43 +00:00
yangguo@chromium.org	58bf19e9d5	Remove bogus assertions in HCompareObjectEqAndBranch. R=jkummerow@chromium.org, danno@chromium.org BUG=387636 LOG=Y Review URL: https://codereview.chromium.org/331863015 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21959 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-24 09:33:05 +00:00
yangguo@chromium.org	438f49a322	Do not eagerly update allow_osr_at_loop_nesting_level. Having debug break points prevents OSR. That causes allow_osr_at_loop_nesting_level and the actually patched state to go out of sync. R=jkummerow@chromium.org BUG=387599 LOG=Y Review URL: https://codereview.chromium.org/346223007 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-24 09:31:30 +00:00
yangguo@chromium.org	2411bc9447	Harden %FunctionBindArguments wrt optimized code cache. R=jkummerow@chromium.org BUG=387627 LOG=N Review URL: https://codereview.chromium.org/345463005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 13:17:42 +00:00
mvstanton@chromium.org	c0179a50da	Re-land "Clusterfuzz identified overflow check needed in dehoisting." BUG=380092 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/335063005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 09:09:05 +00:00
jarin@chromium.org	e56faa9909	Add missing map check to optimized f.apply(...) This is a cutdown version of https://codereview.chromium.org/346473002/, which aimed to fix f.call and f.apply. Optimized f.call was removed by r21887, this is what was left. BUG=386034 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/348623002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-23 05:50:06 +00:00
jkummerow@chromium.org	1d35d6d871	Array.concat: properly go to dictionary mode when required BUG=chromium:387031 LOG=y R=danno@chromium.org Review URL: https://codereview.chromium.org/342333002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-20 15:40:21 +00:00
yangguo@chromium.org	11368af66d	Interrupts must not mask stack overflow. R=jarin@chromium.org BUG=385002 LOG=N Review URL: https://codereview.chromium.org/339883002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-17 13:54:49 +00:00
jarin@chromium.org	f69bb7fcc3	Do not eliminate bounds checks for "<const> - x". Before this change, bounds check elimination treated "<const> - x" as "x - <const>". R=yangguo@chromium.org BUG=385054 TEST=test/mjsunit/regress/regress-385054.js LOG=N Review URL: https://codereview.chromium.org/339583003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:43:50 +00:00
bmeurer@chromium.org	2591003da5	Add unit test for regression in GVN caused by field type tracking. BUG=v8:3347 LOG=n R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/333273004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:21:42 +00:00
bmeurer@chromium.org	4642c2e18c	Revert "GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same." This reverts commit r21830 for tanking performance on Deltablue. TBR=ishell@chromium.org Review URL: https://codereview.chromium.org/336223002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 13:03:59 +00:00
jkummerow@chromium.org	aae24ae40b	Fix representation of Phis for mutable-heapnumber-in-object-literal properties BUG=v8:3392 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/328343004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-16 08:41:29 +00:00
ishell@chromium.org	41e9d916c4	GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/331493006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-13 07:51:45 +00:00
svenpanne@chromium.org	2931f09144	Fix unsigned comparisons. Instead of marking the comparison instruction itself as Uint32, we look at its arguments. This is more consistent what HChange does. BUG=v8:3380 TEST=mjsunit/regress/regress-3380 LOG=y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/325133004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-11 09:09:15 +00:00
bmeurer@chromium.org	0fcd89161b	Fix invalid attributes when generalizing because of incompatible map change. BUG=382143 LOG=y TEST=mjsunit/regress/regress-382143 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/324933003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 12:24:54 +00:00
ishell@chromium.org	6dc967e2e0	Bugfix in inlined versions of Array.indexOf() and Array.lastIndexOf() with a regression test. BUG=chromium:381534 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/319343002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 09:01:45 +00:00
bmeurer@chromium.org	7eea77bc5c	Fix missing smi check in inlined indexOf/lastIndexOf. BUG=382513 LOG=y R=danno@chromium.org Review URL: https://codereview.chromium.org/313233005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-10 04:26:15 +00:00
mvstanton@chromium.org	2714fd2399	Revert "Re-land Clusterfuzz identified overflow check needed in dehoisting." This reverts commit r21712 TBR=danno@chromium.org Review URL: https://codereview.chromium.org/315843005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 13:16:24 +00:00
mvstanton@chromium.org	c0cb82274c	Re-land Clusterfuzz identified overflow check needed in dehoisting. Overflow check needs to be smarter. BUG=380092 R=danno@google.com, danno@chromium.org LOG=N Review URL: https://codereview.chromium.org/317963004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 13:00:07 +00:00
mvstanton@chromium.org	35933119fe	Revert "Clusterfuzz identified overflow check needed in dehoisting." This reverts commit r21708, due to ASAN-reported issue. TBR=danno@chromium.org Review URL: https://codereview.chromium.org/318073002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 09:47:14 +00:00
mvstanton@chromium.org	7d2d0839ad	Clusterfuzz identified overflow check needed in dehoisting. BUG=380092 R=danno@chromium.org LOG=N Review URL: https://codereview.chromium.org/315593002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-06 09:12:16 +00:00
bmeurer@chromium.org	9244429707	Fix invalid loop condition for Array.lastIndexOf(). BUG=380512 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/313073003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-04 08:21:39 +00:00
mvstanton@chromium.org	d19aaa2b1c	Revert "Reland "Make 'name' property on functions configurable."" This reverts commit r21609 due to browser test failures. TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/313583002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 11:52:07 +00:00
mvstanton@chromium.org	848a9af6b4	%ObjectFreeze needs to exclude non-fast-path objects. ClusterFuzz will call it with sloppy arguments and similar cases. BUG=380049 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/315533002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 07:59:36 +00:00
mvstanton@chromium.org	adeaedf547	When flag --nouse-osr is set, don't allow osr from hidden runtime calls. BUG=379770 R=yangguo@chromium.org LOG=N Review URL: https://codereview.chromium.org/310773003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 07:45:40 +00:00
adamk@chromium.org	509a1a405c	ES6: Add support for values/keys/entries for Map and Set This allows code like this: var map = new Map(); map.set(1, 'One'); ... var iter = map.values(); var res; while (!(res = iter.next()).done) { print(res.value); } BUG=v8:1793 LOG=Y R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/259883002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-03 00:34:01 +00:00
mstarzinger@chromium.org	d6500b6cf7	Reland "Make 'name' property on functions configurable." R=rossberg@chromium.org BUG=v8:3333 LOG=N Review URL: https://codereview.chromium.org/303463006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-06-02 13:35:26 +00:00
bmeurer@chromium.org	5cd009a004	HRor and HSar can deoptimize. BUG=v8:3359 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/309483002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-30 16:12:25 +00:00
mvstanton@chromium.org	8c54a373dd	Changing the attributes of a data property implemented with ExecutableAccessorInfo turns the property into a field. Better to keep it as a callback, and correctly deal with the changed property attributes. R=ulan@chromium.org Review URL: https://codereview.chromium.org/262053011 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-28 09:58:27 +00:00
mstarzinger@chromium.org	6b33e50701	Revert "Make 'name' property on functions configurable." R=danno@google.com, danno@chromium.org Review URL: https://codereview.chromium.org/297163009 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-27 15:00:26 +00:00
yangguo@chromium.org	94b4aef7d6	Fix arm64 gc stress issue. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/306483002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21506 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-27 06:35:45 +00:00
mvstanton@chromium.org	d755611e93	Reland "Customized support for feedback on calls to Array." and follow-up fixes. Comparing one CallIC::State to another was not done correctly, leading to a failure to patch a CallIC when transitioning from monomorphic Array to megamorphic. BUG=chromium:377198,chromium:377290 LOG=Y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/305493003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-26 13:59:24 +00:00
mstarzinger@chromium.org	82b3b2a367	Make 'name' property on functions configurable. R=rossberg@chromium.org BUG=v8:3333 LOG=N Review URL: https://codereview.chromium.org/296413003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-26 11:42:56 +00:00
yangguo@chromium.org	32f433c12e	Fix leak in debug mirror cache. When fetching loaded scripts, mirror objects are created and cached. If the cache is not cleared, it holds script objects alive. This also fixes a minor issue with script unloading. R=ulan@chromium.org BUG=376534 LOG=N Review URL: https://codereview.chromium.org/296953005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-26 07:05:56 +00:00
mstarzinger@chromium.org	cf448aa15f	Fix representation inference for mutable double boxes. R=jarin@chromium.org BUG=v8:3307 TEST=mjsunit/regress/regress-3307 LOG=N Review URL: https://codereview.chromium.org/298723014 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21467 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-23 14:02:08 +00:00
jarin@chromium.org	3d0bf69cd8	Attempt no. 3 to fix Heap::IsHeapIterable and HeapIterator. Now we remember new space's top pointer after the last GC to find out if there was a new space allocation since the last GC. Unfortunately, this not completely safe - the debugger has a callback hook (that can call to JS) at the end of the GC epilogue that can in theory allocate and possibly make the heap non-iterable. We can only hope this does not happen. BUG=373283 R=hpayer@chromium.org LOG=N Review URL: https://codereview.chromium.org/291193005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-22 11:13:37 +00:00
jarin@chromium.org	02f1a1b987	Revert "Fix Heap::IsHeapIterable." (again) This reverts commit r21397. TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/299813002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21404 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-21 09:49:18 +00:00
jkummerow@chromium.org	58661c150f	Fix ArrayShift hydrogen support BUG=chromium:374838 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/299713003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21401 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-21 08:51:29 +00:00
jarin@chromium.org	58a130da6e	Reland "Fix Heap::IsHeapIterable." This relands r21388 (+ handlification of an offending function). BUG=373283 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/294903003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-21 06:44:38 +00:00
jarin@chromium.org	014bf8b407	Revert "Fix Heap::IsHeapIterable." This reverts commit r21387. TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/291193002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-20 14:03:38 +00:00
jarin@chromium.org	dd4c82bbb3	Fix Heap::IsHeapIterable. We only consider heap iterable if the new space is empty (in addition to the exisiting old space check). The change also moves the iterability forcing + allocation prevention gadgets to HeapIterator so that it is impossible to miss them when iterating the heap. R=hpayer@chromium.org BUG=373283 LOG=N Review URL: https://codereview.chromium.org/285693006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-20 13:19:21 +00:00
jarin@chromium.org	c3cd2f0301	Fix %SetFlags("--stress-compaction") BUG=369943 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/261253006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 10:39:08 +00:00
jarin@chromium.org	cbf8c3f460	Make escape analysis preserve all representations required by HCompareNumericAndBranch. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/257803012 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 08:43:18 +00:00
adamk@chromium.org	fb70df076b	Object.observe: avoid accessing acceptList properties more than once BUG=v8:3315 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/270763003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 18:22:28 +00:00
jarin@chromium.org	3976ebef93	Make new space iterable for --log-gc and --heap-stats options R=hpayer@chromium.org BUG=370827 TEST=test/mjsunit/regress/regress-370827.js LOG=N Review URL: https://codereview.chromium.org/272503005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21209 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 09:23:10 +00:00

1 2 3 4 5 ...

1271 Commits