The corner case is calling a function named 'eval' that is looked up at
runtime and found in a non-global context (but not an extension object).
The bug is that we used the function itself as the receiver rather than
using the global object.
R=ager@chromium.org
TEST=has been added to the eval mjsunit test
Review URL: http://codereview.chromium.org/6893057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The ScannerConstants class was originally static fields on the scanner class.
During creation of the stand-alone preparser and later isolates, it has been
moved into a separate class with a per-isolate instance.
It is used to hold caching unicode Predicate values.
This change renames the class to UnicodeCache, and passes a reference
to the instance down to methods that doesn't have an easy access to
an isolate (to avoid, e.g., having to do an Isolate::Current() for every
number parsed).
Review URL: http://codereview.chromium.org/6824071
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Patch by Dmitry Lomov.
pthreads implementations are free to reuse pthread_t (thread id) after
the thread has died. This change gets rid of ThreadHandle class and
replaces it with v8-managed thread identifiers.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- mutual inlining strict and non-strict functions in crankshaft.
- assignment to undefined variable with eval in scope.
- propagation of strict mode through lazy compilation.
BUG=
TEST=test/mjsunit/strict-mode.js test/mjsunit/strict-mode-opt.js
Review URL: http://codereview.chromium.org/6814012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Change caller_sp() to always point to the place after outgoing arguments.
Change deoptimizer to use absolute stack slot addresses for deferred HeapNumber's materialization.
(This is reapplication of r7504 with fix for mozilla testsuite failures).
Review URL: http://codereview.chromium.org/6677164
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7516 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
While trying to fix Mac and Windows versions for this change:
http://codereview.chromium.org/6771047/, I figured out, that we
already store an isolate in StackFrameIterator, so we can use it in
frame objects, instead of requiring it from caller.
I've changed iterators usage to the following scheme: whenever a
caller maintains an isolate pointer, it just passes it to stack
iterator, and no more worries about passing it to frame content
accessors. If a caller uses current isolate, it can omit passing it
to iterator, in this case, an iterator will use the current isolate,
too.
There was a special case with LiveEdit, which creates
detached copies of frame objects.
R=vitalyr@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6794019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Fix %NewObjectFromBound to correctly handle optimized frames (including those with inlined functions).
Fix %_IsConstructCall handling in hydrogen: when called from inlined function return false constant directly instead of emiting HIsConstructCall.
Fix success case in TraceInline.
BUG=v8:1229
TEST=test/mjsunit/regress/regress-1229.js
Review URL: http://codereview.chromium.org/6740023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This patch adds common infrastructure for fast TLS support and
implementation on win32. More implementations will be added soon.
Fast TLS is controlled by V8_FAST_TLS define which is enabled by
default in our gyp and scons builds. The scons build has
fasttls={on,off} option so that we can see the effects of slow TLS
when needed.
Review URL: http://codereview.chromium.org/6696112
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This allows fast calls and inlining of functions like:
var o = {f: function() { return "foo"; }}
o.f();
Object literals that contain function literals are initially created a dictionary mode
object and only transformed to fast properties once all properties are computed and
added. This allows us to create constant function properties for functions declared
inside the object literal. Function literals inside object literals are marked for
pretenuring so that they work as contant function properties.
Object literals without functions should just function as before.
Review URL: http://codereview.chromium.org/6240012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7283 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Worth mentioning:
- Specialized versions of pixel array and store/loads inside the generic stubs have been removed, since to have parity for all external arrays, 8 different versions would have to be inlined/checked.
- There's a new constant in v8.h for external arrays with pixel array elements.
Review URL: http://codereview.chromium.org/6546036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
SetElement can cause an exception to be thrown. If its return value
isn't checked, this exception might not be handled at the correct time.
In some cases, it's a matter of returning Exception::Failure() from
a runtime function.
In other cases, code using SetElement on a JSArray has been changed
to setting directly on a FixedArray and only creating the JSArray
at the end.
Review URL: http://codereview.chromium.org/6588130
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7039 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
