AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
12,539 Commits 1 Branch 0 Tags 839 MiB
f0305bd83e
Commit Graph

990 Commits

Author SHA1 Message Date
loislo@chromium.org
1a15f8f768 CPUProfiler: Simplify logging part of CreateCodeEvent functions. 
We have 5 overloaded functions with name CreateCodeEvent.
All these functions have many common parts. I'd like to eliminate the difference between them.

TEST=existing tests
R=yangguo@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/16901014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15287 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-24 12:55:19 +00:00
dslomov@chromium.org
91eb5f8d25 DataView implementation. 
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/17153011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-21 13:02:38 +00:00
rossberg@chromium.org
0977c60984 Use AST's type field and merge types for unary, binary & compare ICs 
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/17468003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-21 11:10:06 +00:00
mstarzinger@chromium.org
ea87d08557 Revert r14930 and r14935 temporarily. 
This is a temporary revert to track down a potential perf regression
introduced in r14930. The following two changes were reverted:
- "Deprecate HAllocateObject in favor of HAllocate."
- "Added pretenuring support for call new."

R=danno@chromium.org
BUG=chromium:247504

Review URL: https://codereview.chromium.org/17491002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-20 10:48:14 +00:00
mstarzinger@chromium.org
a527f451bc Deprecate old code aging mechanism. 
The old code aging mechanism is too agressive with flushing as it leads
to many functions being flushed and recompiled over and over again. By
now the new code aging mechanism has stabilized enough to deprecate the
old fallback mechanism.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/17061004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15209 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 17:00:01 +00:00
mvstanton@chromium.org
c70b41684d Use type feedback for Array (non-constructor) call sites. 
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/17155010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15201 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-19 09:25:24 +00:00
danno@chromium.org
61a23ceb4d Refactor only: Rename JSGlobaPropertyCell to PropertyCell 
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/17064002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-14 16:06:12 +00:00
mstarzinger@chromium.org
fede5231bc Deprecate several unchecked accessors. 
R=hpayer@google.com
BUG=v8:1490

Review URL: https://codereview.chromium.org/16663009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15123 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-13 15:00:30 +00:00
rossberg@chromium.org
94f651bc1b Migrate Compare ICs to new type rep 
(Does not yet use common AST expression type field.)

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16361015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 17:20:37 +00:00
danno@chromium.org
1b89cbf817 Separate Cell and PropertyCell spaces 
This makes it possible to store additional information on property cells, for example Type and optimized Code dependencies.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/16631002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 15:03:44 +00:00
mstarzinger@chromium.org
643350c5d2 Deprecate obsolete JSFunction::unchecked_shared accessor. 
R=hpayer@chromium.org
BUG=v8:1490

Review URL: https://codereview.chromium.org/16813005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15086 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 14:05:56 +00:00
hpayer@chromium.org
7ff046c3fd Implemented function that returns code age. 
This may be used to display debugging information.

BUG=
R=danno@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/16509005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 12:39:15 +00:00
yangguo@chromium.org
74556569d1 Reland "Enable map dependency to in-flight compilation info." 
BUG=248076
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16782004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-12 09:43:22 +00:00
yangguo@chromium.org
6da97b1d4a Revert "Enable map dependency to in-flight compilation info." 
This includes r15032, r15030 and r15005.

R=ulan@chromium.org
BUG=248076

Review URL: https://chromiumcodereview.appspot.com/16482004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15061 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-11 11:55:56 +00:00
yangguo@chromium.org
5cf0cba71a Fix compilation with gdbjit=on. 
r14919 forgot three AssertNoAllocation -> DisallowHeapAllocation replacements.

BUG=v8:2719
R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16093041

Patch from Kang-Hao (Kenny) Lu <kennyluck@csail.mit.edu>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15046 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-10 16:31:55 +00:00
wingo@igalia.com
f88bca9576 Generator object "next" method takes optional send value 
Update the generators implementation to make "next" also do the job of
what was previously called "send" by taking an optional argument.
Remove send, and do a bunch of renamings.

R=rossberg@chromium.org
BUG=v8:2355, v8:2715

Review URL: https://codereview.chromium.org/16136011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-10 09:26:18 +00:00
dslomov@chromium.org
cbb11dbe6c Neutering API for v8::ArrayBuffer 
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/16562005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-07 15:02:20 +00:00
yangguo@chromium.org
17cfe68015 Enable map dependency to in-flight compilation info. 
R=ulan@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/16542003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-07 13:27:03 +00:00
dslomov@chromium.org
b3282c290e Recording array buffer views. 
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/15562008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-07 10:52:11 +00:00
rossberg@chromium.org
372457a793 Allow smis for singleton types 
To that end, introduce a generic Box struct.

R=danno@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16562003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14987 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-06 15:40:28 +00:00
verwaest@chromium.org
16199c63d8 Initialized representations of computed values to None. 
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14721009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14982 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-06 14:21:35 +00:00
rossberg@chromium.org
919d64adce Add type field to AST expression nodes 
More importantly, do a bunch of renamings of incidental existing "types" to avoid actual and potential name clashes (and also to improve consistency).

R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/16549002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-06 13:28:22 +00:00
verwaest@chromium.org
5e8679beea Remove the optimized construct stub. 
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15993016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14946 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-05 08:43:25 +00:00
mstarzinger@chromium.org
d7975dfdab Deprecate HAllocateObject in favor of HAllocate. 
This models the instantiation of an implicit receiver for CallNew nodes
in hydrogen using HAllocate together with generic stores instead of one
specialized HAllocateObject instruction, hence creating a single choking
point for inlined allocation in optimized code.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/15714005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14930 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-04 08:28:33 +00:00
svenpanne@chromium.org
b9e025a8dc Collect type feedback for power-of-2 right operands in BinaryOps. 
Improved --trace-ic output for unary/binary ops a bit on the way. Moved int32_t/uint32_t conversion helpers around.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/15735005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14928 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-04 07:49:45 +00:00
yangguo@chromium.org
7f8a3d803c Make assertion scopes thread safe. 
R=svenpanne@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/15691017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-06-03 15:32:22 +00:00
olivf@chromium.org
88755fb22a Convert ToBooleanStub to a HydrogenStub. Currently just using the existing HBranch instruction, which is still fully implemented in Lithium. Will refactor HBranch in a next CL. 
[
CL breaks mips, since the deoptimizer in Deoptimizer::DoTranslateCommand(...) does not convert smis passed to the stub via a0.
]

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/15302004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-29 14:49:28 +00:00
verwaest@chromium.org
af4516847a Don't use fast literal if the boilerplate map is still deprecated. 
R=mvstanton@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15660005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14774 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-23 11:30:24 +00:00
dslomov@chromium.org
fc73052dc2 Externalization API for ArrayBuffer 
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/15001041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-23 10:01:42 +00:00
verwaest@chromium.org
06b7bf60e1 Always require exact maps. 
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/13923003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14768 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-23 09:19:18 +00:00
verwaest@chromium.org
36e91242fd Make Object.freeze fast 
This patch both speeds up the freeze operation itself, but also
allows properties to remain in fast mode. Objects with non-empty
elements backing stores still end up with slow elements.

Relanding r14758 and r14759 with fix for Test262: only mark properties
and elements READ_ONLY if they are not JS setter/getters. Tightened up
tests to assert frozen-ness, and added targeted tests for the new code
(covering accessors).

BUG=v8:1858, 115960
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15691007

Patch from Adam Klein <adamk@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-23 07:05:58 +00:00
adamk@chromium.org
4d48bb832f Revert "Make Object.freeze fast" 
and "Fix Object.freeze on dictionary-backed arrays to properly freeze elements"

This reverts r14758 and r14759 due to introducing failures in Test262

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/15681004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-22 21:27:00 +00:00
adamk@chromium.org
648e99e308 Make Object.freeze fast 
This patch both speeds up the freeze operation itself, but also
allows properties to remain in fast mode. Objects with non-empty
elements backing stores still end up with slow elements.

BUG=v8:1858, 115960
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/14888005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-22 18:53:58 +00:00
mstarzinger@chromium.org
d259e1cebd Fix corner case in optimized code map zapping. 
R=jkummerow@chromium.org
TEST=mjsunit/math-floor-part2

Review URL: https://codereview.chromium.org/15743005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14752 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-22 15:29:02 +00:00
verwaest@chromium.org
8db3014974 Keep representations while overwriting transitions. 
BUG=chromium:241477
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15718002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14745 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-22 10:46:33 +00:00
verwaest@chromium.org
9f32d94cb3 Don't create new maps in CurrentMapForDeprecated. 
R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/15358005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-21 11:20:24 +00:00
olivf@chromium.org
c3dde4bd9d Encapsulating Type information in the CompareICStub 
Encapsulate type information in a convenient wrapper instead of storing it in a naked bitfield. This especially facilitates transitioning to a new state and converting from/to the extraICState representation. Additionally cleaning up ToBooleanICStub::Types for consistency.

BUG=
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/14862009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-16 10:59:17 +00:00
mstarzinger@chromium.org
365b2eb91e Preserve optimized code map during GCs weakly. 
This change preserves the contents of optimized code maps during GCs but
treats the references in this cache weakly. It uses infrastructure from
code flushing to maintain a list of all caches.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/14794007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14695 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-15 16:09:25 +00:00
svenpanne@chromium.org
483a2958fa Fixed linkage for Is template. 
With static linkage, clang 3.3 is unhappy about unused functions

   template <> inline bool Is<JSFunction>(Object* obj)
   template <> inline bool Is<JSArray>(Object* obj)

in any compilation unit apart from acessors.cc.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/14836014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-14 11:02:20 +00:00
danno@chromium.org
ddd72aa14f Only flush SharedFunctionInfo optimized code cache when necessary 
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/14604007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-13 19:22:18 +00:00
danno@chromium.org
cf1b80703f Improve trace_opt output to help find compilation problems 
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/14978003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14636 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-13 11:10:31 +00:00
mstarzinger@chromium.org
883d9c4b1c Prevent flushing of code that was set with %SetCode. 
This makes sure that shared function infos that break the one-to-one
mapping to code are marked as un-flushable. Otherwise enqueuing through
the GC meta-data field in the code object doesn't work.

R=rossberg@chromium.org
TEST=cctest/test-api/Threading4

Review URL: https://codereview.chromium.org/14710015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-13 10:59:00 +00:00
danno@chromium.org
05e8e0e7b4 Elide hole checks on KeyedLoads of holey double arrays 
Improves NavierStokes by about 5%

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/15014020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14630 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-13 07:35:26 +00:00
verwaest@chromium.org
df57747fc4 Track heap objects. 
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14996004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-10 17:17:50 +00:00
verwaest@chromium.org
52008429b7 Use mutable heapnumbers to store doubles in fields. 
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/14850006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14597 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-08 15:02:08 +00:00
wingo@igalia.com
75d939aceb Generators save and restore stack handlers 
This CL adds machinery to unwind stack handlers from the stack and store
them into a generator's operand array.  It also includes routines to
reinstate them.  Together this allows generators to yield within
try/catch and try/finally blocks.

BUG=v8:2355
R=mstarzinger@chromium.org
TEST=mjsunit/harmony/generators-iteration

Review URL: https://codereview.chromium.org/14031028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-08 08:08:23 +00:00
dslomov@chromium.org
b15bbfbe39 Implement TypedArray.set function. 
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/14581005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-07 14:42:17 +00:00
wingo@igalia.com
3cd73ebc2f Generators return boxed values 
Generators now box their return values in object literals of the form

  { value: VAL, done: DONE }

where DONE is false for yield expressions, and true for return
statements.

BUG=v8:2355
TEST=mjsunit/harmony/generators-iteration
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/13870007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14563 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-07 08:46:42 +00:00
verwaest@chromium.org
84fd96e4d1 Cleanup IC heuristics. 
Review URL: https://chromiumcodereview.appspot.com/14611006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14524 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-02 15:42:22 +00:00
verwaest@chromium.org
063ada2050 Adding fast path for generalizing maps. 
Review URL: https://chromiumcodereview.appspot.com/14629005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14523 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-02 15:41:02 +00:00
verwaest@chromium.org
fd9c82a618 Update deprecated maps before generating optimized code. 
Review URL: https://chromiumcodereview.appspot.com/14847008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14522 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-05-02 15:40:07 +00:00
dslomov@chromium.org
3fd6bb51f0 First cut at API for native Typed Arrays. 
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/14195034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14476 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-29 11:09:03 +00:00
verwaest@chromium.org
99e17bb12a Track storage types of instance variables. 
Review URL: https://chromiumcodereview.appspot.com/14146005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-26 15:30:41 +00:00
dcarney@chromium.org
c50304209a remove IsOneByteConvertible 
R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/14298021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-26 14:08:18 +00:00
dcarney@chromium.org
0a32b57594 HasOnlyAsciiChars can return incorrect results. Fixup usages and rename. 
R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/14509012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14453 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-26 11:34:44 +00:00
mvstanton@chromium.org
c247ac4e51 Bootstrapper code for constructed arrays needs to be handlefied 
BUG=

Review URL: https://codereview.chromium.org/14008004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14451 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-26 10:10:36 +00:00
mstarzinger@chromium.org
bb2d8a51da Implement support for Math.imul in Crankshaft. 
R=jkummerow@chromium.org
TEST=mjsunit/math-imul

Review URL: https://codereview.chromium.org/14471041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14450 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-26 08:52:35 +00:00
mvstanton@chromium.org
e751ad06d9 Constructed arrays can be created with Hydrogen code stubs. The feature is still off by default (--optimize-constructed-arrays). 
BUG=

Review URL: https://codereview.chromium.org/12385014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-25 16:00:32 +00:00
mstarzinger@chromium.org
71dc9e165f Capture receiver in generator object 
Previously there has been no reason to context-allocate the receiver, so
access to the receiver always goes through the stack.  This was failing
with generators, which assumed that forcing context allocation would
relieve the need of storing anything but the context and the function on
the stack.

This CL adds a slot in generator objects to capture the receiver, and
restores it when resuming a generator.

BUG=v8:2355
TEST=mjsunit/harmony/generators-iteration

Review URL: https://codereview.chromium.org/14158006

Patch from Andy Wingo <wingo@igalia.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-25 10:59:09 +00:00
mstarzinger@chromium.org
23f39546b9 Generators can resume 
The generator object methods "next", "send", and "throw" now
include some inline assembly to set up a resumed stack frame.  In some
common cases, we can just jump back into the frame to resume it.
Otherwise the resume code calls out to a runtime to fill in the operand
stack, rewind the handlers, and possibly to throw an exception.

BUG=v8:2355
TESTS=mjsunit/harmony/generators-iteration

Review URL: https://codereview.chromium.org/14066016

Patch from Andy Wingo <wingo@igalia.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14415 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-24 13:00:16 +00:00
danno@chromium.org
f8ddf3a262 Add monomorphic CompareNilICs and Crankshaft support 
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/14367018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-24 11:32:17 +00:00
dslomov@chromium.org
852f90339a Adds EXTERNAL_DOUBLE_ARRAY to a list of instance types 
BUG=v8:2646

Patch by Andrei Kashcha <anvaka@gmail.com>

Review URL: https://codereview.chromium.org/14042008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14398 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-23 17:02:09 +00:00
rossberg@chromium.org
3cd9f6a40e Add d8 functionality for switching between realms (a.k.a. contexts), 2nd try 
The only difference to the previous implementation (https://codereview.chromium.org/14295011/) is in patch set 2.

R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/14404005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14373 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-22 11:29:52 +00:00
mstarzinger@chromium.org
0f348e5592 Generator objects can suspend 
* src/ast.h:
* src/parser.cc: Differentiate between the different kinds of yields, in
  anticipation of boxing return values.  Parse `return' into `yield' in
  a generator.

* src/runtime.h:
* src/runtime.cc (Runtime_SuspendJSGeneratorObject): New horrible
  runtime function: saves continuation, context, and operands into the
  generator object.

* src/arm/full-codegen-arm.cc (VisitYield):
* src/ia32/full-codegen-ia32.cc (VisitYield):
* src/x64/full-codegen-x64.cc (VisitYield): Arrange to call
  SuspendJSGeneratorObject.  If the call returns the hole, we suspend.
  Otherwise we resume.

BUG=v8:2355
TEST=These codepaths are tested when the generator is first invoked, and so
are covered by mjsunit/harmony/generators-objects.js.

Review URL: https://codereview.chromium.org/13704010

Patch from Andy Wingo <wingo@igalia.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-19 14:11:23 +00:00
ulan@chromium.org
1938b1de3b Handle retry-after-gc failures within LoadIC::Load and StoreIC::Store. 
Follow-up for r14321, makes the remaining unsafe calls to runtime functions during ic computation safe.

R=verwaest@chromium.org
BUG=222301

Review URL: https://chromiumcodereview.appspot.com/13976015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-19 08:30:49 +00:00
yangguo@chromium.org
72a05845ec Revert r14310 due to isolate tests failure. 
R=mstarzinger@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/14021004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14334 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-18 14:41:24 +00:00
danno@chromium.org
244fa50a80 Make it possible to Crankshaft all kinds of stubs. 
Review URL: https://codereview.chromium.org/14307006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-18 09:50:46 +00:00
rossberg@chromium.org
2458a801f7 Add d8 functionality for switching between realms (a.k.a. contexts) 
R=mstarzinger@chromium.org,yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/14295011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-17 15:07:31 +00:00
dslomov@chromium.org
c1a19275d3 First cut at impementing ES6 TypedArrays in V8. 
BUG=

Review URL: https://codereview.chromium.org/13975012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-16 14:16:30 +00:00
mstarzinger@chromium.org
591a8ec86c Calling a generator function returns a generator object 
* src/heap.h:
* src/heap.cc:
* src/objects-debug.cc:
* src/objects-inl.h:
* src/objects-printer.cc:
* src/objects-visiting.cc:
* src/objects.cc:
* src/objects.h: Define a new object type, JSGeneratorObject.

* src/factory.h:
* src/factory.cc (NewFunctionFromSharedFunctionInfo): Generator function
  inital maps construct the new JS_GENERATOR_OBJECT_TYPE objects, not
  generic JSObjects.

* src/runtime.h:
* src/runtime.cc (Runtime_CreateJSGeneratorObject):
* src/arm/full-codegen-arm.cc (Generate):
* src/ia32/full-codegen-ia32.cc (Generate):
* src/x64/full-codegen-x64.cc (Generate): Before visiting generator
  bodies, arrange to construct and return a generator object.

* test/mjsunit/harmony/generators-objects.js: Add tests for the
  properties and prototype of generator objects.

BUG=v8:2355
TEST=mjsunit/harmony/generators-objects

Review URL: https://codereview.chromium.org/13542002

Patch from Andy Wingo <wingo@igalia.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-15 12:29:44 +00:00
yangguo@chromium.org
996a80df45 Fix OSR for nested loops. 
R=jkummerow@chromium.org
BUG=v8:2618

Review URL: https://chromiumcodereview.appspot.com/13811014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-10 09:24:31 +00:00
verwaest@chromium.org
64f34cb761 Eagerly parse expected transitions in JSON. 
Review URL: https://chromiumcodereview.appspot.com/13741010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14191 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-09 16:49:28 +00:00
mvstanton@chromium.org
b7022fd2be Improvements for x87 stack handling 
BUG=

Review URL: https://codereview.chromium.org/13426006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-09 08:42:57 +00:00
adamk@chromium.org
759f4b37ce Remove code duplication in JSObject::HasRealElementProperty 
Review URL: https://codereview.chromium.org/13540003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14144 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-04 19:12:59 +00:00
ulan@chromium.org
eee5884f8d Add extra flag for load-ic stubs in code cache. 
This allows to distinguish between stubs compiled for the current object from
stubs compiled for objects that have the current object as a prototype.

BUG=v8:2593
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/13552003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-04 08:29:25 +00:00
hpayer@chromium.org
2545774232 Move DeepCopy of JSObject from runtime to object. 
BUG=

Review URL: https://codereview.chromium.org/13527005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14121 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-03 11:42:03 +00:00
mstarzinger@chromium.org
2816f19680 Add parser support for generators. 
This patchset begins by adding support for "yield", which is unlike other tokens
in JS. In a generator, whether strict or classic, it is a syntactic keyword.
In classic mode it is an identifier. In strict mode it is reserved.

This patch adds YIELD as a token to the scanner, and adapts the preparser and
parser appropriately. It also parses "function*", indicating that a function is
actually a generator, for both eagerly and lazily parsed functions.

Currently "yield" just compiles as "return".

BUG=v8:2355
TEST=mjsunit/harmony/generators-parsing

Review URL: https://codereview.chromium.org/12646003
Patch from Andy Wingo <wingo@igalia.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-04-02 17:34:59 +00:00
dslomov@chromium.org
944c577c7b First steps towards implementing ArrayBuffer &co in V8 
BUG=

Review URL: https://codereview.chromium.org/13064003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-28 12:50:18 +00:00
yangguo@chromium.org
bdc903b086 Improve SeqString::Truncate for latest allocated strings. 
R=hpayer@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/12440061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14088 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-28 11:19:38 +00:00
rossberg@chromium.org
52aec4722d ES6 symbols: prevent reflection, proxy, and observe APIs from leaking symbols 
R=svenpanne@chromium.org
BUG=v8:2158

Review URL: https://codereview.chromium.org/12422019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14056 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-22 17:27:44 +00:00
rossberg@chromium.org
2657e432e4 ES6 symbols: implement name property 
Adds string-valued name property to symbols, and uses it for pretty-printing.

Requires allocating symbols in pointer space, with a custom iterator to skip the unboxed hash.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12459026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14053 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-22 16:51:28 +00:00
rossberg@chromium.org
83d4a41dec ES6 symbols: turn symbols into a proper primitive type 
(qua last week's TC39)

Specifically:
- Install Symbol constructor function on the global object.
- Adjust code generation for typeof.
- Remove IsSymbol built-in, IS_SYMBOL macro now defined using typeof.
- Remove hack that allowed symbols as constructor results, and some other special cases.
- Remove symbol_delegate and GetDelegate function.
- Extend ToBoolean stub to handle symbols.
- Extend ToNumber to return NaN on symbols.
- Poison symbol's toString function, and thereby ToString on symbols.

R=mstarzinger@chromium.org
BUG=v8:2158

Review URL: https://codereview.chromium.org/12957004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-22 16:33:50 +00:00
verwaest@chromium.org
002ba9c76d Turn Flags into a uint32_t typedef. 
We cannot rely on C++ compilers inferring the int-type from the enum
value range. Whereas Linux/OSX find uint32_t as type for [0,MaxUInt32],
Windows insists it's int.

Update the test to execute its original intent on all platforms: 1 value
larger than max arguments, 1 smaller than max arguments (on all
platforms). This makes the test run a lot faster.

BUG=chromium:194749

Review URL: https://chromiumcodereview.appspot.com/12507010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-19 13:11:49 +00:00
svenpanne@chromium.org
e4e4447305 Pass Isolates explicitly in Deoptimizer-related code. 
Removed a few ancient useless ASSERTs on the way. Reduced the number of train wrecks.

BUG=v8:2487

Review URL: https://codereview.chromium.org/12917002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13965 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-18 13:57:49 +00:00
verwaest@chromium.org
37a2e32496 Unify kMaxArguments with number of bits used to encode it. 
Increase the number of bits by 1 by making Flags unsigned.

BUG=chromium:211741

Review URL: https://chromiumcodereview.appspot.com/12886008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-18 13:35:17 +00:00
dcarney@chromium.org
fbe34d4ba5 remove latin-1 flag 
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12700008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13939 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-13 20:04:50 +00:00
yangguo@chromium.org
479e39a058 Parallel recompilation: remove interrupt for code generation. 
R=jkummerow@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/12488006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-12 18:03:18 +00:00
svenpanne@chromium.org
1a2454d752 Consistently pass a Heap* to HashTable-related AsObject methods. 
This is basically a follow-up CL to https://code.google.com/p/v8/source/detail?r=13908.

BUG=v8:2487

Review URL: https://codereview.chromium.org/12546024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13911 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-12 10:05:42 +00:00
svenpanne@chromium.org
e02315ef77 Added an Isolate parameter to some HashTable/Dictionary methods. TypeFeedbackOracle tweaks. 
BUG=v8:2487

Review URL: https://codereview.chromium.org/12764003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13908 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-12 07:06:36 +00:00
yangguo@chromium.org
5afa1a0d3a Avoid bool to Oddball conversions by being lazy. 
R=svenpanne@chromium.org
BUG=v8:2491

Review URL: https://chromiumcodereview.appspot.com/12459011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13869 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-07 16:22:19 +00:00
dcarney@chromium.org
25058ddd85 Runtime version of declarative native accessors. 
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12297012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-07 11:42:58 +00:00
danno@chromium.org
bbc599f334 Unify grow mode and stub kind 
In the process, ensure that transition-causing element stores handle all cases of the transitioned receiver map.

Review URL: https://codereview.chromium.org/12390031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-06 21:51:07 +00:00
dcarney@chromium.org
07e2494735 Added back some utf8 optimizations 
R=yangguo@chromium.org
BUG=https://code.google.com/p/v8/issues/detail?id=2551

Review URL: https://codereview.chromium.org/12390057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-06 15:39:57 +00:00
verwaest@chromium.org
34697f5b12 Make IC patching resilient to flushing of the original target() ic. 
Review URL: https://chromiumcodereview.appspot.com/12451003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-05 17:38:35 +00:00
mstarzinger@chromium.org
0ca02ee48d Make sure builtin functions don't rely on __proto__. 
This makes sure that none of the builtin functions rely on the __proto__
accessor which can now be monkey-patched by applications. Instead use a
separate %SetPrototype() intrinsic or object literals to do the job.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/12385082

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-04 16:05:12 +00:00
rossberg@chromium.org
5c93b18eb2 ES6 symbols: Allow symbols as property names 
Since symbols and strings share a common representation, most of this change is about consistently replacing 'String' with 'Name' in all places where property names are expected. In particular, no new logic at all is necessary for maps, property dictionaries, or transitions. :) The only places where an actual case distinction is needed have to do with generated type checks, and with conversions of names to strings (especially in logger and profiler).

Left in some TODOs wrt to the API: interceptors and native getters don't accept symbols as property names yet, because that would require extending the external v8.h.

(Baseline CL: https://codereview.chromium.org/12296026/)

R=verwaest@chromium.org,mstarzinger@chromium.org
BUG=v8:2158

Review URL: https://codereview.chromium.org/12330012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-04 15:00:57 +00:00
verwaest@chromium.org
590a3f8811 Polymorphism support for load IC. 
Review URL: https://chromiumcodereview.appspot.com/12340112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-04 14:03:27 +00:00
mvstanton@chromium.org
c4caf766bf Allocation Info Tracking, continued. 
Addresses missing cases for array literals.
Adds support for "new Array()" call sites. This isn't complete yet, I have to run with --noinline_new.

BUG=

Review URL: https://codereview.chromium.org/11818021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-01 16:06:34 +00:00
rossberg@chromium.org
090d09d685 ES6 symbols: Implement Symbol intrinsic and basic functionality 
- Add --harmony-symbols flag.
- Add Symbol constructor; allow symbols as (unreplaced) return value from constructors.
- Introduce %CreateSymbol and %_IsSymbol natives and respective instructions.
- Extend 'typeof' code generation to handle symbols.
- Extend CompareIC with a UNIQUE_NAMES state that (uniformly) handles internalized strings and symbols.
- Property lookup delegates to SymbolDelegate object for symbols, which only carries the toString method.
- Extend Object.prototype.toString to recognise symbols.

Per the current draft spec, symbols are actually pseudo objects that are frozen with a null prototype and only one property (toString). For simplicity, we do not treat them as proper objects for now, although typeof will return "object". Only property access works as if they were (frozen) objects (via the internal delegate object).

(Baseline CL: https://codereview.chromium.org/12223071/)

R=mstarzinger@chromium.org
BUG=v8:2158

Review URL: https://codereview.chromium.org/12296026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-01 13:28:55 +00:00
rossberg@chromium.org
764e1a0fcf ES6 symbols: Introduce Symbol class, along with abstract Name class 
The new instance type 'Symbol' represents ES6 symbols (a.k.a. private/unique names). Currently, symbols are simple data objects that only carry a hash code, random-generated upon allocation.

The new type 'Name' now serves as the common super class for strings and symbols, and is supposed to represent property names. We will eventually migrate APIs from String to Name for the standard key type.

Strings and symbols share the same hash field representation, via the Name class. This way, we should be able to use the same code paths for symbols and internalized strings in most cases. Also, Symbol's instance type code is allocated adjacent to internalized string codes in the enum, allowing a simple range check for the common case.

Baseline CL: https://codereview.chromium.org/12210083/

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12223071

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-03-01 10:34:31 +00:00