verwaest@chromium.org
f08d2690c6
Fix Object.freeze with field type tracking.
...
Keep the descriptor properly intact while update the field type.
BUG=v8:3458
LOG=y
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/424093002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-29 13:30:29 +00:00
mvstanton@chromium.org
6980c4277c
CallIC customization stubs must accept that a vector slot is cleared.
...
The CallIC Array custom IC stub read from the type vector, expecting
to get an AllocationSite. But there are paths in the system where a
type vector can be re-created with default values, even though we
currently grant an exception to clearing of vector slots with
AllocationSites in them at gc time.
BUG=392114
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/418023002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-29 11:53:30 +00:00
danno@chromium.org
afcfa7d2b7
Keep new arrays allocated with 'new Array(N)' in fast mode (revisited)
...
Also explicit length setting with a.length = N should remain in fast mode.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/416403002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-28 13:12:26 +00:00
verwaest@chromium.org
60df9dabad
In GrowMode, force the value to the right representation to avoid deopts between storing the length and storing the value.
...
BUG=16459193
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/419683004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-25 11:48:25 +00:00
verwaest@chromium.org
77a37e44f6
Fix issue with setters and their holders in accessors.cc
...
BUG=3462
LOG=Y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/417793002
Patch from Erik Arvidsson <arv@chromium.org>.
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-24 16:42:54 +00:00
danno@chromium.org
b5a5148260
Revert 22595: "Keep new arrays allocated with 'new Array(N)' in fast mode"
...
Due to failures in mjsunit/array-functions-prototype-misc
TBR=verwaest@chromium.org
Review URL: https://codereview.chromium.org/417953004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-24 13:38:05 +00:00
danno@chromium.org
ac89b17813
Keep new arrays allocated with 'new Array(N)' in fast mode
...
Also explicit length setting with a.length = N should remain in fast mode.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/397593008
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-24 12:08:23 +00:00
verwaest@chromium.org
6798779031
Fix ArrayLengthSetter to not throw on non-extensible receivers.
...
BUG=v8:3460
LOG=n
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/411983003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-23 20:27:32 +00:00
danno@chromium.org
1d2a4b8333
Remove experimental flags that are now required
...
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/397253002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-18 07:17:21 +00:00
rodolph.perfetta@arm.com
56ec59bd26
ARM64: always restore regexp register cache after a C function call.
...
BUG=v8:3444
TEST=mjsunit/regress/regress-regexp-nocase.js
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/392403002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22443 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-17 09:55:48 +00:00
yangguo@chromium.org
49ae3081d2
Error.captureStackTrace should define "stack" property as configurable.
...
R=verwaest@chromium.org
BUG=393988
LOG=N
Review URL: https://codereview.chromium.org/396063008
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22420 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-16 07:55:05 +00:00
verwaest@chromium.org
1d55a634a9
Replace AddProperty by AddNamedProperty to speed up the common case
...
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/384003003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-14 14:05:30 +00:00
verwaest@chromium.org
aa7198dfdd
This CL simplifies var / const by ensuring the behavior is consistent in itself, and with regular JS semantics; between regular var/const and eval-ed var/const.
...
Legacy const is changed so that a declaration declares a configurable, but non-writable, slot, and the initializer reconfigures it (when possible) to non-configurable non-writable. This avoids the need for "the hole" as marker value in JSContextExtensionObjects and GlobalObjects. Undefined is used instead.
BUG=
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/379893002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-14 14:01:04 +00:00
jarin@chromium.org
457de26330
Fix arm64 deoptimization from double registers (reverts r20613).
...
This reverts "ARM64: Use pair memory access in deoptimizer entry", r20613. It does not really make sense to micro-optimize the deoptimizer as it is the ultra-slow path. Moreover, the original code was easier to read (in addition to being correct).
BUG=391313
LOG=N
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/389583003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-11 19:30:09 +00:00
mstarzinger@chromium.org
50beec9738
Follow-up to a pre-existing regression test.
...
R=yangguo@chromium.org
BUG=v8:1530,v8:1872
TEST=mjsunit/regress/regress-1530
LOG=N
Review URL: https://codereview.chromium.org/378233006
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-09 10:23:58 +00:00
verwaest@chromium.org
ad6202d989
Fix computed properties on object literals with a double as propertyname.
...
BUG=390732
LOG=y
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/371973002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-07 17:08:54 +00:00
yangguo@chromium.org
a0c10d119a
Revert "Turn old space cons strings into regular external strings (not short)."
...
This reverts commits r22192 and r22194.
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/367113003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-03 12:24:41 +00:00
yangguo@chromium.org
6574f33d2a
Turn old space cons strings into regular external strings (not short).
...
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/368223002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22192 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-03 11:46:31 +00:00
ishell@chromium.org
2fba190240
One of the fast cases in JSObject::MigrateFastToFast() should not be taken if the number of fields did not change.
...
BUG=chromium:390918
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/363073002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 19:10:19 +00:00
yangguo@chromium.org
f353ff668a
Harden Runtime_LiveEditCheckAndDropActivations against unsafe args.
...
R=jarin@chromium.org
BUG=390925
LOG=N
Review URL: https://codereview.chromium.org/362983004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 15:09:44 +00:00
yangguo@chromium.org
44d6ef37ab
Reland "Fix stack trace accessor behavior."
...
BUG=v8:3404
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/349033007
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22166 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-02 14:18:10 +00:00
yangguo@chromium.org
5d408ee73d
Revert "Fix stack trace accessor behavior."
...
This reverts r22089.
TBR=verwaest@chromium.org
Review URL: https://codereview.chromium.org/360033002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 13:16:42 +00:00
yangguo@chromium.org
e1d80e2858
Fix stack trace accessor behavior.
...
R=verwaest@chromium.org
BUG=v8:3404
LOG=N
Review URL: https://codereview.chromium.org/343563009
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-30 11:48:20 +00:00
verwaest@chromium.org
8945c69855
Don't leak the global object in the Function constructor.
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/359713005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22065 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-27 13:50:37 +00:00
verwaest@chromium.org
63431b23d1
Split SetProperty(...attributes, strictmode) into DefineProperty(...attributes) and SetProperty(...strictmode)
...
BUG=
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/351853005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-27 13:48:37 +00:00
yangguo@chromium.org
0133d96be3
Remove script collected debug event.
...
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/358873005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22063 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-27 12:10:43 +00:00
yangguo@chromium.org
58bf19e9d5
Remove bogus assertions in HCompareObjectEqAndBranch.
...
R=jkummerow@chromium.org , danno@chromium.org
BUG=387636
LOG=Y
Review URL: https://codereview.chromium.org/331863015
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21959 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-24 09:33:05 +00:00
yangguo@chromium.org
438f49a322
Do not eagerly update allow_osr_at_loop_nesting_level.
...
Having debug break points prevents OSR. That causes
allow_osr_at_loop_nesting_level and the actually patched state
to go out of sync.
R=jkummerow@chromium.org
BUG=387599
LOG=Y
Review URL: https://codereview.chromium.org/346223007
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-24 09:31:30 +00:00
yangguo@chromium.org
2411bc9447
Harden %FunctionBindArguments wrt optimized code cache.
...
R=jkummerow@chromium.org
BUG=387627
LOG=N
Review URL: https://codereview.chromium.org/345463005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 13:17:42 +00:00
mvstanton@chromium.org
c0179a50da
Re-land "Clusterfuzz identified overflow check needed in dehoisting."
...
BUG=380092
LOG=N
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/335063005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 09:09:05 +00:00
jarin@chromium.org
e56faa9909
Add missing map check to optimized f.apply(...)
...
This is a cutdown version of https://codereview.chromium.org/346473002/ , which aimed to fix f.call and f.apply. Optimized f.call was removed by r21887, this is what was left.
BUG=386034
LOG=N
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/348623002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21907 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-23 05:50:06 +00:00
jkummerow@chromium.org
1d35d6d871
Array.concat: properly go to dictionary mode when required
...
BUG=chromium:387031
LOG=y
R=danno@chromium.org
Review URL: https://codereview.chromium.org/342333002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-20 15:40:21 +00:00
yangguo@chromium.org
11368af66d
Interrupts must not mask stack overflow.
...
R=jarin@chromium.org
BUG=385002
LOG=N
Review URL: https://codereview.chromium.org/339883002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-17 13:54:49 +00:00
jarin@chromium.org
f69bb7fcc3
Do not eliminate bounds checks for "<const> - x".
...
Before this change, bounds check elimination treated "<const> - x" as
"x - <const>".
R=yangguo@chromium.org
BUG=385054
TEST=test/mjsunit/regress/regress-385054.js
LOG=N
Review URL: https://codereview.chromium.org/339583003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21859 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-16 13:43:50 +00:00
bmeurer@chromium.org
2591003da5
Add unit test for regression in GVN caused by field type tracking.
...
BUG=v8:3347
LOG=n
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/333273004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-16 13:21:42 +00:00
bmeurer@chromium.org
4642c2e18c
Revert "GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same."
...
This reverts commit r21830 for tanking performance on Deltablue.
TBR=ishell@chromium.org
Review URL: https://codereview.chromium.org/336223002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-16 13:03:59 +00:00
jkummerow@chromium.org
aae24ae40b
Fix representation of Phis for mutable-heapnumber-in-object-literal properties
...
BUG=v8:3392
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/328343004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21850 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-16 08:41:29 +00:00
ishell@chromium.org
41e9d916c4
GVN fix, preventing loads hoisting above stores to the same field when HObjectAccess's representation is not the same.
...
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/331493006
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-13 07:51:45 +00:00
svenpanne@chromium.org
2931f09144
Fix unsigned comparisons.
...
Instead of marking the comparison instruction itself as Uint32, we
look at its arguments. This is more consistent what HChange does.
BUG=v8:3380
TEST=mjsunit/regress/regress-3380
LOG=y
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/325133004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-11 09:09:15 +00:00
bmeurer@chromium.org
0fcd89161b
Fix invalid attributes when generalizing because of incompatible map change.
...
BUG=382143
LOG=y
TEST=mjsunit/regress/regress-382143
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/324933003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 12:24:54 +00:00
ishell@chromium.org
6dc967e2e0
Bugfix in inlined versions of Array.indexOf() and Array.lastIndexOf() with a regression test.
...
BUG=chromium:381534
LOG=N
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/319343002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 09:01:45 +00:00
bmeurer@chromium.org
7eea77bc5c
Fix missing smi check in inlined indexOf/lastIndexOf.
...
BUG=382513
LOG=y
R=danno@chromium.org
Review URL: https://codereview.chromium.org/313233005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-10 04:26:15 +00:00
mvstanton@chromium.org
2714fd2399
Revert "Re-land Clusterfuzz identified overflow check needed in dehoisting."
...
This reverts commit r21712
TBR=danno@chromium.org
Review URL: https://codereview.chromium.org/315843005
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-06 13:16:24 +00:00
mvstanton@chromium.org
c0cb82274c
Re-land Clusterfuzz identified overflow check needed in dehoisting.
...
Overflow check needs to be smarter.
BUG=380092
R=danno@google.com , danno@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/317963004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-06 13:00:07 +00:00
mvstanton@chromium.org
35933119fe
Revert "Clusterfuzz identified overflow check needed in dehoisting."
...
This reverts commit r21708, due to ASAN-reported issue.
TBR=danno@chromium.org
Review URL: https://codereview.chromium.org/318073002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-06 09:47:14 +00:00
mvstanton@chromium.org
7d2d0839ad
Clusterfuzz identified overflow check needed in dehoisting.
...
BUG=380092
R=danno@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/315593002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-06 09:12:16 +00:00
bmeurer@chromium.org
9244429707
Fix invalid loop condition for Array.lastIndexOf().
...
BUG=380512
LOG=y
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/313073003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-04 08:21:39 +00:00
mvstanton@chromium.org
d19aaa2b1c
Revert "Reland "Make 'name' property on functions configurable.""
...
This reverts commit r21609 due to browser test failures.
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/313583002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-03 11:52:07 +00:00
mvstanton@chromium.org
848a9af6b4
%ObjectFreeze needs to exclude non-fast-path objects.
...
ClusterFuzz will call it with sloppy arguments and similar cases.
BUG=380049
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/315533002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-03 07:59:36 +00:00
mvstanton@chromium.org
adeaedf547
When flag --nouse-osr is set, don't allow osr from hidden runtime calls.
...
BUG=379770
R=yangguo@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/310773003
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-06-03 07:45:40 +00:00