AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jarin@chromium.org	52fd520c96	Fix materialization of captured objects in adapted arguments. R=mstarzinger@chromium.org BUG=348512 LOG=N Review URL: https://codereview.chromium.org/183063006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 12:57:18 +00:00
jarin@chromium.org	7ac668f753	Deoptimization fix for HPushArgument. HPushArgument should never be used in a simulation environment because the slot addresses for the arguments can be off (e.g., due to on-stack arguments object of an inlined caller). R=mstarzinger@chromium.org BUG=v8:3183 LOG=N Review URL: https://codereview.chromium.org/178193026 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 12:45:46 +00:00
jkummerow@chromium.org	3df5573195	x64: Fix LMathMinMax for constant Smi right-hand operands BUG=chromium:349079 LOG=y R=titzer@chromium.org Review URL: https://codereview.chromium.org/186593003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-05 09:49:07 +00:00
yangguo@chromium.org	b1a271a02c	Fix HCheckValue::Canonicalize wrt uninitialized HConstant unique. R=titzer@chromium.org BUG=348280 LOG=N Review URL: https://codereview.chromium.org/183383006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-04 08:08:08 +00:00
ulan@chromium.org	b9e0b87a5a	Clear optimized code cache in shared function info when code gets deoptimized. This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info. This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js). This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache. BUG=343609 LOG=Y TEST=mjsunit/regress/regress-343609.js R=yangguo@chromium.org Review URL: https://codereview.chromium.org/184923002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-03 11:11:39 +00:00
rossberg@chromium.org	5543263c19	Move all Harmony-only tests to harmony/ R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/178583005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 14:26:32 +00:00
ishell@chromium.org	c2601aea8a	Check elimination did not mark some dead blocks. R=danno@chromium.org Review URL: https://codereview.chromium.org/180483003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 14:16:38 +00:00
svenpanne@chromium.org	e9273332ef	Fixed constant folding for Math.clz32. LOG=y BUG=347906 R=yangguo@chromium.org Review URL: https://codereview.chromium.org/184353002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 13:07:10 +00:00
mvstanton@chromium.org	b1ffc7901f	A JSArray may have a filler map in the elements pointer. We already have code that expects this, but incorrectly asserted that the filler map case would never happen when allocation folding is turned on. However, even folding has it's limits, bailing out of continued folding when the object size grows too large. Therefore, it's a general problem when verifying JSArray objects, that we might encounter a filler map in elements(). Discovered by ClusterFuzz crbug 347903. R=hpayer@chromium.org LOG=N BUG=347903 Review URL: https://codereview.chromium.org/184493002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 12:29:19 +00:00
yangguo@chromium.org	5c186bb197	Evict from optimized code map in sync with removing from optimized functions list. R=ulan@chromium.org Review URL: https://codereview.chromium.org/184443002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 12:27:31 +00:00
bmeurer@chromium.org	70242fe3bb	Fix JSObject::PrintTransitions. BUG=347912 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/183683005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 11:41:07 +00:00
hpayer@chromium.org	38ca2629be	Fix representation generalization for doubles. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/184393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 11:07:10 +00:00
dcarney@chromium.org	98d1cedac4	Get array_function from NativeContext R=mvstanton@chromium.org LOG=N BUG=347528 Review URL: https://codereview.chromium.org/184173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 10:01:27 +00:00
bmeurer@chromium.org	5945f9ebb9	Fix handling of constant global variable assignments. BUG=347904 LOG=y R=hpayer@chromium.org Review URL: https://codereview.chromium.org/184303003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 09:40:12 +00:00
svenpanne@chromium.org	c4e90c15b8	Removed bogus ASSERT. LOG=y BUG=347542 R=yangguo@chromium.org Review URL: https://codereview.chromium.org/183763007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-28 08:45:07 +00:00
ishell@chromium.org	2ab83cf192	HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included. BUG=347543 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/180803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19591 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 17:33:25 +00:00
verwaest@chromium.org	aa14020bc7	Fix putting of prototype transitions. The length is also subject to GC, just like entry. BUG=347536 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/183193003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 16:07:44 +00:00
jarin@chromium.org	05b98492a4	Handle arguments objects in frame when materializing arguments R=mstarzinger@chromium.org BUG=347262 Review URL: https://codereview.chromium.org/177293009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 15:12:12 +00:00
yangguo@chromium.org	6912a248ca	Fix bogus assertion in SetFastDoubleElements. R=danno@chromium.org BUG=347530 LOG=N Review URL: https://codereview.chromium.org/181433016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 14:45:53 +00:00
mvstanton@chromium.org	b8f8cfabca	Fix for Clusterfuzz issue 343928. The problem was that the debugger didn't expect that a JSFunction could have a GlobalContext, which it can with harmony scoping. BUG=343928 R=yangguo@chromium.org LOG=N Review URL: https://codereview.chromium.org/183103003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-27 13:25:05 +00:00
ishell@chromium.org	1ae7e8a1e5	Fix for failing asserts in HBoundsCheck code generation on x64: index register should be zero extended. BUG=345820 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/180013002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 16:33:54 +00:00
verwaest@chromium.org	d5caecccc5	Revert "Use stability to only conditionally flush information from the CheckMaps table." R=ishell@chromium.org Review URL: https://codereview.chromium.org/180023002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 16:11:58 +00:00
jkummerow@chromium.org	e7e93cd433	Mark HCompareMap as having Tagged representation BUG=chromium:346636 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/176923013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 15:09:47 +00:00
rossberg@chromium.org	63f1970c6c	Fix crasher in Object.getOwnPropertySymbols R=arv@chromium.org, mstarzinger@chromium.org BUG=346141 LOG=Y Review URL: https://codereview.chromium.org/177883002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 12:01:34 +00:00
bmeurer@chromium.org	77f597d387	Don't eliminate loads with incompatible types or representations. BUG=346343 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/179553002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19536 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:55:50 +00:00
ishell@chromium.org	6c1659becf	Fix for a smi stores optimization on x64 with a regression test. BUG=345715 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/178833002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:55:02 +00:00
dcarney@chromium.org	cb05cff594	negative bounds checking on realm calls R=rossberg@chromium.org LOG=N BUG=344285 Review URL: https://codereview.chromium.org/169393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-25 09:15:05 +00:00
jkummerow@chromium.org	37b6fd07c1	Fix optimistic BCE to back off after deopt BUG=v8:3176 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/177523002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-24 13:15:31 +00:00
verwaest@chromium.org	84b366516e	Don't turn objects with empty-string properties into fast-mode. R=ishell@chromium.org Review URL: https://codereview.chromium.org/165743003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19511 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-20 16:11:48 +00:00
ishell@chromium.org	1342cb8b00	Bugfix in check elimination with a regression test. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/172173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 12:34:50 +00:00
jkummerow@chromium.org	6e3b81a7b2	Fix Hydrogen bounds check elimination When combining bounds checks, they must all be moved before the first load/store that they are guarding. BUG=chromium:344186 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/172093002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-19 10:30:39 +00:00
verwaest@chromium.org	60c08a8bf2	Directly store the transition target on LookupResult in TransitionResult. BUG=chromium:343964 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/170343003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-18 12:19:32 +00:00
jarin@chromium.org	4c7ed144e1	Comparison in effect context lazy deopt fix. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/163623002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-16 05:51:10 +00:00
ulan@chromium.org	6744ff61ae	Fix dictionary element load to pass correct elements kind. Using FAST_SMI_ELEMENTS triggers optimization on 64-bit architectures that load only the higher 32 bits of the element. If the element is a pointer to undefined that has 0 in the higher half than it is erroneously treated as SMI 0. BUG=v8:3158 LOG=N TEST=mjsunit/sparse-array-reverse,mjsunit/regress/regress-3158.js R=danno@chromium.org, ishell@chromium.org Review URL: https://codereview.chromium.org/166653005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 15:52:24 +00:00
yangguo@chromium.org	68c7523e63	Fix assignment of function name constant. If it's shadowed by a variable of the same name and both are forcibly context-allocated, the function is assigned to the wrong context slot. R=rossberg@chromium.org BUG=v8:3138 LOG=Y Review URL: https://codereview.chromium.org/159903008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 12:40:47 +00:00
jarin@chromium.org	8acefb33fe	Test and fix for polymorphic named call deoptimization. The fix removes wrong simulates from the number branch of polymorphic call/field access handling. The change also fixes the same thing for polymorphic named field access even thourgh the field access is probably safe in practice (because it cannot deoptimize). It is better to keep all our simulates in sync with full codegen. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/166503002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19375 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 12:02:39 +00:00
yangguo@chromium.org	a676bc1bbf	Fix typed array error message. R=dslomov@chromium.org BUG=v8:3159 LOG=N Review URL: https://codereview.chromium.org/163293002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-14 09:33:03 +00:00
verwaest@chromium.org	e0960e19aa	Fix polymorphic inlining of accessors in a test-context. R=ishell@chromium.org Review URL: https://codereview.chromium.org/164003002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-13 16:55:38 +00:00
verwaest@chromium.org	161b2f689a	Reland: "Use stability to only conditionally flush information from the CheckMaps table." BUG= R=ishell@chromium.org Original CL: https://codereview.chromium.org/153823003 Review URL: https://codereview.chromium.org/153653007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 18:48:12 +00:00
verwaest@chromium.org	7b7e3658f7	Don't propagate information through phis in loop headers. To properly do this, we'd have to iterate over CompareMaps (and their bodies) handling phis, until we have learned enough to decide which paths can be taken. For now, just disable learning from phis in loop headers. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/147023005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19341 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 18:30:41 +00:00
verwaest@chromium.org	75432b7696	Revert "Use stability to only conditionally flush information from the CheckMaps table." R=ishell@chromium.org BUG= Review URL: https://codereview.chromium.org/137863005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 15:38:42 +00:00
verwaest@chromium.org	2b7d33572a	Use stability to only conditionally flush information from the CheckMaps table. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/153823003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 15:07:41 +00:00
jarin@chromium.org	af29e31a11	Fix for (One\|Two)ByteSeqStringSetChar evaluation order/deopt. This makes the evaluation order consistent between full codegen and Hydrogen (so that deopt does not screw up stack). R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/159983008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 13:31:24 +00:00
ulan@chromium.org	e95bc7eec8	Merge experimental/a64 to bleeding_edge. BUG=v8:3113 LOG=Y R=jochen@chromium.org, rmcilroy@chromium.org, rodolph.perfetta@arm.com Review URL: https://codereview.chromium.org/148293020 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19311 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-12 09:19:30 +00:00
jarin@chromium.org	21bf99e53e	Fix environment of the optimized version of the _SetValueOf intrinsic. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/158723006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-11 16:11:53 +00:00
rossberg@chromium.org	e8175a3e9f	Revert "Make Function.length and Function.name configurable properties." Plenty of test failures on test262, Mozilla, Webkit. Will have to investigate. TBR=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/139983003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-07 15:29:18 +00:00
rossberg@chromium.org	7317b71f02	Make Function.length and Function.name configurable properties. ES6 makes the Function object properties "length" and "name" configurable; switch the implementation over to follow that. Doing so exposed a problem in the handling of non-writable, but configurable properties backed by foreign callback accessors internally. As an optimization, if such an accessor property is re-defined with a new value, its setter was passed the new value directly, keeping the property as an accessor property. However, this is not correct should the property be non-writable, as its setter will then simply ignore the updated value. Adjust the enabling logic for this optimization accordingly, along with adding a test. LOG=N R=rossberg@chromium.org, rossberg BUG=v8:3045 Review URL: https://codereview.chromium.org/116083006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-07 14:55:30 +00:00
jarin@chromium.org	476881ce5b	Test and fix for _CallFunction intrinsic deoptimization. I have also cleaned up HOptimizedGraphBuilder::GenerateCallFunction to use IfBuilder. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/131343013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-06 12:42:26 +00:00
jarin@chromium.org	eb502fe599	Binary operation deoptimization fix. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/132453009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19132 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-06 09:36:55 +00:00
dslomov@chromium.org	a03d31394c	Check the offset argument of TypedArray.set for fitting into Smi. R=jkummerow@chromium.org BUG=340125 LOG=Y Review URL: https://codereview.chromium.org/145623009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-04 09:53:05 +00:00
yangguo@chromium.org	9e70f6a4e7	Fix short-circuiting logical and/or in HOptimizedGraphBuilder. R=jkummerow@chromium.org BUG=336148 LOG=Y Review URL: https://codereview.chromium.org/143263022 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-03 14:29:34 +00:00
verwaest@chromium.org	db7124dc28	Return a valid map for PropertyAccessInfos with Boolean type. BUG=340064 LOG=N R=dcarney@chromium.org Review URL: https://codereview.chromium.org/152603002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-02-03 10:20:32 +00:00
jarin@chromium.org	3c2363f4b4	Simpler repro for bug 2989. We do not correctly handle accesses to f.arguments after one of the argument has changed (where f is crankshafted). R=machenbach@chromium.org BUG=v8:2989 LOG=n Review URL: https://codereview.chromium.org/151403003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18999 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 16:12:58 +00:00
bmeurer@chromium.org	3214cf11ff	Don't crash in Array.join() if the resulting string exceeds the max string length. LOG=y BUG=336820 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/144533003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18986 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 12:21:17 +00:00
verwaest@chromium.org	bef13f739c	Fix regression caused by supporting inlining accesses to non-JSObjects TBR=dcarney@chromium.org BUG= Review URL: https://codereview.chromium.org/150983002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-31 00:29:04 +00:00
mvstanton@chromium.org	371d6f6a98	We shouldn't throw under FLAG_debug_code, rather abort. Throwing under FLAG_debug_code confuses the rest of our infrastructure which expects a safe point at the site of call into the runtime for throw. We were doing that to make a clusterfuzz test happy, but the better solution is to assert/abort under debug_code, and prevent clusterfuzz from fuzzing on internal APIs that crash on incorrect values. We'll need to alter the fuzzer to turn off fuzzing for: string-natives.js lithium/SeqStringSetChar.js regress/regress-seqstrsetchar-ex3.js regress/regress-seqstrsetchar-ex1.js regress/regress-crbug-320922.js So as to prevent the fuzzer from running %_OneByteSeqStringSetChar() and %_TwoByteSeqStringSetChar(). BUG= R=hpayer@chromium.org, machenbach@chromium.org Review URL: https://codereview.chromium.org/139903005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18878 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-28 11:53:11 +00:00
verwaest@chromium.org	21532ddfdc	Reland ArrayPop / ArrayPush. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/138443012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-24 11:47:53 +00:00
machenbach@chromium.org	cde3ed1fe3	Speed up some mjsunit test cases and clean up test expectations for arm and mips. Many skipped test cases already run very fast. Removing the corresponding expectations. BUG= R=jkummerow@chromium.org, mvstanton@chromium.org Review URL: https://codereview.chromium.org/138503008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-24 11:36:45 +00:00
jkummerow@chromium.org	ee4e034d70	Revert broken ArrayPop changes This reverts: r18749 "Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."", r18790 "Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft.", and r18798 "MIPS: Remove ArrayPush from the custom call generators, and instead call directly to the handler in crankshaft." For causing crashes on Canary. BUG=chromium:337686 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/146003006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-24 08:32:50 +00:00
hpayer@chromium.org	83a1df2354	Remove Heap::MaxRegularSpaceAllocationSize and use Page::MaxRegularHeapObjectSize instead. BUG= R=mstarzinger@chromium.org, mvstanton@chromium.org Review URL: https://codereview.chromium.org/141653016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-23 13:02:27 +00:00
verwaest@chromium.org	f30330325e	Reland (and fix) "Add hydrogen support for ArrayPop, and remove the handwritten call stubs." BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/144913003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-22 13:22:58 +00:00
svenpanne@chromium.org	b4949cfd62	Fixed floor-of-div optimization. We removed an HDiv by hand which was still used by an HChange. The solution is letting dead code removal do the cleanup. Removed a fragile "optimization" (looking through an HChange), too, this obviously never triggered and is hard to get right given all our global invariants and state/type/... changes. The repro is a bit tricky, because you need inlining to make our representations and types disagree in this case. LOG=y BUG=334708 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/143903016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-22 11:54:51 +00:00
machenbach@chromium.org	1864f7388e	Add infrastructure for skipping tests in GC stress mode. Also move the GC stress configuration from the buildbot to the test runner. BUG= R=jkummerow@chromium.org, mvstanton@chromium.org Review URL: https://codereview.chromium.org/141653008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-21 12:41:25 +00:00
mvstanton@chromium.org	155ef100e9	Fix logic error in assert in IsUndeclaredGlobal() Recent changes in IC logic meant that CallStubs no longer use the Contextual bit. IsUndeclaredGlobal() needed to adjust for that. In fact, now the CL has morphed to remove the notion of storing contextual state in the IC at all, it just becomes some extra ic state of the load ic. This took some adjustment in harmony code to use the global receiver for certain stores. Now it's clearer that only LoadICs actually record any information about contextual or not. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/140943002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-17 11:08:24 +00:00
verwaest@chromium.org	53f46c5214	Get rid of ContextualMode for call ICs. BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/137083002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 16:15:05 +00:00
jkummerow@chromium.org	be4c1bdac2	Fix test after r18586 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/138063003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 14:00:10 +00:00
jkummerow@chromium.org	1ed94acf0c	Turn Runtime_MigrateInstance into Runtime_TryMigrateInstance because it must not cause lazy deopts because it is called from deferred code that cannot handle lazy deopts. Hat tip to Ben for doing most of the debugging work, and to Toon for writing the regression test. BUG=chromium:315252 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/131243003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18586 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 13:41:09 +00:00
verwaest@chromium.org	f2245a9cf9	Make the strict-mode calling convention for contextual calls the default one. BUG= R=dcarney@chromium.org Review URL: https://codereview.chromium.org/131663003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-14 12:04:10 +00:00
ulan@chromium.org	8db7aaa03d	Correctly handle instances without elements in polymorphic keyed load/store. BUG=331416 TEST=mjsunit/regress/regress-331416.js LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/121893003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-08 09:57:28 +00:00
ulan@chromium.org	43d1c23e2a	Fix selection of popular pages in store buffer. BUG=331444 TEST=mjsunit/regress/regress-331444.js LOG=Y R=hpayer@chromium.org Review URL: https://codereview.chromium.org/125983002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-08 09:49:37 +00:00
jkummerow@chromium.org	7761059a98	Fix d8's Shell::ReadBuffer after r18227 BUG=v8:3085 LOG=N R=jochen@chromium.org Review URL: https://codereview.chromium.org/127853003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-08 09:48:38 +00:00
mvstanton@chromium.org	fc5834343f	Remove flag track-allocation-sites. The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag. R=verwaest@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=18385 Review URL: https://codereview.chromium.org/104923010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-01-07 15:58:25 +00:00
ulan@chromium.org	711bcbb0e3	ARM: fix loading of global object in LWrapReceiver. Since r16993 the cp register is handled by registers allocator, and we cannot assume that the cp always contains the context. BUG=318420 LOG=Y TEST=test/mjsunit/regress/regress-318420.js R=verwaest@chromium.org Review URL: https://codereview.chromium.org/121703002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18421 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-27 14:38:00 +00:00
yangguo@chromium.org	2a4be7067c	Refactor the compiling pipeline. Goals: - easier to read, more suitable identifiers. - better distinction between compiling optimized/unoptimized code - compiler does not install code on the function. - easier to add features (e.g. caching optimized code for osr). - remove unnecessary code. R=titzer@chromium.org Review URL: https://codereview.chromium.org/110203002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 14:30:35 +00:00
yangguo@chromium.org	cd7d61cfc2	Fix small spec violation in String.prototype.split. Also slightly extended the test coverage. R=rossberg@chromium.org BUG=v8:3026 LOG=Y Review URL: https://codereview.chromium.org/119093002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18405 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 10:01:22 +00:00
yangguo@chromium.org	c61d07e03f	Correctly resolve forcibly context allocated parameters in debug-evaluate. R=ulan@chromium.org BUG=325676 LOG=Y Review URL: https://codereview.chromium.org/107243006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-23 08:37:03 +00:00
rossberg@chromium.org	b882bddcfd	Make a strict function's "name" property non-writable. Set [[Writable]] to false for the "name" property of strict functions as well, mirroring what non-strict functions have it as. LOG=N R=rossberg@chromium.org TEST=mjsunit/regress/regress-270142 BUG=270142 Review URL: https://codereview.chromium.org/99203006 Patch from Sigbjorn Finne <sigbjornf@opera.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-20 12:06:11 +00:00
hpayer@chromium.org	f583b73b70	Revert "Remove flag track-allocation-sites." This reverts commit 6c430da40efe388035504d3603756aa8c46ed1dc. BUG= Review URL: https://codereview.chromium.org/109303006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-20 12:04:34 +00:00
mvstanton@chromium.org	e654c88fab	Remove flag track-allocation-sites. The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/104923010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-20 11:46:31 +00:00
jkummerow@chromium.org	3c76ecd732	Fix switch statements with non-Smi integer labels and no type feedback BUG=chromium:329709 LOG=Y R=hpayer@chromium.org Review URL: https://codereview.chromium.org/98643010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-19 14:25:58 +00:00
yangguo@chromium.org	213b05b5b9	Fix off-by-one error in AstTyper, part 2. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/112933002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-12 15:19:57 +00:00
jkummerow@chromium.org	48ff79a300	Fix polymorphic inlined calls with migrating prototypes LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/104793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-12 14:57:00 +00:00
ulan@chromium.org	cc401095fb	Initialize Date parse cache with SMI instead of double to workaround sharing mutable heap numbers in snapshot. This is the only field in the snapshot that was tracked as double. R=verwaest@chromium.org TEST=mjsunit/regress/regress-280531.js BUG=280531 LOG=Y Review URL: https://chromiumcodereview.appspot.com/112003005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-11 13:11:44 +00:00
yangguo@chromium.org	5bc64b9fa5	Fix off-by-one error in AstTyper. This causes the first parameter to be confused with the first stack local when we collect type information. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/105943007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18296 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-11 11:34:09 +00:00
hpayer@chromium.org	75a84eca0b	Added regression test for escape analysis. BUG= R=jarin@chromium.org Review URL: https://codereview.chromium.org/99133011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18290 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-10 15:54:20 +00:00
svenpanne@chromium.org	e1db6d86a9	Avoid FP exceptions when doing integer division. BUG=v8:3039 R=titzer@chromium.org Review URL: https://codereview.chromium.org/104003004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-09 10:15:19 +00:00
mvstanton@chromium.org	b807f4f82f	Bugfix: HCheckInstanceType::GetCheckMaskAndTag used an incorrect mask. The mask to check for an internalized string was incorrectly formed. Hat tip to Weiliang Lin for discovering the bug. BUG=v8:3038 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/108033002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18265 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-06 09:43:07 +00:00
verwaest@chromium.org	8a4df124a4	Fix loop side-effects of deoptimizing loops with a nested live OSR loop. R=titzer@chromium.org Review URL: https://chromiumcodereview.appspot.com/106723002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18263 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-05 18:31:06 +00:00
verwaest@chromium.org	d4eaae37d1	Check whether the receiver to a keyed-call is actually a heapobject. BUG=325225 LOG=n R=dslomov@chromium.org Review URL: https://chromiumcodereview.appspot.com/101863004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-03 17:59:31 +00:00
bmeurer@chromium.org	aa83f2900a	Fix invalid assertion with OSR in BuildBinaryOperation. BUG=v8:3032 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/98623004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-02 13:12:07 +00:00
mstarzinger@chromium.org	db915fe97e	Handle captured objects in OptimizedFrame::Summarize. R=yangguo@chromium.org BUG=v8:3029 TEST=mjsunit/regress/regress-3029 LOG=N Review URL: https://codereview.chromium.org/96773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-12-02 12:11:02 +00:00
mvstanton@chromium.org	5ba1304d60	Array builtins need to be prevented from changing frozen objects, and changing structure on sealed objects. BUG=299979 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/80623002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-29 15:22:16 +00:00
yangguo@chromium.org	f235194518	Fix bug in inlining Function.apply. R=jkummerow@chromium.org BUG=323942 LOG=Y Review URL: https://codereview.chromium.org/95123003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18135 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-28 15:30:17 +00:00
dslomov@chromium.org	7372596615	Ensure that length is Smi in TypedArrayFromArrayLike constructor. R=jkummerow@chromium.org BUG=324028 LOG=Y Review URL: https://codereview.chromium.org/94473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-28 15:22:36 +00:00
mstarzinger@chromium.org	d53e38777f	Fix missing bounds check in n-arguments Array constructor. LOG=N R=mvstanton@chromium.org BUG=v8:3027 TEST=mjsunit/regress/regress-3027 Review URL: https://codereview.chromium.org/92103003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18116 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-28 09:29:57 +00:00
yangguo@chromium.org	ab96631177	Increase precision for base conversion for large integers. R=jkummerow@chromium.org BUG=v8:3025 LOG=Y Review URL: https://codereview.chromium.org/88583002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-26 15:48:13 +00:00
yangguo@chromium.org	afd8e5a305	Speed up long-running test cases. R=ishell@chromium.org Review URL: https://codereview.chromium.org/85163003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18070 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-26 11:32:39 +00:00
yangguo@chromium.org	4716b292db	Make some ARM test cases faster. R=ishell@chromium.org Review URL: https://codereview.chromium.org/85473004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18069 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-26 10:43:44 +00:00
yangguo@chromium.org	aa3518a0f3	Make sure files end with exactly one new line and police this in presubmit. The changes are (excluding presubmit.py) mechanical. I added the following lines after the check and iterated the presubmit script until all errors went away: f = open(name, "w"); if contents.endswith('\n\n'): f.write(contents[0:-1]) else: f.write(contents + '\n') R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/82803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-22 13:50:39 +00:00
ulan@chromium.org	21fb1401bd	Restore saved caller FP registers on stub failure and preserve FP registers on NotifyStubFailure. In debug mode, clobber FP registers on each runtime call to increase chances of catching such bugs. R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/78283002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-22 10:21:47 +00:00
danno@chromium.org	06c7620302	Fixed crashes exposed though fuzzing. The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set. R=yangguo@chromium.org TEST=test/mjsunit/regress/regress-320948.js BUG=chromium:320948 LOG=Y Review URL: https://codereview.chromium.org/72813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-19 16:41:07 +00:00
jkummerow@chromium.org	37443768bf	Fix register trashing in Emit*ByteSeqStringSetChar This is currently not observable without --allow-natives-syntax because all internal usages are safe, but it deserves to be fixed nonetheless. BUG=chromium:320922 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/67103003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-19 12:59:09 +00:00
mvstanton@chromium.org	bff41483dc	Bugfix: dependent code field in AllocationSite was keeping code objects alive even after context death. BUG=320532 LOG=Y R=ulan@chromium.org Review URL: https://codereview.chromium.org/62803008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-19 10:17:33 +00:00
dslomov@chromium.org	4228132e74	Use mock ArrayBuffer allocator to avoid really allocating 1Gb. R=jkummerow@chromium.org BUG=v8:3014 LOG=N Review URL: https://codereview.chromium.org/61623009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-18 14:50:45 +00:00
danno@chromium.org	f27f2fa420	Match max property descriptor length to corresponding bit fields BUG=v8:3010 R=verwaest@chromium.org LOG=N Review URL: https://codereview.chromium.org/72333004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-18 11:44:06 +00:00
jkummerow@chromium.org	c9b41c6995	Limit size of dehoistable array indices LOG=Y BUG=chromium:319835,chromium:319860 R=dslomov@chromium.org Review URL: https://codereview.chromium.org/74113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17801 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 17:24:10 +00:00
dslomov@chromium.org	7936ca39be	Limit the size for typed arrays to MaxSmi. R=jkummerow@chromium.org LOG=Y BUG=319722 Review URL: https://codereview.chromium.org/73943004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 16:37:15 +00:00
dslomov@chromium.org	c01aa1fc1f	Revert "Limit the size for typed arrays to MaxSmi." This reverts commit r17798 for allocating too much memroy in tests. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/74093002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 16:25:51 +00:00
dslomov@chromium.org	09ca1318ab	Limit the size for typed arrays to MaxSmi. R=jkummerow@chromium.org LOG=Y BUG=319722 Review URL: https://codereview.chromium.org/73943004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 16:09:56 +00:00
verwaest@chromium.org	341d405301	Reland and fix "Add support for keyed-call on arrays of fast elements" BUG= R=danno@chromium.org Review URL: https://chromiumcodereview.appspot.com/71783003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 10:52:05 +00:00
bmeurer@chromium.org	2ee5aa951c	Fix missing type feedback check for Generic*String addition. TEST=mjsunit/regress/regress-crbug-318671 BUG=318671 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/67473007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-15 09:13:36 +00:00
danno@chromium.org	28ed69b8fb	Fix overflow in TypedArray initialization function BUG=chromium:319120 TEST=test/mjsunit/regress/regress-319120.js R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/61753013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17711 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-14 06:20:48 +00:00
mstarzinger@chromium.org	d5cb83f4aa	Fix invalid reuse of weak global handle in GetScriptWrapper. This fixes a direct usage of a weak global handle in GetScriptWrapper that just casted it to a strong local handle, while a subsequent GC might clear it. Handlepocalypse anyone? R=machenbach@chromium.org BUG=v8:2988 TEST=mjsunit/regress/regress-2988 Review URL: https://codereview.chromium.org/67273004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-11 16:27:36 +00:00
ulan@chromium.org	bc4ad49b25	Do not add values to HGraph in Lithium. Lithium uses indexes after the maximium value ID in the HGraph as indexes of virtual registers and assumes that the maximum value ID does not change. The IsStandardConstant and GetConstantXX functions could add constants to HGraph, which aliased virtual registers with real values. This could confuse the register allocator to think that a value in a virtual register is tagged and to incorrectly set it in the pointer map. BUG=298269 TEST=mjsunit/regress/regress-298269.js R=verwaest@chromium.org Review URL: https://chromiumcodereview.appspot.com/66693002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-08 14:16:34 +00:00
mstarzinger@chromium.org	59536de77d	Make HCapturedObjects non-deletable for DCE. R=jkummerow@chromium.org BUG=v8:2987 TEST=mjsunit/regress/regress-2987 Review URL: https://codereview.chromium.org/64433002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-07 16:07:19 +00:00
yangguo@chromium.org	eb550c6da4	Fix y-umlaut to uppercase. R=dcarney@chromium.org BUG=v8:2984 Review URL: https://codereview.chromium.org/59853006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-07 09:08:34 +00:00
yangguo@chromium.org	a5ed9a71c8	Correctly load message from an Error object. R=mstarzinger@chromium.org BUG=306220 Review URL: https://codereview.chromium.org/46593010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-05 13:04:51 +00:00
jkummerow@chromium.org	2ebfd6e90e	Add missing negative dictionary lookup to NonexistentHandlerFrontend BUG=v8:2980 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/57433003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-11-04 14:14:09 +00:00
jkummerow@chromium.org	316271fc35	Fix uint32-to-smi conversion in Lithium BUG=chromium:309623 R=vegorov@google.com, yangguo@chromium.org Review URL: https://codereview.chromium.org/54393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-31 10:18:51 +00:00
yangguo@chromium.org	3f1a833524	Do not remove HAdd with zero if the other operand is a double. The other operand might be minus zero, and -0 + 0 = +0 R=svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/52173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17432 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-30 10:22:52 +00:00
jkummerow@chromium.org	9e88c23cbf	ia32: Fix comparisons of two constant double operands when exactly one of them is in new space. R=titzer@chromium.org Review URL: https://codereview.chromium.org/46883008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-29 14:34:07 +00:00
yangguo@chromium.org	7dd2d6c590	Reland "Make Array.prototype.pop throw if the last element is not configurable." This relands r17346. R=machenbach@chromium.org BUG=311164 Review URL: https://codereview.chromium.org/43923002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-25 11:55:56 +00:00
svenpanne@chromium.org	7fb61a78d4	Tune mjsunit/regress/regress-2612. Lower the bounds to something bearable which would still timeout if we used a quadratic algorithm. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/39863003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-24 13:07:16 +00:00
svenpanne@chromium.org	f2122438e0	Removed long-running obselete test case. The test was the 2nd longest-running test case in debug mode, and the stuff it tests has already been moved long ago to some other place, which is in turn heavily tested by far simpler and faster things (%TruncateString etc.). R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/39233003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-24 08:09:32 +00:00
yangguo@chromium.org	0f564cb1b0	Revert "Make Array.prototype.pop throw if the last element is not configurable." This reverts commit r17346. R=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/39593002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-24 07:48:23 +00:00
yangguo@chromium.org	e25920da19	Make Array.prototype.pop throw if the last element is not configurable. Popping an element from an array should call [[Delete]] internal method and pass true as the second argument (ECMA-262/5.1/#sec-15.4.4.6). When the last element can't be deleted, throw a Type Error. Not throwing the error would result in endless loop in the following test. TEST=var a=[];Object.defineProperty(a,0,{});while(a.length)a.pop(); By the way fix another bug, or else i can't post any issues. "presubmit.py" throw a "missing a correct copyright header" on windows. Both the slash and the backslash are valid path separator on windows. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/29513004 Patch from Yanagi <admin@web-tinker.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-23 16:19:24 +00:00
jkummerow@chromium.org	8259439ae8	Fix HObjectAccess for loads from migrating prototypes BUG=chromium:305309 R=danno@chromium.org Review URL: https://codereview.chromium.org/35173005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17345 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-23 15:15:15 +00:00
svenpanne@chromium.org	dd74f5aa08	Removed obsolete unit tests. As discussed offline, these tests don't test what they were supposed to test anymore and were the longest running ones. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/32433009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17317 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-22 11:26:07 +00:00
mstarzinger@chromium.org	0a2b4ecdcc	Add regression test for optimized count operation. This is a regression test for a bug with handling of count operations that target a JavaScript accessor on the prototype chain in Crankshaft. R=jkummerow@chromium.org BUG=chromium:306851 TEST=mjsunit/regress/regress-crbug-306851 Review URL: https://codereview.chromium.org/27702002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-17 12:48:28 +00:00
dslomov@chromium.org	5ccd697875	Do not look up ArrayBuffer on global object in typed array constructor. BUG=v8:2931 R=rossberg@chromium.org Review URL: https://codereview.chromium.org/27238009 Patch from Ben Noordhuis <info@bnoordhuis.nl>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-15 11:27:12 +00:00
yangguo@chromium.org	71ba8c5fb4	Retire concurrent recompilation delay for non-stress testing. Instead, we block concurrent recompilation until unblocked. This makes affected tests more predictable and run shorter. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/26758003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-14 14:15:22 +00:00
mstarzinger@chromium.org	f878c1c359	Fix pre-parsing of 'use strict' directive after string literals. R=ulan@chromium.org TEST=mjsunit/regress/regress-parse-use-strict Review URL: https://codereview.chromium.org/27025002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-11 14:03:54 +00:00
olivf@chromium.org	4b6d0e33f2	Only set binary operation side effects flags, when observable. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/26712002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-10 16:49:25 +00:00
mstarzinger@chromium.org	63d8abb6c6	Unify and fix checkers for duplicate object literal properties. R=ulan@chromium.org TEST=preparser/duplicate-property,mjsunit/regress/regress-parse-object-literal Review URL: https://codereview.chromium.org/26375004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-10 11:58:16 +00:00
verwaest@chromium.org	7e0ea6ab46	Only fold polymorphic into monomorphic load if all load from either receiver or same prototype. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/25718002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-10-02 13:24:08 +00:00
olivf@chromium.org	d268078ce0	Fix flaky parallel recompilation test. On very rare circumstances parallel recompilation would install the optimized method earlier than expected and the test would fail. BUG= R=yangguo@chromium.org Review URL: https://codereview.chromium.org/24495005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-25 08:23:14 +00:00
olivf@chromium.org	6fc2875d51	Fix Environment size mismatch in r6849. TBR=svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/23983043 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16851 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-20 08:34:23 +00:00
yangguo@chromium.org	cb10ceb19d	Reland "Clean up after r16292 (disable optimization for StringWrappers)." BUG= R=ulan@chromium.org Review URL: https://codereview.chromium.org/23619036 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-12 16:17:58 +00:00
yangguo@chromium.org	ad25a2969d	Revert "Clean up after r16292 (disable optimization for StringWrappers)." R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/23600040 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-12 11:15:12 +00:00
yangguo@chromium.org	996813cca2	Clean up after r16292 (disable optimization for StringWrappers). R=jochen@chromium.org BUG=v8:2855 Review URL: https://codereview.chromium.org/22891028 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-12 10:55:57 +00:00
titzer@chromium.org	49d9555a97	Generate a custom OSR entrypoint for OSR compiles on all platforms, and transition to optimized code using the special entrypoint, instead of through the deoptimizer. Do not install the OSR compiled code as _the_ optimized code for a function. Remove OSR-related stuff from deoptimizer. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/21340002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-09 16:34:40 +00:00
jkummerow@chromium.org	daee0d83db	Fix bitwise negation on x64 BUG=chromium:285355 R=verwaest@chromium.org Review URL: https://codereview.chromium.org/24037003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-06 15:21:38 +00:00
yangguo@chromium.org	d9659da6f4	Fix bug in regexp result object construction. R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/23548018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-05 14:32:49 +00:00
verwaest@chromium.org	b41a7b9cea	Properly close the CountOperation value/effect context after leaving the store effect context. R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/23897003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-05 12:33:14 +00:00
yangguo@chromium.org	070e3b0af4	Introduce concurrent on-stack replacement. Currently disabled behind --concurrent-osr. R=titzer@chromium.org BUG= Review URL: https://codereview.chromium.org/23710014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-04 12:55:59 +00:00
verwaest@chromium.org	3f70c3b07b	Allow uncacheable identifiers to go generic. BUG=v8:2867 R=jkummerow@chromium.org Review URL: https://chromiumcodereview.appspot.com/23453019 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-09-02 16:32:11 +00:00
jkummerow@chromium.org	2c9ac9c7e1	Always visit branches during HGraph building even if constant values indicate that they are unreachable. BUG=chromium:280333 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/23623009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-08-29 14:55:45 +00:00
jkummerow@chromium.org	3747b5bc6d	Delete HAbnormalExit. It does more harm than good. BUG=v8:2843 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/23462007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-08-28 15:00:30 +00:00
verwaest@chromium.org	652b174cfc	Merge verbatim descriptors from other (the descriptor of the map being updated) rather than this (descriptors of the most updated map found in the transition tree). BUG=v8:2863 R=svenpanne@chromium.org Review URL: https://chromiumcodereview.appspot.com/23676003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-08-28 12:37:14 +00:00
jkummerow@chromium.org	11fd577261	Lower kInitialMaxFastElementArray constant to 95K to work around erroneous "illegal access" error on x64. BUG=v8:2790 R=hpayer@chromium.org Review URL: https://codereview.chromium.org/22877039 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16324 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-08-26 13:04:05 +00:00

1 2 3 4 5 ...

988 Commits