review.tizen.org Git - platform/upstream/v8.git/log

Reapply code.google.com/p/v8/source/detail?r=6555

Compare JSObjects by identity immediately.

When invoking EQUALS JS builtin, 1st argument is passed as a receiver and
if it's a global object, it gets overwritten with global proxy object and
thus one gets incorrect results.

BUG=v8:1082

TBR=ricow@chromium.org

Review URL: http://codereview.chromium.org/6461028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Make optimized Function.prototype.apply safe for non-JSObject first arguments.

If we have a property access of the form this.x, where the access site sees
the global object, we can specialize the IC stub so that it performs a map
check without first performing a heap object check.

Ensure that we do not get in JS code with a non-JSObject this value by
deoptimizing at Function.prototype.apply if the first argument is not a
JSObject.

BUG=v8:1128

Review URL: http://codereview.chromium.org/6463025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Make VS2005 project files compile without errors: changelist codereview.chromium.org/6286135/.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6706 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Add a regression test for issue 1106, optimized access to the prototype chain of the global object.
Review URL: http://codereview.chromium.org/6459023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

ARM: Add type-feedback recording for compare

Change the comparison in the full code generator to use CompareIC instead of the CompareStub to record the types. This also implements the patching in the full code generator where the inlined smi code is de-activated by default to call the CompareIC once and then activating the inlined smi code by patching the code.

Fixed the smi comparison in the ICCompareStub.

Fixed ToBooleanStub to ensure that the scratch register used is not the input. Use r9 as default as that will never be input with Crankshaft.

Implemented lithium instruction CmpTAndBranch.

Make sure that the lithium instruction CmpID have operands in registrers as the current optimized code expects that.
Review URL: http://codereview.chromium.org/6461017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

x64: Enable inline smi code patching to reenable the inlined code in
the code generated by the full code generator after my previous
change.

The generated code is the same as on ia32 and so is the patching.

Review URL: http://codereview.chromium.org/6456023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Prepare push to trunk. Now working on version 3.1.4.
Review URL: http://codereview.chromium.org/6458026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6702 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix incorrect asserts in scanner.

BUG=v8::1126
TEST=test/mjsunit/regress/regress-1126.js

Review URL: http://codereview.chromium.org/6459021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Add two tests to strtod.

Review URL: http://codereview.chromium.org/6461018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6700 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix assert error on ARM triggered by large numbers of function parameters.
Review URL: http://codereview.chromium.org/6458027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix typo in r6697: Use assertThrows correctly in the added test regress-1122.js.
Review URL: http://codereview.chromium.org/6460030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix a bug that occurs when functions are defined with more than 16,382 parameters.
Review URL: http://codereview.chromium.org/6447007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Change the code for materializing double constants on ia32.

Instead of using the stack, use a temporary integer register
and avoid memory access.

Review URL: http://codereview.chromium.org/6452002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Change our zap values from hex numbers tagged as a heap object to hex numbers tagged as a failure.

Since our zap values are valid heap object addreses we might hit asserts if a heap object gets the value of a zap constant as its address.

Review URL: http://codereview.chromium.org/6456022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6695 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix an assertion failure in stack trace construction.

When constructing stack traces we interpret the deoptimization data for
optimized frames to find the receiver value. This value could sometimes be
eliminated from the deoptimization data if we though it was unused.

BUG=v8:1118

Review URL: http://codereview.chromium.org/6465023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Use GC-safe version when setting elements.

BUG=1125
TEST=test/mjsunit/regress/regress-1125.js

Review URL: http://codereview.chromium.org/6463001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Do sanity check of exception state when returning from native to JS.

If --debug-code is on, check that returned value and Top::has_pending_exception
agree on exception state.

Review URL: http://codereview.chromium.org/6450004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Check if Array.prototype.__proto__ has been reset to null.

BUG=v8:1121
TEST=test/mjsunit/regress/regress-1121.js

Review URL: http://codereview.chromium.org/6454004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Port fix for duplicate AST ID for deoptimization to ARM and x64.

Review URL: http://codereview.chromium.org/6458001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6690 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Propagate exceptions thrown when setting elements.

Plus use more robust path when formatting messages---work
directly with fixed arrays.

BUG=v8:1107
TEST=test/mjsunit/getter-in-prototype.js,test/mjsunit/regress/regress-1107.js

Review URL: http://codereview.chromium.org/6451004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

We cannot assert that v8 is running in fatal error callback.

BUG=v8:1111

Review URL: http://codereview.chromium.org/6450005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

1) Return failure if any of property sets failed;
2) We cannot assert the declared property will go to the extension in the presence of callbacks and interceptors.

BUG=1119
TEST=test/mjsunit/regress/regress-1119.js

Review URL: http://codereview.chromium.org/6454011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix wrong assumption in parser that parsing a function literal cannot throw an exception.

Review URL: http://codereview.chromium.org/6453009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6686 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

ARM: Fix condition usage in DeoptimizeIf().

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6447003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Check for overflow when bumping new space's top in inlined allocation.

BUG=v8:1109
TEST=test/mjsunit/regress/regress-1109.js

Review URL: http://codereview.chromium.org/6453005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix issues with using defineProperty on the global proxy object.

Review URL: http://codereview.chromium.org/6452004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6683 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Prepare for bailout with the proper state at labeled block entries.

The state here should be NO_REGISTERS. It was spuriously changed to from
NO_REGISTERS to TOS_REG when TOS_EAX was renamed to TOS_REG.

BUG=v8:1113

Review URL: http://codereview.chromium.org/6452007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6682 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

x64: Add MulI and DivI to lithium instructions.

Review URL: http://codereview.chromium.org/6448001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Correct propagation of exceptions from setters.

BUG=v8:1105
TEST=test/mjsunit/regress/regress-1105.js

Review URL: http://codereview.chromium.org/6451003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix a possible duplicate AST ID for deoptimization.

For redeclarations of variables that alias the parameters in functions
using arguments, we need to avoid re-visiting the shared variable
rewrite.

BUG=v8:1104

Review URL: http://codereview.chromium.org/6453004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Bailout from crankshaft if a global property is found in the prototype chain of the global object, not on the global object itself.
Review URL: http://codereview.chromium.org/6449002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6678 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Make sure that we do not call is_extensible on the global proxy.

When calling Object.isExtensible we did not do a check for the global
js proxy. This caused the check on the extensible bit on the map to
return true, even when the bit was set to false on the global js
object.

Review URL: http://codereview.chromium.org/6450003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Speedup decodeURI/decodeURIComponent by switching from charAt(i) to charCodeAt(i) in Decode.

Original patch by Alexander Karpinsky.

Review URL: http://codereview.chromium.org/6440001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Make sure that we never call prevent extension on the global proxy,
but instead call this on the global object.

BUG: 1103

Review URL: http://codereview.chromium.org/6454001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix bug in JSON.parse for objects containing "__proto__" as key.

It added the __proto__ key as a normal key, which made it visible
in enumeration, while reading still hit the hard-coded accessor.

Review URL: http://codereview.chromium.org/6451002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6674 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64 Crankshaft: Implement DoCodeStub on X64 platform.
Review URL: http://codereview.chromium.org/6451001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Refactor lithium instructions for constants.

1. Remove unnecessary superlcass LConstant.
2. Use hydrogen accessor instead of duplicating the value.

Review URL: http://codereview.chromium.org/6410120

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6672 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Support %_IsConstructCall in the Crankshaft pipeline.

Provide special case for f.bind(obj).

Review URL: http://codereview.chromium.org/6368138

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64 Crankshaft: Use TypeRecordingBinaryStub in crankshaft.
Review URL: http://codereview.chromium.org/6449001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6670 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fixed a number of issues on x64 crankshaft port:

- Don't use SmiSub when overflow can occur. It asserts that overflow
  does not happen.

- Actually use CompareICs and signal to crankshaft whether or not smi
  code was inlined.

- Fix bug in CmpI where 64 bits were compared instead of 32 bits.

- Implement Throw, DeferredStackCheck, StoreKeyedFastElement in
  lithium backend.

BUG=
TEST=

Review URL: http://codereview.chromium.org/6312193

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6669 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Clean up es5conform.status per feedback.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64: Add Crankshaft operation LoadGlobal.

Copied some serializer-related checks and counters from ia32.

Review URL: http://codereview.chromium.org/6312186

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6667 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

x64: Implement SmiUntag, SmiTag, LoadHeapObject and LoadNamedGeneric
in the lithium backend.

Review URL: http://codereview.chromium.org/6312185

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64: Disable crankshaft if serializerion is enabled.

Review URL: http://codereview.chromium.org/6413017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6665 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Prepare push to trunk. Now working on version 3.1.3.

Review URL: http://codereview.chromium.org/6286145

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Re-insert exception for mozilla/ecma/Date/15.9.5.10-2 in release mode on arm

The last change to mozilla.status made the assumption that this test always finish on time when in release mode, but that is not the case on arm. This change just skips the test completely on arm.

Review URL: http://codereview.chromium.org/6250193

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Do not compile the unreachable body of functions with illegal redeclarations.

Revision 6635 added an assert on IA32 that there were no 'const' parameters.
This assert could be hit at compile time because we compiled the unreachable
body of functions with illegal redeclarations, which are thrown at runtime.

Review URL: http://codereview.chromium.org/6286144

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Improve ScanJsonNumber.
Review URL: http://codereview.chromium.org/6334106

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Remove exceptions for Function.prototype.bind from es5conform.status.

These exceptions are no longer valid since we do implement bind.

Review URL: http://codereview.chromium.org/6410116

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Simplify exceptions for ecma/Date/15.9.5.10-2 in mozilla.status

We had a large number of different exceptions for this test in the
mozilla.status file - changing this to only one exception where we
allow fail and timeout in debug mode.

Review URL: http://codereview.chromium.org/6286143

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6656 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix an issue in DoMulI and address mjsunit test failure.

BUG=v8:1098
TEST=mjsunit/compiler/regress-intoverflow.js

Patch by Rodolph Perfetta from ARM Ltd.

Review URL: http://codereview.chromium.org/6312151

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix es5conform.status expectation file.
The strict mode tests were disabled until now.
The propagation of strict mode flag into eval enabled them but there are
failures due to unimplemented features of strict mode, as well as some
incorrect tests in the suite.

TBR=ager@chromium.org, lrn@chromium.org

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Issue 117 - strict mode and future reserved words

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6653 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Pass strict mode to eval.
Code review feedback.

Code Review URL: http://codereview.chromium.org/6286043/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Restore context after LApplyArguments.

BUG=v8:1099
TEST=test/mjsunit/regress/regress-1099.js

Review URL: http://codereview.chromium.org/6246106

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Disable Mozilla date test that times out on X64 crankshaft.
BUG=1100
TEST=ecma/Date/15.9.5.10-2.js
Review URL: http://codereview.chromium.org/6246104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix potential overwriting of debug jumps of following code.

Add JSArrayLength, CallKnownFunction, and InstanceType operations.
Remove LadGlobal and StoreGlobal again (they fail).

Review URL: http://codereview.chromium.org/6347067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix ARM debug build. Insert missing declaration.

Review URL: http://codereview.chromium.org/6250160

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6640 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Landing for Zaheer Ahmad.

Direct call api functions (arm implementation)

See: http://codereview.chromium.org/6170001/

Review URL: http://codereview.chromium.org/6286078

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Remove instruction summaries.

Instead of constructing a temporary container for all LOperands of each
instruction, the register works directly on the LIR instructions that
provide an abstract interface for input/output/temp operands.

This saves allocation of zone memory and speeds up LIR construction,
but makes iterating over all uses in the register allocator slightly
more expensive because environment uses are stored in a linked list of
environments. We can fix this by using a flat representation of LOperands.

Review URL: http://codereview.chromium.org/6352006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6638 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64 Crankshaft: Port TaggedToI to X64.
Review URL: http://codereview.chromium.org/6368097

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Make sure that we don't actually overwrite a property that has failed access checsk with Object.defineProperty.

Review URL: http://codereview.chromium.org/6246103

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6636 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Remove the redundant load on every context lookup.

There was an unnecessary load on every statically-resolved context lookup.
Remove it.

This revealed a hidden bug in const initializers inside 'with'. They claim
to be statically resolved (having slot type CONTEXT) but they occur in a
spot where the runtime context chain and the static scope chain do not
agree. This is fixed by special casing const initializers in the backend.

Review URL: http://codereview.chromium.org/6384020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

ARM: Implement DoCmpID and DoCmpIDAndBranch in the lithium code generator.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6379007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64 Crankshaft: Add bit operations and shifts to x64 crankshaft.
Review URL: http://codereview.chromium.org/6246099

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

ARM: Add support for and, or and xor to the type recording binary op stub.
Review URL: http://codereview.chromium.org/6250126

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix compliance bug in decodeURI/decodeURIComponent.

Review URL: http://codereview.chromium.org/6349105

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6630 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Implements DoubleToI on ARM. Refactor some VFP code at the same time and
fix the simulator behaviour.

BUG=none
TEST=added to cctest/test-assembler-arm.cc

Patch by Rodolph Perfetta from ARM Ltd.

Review URL: http://codereview.chromium.org/6368053

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

x64: Implemented object, array and function literals in lithium codegen.

Review URL: http://codereview.chromium.org/6371019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix bugs 992, 1083 and 1092

My previous patch added an assert which uncovered 1092 in the sputnik tests.
This patch adds the fix for 1092, which is to ensure that NormalizeProperties
does not get called for a JSGlobalProxy along all code paths.

Add sputnik tests to .gitignore.

BUG=
TEST=

Review URL: http://codereview.chromium.org/6286060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Do proper security checks when accessing elements with getOwnPropertyDescriptor.

This extends logic applied to regular properties to elements.

Review URL: http://codereview.chromium.org/6246055

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64: Implement FixedArrayLength, BoundsCheck, LoadElements,
LoadKeyedFastElement in lithium codegen.

Tested locally by hardcoding DoTaggedToI to convert smis to untagged.

Review URL: http://codereview.chromium.org/6312124

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Don't use eax on x64. :)

TBR=ricow

Review URL: http://codereview.chromium.org/6312122

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64: Implement DoCallConstantFunction, DoLeaveInlined and DoCompareMap
in lithium-x64.

Review URL: http://codereview.chromium.org/6410060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6623 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X64 Crankshaft: Add TypeRecordingBinaryStub to X64
Review URL: http://codereview.chromium.org/6366028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix X64 Windows compilation.
Review URL: http://codereview.chromium.org/6312120

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6621 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Minor cleanup in messages.js. Remove unused variables and fix formatting.

Review URL: http://codereview.chromium.org/6410058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Add regression test for the deoptimizer immediately followed by gc bug.

In addition to the regression test I changed the gc-extension to take
a boolean flag specifying if compaction should be used (default is
false, existing tests will not change behaviour)

The regression test is disabled on arm and x64 with crankshaft
enabled. I made a bug to track this:
http://code.google.com/p/v8/issues/detail?id=1094

Review URL: http://codereview.chromium.org/6312118

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix array boundary error.

It made value of allowed_access_type[v8::ACCESS_KEYS] be a wild value. On most of
platforms it was 0 and tests passed. But on ARM (and on ia32 if you alter test a bit)
it could become true and hence allow enumeration of properties.

Review URL: http://codereview.chromium.org/6334089

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix compilation on 64-bit Windows, update Visual Studio projects.
Review URL: http://codereview.chromium.org/6312119

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Introduce a hydrogen value for contexts, support context slot assignment.

Each context in the context chain has a corresponding hydrogen value.
The context values are used for global object lookup and context slot
lookup. Add simple (non-compound) assignment to context slots.

Review URL: http://codereview.chromium.org/6390003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Create specialized code stubs for PixelArray loads.

Review URL: http://codereview.chromium.org/6287030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix X64 compilation on Windows.
Review URL: http://codereview.chromium.org/6334086

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Properly process getOwnPropertyDescriptor for elements on global proxy object.

We need to go down to actual global object to perform those operations.

Review URL: http://codereview.chromium.org/6246054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Streamline the code for patching optimized code for lazy deopt.

Rewrite the lazy deopt patching code on IA32 to use addresses throughout,
rather than offsets and a base address.

Also, rename a couple of ambiguous Code fields from _start to _offset.

Review URL: http://codereview.chromium.org/6334083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix bug in pretenuring function literals from optimized code.

Review URL: http://codereview.chromium.org/6368074

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6610 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Implements Modulo operation on ARM for DoArithmeticD.

BUG=none
TEST=none

Patch by Rodolph Perfetta from ARM Ltd.

Review URL: http://codereview.chromium.org/6248004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Heap profiler: fix removed DOM wrappers reporting.

Aggregated snapshots: don't report unreachable objects.
Full snapshots: restore forcing GC prior to taking a snapshot.

I played with the repro page provided for the bug and found that GC
must be performed prior to taking a snapshot even if we only report
reachable objects. GC allows weak handles to finalize. Now heap
profiler produces aligned results for the repro page in both modes.

BUG=crbug/70434
TEST=none

Review URL: http://codereview.chromium.org/6410030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6598 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8
directory to make it easy for embedders to reproduce the copyright
notice for binary redistribution.

Removed now obsolete strongtalk directory.

Review URL: http://codereview.chromium.org/6349067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6593 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Better security checks when accessing named properties via Object.getOwnPropertyDescriptor.

Current approach returns undefined descriptor if caller is not granted v8::HAS_ACCESS.
If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS check is
performed and value property of the descriptor is set to undefined if caller doesn't
have proper access. For JS accessors both v8::GET_ACCESS and v8::SET_ACCESS are checked
and affect if getter and setter would be stored in the descriptor.

Review URL: http://codereview.chromium.org/6286020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Prepare push to trunk. Now working on version 3.1.2.

Review URL: http://codereview.chromium.org/6312090

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

More of the fix for V8 issue 1079.

The arguments property of functions, if we find an optimized frame for
the function, is always a freshly allocated object. We never try to
find an existing arguments object.

Review URL: http://codereview.chromium.org/6349050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Follow up to r6540: remove early return from C++ builtin as well.

Review URL: http://codereview.chromium.org/6347037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix code generation bug on ARM in classic codegen.
Review URL: http://codereview.chromium.org/6246045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix x64 DEBUG build.

TBR=whesse@chromium

Review URL: http://codereview.chromium.org/6349049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix bug in object literals with large array indexes as strings.

Review URL: http://codereview.chromium.org/6410028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Partial fix for V8 issue 1079.

Record a safepoint with a deoptimization id for throw in optimized code.  We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw).  For
hygiene we use the actual ID of the throw expression.  Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit.  This is required to insert a simulate between the throw and the exit.

Make our optimized treatment of Function.prototype.apply act like a call and
have side effects.  This ensures that it will get a lazy deoptimization
environment.  Use that deoptimization ID in the safepoint for the call.

Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction.  Record the
environment and use the deoptimization ID at the safepoint.

Review URL: http://codereview.chromium.org/6250105

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

GDBJIT: emit .eh_frame section on x64.

This enables proper stack unwinding on x64.

Currently this requires V8 to be compiled without snapshot and --gdbjit-full to be enabled.

Original patch by Sanjoy Das (http://codereview.chromium.org/6371011/)

Review URL: http://codereview.chromium.org/6250104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

A MessageObject is a purely internal object to hold information about
an error message that needs to be generated and reported. This change
hides all of the error information from JavaScript code so user
callbacks cannot get hold of it.

Review URL: http://codereview.chromium.org/6368051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5). These are not equal to sqrt(-0) and 1/sqrt(-0). Add tests for these cases. Fixes V8 issue 1088.
BUG=1088
TEST=test/mjsunit/math-pow.js

Review URL: http://codereview.chromium.org/6368050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00