mstarzinger@chromium.org [Thu, 4 Apr 2013 10:52:53 +0000 (10:52 +0000)]
Switch transition zapping to slower version.
This is just an experiment to track down high crash rates on some
systems where third-party software corrupts memory regions.
R=danno@chromium.org
Review URL: https://codereview.chromium.org/
13630002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14134
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Thu, 4 Apr 2013 09:31:24 +0000 (09:31 +0000)]
Test behavior of qNaN and sNaN
BUG=v8:2607
Review URL: https://codereview.chromium.org/
13470002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14133
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ulan@chromium.org [Thu, 4 Apr 2013 08:29:25 +0000 (08:29 +0000)]
Add extra flag for load-ic stubs in code cache.
This allows to distinguish between stubs compiled for the current object from
stubs compiled for objects that have the current object as a prototype.
BUG=v8:2593
R=verwaest@chromium.org
Review URL: https://chromiumcodereview.appspot.com/
13552003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14132
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Wed, 3 Apr 2013 17:26:59 +0000 (17:26 +0000)]
MIPS: Ensure UseRegisterAtStart not used with fixed temp/return register
Port r14124 (
f116e8b9)
BUG=
Review URL: https://codereview.chromium.org/
13557002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14131
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Wed, 3 Apr 2013 17:25:24 +0000 (17:25 +0000)]
MIPS: Fix ARM build
Port r14123 (
ded70e2a)
BUG=
Review URL: https://codereview.chromium.org/
13551004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14130
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Wed, 3 Apr 2013 17:23:52 +0000 (17:23 +0000)]
MIPS: Fix hydrogen tracing on x64 and ARM
Port r14122 (
43525afd)
BUG=
Review URL: https://codereview.chromium.org/
13556003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14129
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
rossberg@chromium.org [Wed, 3 Apr 2013 17:06:22 +0000 (17:06 +0000)]
ES6 symbols: fix corner cases of equality operators
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
13552002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14128
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Wed, 3 Apr 2013 16:25:24 +0000 (16:25 +0000)]
Remove (H|L)JSArrayLength instructions
BUG=
Review URL: https://codereview.chromium.org/
12491023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14127
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Wed, 3 Apr 2013 16:14:56 +0000 (16:14 +0000)]
Fix error message when reporting unexpected yield.
R=rossberg@chromium.org
BUG=v8:2355
TEST=webkit:fast/js/reserved-words-as-property.html
Review URL: https://codereview.chromium.org/
13546004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14126
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
adamk@chromium.org [Wed, 3 Apr 2013 15:52:42 +0000 (15:52 +0000)]
Codify the assumption that %GetArrayKeys can return only a single interval starting at zero
This patch adds comments explaining the interface in runtime.cc and simplifies
all callers given these assumptions (e.g., no need to loop over intervals, or
calculate where the interval starts).
Took care of some unrelated issues in the edited code:
- Fixes one use of [] to InternalArray
- Removed a bunch of comments referring to ES3 which no longer hold in ES5
Review URL: https://codereview.chromium.org/
13071006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14125
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Wed, 3 Apr 2013 14:45:39 +0000 (14:45 +0000)]
Ensure UseRegisterAtStart not used with fixed temp/return register
R=vegorov@chromium.org
BUG=chromium:201590
Review URL: https://codereview.chromium.org/
13527007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14124
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Wed, 3 Apr 2013 12:00:23 +0000 (12:00 +0000)]
Fix ARM build
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
13529003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14123
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Wed, 3 Apr 2013 11:44:03 +0000 (11:44 +0000)]
Fix hydrogen tracing on x64 and ARM
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
13461020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14122
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
hpayer@chromium.org [Wed, 3 Apr 2013 11:42:03 +0000 (11:42 +0000)]
Move DeepCopy of JSObject from runtime to object.
BUG=
Review URL: https://codereview.chromium.org/
13527005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14121
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Tue, 2 Apr 2013 20:30:23 +0000 (20:30 +0000)]
MIPS: Deoptimizer support for hydrogen stubs that accept a variable number of arguments.
Port r14111 (
29157ad7)
BUG=
Review URL: https://codereview.chromium.org/
13461013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14120
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
rodolph.perfetta@gmail.com [Tue, 2 Apr 2013 18:25:09 +0000 (18:25 +0000)]
Fix bugs in softfloat code path.
BUG=none
TEST=none
Review URL: https://chromiumcodereview.appspot.com/
13008018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14119
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Tue, 2 Apr 2013 18:09:40 +0000 (18:09 +0000)]
Fix another set of build failures on Windows since r14116.
TBR=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
13465010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14118
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Tue, 2 Apr 2013 18:00:50 +0000 (18:00 +0000)]
Fix build failure on Windows since r14116.
TBR=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
13464010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14117
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Tue, 2 Apr 2013 17:34:59 +0000 (17:34 +0000)]
Add parser support for generators.
This patchset begins by adding support for "yield", which is unlike other tokens
in JS. In a generator, whether strict or classic, it is a syntactic keyword.
In classic mode it is an identifier. In strict mode it is reserved.
This patch adds YIELD as a token to the scanner, and adapts the preparser and
parser appropriately. It also parses "function*", indicating that a function is
actually a generator, for both eagerly and lazily parsed functions.
Currently "yield" just compiles as "return".
BUG=v8:2355
TEST=mjsunit/harmony/generators-parsing
Review URL: https://codereview.chromium.org/
12646003
Patch from Andy Wingo <wingo@igalia.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14116
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Tue, 2 Apr 2013 15:03:04 +0000 (15:03 +0000)]
Fix Win64 build
BUG=
Review URL: https://codereview.chromium.org/
13463004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14115
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Tue, 2 Apr 2013 13:29:26 +0000 (13:29 +0000)]
Fix CopyBytes to accept size_t for num_bytes
BUG=
Review URL: https://codereview.chromium.org/
13470008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14114
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ulan@chromium.org [Tue, 2 Apr 2013 12:36:16 +0000 (12:36 +0000)]
Cleanup: Rename Simulator::watched_stops to match style guide.
BUG=none
Review URL: https://chromiumcodereview.appspot.com/
13469002
Patch from Hans Wennborg <hans@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14113
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ulan@chromium.org [Tue, 2 Apr 2013 12:20:50 +0000 (12:20 +0000)]
ARM: Log an error if /proc/cpuinfo cannot be opened
This will make it easier to see if the current CPU feature detection
starts breaking because of process sandboxing.
BUG=v8:2597
Review URL: https://chromiumcodereview.appspot.com/
13465003
Patch from Hans Wennborg <hans@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14112
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mvstanton@chromium.org [Tue, 2 Apr 2013 11:28:01 +0000 (11:28 +0000)]
Deoptimizer support for hydrogen stubs that accept a variable number of arguments.
BUG=
Review URL: https://codereview.chromium.org/
12490013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14111
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yurys@chromium.org [Tue, 2 Apr 2013 08:16:53 +0000 (08:16 +0000)]
Isolatify CPU profiler public API
Relanding r14006 and r14009 that were reverted in r14031
TBR=danno
BUG=None
Review URL: https://codereview.chromium.org/
13460002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14108
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yurys@chromium.org [Tue, 2 Apr 2013 08:09:59 +0000 (08:09 +0000)]
Deprecate HeapSnapshot type
Re-landing r14005 that was reverted in r14031
TBR=danno
BUG=None
Review URL: https://codereview.chromium.org/
13430003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14107
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yurys@chromium.org [Tue, 2 Apr 2013 08:03:01 +0000 (08:03 +0000)]
Isolatify HeapProfiler
Re-landing r13997 that was reverted in r14031
TBR=danno
BUG=None
Review URL: https://codereview.chromium.org/
13458003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14106
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yurys@chromium.org [Tue, 2 Apr 2013 07:53:50 +0000 (07:53 +0000)]
Isolatify CPU profiler
Relanding r13987 that was reverted in r14031
TBR=danno
BUG=None
Review URL: https://codereview.chromium.org/
13457002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14105
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yurys@chromium.org [Tue, 2 Apr 2013 07:48:25 +0000 (07:48 +0000)]
Allow recording individual samples in addition to the aggregated CPU profiles
Re-landing r13980 that was reverted in r14031
TBR=danno
BUG=None
Review URL: https://codereview.chromium.org/
13454002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14104
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
plind44@gmail.com [Mon, 1 Apr 2013 16:06:52 +0000 (16:06 +0000)]
MIPS: Fixed some soft-float bugs.
TEST=cctest/test-api/ExternalUnsignedIntArray
BUG=
Review URL: https://codereview.chromium.org/
13165007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14101
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
plind44@gmail.com [Sat, 30 Mar 2013 15:54:12 +0000 (15:54 +0000)]
MIPS: Make the mips port build cleanly with clang.
Port r13583 (
b39b116b) and also fix a couple mips-specific warnings.
BUG=
Review URL: https://codereview.chromium.org/
13321002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14100
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Thu, 28 Mar 2013 21:17:02 +0000 (21:17 +0000)]
MIPS: Fix register usage in softfloat code path.
BUG=none
TEST=mjsunit/math-floor-part2.js
Review URL: https://codereview.chromium.org/
12413032
Patch from Balazs Kilvady <kilvadyb@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14099
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Thu, 28 Mar 2013 14:31:48 +0000 (14:31 +0000)]
Add test to check that Function.caller must not expose native functions.
R=svenpanne@chromium.org
BUG=v8:105
Review URL: https://chromiumcodereview.appspot.com/
13166002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14096
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Thu, 28 Mar 2013 13:52:31 +0000 (13:52 +0000)]
Always allocate symbols in old space.
Keys are expected to be tenured. This now not only includes internalized
strings, but also symbols.
R=rossberg@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/
13158002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14095
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Thu, 28 Mar 2013 13:30:16 +0000 (13:30 +0000)]
Canonicalize NaNs on store to Fast(Float|Double) arrays
Also treat holey NaN coming from external float/double arrays correctly
BUG=2596
Review URL: https://codereview.chromium.org/
12918028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14094
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Thu, 28 Mar 2013 13:24:02 +0000 (13:24 +0000)]
Win32 build fix
TBR=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
13140009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14093
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Thu, 28 Mar 2013 13:07:41 +0000 (13:07 +0000)]
Release buold fix
TBR=rossberg@chromium.org
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14092
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Thu, 28 Mar 2013 12:50:18 +0000 (12:50 +0000)]
First steps towards implementing ArrayBuffer &co in V8
BUG=
Review URL: https://codereview.chromium.org/
13064003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14091
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Thu, 28 Mar 2013 12:43:19 +0000 (12:43 +0000)]
Replace ICStub for array.length with hydrogen stub
BUG=
Review URL: https://codereview.chromium.org/
12700006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14090
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
rossberg@chromium.org [Thu, 28 Mar 2013 12:01:46 +0000 (12:01 +0000)]
ES6 symbols: symbol properties should not cause going into slow mode.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
13042013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14089
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Thu, 28 Mar 2013 11:19:38 +0000 (11:19 +0000)]
Improve SeqString::Truncate for latest allocated strings.
R=hpayer@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/
12440061
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14088
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Thu, 28 Mar 2013 10:40:07 +0000 (10:40 +0000)]
Stack trace API: poison stack frames below the first strict mode frame.
Function and receiver objects are not accessible for poisoned frames.
R=rossberg@chromium.org
BUG=v8:2564
Review URL: https://chromiumcodereview.appspot.com/
13150003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14085
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Wed, 27 Mar 2013 22:48:49 +0000 (22:48 +0000)]
MIPS: Small refactoring of r14058.
BUG=
Review URL: https://codereview.chromium.org/
12703030
Patch from Balazs Kilvady <kilvadyb@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14084
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
hpayer@chromium.org [Wed, 27 Mar 2013 10:33:25 +0000 (10:33 +0000)]
Make Isolate::GetHeapStatistics robust against half-initialized isolates.
The (deprecated) non-Isolate GetHeapStatistics contains the same check.
BUG=2591
Review URL: https://codereview.chromium.org/
12965013
Patch from Marja Hölttä <marja@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14079
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Wed, 27 Mar 2013 09:58:32 +0000 (09:58 +0000)]
Add test case for missing deopt sequence after forced deopt.
R=danno@chromium.org
BUG=217858
Review URL: https://chromiumcodereview.appspot.com/
13042005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14078
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Tue, 26 Mar 2013 17:46:16 +0000 (17:46 +0000)]
Only copy with, block and catch scopes in DebugEvaluate.
R=ulan@chromium.org
BUG=171715
Review URL: https://chromiumcodereview.appspot.com/
13093003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14077
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ulan@chromium.org [Tue, 26 Mar 2013 09:28:26 +0000 (09:28 +0000)]
ARM: fix dictionary negative lookup.
Do not skip the last inlined probe.
BUG=171975
Review URL: https://chromiumcodereview.appspot.com/
12703014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14074
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
plind44@gmail.com [Mon, 25 Mar 2013 19:01:36 +0000 (19:01 +0000)]
MIPS: Generalizing remaining Allocate functions in the macro assemblers used in pretenuring.
Port r14065 (
f09e7e38)
BUG=
Review URL: https://codereview.chromium.org/
12855004
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14073
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Mon, 25 Mar 2013 17:59:15 +0000 (17:59 +0000)]
Remove bogus test flags
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/
12872007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14072
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Mon, 25 Mar 2013 17:27:54 +0000 (17:27 +0000)]
Use code_range()->exists() to determine the size of the first code page when code range is used.
Review URL: https://codereview.chromium.org/
12452012
Patch from Haitao Feng <haitao.feng@intel.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14071
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Mon, 25 Mar 2013 17:12:50 +0000 (17:12 +0000)]
MIPS: Change LookupForWrite to always do a full lookup and check the result.
Port r14061 (
df49702a)
Original commit message:
If we find a property in the prototype-chain that we can overwrite, and
we have a transition, keep the holder in the lookup-result as the actual
holder. We will need it for the consistency-check in GenerateStoreField.
By directly checking the entire chain we avoid having to lazily bail out
to a copy of the miss stub while generating the Field Store IC.
Currently this CL disallows a normal non-receiver holder, given that
that would require a positive lookup + details verification to ensure
the property did not become read-only. This fixes the regressions in the
attached tests.
BUG=
Review URL: https://codereview.chromium.org/
12924011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14070
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
verwaest@chromium.org [Mon, 25 Mar 2013 17:10:33 +0000 (17:10 +0000)]
Create a new HandleScope for each JSON-parsed object to avoid excessive growth
Review URL: https://chromiumcodereview.appspot.com/
12880019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14069
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
verwaest@chromium.org [Mon, 25 Mar 2013 15:59:08 +0000 (15:59 +0000)]
Add AssertNoAllocation to ensure TransitionArray* transitions is safe.
Review URL: https://chromiumcodereview.appspot.com/
12583013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14066
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
hpayer@chromium.org [Mon, 25 Mar 2013 15:54:15 +0000 (15:54 +0000)]
Generalizing remaining Allocate functions in the macro assemblers used in pretenuring.
BUG=
Review URL: https://codereview.chromium.org/
12440041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14065
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Mon, 25 Mar 2013 15:19:22 +0000 (15:19 +0000)]
Fix store_mode bug involving polymorphism with external and JS arrays.
Review URL: https://codereview.chromium.org/
12987014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14064
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
jkummerow@chromium.org [Mon, 25 Mar 2013 15:18:52 +0000 (15:18 +0000)]
Fix crash involving zombie maps escaping from the JSON parser's underground lab
Zapping is required since transition arrays contain weak references to maps: At the end of a GC cycle, ClearNonLiveTransitions removes references to dead maps from transition arrays. If a marked transition array with weak (dead) references is replaced by another transition array before the end of the GC cycle, dead references are not removed from the replaced transition array. If the replaced transition array is kept alive by a handle, marking will crash when trying to mark the first reference to a dead map.
Review URL: https://codereview.chromium.org/
12987013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14063
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
verwaest@chromium.org [Mon, 25 Mar 2013 12:55:27 +0000 (12:55 +0000)]
Change LookupForWrite to always do a full lookup and check the result.
If we find a property in the prototype-chain that we can overwrite, and
we have a transition, keep the holder in the lookup-result as the actual
holder. We will need it for the consistency-check in GenerateStoreField.
By directly checking the entire chain we avoid having to lazily bail out
to a copy of the miss stub while generating the Field Store IC.
Currently this CL disallows a normal non-receiver holder, given that
that would require a positive lookup + details verification to ensure
the property did not become read-only. This fixes the regressions in the
attached tests.
Review URL: https://chromiumcodereview.appspot.com/
12810006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14061
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
rossberg@chromium.org [Mon, 25 Mar 2013 11:40:14 +0000 (11:40 +0000)]
Remove GC hazard (temporary handle object)
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
12913019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14060
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Mon, 25 Mar 2013 10:01:53 +0000 (10:01 +0000)]
Correctly materialize arguments object in Runtime_DebugEvaluate.
The problem was that if the # arguments specified in the function
declaration and the # arguments passed to the function are not
the same, we use an arguments adapter frame to make it work. This
confuses the existing implementation to materialize the arguments
object.
R=peter.rybin@gmail.com
BUG=222893
Review URL: https://chromiumcodereview.appspot.com/
12674027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14059
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Sat, 23 Mar 2013 02:39:31 +0000 (02:39 +0000)]
MIPS: ES6 symbols: turn symbols into a proper primitive type
Port r14051 (
e9140a92)
Original commit message:
(qua last week's TC39)
Specifically:
- Install Symbol constructor function on the global object.
- Adjust code generation for typeof.
- Remove IsSymbol built-in, IS_SYMBOL macro now defined using typeof.
- Remove hack that allowed symbols as constructor results, and some other special cases.
- Remove symbol_delegate and GetDelegate function.
- Extend ToBoolean stub to handle symbols.
- Extend ToNumber to return NaN on symbols.
- Poison symbol's toString function, and thereby ToString on symbols.
BUG=
Review URL: https://codereview.chromium.org/
13007003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14058
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
adamk@chromium.org [Fri, 22 Mar 2013 18:04:32 +0000 (18:04 +0000)]
Fix %GetArrayKeys to not skip non-enumerable indices
This is one step in the direction of fixing a range of small bugs in the array methods when dealing with non-standard element attributes.
Added tests exercising this behavior for shift and unshift.
For Proxies and Interceptors, the behavior of %GetArrayKeys is now to just return an interval, rather than trying to list all their indexed properties. In the Proxy case, this seems like the only way to avoid an observable difference between smart and non-smart array methods. For Interceptors, the usual case (in WebKit, anyway) is for them to have all indices in [0, length), so enumerating them won't be any better than simply iterating over that range.
Review URL: https://codereview.chromium.org/
12653010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14057
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
rossberg@chromium.org [Fri, 22 Mar 2013 17:27:44 +0000 (17:27 +0000)]
ES6 symbols: prevent reflection, proxy, and observe APIs from leaking symbols
R=svenpanne@chromium.org
BUG=v8:2158
Review URL: https://codereview.chromium.org/
12422019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14056
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
rossberg@chromium.org [Fri, 22 Mar 2013 16:51:28 +0000 (16:51 +0000)]
ES6 symbols: implement name property
Adds string-valued name property to symbols, and uses it for pretty-printing.
Requires allocating symbols in pointer space, with a custom iterator to skip the unboxed hash.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
12459026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14053
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Fri, 22 Mar 2013 16:37:11 +0000 (16:37 +0000)]
Fix global object check in %IsObserved and %SetIsObserved.
BUG=
Review URL: https://chromiumcodereview.appspot.com/
12929024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14052
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
rossberg@chromium.org [Fri, 22 Mar 2013 16:33:50 +0000 (16:33 +0000)]
ES6 symbols: turn symbols into a proper primitive type
(qua last week's TC39)
Specifically:
- Install Symbol constructor function on the global object.
- Adjust code generation for typeof.
- Remove IsSymbol built-in, IS_SYMBOL macro now defined using typeof.
- Remove hack that allowed symbols as constructor results, and some other special cases.
- Remove symbol_delegate and GetDelegate function.
- Extend ToBoolean stub to handle symbols.
- Extend ToNumber to return NaN on symbols.
- Poison symbol's toString function, and thereby ToString on symbols.
R=mstarzinger@chromium.org
BUG=v8:2158
Review URL: https://codereview.chromium.org/
12957004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14051
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
adamk@chromium.org [Fri, 22 Mar 2013 15:08:30 +0000 (15:08 +0000)]
Fix bogus left-shifts in Array tests
Review URL: https://codereview.chromium.org/
12729014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14050
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Fri, 22 Mar 2013 14:33:27 +0000 (14:33 +0000)]
Remove some obsolete handle operation wrappers.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/
12893014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14049
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Fri, 22 Mar 2013 13:40:13 +0000 (13:40 +0000)]
Put zapping of local handles behind the extra checks flag.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/
12989019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14048
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Fri, 22 Mar 2013 12:34:38 +0000 (12:34 +0000)]
Fix bugs in previous_ast_id tracking
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/
12957005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14045
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Fri, 22 Mar 2013 09:47:06 +0000 (09:47 +0000)]
Port Latin-1 changes to the interpreted regexp.
R=dcarney@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/
12674024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14044
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Fri, 22 Mar 2013 09:04:36 +0000 (09:04 +0000)]
Restore correct regression test for crbug/146910.
For some reason (rebase conflicts?) the regression test introduced
in r12547 was overwritten by r13340.
The test in question already exists in regress-latin-1
R=dcarney@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/
13023003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14043
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Fri, 22 Mar 2013 08:42:38 +0000 (08:42 +0000)]
Fix JSON.stringifier's slow path wrt external strings.
R=verwaest@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/
12825016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14042
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
peter.rybin@gmail.com [Thu, 21 Mar 2013 16:12:50 +0000 (16:12 +0000)]
Fix isolate getter in DebugAgent
Review URL: https://codereview.chromium.org/
12678015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14036
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Thu, 21 Mar 2013 16:04:07 +0000 (16:04 +0000)]
Fix compilation failure on Win64 since r14020.
R=danno@chromium.org
Review URL: https://codereview.chromium.org/
12989002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14035
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Thu, 21 Mar 2013 15:25:15 +0000 (15:25 +0000)]
Prepare push to trunk. Now working on version 3.17.16.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/
12957006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14032
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Thu, 21 Mar 2013 14:42:17 +0000 (14:42 +0000)]
Maintain API compatibility with older versions of V8.
Revert "Allow recording individual samples in addition to the aggregated CPU profiles"
Revert "Isolatify CPU profiler"
Revert "Isolatify HeapProfiler"
Revert "Deprecate HeapSnapshot type"
Revert "Isolatify CPU profiler public API"
Revert "MSVS compilation fix after r14006"
Revert "Add methods to allow resuming execution after calling TerminateExecution()."
R=jkummerow@chromium.org,mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/
12475016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14031
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
jkummerow@chromium.org [Thu, 21 Mar 2013 14:36:07 +0000 (14:36 +0000)]
Delete leftover debugging code from InitializeMathExpData()
Review URL: https://codereview.chromium.org/
12858008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14030
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Thu, 21 Mar 2013 14:32:40 +0000 (14:32 +0000)]
Use internal memcpy for PatchPlatformCodeAge as well.
R=jkummerow@chromium.org
BUG=chromium:196330
Review URL: https://codereview.chromium.org/
12970009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14029
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Thu, 21 Mar 2013 14:18:16 +0000 (14:18 +0000)]
Disable zapping of global handles in release mode.
R=danno@chromium.org
Review URL: https://codereview.chromium.org/
12984006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14028
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
verwaest@chromium.org [Thu, 21 Mar 2013 12:19:23 +0000 (12:19 +0000)]
Always mark the entire valid prefix of the descriptor array.
Previously we would only mark the slot that was added specifically for
this map, if there was a backpointer and the descriptor array was shared
via the backpointer. However, ConvertTransitionToMapTransition may break
this link after we marked the transitioned map, before we marked the
transitioning map. So the descriptor slots of the parent map won't get
recorded, and we potentially point to an old address of an already
relocated function.
BUG=chromium:196331
Review URL: https://chromiumcodereview.appspot.com/
12836005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14027
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
jkummerow@chromium.org [Thu, 21 Mar 2013 12:09:53 +0000 (12:09 +0000)]
Added Hannes and Dmitry to OWNERS
Review URL: https://codereview.chromium.org/
12755027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14026
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Thu, 21 Mar 2013 12:05:50 +0000 (12:05 +0000)]
Lower limit for complex memcpy on non-ia32 architectures.
R=jkummerow@chromium.org
BUG=chromium:196330
Review URL: https://codereview.chromium.org/
12790012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14025
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
jkummerow@chromium.org [Thu, 21 Mar 2013 11:59:47 +0000 (11:59 +0000)]
Enable extra API checks, add a check for zapped global handles
Review URL: https://codereview.chromium.org/
12833015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14024
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Thu, 21 Mar 2013 10:53:26 +0000 (10:53 +0000)]
Unify code for fast and slow path of JSON.stringify.
R=verwaest@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/
12690017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14023
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Thu, 21 Mar 2013 10:47:34 +0000 (10:47 +0000)]
Add methods to allow resuming execution after calling TerminateExecution().
Two new methods are added to allow embedders to determine that execution
should be resumed at a particular point in the stack without being forced
to unwind all JS frames.
* V8::CancelTerminateExecution() -- When execution is terminated via a call
to V8::TerminateExecution(), this method can be called to clear the
termination exception so that the engine can continue to be used.
* TryCatch::HasTerminated() -- When a TryCatch has caught a termination
exception, HasTerminated() will return true to indicate it is valid to
call V8::ResumeExecution() if desired.
A test case is added to cctest/test-thread-termination.cc.
BUG=v8:2361
Patch from Andrew Paprocki <andrew@ishiboo.com>.
Review URL: https://chromiumcodereview.appspot.com/
11142013
Patch from Andrew Paprocki <andrew@ishiboo.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14022
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Thu, 21 Mar 2013 10:36:57 +0000 (10:36 +0000)]
Remove instrumentation for Code::CopyFrom crasher.
R=jkummerow@chromium.org
BUG=chromium:196330
Review URL: https://codereview.chromium.org/
12606009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14021
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Thu, 21 Mar 2013 10:28:03 +0000 (10:28 +0000)]
Use internal memcpy for CopyWords and when copying code.
R=jkummerow@chromium.org
BUG=chromium:196330
Review URL: https://codereview.chromium.org/
12970006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14020
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Thu, 21 Mar 2013 08:50:29 +0000 (08:50 +0000)]
Simplify debug evaluate.
R=peter.rybin@gmail.com
BUG=v8:2585, 173608
Review URL: https://chromiumcodereview.appspot.com/
12953002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14019
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Wed, 20 Mar 2013 21:43:30 +0000 (21:43 +0000)]
MIPS: Implement many KeyedStoreStubs using Crankshaft
Port r14001 (
28443693)
Original commit message:
- Addition of a compiled hydrogen stub for KeyedStores.
- Inlining of "grow" stubs into OPTIMIZED_FUNCTIONs
- Addition of new "ignore OOB" ic stub that silently swallows out-of-bounds stores to external typed arrays.
- Addition of new "copy-on-write" ic stub that inlines allocation and copying operations for cow array
- New stub are generated with Crankshaft, so they are automatically inlined into OPTIMIZED_FUNCTIONs
BUG=
Review URL: https://codereview.chromium.org/
12702012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14018
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Wed, 20 Mar 2013 19:13:01 +0000 (19:13 +0000)]
Add Paul Lind to the MIPS OWNER file
R=jkummerow@chromium.org
Review URL: https://chromiumcodereview.appspot.com/
12962002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14017
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
jkummerow@chromium.org [Wed, 20 Mar 2013 18:04:45 +0000 (18:04 +0000)]
Prepare push to trunk. Now working on version 3.17.15.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/
12871019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14014
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
palfia@homejinni.com [Wed, 20 Mar 2013 17:29:04 +0000 (17:29 +0000)]
MIPS: Critical fix for label binding in RegExp engine when trampoline is emitted.
TEST=mjsunit/regress/regress-crbug-178790
BUG=
Review URL: https://codereview.chromium.org/
12939010
Patch from Dusan Milosavljevic <Dusan.Milosavljevic@rt-rk.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14013
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
dslomov@chromium.org [Wed, 20 Mar 2013 17:20:48 +0000 (17:20 +0000)]
Remove more boilerplate (missed after rebase)
BUG=
Review URL: https://codereview.chromium.org/
12951007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14012
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mstarzinger@chromium.org [Wed, 20 Mar 2013 16:53:31 +0000 (16:53 +0000)]
Use internal memcpy when initializing code objects.
R=jkummerow@chromium.org
BUG=chromium:196330
Review URL: https://codereview.chromium.org/
12593014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14011
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ulan@chromium.org [Wed, 20 Mar 2013 15:20:19 +0000 (15:20 +0000)]
Disable weak embedded maps because of crashes.
R=mstarzinger@chromium.org
BUG=172489,217858
Review URL: https://chromiumcodereview.appspot.com/
12805006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14010
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yurys@chromium.org [Wed, 20 Mar 2013 14:46:09 +0000 (14:46 +0000)]
MSVS compilation fix after r14006
BUG=None
Review URL: https://codereview.chromium.org/
12931004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14009
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yangguo@chromium.org [Wed, 20 Mar 2013 14:07:30 +0000 (14:07 +0000)]
Extend test coverage for JSON.stringify's slow path.
R=verwaest@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/
12702009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14008
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
verwaest@chromium.org [Wed, 20 Mar 2013 13:12:33 +0000 (13:12 +0000)]
Explicitly pass the isolate to create handles in ic.cc
Review URL: https://chromiumcodereview.appspot.com/
12704015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14007
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yurys@chromium.org [Wed, 20 Mar 2013 13:07:48 +0000 (13:07 +0000)]
Isolatify CPU profiler public API
BUG=None
Review URL: https://codereview.chromium.org/
12950004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14006
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
yurys@chromium.org [Wed, 20 Mar 2013 12:41:00 +0000 (12:41 +0000)]
Deprecate HeapSnapshot type
There is only one type of heap snapshot - kFull and we are not going to add any new types.
BUG=None
Review URL: https://codereview.chromium.org/
12943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14005
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00