mmaly@chromium.org [Fri, 4 Feb 2011 18:15:49 +0000 (18:15 +0000)]
Pass strict mode to eval.
Code review feedback.
Code Review URL: http://codereview.chromium.org/6286043/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6652
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Fri, 4 Feb 2011 15:42:02 +0000 (15:42 +0000)]
Restore context after LApplyArguments.
BUG=v8:1099
TEST=test/mjsunit/regress/regress-1099.js
Review URL: http://codereview.chromium.org/6246106
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6649
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Fri, 4 Feb 2011 14:40:23 +0000 (14:40 +0000)]
Disable Mozilla date test that times out on X64 crankshaft.
BUG=1100
TEST=ecma/Date/15.9.5.10-2.js
Review URL: http://codereview.chromium.org/6246104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6648
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Fri, 4 Feb 2011 14:09:03 +0000 (14:09 +0000)]
Fix potential overwriting of debug jumps of following code.
Add JSArrayLength, CallKnownFunction, and InstanceType operations.
Remove LadGlobal and StoreGlobal again (they fail).
Review URL: http://codereview.chromium.org/6347067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6645
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Fri, 4 Feb 2011 13:46:09 +0000 (13:46 +0000)]
Fix ARM debug build. Insert missing declaration.
Review URL: http://codereview.chromium.org/6250160
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6640
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Fri, 4 Feb 2011 13:43:38 +0000 (13:43 +0000)]
Landing for Zaheer Ahmad.
Direct call api functions (arm implementation)
See: http://codereview.chromium.org/6170001/
Review URL: http://codereview.chromium.org/6286078
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6639
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Fri, 4 Feb 2011 13:28:23 +0000 (13:28 +0000)]
Remove instruction summaries.
Instead of constructing a temporary container for all LOperands of each
instruction, the register works directly on the LIR instructions that
provide an abstract interface for input/output/temp operands.
This saves allocation of zone memory and speeds up LIR construction,
but makes iterating over all uses in the register allocator slightly
more expensive because environment uses are stored in a linked list of
environments. We can fix this by using a flat representation of LOperands.
Review URL: http://codereview.chromium.org/6352006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6638
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Fri, 4 Feb 2011 13:16:51 +0000 (13:16 +0000)]
X64 Crankshaft: Port TaggedToI to X64.
Review URL: http://codereview.chromium.org/6368097
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6637
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Fri, 4 Feb 2011 12:14:56 +0000 (12:14 +0000)]
Make sure that we don't actually overwrite a property that has failed access checsk with Object.defineProperty.
Review URL: http://codereview.chromium.org/6246103
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6636
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Fri, 4 Feb 2011 12:06:41 +0000 (12:06 +0000)]
Remove the redundant load on every context lookup.
There was an unnecessary load on every statically-resolved context lookup.
Remove it.
This revealed a hidden bug in const initializers inside 'with'. They claim
to be statically resolved (having slot type CONTEXT) but they occur in a
spot where the runtime context chain and the static scope chain do not
agree. This is fixed by special casing const initializers in the backend.
Review URL: http://codereview.chromium.org/6384020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6635
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
karlklose@chromium.org [Fri, 4 Feb 2011 11:22:18 +0000 (11:22 +0000)]
ARM: Implement DoCmpID and DoCmpIDAndBranch in the lithium code generator.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6379007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6633
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Fri, 4 Feb 2011 11:10:39 +0000 (11:10 +0000)]
X64 Crankshaft: Add bit operations and shifts to x64 crankshaft.
Review URL: http://codereview.chromium.org/6246099
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6632
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Fri, 4 Feb 2011 10:52:19 +0000 (10:52 +0000)]
ARM: Add support for and, or and xor to the type recording binary op stub.
Review URL: http://codereview.chromium.org/6250126
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6631
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Fri, 4 Feb 2011 10:38:49 +0000 (10:38 +0000)]
Fix compliance bug in decodeURI/decodeURIComponent.
Review URL: http://codereview.chromium.org/6349105
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6630
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Fri, 4 Feb 2011 07:08:50 +0000 (07:08 +0000)]
Implements DoubleToI on ARM. Refactor some VFP code at the same time and
fix the simulator behaviour.
BUG=none
TEST=added to cctest/test-assembler-arm.cc
Patch by Rodolph Perfetta from ARM Ltd.
Review URL: http://codereview.chromium.org/6368053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6629
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Fri, 4 Feb 2011 06:54:45 +0000 (06:54 +0000)]
x64: Implemented object, array and function literals in lithium codegen.
Review URL: http://codereview.chromium.org/6371019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6628
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
peterhal@chromium.org [Thu, 3 Feb 2011 19:29:10 +0000 (19:29 +0000)]
Fix bugs 992, 1083 and 1092
My previous patch added an assert which uncovered 1092 in the sputnik tests.
This patch adds the fix for 1092, which is to ensure that NormalizeProperties
does not get called for a JSGlobalProxy along all code paths.
Add sputnik tests to .gitignore.
BUG=
TEST=
Review URL: http://codereview.chromium.org/6286060
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6627
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 3 Feb 2011 18:09:51 +0000 (18:09 +0000)]
Do proper security checks when accessing elements with getOwnPropertyDescriptor.
This extends logic applied to regular properties to elements.
Review URL: http://codereview.chromium.org/6246055
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6626
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 17:01:10 +0000 (17:01 +0000)]
X64: Implement FixedArrayLength, BoundsCheck, LoadElements,
LoadKeyedFastElement in lithium codegen.
Tested locally by hardcoding DoTaggedToI to convert smis to untagged.
Review URL: http://codereview.chromium.org/6312124
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6625
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 16:07:52 +0000 (16:07 +0000)]
Don't use eax on x64. :)
TBR=ricow
Review URL: http://codereview.chromium.org/6312122
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6624
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 15:40:20 +0000 (15:40 +0000)]
X64: Implement DoCallConstantFunction, DoLeaveInlined and DoCompareMap
in lithium-x64.
Review URL: http://codereview.chromium.org/6410060
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6623
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Thu, 3 Feb 2011 15:36:44 +0000 (15:36 +0000)]
X64 Crankshaft: Add TypeRecordingBinaryStub to X64
Review URL: http://codereview.chromium.org/6366028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6622
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Thu, 3 Feb 2011 15:14:46 +0000 (15:14 +0000)]
Fix X64 Windows compilation.
Review URL: http://codereview.chromium.org/6312120
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6621
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 14:02:13 +0000 (14:02 +0000)]
Minor cleanup in messages.js. Remove unused variables and fix formatting.
Review URL: http://codereview.chromium.org/6410058
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6620
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Thu, 3 Feb 2011 13:47:27 +0000 (13:47 +0000)]
Add regression test for the deoptimizer immediately followed by gc bug.
In addition to the regression test I changed the gc-extension to take
a boolean flag specifying if compaction should be used (default is
false, existing tests will not change behaviour)
The regression test is disabled on arm and x64 with crankshaft
enabled. I made a bug to track this:
http://code.google.com/p/v8/issues/detail?id=1094
Review URL: http://codereview.chromium.org/6312118
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 3 Feb 2011 13:30:22 +0000 (13:30 +0000)]
Fix array boundary error.
It made value of allowed_access_type[v8::ACCESS_KEYS] be a wild value. On most of
platforms it was 0 and tests passed. But on ARM (and on ia32 if you alter test a bit)
it could become true and hence allow enumeration of properties.
Review URL: http://codereview.chromium.org/6334089
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6618
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Thu, 3 Feb 2011 13:29:10 +0000 (13:29 +0000)]
Fix compilation on 64-bit Windows, update Visual Studio projects.
Review URL: http://codereview.chromium.org/6312119
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6617
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Thu, 3 Feb 2011 13:10:28 +0000 (13:10 +0000)]
Introduce a hydrogen value for contexts, support context slot assignment.
Each context in the context chain has a corresponding hydrogen value.
The context values are used for global object lookup and context slot
lookup. Add simple (non-compound) assignment to context slots.
Review URL: http://codereview.chromium.org/6390003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6615
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Thu, 3 Feb 2011 12:50:50 +0000 (12:50 +0000)]
Create specialized code stubs for PixelArray loads.
Review URL: http://codereview.chromium.org/6287030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Thu, 3 Feb 2011 11:13:04 +0000 (11:13 +0000)]
Fix X64 compilation on Windows.
Review URL: http://codereview.chromium.org/6334086
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6613
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 3 Feb 2011 10:19:41 +0000 (10:19 +0000)]
Properly process getOwnPropertyDescriptor for elements on global proxy object.
We need to go down to actual global object to perform those operations.
Review URL: http://codereview.chromium.org/6246054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6612
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Thu, 3 Feb 2011 10:07:22 +0000 (10:07 +0000)]
Streamline the code for patching optimized code for lazy deopt.
Rewrite the lazy deopt patching code on IA32 to use addresses throughout,
rather than offsets and a base address.
Also, rename a couple of ambiguous Code fields from _start to _offset.
Review URL: http://codereview.chromium.org/6334083
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6611
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Thu, 3 Feb 2011 09:10:54 +0000 (09:10 +0000)]
Fix bug in pretenuring function literals from optimized code.
Review URL: http://codereview.chromium.org/6368074
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6610
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Thu, 3 Feb 2011 08:59:14 +0000 (08:59 +0000)]
Implements Modulo operation on ARM for DoArithmeticD.
BUG=none
TEST=none
Patch by Rodolph Perfetta from ARM Ltd.
Review URL: http://codereview.chromium.org/6248004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6599
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mikhail.naganov@gmail.com [Thu, 3 Feb 2011 08:45:38 +0000 (08:45 +0000)]
Heap profiler: fix removed DOM wrappers reporting.
Aggregated snapshots: don't report unreachable objects.
Full snapshots: restore forcing GC prior to taking a snapshot.
I played with the repro page provided for the bug and found that GC
must be performed prior to taking a snapshot even if we only report
reachable objects. GC allows weak handles to finalize. Now heap
profiler produces aligned results for the repro page in both modes.
BUG=crbug/70434
TEST=none
Review URL: http://codereview.chromium.org/6410030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6598
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 07:10:06 +0000 (07:10 +0000)]
Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8
directory to make it easy for embedders to reproduce the copyright
notice for binary redistribution.
Removed now obsolete strongtalk directory.
Review URL: http://codereview.chromium.org/6349067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6593
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Wed, 2 Feb 2011 17:44:29 +0000 (17:44 +0000)]
Better security checks when accessing named properties via Object.getOwnPropertyDescriptor.
Current approach returns undefined descriptor if caller is not granted v8::HAS_ACCESS.
If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS check is
performed and value property of the descriptor is set to undefined if caller doesn't
have proper access. For JS accessors both v8::GET_ACCESS and v8::SET_ACCESS are checked
and affect if getter and setter would be stored in the descriptor.
Review URL: http://codereview.chromium.org/6286020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6592
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 2 Feb 2011 16:02:11 +0000 (16:02 +0000)]
Prepare push to trunk. Now working on version 3.1.2.
Review URL: http://codereview.chromium.org/6312090
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6587
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 2 Feb 2011 15:08:29 +0000 (15:08 +0000)]
More of the fix for V8 issue 1079.
The arguments property of functions, if we find an optimized frame for
the function, is always a freshly allocated object. We never try to
find an existing arguments object.
Review URL: http://codereview.chromium.org/6349050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Wed, 2 Feb 2011 14:17:47 +0000 (14:17 +0000)]
Follow up to r6540: remove early return from C++ builtin as well.
Review URL: http://codereview.chromium.org/6347037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6580
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
erik.corry@gmail.com [Wed, 2 Feb 2011 14:14:55 +0000 (14:14 +0000)]
Fix code generation bug on ARM in classic codegen.
Review URL: http://codereview.chromium.org/6246045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 2 Feb 2011 14:08:30 +0000 (14:08 +0000)]
Fix x64 DEBUG build.
TBR=whesse@chromium
Review URL: http://codereview.chromium.org/6349049
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6578
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Wed, 2 Feb 2011 14:02:58 +0000 (14:02 +0000)]
Fix bug in object literals with large array indexes as strings.
Review URL: http://codereview.chromium.org/6410028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 2 Feb 2011 13:55:29 +0000 (13:55 +0000)]
Partial fix for V8 issue 1079.
Record a safepoint with a deoptimization id for throw in optimized code. We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw). For
hygiene we use the actual ID of the throw expression. Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit. This is required to insert a simulate between the throw and the exit.
Make our optimized treatment of Function.prototype.apply act like a call and
have side effects. This ensures that it will get a lazy deoptimization
environment. Use that deoptimization ID in the safepoint for the call.
Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction. Record the
environment and use the deoptimization ID at the safepoint.
Review URL: http://codereview.chromium.org/6250105
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Wed, 2 Feb 2011 13:32:18 +0000 (13:32 +0000)]
GDBJIT: emit .eh_frame section on x64.
This enables proper stack unwinding on x64.
Currently this requires V8 to be compiled without snapshot and --gdbjit-full to be enabled.
Original patch by Sanjoy Das (http://codereview.chromium.org/6371011/)
Review URL: http://codereview.chromium.org/6250104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6575
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Wed, 2 Feb 2011 13:31:52 +0000 (13:31 +0000)]
A MessageObject is a purely internal object to hold information about
an error message that needs to be generated and reported. This change
hides all of the error information from JavaScript code so user
callbacks cannot get hold of it.
Review URL: http://codereview.chromium.org/6368051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6574
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Wed, 2 Feb 2011 12:54:58 +0000 (12:54 +0000)]
Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5). These are not equal to sqrt(-0) and 1/sqrt(-0). Add tests for these cases. Fixes V8 issue 1088.
BUG=1088
TEST=test/mjsunit/math-pow.js
Review URL: http://codereview.chromium.org/6368050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
karlklose@chromium.org [Wed, 2 Feb 2011 11:58:24 +0000 (11:58 +0000)]
Extract platform independent part of RevertStackCheckCode.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6349046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6572
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Wed, 2 Feb 2011 10:30:41 +0000 (10:30 +0000)]
ARM: Refactor duplicated floating point code in type recording binary operation stub.
Review URL: http://codereview.chromium.org/6334045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6570
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Wed, 2 Feb 2011 09:52:57 +0000 (09:52 +0000)]
Require typed input representation for HTypeof hydrogen instruction.
BUG=http://code.google.com/p/chromium/issues/detail?id=71647
TEST=test/mjsunit/regress/regress-71647.js
Review URL: http://codereview.chromium.org/6410025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6566
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Wed, 2 Feb 2011 09:40:09 +0000 (09:40 +0000)]
This fixes the issue with the deoptimizer trashing the reloc info before patching the code.
If we, immediately after the deoptimization, but before actually
running the patched code, get a compacting GC, the addresses from the
calls might no longer be valid.
I have validated that this works by patching the existing code to
always do a compacting gc after we finish deoptimizing. I will create
a real regression test for this, but this includes additional code for
allowing us to force a deopt/opt from javascript test code. I will
land this in a seperate change.
Review URL: http://codereview.chromium.org/6349043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6565
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Wed, 2 Feb 2011 08:14:06 +0000 (08:14 +0000)]
Revert revision 6555 as it causes win32 debug to fail.
Review URL: http://codereview.chromium.org/6349044
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6564
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Tue, 1 Feb 2011 20:47:53 +0000 (20:47 +0000)]
Switch from template functions overloading to partial template specialization.
This should fix compilation on old GCC.
Review URL: http://codereview.chromium.org/6350012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6563
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
peterhal@chromium.org [Tue, 1 Feb 2011 20:08:01 +0000 (20:08 +0000)]
Revert "Fix bugs 992 and 1083"
This reverts commit 6561 as the new assert caused failures in sputnik.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6562
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
peterhal@chromium.org [Tue, 1 Feb 2011 17:08:14 +0000 (17:08 +0000)]
Fix bugs 992 and 1083
Fixes JS portion of DefineOwnProperty when there is
an existing property and the new descriptor is generic.
Makes code follow spec steps more closely.
Fixes typo for check for unchanged enumerable in step 6.
Adds regression tests.
Fixes errors in object-define-property test
Don't normalize the JSGlobalProxy. Gets webkit http/tests/security/xss-DENIED-defineProperty.html working.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6561
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Tue, 1 Feb 2011 16:38:25 +0000 (16:38 +0000)]
ARM: Add multiplication and modulus to the type recording binary operation stub.
For now the smi part only handles power of two right hand side operands.
Fixed a bug when loading floating point value into core registers with VFP supported.
Review URL: http://codereview.chromium.org/6312059
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6560
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Tue, 1 Feb 2011 16:20:04 +0000 (16:20 +0000)]
Fix Xcode project.
TBR=ager@chromium.org
Code review URL: http://codereview.chromium.org/6286016/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6559
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Tue, 1 Feb 2011 16:08:44 +0000 (16:08 +0000)]
Fix error message name.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6558
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Tue, 1 Feb 2011 14:33:23 +0000 (14:33 +0000)]
Fix control flow resolution bug in lithium register allocator.
Review URL: http://codereview.chromium.org/6312057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6556
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Tue, 1 Feb 2011 13:29:37 +0000 (13:29 +0000)]
Compare JSObjects by identity immediately.
When invoking EQUALS JS builtin, 1st argument is passed as a receiver and
if it's a global object, it gets overwritten with global proxy object and
thus one gets incorrect results.
BUG=v8::1082
Review URL: http://codereview.chromium.org/6287018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6555
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Tue, 1 Feb 2011 12:39:02 +0000 (12:39 +0000)]
Temporary disable comparison of optimizability of code objects in some cases.
With crankshaft, a code object can change its optimizability: it can start as
optimizable code object, but later we can find out it was a bad idea to
optimize it. Alas, currently we don't have a proper event to communicate
this back to logger. Hence we temporary allow a code object to be viewed
as optimizable judging from logs while being unoptimizable judging from
heap traversal.
Review URL: http://codereview.chromium.org/6250054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6553
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Tue, 1 Feb 2011 12:31:16 +0000 (12:31 +0000)]
Avoid callbacks to user code during error formatting in a couple of
other situations.
Do not use overwritten Object.prototype.hasOwnProperty and
Array.prototype.pop. Do not use split and join in the error formatting
implementation. They are too big to control and their generality is
not needed.
Review URL: http://codereview.chromium.org/6287041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6552
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
karlklose@chromium.org [Tue, 1 Feb 2011 11:18:45 +0000 (11:18 +0000)]
Change OSR stack check patching to use the stack check table.
Change OSR stack check patching to use the stack check table to iterate over the calls to stack guards platform independent. Introduce Deoptimizer::PatchStackCheckAt for each platform to perform the platform specific patch at a given pc.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6392027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6551
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Mon, 31 Jan 2011 22:35:27 +0000 (22:35 +0000)]
Fix V8 bug 1084: allow "\0" in strict mode as valid escape sequence.
http://code.google.com/p/v8/issues/detail?id=1084
Code Review URL: http://codereview.chromium.org/6386014/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6550
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Mon, 31 Jan 2011 14:54:53 +0000 (14:54 +0000)]
ArraySplice builtin should return empty array and not alter receiver if invoked with no arguments.
Review URL: http://codereview.chromium.org/6357025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6540
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Mon, 31 Jan 2011 13:49:15 +0000 (13:49 +0000)]
Perform security checks before fetching the value in Object.getOwnPropertyDescriptor.
Review URL: http://codereview.chromium.org/6386022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6539
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Mon, 31 Jan 2011 13:33:09 +0000 (13:33 +0000)]
Add entries for build products of OOM dump utility into .gitignore.
Review URL: http://codereview.chromium.org/6409008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6538
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Mon, 31 Jan 2011 12:37:19 +0000 (12:37 +0000)]
Fix typo in Changelog, date in version.cc.
Review URL: http://codereview.chromium.org/6287016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6535
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Mon, 31 Jan 2011 12:36:54 +0000 (12:36 +0000)]
Fix a bug in the placement of minus-zero checks and in GVN.
1. The placement of checks for negative zero has to be computed after
all conversion instructions have been inserted. I separated the code
into its own phase.
2. GVN need to take instruction flags into account when comparing
instructions for redundancy.
Review URL: http://codereview.chromium.org/6260035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6534
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Mon, 31 Jan 2011 10:25:44 +0000 (10:25 +0000)]
Prepare push to trunk. Now working on version 3.1.1.
Review URL: http://codereview.chromium.org/6347035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6532
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Mon, 31 Jan 2011 10:16:28 +0000 (10:16 +0000)]
ARM: Add support for DoMathAbs with double inputs.
Adds vabs instruction to simulator, assembler, disassembler and tests.
BUG=none
TEST=Added to cctest.
Review URL: http://codereview.chromium.org/6366016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6531
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Mon, 31 Jan 2011 09:58:12 +0000 (09:58 +0000)]
Adding vendor prefix to Locale class (becoming v8Locale) to minimize risk of future changes.
Review URL: http://codereview.chromium.org/6332022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6530
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Fri, 28 Jan 2011 17:24:10 +0000 (17:24 +0000)]
Fix bug in tail call of builtin in the ToNumber stub on ARM.
Review URL: http://codereview.chromium.org/6255017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6529
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Fri, 28 Jan 2011 15:07:04 +0000 (15:07 +0000)]
Revert "Add custom typed ICs for pixel array loads. "
This change caused failures in (out of bounds) keyed loads of strings.
TBR'd.
Review URL: http://codereview.chromium.org/6298019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6528
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Fri, 28 Jan 2011 14:18:26 +0000 (14:18 +0000)]
Introduce ToNumber stub and use it in non-optimized code for to-number conversion.
This stub is used for increment/decrement operations and unary plus.
The resulting code is more compact and faster than calling a JS builtin.
Review URL: http://codereview.chromium.org/6350021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6527
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Fri, 28 Jan 2011 14:06:20 +0000 (14:06 +0000)]
Add custom typed ICs for pixel array loads.
Review URL: http://codereview.chromium.org/6323002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6526
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Fri, 28 Jan 2011 13:41:19 +0000 (13:41 +0000)]
Clarify some details of global objects implementation.
Review URL: http://codereview.chromium.org/6386011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6525
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Fri, 28 Jan 2011 10:33:10 +0000 (10:33 +0000)]
Avoid using Function.prototype.call in a number of places in our
builtins files. We should always use %_CallFunction for a couple of
reasons: it cannot be overwritten and it does not wrap basic types in
wrapper objects.
Review URL: http://codereview.chromium.org/6349018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6524
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Fri, 28 Jan 2011 07:55:43 +0000 (07:55 +0000)]
Prepare push to trunk. Now working on version 3.1.0.
Review URL: http://codereview.chromium.org/6286014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6520
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 27 Jan 2011 18:21:07 +0000 (18:21 +0000)]
Revert "Unification: introduce ExternalReference::pending_exception_address()."
This reverts r6518.
TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/6359015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6519
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 27 Jan 2011 18:10:45 +0000 (18:10 +0000)]
Unification: introduce ExternalReference::pending_exception_address().
Review URL: http://codereview.chromium.org/6335016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6518
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Thu, 27 Jan 2011 16:41:43 +0000 (16:41 +0000)]
Implement DoGlobalReceiver and DoCheckFunction lithium instructions on x64
Review URL: http://codereview.chromium.org/6277024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6517
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 27 Jan 2011 16:17:13 +0000 (16:17 +0000)]
Do not set result_ prematurely.
If ConfigureGlobalObjects below will fail, we still decide that initialidation
went smoothly as we check emptiness of result_ handle to see if initialisation
failed or not.
Review URL: http://codereview.chromium.org/6347021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6516
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 27 Jan 2011 14:25:37 +0000 (14:25 +0000)]
Better name for ShouldReturnException which actually should be ShouldReportException.
Review URL: http://codereview.chromium.org/6368019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6515
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Thu, 27 Jan 2011 14:04:07 +0000 (14:04 +0000)]
Cleanup unused code from the type oracle.
Review URL: http://codereview.chromium.org/6135004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6514
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Thu, 27 Jan 2011 13:17:34 +0000 (13:17 +0000)]
Fix id for HandleScope::DeleteExtensions and Factory::arguments_marker() in serializer.
Review URL: http://codereview.chromium.org/6357020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6513
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Thu, 27 Jan 2011 13:02:48 +0000 (13:02 +0000)]
X64 Crankshaft: Added yet more operations.
Added operations:
DoStoreGlobal
DoLoadNamedField
DoStoreNamedField
DoCheckPrototypeMaps
DoEnterInlined
Review URL: http://codereview.chromium.org/6308019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6512
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Thu, 27 Jan 2011 12:31:24 +0000 (12:31 +0000)]
Fix test expectations from r6509
Review URL: http://codereview.chromium.org/6286011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6511
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Thu, 27 Jan 2011 11:58:31 +0000 (11:58 +0000)]
X64 Crankshaft: Reapply reverted operations with DoLoadGlobal disabled.
Review URL: http://codereview.chromium.org/6397002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6510
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Thu, 27 Jan 2011 11:55:58 +0000 (11:55 +0000)]
Change an invalid assert
BUG=v8:1079
Review URL: http://codereview.chromium.org/6332019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6509
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 27 Jan 2011 08:35:39 +0000 (08:35 +0000)]
Fix reintroduction of global variables that have been deleted.
Deletion of global properties puts 'the hole' in the global property
cell and updates the property details in the property dictionary with
the information that the property has been deleted. When setting
global properties that have been deleted in generated code we just
store the new value in the global property cell. This does not update
the property details in the property dictionary. Therefore, it looks
like the property is not there eventhough it was just reintroduced.
Perform 'the hole' checks in generated code for global property stores
and bail out of ICs and optimized code if storing to a property cell
that contains 'the hole'.
Review URL: http://codereview.chromium.org/6306014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6508
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
karlklose@chromium.org [Thu, 27 Jan 2011 03:22:08 +0000 (03:22 +0000)]
ARM: Implement DoInstanceOfAndBranch in the lithium code generator.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6364007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6507
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Wed, 26 Jan 2011 21:15:46 +0000 (21:15 +0000)]
ARM: Try to fix broken commit r6504
Commit contained wrong assert and was missing call to the runtime system for MUL.
TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/6338019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6506
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
karlklose@chromium.org [Wed, 26 Jan 2011 20:48:48 +0000 (20:48 +0000)]
Refactor recording of safepoints.
Refactor SafepointTableBuilder::DefineSafepoint and ARM LCodeGen::RecordSafepoint to use an enum for different kinds of safepoints. This change removes a lot of duplicated code and makes it easier to include new kinds of safepoints in the future. The remaining variants of LCodeGen::RecordSafepoint remain as a convinient way to record common safepoint kinds.
BUG=http://code.google.com/p/v8/issues/detail?id=1043
TEST=none
Review URL: http://codereview.chromium.org/6341008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6505
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Wed, 26 Jan 2011 20:25:33 +0000 (20:25 +0000)]
ARM: Add multiplication to the type recording binary operation stub
Review URL: http://codereview.chromium.org/6391004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6504
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Wed, 26 Jan 2011 19:21:46 +0000 (19:21 +0000)]
Strict mode eval/arguments LHS.
Review URL: http://codereview.chromium.org/6335013/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6503
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Wed, 26 Jan 2011 18:15:43 +0000 (18:15 +0000)]
Compress Variable class.
Link: http://codereview.chromium.org/6246019/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6502
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Wed, 26 Jan 2011 18:10:26 +0000 (18:10 +0000)]
Strict mode: function constructor tests.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6501
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 26 Jan 2011 17:32:02 +0000 (17:32 +0000)]
Remove the HInstruction utilities taking flag mask arguments.
It is a type error to treat a flag (an enum) as if it were a flag mask (an
int derived from shifting a bit by the enum value). It is error prone to
have functions that take flag mask arguments because they will silently
accept flags.
Review URL: http://codereview.chromium.org/6373011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6500
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 26 Jan 2011 17:30:22 +0000 (17:30 +0000)]
Use more detailed compilation info for inlined functions.
Construct the statically-known compilation info for inlined functions using
the target closure (which knows about its scope chain) and not from the
shared function info (which doesn't).
Review URL: http://codereview.chromium.org/6397004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6499
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
projects / platform / upstream / v8.git / log