ager@chromium.org [Tue, 8 Feb 2011 18:09:19 +0000 (18:09 +0000)]
ARM: Fix condition usage in DeoptimizeIf().
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6447003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6685
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Tue, 8 Feb 2011 17:25:40 +0000 (17:25 +0000)]
Check for overflow when bumping new space's top in inlined allocation.
BUG=v8:1109
TEST=test/mjsunit/regress/regress-1109.js
Review URL: http://codereview.chromium.org/6453005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6684
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Tue, 8 Feb 2011 16:31:58 +0000 (16:31 +0000)]
Fix issues with using defineProperty on the global proxy object.
Review URL: http://codereview.chromium.org/6452004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6683
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Tue, 8 Feb 2011 15:51:49 +0000 (15:51 +0000)]
Prepare for bailout with the proper state at labeled block entries.
The state here should be NO_REGISTERS. It was spuriously changed to from
NO_REGISTERS to TOS_REG when TOS_EAX was renamed to TOS_REG.
BUG=v8:1113
Review URL: http://codereview.chromium.org/6452007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6682
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Tue, 8 Feb 2011 14:37:50 +0000 (14:37 +0000)]
x64: Add MulI and DivI to lithium instructions.
Review URL: http://codereview.chromium.org/6448001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6681
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Tue, 8 Feb 2011 14:04:27 +0000 (14:04 +0000)]
Correct propagation of exceptions from setters.
BUG=v8:1105
TEST=test/mjsunit/regress/regress-1105.js
Review URL: http://codereview.chromium.org/6451003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6680
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Tue, 8 Feb 2011 14:00:22 +0000 (14:00 +0000)]
Fix a possible duplicate AST ID for deoptimization.
For redeclarations of variables that alias the parameters in functions
using arguments, we need to avoid re-visiting the shared variable
rewrite.
BUG=v8:1104
Review URL: http://codereview.chromium.org/6453004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6679
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Tue, 8 Feb 2011 13:28:09 +0000 (13:28 +0000)]
Bailout from crankshaft if a global property is found in the prototype chain of the global object, not on the global object itself.
Review URL: http://codereview.chromium.org/6449002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6678
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Tue, 8 Feb 2011 13:09:07 +0000 (13:09 +0000)]
Make sure that we do not call is_extensible on the global proxy.
When calling Object.isExtensible we did not do a check for the global
js proxy. This caused the check on the extensible bit on the map to
return true, even when the bit was set to false on the global js
object.
Review URL: http://codereview.chromium.org/6450003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6677
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Tue, 8 Feb 2011 13:01:34 +0000 (13:01 +0000)]
Speedup decodeURI/decodeURIComponent by switching from charAt(i) to charCodeAt(i) in Decode.
Original patch by Alexander Karpinsky.
Review URL: http://codereview.chromium.org/6440001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6676
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Tue, 8 Feb 2011 12:41:16 +0000 (12:41 +0000)]
Make sure that we never call prevent extension on the global proxy,
but instead call this on the global object.
BUG: 1103
Review URL: http://codereview.chromium.org/6454001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6675
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Tue, 8 Feb 2011 11:38:15 +0000 (11:38 +0000)]
Fix bug in JSON.parse for objects containing "__proto__" as key.
It added the __proto__ key as a normal key, which made it visible
in enumeration, while reading still hit the hard-coded accessor.
Review URL: http://codereview.chromium.org/6451002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6674
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Tue, 8 Feb 2011 11:26:42 +0000 (11:26 +0000)]
X64 Crankshaft: Implement DoCodeStub on X64 platform.
Review URL: http://codereview.chromium.org/6451001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6673
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Tue, 8 Feb 2011 10:45:21 +0000 (10:45 +0000)]
Refactor lithium instructions for constants.
1. Remove unnecessary superlcass LConstant.
2. Use hydrogen accessor instead of duplicating the value.
Review URL: http://codereview.chromium.org/6410120
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6672
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Tue, 8 Feb 2011 10:08:47 +0000 (10:08 +0000)]
Support %_IsConstructCall in the Crankshaft pipeline.
Provide special case for f.bind(obj).
Review URL: http://codereview.chromium.org/6368138
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6671
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Tue, 8 Feb 2011 09:43:24 +0000 (09:43 +0000)]
X64 Crankshaft: Use TypeRecordingBinaryStub in crankshaft.
Review URL: http://codereview.chromium.org/6449001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6670
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Tue, 8 Feb 2011 07:49:59 +0000 (07:49 +0000)]
Fixed a number of issues on x64 crankshaft port:
- Don't use SmiSub when overflow can occur. It asserts that overflow
does not happen.
- Actually use CompareICs and signal to crankshaft whether or not smi
code was inlined.
- Fix bug in CmpI where 64 bits were compared instead of 32 bits.
- Implement Throw, DeferredStackCheck, StoreKeyedFastElement in
lithium backend.
BUG=
TEST=
Review URL: http://codereview.chromium.org/6312193
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6669
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Mon, 7 Feb 2011 16:51:47 +0000 (16:51 +0000)]
Clean up es5conform.status per feedback.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6668
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Mon, 7 Feb 2011 14:15:05 +0000 (14:15 +0000)]
X64: Add Crankshaft operation LoadGlobal.
Copied some serializer-related checks and counters from ia32.
Review URL: http://codereview.chromium.org/6312186
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6667
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Mon, 7 Feb 2011 14:11:53 +0000 (14:11 +0000)]
x64: Implement SmiUntag, SmiTag, LoadHeapObject and LoadNamedGeneric
in the lithium backend.
Review URL: http://codereview.chromium.org/6312185
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6666
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Mon, 7 Feb 2011 13:41:02 +0000 (13:41 +0000)]
X64: Disable crankshaft if serializerion is enabled.
Review URL: http://codereview.chromium.org/6413017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6665
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Mon, 7 Feb 2011 12:33:21 +0000 (12:33 +0000)]
Prepare push to trunk. Now working on version 3.1.3.
Review URL: http://codereview.chromium.org/6286145
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6661
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Mon, 7 Feb 2011 12:07:21 +0000 (12:07 +0000)]
Re-insert exception for mozilla/ecma/Date/15.9.5.10-2 in release mode on arm
The last change to mozilla.status made the assumption that this test always finish on time when in release mode, but that is not the case on arm. This change just skips the test completely on arm.
Review URL: http://codereview.chromium.org/6250193
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6660
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Mon, 7 Feb 2011 09:55:42 +0000 (09:55 +0000)]
Do not compile the unreachable body of functions with illegal redeclarations.
Revision 6635 added an assert on IA32 that there were no 'const' parameters.
This assert could be hit at compile time because we compiled the unreachable
body of functions with illegal redeclarations, which are thrown at runtime.
Review URL: http://codereview.chromium.org/6286144
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6659
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sandholm@chromium.org [Mon, 7 Feb 2011 08:57:06 +0000 (08:57 +0000)]
Improve ScanJsonNumber.
Review URL: http://codereview.chromium.org/6334106
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6658
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Mon, 7 Feb 2011 08:34:42 +0000 (08:34 +0000)]
Remove exceptions for Function.prototype.bind from es5conform.status.
These exceptions are no longer valid since we do implement bind.
Review URL: http://codereview.chromium.org/6410116
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6657
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Mon, 7 Feb 2011 08:34:33 +0000 (08:34 +0000)]
Simplify exceptions for ecma/Date/15.9.5.10-2 in mozilla.status
We had a large number of different exceptions for this test in the
mozilla.status file - changing this to only one exception where we
allow fail and timeout in debug mode.
Review URL: http://codereview.chromium.org/6286143
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6656
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Mon, 7 Feb 2011 07:39:40 +0000 (07:39 +0000)]
Fix an issue in DoMulI and address mjsunit test failure.
BUG=v8:1098
TEST=mjsunit/compiler/regress-intoverflow.js
Patch by Rodolph Perfetta from ARM Ltd.
Review URL: http://codereview.chromium.org/6312151
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6655
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Fri, 4 Feb 2011 22:07:10 +0000 (22:07 +0000)]
Fix es5conform.status expectation file.
The strict mode tests were disabled until now.
The propagation of strict mode flag into eval enabled them but there are
failures due to unimplemented features of strict mode, as well as some
incorrect tests in the suite.
TBR=ager@chromium.org, lrn@chromium.org
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6654
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
peterhal@chromium.org [Fri, 4 Feb 2011 18:36:37 +0000 (18:36 +0000)]
Issue 117 - strict mode and future reserved words
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6653
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Fri, 4 Feb 2011 18:15:49 +0000 (18:15 +0000)]
Pass strict mode to eval.
Code review feedback.
Code Review URL: http://codereview.chromium.org/6286043/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6652
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Fri, 4 Feb 2011 15:42:02 +0000 (15:42 +0000)]
Restore context after LApplyArguments.
BUG=v8:1099
TEST=test/mjsunit/regress/regress-1099.js
Review URL: http://codereview.chromium.org/6246106
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6649
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Fri, 4 Feb 2011 14:40:23 +0000 (14:40 +0000)]
Disable Mozilla date test that times out on X64 crankshaft.
BUG=1100
TEST=ecma/Date/15.9.5.10-2.js
Review URL: http://codereview.chromium.org/6246104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6648
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Fri, 4 Feb 2011 14:09:03 +0000 (14:09 +0000)]
Fix potential overwriting of debug jumps of following code.
Add JSArrayLength, CallKnownFunction, and InstanceType operations.
Remove LadGlobal and StoreGlobal again (they fail).
Review URL: http://codereview.chromium.org/6347067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6645
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Fri, 4 Feb 2011 13:46:09 +0000 (13:46 +0000)]
Fix ARM debug build. Insert missing declaration.
Review URL: http://codereview.chromium.org/6250160
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6640
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Fri, 4 Feb 2011 13:43:38 +0000 (13:43 +0000)]
Landing for Zaheer Ahmad.
Direct call api functions (arm implementation)
See: http://codereview.chromium.org/6170001/
Review URL: http://codereview.chromium.org/6286078
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6639
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Fri, 4 Feb 2011 13:28:23 +0000 (13:28 +0000)]
Remove instruction summaries.
Instead of constructing a temporary container for all LOperands of each
instruction, the register works directly on the LIR instructions that
provide an abstract interface for input/output/temp operands.
This saves allocation of zone memory and speeds up LIR construction,
but makes iterating over all uses in the register allocator slightly
more expensive because environment uses are stored in a linked list of
environments. We can fix this by using a flat representation of LOperands.
Review URL: http://codereview.chromium.org/6352006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6638
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Fri, 4 Feb 2011 13:16:51 +0000 (13:16 +0000)]
X64 Crankshaft: Port TaggedToI to X64.
Review URL: http://codereview.chromium.org/6368097
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6637
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Fri, 4 Feb 2011 12:14:56 +0000 (12:14 +0000)]
Make sure that we don't actually overwrite a property that has failed access checsk with Object.defineProperty.
Review URL: http://codereview.chromium.org/6246103
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6636
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Fri, 4 Feb 2011 12:06:41 +0000 (12:06 +0000)]
Remove the redundant load on every context lookup.
There was an unnecessary load on every statically-resolved context lookup.
Remove it.
This revealed a hidden bug in const initializers inside 'with'. They claim
to be statically resolved (having slot type CONTEXT) but they occur in a
spot where the runtime context chain and the static scope chain do not
agree. This is fixed by special casing const initializers in the backend.
Review URL: http://codereview.chromium.org/6384020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6635
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
karlklose@chromium.org [Fri, 4 Feb 2011 11:22:18 +0000 (11:22 +0000)]
ARM: Implement DoCmpID and DoCmpIDAndBranch in the lithium code generator.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6379007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6633
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Fri, 4 Feb 2011 11:10:39 +0000 (11:10 +0000)]
X64 Crankshaft: Add bit operations and shifts to x64 crankshaft.
Review URL: http://codereview.chromium.org/6246099
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6632
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Fri, 4 Feb 2011 10:52:19 +0000 (10:52 +0000)]
ARM: Add support for and, or and xor to the type recording binary op stub.
Review URL: http://codereview.chromium.org/6250126
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6631
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Fri, 4 Feb 2011 10:38:49 +0000 (10:38 +0000)]
Fix compliance bug in decodeURI/decodeURIComponent.
Review URL: http://codereview.chromium.org/6349105
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6630
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Fri, 4 Feb 2011 07:08:50 +0000 (07:08 +0000)]
Implements DoubleToI on ARM. Refactor some VFP code at the same time and
fix the simulator behaviour.
BUG=none
TEST=added to cctest/test-assembler-arm.cc
Patch by Rodolph Perfetta from ARM Ltd.
Review URL: http://codereview.chromium.org/6368053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6629
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Fri, 4 Feb 2011 06:54:45 +0000 (06:54 +0000)]
x64: Implemented object, array and function literals in lithium codegen.
Review URL: http://codereview.chromium.org/6371019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6628
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
peterhal@chromium.org [Thu, 3 Feb 2011 19:29:10 +0000 (19:29 +0000)]
Fix bugs 992, 1083 and 1092
My previous patch added an assert which uncovered 1092 in the sputnik tests.
This patch adds the fix for 1092, which is to ensure that NormalizeProperties
does not get called for a JSGlobalProxy along all code paths.
Add sputnik tests to .gitignore.
BUG=
TEST=
Review URL: http://codereview.chromium.org/6286060
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6627
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 3 Feb 2011 18:09:51 +0000 (18:09 +0000)]
Do proper security checks when accessing elements with getOwnPropertyDescriptor.
This extends logic applied to regular properties to elements.
Review URL: http://codereview.chromium.org/6246055
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6626
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 17:01:10 +0000 (17:01 +0000)]
X64: Implement FixedArrayLength, BoundsCheck, LoadElements,
LoadKeyedFastElement in lithium codegen.
Tested locally by hardcoding DoTaggedToI to convert smis to untagged.
Review URL: http://codereview.chromium.org/6312124
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6625
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 16:07:52 +0000 (16:07 +0000)]
Don't use eax on x64. :)
TBR=ricow
Review URL: http://codereview.chromium.org/6312122
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6624
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 15:40:20 +0000 (15:40 +0000)]
X64: Implement DoCallConstantFunction, DoLeaveInlined and DoCompareMap
in lithium-x64.
Review URL: http://codereview.chromium.org/6410060
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6623
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Thu, 3 Feb 2011 15:36:44 +0000 (15:36 +0000)]
X64 Crankshaft: Add TypeRecordingBinaryStub to X64
Review URL: http://codereview.chromium.org/6366028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6622
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Thu, 3 Feb 2011 15:14:46 +0000 (15:14 +0000)]
Fix X64 Windows compilation.
Review URL: http://codereview.chromium.org/6312120
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6621
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 14:02:13 +0000 (14:02 +0000)]
Minor cleanup in messages.js. Remove unused variables and fix formatting.
Review URL: http://codereview.chromium.org/6410058
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6620
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Thu, 3 Feb 2011 13:47:27 +0000 (13:47 +0000)]
Add regression test for the deoptimizer immediately followed by gc bug.
In addition to the regression test I changed the gc-extension to take
a boolean flag specifying if compaction should be used (default is
false, existing tests will not change behaviour)
The regression test is disabled on arm and x64 with crankshaft
enabled. I made a bug to track this:
http://code.google.com/p/v8/issues/detail?id=1094
Review URL: http://codereview.chromium.org/6312118
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 3 Feb 2011 13:30:22 +0000 (13:30 +0000)]
Fix array boundary error.
It made value of allowed_access_type[v8::ACCESS_KEYS] be a wild value. On most of
platforms it was 0 and tests passed. But on ARM (and on ia32 if you alter test a bit)
it could become true and hence allow enumeration of properties.
Review URL: http://codereview.chromium.org/6334089
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6618
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Thu, 3 Feb 2011 13:29:10 +0000 (13:29 +0000)]
Fix compilation on 64-bit Windows, update Visual Studio projects.
Review URL: http://codereview.chromium.org/6312119
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6617
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Thu, 3 Feb 2011 13:10:28 +0000 (13:10 +0000)]
Introduce a hydrogen value for contexts, support context slot assignment.
Each context in the context chain has a corresponding hydrogen value.
The context values are used for global object lookup and context slot
lookup. Add simple (non-compound) assignment to context slots.
Review URL: http://codereview.chromium.org/6390003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6615
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
danno@chromium.org [Thu, 3 Feb 2011 12:50:50 +0000 (12:50 +0000)]
Create specialized code stubs for PixelArray loads.
Review URL: http://codereview.chromium.org/6287030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Thu, 3 Feb 2011 11:13:04 +0000 (11:13 +0000)]
Fix X64 compilation on Windows.
Review URL: http://codereview.chromium.org/6334086
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6613
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Thu, 3 Feb 2011 10:19:41 +0000 (10:19 +0000)]
Properly process getOwnPropertyDescriptor for elements on global proxy object.
We need to go down to actual global object to perform those operations.
Review URL: http://codereview.chromium.org/6246054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6612
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Thu, 3 Feb 2011 10:07:22 +0000 (10:07 +0000)]
Streamline the code for patching optimized code for lazy deopt.
Rewrite the lazy deopt patching code on IA32 to use addresses throughout,
rather than offsets and a base address.
Also, rename a couple of ambiguous Code fields from _start to _offset.
Review URL: http://codereview.chromium.org/6334083
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6611
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Thu, 3 Feb 2011 09:10:54 +0000 (09:10 +0000)]
Fix bug in pretenuring function literals from optimized code.
Review URL: http://codereview.chromium.org/6368074
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6610
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Thu, 3 Feb 2011 08:59:14 +0000 (08:59 +0000)]
Implements Modulo operation on ARM for DoArithmeticD.
BUG=none
TEST=none
Patch by Rodolph Perfetta from ARM Ltd.
Review URL: http://codereview.chromium.org/6248004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6599
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mikhail.naganov@gmail.com [Thu, 3 Feb 2011 08:45:38 +0000 (08:45 +0000)]
Heap profiler: fix removed DOM wrappers reporting.
Aggregated snapshots: don't report unreachable objects.
Full snapshots: restore forcing GC prior to taking a snapshot.
I played with the repro page provided for the bug and found that GC
must be performed prior to taking a snapshot even if we only report
reachable objects. GC allows weak handles to finalize. Now heap
profiler produces aligned results for the repro page in both modes.
BUG=crbug/70434
TEST=none
Review URL: http://codereview.chromium.org/6410030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6598
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Thu, 3 Feb 2011 07:10:06 +0000 (07:10 +0000)]
Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8
directory to make it easy for embedders to reproduce the copyright
notice for binary redistribution.
Removed now obsolete strongtalk directory.
Review URL: http://codereview.chromium.org/6349067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6593
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Wed, 2 Feb 2011 17:44:29 +0000 (17:44 +0000)]
Better security checks when accessing named properties via Object.getOwnPropertyDescriptor.
Current approach returns undefined descriptor if caller is not granted v8::HAS_ACCESS.
If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS check is
performed and value property of the descriptor is set to undefined if caller doesn't
have proper access. For JS accessors both v8::GET_ACCESS and v8::SET_ACCESS are checked
and affect if getter and setter would be stored in the descriptor.
Review URL: http://codereview.chromium.org/6286020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6592
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 2 Feb 2011 16:02:11 +0000 (16:02 +0000)]
Prepare push to trunk. Now working on version 3.1.2.
Review URL: http://codereview.chromium.org/6312090
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6587
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 2 Feb 2011 15:08:29 +0000 (15:08 +0000)]
More of the fix for V8 issue 1079.
The arguments property of functions, if we find an optimized frame for
the function, is always a freshly allocated object. We never try to
find an existing arguments object.
Review URL: http://codereview.chromium.org/6349050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Wed, 2 Feb 2011 14:17:47 +0000 (14:17 +0000)]
Follow up to r6540: remove early return from C++ builtin as well.
Review URL: http://codereview.chromium.org/6347037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6580
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
erik.corry@gmail.com [Wed, 2 Feb 2011 14:14:55 +0000 (14:14 +0000)]
Fix code generation bug on ARM in classic codegen.
Review URL: http://codereview.chromium.org/6246045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 2 Feb 2011 14:08:30 +0000 (14:08 +0000)]
Fix x64 DEBUG build.
TBR=whesse@chromium
Review URL: http://codereview.chromium.org/6349049
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6578
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
lrn@chromium.org [Wed, 2 Feb 2011 14:02:58 +0000 (14:02 +0000)]
Fix bug in object literals with large array indexes as strings.
Review URL: http://codereview.chromium.org/6410028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
kmillikin@chromium.org [Wed, 2 Feb 2011 13:55:29 +0000 (13:55 +0000)]
Partial fix for V8 issue 1079.
Record a safepoint with a deoptimization id for throw in optimized code. We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw). For
hygiene we use the actual ID of the throw expression. Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit. This is required to insert a simulate between the throw and the exit.
Make our optimized treatment of Function.prototype.apply act like a call and
have side effects. This ensures that it will get a lazy deoptimization
environment. Use that deoptimization ID in the safepoint for the call.
Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction. Record the
environment and use the deoptimization ID at the safepoint.
Review URL: http://codereview.chromium.org/6250105
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Wed, 2 Feb 2011 13:32:18 +0000 (13:32 +0000)]
GDBJIT: emit .eh_frame section on x64.
This enables proper stack unwinding on x64.
Currently this requires V8 to be compiled without snapshot and --gdbjit-full to be enabled.
Original patch by Sanjoy Das (http://codereview.chromium.org/6371011/)
Review URL: http://codereview.chromium.org/6250104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6575
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Wed, 2 Feb 2011 13:31:52 +0000 (13:31 +0000)]
A MessageObject is a purely internal object to hold information about
an error message that needs to be generated and reported. This change
hides all of the error information from JavaScript code so user
callbacks cannot get hold of it.
Review URL: http://codereview.chromium.org/6368051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6574
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Wed, 2 Feb 2011 12:54:58 +0000 (12:54 +0000)]
Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5). These are not equal to sqrt(-0) and 1/sqrt(-0). Add tests for these cases. Fixes V8 issue 1088.
BUG=1088
TEST=test/mjsunit/math-pow.js
Review URL: http://codereview.chromium.org/6368050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
karlklose@chromium.org [Wed, 2 Feb 2011 11:58:24 +0000 (11:58 +0000)]
Extract platform independent part of RevertStackCheckCode.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6349046
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6572
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Wed, 2 Feb 2011 10:30:41 +0000 (10:30 +0000)]
ARM: Refactor duplicated floating point code in type recording binary operation stub.
Review URL: http://codereview.chromium.org/6334045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6570
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Wed, 2 Feb 2011 09:52:57 +0000 (09:52 +0000)]
Require typed input representation for HTypeof hydrogen instruction.
BUG=http://code.google.com/p/chromium/issues/detail?id=71647
TEST=test/mjsunit/regress/regress-71647.js
Review URL: http://codereview.chromium.org/6410025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6566
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Wed, 2 Feb 2011 09:40:09 +0000 (09:40 +0000)]
This fixes the issue with the deoptimizer trashing the reloc info before patching the code.
If we, immediately after the deoptimization, but before actually
running the patched code, get a compacting GC, the addresses from the
calls might no longer be valid.
I have validated that this works by patching the existing code to
always do a compacting gc after we finish deoptimizing. I will create
a real regression test for this, but this includes additional code for
allowing us to force a deopt/opt from javascript test code. I will
land this in a seperate change.
Review URL: http://codereview.chromium.org/6349043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6565
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ricow@chromium.org [Wed, 2 Feb 2011 08:14:06 +0000 (08:14 +0000)]
Revert revision 6555 as it causes win32 debug to fail.
Review URL: http://codereview.chromium.org/6349044
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6564
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Tue, 1 Feb 2011 20:47:53 +0000 (20:47 +0000)]
Switch from template functions overloading to partial template specialization.
This should fix compilation on old GCC.
Review URL: http://codereview.chromium.org/6350012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6563
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
peterhal@chromium.org [Tue, 1 Feb 2011 20:08:01 +0000 (20:08 +0000)]
Revert "Fix bugs 992 and 1083"
This reverts commit 6561 as the new assert caused failures in sputnik.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6562
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
peterhal@chromium.org [Tue, 1 Feb 2011 17:08:14 +0000 (17:08 +0000)]
Fix bugs 992 and 1083
Fixes JS portion of DefineOwnProperty when there is
an existing property and the new descriptor is generic.
Makes code follow spec steps more closely.
Fixes typo for check for unchanged enumerable in step 6.
Adds regression tests.
Fixes errors in object-define-property test
Don't normalize the JSGlobalProxy. Gets webkit http/tests/security/xss-DENIED-defineProperty.html working.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6561
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
sgjesse@chromium.org [Tue, 1 Feb 2011 16:38:25 +0000 (16:38 +0000)]
ARM: Add multiplication and modulus to the type recording binary operation stub.
For now the smi part only handles power of two right hand side operands.
Fixed a bug when loading floating point value into core registers with VFP supported.
Review URL: http://codereview.chromium.org/6312059
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6560
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Tue, 1 Feb 2011 16:20:04 +0000 (16:20 +0000)]
Fix Xcode project.
TBR=ager@chromium.org
Code review URL: http://codereview.chromium.org/6286016/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6559
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Tue, 1 Feb 2011 16:08:44 +0000 (16:08 +0000)]
Fix error message name.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6558
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
vegorov@chromium.org [Tue, 1 Feb 2011 14:33:23 +0000 (14:33 +0000)]
Fix control flow resolution bug in lithium register allocator.
Review URL: http://codereview.chromium.org/6312057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6556
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Tue, 1 Feb 2011 13:29:37 +0000 (13:29 +0000)]
Compare JSObjects by identity immediately.
When invoking EQUALS JS builtin, 1st argument is passed as a receiver and
if it's a global object, it gets overwritten with global proxy object and
thus one gets incorrect results.
BUG=v8::1082
Review URL: http://codereview.chromium.org/6287018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6555
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Tue, 1 Feb 2011 12:39:02 +0000 (12:39 +0000)]
Temporary disable comparison of optimizability of code objects in some cases.
With crankshaft, a code object can change its optimizability: it can start as
optimizable code object, but later we can find out it was a bad idea to
optimize it. Alas, currently we don't have a proper event to communicate
this back to logger. Hence we temporary allow a code object to be viewed
as optimizable judging from logs while being unoptimizable judging from
heap traversal.
Review URL: http://codereview.chromium.org/6250054
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6553
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
ager@chromium.org [Tue, 1 Feb 2011 12:31:16 +0000 (12:31 +0000)]
Avoid callbacks to user code during error formatting in a couple of
other situations.
Do not use overwritten Object.prototype.hasOwnProperty and
Array.prototype.pop. Do not use split and join in the error formatting
implementation. They are too big to control and their generality is
not needed.
Review URL: http://codereview.chromium.org/6287041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6552
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
karlklose@chromium.org [Tue, 1 Feb 2011 11:18:45 +0000 (11:18 +0000)]
Change OSR stack check patching to use the stack check table.
Change OSR stack check patching to use the stack check table to iterate over the calls to stack guards platform independent. Introduce Deoptimizer::PatchStackCheckAt for each platform to perform the platform specific patch at a given pc.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6392027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6551
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
mmaly@chromium.org [Mon, 31 Jan 2011 22:35:27 +0000 (22:35 +0000)]
Fix V8 bug 1084: allow "\0" in strict mode as valid escape sequence.
http://code.google.com/p/v8/issues/detail?id=1084
Code Review URL: http://codereview.chromium.org/6386014/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6550
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Mon, 31 Jan 2011 14:54:53 +0000 (14:54 +0000)]
ArraySplice builtin should return empty array and not alter receiver if invoked with no arguments.
Review URL: http://codereview.chromium.org/6357025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6540
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Mon, 31 Jan 2011 13:49:15 +0000 (13:49 +0000)]
Perform security checks before fetching the value in Object.getOwnPropertyDescriptor.
Review URL: http://codereview.chromium.org/6386022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6539
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
antonm@chromium.org [Mon, 31 Jan 2011 13:33:09 +0000 (13:33 +0000)]
Add entries for build products of OOM dump utility into .gitignore.
Review URL: http://codereview.chromium.org/6409008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6538
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Mon, 31 Jan 2011 12:37:19 +0000 (12:37 +0000)]
Fix typo in Changelog, date in version.cc.
Review URL: http://codereview.chromium.org/6287016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6535
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
fschneider@chromium.org [Mon, 31 Jan 2011 12:36:54 +0000 (12:36 +0000)]
Fix a bug in the placement of minus-zero checks and in GVN.
1. The placement of checks for negative zero has to be computed after
all conversion instructions have been inserted. I separated the code
into its own phase.
2. GVN need to take instruction flags into account when comparing
instructions for redundancy.
Review URL: http://codereview.chromium.org/6260035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6534
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
whesse@chromium.org [Mon, 31 Jan 2011 10:25:44 +0000 (10:25 +0000)]
Prepare push to trunk. Now working on version 3.1.1.
Review URL: http://codereview.chromium.org/6347035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6532
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
projects / platform / upstream / v8.git / log