- 03 Feb, 2011 14 commits
-
-
whesse@chromium.org authored
Review URL: http://codereview.chromium.org/6312120 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6621 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
ager@chromium.org authored
Review URL: http://codereview.chromium.org/6410058 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
ricow@chromium.org authored
In addition to the regression test I changed the gc-extension to take a boolean flag specifying if compaction should be used (default is false, existing tests will not change behaviour) The regression test is disabled on arm and x64 with crankshaft enabled. I made a bug to track this: http://code.google.com/p/v8/issues/detail?id=1094 Review URL: http://codereview.chromium.org/6312118 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
antonm@chromium.org authored
It made value of allowed_access_type[v8::ACCESS_KEYS] be a wild value. On most of platforms it was 0 and tests passed. But on ARM (and on ia32 if you alter test a bit) it could become true and hence allow enumeration of properties. Review URL: http://codereview.chromium.org/6334089 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
whesse@chromium.org authored
Review URL: http://codereview.chromium.org/6312119 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
kmillikin@chromium.org authored
Each context in the context chain has a corresponding hydrogen value. The context values are used for global object lookup and context slot lookup. Add simple (non-compound) assignment to context slots. Review URL: http://codereview.chromium.org/6390003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
danno@chromium.org authored
Review URL: http://codereview.chromium.org/6287030 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
whesse@chromium.org authored
Review URL: http://codereview.chromium.org/6334086 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
antonm@chromium.org authored
We need to go down to actual global object to perform those operations. Review URL: http://codereview.chromium.org/6246054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
kmillikin@chromium.org authored
Rewrite the lazy deopt patching code on IA32 to use addresses throughout, rather than offsets and a base address. Also, rename a couple of ambiguous Code fields from _start to _offset. Review URL: http://codereview.chromium.org/6334083 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
fschneider@chromium.org authored
Review URL: http://codereview.chromium.org/6368074 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6610 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
sgjesse@chromium.org authored
BUG=none TEST=none Patch by Rodolph Perfetta from ARM Ltd. Review URL: http://codereview.chromium.org/6248004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
mikhail.naganov@gmail.com authored
Aggregated snapshots: don't report unreachable objects. Full snapshots: restore forcing GC prior to taking a snapshot. I played with the repro page provided for the bug and found that GC must be performed prior to taking a snapshot even if we only report reachable objects. GC allows weak handles to finalize. Now heap profiler produces aligned results for the repro page in both modes. BUG=crbug/70434 TEST=none Review URL: http://codereview.chromium.org/6410030 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6598 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
ager@chromium.org authored
directory to make it easy for embedders to reproduce the copyright notice for binary redistribution. Removed now obsolete strongtalk directory. Review URL: http://codereview.chromium.org/6349067 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6593 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 02 Feb, 2011 16 commits
-
-
antonm@chromium.org authored
Current approach returns undefined descriptor if caller is not granted v8::HAS_ACCESS. If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS check is performed and value property of the descriptor is set to undefined if caller doesn't have proper access. For JS accessors both v8::GET_ACCESS and v8::SET_ACCESS are checked and affect if getter and setter would be stored in the descriptor. Review URL: http://codereview.chromium.org/6286020 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
kmillikin@chromium.org authored
Review URL: http://codereview.chromium.org/6312090 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
kmillikin@chromium.org authored
The arguments property of functions, if we find an optimized frame for the function, is always a freshly allocated object. We never try to find an existing arguments object. Review URL: http://codereview.chromium.org/6349050 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
antonm@chromium.org authored
Review URL: http://codereview.chromium.org/6347037 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
erik.corry@gmail.com authored
Review URL: http://codereview.chromium.org/6246045 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
kmillikin@chromium.org authored
TBR=whesse@chromium Review URL: http://codereview.chromium.org/6349049 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
lrn@chromium.org authored
Review URL: http://codereview.chromium.org/6410028 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
kmillikin@chromium.org authored
Record a safepoint with a deoptimization id for throw in optimized code. We don't seem to much care what the AST ID is because we will not be using it for lazy deoptimization (throw doesn't return to the point of throw). For hygiene we use the actual ID of the throw expression. Throw is no longer a control-flow instruction, but it's followed by an unconditional abnormal exit. This is required to insert a simulate between the throw and the exit. Make our optimized treatment of Function.prototype.apply act like a call and have side effects. This ensures that it will get a lazy deoptimization environment. Use that deoptimization ID in the safepoint for the call. Deleting a property was also missing a deoptimization ID, though there was a deoptimization environment assigned to the instruction. Record the environment and use the deoptimization ID at the safepoint. Review URL: http://codereview.chromium.org/6250105 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
vegorov@chromium.org authored
This enables proper stack unwinding on x64. Currently this requires V8 to be compiled without snapshot and --gdbjit-full to be enabled. Original patch by Sanjoy Das (http://codereview.chromium.org/6371011/) Review URL: http://codereview.chromium.org/6250104 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
ager@chromium.org authored
an error message that needs to be generated and reported. This change hides all of the error information from JavaScript code so user callbacks cannot get hold of it. Review URL: http://codereview.chromium.org/6368051 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
whesse@chromium.org authored
Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5). These are not equal to sqrt(-0) and 1/sqrt(-0). Add tests for these cases. Fixes V8 issue 1088. BUG=1088 TEST=test/mjsunit/math-pow.js Review URL: http://codereview.chromium.org/6368050 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
karlklose@chromium.org authored
BUG=none TEST=none Review URL: http://codereview.chromium.org/6349046 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
sgjesse@chromium.org authored
Review URL: http://codereview.chromium.org/6334045 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
vegorov@chromium.org authored
BUG=http://code.google.com/p/chromium/issues/detail?id=71647 TEST=test/mjsunit/regress/regress-71647.js Review URL: http://codereview.chromium.org/6410025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
ricow@chromium.org authored
If we, immediately after the deoptimization, but before actually running the patched code, get a compacting GC, the addresses from the calls might no longer be valid. I have validated that this works by patching the existing code to always do a compacting gc after we finish deoptimizing. I will create a real regression test for this, but this includes additional code for allowing us to force a deopt/opt from javascript test code. I will land this in a seperate change. Review URL: http://codereview.chromium.org/6349043 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6565 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
ricow@chromium.org authored
Review URL: http://codereview.chromium.org/6349044 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 01 Feb, 2011 10 commits
-
-
vegorov@chromium.org authored
This should fix compilation on old GCC. Review URL: http://codereview.chromium.org/6350012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6563 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
peterhal@chromium.org authored
This reverts commit 6561 as the new assert caused failures in sputnik. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
peterhal@chromium.org authored
Fixes JS portion of DefineOwnProperty when there is an existing property and the new descriptor is generic. Makes code follow spec steps more closely. Fixes typo for check for unchanged enumerable in step 6. Adds regression tests. Fixes errors in object-define-property test Don't normalize the JSGlobalProxy. Gets webkit http/tests/security/xss-DENIED-defineProperty.html working. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
sgjesse@chromium.org authored
For now the smi part only handles power of two right hand side operands. Fixed a bug when loading floating point value into core registers with VFP supported. Review URL: http://codereview.chromium.org/6312059 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
mmaly@chromium.org authored
TBR=ager@chromium.org Code review URL: http://codereview.chromium.org/6286016/ git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6559 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
mmaly@chromium.org authored
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
vegorov@chromium.org authored
Review URL: http://codereview.chromium.org/6312057 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
antonm@chromium.org authored
When invoking EQUALS JS builtin, 1st argument is passed as a receiver and if it's a global object, it gets overwritten with global proxy object and thus one gets incorrect results. BUG=v8::1082 Review URL: http://codereview.chromium.org/6287018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
antonm@chromium.org authored
With crankshaft, a code object can change its optimizability: it can start as optimizable code object, but later we can find out it was a bad idea to optimize it. Alas, currently we don't have a proper event to communicate this back to logger. Hence we temporary allow a code object to be viewed as optimizable judging from logs while being unoptimizable judging from heap traversal. Review URL: http://codereview.chromium.org/6250054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
ager@chromium.org authored
other situations. Do not use overwritten Object.prototype.hasOwnProperty and Array.prototype.pop. Do not use split and join in the error formatting implementation. They are too big to control and their generality is not needed. Review URL: http://codereview.chromium.org/6287041 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6552 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-