Review URL: http://codereview.chromium.org/264033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3049 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/267049


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3046 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/243036


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3044 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/266014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

And fix bug in debug-mode of 32-bit smi.

Review URL: http://codereview.chromium.org/261024


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3039 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/251100

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3038 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/196139


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

When starting JS profiling under Chromium, a map from function addresses to function names is created. During it, for sourceful scripts, an attempt to access script source is made. This can cause a crash, if a source is an external string, which already has been disposed. We had a similar problem in the past with DebugGetLoadedScripts.

BUG=http://crbug.com/23768
TEST=test-log/Issue23768

Review URL: http://codereview.chromium.org/269003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

it is a strange API and unused anyway.

When we roll this to Chrome, we'll need a small chrome patch
to fix Chrome's usage of the API.

Review URL: http://codereview.chromium.org/257035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Recommit coderanges putting code objects within a 2 GB range, reserving only a 256 MB range of virtual memory for the code range.
Review URL: http://codereview.chromium.org/243087

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3018 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/251088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/256048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/256041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3015 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/260002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3013 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/246077


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3012 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

even if we are attempting to allocate in young space.  There were a few cases
where this wasn't done.  Also misc. changes to make diagnosis of errors like
this one easier.
Review URL: http://codereview.chromium.org/251072

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3010 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

used to allow these for compatibility, but both Safari and Firefox now
disallow them.
Review URL: http://codereview.chromium.org/242124

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3009 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Revert change r3004, issue http://codereview.chromium.org/244022, because Linux 64-bit Chrome crashes with more than 10 tabs.  Linux may not like 10 processes, each reserving 2 GB of virtual address space.
Review URL: http://codereview.chromium.org/246064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/242074

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/244022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3004 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

1. Change the AST node type CallNew to be a subclass of Expression
   rather than Call.  It's not really a call but it just happens to
   have the same fields.

2. Change our error reporting for invalid left-hand sides in for-in
   statements, pre- and postfix count expressions, and assignments.
   Before we signaled a syntax error at compile time *unless* the LHS
   was a function call or 'new' expression, in which case we signaled
   a reference error at runtime.  Now we signal a reference error at
   runtime in all cases.  This matches the JSC behavior in Safari 4.

Review URL: http://codereview.chromium.org/249039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

After fast-case assignment to a pixel array the original value assigned is now returned. Before the un-tagged smi value was returned causing crashes.

BUG=22913
TEST=cctest/test-api/PixelArray
Review URL: http://codereview.chromium.org/248033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2985 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

* Rename some instance variables and accessors to fit code style.
* Don't overwrite existing thread ID.
Review URL: http://codereview.chromium.org/251014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/242031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Also perform some refactoring.

Review URL: http://codereview.chromium.org/247001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/242003


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2968 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Also, perform some refactoring to reuse common code between constructor and retainer profiles.

Review URL: http://codereview.chromium.org/209028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=christian.plesner.hansen
Review URL: http://codereview.chromium.org/213005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2914 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The profile is taken together with constructors profile. In theory, it
should represent a complete heap graph. However, this takes a lot of memory,
so it is reduced to a more compact, but still useful form. Namely:

 - objects are aggregated by their constructors, except for Array and Object
   instances, that are too hetereogeneous;

 - for Arrays and Objects, initially every instance is concerned, but then
   they are grouped together based on their retainer graph paths similarity (e.g.
   if two objects has the same retainer, they are considered equal);

Review URL: http://codereview.chromium.org/200132

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

In the Runtime_DebugGetPropertyDetails the raw object pointers from a LookupResult could be used after a GC might have happened. Fixed the bug and restructured the code to make it less likely for changes to the code to re-introduce the bug.

Skipped a long running test from the ARM simulator in debug mode (and renamed the test).
Review URL: http://codereview.chromium.org/204039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/195101

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The construction of arrays when using the the Array function either as a constructor or a normal function is now handled fully in generated code in most cases. Only when Array is called with one argument which is either negative or abowe JSObject::kInitialMaxFastElementArray (which is currently 1000) or if the allocated object cannot fit in the room left in new space is the runtime system entered.

Two new native code built-in functions are added one for normal invocation and one for the construct call. The existing C++ builtin is renamed, but kept. When the normal invocation cannot be handled in generated code the C++ builtin is called. When the construct invocation cannot be handled in native code the generic construct stub is called (which will end up in the C++ builtin through a construct trampoline).

One thing that might be changed is preserving esi (constructor function) during the handling of a construct call. We know precisily what function we where calling anyway and can just reload it. This could remove the parameter construct_call to ArrayNativeCode and remove the handling of this from that function.

The X64 and ARM implementations are not part of this changelist.
Review URL: http://codereview.chromium.org/193125

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/200141


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2897 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/206014


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/196121


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/193112


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/201114


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

visibility=[hidden|default], that controls visibility and make
'hidden' the default.  Export a few variables that had been forgotten.

Review URL: http://codereview.chromium.org/206011


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The main piece of this change was to add support for break on return for ARM. On ARM the normal js function return consist of the following code sequence.

  mov sp, fp
  ldmia sp!, {fp, lr}
  add sp, sp, #4
  bx lr

to a call to the debug break return entry code using the following code sequence

  mov lr, pc
  ldr pc, [pc, #-4]
  <debug break return entry code entry point address>
  bktp 0

The values of Assembler::kPatchReturnSequenceLength and Assembler::kPatchReturnSequenceLength are somewhat misleading, but they fit the current use in the debugger. Also Assembler::kPatchReturnSequenceLength is used in the IC code as well (for something which is not related to return sequences at all). I will change that in a separate changelist.

For the debugger to work also added recording of the return sequence in the relocation info and handling of source position recording when a function ends with a return statement.

Used the constant kInstrSize instead of sizeof(Instr).

Passes all debugger tests on both simulator and hardware (only release mode tested on hardware).
Review URL: http://codereview.chromium.org/199075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00