This patch changes the signature of the v8::HeapGraphNode::GetRetainedSize method, but it's not used in Chromium, and it should be easy for other clients (if any) to adjust to this change.

BUG=none
TEST=none

Review URL: https://chromiumcodereview.appspot.com/9466014
Patch from Alexei Filippov <alexeif@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10846 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Additionally force increment instruction to use int32 representation.

R=fschneider@google.com
BUG=http://crbug.com/115646
TEST=test/mjsunit/compiler/optimized-for-in.js

Review URL: https://chromiumcodereview.appspot.com/9463052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:1853

Review URL: https://chromiumcodereview.appspot.com/9460059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=rossberg@chromium.org
TEST=test262/S15.10.2.11_A1_T?

Review URL: https://chromiumcodereview.appspot.com/9466010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Baseline: http://codereview.chromium.org/9401008/

R=lrn@chromium.org,mstarzinger@chromium.org
BUG=v8:1957
TEST=mjsunit/harmony/module-parsing

Review URL: https://chromiumcodereview.appspot.com/9422001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

As of dominators and retained sizes calculation take quite small time now
comparing to the main passes, it is worth to exclude these from progress
indicator. Now the indicator smoothly runs to 100%, while previously
it ran to 50% and then instantly jumped to 100%.

BUG=none
TEST=none

Review URL: https://chromiumcodereview.appspot.com/9465010
Patch from Alexei Filippov <alexeif@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This allows elements of the non-strict arguments object to be redefined
with custom attributes and still maintain an alias into the context.
Such a slow alias is maintained by placing a special marker into the
dictionary backing store of the arguments object.

R=rossberg@chromium.org
BUG=v8:1772
TEST=test262,mjsunit/object-define-property

Review URL: https://chromiumcodereview.appspot.com/9460004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This fixes Object.getOwnPropertyDescriptor to report string character
elements as enumerable in accordance with the spec.

BUG=v8:862
TEST=mjsunit/get-own-property-descriptor

Review URL: https://chromiumcodereview.appspot.com/9447053
Patch from Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10822 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9466003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9455015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

a previous change decreased the size of a zone object and it seems
that sometimes the OS report more memory used even though there
is less zone allocation.
Review URL: https://chromiumcodereview.appspot.com/9443019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=vegorov@chromium.org
BUG=v8:1322

Review URL: https://chromiumcodereview.appspot.com/9453012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:1969
TEST=regress/regress-1969

Review URL: https://chromiumcodereview.appspot.com/9455011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10812 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=fschneider@chromium.org,vegorov@chromium.org
BUG=v8:1322
TEST=mjsunit/compiler/inline-literals

Review URL: https://chromiumcodereview.appspot.com/9453007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Split executable memory chunks into two pieces: header with all metadata (protection: RW) and body (protection: RWX). Separate header from metadata with a guard page and add a guard page after the page body.

R=erik.corry@gmail.com
BUG=http://crbug.com/115151

Review URL: https://chromiumcodereview.appspot.com/9452002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10809 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This refactors the way we (re)define elements to perform normalization
and attribute updating at a much deeper level, thereby removing some
bogus special cases in upper runtime layers.

Most element setters take an indicator flag that distinguishes between
setting and defining. Setting of an element causes attributes to remain
unchanged, writability to be checked and callbacks to be called.
Defining of an element causes attributes to be updated and callbacks to
be overridden. The same approach could be taken for properties.

R=svenpanne@chromium.org
BUG=v8:1772
TEST=test262,test262/15.2.3.6-4-333-11

Review URL: https://chromiumcodereview.appspot.com/9443014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Modify PreProcessOsrEntry to work with OSR entries that have non-empty expression stack.

Modify graph builder to take for-in state from environment instead of directly referencing emitted instructions.

Extend %OptimizeFunctionOnNextCall with an argument to force OSR to make writing OSR tests easier: %OptimizeFunctionOnNextCall(f, "osr").

R=fschneider@chromium.org
TEST=test/mjsunit/compiler/optimized-for-in.js

Review URL: https://chromiumcodereview.appspot.com/9431030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Only JSObject enumerables with enum cache (fast case properties, no interceptors, no enumerable properties on the prototype) are supported.

HLoadKeyedGeneric with keys produced by for-in enumeration are recognized and rewritten into direct property load by index. For this enum-cache was extended to store property indices in a separate array (see handles.cc).

New hydrogen instructions:

- HForInPrepareMap: checks for-in fast case preconditions and returns map that contains enum-cache;
- HForInCacheArray: extracts enum-cache array from the map;
- HCheckMapValue: map check with HValue map instead of immediate;
- HLoadFieldByIndex: load fast property by it's index, positive indexes denote in-object properties, negative - out of object properties;

Changed hydrogen instructions:

- HLoadKeyedFastElement: added hole check suppression for loads from internal FixedArrays that are knows to have no holes inside.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9425045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: https://chromiumcodereview.appspot.com/9416092

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

when Object.isExtensible(o) === false

Added corresponding tests

ES5 description: http://es5.github.com/#x11.13.1

Related issue: http://code.google.com/p/v8/issues/detail?id=1901

Contributed by ioseb.dzmanashvili@gmail.com

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9429002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This makes LFunctionLiteral safe even when it is used from inside inlined function.

All other architectures were implementing LFunctionLiteral correctly.

R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-inlining-function-literal-context.js

Review URL: https://chromiumcodereview.appspot.com/9425061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=yangguo@chromium.org
TEST=cctest/test-regexp/CharacterClassEscapes

Review URL: https://chromiumcodereview.appspot.com/9425050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10771 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=rossberg@chromium.org
TEST=test262/S15.10.2.12_A?_T1,mjsunit/regexp

Review URL: https://chromiumcodereview.appspot.com/9426032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10770 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

A GC in the access check callbacks NamedSecurityCallback and IndexedSecurityCallback
violates the contract about these callbacks.

Added a EXTERNAL VMState scope around the call to FailedAccessCheckCallback to be
consistent with the other callback invocations.

BUG=v8:1952
TEST=cctest/test-api/TurnOnAccessCheckAndRecompile
Review URL: https://chromiumcodereview.appspot.com/9425048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9421036


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Module definitions are not compiled or otherwise executed yet.
Toplevel module identifiers are bound but never initialized.

R=kmillikin@chromium.org,mstarzinger@google.com
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9401008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

* Turned all uses of 'const' into 'var'.
* Turned all uses of local 'function' into 'var'.
* Added a couple of missing toplevel 'var' declarations.

One consequence is that the properties on the builtin object  are no longer
non-writable, and I had to adapt one test. Is that a problem?

Unfortunately, we cannot actually switch the library scripts to strict mode
by default, because that makes observable things like poisoned .caller properties
for library functions.

Also removed dead flag code in Compiler::Compile.

R=yangguo@chromium.org
BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9415010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: https://chromiumcodereview.appspot.com/9372021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=rossberg@chromium.org
TEST=mozilla,sputnik

Review URL: https://chromiumcodereview.appspot.com/9421031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=rossberg@chromium.org
TEST=test262/S15.5.4.14_A?_T?

Review URL: https://chromiumcodereview.appspot.com/9355005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=rossberg@chromium.org
TEST=test262

Review URL: https://chromiumcodereview.appspot.com/9415046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10740 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=rossberg@chromium.org
BUG=v8:1790
TEST=mjsunit/regress/regress-1790,test262/15.4.4.22-9-9

Review URL: https://chromiumcodereview.appspot.com/9419044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This extends the current support for nested object literals we already
have in Crankshaft, to also support nested array literals and mixed
nested literals containing arrays and objects. All three types are
generated by the unified HFastLiteral instruction.

All previous upper bounds on nested literal graphs remain unchanged,
keeping the size of generated code in check.

The main intention is to boost performance of two-dimensional array
literals containing constant elements (aka. matrices).

R=danno@chromium.org
TEST=mjsunit/compiler/literals-optimized

Review URL: https://chromiumcodereview.appspot.com/9403018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=fschneider@chromium.org
BUG=v8:1322

Review URL: https://chromiumcodereview.appspot.com/9417013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Ensure that GVN eliminates all transitions that are dominated by an equivalent transition, even if there is a DependsOn-changing instruction in between.

R=fschneider@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9365057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10731 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:1952
Review URL: https://chromiumcodereview.appspot.com/9414006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=fschneider@chromium.org
BUG=v8:1322
TEST=mjsunit/compiler/inline-literals

Review URL: https://chromiumcodereview.appspot.com/9419005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10721 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=v8:1945
TEST=regress-1945.js

Review URL: https://chromiumcodereview.appspot.com/9418005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9417002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Previous behavior diverged in ICs and Crankshaft. When storing to a Float32Array or Float64Array, the ICs treated undefined as zero while Crankshaft treated it as NaN. Now both ICs and Crankshaft treat it as NaN, which is consistent with the WebGL & ECMAScript spec.

R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9402008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10714 ce2b1a6d-e550-0410-aec6-3dcde31c8c00