R=ulan@chromium.org
BUG=v8:3229
LOG=N

Review URL: https://codereview.chromium.org/736003002

Cr-Commit-Position: refs/heads/master@{#25457}

BUG=chromium:432468
R=yangguo@chromium.org, adamk@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/739523002

Cr-Commit-Position: refs/heads/master@{#25423}

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/719403005

Cr-Commit-Position: refs/heads/master@{#25422}

Due to performance issue.
TBR=danno@chromium.org

Review URL: https://codereview.chromium.org/735323002

Cr-Commit-Position: refs/heads/master@{#25421}

First step towards replacing PropertyType with two enums: {DATA,ACCESSOR} x {CONST,WRITABLE}.

Review URL: https://codereview.chromium.org/733253004

Cr-Commit-Position: refs/heads/master@{#25417}

Code was vulnerable to different evaluation order in Clang.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/726693004

Cr-Commit-Position: refs/heads/master@{#25397}

This reverts commit d40204f8.

TBR=danno@chromium.org

Review URL: https://codereview.chromium.org/735653003

Cr-Commit-Position: refs/heads/master@{#25393}

We were deopting without learning anything.

BUG=v8:3417
LOG=N
R=danno@chromium.org

Review URL: https://codereview.chromium.org/368263003

Cr-Commit-Position: refs/heads/master@{#25392}

We add a new ScopeType, ScopeType.Script. The scope with
ScopeType.Script is always present in the scope chain (ScopeIterator
fakes it if neededi - i.e. if ScriptContext for a script has not been
allocated since that script has no lexical declarations).
ScriptScope reflects ScriptContextTable.

R=yurys@chromium.org,yangguo@chromium.org
BUG=v8:3690
LOG=N

Review URL: https://codereview.chromium.org/726643002

Cr-Commit-Position: refs/heads/master@{#25383}

R=yangguo@chromium.org, vsevik
LOG=Y

Committed: https://code.google.com/p/v8/source/detail?r=d5f5d38f73f43eba9658d91ffbe511af8c340d78

Review URL: https://codereview.chromium.org/710273002

Cr-Commit-Position: refs/heads/master@{#25380}

Review URL: https://codereview.chromium.org/707463002

Cr-Commit-Position: refs/heads/master@{#25367}

R=aandrey@chromium.org, rossberg@chromium.org, yurys@chromium.org
BUG=v8:3690
LOG=N

Review URL: https://codereview.chromium.org/732543002

Cr-Commit-Position: refs/heads/master@{#25358}

This allows serializing public symbols that are embedded in code.

BUG=v8:3689
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/722723002

Cr-Commit-Position: refs/heads/master@{#25315}

R=rossberg@chromium.org
BUG=v8:3096
LOG=Y

Review URL: https://codereview.chromium.org/717123002

Cr-Commit-Position: refs/heads/master@{#25297}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25297 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

1. Global{Context,Scope}=>Script{Context,Scope}
2. Enable fixed tests
3. Update comments

R=rossberg@chromium.org
BUG=v8:2198
LOG=N

Review URL: https://codereview.chromium.org/716833002

Cr-Commit-Position: refs/heads/master@{#25291}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25291 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=aandrey@chromium.org
BUG=chromium:109362
LOG=Y

Review URL: https://codereview.chromium.org/701093003

Cr-Commit-Position: refs/heads/master@{#25289}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/713223002

Cr-Commit-Position: refs/heads/master@{#25276}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25276 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This is currently done by generating a default constructor that looks
like this:

  constructor() {
    %DefaultConstructorSuperCall();
  }

The a runtime function implements the logic which is pretty similar to
Runtime_Apply except that it uses the [[Prototype]] of the current
function.

This is the second try. The first failed because the test was using a
array that was too large for Function.prototype.apply.

Revert "Revert "Classes: Add support for arguments in default constructor""

This reverts commit 43aa7e541df56a132608b8b4217e9da84575e4f8.

BUG=v8:3672
LOG=Y
TBR=dslomov@chromium.org

Review URL: https://codereview.chromium.org/716853003

Cr-Commit-Position: refs/heads/master@{#25272}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25272 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This only available under --harmony-classes

BUG=v8:3571
LOG=Y
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/718473002

Cr-Commit-Position: refs/heads/master@{#25271}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25271 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit 3f4ea6c91a962a04407c79f08e5c86ce9ff2911a.

Broke tests on Mac64

http://build.chromium.org/p/client.v8/builders/V8%20Mac64/builds/923/steps/Check/logs/classes

BUG=v8:3672
TBR=dslomov@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/712333003

Cr-Commit-Position: refs/heads/master@{#25269}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This is currently done by generating a default constructor that looks
like this:

  constructor() {
    %DefaultConstructorSuperCall();
  }

The a runtime function implements the logic which is pretty similar to
Runtime_Apply except that it uses the [[Prototype]] of the current
function.

BUG=v8:3672
LOG=Y
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/692333011

Cr-Commit-Position: refs/heads/master@{#25268}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This relands commit ea74f0f8.

The revert was due to failures in cctest/test-heap/ReleaseOverReservedPages,
caused by apparent changes to memory layout and fragmentation of the
first page. Eliminating a situation in messages.js where this CL has had
an effect on map transitions seems to solve the issue.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/714883003

Cr-Commit-Position: refs/heads/master@{#25266}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/711313002

Cr-Commit-Position: refs/heads/master@{#25258}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25258 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=yangguo@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/712083002

Cr-Commit-Position: refs/heads/master@{#25257}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

MapCache simplification. It is now a FixedArray that maps number of properties to a WeakCell with a Map.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/712943002

Cr-Commit-Position: refs/heads/master@{#25253}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25253 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Revert "Fixes for Windows and Mac builds after r25250."
TBR=ishell@chromium.org

Review URL: https://codereview.chromium.org/699613004

Cr-Commit-Position: refs/heads/master@{#25252}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This CL introduces LayoutDescriptor which is responsible for tracking which in-object fields are tagged and which are not.
LayoutDescriptor field added to Map. Currently unboxing is disabled.

R=hpayer@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/391693002

Cr-Commit-Position: refs/heads/master@{#25250}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit e1f23eab4255d63344011dfb885b8e8962cb60e2.

Broke cctest/test-heap/ReleaseOverReservedPages on a bunch of builders

http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/928/steps/Check/logs/ReleaseOverReservedPa..

BUG=None
LOG=N
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/709123002

Cr-Commit-Position: refs/heads/master@{#25224}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Introduce two new function kind, one for default constructor and one
for default constructor call super. Then when we are about to pares
these we just generate the correct AST in source.

BUG=v8:3661, v8:3672
LOG=Y
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/700523003

Cr-Commit-Position: refs/heads/master@{#25222}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

(1) When we have just normalized and re-fastified a map, we don't need to copy it again to set the is_prototype bit.
(2) When defining accessors causes a non-prototype object to go slow, don't force re-fastification.

BUG=v8:3267
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/706243002

Cr-Commit-Position: refs/heads/master@{#25221}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25221 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This implements correct semantics for "extensible" top level lexical scope.
The entire lexical scope is represented at runtime by GlobalContextTable, reachable from native context and accumulating global contexts from every script loaded into the context.

When the new script starts executing, it does the following validation:
- checks the GlobalContextTable and global object (non-configurable own) properties against the set of declarations it introduces and reports potential conflicts.
- invalidates the conflicting PropertyCells on global object, so that any code depending on them will miss/deopt causing any contextual lookups to be reexecuted under the new bindings
- adds the lexical bindings it introduces to the GlobalContextTable

Loads and stores for contextual lookups are modified so that they check the GlobalContextTable before looking up properties on global object, thus implementing the shadowing of global object properties by lexical declarations.

R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/705663004

Cr-Commit-Position: refs/heads/master@{#25220}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/694533003

Cr-Commit-Position: refs/heads/master@{#25219}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Shave this yak from orbit, it's the only way to be sure.

BUG=chromium:427616
LOG=n
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/700963002

Cr-Commit-Position: refs/heads/master@{#25148}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25148 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit r25142.

TBR=ishell@chromium.org

Review URL: https://codereview.chromium.org/702853002

Cr-Commit-Position: refs/heads/master@{#25145}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/703603003

Cr-Commit-Position: refs/heads/master@{#25142}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=aandrey@chromium.org
BUG=chromium:267592
LOG=Y

Review URL: https://codereview.chromium.org/690263004

Cr-Commit-Position: refs/heads/master@{#25130}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This also naturally handles pausing on uncaught exceptions in Object.observe callbacks.

R=adamk@chromium.org, yangguo@chromium.org, yurys@chromium.org
BUG=chromium:335660
LOG=Y

Review URL: https://codereview.chromium.org/692313003

Cr-Commit-Position: refs/heads/master@{#25126}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This is to show values preview of an iterator in DevTools console.

API=v8::Value::IsMapIterator, v8::Value::IsSetIterator
BUG=chromium:427868
R=arv@chromium.org, yangguo@chromium.org, adamk@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/693813002

Cr-Commit-Position: refs/heads/master@{#25100}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25100 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Not clearing can lead to a crash under following conditions:
1. Backing store of a weak map is allocated in large object space.
2. The backing store is marked incrementaly via the weak map.
3. The weak map is updated and gets a new backing store.
4. The store buffer overflows and marks the chunk of the old backing store as
"scan on scavenge."
5. Mark-compact collection kills some elements of the weak map. Note that the
old backing store survives because it was marked incrementally, but its dead
elements are not cleared.
6. Scavenger iterates over the old backing store, tries to move a dead object
and crashes.

BUG=v8:3631
LOG=N
TEST=cctest/test-heap/Regress3631
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/686783003

Cr-Commit-Position: refs/heads/master@{#25032}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The HeapIterator implies DisallowHeapAllocation, but Script::GetWrapper
may allocate.

LOG=N
R=jkummerow@chromium.org
BUG=chromium:410033

Review URL: https://codereview.chromium.org/680283002

Cr-Commit-Position: refs/heads/master@{#25001}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00