Current approach returns undefined descriptor if caller is not granted v8::HAS_ACCESS.
If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS check is
performed and value property of the descriptor is set to undefined if caller doesn't
have proper access.  For JS accessors both v8::GET_ACCESS and v8::SET_ACCESS are checked
and affect if getter and setter would be stored in the descriptor.

Review URL: http://codereview.chromium.org/6286020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6312090

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The arguments property of functions, if we find an optimized frame for
the function, is always a freshly allocated object.  We never try to
find an existing arguments object.

Review URL: http://codereview.chromium.org/6349050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6347037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6246045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=whesse@chromium

Review URL: http://codereview.chromium.org/6349049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6410028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Record a safepoint with a deoptimization id for throw in optimized code.  We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw).  For
hygiene we use the actual ID of the throw expression.  Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit.  This is required to insert a simulate between the throw and the exit.

Make our optimized treatment of Function.prototype.apply act like a call and
have side effects.  This ensures that it will get a lazy deoptimization
environment.  Use that deoptimization ID in the safepoint for the call.

Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction.  Record the
environment and use the deoptimization ID at the safepoint.

Review URL: http://codereview.chromium.org/6250105

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This enables proper stack unwinding on x64.

Currently this requires V8 to be compiled without snapshot and --gdbjit-full to be enabled.

Original patch by Sanjoy Das (http://codereview.chromium.org/6371011/)

Review URL: http://codereview.chromium.org/6250104

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6575 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

an error message that needs to be generated and reported. This change
hides all of the error information from JavaScript code so user
callbacks cannot get hold of it.

Review URL: http://codereview.chromium.org/6368051

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix Math.pow(-0, 0.5) and Math.pow(-0, -0.5).  These are not equal to sqrt(-0) and 1/sqrt(-0).  Add tests for these cases.  Fixes V8 issue 1088.
BUG=1088
TEST=test/mjsunit/math-pow.js

Review URL: http://codereview.chromium.org/6368050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6349046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6334045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=http://code.google.com/p/chromium/issues/detail?id=71647
TEST=test/mjsunit/regress/regress-71647.js

Review URL: http://codereview.chromium.org/6410025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

If we, immediately after the deoptimization, but before actually
running the patched code, get a compacting GC, the addresses from the
calls might no longer be valid.

I have validated that this works by patching the existing code to
always do a compacting gc after we finish deoptimizing. I will create
a real regression test for this, but this includes additional code for
allowing us to force a deopt/opt from javascript test code. I will
land this in a seperate change.


Review URL: http://codereview.chromium.org/6349043

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6565 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6349044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This should fix compilation on old GCC.

Review URL: http://codereview.chromium.org/6350012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6563 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit 6561 as the new assert caused failures in sputnik.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6562 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fixes JS portion of DefineOwnProperty when there is
an existing property and the new descriptor is generic.

Makes code follow spec steps more closely.

Fixes typo for check for unchanged enumerable in step 6.

Adds regression tests.
Fixes errors in object-define-property test

Don't normalize the JSGlobalProxy. Gets webkit http/tests/security/xss-DENIED-defineProperty.html working.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

For now the smi part only handles power of two right hand side operands.

Fixed a bug when loading floating point value into core registers with VFP supported.
Review URL: http://codereview.chromium.org/6312059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=ager@chromium.org
Code review URL: http://codereview.chromium.org/6286016/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6559 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6558 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6312057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

When invoking EQUALS JS builtin, 1st argument is passed as a receiver and
if it's a global object, it gets overwritten with global proxy object and
thus one gets incorrect results.

BUG=v8::1082

Review URL: http://codereview.chromium.org/6287018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

With crankshaft, a code object can change its optimizability: it can start as
optimizable code object, but later we can find out it was a bad idea to
optimize it.  Alas, currently we don't have a proper event to communicate
this back to logger.  Hence we temporary allow a code object to be viewed
as optimizable judging from logs while being unoptimizable judging from
heap traversal.

Review URL: http://codereview.chromium.org/6250054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

other situations.

Do not use overwritten Object.prototype.hasOwnProperty and
Array.prototype.pop. Do not use split and join in the error formatting
implementation. They are too big to control and their generality is
not needed.

Review URL: http://codereview.chromium.org/6287041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6552 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Change OSR stack check patching to use the stack check table to iterate over the calls to stack guards platform independent. Introduce Deoptimizer::PatchStackCheckAt for each platform to perform the platform specific patch at a given pc.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6392027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6551 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

http://code.google.com/p/v8/issues/detail?id=1084

Code Review URL: http://codereview.chromium.org/6386014/

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6357025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6386022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6409008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6287016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

1. The placement of checks for negative zero has to be computed after
all conversion instructions have been inserted. I separated the code
into its own phase.

2. GVN need to take instruction flags into account when comparing
instructions for redundancy.

Review URL: http://codereview.chromium.org/6260035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6347035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Adds vabs instruction to simulator, assembler, disassembler and tests.

BUG=none
TEST=Added to cctest.

Review URL: http://codereview.chromium.org/6366016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6332022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6255017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This change caused failures in (out of bounds) keyed loads of strings.

TBR'd.

Review URL: http://codereview.chromium.org/6298019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This stub is used for increment/decrement operations and unary plus.
The resulting code is more compact and faster than calling a JS builtin.


Review URL: http://codereview.chromium.org/6350021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/6323002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6526 ce2b1a6d-e550-0410-aec6-3dcde31c8c00