Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Version 3.18.5

Allowed setting debugger breakpoints on CompareNilICs (issue 2660)

Fixed beyond-heap load on x64 Crankshafted StringCharFromCode (Chromium issue 235311)

Change 'Parse error' to three more informative messages. (Chromium issue 2636)

Performance and stability improvements on all platforms.

git-svn-id: https://v8.googlecode.com/svn/trunk@14498 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
  • Loading branch information...
commit 8f4d565137db4679e3db7d35e67306bfd7db49e9 1 parent 3659d8b
authored April 30, 2013

Showing 98 changed files with 3,503 additions and 999 deletions. Show diff stats Hide diff stats

  1. 13  ChangeLog
  2. 238  include/v8.h
  3. 158  src/api.cc
  4. 52  src/api.h
  5. 21  src/arguments.h
  6. 1  src/arm/code-stubs-arm.cc
  7. 9  src/arm/debug-arm.cc
  8. 27  src/arm/lithium-arm.cc
  9. 6  src/arm/lithium-arm.h
  10. 120  src/arm/lithium-codegen-arm.cc
  11. 2  src/arm/lithium-codegen-arm.h
  12. 12  src/arm/macro-assembler-arm.cc
  13. 4  src/arm/macro-assembler-arm.h
  14. 136  src/arm/simulator-arm.cc
  15. 6  src/arm/simulator-arm.h
  16. 149  src/arm/stub-cache-arm.cc
  17. 2  src/atomicops_internals_x86_gcc.h
  18. 61  src/bootstrapper.cc
  19. 40  src/builtins-decls.h
  20. 39  src/builtins.cc
  21. 4  src/builtins.h
  22. 12  src/code-stubs-hydrogen.cc
  23. 16  src/contexts.h
  24. 52  src/d8.cc
  25. 3  src/debug.cc
  26. 1  src/debug.h
  27. 48  src/factory.cc
  28. 2  src/factory.h
  29. 5  src/flag-definitions.h
  30. 27  src/frames-inl.h
  31. 1  src/frames.cc
  32. 13  src/frames.h
  33. 5  src/heap.cc
  34. 46  src/hydrogen-instructions.cc
  35. 96  src/hydrogen-instructions.h
  36. 103  src/hydrogen.cc
  37. 1  src/ia32/code-stubs-ia32.cc
  38. 9  src/ia32/debug-ia32.cc
  39. 113  src/ia32/lithium-codegen-ia32.cc
  40. 2  src/ia32/lithium-codegen-ia32.h
  41. 57  src/ia32/lithium-ia32.cc
  42. 12  src/ia32/lithium-ia32.h
  43. 12  src/ia32/macro-assembler-ia32.cc
  44. 4  src/ia32/macro-assembler-ia32.h
  45. 115  src/ia32/stub-cache-ia32.cc
  46. 88  src/ic.cc
  47. 27  src/json-parser.h
  48. 23  src/lithium-allocator.cc
  49. 16  src/lithium-allocator.h
  50. 2  src/macros.py
  51. 4  src/messages.js
  52. 1  src/mips/code-stubs-mips.cc
  53. 73  src/mips/lithium-codegen-mips.cc
  54. 2  src/mips/lithium-codegen-mips.h
  55. 27  src/mips/lithium-mips.cc
  56. 6  src/mips/lithium-mips.h
  57. 12  src/mips/macro-assembler-mips.cc
  58. 4  src/mips/macro-assembler-mips.h
  59. 147  src/mips/stub-cache-mips.cc
  60. 31  src/mksnapshot.cc
  61. 81  src/objects-inl.h
  62. 793  src/objects.cc
  63. 76  src/objects.h
  64. 4  src/parser.cc
  65. 101  src/property-details.h
  66. 35  src/property.h
  67. 127  src/runtime.cc
  68. 3  src/sampler.cc
  69. 3  src/scopes.cc
  70. 25  src/stub-cache.cc
  71. 1  src/stub-cache.h
  72. 1  src/transitions.cc
  73. 95  src/typedarray.js
  74. 2  src/v8natives.js
  75. 4  src/version.cc
  76. 18  src/x64/code-stubs-x64.cc
  77. 9  src/x64/debug-x64.cc
  78. 96  src/x64/lithium-codegen-x64.cc
  79. 2  src/x64/lithium-codegen-x64.h
  80. 52  src/x64/lithium-x64.cc
  81. 12  src/x64/lithium-x64.h
  82. 13  src/x64/macro-assembler-x64.cc
  83. 4  src/x64/macro-assembler-x64.h
  84. 93  src/x64/stub-cache-x64.cc
  85. 3  test/cctest/cctest.status
  86. 191  test/cctest/test-api.cc
  87. 9  test/cctest/test-debug.cc
  88. 31  test/message/isvar.js
  89. 4  test/message/isvar.out
  90. 29  test/message/paren_in_arg_string.js
  91. 6  test/message/paren_in_arg_string.out
  92. 32  test/message/single-function-literal.js
  93. 5  test/message/single-function-literal.out
  94. 2  test/mjsunit/elements-transition-hoisting.js
  95. 28  test/mjsunit/harmony/generators-iteration.js
  96. 61  test/mjsunit/harmony/typedarrays.js
  97. 32  test/mjsunit/regress/regress-235311.js
  98. 101  test/mjsunit/track-fields.js
13  ChangeLog
... ...
@@ -1,3 +1,16 @@
  1
+2013-04-30: Version 3.18.5
  2
+
  3
+        Allowed setting debugger breakpoints on CompareNilICs (issue 2660)
  4
+
  5
+        Fixed beyond-heap load on x64 Crankshafted StringCharFromCode
  6
+        (Chromium issue 235311)
  7
+
  8
+        Change 'Parse error' to three more informative messages.
  9
+        (Chromium issue 2636)
  10
+
  11
+        Performance and stability improvements on all platforms.
  12
+
  13
+
1 14
 2013-04-26: Version 3.18.4
2 15
 
3 16
         Added a preliminary API for ES6 ArrayBuffers
238  include/v8.h
@@ -2047,6 +2047,170 @@ class V8EXPORT ArrayBuffer : public Object {
2047 2047
 
2048 2048
 
2049 2049
 /**
  2050
+ * A base class for an instance of TypedArray series of constructors
  2051
+ * (ES6 draft 15.13.6).
  2052
+ * This API is experimental and may change significantly.
  2053
+ */
  2054
+class V8EXPORT TypedArray : public Object {
  2055
+ public:
  2056
+  /**
  2057
+   * Returns underlying ArrayBuffer.
  2058
+   */
  2059
+  Local<ArrayBuffer> Buffer();
  2060
+  /**
  2061
+   * Byte offset in |Buffer|
  2062
+   */
  2063
+  size_t ByteOffset();
  2064
+  /**
  2065
+   * Numbe of elements in this typed array.
  2066
+   */
  2067
+  size_t Length();
  2068
+  /**
  2069
+   * Size of typed array in bytes (e.g. for Int16Array, 2*|Length|).
  2070
+   */
  2071
+  size_t ByteLength();
  2072
+  /**
  2073
+   * Base address of typed array.
  2074
+   */
  2075
+  void* BaseAddress();
  2076
+
  2077
+  V8_INLINE(static TypedArray* Cast(Value* obj));
  2078
+
  2079
+ private:
  2080
+  TypedArray();
  2081
+  static void CheckCast(Value* obj);
  2082
+};
  2083
+
  2084
+
  2085
+/**
  2086
+ * An instance of Uint8Array constructor (ES6 draft 15.13.6).
  2087
+ * This API is experimental and may change significantly.
  2088
+ */
  2089
+class V8EXPORT Uint8Array : public TypedArray {
  2090
+ public:
  2091
+  static Local<Uint8Array> New(Handle<ArrayBuffer> array_buffer,
  2092
+                               size_t byte_offset, size_t length);
  2093
+  V8_INLINE(static Uint8Array* Cast(Value* obj));
  2094
+
  2095
+ private:
  2096
+  Uint8Array();
  2097
+  static void CheckCast(Value* obj);
  2098
+};
  2099
+
  2100
+
  2101
+/**
  2102
+ * An instance of Int8Array constructor (ES6 draft 15.13.6).
  2103
+ * This API is experimental and may change significantly.
  2104
+ */
  2105
+class V8EXPORT Int8Array : public TypedArray {
  2106
+ public:
  2107
+  static Local<Int8Array> New(Handle<ArrayBuffer> array_buffer,
  2108
+                               size_t byte_offset, size_t length);
  2109
+  V8_INLINE(static Int8Array* Cast(Value* obj));
  2110
+
  2111
+ private:
  2112
+  Int8Array();
  2113
+  static void CheckCast(Value* obj);
  2114
+};
  2115
+
  2116
+
  2117
+/**
  2118
+ * An instance of Uint16Array constructor (ES6 draft 15.13.6).
  2119
+ * This API is experimental and may change significantly.
  2120
+ */
  2121
+class V8EXPORT Uint16Array : public TypedArray {
  2122
+ public:
  2123
+  static Local<Uint16Array> New(Handle<ArrayBuffer> array_buffer,
  2124
+                               size_t byte_offset, size_t length);
  2125
+  V8_INLINE(static Uint16Array* Cast(Value* obj));
  2126
+
  2127
+ private:
  2128
+  Uint16Array();
  2129
+  static void CheckCast(Value* obj);
  2130
+};
  2131
+
  2132
+
  2133
+/**
  2134
+ * An instance of Int16Array constructor (ES6 draft 15.13.6).
  2135
+ * This API is experimental and may change significantly.
  2136
+ */
  2137
+class V8EXPORT Int16Array : public TypedArray {
  2138
+ public:
  2139
+  static Local<Int16Array> New(Handle<ArrayBuffer> array_buffer,
  2140
+                               size_t byte_offset, size_t length);
  2141
+  V8_INLINE(static Int16Array* Cast(Value* obj));
  2142
+
  2143
+ private:
  2144
+  Int16Array();
  2145
+  static void CheckCast(Value* obj);
  2146
+};
  2147
+
  2148
+
  2149
+/**
  2150
+ * An instance of Uint32Array constructor (ES6 draft 15.13.6).
  2151
+ * This API is experimental and may change significantly.
  2152
+ */
  2153
+class V8EXPORT Uint32Array : public TypedArray {
  2154
+ public:
  2155
+  static Local<Uint32Array> New(Handle<ArrayBuffer> array_buffer,
  2156
+                               size_t byte_offset, size_t length);
  2157
+  V8_INLINE(static Uint32Array* Cast(Value* obj));
  2158
+
  2159
+ private:
  2160
+  Uint32Array();
  2161
+  static void CheckCast(Value* obj);
  2162
+};
  2163
+
  2164
+
  2165
+/**
  2166
+ * An instance of Int32Array constructor (ES6 draft 15.13.6).
  2167
+ * This API is experimental and may change significantly.
  2168
+ */
  2169
+class V8EXPORT Int32Array : public TypedArray {
  2170
+ public:
  2171
+  static Local<Int32Array> New(Handle<ArrayBuffer> array_buffer,
  2172
+                               size_t byte_offset, size_t length);
  2173
+  V8_INLINE(static Int32Array* Cast(Value* obj));
  2174
+
  2175
+ private:
  2176
+  Int32Array();
  2177
+  static void CheckCast(Value* obj);
  2178
+};
  2179
+
  2180
+
  2181
+/**
  2182
+ * An instance of Float32Array constructor (ES6 draft 15.13.6).
  2183
+ * This API is experimental and may change significantly.
  2184
+ */
  2185
+class V8EXPORT Float32Array : public TypedArray {
  2186
+ public:
  2187
+  static Local<Float32Array> New(Handle<ArrayBuffer> array_buffer,
  2188
+                               size_t byte_offset, size_t length);
  2189
+  V8_INLINE(static Float32Array* Cast(Value* obj));
  2190
+
  2191
+ private:
  2192
+  Float32Array();
  2193
+  static void CheckCast(Value* obj);
  2194
+};
  2195
+
  2196
+
  2197
+/**
  2198
+ * An instance of Float64Array constructor (ES6 draft 15.13.6).
  2199
+ * This API is experimental and may change significantly.
  2200
+ */
  2201
+class V8EXPORT Float64Array : public TypedArray {
  2202
+ public:
  2203
+  static Local<Float64Array> New(Handle<ArrayBuffer> array_buffer,
  2204
+                               size_t byte_offset, size_t length);
  2205
+  V8_INLINE(static Float64Array* Cast(Value* obj));
  2206
+
  2207
+ private:
  2208
+  Float64Array();
  2209
+  static void CheckCast(Value* obj);
  2210
+};
  2211
+
  2212
+
  2213
+/**
2050 2214
  * An instance of the built-in Date constructor (ECMA-262, 15.9).
2051 2215
  */
2052 2216
 class V8EXPORT Date : public Object {
@@ -4543,7 +4707,7 @@ class Internals {
4543 4707
   static const int kJSObjectHeaderSize = 3 * kApiPointerSize;
4544 4708
   static const int kFixedArrayHeaderSize = 2 * kApiPointerSize;
4545 4709
   static const int kContextHeaderSize = 2 * kApiPointerSize;
4546  
-  static const int kContextEmbedderDataIndex = 56;
  4710
+  static const int kContextEmbedderDataIndex = 64;
4547 4711
   static const int kFullStringRepresentationMask = 0x07;
4548 4712
   static const int kStringEncodingMask = 0x4;
4549 4713
   static const int kExternalTwoByteRepresentationTag = 0x02;
@@ -5224,6 +5388,78 @@ ArrayBuffer* ArrayBuffer::Cast(v8::Value* value) {
5224 5388
 }
5225 5389
 
5226 5390
 
  5391
+TypedArray* TypedArray::Cast(v8::Value* value) {
  5392
+#ifdef V8_ENABLE_CHECKS
  5393
+  CheckCast(value);
  5394
+#endif
  5395
+  return static_cast<TypedArray*>(value);
  5396
+}
  5397
+
  5398
+
  5399
+Uint8Array* Uint8Array::Cast(v8::Value* value) {
  5400
+#ifdef V8_ENABLE_CHECKS
  5401
+  CheckCast(value);
  5402
+#endif
  5403
+  return static_cast<Uint8Array*>(value);
  5404
+}
  5405
+
  5406
+
  5407
+Int8Array* Int8Array::Cast(v8::Value* value) {
  5408
+#ifdef V8_ENABLE_CHECKS
  5409
+  CheckCast(value);
  5410
+#endif
  5411
+  return static_cast<Int8Array*>(value);
  5412
+}
  5413
+
  5414
+
  5415
+Uint16Array* Uint16Array::Cast(v8::Value* value) {
  5416
+#ifdef V8_ENABLE_CHECKS
  5417
+  CheckCast(value);
  5418
+#endif
  5419
+  return static_cast<Uint16Array*>(value);
  5420
+}
  5421
+
  5422
+
  5423
+Int16Array* Int16Array::Cast(v8::Value* value) {
  5424
+#ifdef V8_ENABLE_CHECKS
  5425
+  CheckCast(value);
  5426
+#endif
  5427
+  return static_cast<Int16Array*>(value);
  5428
+}
  5429
+
  5430
+
  5431
+Uint32Array* Uint32Array::Cast(v8::Value* value) {
  5432
+#ifdef V8_ENABLE_CHECKS
  5433
+  CheckCast(value);
  5434
+#endif
  5435
+  return static_cast<Uint32Array*>(value);
  5436
+}
  5437
+
  5438
+
  5439
+Int32Array* Int32Array::Cast(v8::Value* value) {
  5440
+#ifdef V8_ENABLE_CHECKS
  5441
+  CheckCast(value);
  5442
+#endif
  5443
+  return static_cast<Int32Array*>(value);
  5444
+}
  5445
+
  5446
+
  5447
+Float32Array* Float32Array::Cast(v8::Value* value) {
  5448
+#ifdef V8_ENABLE_CHECKS
  5449
+  CheckCast(value);
  5450
+#endif
  5451
+  return static_cast<Float32Array*>(value);
  5452
+}
  5453
+
  5454
+
  5455
+Float64Array* Float64Array::Cast(v8::Value* value) {
  5456
+#ifdef V8_ENABLE_CHECKS
  5457
+  CheckCast(value);
  5458
+#endif
  5459
+  return static_cast<Float64Array*>(value);
  5460
+}
  5461
+
  5462
+
5227 5463
 Function* Function::Cast(v8::Value* value) {
5228 5464
 #ifdef V8_ENABLE_CHECKS
5229 5465
   CheckCast(value);
158  src/api.cc
@@ -2755,6 +2755,39 @@ void v8::ArrayBuffer::CheckCast(Value* that) {
2755 2755
 }
2756 2756
 
2757 2757
 
  2758
+void v8::TypedArray::CheckCast(Value* that) {
  2759
+  if (IsDeadCheck(i::Isolate::Current(), "v8::TypedArray::Cast()")) return;
  2760
+  i::Handle<i::Object> obj = Utils::OpenHandle(that);
  2761
+  ApiCheck(obj->IsJSTypedArray(),
  2762
+           "v8::TypedArray::Cast()",
  2763
+           "Could not convert to TypedArray");
  2764
+}
  2765
+
  2766
+
  2767
+#define CHECK_TYPED_ARRAY_CAST(ApiClass, typeConst)                         \
  2768
+  void v8::ApiClass::CheckCast(Value* that) {                               \
  2769
+    if (IsDeadCheck(i::Isolate::Current(), "v8::" #ApiClass "::Cast()"))    \
  2770
+      return;                                                               \
  2771
+    i::Handle<i::Object> obj = Utils::OpenHandle(that);                     \
  2772
+    ApiCheck(obj->IsJSTypedArray() &&                                       \
  2773
+             i::JSTypedArray::cast(*obj)->type() == typeConst,              \
  2774
+             "v8::" #ApiClass "::Cast()",                                   \
  2775
+             "Could not convert to " #ApiClass);                            \
  2776
+  }
  2777
+
  2778
+
  2779
+CHECK_TYPED_ARRAY_CAST(Uint8Array, kExternalUnsignedByteArray)
  2780
+CHECK_TYPED_ARRAY_CAST(Int8Array, kExternalByteArray)
  2781
+CHECK_TYPED_ARRAY_CAST(Uint16Array, kExternalUnsignedShortArray)
  2782
+CHECK_TYPED_ARRAY_CAST(Int16Array, kExternalShortArray)
  2783
+CHECK_TYPED_ARRAY_CAST(Uint32Array, kExternalUnsignedIntArray)
  2784
+CHECK_TYPED_ARRAY_CAST(Int32Array, kExternalIntArray)
  2785
+CHECK_TYPED_ARRAY_CAST(Float32Array, kExternalFloatArray)
  2786
+CHECK_TYPED_ARRAY_CAST(Float64Array, kExternalDoubleArray)
  2787
+
  2788
+#undef CHECK_TYPED_ARRAY_CAST
  2789
+
  2790
+
2758 2791
 void v8::Date::CheckCast(v8::Value* that) {
2759 2792
   i::Isolate* isolate = i::Isolate::Current();
2760 2793
   if (IsDeadCheck(isolate, "v8::Date::Cast()")) return;
@@ -4061,7 +4094,7 @@ bool String::IsOneByte() const {
4061 4094
   if (IsDeadCheck(str->GetIsolate(), "v8::String::IsOneByte()")) {
4062 4095
     return false;
4063 4096
   }
4064  
-  return str->IsOneByteConvertible();
  4097
+  return str->HasOnlyOneByteChars();
4065 4098
 }
4066 4099
 
4067 4100
 
@@ -5806,6 +5839,129 @@ Local<ArrayBuffer> v8::ArrayBuffer::New(void* data, size_t byte_length) {
5806 5839
 }
5807 5840
 
5808 5841
 
  5842
+Local<ArrayBuffer> v8::TypedArray::Buffer() {
  5843
+  i::Isolate* isolate = Utils::OpenHandle(this)->GetIsolate();
  5844
+  if (IsDeadCheck(isolate, "v8::TypedArray::Buffer()"))
  5845
+    return Local<ArrayBuffer>();
  5846
+  i::Handle<i::JSTypedArray> obj = Utils::OpenHandle(this);
  5847
+  ASSERT(obj->buffer()->IsJSArrayBuffer());
  5848
+  i::Handle<i::JSArrayBuffer> buffer(i::JSArrayBuffer::cast(obj->buffer()));
  5849
+  return Utils::ToLocal(buffer);
  5850
+}
  5851
+
  5852
+
  5853
+size_t v8::TypedArray::ByteOffset() {
  5854
+  i::Isolate* isolate = Utils::OpenHandle(this)->GetIsolate();
  5855
+  if (IsDeadCheck(isolate, "v8::TypedArray::ByteOffset()")) return 0;
  5856
+  i::Handle<i::JSTypedArray> obj = Utils::OpenHandle(this);
  5857
+  return static_cast<size_t>(obj->byte_offset()->Number());
  5858
+}
  5859
+
  5860
+
  5861
+size_t v8::TypedArray::ByteLength() {
  5862
+  i::Isolate* isolate = Utils::OpenHandle(this)->GetIsolate();
  5863
+  if (IsDeadCheck(isolate, "v8::TypedArray::ByteLength()")) return 0;
  5864
+  i::Handle<i::JSTypedArray> obj = Utils::OpenHandle(this);
  5865
+  return static_cast<size_t>(obj->byte_length()->Number());
  5866
+}
  5867
+
  5868
+
  5869
+size_t v8::TypedArray::Length() {
  5870
+  i::Isolate* isolate = Utils::OpenHandle(this)->GetIsolate();
  5871
+  if (IsDeadCheck(isolate, "v8::TypedArray::Length()")) return 0;
  5872
+  i::Handle<i::JSTypedArray> obj = Utils::OpenHandle(this);
  5873
+  return static_cast<size_t>(obj->length()->Number());
  5874
+}
  5875
+
  5876
+
  5877
+void* v8::TypedArray::BaseAddress() {
  5878
+  i::Isolate* isolate = Utils::OpenHandle(this)->GetIsolate();
  5879
+  if (IsDeadCheck(isolate, "v8::TypedArray::BaseAddress()")) return NULL;
  5880
+  i::Handle<i::JSTypedArray> obj = Utils::OpenHandle(this);
  5881
+  i::Handle<i::JSArrayBuffer> buffer(i::JSArrayBuffer::cast(obj->buffer()));
  5882
+  void* buffer_data = buffer->backing_store();
  5883
+  size_t byte_offset = static_cast<size_t>(obj->byte_offset()->Number());
  5884
+  return static_cast<uint8_t*>(buffer_data) + byte_offset;
  5885
+}
  5886
+
  5887
+
  5888
+template<typename ElementType,
  5889
+         ExternalArrayType array_type,
  5890
+         i::ElementsKind elements_kind>
  5891
+i::Handle<i::JSTypedArray> NewTypedArray(
  5892
+    i::Isolate* isolate,
  5893
+    Handle<ArrayBuffer> array_buffer, size_t byte_offset, size_t length) {
  5894
+  i::Handle<i::JSTypedArray> obj =
  5895
+      isolate->factory()->NewJSTypedArray(array_type);
  5896
+  i::Handle<i::JSArrayBuffer> buffer = Utils::OpenHandle(*array_buffer);
  5897
+
  5898
+  ASSERT(byte_offset % sizeof(ElementType) == 0);
  5899
+  ASSERT(byte_offset + length * sizeof(ElementType) <=
  5900
+      static_cast<size_t>(buffer->byte_length()->Number()));
  5901
+
  5902
+  obj->set_buffer(*buffer);
  5903
+
  5904
+  i::Handle<i::Object> byte_offset_object = isolate->factory()->NewNumber(
  5905
+        static_cast<double>(byte_offset));
  5906
+  obj->set_byte_offset(*byte_offset_object);
  5907
+
  5908
+  i::Handle<i::Object> byte_length_object = isolate->factory()->NewNumber(
  5909
+        static_cast<double>(length * sizeof(ElementType)));
  5910
+  obj->set_byte_length(*byte_length_object);
  5911
+
  5912
+  i::Handle<i::Object> length_object = isolate->factory()->NewNumber(
  5913
+        static_cast<double>(length));
  5914
+  obj->set_length(*length_object);
  5915
+
  5916
+  i::Handle<i::ExternalArray> elements =
  5917
+      isolate->factory()->NewExternalArray(
  5918
+          static_cast<int>(length), array_type,
  5919
+          static_cast<uint8_t*>(buffer->backing_store()) + byte_offset);
  5920
+  i::Handle<i::Map> map =
  5921
+      isolate->factory()->GetElementsTransitionMap(
  5922
+          obj, elements_kind);
  5923
+  obj->set_map(*map);
  5924
+  obj->set_elements(*elements);
  5925
+  return obj;
  5926
+}
  5927
+
  5928
+
  5929
+#define TYPED_ARRAY_NEW(TypedArray, element_type, array_type, elements_kind) \
  5930
+  Local<TypedArray> TypedArray::New(Handle<ArrayBuffer> array_buffer,        \
  5931
+                                    size_t byte_offset, size_t length) {     \
  5932
+    i::Isolate* isolate = i::Isolate::Current();                             \
  5933
+    EnsureInitializedForIsolate(isolate,                                     \
  5934
+        "v8::" #TypedArray "::New(Handle<ArrayBuffer>, size_t, size_t)");    \
  5935
+    LOG_API(isolate,                                                         \
  5936
+        "v8::" #TypedArray "::New(Handle<ArrayBuffer>, size_t, size_t)");    \
  5937
+    ENTER_V8(isolate);                                                       \
  5938
+    i::Handle<i::JSTypedArray> obj =                                         \
  5939
+        NewTypedArray<element_type, array_type, elements_kind>(              \
  5940
+            isolate, array_buffer, byte_offset, length);                     \
  5941
+    return Utils::ToLocal##TypedArray(obj);                                  \
  5942
+  }
  5943
+
  5944
+
  5945
+TYPED_ARRAY_NEW(Uint8Array, uint8_t, kExternalUnsignedByteArray,
  5946
+                i::EXTERNAL_UNSIGNED_BYTE_ELEMENTS)
  5947
+TYPED_ARRAY_NEW(Int8Array, int8_t, kExternalByteArray,
  5948
+                i::EXTERNAL_BYTE_ELEMENTS)
  5949
+TYPED_ARRAY_NEW(Uint16Array, uint16_t, kExternalUnsignedShortArray,
  5950
+                i::EXTERNAL_UNSIGNED_SHORT_ELEMENTS)
  5951
+TYPED_ARRAY_NEW(Int16Array, int16_t, kExternalShortArray,
  5952
+                i::EXTERNAL_SHORT_ELEMENTS)
  5953
+TYPED_ARRAY_NEW(Uint32Array, uint32_t, kExternalUnsignedIntArray,
  5954
+                i::EXTERNAL_UNSIGNED_INT_ELEMENTS)
  5955
+TYPED_ARRAY_NEW(Int32Array, int32_t, kExternalIntArray,
  5956
+                i::EXTERNAL_INT_ELEMENTS)
  5957
+TYPED_ARRAY_NEW(Float32Array, float, kExternalFloatArray,
  5958
+                i::EXTERNAL_FLOAT_ELEMENTS)
  5959
+TYPED_ARRAY_NEW(Float64Array, double, kExternalDoubleArray,
  5960
+                i::EXTERNAL_DOUBLE_ELEMENTS)
  5961
+
  5962
+#undef TYPED_ARRAY_NEW
  5963
+
  5964
+
5809 5965
 Local<Symbol> v8::Symbol::New(Isolate* isolate) {
5810 5966
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
5811 5967
   EnsureInitializedForIsolate(i_isolate, "v8::Symbol::New()");
52  src/api.h
@@ -171,6 +171,15 @@ class RegisteredExtension {
171 171
   V(Object, JSObject)                          \
172 172
   V(Array, JSArray)                            \
173 173
   V(ArrayBuffer, JSArrayBuffer)                \
  174
+  V(TypedArray, JSTypedArray)                  \
  175
+  V(Uint8Array, JSTypedArray)                  \
  176
+  V(Int8Array, JSTypedArray)                   \
  177
+  V(Uint16Array, JSTypedArray)                 \
  178
+  V(Int16Array, JSTypedArray)                  \
  179
+  V(Uint32Array, JSTypedArray)                 \
  180
+  V(Int32Array, JSTypedArray)                  \
  181
+  V(Float32Array, JSTypedArray)                \
  182
+  V(Float64Array, JSTypedArray)                \
174 183
   V(String, String)                            \
175 184
   V(Symbol, Symbol)                            \
176 185
   V(Script, Object)                            \
@@ -208,6 +217,26 @@ class Utils {
208 217
       v8::internal::Handle<v8::internal::JSArray> obj);
209 218
   static inline Local<ArrayBuffer> ToLocal(
210 219
       v8::internal::Handle<v8::internal::JSArrayBuffer> obj);
  220
+
  221
+  static inline Local<TypedArray> ToLocal(
  222
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  223
+  static inline Local<Uint8Array> ToLocalUint8Array(
  224
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  225
+  static inline Local<Int8Array> ToLocalInt8Array(
  226
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  227
+  static inline Local<Uint16Array> ToLocalUint16Array(
  228
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  229
+  static inline Local<Int16Array> ToLocalInt16Array(
  230
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  231
+  static inline Local<Uint32Array> ToLocalUint32Array(
  232
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  233
+  static inline Local<Int32Array> ToLocalInt32Array(
  234
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  235
+  static inline Local<Float32Array> ToLocalFloat32Array(
  236
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  237
+  static inline Local<Float64Array> ToLocalFloat64Array(
  238
+      v8::internal::Handle<v8::internal::JSTypedArray> obj);
  239
+
211 240
   static inline Local<Message> MessageToLocal(
212 241
       v8::internal::Handle<v8::internal::Object> obj);
213 242
   static inline Local<StackTrace> StackTraceToLocal(
@@ -270,6 +299,17 @@ v8::internal::Handle<T> v8::internal::Handle<T>::EscapeFrom(
270 299
     return Local<To>(reinterpret_cast<To*>(obj.location()));                \
271 300
   }
272 301
 
  302
+
  303
+#define MAKE_TO_LOCAL_TYPED_ARRAY(TypedArray, typeConst)                    \
  304
+  Local<v8::TypedArray> Utils::ToLocal##TypedArray(                         \
  305
+      v8::internal::Handle<v8::internal::JSTypedArray> obj) {               \
  306
+    ASSERT(obj.is_null() || !obj->IsTheHole());                             \
  307
+    ASSERT(obj->type() == typeConst);                                       \
  308
+    return Local<v8::TypedArray>(                                           \
  309
+        reinterpret_cast<v8::TypedArray*>(obj.location()));                 \
  310
+  }
  311
+
  312
+
273 313
 MAKE_TO_LOCAL(ToLocal, Context, Context)
274 314
 MAKE_TO_LOCAL(ToLocal, Object, Value)
275 315
 MAKE_TO_LOCAL(ToLocal, JSFunction, Function)
@@ -279,6 +319,17 @@ MAKE_TO_LOCAL(ToLocal, JSRegExp, RegExp)
279 319
 MAKE_TO_LOCAL(ToLocal, JSObject, Object)
280 320
 MAKE_TO_LOCAL(ToLocal, JSArray, Array)
281 321
 MAKE_TO_LOCAL(ToLocal, JSArrayBuffer, ArrayBuffer)
  322
+MAKE_TO_LOCAL(ToLocal, JSTypedArray, TypedArray)
  323
+
  324
+MAKE_TO_LOCAL_TYPED_ARRAY(Uint8Array, kExternalUnsignedByteArray)
  325
+MAKE_TO_LOCAL_TYPED_ARRAY(Int8Array, kExternalByteArray)
  326
+MAKE_TO_LOCAL_TYPED_ARRAY(Uint16Array, kExternalUnsignedShortArray)
  327
+MAKE_TO_LOCAL_TYPED_ARRAY(Int16Array, kExternalShortArray)
  328
+MAKE_TO_LOCAL_TYPED_ARRAY(Uint32Array, kExternalUnsignedIntArray)
  329
+MAKE_TO_LOCAL_TYPED_ARRAY(Int32Array, kExternalIntArray)
  330
+MAKE_TO_LOCAL_TYPED_ARRAY(Float32Array, kExternalFloatArray)
  331
+MAKE_TO_LOCAL_TYPED_ARRAY(Float64Array, kExternalDoubleArray)
  332
+
282 333
 MAKE_TO_LOCAL(ToLocal, FunctionTemplateInfo, FunctionTemplate)
283 334
 MAKE_TO_LOCAL(ToLocal, ObjectTemplateInfo, ObjectTemplate)
284 335
 MAKE_TO_LOCAL(ToLocal, SignatureInfo, Signature)
@@ -293,6 +344,7 @@ MAKE_TO_LOCAL(Uint32ToLocal, Object, Uint32)
293 344
 MAKE_TO_LOCAL(ExternalToLocal, JSObject, External)
294 345
 MAKE_TO_LOCAL(ToLocal, DeclaredAccessorDescriptor, DeclaredAccessorDescriptor)
295 346
 
  347
+#undef MAKE_TO_LOCAL_TYPED_ARRAY
296 348
 #undef MAKE_TO_LOCAL
297 349
 
298 350
 
21  src/arguments.h
@@ -115,15 +115,18 @@ class CustomArguments : public Relocatable {
115 115
 
116 116
 
117 117
 #define DECLARE_RUNTIME_FUNCTION(Type, Name)    \
118  
-Type Name(Arguments args, Isolate* isolate)
119  
-
120  
-
121  
-#define RUNTIME_FUNCTION(Type, Name)            \
122  
-Type Name(Arguments args, Isolate* isolate)
123  
-
124  
-
125  
-#define RUNTIME_ARGUMENTS(isolate, args) args, isolate
126  
-
  118
+Type Name(int args_length, Object** args_object, Isolate* isolate)
  119
+
  120
+#define RUNTIME_FUNCTION(Type, Name)                                  \
  121
+static Type __RT_impl_##Name(Arguments args, Isolate* isolate);       \
  122
+Type Name(int args_length, Object** args_object, Isolate* isolate) {  \
  123
+  Arguments args(args_length, args_object);                           \
  124
+  return __RT_impl_##Name(args, isolate);                             \
  125
+}                                                                     \
  126
+static Type __RT_impl_##Name(Arguments args, Isolate* isolate)
  127
+
  128
+#define RUNTIME_ARGUMENTS(isolate, args) \
  129
+  args.length(), args.arguments(), isolate
127 130
 
128 131
 } }  // namespace v8::internal
129 132
 
1  src/arm/code-stubs-arm.cc
@@ -30,6 +30,7 @@
30 30
 #if defined(V8_TARGET_ARCH_ARM)
31 31
 
32 32
 #include "bootstrapper.h"
  33
+#include "builtins-decls.h"
33 34
 #include "code-stubs.h"
34 35
 #include "regexp-macro-assembler.h"
35 36
 #include "stub-cache.h"
9  src/arm/debug-arm.cc
@@ -224,6 +224,15 @@ void Debug::GenerateKeyedStoreICDebugBreak(MacroAssembler* masm) {
224 224
 }
225 225
 
226 226
 
  227
+void Debug::GenerateCompareNilICDebugBreak(MacroAssembler* masm) {
  228
+  // Register state for CompareNil IC
  229
+  // ----------- S t a t e -------------
  230
+  //  -- r0    : value
  231
+  // -----------------------------------
  232
+  Generate_DebugBreakCallHelper(masm, r0.bit(), 0);
  233
+}
  234
+
  235
+
227 236
 void Debug::GenerateCallICDebugBreak(MacroAssembler* masm) {
228 237
   // Calling convention for IC call (from ic-arm.cc)
229 238
   // ----------- S t a t e -------------
27  src/arm/lithium-arm.cc
@@ -552,6 +552,11 @@ LOperand* LChunkBuilder::UseRegisterOrConstantAtStart(HValue* value) {
552 552
 }
553 553
 
554 554
 
  555
+LOperand* LChunkBuilder::UseConstant(HValue* value) {
  556
+  return chunk_->DefineConstantOperand(HConstant::cast(value));
  557
+}
  558
+
  559
+
555 560
 LOperand* LChunkBuilder::UseAny(HValue* value) {
556 561
   return value->IsConstant()
557 562
       ? chunk_->DefineConstantOperand(HConstant::cast(value))
@@ -2114,8 +2119,8 @@ LInstruction* LChunkBuilder::DoStoreContextSlot(HStoreContextSlot* instr) {
2114 2119
 
2115 2120
 
2116 2121
 LInstruction* LChunkBuilder::DoLoadNamedField(HLoadNamedField* instr) {
2117  
-  return DefineAsRegister(
2118  
-      new(zone()) LLoadNamedField(UseRegisterAtStart(instr->object())));
  2122
+  LOperand* obj = UseRegisterAtStart(instr->object());
  2123
+  return DefineAsRegister(new(zone()) LLoadNamedField(obj));
2119 2124
 }
2120 2125
 
2121 2126
 
@@ -2319,14 +2324,20 @@ LInstruction* LChunkBuilder::DoStoreNamedField(HStoreNamedField* instr) {
2319 2324
         : UseRegisterAtStart(instr->object());
2320 2325
   }
2321 2326
 
2322  
-  LOperand* val = needs_write_barrier
2323  
-      ? UseTempRegister(instr->value())
2324  
-      : UseRegister(instr->value());
  2327
+  LOperand* val =
  2328
+      needs_write_barrier ||
  2329
+      (FLAG_track_fields && instr->field_representation().IsSmi())
  2330
+          ? UseTempRegister(instr->value()) : UseRegister(instr->value());
2325 2331
 
2326 2332
   // We need a temporary register for write barrier of the map field.
2327 2333
   LOperand* temp = needs_write_barrier_for_map ? TempRegister() : NULL;
2328 2334
 
2329  
-  return new(zone()) LStoreNamedField(obj, val, temp);
  2335
+  LStoreNamedField* result = new(zone()) LStoreNamedField(obj, val, temp);
  2336
+  if ((FLAG_track_fields && instr->field_representation().IsSmi()) ||
  2337
+      (FLAG_track_double_fields && instr->field_representation().IsDouble())) {
  2338
+    return AssignEnvironment(result);
  2339
+  }
  2340
+  return result;
2330 2341
 }
2331 2342
 
2332 2343
 
@@ -2378,7 +2389,9 @@ LInstruction* LChunkBuilder::DoAllocateObject(HAllocateObject* instr) {
2378 2389
 
2379 2390
 LInstruction* LChunkBuilder::DoAllocate(HAllocate* instr) {
2380 2391
   info()->MarkAsDeferredCalling();
2381  
-  LOperand* size = UseTempRegister(instr->size());
  2392
+  LOperand* size = instr->size()->IsConstant()
  2393
+      ? UseConstant(instr->size())
  2394
+      : UseTempRegister(instr->size());
2382 2395
   LOperand* temp1 = TempRegister();
2383 2396
   LOperand* temp2 = TempRegister();
2384 2397
   LAllocate* result = new(zone()) LAllocate(size, temp1, temp2);
6  src/arm/lithium-arm.h
@@ -2142,6 +2142,9 @@ class LStoreNamedField: public LTemplateInstruction<0, 2, 1> {
2142 2142
   bool is_in_object() { return hydrogen()->is_in_object(); }
2143 2143
   int offset() { return hydrogen()->offset(); }
2144 2144
   Handle<Map> transition() const { return hydrogen()->transition(); }
  2145
+  Representation representation() const {
  2146
+    return hydrogen()->field_representation();
  2147
+  }
2145 2148
 };
2146 2149
 
2147 2150
 
@@ -2787,6 +2790,9 @@ class LChunkBuilder BASE_EMBEDDED {
2787 2790
   MUST_USE_RESULT LOperand* UseRegisterOrConstant(HValue* value);
2788 2791
   MUST_USE_RESULT LOperand* UseRegisterOrConstantAtStart(HValue* value);
2789 2792
 
  2793
+  // An input operand in a constant operand.
  2794
+  MUST_USE_RESULT LOperand* UseConstant(HValue* value);
  2795
+
2790 2796
   // An input operand in register, stack slot or a constant operand.
2791 2797
   // Will not be moved to a register even if one is freely available.
2792 2798
   MUST_USE_RESULT LOperand* UseAny(HValue* value);
120  src/arm/lithium-codegen-arm.cc
@@ -91,6 +91,10 @@ void LCodeGen::FinishCode(Handle<Code> code) {
91 91
     prototype_maps_.at(i)->AddDependentCode(
92 92
         DependentCode::kPrototypeCheckGroup, code);
93 93
   }
  94
+  for (int i = 0 ; i < transition_maps_.length(); i++) {
  95
+    transition_maps_.at(i)->AddDependentCode(
  96
+        DependentCode::kTransitionGroup, code);
  97
+  }
94 98
 }
95 99
 
96 100
 
@@ -1161,14 +1165,14 @@ void LCodeGen::DoModI(LModI* instr) {
1161 1165
   Register result = ToRegister(instr->result());
1162 1166
   Label done;
1163 1167
 
1164  
-  if (CpuFeatures::IsSupported(SUDIV)) {
1165  
-    CpuFeatureScope scope(masm(), SUDIV);
1166 1168
     // Check for x % 0.
1167  
-    if (instr->hydrogen()->CheckFlag(HValue::kCanBeDivByZero)) {
1168  
-      __ cmp(right, Operand::Zero());
1169  
-      DeoptimizeIf(eq, instr->environment());
1170  
-    }
  1169
+  if (instr->hydrogen()->CheckFlag(HValue::kCanBeDivByZero)) {
  1170
+    __ cmp(right, Operand::Zero());
  1171
+    DeoptimizeIf(eq, instr->environment());
  1172
+  }
1171 1173
 
  1174
+  if (CpuFeatures::IsSupported(SUDIV)) {
  1175
+    CpuFeatureScope scope(masm(), SUDIV);
1172 1176
     // Check for (kMinInt % -1).
1173 1177
     if (instr->hydrogen()->CheckFlag(HValue::kCanOverflow)) {
1174 1178
       Label left_not_min_int;
@@ -1185,12 +1189,12 @@ void LCodeGen::DoModI(LModI* instr) {
1185 1189
 
1186 1190
     __ sdiv(result, left, right);
1187 1191
     __ mls(result, result, right, left);
1188  
-    __ cmp(result, Operand::Zero());
1189  
-    __ b(ne, &done);
1190 1192
 
1191 1193
     if (instr->hydrogen()->CheckFlag(HValue::kBailoutOnMinusZero)) {
1192  
-       __ cmp(left, Operand::Zero());
1193  
-       DeoptimizeIf(lt, instr->environment());
  1194
+      __ cmp(result, Operand::Zero());
  1195
+      __ b(ne, &done);
  1196
+      __ cmp(left, Operand::Zero());
  1197
+      DeoptimizeIf(lt, instr->environment());
1194 1198
     }
1195 1199
   } else {
1196 1200
     Register scratch = scratch0();
@@ -1206,13 +1210,7 @@ void LCodeGen::DoModI(LModI* instr) {
1206 1210
     ASSERT(!scratch.is(right));
1207 1211
     ASSERT(!scratch.is(result));
1208 1212
 
1209  
-    Label vfp_modulo, both_positive, right_negative;
1210  
-
1211  
-    // Check for x % 0.
1212  
-    if (instr->hydrogen()->CheckFlag(HValue::kCanBeDivByZero)) {
1213  
-      __ cmp(right, Operand::Zero());
1214  
-      DeoptimizeIf(eq, instr->environment());
1215  
-    }
  1213
+    Label vfp_modulo, right_negative;
1216 1214
 
1217 1215
     __ Move(result, left);
1218 1216
 
@@ -1230,7 +1228,7 @@ void LCodeGen::DoModI(LModI* instr) {
1230 1228
     __ JumpIfNotPowerOfTwoOrZeroAndNeg(right,
1231 1229
                                        scratch,
1232 1230
                                        &right_negative,
1233  
-                                       &both_positive);
  1231
+                                       &vfp_modulo);
1234 1232
     // Perform modulo operation (scratch contains right - 1).
1235 1233
     __ and_(result, scratch, Operand(left));
1236 1234
     __ b(&done);
@@ -1239,23 +1237,6 @@ void LCodeGen::DoModI(LModI* instr) {
1239 1237
     // Negate right. The sign of the divisor does not matter.
1240 1238
     __ rsb(right, right, Operand::Zero());
1241 1239
 
1242  
-    __ bind(&both_positive);
1243  
-    const int kUnfolds = 3;
1244  
-    // If the right hand side is smaller than the (nonnegative)
1245  
-    // left hand side, the left hand side is the result.
1246  
-    // Else try a few subtractions of the left hand side.
1247  
-    __ mov(scratch, left);
1248  
-    for (int i = 0; i < kUnfolds; i++) {
1249  
-      // Check if the left hand side is less or equal than the
1250  
-      // the right hand side.
1251  
-      __ cmp(scratch, Operand(right));
1252  
-      __ mov(result, scratch, LeaveCC, lt);
1253  
-      __ b(lt, &done);
1254  
-      // If not, reduce the left hand side by the right hand
1255  
-      // side and check again.
1256  
-      if (i < kUnfolds - 1) __ sub(scratch, scratch, right);
1257  
-    }
1258  
-
1259 1240
     __ bind(&vfp_modulo);
1260 1241
     // Load the arguments in VFP registers.
1261 1242
     // The divisor value is preloaded before. Be careful that 'right'
@@ -3077,12 +3058,30 @@ void LCodeGen::DoStoreContextSlot(LStoreContextSlot* instr) {
3077 3058
 
3078 3059
 void LCodeGen::DoLoadNamedField(LLoadNamedField* instr) {
3079 3060
   Register object = ToRegister(instr->object());
3080  
-  Register result = ToRegister(instr->result());
  3061
+  if (!FLAG_track_double_fields) {
  3062
+    ASSERT(!instr->hydrogen()->representation().IsDouble());
  3063
+  }
  3064
+  Register temp = instr->hydrogen()->representation().IsDouble()
  3065
+      ? scratch0() : ToRegister(instr->result());
3081 3066
   if (instr->hydrogen()->is_in_object()) {
3082  
-    __ ldr(result, FieldMemOperand(object, instr->hydrogen()->offset()));
  3067
+    __ ldr(temp, FieldMemOperand(object, instr->hydrogen()->offset()));
3083 3068
   } else {
3084  
-    __ ldr(result, FieldMemOperand(object, JSObject::kPropertiesOffset));
3085  
-    __ ldr(result, FieldMemOperand(result, instr->hydrogen()->offset()));
  3069
+    __ ldr(temp, FieldMemOperand(object, JSObject::kPropertiesOffset));
  3070
+    __ ldr(temp, FieldMemOperand(temp, instr->hydrogen()->offset()));
  3071
+  }
  3072
+
  3073
+  if (instr->hydrogen()->representation().IsDouble()) {
  3074
+    Label load_from_heap_number, done;
  3075
+    DwVfpRegister result = ToDoubleRegister(instr->result());
  3076
+    SwVfpRegister flt_scratch = double_scratch0().low();
  3077
+    __ JumpIfNotSmi(temp, &load_from_heap_number);
  3078
+    __ SmiUntag(temp);
  3079
+    __ vmov(flt_scratch, temp);
  3080
+    __ vcvt_f64_s32(result, flt_scratch);
  3081
+    __ b(&done);
  3082
+    __ bind(&load_from_heap_number);
  3083
+    __ vldr(result, FieldMemOperand(temp, HeapNumber::kValueOffset));
  3084
+    __ bind(&done);
3086 3085
   }
3087 3086
 }
3088 3087
 
@@ -4262,15 +4261,37 @@ void LCodeGen::DoInnerAllocatedObject(LInnerAllocatedObject* instr) {
4262 4261
 
4263 4262
 
4264 4263
 void LCodeGen::DoStoreNamedField(LStoreNamedField* instr) {
  4264
+  Representation representation = instr->representation();
  4265
+
4265 4266
   Register object = ToRegister(instr->object());
4266 4267
   Register value = ToRegister(instr->value());
  4268
+  ASSERT(!object.is(value));
4267 4269
   Register scratch = scratch0();
4268 4270
   int offset = instr->offset();
4269 4271
 
4270  
-  ASSERT(!object.is(value));
4271  
-
4272  
-  if (!instr->transition().is_null()) {
4273  
-    __ mov(scratch, Operand(instr->transition()));
  4272
+  if (FLAG_track_fields && representation.IsSmi()) {
  4273
+    __ SmiTag(value, value, SetCC);
  4274
+    if (!instr->hydrogen()->value()->range()->IsInSmiRange()) {
  4275
+      DeoptimizeIf(vs, instr->environment());
  4276
+    }
  4277
+  } else if (FLAG_track_double_fields && representation.IsDouble() &&
  4278
+             !instr->hydrogen()->value()->type().IsSmi() &&
  4279
+             !instr->hydrogen()->value()->type().IsHeapNumber()) {
  4280
+    Label do_store;
  4281
+    __ JumpIfSmi(value, &do_store);
  4282
+    Handle<Map> map(isolate()->factory()->heap_number_map());
  4283
+
  4284
+    __ ldr(scratch, FieldMemOperand(value, HeapObject::kMapOffset));
  4285
+    DoCheckMapCommon(scratch, map, REQUIRE_EXACT_MAP, instr->environment());
  4286
+    __ bind(&do_store);
  4287
+  }
  4288
+
  4289
+  Handle<Map> transition = instr->transition();
  4290
+  if (!transition.is_null()) {
  4291
+    if (transition->CanBeDeprecated()) {
  4292
+      transition_maps_.Add(transition, info()->zone());
  4293
+    }
  4294
+    __ mov(scratch, Operand(transition));
4274 4295
     __ str(scratch, FieldMemOperand(object, HeapObject::kMapOffset));
4275 4296
     if (instr->hydrogen()->NeedsWriteBarrierForMap()) {
4276 4297
       Register temp = ToRegister(instr->temp());
@@ -5473,7 +5494,6 @@ void LCodeGen::DoAllocate(LAllocate* instr) {
5473 5494
 
5474 5495
 
5475 5496
 void LCodeGen::DoDeferredAllocate(LAllocate* instr) {
5476  
-  Register size = ToRegister(instr->size());
5477 5497
   Register result = ToRegister(instr->result());
5478 5498
 
5479 5499
   // TODO(3095996): Get rid of this. For now, we need to make the
@@ -5482,8 +5502,16 @@ void LCodeGen::DoDeferredAllocate(LAllocate* instr) {
5482 5502
   __ mov(result, Operand(Smi::FromInt(0)));
5483 5503
 
5484 5504
   PushSafepointRegistersScope scope(this, Safepoint::kWithRegisters);
5485  
-  __ SmiTag(size, size);
5486  
-  __ push(size);
  5505
+  if (instr->size()->IsRegister()) {
  5506
+    Register size = ToRegister(instr->size());
  5507
+    ASSERT(!size.is(result));
  5508
+    __ SmiTag(size);
  5509
+    __ push(size);
  5510
+  } else {
  5511
+    int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
  5512
+    __ Push(Smi::FromInt(size));
  5513
+  }
  5514
+
5487 5515
   if (instr->hydrogen()->CanAllocateInOldPointerSpace()) {
5488 5516
     CallRuntimeFromDeferred(
5489 5517
         Runtime::kAllocateInOldPointerSpace, 1, instr);
2  src/arm/lithium-codegen-arm.h
@@ -57,6 +57,7 @@ class LCodeGen BASE_EMBEDDED {
57 57
         deopt_jump_table_(4, info->zone()),
58 58
         deoptimization_literals_(8, info->zone()),
59 59
         prototype_maps_(0, info->zone()),
  60
+        transition_maps_(0, info->zone()),
60 61
         inlined_function_count_(0),
61 62
         scope_(info->scope()),
62 63
         status_(UNUSED),
@@ -418,6 +419,7 @@ class LCodeGen BASE_EMBEDDED {
418 419
   ZoneList<JumpTableEntry> deopt_jump_table_;
419 420
   ZoneList<Handle<Object> > deoptimization_literals_;
420 421
   ZoneList<Handle<Map> > prototype_maps_;
  422
+  ZoneList<Handle<Map> > transition_maps_;
421 423
   int inlined_function_count_;
422 424
   Scope* const scope_;
423 425
   Status status_;
12  src/arm/macro-assembler-arm.cc
@@ -3473,6 +3473,18 @@ void MacroAssembler::CheckPageFlag(
3473 3473
 }
3474 3474
 
3475 3475
 
  3476
+void MacroAssembler::CheckMapDeprecated(Handle<Map> map,
  3477
+                                        Register scratch,
  3478
+                                        Label* if_deprecated) {
  3479
+  if (map->CanBeDeprecated()) {
  3480
+    mov(scratch, Operand(map));
  3481
+    ldr(scratch, FieldMemOperand(scratch, Map::kBitField3Offset));
  3482
+    tst(scratch, Operand(Smi::FromInt(Map::Deprecated::kMask)));
  3483
+    b(ne, if_deprecated);
  3484
+  }
  3485
+}
  3486
+
  3487
+
3476 3488
 void MacroAssembler::JumpIfBlack(Register object,
3477 3489
                                  Register scratch0,
3478 3490
                                  Register scratch1,
4  src/arm/macro-assembler-arm.h
@@ -213,6 +213,10 @@ class MacroAssembler: public Assembler {
213 213
                      Condition cc,
214 214
                      Label* condition_met);
215 215
 
  216
+  void CheckMapDeprecated(Handle<Map> map,
  217
+                          Register scratch,
  218
+                          Label* if_deprecated);
  219
+
216 220
   // Check if object is in new space.  Jumps if the object is not in new space.
217 221
   // The register scratch can be object itself, but scratch will be clobbered.
218 222
   void JumpIfNotInNewSpace(Register object,
136  src/arm/simulator-arm.cc
@@ -975,12 +975,14 @@ ReturnType Simulator::GetFromVFPRegister(int reg_index) {
975 975
 }
976 976
 
977 977
 
978  
-// For use in calls that take two double values, constructed either
  978
+// Runtime FP routines take up to two double arguments and zero
  979
+// or one integer arguments. All are consructed here.
979 980
 // from r0-r3 or d0 and d1.
980  
-void Simulator::GetFpArgs(double* x, double* y) {
  981
+void Simulator::GetFpArgs(double* x, double* y, int32_t* z) {
981 982
   if (use_eabi_hardfloat()) {
982 983
     *x = vfp_registers_[0];
983 984
     *y = vfp_registers_[1];
  985
+    *z = registers_[1];
984 986
   } else {
985 987
     // We use a char buffer to get around the strict-aliasing rules which
986 988
     // otherwise allow the compiler to optimize away the copy.
@@ -988,44 +990,12 @@ void Simulator::GetFpArgs(double* x, double* y) {
988 990
     // Registers 0 and 1 -> x.
989 991
     OS::MemCopy(buffer, registers_, sizeof(*x));
990 992
     OS::MemCopy(x, buffer, sizeof(*x));
991  
-    // Registers 2 and 3 -> y.
992  
-    OS::MemCopy(buffer, registers_ + 2, sizeof(*y));
993  
-    OS::MemCopy(y, buffer, sizeof(*y));
994  
-  }
995  
-}
996  
-
997  
-// For use in calls that take one double value, constructed either
998  
-// from r0 and r1 or d0.
999  
-void Simulator::GetFpArgs(double* x) {
1000  
-  if (use_eabi_hardfloat()) {
1001  
-    *x = vfp_registers_[0];
1002  
-  } else {
1003  
-    // We use a char buffer to get around the strict-aliasing rules which
1004  
-    // otherwise allow the compiler to optimize away the copy.
1005  
-    char buffer[sizeof(*x)];
1006  
-    // Registers 0 and 1 -> x.
1007  
-    OS::MemCopy(buffer, registers_, sizeof(*x));
1008  
-    OS::MemCopy(x, buffer, sizeof(*x));
1009  
-  }
1010  
-}
1011  
-
1012  
-
1013  
-// For use in calls that take one double value constructed either
1014  
-// from r0 and r1 or d0 and one integer value.
1015  
-void Simulator::GetFpArgs(double* x, int32_t* y) {
1016  
-  if (use_eabi_hardfloat()) {
1017  
-    *x = vfp_registers_[0];
1018  
-    *y = registers_[1];
1019  
-  } else {
1020  
-    // We use a char buffer to get around the strict-aliasing rules which
1021  
-    // otherwise allow the compiler to optimize away the copy.
1022  
-    char buffer[sizeof(*x)];
1023  
-    // Registers 0 and 1 -> x.
1024  
-    OS::MemCopy(buffer, registers_, sizeof(*x));
1025  
-    OS::MemCopy(x, buffer, sizeof(*x));
1026  
-    // Register 2 -> y.
  993
+    // Register 2 and 3 -> y.
1027 994
     OS::MemCopy(buffer, registers_ + 2, sizeof(*y));
1028 995
     OS::MemCopy(y, buffer, sizeof(*y));
  996
+    // Register 2 -> z
  997
+    memcpy(buffer, registers_ + 2, sizeof(*z));
  998
+    memcpy(z, buffer, sizeof(*z));
1029 999
   }
1030 1000
 }
1031 1001
 
@@ -1648,10 +1618,12 @@ typedef int64_t (*SimulatorRuntimeCall)(int32_t arg0,
1648 1618
                                         int32_t arg3,
1649 1619
                                         int32_t arg4,
1650 1620
                                         int32_t arg5);
1651  
-typedef double (*SimulatorRuntimeFPCall)(int32_t arg0,
1652  
-                                         int32_t arg1,
1653  
-                                         int32_t arg2,
1654  
-                                         int32_t arg3);
  1621
+
  1622
+// These prototypes handle the four types of FP calls.
  1623
+typedef int64_t (*SimulatorRuntimeCompareCall)(double darg0, double darg1);
  1624
+typedef double (*SimulatorRuntimeFPFPCall)(double darg0, double darg1);
  1625
+typedef double (*SimulatorRuntimeFPCall)(double darg0);
  1626
+typedef double (*SimulatorRuntimeFPIntCall)(double darg0, int32_t arg0);
1655 1627
 
1656 1628
 // This signature supports direct call in to API function native callback
1657 1629
 // (refer to InvocationCallback in v8.h).
@@ -1717,27 +1689,27 @@ void Simulator::SoftwareInterrupt(Instruction* instr) {
1717 1689
       intptr_t external =
1718 1690
           reinterpret_cast<intptr_t>(redirection->external_function());
1719 1691
       if (fp_call) {
  1692
+        double dval0, dval1;  // one or two double parameters
  1693
+        int32_t ival;         // zero or one integer parameters
  1694
+        int64_t iresult = 0;  // integer return value
  1695
+        double dresult = 0;   // double return value
  1696
+        GetFpArgs(&dval0, &dval1, &ival);
1720 1697
         if (::v8::internal::FLAG_trace_sim || !stack_aligned) {
1721  
-          SimulatorRuntimeFPCall target =
1722  
-              reinterpret_cast<SimulatorRuntimeFPCall>(external);
1723  
-          double dval0, dval1;
1724  
-          int32_t ival;
  1698
+          SimulatorRuntimeCall generic_target =
  1699
+            reinterpret_cast<SimulatorRuntimeCall>(external);
1725 1700
           switch (redirection->type()) {
1726 1701
           case ExternalReference::BUILTIN_FP_FP_CALL:
1727 1702
           case ExternalReference::BUILTIN_COMPARE_CALL:
1728  
-            GetFpArgs(&dval0, &dval1);
1729 1703
             PrintF("Call to host function at %p with args %f, %f",
1730  
-                FUNCTION_ADDR(target), dval0, dval1);
  1704
+                   FUNCTION_ADDR(generic_target), dval0, dval1);
1731 1705
             break;
1732 1706
           case ExternalReference::BUILTIN_FP_CALL:
1733  
-            GetFpArgs(&dval0);
1734 1707
             PrintF("Call to host function at %p with arg %f",
1735  
-                FUNCTION_ADDR(target), dval0);
  1708
+                FUNCTION_ADDR(generic_target), dval0);
1736 1709
             break;
1737 1710
           case ExternalReference::BUILTIN_FP_INT_CALL:
1738  
-            GetFpArgs(&dval0, &ival);
1739 1711
             PrintF("Call to host function at %p with args %f, %d",
1740  
-                FUNCTION_ADDR(target), dval0, ival);
  1712
+                   FUNCTION_ADDR(generic_target), dval0, ival);
1741 1713
             break;
1742 1714
           default:
1743 1715
             UNREACHABLE();
@@ -1749,22 +1721,54 @@ void Simulator::SoftwareInterrupt(Instruction* instr) {
1749 1721
           PrintF("\n");
1750 1722
         }
1751 1723
         CHECK(stack_aligned);
1752  
-        if (redirection->type() != ExternalReference::BUILTIN_COMPARE_CALL) {
  1724
+        switch (redirection->type()) {
  1725
+        case ExternalReference::BUILTIN_COMPARE_CALL: {
  1726
+          SimulatorRuntimeCompareCall target =
  1727
+            reinterpret_cast<SimulatorRuntimeCompareCall>(external);
  1728
+          iresult = target(dval0, dval1);
  1729
+          set_register(r0, static_cast<int32_t>(iresult));
  1730
+          set_register(r1, static_cast<int32_t>(iresult >> 32));
  1731
+          break;
  1732
+        }
  1733
+        case ExternalReference::BUILTIN_FP_FP_CALL: {
  1734
+          SimulatorRuntimeFPFPCall target =
  1735
+            reinterpret_cast<SimulatorRuntimeFPFPCall>(external);
  1736
+          dresult = target(dval0, dval1);
  1737
+          SetFpResult(dresult);
  1738
+          break;
  1739
+        }
  1740
+        case ExternalReference::BUILTIN_FP_CALL: {
1753 1741
           SimulatorRuntimeFPCall target =
1754  
-              reinterpret_cast<SimulatorRuntimeFPCall>(external);
1755  
-          double result = target(arg0, arg1, arg2, arg3);
1756  
-          SetFpResult(result);
1757  
-        } else {
1758  
-          SimulatorRuntimeCall target =
1759