RubyGems - libv8 - Versions diffs - 3.10.8.0 → 3.11.8.0 - Mend

libv8 3.10.8.0 → 3.11.8.0

Files changed (215) hide show

data/Rakefile +10 -3
data/ext/libv8/compiler.rb +46 -0
data/ext/libv8/extconf.rb +5 -1
data/ext/libv8/make.rb +13 -0
data/lib/libv8/version.rb +1 -1
data/patches/add-freebsd9-and-freebsd10-to-gyp-GetFlavor.patch +11 -0
data/patches/src_platform-freebsd.cc.patch +10 -0
data/vendor/v8/ChangeLog +124 -0
data/vendor/v8/DEPS +27 -0
data/vendor/v8/Makefile +7 -0
data/vendor/v8/SConstruct +15 -2
data/vendor/v8/build/common.gypi +129 -157
data/vendor/v8/build/gyp_v8 +11 -25
data/vendor/v8/build/standalone.gypi +9 -3
data/vendor/v8/include/v8.h +5 -3
data/vendor/v8/src/SConscript +1 -0
data/vendor/v8/src/api.cc +4 -33
data/vendor/v8/src/api.h +2 -2
data/vendor/v8/src/arm/builtins-arm.cc +5 -4
data/vendor/v8/src/arm/code-stubs-arm.cc +21 -14
data/vendor/v8/src/arm/codegen-arm.cc +2 -2
data/vendor/v8/src/arm/debug-arm.cc +3 -1
data/vendor/v8/src/arm/full-codegen-arm.cc +3 -102
data/vendor/v8/src/arm/ic-arm.cc +30 -33
data/vendor/v8/src/arm/lithium-arm.cc +20 -7
data/vendor/v8/src/arm/lithium-arm.h +10 -4
data/vendor/v8/src/arm/lithium-codegen-arm.cc +106 -60
data/vendor/v8/src/arm/macro-assembler-arm.cc +49 -39
data/vendor/v8/src/arm/macro-assembler-arm.h +5 -4
data/vendor/v8/src/arm/regexp-macro-assembler-arm.cc +115 -55
data/vendor/v8/src/arm/regexp-macro-assembler-arm.h +7 -6
data/vendor/v8/src/arm/simulator-arm.h +6 -6
data/vendor/v8/src/arm/stub-cache-arm.cc +64 -19
data/vendor/v8/src/array.js +7 -3
data/vendor/v8/src/ast.cc +11 -6
data/vendor/v8/src/bootstrapper.cc +9 -11
data/vendor/v8/src/builtins.cc +61 -31
data/vendor/v8/src/code-stubs.cc +23 -9
data/vendor/v8/src/code-stubs.h +1 -0
data/vendor/v8/src/codegen.h +3 -3
data/vendor/v8/src/compiler.cc +1 -1
data/vendor/v8/src/contexts.h +2 -18
data/vendor/v8/src/d8.cc +94 -93
data/vendor/v8/src/d8.h +1 -1
data/vendor/v8/src/debug-agent.cc +3 -3
data/vendor/v8/src/debug.cc +41 -1
data/vendor/v8/src/debug.h +50 -0
data/vendor/v8/src/elements-kind.cc +134 -0
data/vendor/v8/src/elements-kind.h +210 -0
data/vendor/v8/src/elements.cc +356 -190
data/vendor/v8/src/elements.h +36 -28
data/vendor/v8/src/factory.cc +44 -4
data/vendor/v8/src/factory.h +11 -7
data/vendor/v8/src/flag-definitions.h +3 -0
data/vendor/v8/src/frames.h +3 -0
data/vendor/v8/src/full-codegen.cc +2 -1
data/vendor/v8/src/func-name-inferrer.h +2 -0
data/vendor/v8/src/globals.h +3 -0
data/vendor/v8/src/heap-inl.h +16 -4
data/vendor/v8/src/heap.cc +38 -32
data/vendor/v8/src/heap.h +3 -17
data/vendor/v8/src/hydrogen-instructions.cc +28 -5
data/vendor/v8/src/hydrogen-instructions.h +142 -44
data/vendor/v8/src/hydrogen.cc +160 -55
data/vendor/v8/src/hydrogen.h +2 -0
data/vendor/v8/src/ia32/assembler-ia32.h +3 -0
data/vendor/v8/src/ia32/builtins-ia32.cc +5 -4
data/vendor/v8/src/ia32/code-stubs-ia32.cc +22 -16
data/vendor/v8/src/ia32/codegen-ia32.cc +2 -2
data/vendor/v8/src/ia32/debug-ia32.cc +29 -2
data/vendor/v8/src/ia32/full-codegen-ia32.cc +8 -101
data/vendor/v8/src/ia32/ic-ia32.cc +23 -19
data/vendor/v8/src/ia32/lithium-codegen-ia32.cc +126 -80
data/vendor/v8/src/ia32/lithium-codegen-ia32.h +2 -1
data/vendor/v8/src/ia32/lithium-ia32.cc +15 -9
data/vendor/v8/src/ia32/lithium-ia32.h +14 -6
data/vendor/v8/src/ia32/macro-assembler-ia32.cc +50 -40
data/vendor/v8/src/ia32/macro-assembler-ia32.h +5 -4
data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.cc +113 -43
data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.h +9 -4
data/vendor/v8/src/ia32/simulator-ia32.h +4 -4
data/vendor/v8/src/ia32/stub-cache-ia32.cc +52 -14
data/vendor/v8/src/ic.cc +77 -20
data/vendor/v8/src/ic.h +18 -2
data/vendor/v8/src/incremental-marking-inl.h +21 -5
data/vendor/v8/src/incremental-marking.cc +35 -8
data/vendor/v8/src/incremental-marking.h +12 -3
data/vendor/v8/src/isolate.cc +12 -2
data/vendor/v8/src/isolate.h +1 -1
data/vendor/v8/src/jsregexp.cc +66 -26
data/vendor/v8/src/jsregexp.h +60 -31
data/vendor/v8/src/list-inl.h +8 -0
data/vendor/v8/src/list.h +3 -0
data/vendor/v8/src/lithium.cc +5 -2
data/vendor/v8/src/liveedit.cc +57 -5
data/vendor/v8/src/mark-compact-inl.h +17 -11
data/vendor/v8/src/mark-compact.cc +100 -143
data/vendor/v8/src/mark-compact.h +44 -20
data/vendor/v8/src/messages.js +131 -99
data/vendor/v8/src/mips/builtins-mips.cc +5 -4
data/vendor/v8/src/mips/code-stubs-mips.cc +23 -15
data/vendor/v8/src/mips/codegen-mips.cc +2 -2
data/vendor/v8/src/mips/debug-mips.cc +3 -1
data/vendor/v8/src/mips/full-codegen-mips.cc +4 -102
data/vendor/v8/src/mips/ic-mips.cc +34 -36
data/vendor/v8/src/mips/lithium-codegen-mips.cc +116 -68
data/vendor/v8/src/mips/lithium-mips.cc +20 -7
data/vendor/v8/src/mips/lithium-mips.h +11 -4
data/vendor/v8/src/mips/macro-assembler-mips.cc +50 -39
data/vendor/v8/src/mips/macro-assembler-mips.h +5 -4
data/vendor/v8/src/mips/regexp-macro-assembler-mips.cc +110 -50
data/vendor/v8/src/mips/regexp-macro-assembler-mips.h +6 -5
data/vendor/v8/src/mips/simulator-mips.h +5 -5
data/vendor/v8/src/mips/stub-cache-mips.cc +66 -20
data/vendor/v8/src/mksnapshot.cc +5 -1
data/vendor/v8/src/objects-debug.cc +103 -6
data/vendor/v8/src/objects-inl.h +215 -116
data/vendor/v8/src/objects-printer.cc +13 -8
data/vendor/v8/src/objects.cc +608 -331
data/vendor/v8/src/objects.h +129 -94
data/vendor/v8/src/parser.cc +16 -4
data/vendor/v8/src/platform-freebsd.cc +1 -0
data/vendor/v8/src/platform-linux.cc +9 -30
data/vendor/v8/src/platform-posix.cc +28 -7
data/vendor/v8/src/platform-win32.cc +15 -3
data/vendor/v8/src/platform.h +2 -1
data/vendor/v8/src/profile-generator-inl.h +25 -2
data/vendor/v8/src/profile-generator.cc +300 -822
data/vendor/v8/src/profile-generator.h +97 -214
data/vendor/v8/src/regexp-macro-assembler-irregexp.cc +2 -1
data/vendor/v8/src/regexp-macro-assembler-irregexp.h +2 -2
data/vendor/v8/src/regexp-macro-assembler-tracer.cc +6 -5
data/vendor/v8/src/regexp-macro-assembler-tracer.h +1 -1
data/vendor/v8/src/regexp-macro-assembler.cc +7 -3
data/vendor/v8/src/regexp-macro-assembler.h +10 -2
data/vendor/v8/src/regexp.js +6 -0
data/vendor/v8/src/runtime.cc +265 -212
data/vendor/v8/src/runtime.h +6 -5
data/vendor/v8/src/scopes.cc +20 -0
data/vendor/v8/src/scopes.h +6 -3
data/vendor/v8/src/spaces.cc +0 -2
data/vendor/v8/src/string-stream.cc +2 -2
data/vendor/v8/src/v8-counters.h +0 -2
data/vendor/v8/src/v8natives.js +2 -2
data/vendor/v8/src/v8utils.h +6 -3
data/vendor/v8/src/version.cc +1 -1
data/vendor/v8/src/x64/assembler-x64.h +2 -1
data/vendor/v8/src/x64/builtins-x64.cc +5 -4
data/vendor/v8/src/x64/code-stubs-x64.cc +25 -16
data/vendor/v8/src/x64/codegen-x64.cc +2 -2
data/vendor/v8/src/x64/debug-x64.cc +14 -1
data/vendor/v8/src/x64/disasm-x64.cc +1 -1
data/vendor/v8/src/x64/full-codegen-x64.cc +10 -106
data/vendor/v8/src/x64/ic-x64.cc +20 -16
data/vendor/v8/src/x64/lithium-codegen-x64.cc +156 -79
data/vendor/v8/src/x64/lithium-codegen-x64.h +2 -1
data/vendor/v8/src/x64/lithium-x64.cc +18 -8
data/vendor/v8/src/x64/lithium-x64.h +7 -2
data/vendor/v8/src/x64/macro-assembler-x64.cc +50 -40
data/vendor/v8/src/x64/macro-assembler-x64.h +5 -4
data/vendor/v8/src/x64/regexp-macro-assembler-x64.cc +122 -51
data/vendor/v8/src/x64/regexp-macro-assembler-x64.h +17 -8
data/vendor/v8/src/x64/simulator-x64.h +4 -4
data/vendor/v8/src/x64/stub-cache-x64.cc +55 -17
data/vendor/v8/test/cctest/cctest.status +1 -0
data/vendor/v8/test/cctest/test-api.cc +24 -0
data/vendor/v8/test/cctest/test-func-name-inference.cc +38 -0
data/vendor/v8/test/cctest/test-heap-profiler.cc +21 -77
data/vendor/v8/test/cctest/test-heap.cc +164 -3
data/vendor/v8/test/cctest/test-list.cc +12 -0
data/vendor/v8/test/cctest/test-mark-compact.cc +5 -5
data/vendor/v8/test/cctest/test-regexp.cc +14 -8
data/vendor/v8/test/cctest/testcfg.py +2 -0
data/vendor/v8/test/mjsunit/accessor-map-sharing.js +176 -0
data/vendor/v8/test/mjsunit/array-construct-transition.js +3 -3
data/vendor/v8/test/mjsunit/array-literal-transitions.js +10 -10
data/vendor/v8/test/mjsunit/big-array-literal.js +3 -0
data/vendor/v8/test/mjsunit/compiler/inline-construct.js +4 -2
data/vendor/v8/test/mjsunit/debug-liveedit-stack-padding.js +88 -0
data/vendor/v8/test/mjsunit/elements-kind.js +4 -4
data/vendor/v8/test/mjsunit/elements-transition-hoisting.js +2 -2
data/vendor/v8/test/mjsunit/elements-transition.js +5 -5
data/vendor/v8/test/mjsunit/error-constructors.js +68 -33
data/vendor/v8/test/mjsunit/harmony/proxies.js +14 -6
data/vendor/v8/test/mjsunit/mjsunit.status +1 -0
data/vendor/v8/test/mjsunit/packed-elements.js +112 -0
data/vendor/v8/test/mjsunit/regexp-capture-3.js +6 -0
data/vendor/v8/test/mjsunit/regexp-global.js +132 -0
data/vendor/v8/test/mjsunit/regexp.js +11 -0
data/vendor/v8/test/mjsunit/regress/regress-117409.js +52 -0
data/vendor/v8/test/mjsunit/regress/regress-126412.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-128018.js +35 -0
data/vendor/v8/test/mjsunit/regress/regress-128146.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-1639-2.js +4 -1
data/vendor/v8/test/mjsunit/regress/regress-1639.js +14 -8
data/vendor/v8/test/mjsunit/regress/regress-1849.js +3 -3
data/vendor/v8/test/mjsunit/regress/regress-1878.js +2 -2
data/vendor/v8/test/mjsunit/regress/regress-2071.js +79 -0
data/vendor/v8/test/mjsunit/regress/regress-2153.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-122271.js +4 -4
data/vendor/v8/test/mjsunit/regress/regress-crbug-126414.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-smi-only-concat.js +2 -2
data/vendor/v8/test/mjsunit/regress/regress-transcendental.js +49 -0
data/vendor/v8/test/mjsunit/stack-traces.js +14 -0
data/vendor/v8/test/mjsunit/unbox-double-arrays.js +4 -3
data/vendor/v8/test/test262/testcfg.py +6 -1
data/vendor/v8/tools/check-static-initializers.sh +11 -3
data/vendor/v8/tools/fuzz-harness.sh +92 -0
data/vendor/v8/tools/grokdump.py +658 -67
data/vendor/v8/tools/gyp/v8.gyp +21 -39
data/vendor/v8/tools/js2c.py +3 -3
data/vendor/v8/tools/jsmin.py +2 -2
data/vendor/v8/tools/presubmit.py +2 -1
data/vendor/v8/tools/test-wrapper-gypbuild.py +25 -11
metadata +624 -612

data/vendor/v8/src/arm/macro-assembler-arm.cc CHANGED

@@ -1868,10 +1868,12 @@ void MacroAssembler::CompareRoot(Register obj,
 void MacroAssembler::CheckFastElements(Register map,
                                        Register scratch,
                                        Label* fail) {
-  STATIC_ASSERT(FAST_SMI_ONLY_ELEMENTS == 0);
-  STATIC_ASSERT(FAST_ELEMENTS == 1);
+  STATIC_ASSERT(FAST_SMI_ELEMENTS == 0);
+  STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS == 1);
+  STATIC_ASSERT(FAST_ELEMENTS == 2);
+  STATIC_ASSERT(FAST_HOLEY_ELEMENTS == 3);
   ldrb(scratch, FieldMemOperand(map, Map::kBitField2Offset));
-  cmp(scratch, Operand(Map::kMaximumBitField2FastElementValue));
+  cmp(scratch, Operand(Map::kMaximumBitField2FastHoleyElementValue));
   b(hi, fail);
 }
@@ -1879,22 +1881,25 @@ void MacroAssembler::CheckFastElements(Register map,
 void MacroAssembler::CheckFastObjectElements(Register map,
                                              Register scratch,
                                              Label* fail) {
-  STATIC_ASSERT(FAST_SMI_ONLY_ELEMENTS == 0);
-  STATIC_ASSERT(FAST_ELEMENTS == 1);
+  STATIC_ASSERT(FAST_SMI_ELEMENTS == 0);
+  STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS == 1);
+  STATIC_ASSERT(FAST_ELEMENTS == 2);
+  STATIC_ASSERT(FAST_HOLEY_ELEMENTS == 3);
   ldrb(scratch, FieldMemOperand(map, Map::kBitField2Offset));
-  cmp(scratch, Operand(Map::kMaximumBitField2FastSmiOnlyElementValue));
+  cmp(scratch, Operand(Map::kMaximumBitField2FastHoleySmiElementValue));
   b(ls, fail);
-  cmp(scratch, Operand(Map::kMaximumBitField2FastElementValue));
+  cmp(scratch, Operand(Map::kMaximumBitField2FastHoleyElementValue));
   b(hi, fail);
 }
-void MacroAssembler::CheckFastSmiOnlyElements(Register map,
-                                              Register scratch,
-                                              Label* fail) {
-  STATIC_ASSERT(FAST_SMI_ONLY_ELEMENTS == 0);
+void MacroAssembler::CheckFastSmiElements(Register map,
+                                          Register scratch,
+                                          Label* fail) {
+  STATIC_ASSERT(FAST_SMI_ELEMENTS == 0);
+  STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS == 1);
   ldrb(scratch, FieldMemOperand(map, Map::kBitField2Offset));
-  cmp(scratch, Operand(Map::kMaximumBitField2FastSmiOnlyElementValue));
+  cmp(scratch, Operand(Map::kMaximumBitField2FastHoleySmiElementValue));
   b(hi, fail);
 }
@@ -1997,22 +2002,17 @@ void MacroAssembler::CompareMap(Register obj,
   ldr(scratch, FieldMemOperand(obj, HeapObject::kMapOffset));
   cmp(scratch, Operand(map));
   if (mode == ALLOW_ELEMENT_TRANSITION_MAPS) {
-    Map* transitioned_fast_element_map(
-        map->LookupElementsTransitionMap(FAST_ELEMENTS, NULL));
-    ASSERT(transitioned_fast_element_map == NULL ||
-           map->elements_kind() != FAST_ELEMENTS);
-    if (transitioned_fast_element_map != NULL) {
-      b(eq, early_success);
-      cmp(scratch, Operand(Handle<Map>(transitioned_fast_element_map)));
-    }
-    Map* transitioned_double_map(
-        map->LookupElementsTransitionMap(FAST_DOUBLE_ELEMENTS, NULL));
-    ASSERT(transitioned_double_map == NULL ||
-           map->elements_kind() == FAST_SMI_ONLY_ELEMENTS);
-    if (transitioned_double_map != NULL) {
-      b(eq, early_success);
-      cmp(scratch, Operand(Handle<Map>(transitioned_double_map)));
+    ElementsKind kind = map->elements_kind();
+    if (IsFastElementsKind(kind)) {
+      bool packed = IsFastPackedElementsKind(kind);
+      Map* current_map = *map;
+      while (CanTransitionToMoreGeneralFastElementsKind(kind, packed)) {
+        kind = GetNextMoreGeneralFastElementsKind(kind, packed);
+        current_map = current_map->LookupElementsTransitionMap(kind, NULL);
+        if (!current_map) break;
+        b(eq, early_success);
+        cmp(scratch, Operand(Handle<Map>(current_map)));
+      }
     }
   }
 }
@@ -2865,28 +2865,38 @@ void MacroAssembler::LoadTransitionedArrayMapConditional(
   ldr(scratch, FieldMemOperand(scratch, GlobalObject::kGlobalContextOffset));
   // Check that the function's map is the same as the expected cached map.
-  int expected_index =
-      Context::GetContextMapIndexFromElementsKind(expected_kind);
-  ldr(ip, MemOperand(scratch, Context::SlotOffset(expected_index)));
-  cmp(map_in_out, ip);
+  ldr(scratch,
+      MemOperand(scratch,
+                 Context::SlotOffset(Context::JS_ARRAY_MAPS_INDEX)));
+  size_t offset = expected_kind * kPointerSize +
+      FixedArrayBase::kHeaderSize;
+  cmp(map_in_out, scratch);
   b(ne, no_map_match);
   // Use the transitioned cached map.
-  int trans_index =
-      Context::GetContextMapIndexFromElementsKind(transitioned_kind);
-  ldr(map_in_out, MemOperand(scratch, Context::SlotOffset(trans_index)));
+  offset = transitioned_kind * kPointerSize +
+      FixedArrayBase::kHeaderSize;
+  ldr(map_in_out, FieldMemOperand(scratch, offset));
 }
 void MacroAssembler::LoadInitialArrayMap(
-    Register function_in, Register scratch, Register map_out) {
+    Register function_in, Register scratch,
+    Register map_out, bool can_have_holes) {
   ASSERT(!function_in.is(map_out));
   Label done;
   ldr(map_out, FieldMemOperand(function_in,
                                JSFunction::kPrototypeOrInitialMapOffset));
   if (!FLAG_smi_only_arrays) {
-    LoadTransitionedArrayMapConditional(FAST_SMI_ONLY_ELEMENTS,
-                                        FAST_ELEMENTS,
+    ElementsKind kind = can_have_holes ? FAST_HOLEY_ELEMENTS : FAST_ELEMENTS;
+    LoadTransitionedArrayMapConditional(FAST_SMI_ELEMENTS,
+                                        kind,
+                                        map_out,
+                                        scratch,
+                                        &done);
+  } else if (can_have_holes) {
+    LoadTransitionedArrayMapConditional(FAST_SMI_ELEMENTS,
+                                        FAST_HOLEY_SMI_ELEMENTS,
                                         map_out,
                                         scratch,
                                         &done);
@@ -3738,7 +3748,7 @@ CodePatcher::CodePatcher(byte* address, int instructions)
     : address_(address),
       instructions_(instructions),
       size_(instructions * Assembler::kInstrSize),
-      masm_(Isolate::Current(), address, size_ + Assembler::kGap) {
+      masm_(NULL, address, size_ + Assembler::kGap) {
   // Create a new macro assembler pointing to the address of the code to patch.
   // The size is adjusted with kGap on order for the assembler to generate size
   // bytes of instructions without failing with buffer size constraints.

data/vendor/v8/src/arm/macro-assembler-arm.h CHANGED

@@ -512,7 +512,8 @@ class MacroAssembler: public Assembler {
   // Load the initial map for new Arrays from a JSFunction.
   void LoadInitialArrayMap(Register function_in,
                            Register scratch,
-                           Register map_out);
+                           Register map_out,
+                           bool can_have_holes);
   void LoadGlobalFunction(int index, Register function);
@@ -802,9 +803,9 @@ class MacroAssembler: public Assembler {
   // Check if a map for a JSObject indicates that the object has fast smi only
   // elements.  Jump to the specified label if it does not.
-  void CheckFastSmiOnlyElements(Register map,
-                                Register scratch,
-                                Label* fail);
+  void CheckFastSmiElements(Register map,
+                            Register scratch,
+                            Label* fail);
   // Check to see if maybe_number can be stored as a double in
   // FastDoubleElements. If it can, store it at the index specified by key in

data/vendor/v8/src/arm/regexp-macro-assembler-arm.cc CHANGED

@@ -1,4 +1,4 @@
-// Copyright 2009 the V8 project authors. All rights reserved.
+// Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
@@ -43,45 +43,49 @@ namespace internal {
 #ifndef V8_INTERPRETED_REGEXP
 /*
  * This assembler uses the following register assignment convention
+ * - r4 : Temporarily stores the index of capture start after a matching pass
+ *        for a global regexp.
  * - r5 : Pointer to current code object (Code*) including heap object tag.
  * - r6 : Current position in input, as negative offset from end of string.
  *        Please notice that this is the byte offset, not the character offset!
  * - r7 : Currently loaded character. Must be loaded using
  *        LoadCurrentCharacter before using any of the dispatch methods.
- * - r8 : points to tip of backtrack stack
+ * - r8 : Points to tip of backtrack stack
  * - r9 : Unused, might be used by C code and expected unchanged.
  * - r10 : End of input (points to byte after last character in input).
  * - r11 : Frame pointer. Used to access arguments, local variables and
  *         RegExp registers.
  * - r12 : IP register, used by assembler. Very volatile.
- * - r13/sp : points to tip of C stack.
+ * - r13/sp : Points to tip of C stack.
  *
  * The remaining registers are free for computations.
  * Each call to a public method should retain this convention.
  *
  * The stack will have the following structure:
- *  - fp[52]  Isolate* isolate   (Address of the current isolate)
- *  - fp[48]  direct_call  (if 1, direct call from JavaScript code,
- *                          if 0, call through the runtime system).
- *  - fp[44]  stack_area_base (High end of the memory area to use as
- *                             backtracking stack).
+ *  - fp[56]  Isolate* isolate   (address of the current isolate)
+ *  - fp[52]  direct_call        (if 1, direct call from JavaScript code,
+ *                                if 0, call through the runtime system).
+ *  - fp[48]  stack_area_base    (high end of the memory area to use as
+ *                                backtracking stack).
+ *  - fp[44]  capture array size (may fit multiple sets of matches)
  *  - fp[40]  int* capture_array (int[num_saved_registers_], for output).
  *  - fp[36]  secondary link/return address used by native call.
  *  --- sp when called ---
- *  - fp[32]  return address (lr).
- *  - fp[28]  old frame pointer (r11).
+ *  - fp[32]  return address     (lr).
+ *  - fp[28]  old frame pointer  (r11).
  *  - fp[0..24]  backup of registers r4..r10.
  *  --- frame pointer ----
- *  - fp[-4]  end of input       (Address of end of string).
- *  - fp[-8]  start of input     (Address of first character in string).
+ *  - fp[-4]  end of input       (address of end of string).
+ *  - fp[-8]  start of input     (address of first character in string).
  *  - fp[-12] start index        (character index of start).
  *  - fp[-16] void* input_string (location of a handle containing the string).
- *  - fp[-20] Offset of location before start of input (effectively character
+ *  - fp[-20] success counter    (only for global regexps to count matches).
+ *  - fp[-24] Offset of location before start of input (effectively character
  *            position -1). Used to initialize capture registers to a
  *            non-position.
- *  - fp[-24] At start (if 1, we are starting at the start of the
+ *  - fp[-28] At start (if 1, we are starting at the start of the
  *    string, otherwise 0)
- *  - fp[-28] register 0         (Only positions must be stored in the first
+ *  - fp[-32] register 0         (Only positions must be stored in the first
  *  -         register 1          num_saved_registers_ registers)
  *  -         ...
  *  -         register num_registers-1
@@ -197,9 +201,9 @@ void RegExpMacroAssemblerARM::CheckCharacterGT(uc16 limit, Label* on_greater) {
 void RegExpMacroAssemblerARM::CheckAtStart(Label* on_at_start) {
   Label not_at_start;
   // Did we start the match at the start of the string at all?
-  __ ldr(r0, MemOperand(frame_pointer(), kAtStart));
+  __ ldr(r0, MemOperand(frame_pointer(), kStartIndex));
   __ cmp(r0, Operand(0, RelocInfo::NONE));
-  BranchOrBacktrack(eq, &not_at_start);
+  BranchOrBacktrack(ne, &not_at_start);
   // If we did, are we still at the start of the input?
   __ ldr(r1, MemOperand(frame_pointer(), kInputStart));
@@ -212,9 +216,9 @@ void RegExpMacroAssemblerARM::CheckAtStart(Label* on_at_start) {
 void RegExpMacroAssemblerARM::CheckNotAtStart(Label* on_not_at_start) {
   // Did we start the match at the start of the string at all?
-  __ ldr(r0, MemOperand(frame_pointer(), kAtStart));
+  __ ldr(r0, MemOperand(frame_pointer(), kStartIndex));
   __ cmp(r0, Operand(0, RelocInfo::NONE));
-  BranchOrBacktrack(eq, on_not_at_start);
+  BranchOrBacktrack(ne, on_not_at_start);
   // If we did, are we still at the start of the input?
   __ ldr(r1, MemOperand(frame_pointer(), kInputStart));
   __ add(r0, end_of_input_address(), Operand(current_input_offset()));
@@ -655,6 +659,7 @@ void RegExpMacroAssemblerARM::Fail() {
 Handle<HeapObject> RegExpMacroAssemblerARM::GetCode(Handle<String> source) {
+  Label return_r0;
   // Finalize code - write the entry point code now we know how many
   // registers we need.
@@ -678,8 +683,9 @@ Handle<HeapObject> RegExpMacroAssemblerARM::GetCode(Handle<String> source) {
   // Set frame pointer in space for it if this is not a direct call
   // from generated code.
   __ add(frame_pointer(), sp, Operand(4 * kPointerSize));
+  __ mov(r0, Operand(0, RelocInfo::NONE));
+  __ push(r0);  // Make room for success counter and initialize it to 0.
   __ push(r0);  // Make room for "position - 1" constant (value is irrelevant).
-  __ push(r0);  // Make room for "at start" constant (value is irrelevant).
   // Check if we have space on the stack for registers.
   Label stack_limit_hit;
   Label stack_ok;
@@ -698,13 +704,13 @@ Handle<HeapObject> RegExpMacroAssemblerARM::GetCode(Handle<String> source) {
   // Exit with OutOfMemory exception. There is not enough space on the stack
   // for our working registers.
   __ mov(r0, Operand(EXCEPTION));
-  __ jmp(&exit_label_);
+  __ jmp(&return_r0);
   __ bind(&stack_limit_hit);
   CallCheckStackGuardState(r0);
   __ cmp(r0, Operand(0, RelocInfo::NONE));
   // If returned value is non-zero, we exit with the returned value as result.
-  __ b(ne, &exit_label_);
+  __ b(ne, &return_r0);
   __ bind(&stack_ok);
@@ -725,41 +731,45 @@ Handle<HeapObject> RegExpMacroAssemblerARM::GetCode(Handle<String> source) {
   // position registers.
   __ str(r0, MemOperand(frame_pointer(), kInputStartMinusOne));
-  // Determine whether the start index is zero, that is at the start of the
-  // string, and store that value in a local variable.
-  __ cmp(r1, Operand(0));
-  __ mov(r1, Operand(1), LeaveCC, eq);
-  __ mov(r1, Operand(0, RelocInfo::NONE), LeaveCC, ne);
-  __ str(r1, MemOperand(frame_pointer(), kAtStart));
+  // Initialize code pointer register
+  __ mov(code_pointer(), Operand(masm_->CodeObject()));
+  Label load_char_start_regexp, start_regexp;
+  // Load newline if index is at start, previous character otherwise.
+  __ cmp(r1, Operand(0, RelocInfo::NONE));
+  __ b(ne, &load_char_start_regexp);
+  __ mov(current_character(), Operand('\n'), LeaveCC, eq);
+  __ jmp(&start_regexp);
+  // Global regexp restarts matching here.
+  __ bind(&load_char_start_regexp);
+  // Load previous char as initial value of current character register.
+  LoadCurrentCharacterUnchecked(-1, 1);
+  __ bind(&start_regexp);
+  // Initialize on-stack registers.
   if (num_saved_registers_ > 0) {  // Always is, if generated from a regexp.
     // Fill saved registers with initial value = start offset - 1
-    // Address of register 0.
-    __ add(r1, frame_pointer(), Operand(kRegisterZero));
-    __ mov(r2, Operand(num_saved_registers_));
-    Label init_loop;
-    __ bind(&init_loop);
-    __ str(r0, MemOperand(r1, kPointerSize, NegPostIndex));
-    __ sub(r2, r2, Operand(1), SetCC);
-    __ b(ne, &init_loop);
+    if (num_saved_registers_ > 8) {
+      // Address of register 0.
+      __ add(r1, frame_pointer(), Operand(kRegisterZero));
+      __ mov(r2, Operand(num_saved_registers_));
+      Label init_loop;
+      __ bind(&init_loop);
+      __ str(r0, MemOperand(r1, kPointerSize, NegPostIndex));
+      __ sub(r2, r2, Operand(1), SetCC);
+      __ b(ne, &init_loop);
+    } else {
+      for (int i = 0; i < num_saved_registers_; i++) {
+        __ str(r0, register_location(i));
+      }
+    }
   }
   // Initialize backtrack stack pointer.
   __ ldr(backtrack_stackpointer(), MemOperand(frame_pointer(), kStackHighEnd));
-  // Initialize code pointer register
-  __ mov(code_pointer(), Operand(masm_->CodeObject()));
-  // Load previous char as initial value of current character register.
-  Label at_start;
-  __ ldr(r0, MemOperand(frame_pointer(), kAtStart));
-  __ cmp(r0, Operand(0, RelocInfo::NONE));
-  __ b(ne, &at_start);
-  LoadCurrentCharacterUnchecked(-1, 1);  // Load previous char.
-  __ jmp(&start_label_);
-  __ bind(&at_start);
-  __ mov(current_character(), Operand('\n'));
-  __ jmp(&start_label_);
+  __ jmp(&start_label_);
   // Exit code:
   if (success_label_.is_linked()) {
@@ -786,6 +796,10 @@ Handle<HeapObject> RegExpMacroAssemblerARM::GetCode(Handle<String> source) {
       for (int i = 0; i < num_saved_registers_; i += 2) {
         __ ldr(r2, register_location(i));
         __ ldr(r3, register_location(i + 1));
+        if (global()) {
+          // Keep capture start in r4 for the zero-length check later.
+          __ mov(r4, r2);
+        }
         if (mode_ == UC16) {
           __ add(r2, r1, Operand(r2, ASR, 1));
           __ add(r3, r1, Operand(r3, ASR, 1));
@@ -797,10 +811,54 @@ Handle<HeapObject> RegExpMacroAssemblerARM::GetCode(Handle<String> source) {
         __ str(r3, MemOperand(r0, kPointerSize, PostIndex));
       }
     }
-    __ mov(r0, Operand(SUCCESS));
+    if (global()) {
+      // Restart matching if the regular expression is flagged as global.
+      __ ldr(r0, MemOperand(frame_pointer(), kSuccessfulCaptures));
+      __ ldr(r1, MemOperand(frame_pointer(), kNumOutputRegisters));
+      __ ldr(r2, MemOperand(frame_pointer(), kRegisterOutput));
+      // Increment success counter.
+      __ add(r0, r0, Operand(1));
+      __ str(r0, MemOperand(frame_pointer(), kSuccessfulCaptures));
+      // Capture results have been stored, so the number of remaining global
+      // output registers is reduced by the number of stored captures.
+      __ sub(r1, r1, Operand(num_saved_registers_));
+      // Check whether we have enough room for another set of capture results.
+      __ cmp(r1, Operand(num_saved_registers_));
+      __ b(lt, &return_r0);
+      __ str(r1, MemOperand(frame_pointer(), kNumOutputRegisters));
+      // Advance the location for output.
+      __ add(r2, r2, Operand(num_saved_registers_ * kPointerSize));
+      __ str(r2, MemOperand(frame_pointer(), kRegisterOutput));
+      // Prepare r0 to initialize registers with its value in the next run.
+      __ ldr(r0, MemOperand(frame_pointer(), kInputStartMinusOne));
+      // Special case for zero-length matches.
+      // r4: capture start index
+      __ cmp(current_input_offset(), r4);
+      // Not a zero-length match, restart.
+      __ b(ne, &load_char_start_regexp);
+      // Offset from the end is zero if we already reached the end.
+      __ cmp(current_input_offset(), Operand(0));
+      __ b(eq, &exit_label_);
+      // Advance current position after a zero-length match.
+      __ add(current_input_offset(),
+             current_input_offset(),
+             Operand((mode_ == UC16) ? 2 : 1));
+      __ b(&load_char_start_regexp);
+    } else {
+      __ mov(r0, Operand(SUCCESS));
+    }
   }
   // Exit and return r0
   __ bind(&exit_label_);
+  if (global()) {
+    __ ldr(r0, MemOperand(frame_pointer(), kSuccessfulCaptures));
+  }
+  __ bind(&return_r0);
   // Skip sp past regexp registers and local variables..
   __ mov(sp, frame_pointer());
   // Restore registers r4..r11 and return (restoring lr to pc).
@@ -822,7 +880,7 @@ Handle<HeapObject> RegExpMacroAssemblerARM::GetCode(Handle<String> source) {
     __ cmp(r0, Operand(0, RelocInfo::NONE));
     // If returning non-zero, we should end execution with the given
     // result as return value.
-    __ b(ne, &exit_label_);
+    __ b(ne, &return_r0);
     // String might have moved: Reload end of string from frame.
     __ ldr(end_of_input_address(), MemOperand(frame_pointer(), kInputEnd));
@@ -859,7 +917,7 @@ Handle<HeapObject> RegExpMacroAssemblerARM::GetCode(Handle<String> source) {
     __ bind(&exit_with_exception);
     // Exit with Result EXCEPTION(-1) to signal thrown exception.
     __ mov(r0, Operand(EXCEPTION));
-    __ jmp(&exit_label_);
+    __ jmp(&return_r0);
   }
   CodeDesc code_desc;
@@ -1014,8 +1072,9 @@ void RegExpMacroAssemblerARM::SetRegister(int register_index, int to) {
 }
-void RegExpMacroAssemblerARM::Succeed() {
+bool RegExpMacroAssemblerARM::Succeed() {
   __ jmp(&success_label_);
+  return global();
 }
@@ -1307,8 +1366,9 @@ void RegExpMacroAssemblerARM::LoadCurrentCharacterUnchecked(int cp_offset,
                                                             int characters) {
   Register offset = current_input_offset();
   if (cp_offset != 0) {
-    __ add(r0, current_input_offset(), Operand(cp_offset * char_size()));
-    offset = r0;
+    // r4 is not being used to store the capture start index at this point.
+    __ add(r4, current_input_offset(), Operand(cp_offset * char_size()));
+    offset = r4;
   }
   // The ldr, str, ldrh, strh instructions can do unaligned accesses, if the CPU
   // and the operating system running on the target allow it.