Commit Graph

2344 Commits

Author SHA1 Message Date
cbruni
ed24dfe80d [runtime] Do not use the enum-cache for keys retrieval.
Currently we fail to properly handle shadowed properties. If the
receiver defines a non-enumerable property that reappears on the
prototype as enumerable it incorrectly shows up in [[Enumerate]].
By extending the KeyAccumulator to track non-enumerable properties
we can now properly filter them out when seeing them further up in
the prototype-chain.

BUG=v8:705
LOG=y

Review URL: https://codereview.chromium.org/1608523002

Cr-Commit-Position: refs/heads/master@{#33405}
2016-01-20 12:37:18 +00:00
hablich
8f67a6e710 Revert of [runtime] Introduce maps for the likely cases of FromPropertyDescriptor. (patchset id:1 of https://codereview.chromium.org/1607943003/ )
Reason for revert:
Predecessor CL suspect for roll breakage: https://codereview.chromium.org/1610563002

Original issue's description:
> [runtime] Introduce maps for the likely cases of FromPropertyDescriptor.
>
> This change improves performance for the common case of
> Object.getOwnPropertyDescriptor by up 3x-4x, where we just
> return a property descriptor object for a regular data or
> accessor property.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/ffa9e82235b20c523ebb1151c6196bc6232296b9
> Cr-Commit-Position: refs/heads/master@{#33398}

TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1604243002

Cr-Commit-Position: refs/heads/master@{#33403}
2016-01-20 11:55:44 +00:00
mstarzinger
82716f1cea [interpreter] Implement exception handler table building.
This implements a first version of exception handler table construction
within the interpreter. Note that the local control flow for try-catch
and try-finally statements is still off, and also stack unwinding does
not yet respect interpreter frames. But generated handler tables should
be populated correctly already.

R=oth@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1607433005

Cr-Commit-Position: refs/heads/master@{#33400}
2016-01-20 10:47:19 +00:00
bmeurer
ffa9e82235 [runtime] Introduce maps for the likely cases of FromPropertyDescriptor.
This change improves performance for the common case of
Object.getOwnPropertyDescriptor by up 3x-4x, where we just
return a property descriptor object for a regular data or
accessor property.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1607943003

Cr-Commit-Position: refs/heads/master@{#33398}
2016-01-20 07:56:27 +00:00
verwaest
90952d768b [runtime] Stop cloning AccessorInfo, just rely on PropertyAttributes for readonly.
The old mechanism was a left-over from a previous time where the runtime
would rely on the presence or absence of the setter to figure out
whether or not the property is mutable. This is unnecessary by now.

Review URL: https://codereview.chromium.org/1600923002

Cr-Commit-Position: refs/heads/master@{#33377}
2016-01-18 20:00:04 +00:00
mstarzinger
e26aa58b1a [interpreter] Add field for handler table to bytecode array.
This adds a handler table field to the header of our BytecodeArray
objects. The field will eventually hold a range-based handler table
similar to full-codegen code, to support exception handlong within
interpreted code.

R=oth@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1606493002

Cr-Commit-Position: refs/heads/master@{#33373}
2016-01-18 17:21:01 +00:00
verwaest
e4b41d64e5 [runtime] remove left-over distinction between AccessorInfo and ExecutableAccessorInfo
Review URL: https://codereview.chromium.org/1600353003

Cr-Commit-Position: refs/heads/master@{#33364}
2016-01-18 15:09:08 +00:00
neis
faf5e68169 Make generators non-constructable.
BUG=v8:4163,v8:4630
LOG=y

R=rossberg

Review URL: https://codereview.chromium.org/1590873002

Cr-Commit-Position: refs/heads/master@{#33360}
2016-01-18 13:11:06 +00:00
jochen
9b7035d96c LookupIterator should find private symbols on JSProxies
BUG=chromium:571365
R=verwaest@chromium.org,neis@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1587633002

Cr-Commit-Position: refs/heads/master@{#33358}
2016-01-18 12:41:30 +00:00
bmeurer
f23985d767 [runtime] No need to carry around the creation context for JSBoundFunctions.
We can return the creation context of the [[BoundTargetFunction]], and
don't need to remember the context in which the function was bound.

R=verwaest@chromium.org
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1590273002

Cr-Commit-Position: refs/heads/master@{#33332}
2016-01-15 14:15:02 +00:00
jochen
ea1152676b Make JSProxies always be in slow mode
That way, we don't have to implement the fast <-> slow migration logic,
and we don't allocate in-object properties anyways

BUG=chromium:571365
R=verwaest@chromium.org,neis@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1582773003

Cr-Commit-Position: refs/heads/master@{#33328}
2016-01-15 13:03:10 +00:00
bmeurer
a6900e0cb7 [runtime] Unify the ToObject handling.
Unify Object::ToObject and Execution::ToObject, and unify all users to
go to Object::ToObject directly. Also remove some dead code from the
frame details debug API.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1589323002

Cr-Commit-Position: refs/heads/master@{#33327}
2016-01-15 13:00:05 +00:00
ishell
405c7a68ab Generalize all representations when reconfiguring a property of a strict Function subclass.
BUG=chromium:575080
LOG=N

Review URL: https://codereview.chromium.org/1579603002

Cr-Commit-Position: refs/heads/master@{#33288}
2016-01-14 10:45:34 +00:00
jochen
4143a667b8 Move properties from JSObject to JSReceiver
That will allow for adding private symbols to JSProxies in a follow-up
change

BUG=chromium:571365
R=neis@chromium.org,verwaest@chromium.org,rossberg@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1575423002

Cr-Commit-Position: refs/heads/master@{#33241}
2016-01-12 15:44:03 +00:00
mlippautz
55422bdd50 [heap] Use HashMap as scratchpad backing store
We use a scratchpad to remember visited allocation sites for post processing
(making tenure decisions). The previous implementation used a rooted FixedArray
with constant length (256) to remember all sites. Updating the scratchpad is a
bottleneck in any parallel/concurrent implementation of newspace evacuation.

The new implementation uses a HashMap with allocation sites as keys and
temporary counts as values. During evacuation we collect a local hashmap of
visited allocation sites. Upon merging the local hashmap back into a global one
we update potential forward pointers of compacted allocation sites.  The
scavenger can directly enter its entries into the global hashmap. Note that the
actual memento found count is still kept on the AllocationSite as it needs to
survive scavenges and full GCs.

BUG=chromium:524425
LOG=N
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1535723002

Cr-Commit-Position: refs/heads/master@{#33233}
2016-01-12 11:46:37 +00:00
bmeurer
9e217ee490 [builtins] Refactor the remaining Date builtins.
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.

R=yangguo@chromium.org
BUG=chromium:576574
LOG=n

Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}

Review URL: https://codereview.chromium.org/1579613002

Cr-Commit-Position: refs/heads/master@{#33231}
2016-01-12 10:48:26 +00:00
machenbach
405ee3aad5 Revert of [builtins] Refactor the remaining Date builtins. (patchset id:20001 of https://codereview.chromium.org/1579613002/ )
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711

Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}

TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574

Review URL: https://codereview.chromium.org/1574223002

Cr-Commit-Position: refs/heads/master@{#33230}
2016-01-12 10:15:25 +00:00
bmeurer
1e51af1a5c [builtins] Refactor the remaining Date builtins.
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.

R=yangguo@chromium.org
BUG=chromium:576574
LOG=n

Review URL: https://codereview.chromium.org/1579613002

Cr-Commit-Position: refs/heads/master@{#33228}
2016-01-12 09:12:55 +00:00
littledan
6e96223750 Add Array support for @@species and subclassing
This patch implements @@species, guarded behind the --harmony-species
flag, on Arrays. Methods which return an Array will instead return
the appropriate instance based on the ArraySpeciesCreate algorithm.
The algorithm is implemented in C++ to get access to realm information
and to implement some Array methods in C++, but it is also accessed
from JavaScript through a new runtime function. A couple interactive
Octane runs show no performance regression with the flag turned off,
but turning --harmony-species on will surely have a significant
regression, as Array methods now heavily use ObjectDefineProperty.

BUG=v8:4093
LOG=Y
R=adamk,cbruni

Review URL: https://codereview.chromium.org/1560763002

Cr-Commit-Position: refs/heads/master@{#33144}
2016-01-07 02:30:01 +00:00
jkummerow
b4583c0444 [prototype user tracking] Don't skip JSGlobalProxies
For a prototype chain foo -> global_proxy -> global_object, we used to
register a dependency from foo -> global_object. This is incorrect when
the global_proxy/global_object pairing is modified, e.g. when navigating
in iframes. With this patch, we properly register foo -> global_proxy and
global_proxy -> global_object dependencies.
Additionally, when a prototype's prototype changes from null to something
else, this new usage relation must be registered if there are other users
further down on the prototype chain that might expect a complete chain of
registrations to exist (which was the case before, and must be preserved).

BUG=chromium:571517
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1559323002

Cr-Commit-Position: refs/heads/master@{#33119}
2016-01-05 16:15:48 +00:00
bmeurer
065e9c536f [runtime] Migrate several Date builtins to C++.
Almost all of the Date builtins always call into C++ at least once
anyway, so parsing, compiling and executing the JavaScript wrappers
is just a waste of time.  The most important part here is the Date
constructor itself, which is one of the blockers for new.target in
TurboFan, because compiling the Date constructor takes too much time
with TurboFan (for no reason since we end up in C++ anway).

R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1556333002

Cr-Commit-Position: refs/heads/master@{#33109}
2016-01-05 11:05:50 +00:00
bmeurer
6a51d31139 [runtime] Migrate Object.create to C++.
There's no point in keeping the ObjectCreate JavaScript wrapper
function, which even does allocation site pretenuring for the
instances created via Object.create (where ObjectCreate itself is
the AllocationSite), and does not offer any sane way forward.

Instead introduce a new ObjectCreate C++ builtin, which currently
serves as a baseline implementation, on top of which we can think
about ways to optimize Object.create for the common case (i.e.
frameworks such as Ember.js make heavy use of Object.create).

R=cbruni@chromium.org
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1558433002

Cr-Commit-Position: refs/heads/master@{#33061}
2015-12-30 14:16:17 +00:00
bmeurer
97def8070c [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.

There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.

The mips/mips64 ports were contributed by akos.palfi@imgtec.com.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n

Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
Cr-Commit-Position: refs/heads/master@{#33042}

Review URL: https://codereview.chromium.org/1542963002

Cr-Commit-Position: refs/heads/master@{#33044}
2015-12-27 06:31:44 +00:00
bmeurer
1cf8b105d6 Revert of [runtime] Introduce dedicated JSBoundFunction to represent bound functions. (patchset id:260001 of https://codereview.chromium.org/1542963002/ )
Reason for revert:
Breaks arm64 sim nosnap: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/805/steps/Check/logs/function-bind

Original issue's description:
> [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
>
> According to the ES2015 specification, bound functions are exotic
> objects, and thus don't need to be implemented as JSFunctions. So
> we introduce a new JSBoundFunction type to represent bound functions
> and make them optimizable. This already improves the performance of
> calling or constructing bound functions by 10-100x depending on the
> use case because we avoid the crazy dance between JavaScript and C++
> that was implemented in v8natives.js previously.
>
> There's still room for improvement in the performance of actually
> creating bound functions, which is also relevant in practice, but
> we already have a plan how to accomplish that later.
>
> The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=chromium:535408, chromium:571299, v8:4629
> LOG=n
>
> Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
> Cr-Commit-Position: refs/heads/master@{#33042}

TBR=cbruni@chromium.org,hpayer@chromium.org,yangguo@chromium.org,akos.palfi@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:535408, chromium:571299, v8:4629

Review URL: https://codereview.chromium.org/1552473002

Cr-Commit-Position: refs/heads/master@{#33043}
2015-12-27 04:42:13 +00:00
bmeurer
ca8623eaa4 [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.

There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.

The mips/mips64 ports were contributed by akos.palfi@imgtec.com.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n

Review URL: https://codereview.chromium.org/1542963002

Cr-Commit-Position: refs/heads/master@{#33042}
2015-12-26 20:28:17 +00:00
cbruni
88b58591ac [proxies] Expose proxies in the API
Add API-accessors for [[ProxyTarget]], [[ProxyHandler]]. Additionally
create new proxies and revoke proxies via the API.

BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1542943002

Cr-Commit-Position: refs/heads/master@{#33013}
2015-12-22 16:37:24 +00:00
bmeurer
4acca53e62 [runtime] Rewrite Function.prototype.toString in C++.
There's actually no point trying to do Function.prototype.toString in
JavaScript, as it always calls into C++ at least once, so it only
complicates things (esp. once we start optimizing bound functions).

Drive-by-fix: Rename FunctionApply and FunctionCall builtins to also
reflect the fact that these are builtins in the Function.prototype and
not on Function itself.

TBR=hpayer@chromium.org
R=yangguo@chromium.org
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1540953004

Cr-Commit-Position: refs/heads/master@{#32996}
2015-12-22 06:33:39 +00:00
neis
641cdd3067 [proxies] Fix Object.prototype.hasOwnProperty
It must call the 'getOwnPropertyDescriptor' trap, not the 'has' trap.

R=cbruni@chromium.org, jkummerow@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1532723005

Cr-Commit-Position: refs/heads/master@{#32944}
2015-12-17 12:12:10 +00:00
mvstanton
412d4f1a8c Remove bogus "public:" in SharedFunctionInfo.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1516003002

Cr-Commit-Position: refs/heads/master@{#32939}
2015-12-17 11:30:56 +00:00
Benedikt Meurer
5bd4832492 [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply.
Introduce a new Apply builtin that forms a correct and optimizable
foundation for the Function.prototype.apply, Reflect.construct and
Reflect.apply builtins (which properly does the PrepareForTailCall
as required by the ES2015 spec).

The new Apply builtin avoids going to the runtime if it is safe to
just access the backing store elements of the argArray, i.e. if you
pass a JSArray with no holes, or an unmapped, unmodified sloppy or
strict arguments object.

mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
BUG=v8:4413, v8:4430
LOG=n
R=yangguo@chromium.org

Committed: e4d2538911

Review URL: https://codereview.chromium.org/1523753002 .

Cr-Commit-Position: refs/heads/master@{#32929}
2015-12-17 08:41:19 +00:00
Benedikt Meurer
567c24d947 Revert of [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply. (patchset id:80001 of https://codereview.chromium.org/1523753002/ )
Reason for revert:
Breaks TSAN somewhow: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7000

Original issue's description:
> [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply.
>
> Introduce a new Apply builtin that forms a correct and optimizable
> foundation for the Function.prototype.apply, Reflect.construct and
> Reflect.apply builtins (which properly does the PrepareForTailCall
> as required by the ES2015 spec).
>
> The new Apply builtin avoids going to the runtime if it is safe to
> just access the backing store elements of the argArray, i.e. if you
> pass a JSArray with no holes, or an unmapped, unmodified sloppy or
> strict arguments object.
>
> mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=v8:4413, v8:4430
> LOG=n
> R=yangguo@chromium.org
>
> Committed: e4d2538911

TBR=yangguo@chromium.org,paul.lind@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413, v8:4430

Review URL: https://codereview.chromium.org/1533803002 .

Cr-Commit-Position: refs/heads/master@{#32928}
2015-12-17 08:06:37 +00:00
Benedikt Meurer
e4d2538911 [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply.
Introduce a new Apply builtin that forms a correct and optimizable
foundation for the Function.prototype.apply, Reflect.construct and
Reflect.apply builtins (which properly does the PrepareForTailCall
as required by the ES2015 spec).

The new Apply builtin avoids going to the runtime if it is safe to
just access the backing store elements of the argArray, i.e. if you
pass a JSArray with no holes, or an unmapped, unmodified sloppy or
strict arguments object.

mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:4413, v8:4430
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1523753002 .

Cr-Commit-Position: refs/heads/master@{#32927}
2015-12-17 07:47:40 +00:00
Benedikt Meurer
aafc3e5484 [runtime] Drop FIRST/LAST_NONCALLABLE_SPEC_OBJECT instance type range.
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used
in field type tracking, where we should check for JSReceiver instead
(there's no need to exclude JSProxy or JSFunction from tracking).

And the use in %_ClassOf was actually wrong and didn't match the C++
implementation in JSReceiver::class_name() anymore. Now it's consistent
again.

R=yangguo@chromium.org
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1535523003 .

Cr-Commit-Position: refs/heads/master@{#32926}
2015-12-17 06:20:01 +00:00
neis
f723b12336 [proxies] Recognize arraylike proxies in Object.prototype.toString.
We must print "[object Array]" for proxies that satisfy Array.isArray.

Cosmetic change on the side: move ObjectProtoToString from JSObject to Object
since it deals with arbitrary objects.

R=adamk@chromium.org, verwaest@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1526023002

Cr-Commit-Position: refs/heads/master@{#32902}
2015-12-16 14:27:23 +00:00
neis
e960636571 [proxies] Improve error messages.
This CL makes proxy-related error messages more accurate and verbose.
(Exception: those used in deprecated functions in v8natives.js.)  Some of
the old error messages were simply wrong.

On the side, fix ShouldThrow semantics of JSProxy::SetPrototype and
JSProxy::DefineOwnProperty.

R=cbruni@chromium.org, jkummerow@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1527583002

Cr-Commit-Position: refs/heads/master@{#32836}
2015-12-14 13:45:03 +00:00
ishell
5c3bfe8f57 During property reconfiguring ensure that the first map that gets new descriptors is the one that owns the whole descriptor array.
This is necessary to guarantee that the whole descriptor would be marked, otherwise DescriptorArray pretenuring would cause crashes.

Review URL: https://codereview.chromium.org/1520613006

Cr-Commit-Position: refs/heads/master@{#32812}
2015-12-11 16:41:46 +00:00
adamk
ed698f3da1 Rewrite Object.prototype.toString in C++
The main impetus is to improve performance when --harmony-tostring
is enabled, thanks to using a generic property load instead of a
megamorphic IC.

This also reduces duplication, as the API function
v8::Object::ObjectProtoToString can share the runtime implementation.

The only functional change in this patch is to drop an accidental difference
between the JS and API implementations: the arguments object should toString
as "[object Arguments]". The JS side was corrected in
https://code.google.com/p/v8/source/detail?r=3279, but the API version was
missed in that patch.

BUG=chromium:555127, v8:3502
LOG=n
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1509533003

Cr-Commit-Position: refs/heads/master@{#32777}
2015-12-11 04:26:43 +00:00
ishell
dddcd0ac17 Fix Function subclassing.
Function subclasses did not have function properties installed (name, prototype, etc.).
Now when an instance of a Function subclass is created it gets initial map that corresponds
to the language mode of the function body. The language mode dependent maps are cached as
special transitions on initial map of the subclass constructor.

BUG=v8:4597, v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1510753005

Cr-Commit-Position: refs/heads/master@{#32764}
2015-12-10 17:28:08 +00:00
mvstanton
909f93d052 Tighten the interface to the optimized code map
We either want to add code+literals to the map, or just literals.
A recent change in the structure of the map (it now uses WeakCells)
meant that we have to be more clear about what we want to do the right
thing.

BUG=

Review URL: https://codereview.chromium.org/1516833002

Cr-Commit-Position: refs/heads/master@{#32761}
2015-12-10 17:03:42 +00:00
jkummerow
e94f07aa2e [cleanup] [proxies] Unify style of recently written code
In particular, return Maybe<bool> from any function that can throw, and
use MAYBE_RETURN and RETURN_FAILURE macros consistently where applicable.

No change in behavior intended.

Review URL: https://codereview.chromium.org/1513713002

Cr-Commit-Position: refs/heads/master@{#32723}
2015-12-09 18:07:00 +00:00
verwaest
454c1faeef Make Error.prototype.toString spec compliant; and fix various side-effect-free error printing methods
R=yangguo@chromium.org
LOG=n

Committed: https://crrev.com/5dffa35350d0f57402806e6bd87a914e1d5933e4
Cr-Commit-Position: refs/heads/master@{#32695}

Review URL: https://codereview.chromium.org/1507273002

Cr-Commit-Position: refs/heads/master@{#32720}
2015-12-09 17:03:08 +00:00
jkummerow
65eef38349 [cleanup] Drop JSObject::GetOwnPropertyNames().
Can be replaced by KeyAccumulator + CollectOwnPropertyNames().

Review URL: https://codereview.chromium.org/1515473003

Cr-Commit-Position: refs/heads/master@{#32719}
2015-12-09 17:03:07 +00:00
ulan
02320548a5 Move map retaining to finalization of incremental marking.
Compaction of the array with maps happens lazily upon adding new maps.

BUG=

Review URL: https://codereview.chromium.org/1481953002

Cr-Commit-Position: refs/heads/master@{#32717}
2015-12-09 14:53:52 +00:00
jkummerow
8ee1c9b5c0 [cleanup] Introduce HasEnumerableElements() helper
This is a simplified copy of JSObject::GetOwnElementKeys and will make it possible to eliminate the latter.

Review URL: https://codereview.chromium.org/1510083003

Cr-Commit-Position: refs/heads/master@{#32713}
2015-12-09 13:17:08 +00:00
ishell
c51e4f1be4 Free one bit in Map by removing unused retaining counter.
Review URL: https://codereview.chromium.org/1506683004

Cr-Commit-Position: refs/heads/master@{#32698}
2015-12-09 09:27:47 +00:00
ulan
8c376b4635 Optimize clearing of map transitions.
Instead of iterating the whole map space to find dead transitions,
look in weak cell list and transition array list.

Simple transitions are in the weak cell list.

Full transitions are in the transitions array list.

BUG=chromium:554488
LOG=NO

Review URL: https://codereview.chromium.org/1488593003

Cr-Commit-Position: refs/heads/master@{#32684}
2015-12-08 20:51:56 +00:00
verwaest
e8adbe7821 Reflect.construct / Proxies: Fall back to intrinsicDefaultProto for non-instance prototypes
Error still to be done, since that's not yet available in the bootstrapper.

BUG=v8:3900, v8:3931, v8:1543, v8:3330
LOG=n

Review URL: https://codereview.chromium.org/1499923002

Cr-Commit-Position: refs/heads/master@{#32662}
2015-12-07 16:35:17 +00:00
neis
ef1ac72901 [proxies] Make Object.{isFrozen,isSealed} behave correctly for proxies.
R=rossberg
BUG=

Review URL: https://codereview.chromium.org/1502983002

Cr-Commit-Position: refs/heads/master@{#32660}
2015-12-07 15:36:14 +00:00
neis
4e2c0dd7a9 [proxies] Make Object.{freeze,seal} behave correctly for proxies.
- Add JSReceiver::SetIntegrityLevel, with a fast path for regular objects.
- Make Object.{freeze,seal} call this via %Object{Freeze,Seal}, thus no longer
  using broken or deprecated functions from v8natives.js.
- Add JSReceiver::OwnPropertyKeys convenience function.
- Reenable harmony/proxies-hash.js test.

R=rossberg
BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1489423002

Cr-Commit-Position: refs/heads/master@{#32651}
2015-12-07 11:01:35 +00:00
jkummerow
7d1263db47 [proxies] Use JSReceiver::GetKeys() for more purposes
Having beefed up GetKeys() to support everything, use it for everything now.

This fixes Object.getOwnPropertyNames and Object.getOwnPropertySymbols for
Proxies, and gets rid of a bunch of code duplication.

BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1498593006

Cr-Commit-Position: refs/heads/master@{#32620}
2015-12-04 15:20:57 +00:00
cbruni
747f455b07 [runtime] [proxy] removing JSFunctionProxy and related code.
BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1496503002

Cr-Commit-Position: refs/heads/master@{#32616}
2015-12-04 13:49:24 +00:00
neis
62127d00ae [proxies] Implement Proxy.revocable.
For now, we revoke a proxy by setting its handler to null (as in the spec).

Change the "target" field from Object to JSReceiver as there's no point in
allowing more.

R=jkummerow@chromium.org, rossberg
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1496243003

Cr-Commit-Position: refs/heads/master@{#32608}
2015-12-04 10:56:01 +00:00
bmeurer
e89e08ca14 Revert of Provide call counts for constructor calls, surface them as a vector IC. (patchset id:60001 of https://codereview.chromium.org/1476413003/ )
Reason for revert:
Seems to be (mostly) responsible for the most recent Speedometer regression, not 100% sure. Let's see what the bots have to say.

Original issue's description:
> Provide call counts for constructor calls, surface them as a vector IC.
>
> CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub.
>
> BUG=
>
> Committed: https://crrev.com/66d5a9df62da458a51e8c7ed1811dc9660f4f418
> Cr-Commit-Position: refs/heads/master@{#32452}

TBR=mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1489413006

Cr-Commit-Position: refs/heads/master@{#32599}
2015-12-04 07:34:31 +00:00
machenbach
2cb40dc722 Reland of [proxies] Make Object.prototype.isPrototypeOf work with proxies. (patchset id:1 of https://codereview.chromium.org/1494283002/ )
Reason for revert:
Did not help...

Original issue's description:
> Revert of [proxies] Make Object.prototype.isPrototypeOf work with proxies. (patchset  id:20001 of https://codereview.chromium.org/1492863002/ )
>
> Reason for revert:
> [Sheriff] Speculative revert for:
> https://uberchromegw.corp.google.com/i/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225
>
> Can just be relanded if it doesn't get green.
>
> Original issue's description:
> > [proxies] Make Object.prototype.isPrototypeOf step into proxies.
> >
> > R=rossberg, verwaest@chromium.org
> > BUG=v8:1543
> > LOG=n
> >
> > Committed: https://crrev.com/4ca1180d2e7c409312ae0761cb12843989466573
> > Cr-Commit-Position: refs/heads/master@{#32569}
>
> TBR=rossberg@chromium.org,verwaest@chromium.org,neis@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:1543
>
> Committed: https://crrev.com/48fba9439f291edd5929e19951262dc7e8a09609
> Cr-Commit-Position: refs/heads/master@{#32588}

TBR=rossberg@chromium.org,verwaest@chromium.org,neis@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1543

Review URL: https://codereview.chromium.org/1491743010

Cr-Commit-Position: refs/heads/master@{#32598}
2015-12-04 06:39:16 +00:00
machenbach
48fba9439f Revert of [proxies] Make Object.prototype.isPrototypeOf work with proxies. (patchset id:20001 of https://codereview.chromium.org/1492863002/ )
Reason for revert:
[Sheriff] Speculative revert for:
https://uberchromegw.corp.google.com/i/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225

Can just be relanded if it doesn't get green.

Original issue's description:
> [proxies] Make Object.prototype.isPrototypeOf step into proxies.
>
> R=rossberg, verwaest@chromium.org
> BUG=v8:1543
> LOG=n
>
> Committed: https://crrev.com/4ca1180d2e7c409312ae0761cb12843989466573
> Cr-Commit-Position: refs/heads/master@{#32569}

TBR=rossberg@chromium.org,verwaest@chromium.org,neis@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1543

Review URL: https://codereview.chromium.org/1494283002

Cr-Commit-Position: refs/heads/master@{#32588}
2015-12-03 20:24:46 +00:00
machenbach
15cb3fde7d Reland of [debugger] do not restart frames that reference new.target for liveedit. (patchset id:1 of https://codereview.chromium.org/1493863004/ )
Reason for revert:
Didn't help...

Original issue's description:
> Revert of [debugger] do not restart frames that reference new.target for liveedit. (patchset  id:1 of https://codereview.chromium.org/1493363002/ )
>
> Reason for revert:
> [Sheriff] Speculative revert for https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225
>
> Original issue's description:
> > [debugger] do not restart frames that reference new.target for liveedit.
> >
> > R=mstarzinger@chromium.org
> >
> > Committed: https://crrev.com/6fca870240bdbb07a365189b5eb0c98fa65b3682
> > Cr-Commit-Position: refs/heads/master@{#32572}
>
> TBR=mstarzinger@chromium.org,yangguo@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/1a61dab34b9849f3f70a42ce69317e22758c53a1
> Cr-Commit-Position: refs/heads/master@{#32582}

TBR=mstarzinger@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1492393003

Cr-Commit-Position: refs/heads/master@{#32587}
2015-12-03 20:21:36 +00:00
machenbach
1a61dab34b Revert of [debugger] do not restart frames that reference new.target for liveedit. (patchset id:1 of https://codereview.chromium.org/1493363002/ )
Reason for revert:
[Sheriff] Speculative revert for https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225

Original issue's description:
> [debugger] do not restart frames that reference new.target for liveedit.
>
> R=mstarzinger@chromium.org
>
> Committed: https://crrev.com/6fca870240bdbb07a365189b5eb0c98fa65b3682
> Cr-Commit-Position: refs/heads/master@{#32572}

TBR=mstarzinger@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1493863004

Cr-Commit-Position: refs/heads/master@{#32582}
2015-12-03 18:39:16 +00:00
neis
8a70e9f987 Remove (now) unused GetPropertyWithHandler.
R=cbruni@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1499573004

Cr-Commit-Position: refs/heads/master@{#32578}
2015-12-03 16:50:57 +00:00
yangguo
6fca870240 [debugger] do not restart frames that reference new.target for liveedit.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1493363002

Cr-Commit-Position: refs/heads/master@{#32572}
2015-12-03 15:19:17 +00:00
neis
4ca1180d2e [proxies] Make Object.prototype.isPrototypeOf step into proxies.
R=rossberg, verwaest@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1492863002

Cr-Commit-Position: refs/heads/master@{#32569}
2015-12-03 15:03:24 +00:00
hpayer
463c130d33 Reland of Introduce instance type for transition arrays. (patchset id:1 of https://codereview.chromium.org/1483003002/ )
Reason for revert:
Suspect for crashing found, relanding for canary coverage.

Original issue's description:
> Revert of Introduce instance type for transition arrays. (patchset  id:100001 of https://codereview.chromium.org/1480873003/ )
>
> Reason for revert:
> Broken canary. Trying to find out root cause.
>
> Original issue's description:
> > Introduce instance type for transition arrays.
> >
> > The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.
> >
> > BUG=chromium:554488
> > LOG=NO
> >
> > Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601
> > Cr-Commit-Position: refs/heads/master@{#32396}
>
> TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:554488
>
> Committed: https://crrev.com/38bf70b9cd2a07b99ac0c0b7eda111849e79c146
> Cr-Commit-Position: refs/heads/master@{#32404}

TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:554488

Review URL: https://codereview.chromium.org/1500623002

Cr-Commit-Position: refs/heads/master@{#32561}
2015-12-03 13:18:50 +00:00
neis
82d974799b [proxies] Make Array.isArray respect proxies.
An array is either a JSArray or a proxy whose target is an array.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1497483004

Cr-Commit-Position: refs/heads/master@{#32558}
2015-12-03 12:51:43 +00:00
cbruni
a32096c43c [runtime] [proxy] Remove JSProxy::CallTrap
LOG=n
BUG=v8:1543

Review URL: https://codereview.chromium.org/1500553002

Cr-Commit-Position: refs/heads/master@{#32557}
2015-12-03 12:43:48 +00:00
verwaest
324ab7076c For non-prototype objects constructed using base==new.target, use the cached constructor to render the name.
BUG=chromium:563791
LOG=y

Review URL: https://codereview.chromium.org/1494673004

Cr-Commit-Position: refs/heads/master@{#32556}
2015-12-03 12:41:27 +00:00
ishell
5d38d6819c Fix inobject slack tracking for both subclassing and non-subclassing cases.
It didn't support subclassing case at all and in non-subclassing case the runtime
allocation didn't do the slack tracking step.

BUG=chromium:563339
LOG=Y

Review URL: https://codereview.chromium.org/1488023002

Cr-Commit-Position: refs/heads/master@{#32547}
2015-12-03 10:03:00 +00:00
jkummerow
4a246c1fff [cleanup] Introduce PropertyFilter
Split out of PropertyAttributes, and used for all filtering purposes.
Also moved PropertyAttributes into the v8::internal:: namespace.

No change in behavior intended.

Review URL: https://codereview.chromium.org/1492653004

Cr-Commit-Position: refs/heads/master@{#32525}
2015-12-02 16:30:24 +00:00
jkummerow
e478a8ac39 [proxies] Implement Symbol/DONT_ENUM filtering for GetKeys()
And use it to fix Object.keys() for proxies.

BUG=v8:1543
LOG=n
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1488873003

Cr-Commit-Position: refs/heads/master@{#32496}
2015-12-02 10:19:59 +00:00
cbruni
d9e0a5a9ad [runtime] [proxy] Adding [[SetPrototypeOf]] trap.
LOG=N
BUG=v8:1543

Review URL: https://codereview.chromium.org/1481383003

Cr-Commit-Position: refs/heads/master@{#32471}
2015-12-01 15:59:44 +00:00
cbruni
7e8fa4b96a [runtime] [proxy] implementing [[Get]] trap.
BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1482283002

Cr-Commit-Position: refs/heads/master@{#32466}
2015-12-01 14:04:43 +00:00
neis
031751d5c4 [proxies] Implement [[Set]].
R=rossberg
BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1481103002

Cr-Commit-Position: refs/heads/master@{#32457}
2015-12-01 12:27:09 +00:00
mvstanton
66d5a9df62 Provide call counts for constructor calls, surface them as a vector IC.
CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub.

BUG=

Review URL: https://codereview.chromium.org/1476413003

Cr-Commit-Position: refs/heads/master@{#32452}
2015-12-01 11:06:40 +00:00
hpayer
38bf70b9cd Revert of Introduce instance type for transition arrays. (patchset id:100001 of https://codereview.chromium.org/1480873003/ )
Reason for revert:
Broken canary. Trying to find out root cause.

Original issue's description:
> Introduce instance type for transition arrays.
>
> The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.
>
> BUG=chromium:554488
> LOG=NO
>
> Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601
> Cr-Commit-Position: refs/heads/master@{#32396}

TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:554488

Review URL: https://codereview.chromium.org/1483003002

Cr-Commit-Position: refs/heads/master@{#32404}
2015-11-30 13:04:14 +00:00
neis
0c7bc1cd5f Remove Object::IsSpecObject, use Object::IsJSReceiver instead.
R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1476403004

Cr-Commit-Position: refs/heads/master@{#32398}
2015-11-30 10:52:11 +00:00
ulan
026095a3c7 Introduce instance type for transition arrays.
The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.

BUG=chromium:554488
LOG=NO

Review URL: https://codereview.chromium.org/1480873003

Cr-Commit-Position: refs/heads/master@{#32396}
2015-11-30 10:35:57 +00:00
neis
39296e679f [proxies] Use IsRevoked where possible, remove has_handler.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1486553002

Cr-Commit-Position: refs/heads/master@{#32394}
2015-11-30 09:59:55 +00:00
neis
18ee425cb4 Remove {FIRST,LAST}_SPEC_OBJECT_TYPE.
Use {FIRST,LAST}_JS_RECEIVER_TYPE instead.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1486563002

Cr-Commit-Position: refs/heads/master@{#32393}
2015-11-30 09:50:03 +00:00
jkummerow
2ba464e11c [proxies] [[HasProperty]]: fix trap call.
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1479143002

Cr-Commit-Position: refs/heads/master@{#32391}
2015-11-30 09:21:10 +00:00
jochen
7730edcc12 Remove easy to remove calls to Isolate::Current() from api.cc
R=vogelheim@chromium.org
LOG=n
BUG=v8:2487

Review URL: https://codereview.chromium.org/1474353002

Cr-Commit-Position: refs/heads/master@{#32389}
2015-11-30 08:16:59 +00:00
jkummerow
2fee8a0f1d [proxies] Implement [[Enumerate]] and [[OwnPropertyKeys]]
Both are integrated into JSReceiver::GetKeys().

For now, the implementation ignores Symbol/DONT_ENUM filtering.

BUG=v8:1543
LOG=n

Committed: https://crrev.com/42c6056e6f247724d14dc887f6619a6bf5867a97
Cr-Commit-Position: refs/heads/master@{#32384}

Review URL: https://codereview.chromium.org/1474083003

Cr-Commit-Position: refs/heads/master@{#32386}
2015-11-28 15:03:13 +00:00
machenbach
97def40dc0 Revert of [proxies] Implement [[Enumerate]] and [[OwnPropertyKeys]] (patchset id:40001 of https://codereview.chromium.org/1474083003/ )
Reason for revert:
[Sheriff] Speculative revert for gc mole:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gcmole/builds/5164

Original issue's description:
> [proxies] Implement [[Enumerate]] and [[OwnPropertyKeys]]
>
> Both are integrated into JSReceiver::GetKeys().
>
> For now, the implementation ignores Symbol/DONT_ENUM filtering.
>
> BUG=v8:1543
> LOG=n
>
> Committed: https://crrev.com/42c6056e6f247724d14dc887f6619a6bf5867a97
> Cr-Commit-Position: refs/heads/master@{#32384}

TBR=verwaest@chromium.org,bmeurer@chromium.org,jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1543

Review URL: https://codereview.chromium.org/1482113002

Cr-Commit-Position: refs/heads/master@{#32385}
2015-11-28 14:16:29 +00:00
jkummerow
42c6056e6f [proxies] Implement [[Enumerate]] and [[OwnPropertyKeys]]
Both are integrated into JSReceiver::GetKeys().

For now, the implementation ignores Symbol/DONT_ENUM filtering.

BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1474083003

Cr-Commit-Position: refs/heads/master@{#32384}
2015-11-28 10:48:43 +00:00
verwaest
970a7ad758 Fix Reflect.construct wrt proxy, generator, and non-subclass new.target
This makes sure that proxy + Function/Array works
Makes sure that new.target can be a generator
Makes sure that if new.target is not a subclass, but does not have a prototype, that we'll get that same prototype back the next time we look at new.target.prototype.

BUG=v8:1543, v8:3330, v8:3931
LOG=n

Review URL: https://codereview.chromium.org/1484473002

Cr-Commit-Position: refs/heads/master@{#32382}
2015-11-27 21:44:48 +00:00
verwaest
469675ee3f Fix name shown by devtools for subclasses.
This replaces internal GetConstructorName with toStringTag, .constructor's name
and class_name. This entirely changes how the name is computed for use in
devtools.

BUG=chromium:529177
LOG=n

Review URL: https://codereview.chromium.org/1435273002

Cr-Commit-Position: refs/heads/master@{#32374}
2015-11-27 13:10:25 +00:00
verwaest
7ceaf72708 [Proxies] Support constructable proxy as new.target (reland)
BUG=v8:1543, v8:3330, v8:3931
LOG=n

Review URL: https://codereview.chromium.org/1481773003

Cr-Commit-Position: refs/heads/master@{#32370}
2015-11-27 12:17:16 +00:00
pan.deng
bd5b19e4fe Inline functions to speedup GetElement.
BUG=None
LOG=n

Review URL: https://codereview.chromium.org/1473023004

Cr-Commit-Position: refs/heads/master@{#32354}
2015-11-27 02:52:16 +00:00
machenbach
87f7dc61fa Revert of [Proxies] Support constructable proxy as new.target (patchset id:40001 of https://codereview.chromium.org/1481613003/ )
Reason for revert:
[Sheriff] Breaks:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3977

Original issue's description:
> [Proxies] Support constructable proxy as new.target
>
> BUG=v8:1543, v8:3330, v8:3931
> LOG=n
>
> Committed: https://crrev.com/88ac8aa5236195137d4a7aa18bcc5650a3bdca5a
> Cr-Commit-Position: refs/heads/master@{#32346}

TBR=ishell@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1543, v8:3330, v8:3931

Review URL: https://codereview.chromium.org/1480673004

Cr-Commit-Position: refs/heads/master@{#32350}
2015-11-26 16:21:00 +00:00
verwaest
88ac8aa523 [Proxies] Support constructable proxy as new.target
BUG=v8:1543, v8:3330, v8:3931
LOG=n

Review URL: https://codereview.chromium.org/1481613003

Cr-Commit-Position: refs/heads/master@{#32346}
2015-11-26 15:23:19 +00:00
jkummerow
27d1c008ee [proxies] Refactor JSReceiver::GetKeys()
In preparation for implementing proper Proxy support.

Review URL: https://codereview.chromium.org/1466243002

Cr-Commit-Position: refs/heads/master@{#32345}
2015-11-26 14:53:16 +00:00
hpayer
c678f27e40 Remove leftover NoIncrementalWriteBarrier prototypes.
TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1464313009

Cr-Commit-Position: refs/heads/master@{#32323}
2015-11-26 10:22:09 +00:00
neis
39efa4348a [proxies] Implement [[Delete]].
LOG=N
BUG=v8:1543

Review URL: https://codereview.chromium.org/1479543002

Cr-Commit-Position: refs/heads/master@{#32320}
2015-11-26 09:34:28 +00:00
hpayer
78d6550a12 Remove whiteness witness from runtime.
BUG=561449
LOG=n

Review URL: https://codereview.chromium.org/1468313007

Cr-Commit-Position: refs/heads/master@{#32284}
2015-11-25 15:32:51 +00:00
ishell
2af5e36547 Allow in-object properties in JSCollections, JSWeakCollections and JSRegExp.
BUG=v8:4531
LOG=Y

Review URL: https://codereview.chromium.org/1468933004

Cr-Commit-Position: refs/heads/master@{#32281}
2015-11-25 15:23:03 +00:00
Benedikt Meurer
a6f9670e86 [tools] Unbreak postmortem script.
TBR=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1475843003 .

Cr-Commit-Position: refs/heads/master@{#32275}
2015-11-25 14:22:20 +00:00
bmeurer
2732a6ad44 [es6] Correct parsing of regular expression literal flags.
ES6 section 12.2.8.1 states that flags for regular expression literals
must be checked during parsing and invalid flags are early errors. This
change adapts the Scanner and (Pre)Parser to act according to the spec.

This is also a prerequisite to unify the handling of literal creation
(for Objects, Arrays, Regexps, and at some point Classes).

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1472323002

Cr-Commit-Position: refs/heads/master@{#32273}
2015-11-25 13:46:43 +00:00
ishell
ebf8ec5c51 Fix JSFunction's in-object properties initialization.
BUG=v8:4572
LOG=Y

Review URL: https://codereview.chromium.org/1481493003

Cr-Commit-Position: refs/heads/master@{#32268}
2015-11-25 12:42:14 +00:00
bmeurer
09b44428e4 [runtime] First step to sanitize regexp literal creation.
This is the initial step towards refactoring the regexp literation
creation code to make it less obscure and more similar to the mechanism
we use to create array and object literals.  There's now a new runtime
entry %CreateRegExpLiteral with the same interface as the entries for
array and object literals, except that we still pass the flags as
string.

Instead of embedding the hand written native to clone JSRegExp instances
we now have a FastCloneRegExpStub, which behaves similar to the other
FastCloneShallowArrayStub and FastCloneShallowObjectStub that we already
had.

R=mlippautz@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/1475823003

Cr-Commit-Position: refs/heads/master@{#32255}
2015-11-25 09:23:28 +00:00
epertoso
4307e44899 Adds the possibility of setting a Code object as the callback of a FunctionTemplate.
BUG=

Review URL: https://codereview.chromium.org/1407313004

Cr-Commit-Position: refs/heads/master@{#32213}
2015-11-24 14:33:23 +00:00
neis
a25018905d [proxies] Implement [[PreventExtensions]] and [[IsExtensible]].
BUG=

Review URL: https://codereview.chromium.org/1441043002

Cr-Commit-Position: refs/heads/master@{#32212}
2015-11-24 14:16:24 +00:00
yangguo
912314be27 Correctly handlify Dictionary::CollectKeysTo.
'this' is a raw pointer and can be invalidated through GC, even
though the rest of the code is correctly handlified.

R=cbruni@chromium.org, jkummerow@chromium.org
BUG=v8:4570
LOG=N

Review URL: https://codereview.chromium.org/1475633002

Cr-Commit-Position: refs/heads/master@{#32208}
2015-11-24 13:43:59 +00:00
bmeurer
374b6ea210 [builtins] Sanitize the machinery around Construct calls.
There's no point in collecting feedback for super constructor calls,
because in all (interesting) cases we can gather (better) feedback from
other sources (i.e. via inlining or via using a LOAD_IC to get to the
[[Prototype]] of the target).  So CallConstructStub is now only used
for new Foo(...args) sites where we want to collect feedback in the
baseline compiler.  The optimizing compilers, Reflect.construct and
super constructor calls use the Construct builtin directly, which allows
us to remove some weird code from the CallConstructStub (and opens the
possibility for more code sharing with the CallICStub, maybe even going
for a ConstructICStub).

Also remove the 100% redundant HCallNew instruction, which is just a
wrapper for the Construct builtin anyway (indirectly via the
CallConstructStub).

Drive-by-fix: Drop unused has_function_cache bit on Code objects.

R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4413, v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1469793002

Cr-Commit-Position: refs/heads/master@{#32172}
2015-11-23 10:34:42 +00:00