Now run-tests.py understands "suite/foo/bar" with forward slashes for
command-line test selection on all test suites on all platforms.
Previously, file-based suites like mjsunit also accepted "mjsunit/foo\bar";
that behavior is sacrificed here in favor of unification. For the cctest
suite, OTOH, it wasn't possible on Windows to select specific tests at all.
Original review: https://codereview.chromium.org/1348653003/
This reverts commit 5f44a91059.
NOTRY=true
Review URL: https://codereview.chromium.org/1356613002
Cr-Commit-Position: refs/heads/master@{#30798}
Reason for revert:
mozilla tests are failing on Windows
Original issue's description:
> [test] Fix cctest path separators on Windows
>
> Now run-tests.py understands "suite/foo/bar" with forward slashes for
> command-line test selection on all test suites on all platforms.
>
> Previously, file-based suites like mjsunit also accepted "mjsunit/foo\bar";
> that behavior is sacrificed here in favor of unification. For the cctest
> suite, OTOH, it wasn't possible on Windows to select specific tests at all.
>
> Committed: https://crrev.com/b36cfdb39ae648b49a1396c4f669df9b1f57996c
> Cr-Commit-Position: refs/heads/master@{#30794}
TBR=machenbach@google.com,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1349163002
Cr-Commit-Position: refs/heads/master@{#30795}
Now run-tests.py understands "suite/foo/bar" with forward slashes for
command-line test selection on all test suites on all platforms.
Previously, file-based suites like mjsunit also accepted "mjsunit/foo\bar";
that behavior is sacrificed here in favor of unification. For the cctest
suite, OTOH, it wasn't possible on Windows to select specific tests at all.
Review URL: https://codereview.chromium.org/1348653003
Cr-Commit-Position: refs/heads/master@{#30794}
Defines a new --harmony-tolength flag, and a ToLengthFlagged() runtime function,
that is used where ES6 requires ToLength(), but a pre-ES6 conversion existed
before. When the flag is disabled, the function uses TO_UINT32(), which is
the pre-ES6 behaviour. When the flag enabled, the ES6-compliant ToLength()
conversion is used.
Based on a patch initially from Diego Pino <dpino@igalia.com>
BUG=v8:3087
LOG=Y
Review URL: https://codereview.chromium.org/1309243003
Cr-Commit-Position: refs/heads/master@{#30772}
Add support for `get` and `set` as shorthand properties. Also
supports them for CoverInitializedName in BindingPatterns and (once implemented)
AssignmentPatterns.
BUG=v8:4412, v8:3584
LOG=N
R=adamk, aperez, wingo, rossberg
Review URL: https://codereview.chromium.org/1328083002
Cr-Commit-Position: refs/heads/master@{#30769}
Mark ArrayLiterals utilizing the spread operator as non-simple.
This causes them to return false for IsCompileTimeValue, and thus
causes spread to work as expected in nested literals.
BUG=v8:4417
LOG=y
Review URL: https://codereview.chromium.org/1336123002
Cr-Commit-Position: refs/heads/master@{#30754}
The ES6 specification says that "Built-in functions that are ECMAScript
function objects must be strict mode functions", which in particular
means that you can never test for them using the "caller" field of a
sloppy mode function.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:105
LOG=n
Review URL: https://codereview.chromium.org/1347663002
Cr-Commit-Position: refs/heads/master@{#30750}
The assumption that every function body produces a value does not hold
for functions that e.g. unconditionally throw or endlessly loop. This
fixes the inlining logic to handle such cases.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-530598
BUG=chromium:530598
LOG=n
Review URL: https://codereview.chromium.org/1333193005
Cr-Commit-Position: refs/heads/master@{#30738}
In certiain cases the ArgumentsIteratorSetter would trigger an invalid
state in the LookupIterator when being overridden. This is now solved
by bypassing the SetDataProperty and directly using
DefinePropertyOrElementIgnoringAttributes since we know exactly which
property we're going to install
LOG=N
BUG=chromium:521484
Review URL: https://codereview.chromium.org/1332873002
Cr-Commit-Position: refs/heads/master@{#30705}
Inner functions must be eagerly parsed for scope analysis, but the full AST is
also kept around even though it's not needed.
This CL mitigates this problem by allocating some AstNodes of the inner function
to a temporary Zone which is deallocated once the scope information has been
built. The remaining nodes (such as VariableProxy) must persist until scope
analysis actually happens, and have to be allocated to a parser-persistent Zone.
BUG=417697
LOG=N
Review URL: https://codereview.chromium.org/1304923004
Cr-Commit-Position: refs/heads/master@{#30685}
Replace the ADD, SUB, etc. builtins with proper runtime implementations,
and expose them as runtime calls that can be used by the code stubs and
the interpreter (for now).
Also remove all the support runtime functions for ADD, SUB and friends,
namely %NumberAdd, %NumberSub, and so on.
R=mstarzinger@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
Review URL: https://codereview.chromium.org/1333843002
Cr-Commit-Position: refs/heads/master@{#30680}
When looking up a special accessor for known TypedArray fields
("length", "byteLength", "byteOffset"), consider the entire prototype
chain, not only the direct prototype.
This allows subclasses of TypedArrays to benefit from fast specialized
accesses.
Review URL: https://codereview.chromium.org/1313493005
Cr-Commit-Position: refs/heads/master@{#30678}
The two tests in question got a lot slower and started to timeout now
that the C++ fallback implementation of the %Arguments intrinsics is
composable with respect to inlining.
R=bmeurer@chromium.org,machenbach@chromium.org
Review URL: https://codereview.chromium.org/1330203003
Cr-Commit-Position: refs/heads/master@{#30674}
Update the consolidated load case to carefully chose the load mode
based on the consolidated elements kind.
BUG=v8:4380
LOG=N
Review URL: https://codereview.chromium.org/1329793003
Cr-Commit-Position: refs/heads/master@{#30659}
This makes the C++ fallback implementations for the two intrinsics,
%Arguments and %ArgumentsLength composable with respect to inlining.
Using deoptimization information gives us accurate data here.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-4374
BUG=v8:4374
LOG=n
Review URL: https://codereview.chromium.org/1328363002
Cr-Commit-Position: refs/heads/master@{#30654}
This switches Isolate::ComputeLocation to use baseline code when
computing message locations. This unifies locations between optimized
and non-optimized code by always going through the FrameSummary for
location computation.
R=bmeurer@chromium.org
TEST=message/regress/regress-4266
BUG=v8:4266
LOG=n
Review URL: https://codereview.chromium.org/1331603002
Cr-Commit-Position: refs/heads/master@{#30635}
The semantics of the %_CallFunction intrinsic seem to be very unclear,
which resulted in a lot of bugs. Especially the combination with
%IsSloppyModeFunction is always a bug, because the receiver would be
wrapped in the wrong context. So the %IsSloppyModeFunction helper is
gone now, and many of the buggy uses of %_CallFunction are also
eliminated.
If you ever need to call something with a different receiver, then
%_Call is your friend now. It does what you want and implements the
call sequence fully (and correct).
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1325573004
Cr-Commit-Position: refs/heads/master@{#30634}
- Moving parts of ArrayConcat from builtins.cc to the ElementsAccessor
- Removing ArrayConcat Runtime Function
BUG=v8:4317
LOG=N
Review URL: https://codereview.chromium.org/1330483003
Cr-Commit-Position: refs/heads/master@{#30619}
Wasm mjsunit tests aren't being detected when symlinked into
test/mjsunit/wasm. This causes symlinked directories in that
directory to be included.
BUG=None
TEST=local
R=dehrenberg@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1332463002
Cr-Commit-Position: refs/heads/master@{#30600}
Uses the lower byte with memchr which is
significantly faster than a naive compare
Performance difference with bench (http://hastebin.com/xuxexataso.js):
old new
single character single character
Κ found at 922 Κ found at 922
3324 616
㎡ found at 13217 ㎡ found at 13217
42366 4931
က found at 4096 က found at 4096
13369 9836
found at 65280 found at 65280
207472 36149
ᆬ found at 65445 ᆬ found at 65445
209344 36666
found at 8197 found at 8197
26731 11757
倂 found at 20482 倂 found at 20482
66071 17193
linear search linear search
ΚΛ found at 922 ΚΛ found at 922
4112 504
㎡㎢ found at 13217 ㎡㎢ found at 13217
55105 5119
ᆬᆭ found at 65445 ᆬᆭ found at 65445
268016 35496
linear + bmh search linear + bmh search
ΚΛΜΝΞΟΠΡ found at 922 ΚΛΜΝΞΟΠΡ found at 922
2897 522
ᆬᆭᄃᄄᄅᆰᆱᆲ found at 65445 ᆬᆭᄃᄄᄅᆰᆱᆲ found at 65445
167687 35283
BUG=
Review URL: https://codereview.chromium.org/1324453007
Cr-Commit-Position: refs/heads/master@{#30597}
Reason for revert:
[Sheriff] Breaks fuzzer and msan:
http://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/4773
Repro with:
tools/fuzz-harness.sh out/Debug/d8
(in a ninja Debug build)
Msan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/4097
Original issue's description:
> Speedup stringsearch for two byte strings
>
> Uses the lower byte with memchr which is
> significantly faster than a naive compare
>
> Performance difference with bench (http://hastebin.com/xuxexataso.js):
>
> old new
>
> single character single character
> Κ found at 922 Κ found at 922
> 3324 616
> ㎡ found at 13217 ㎡ found at 13217
> 42366 4931
> က found at 4096 က found at 4096
> 13369 9836
> found at 65280 found at 65280
> 207472 36149
> ᆬ found at 65445 ᆬ found at 65445
> 209344 36666
> found at 8197 found at 8197
> 26731 11757
> 倂 found at 20482 倂 found at 20482
> 66071 17193
>
> linear search linear search
> ΚΛ found at 922 ΚΛ found at 922
> 4112 504
> ㎡㎢ found at 13217 ㎡㎢ found at 13217
> 55105 5119
> ᆬᆭ found at 65445 ᆬᆭ found at 65445
> 268016 35496
>
> linear + bmh search linear + bmh search
> ΚΛΜΝΞΟΠΡ found at 922 ΚΛΜΝΞΟΠΡ found at 922
> 2897 522
> ᆬᆭᄃᄄᄅᆰᆱᆲ found at 65445 ᆬᆭᄃᄄᄅᆰᆱᆲ found at 65445
> 167687 158465
>
> Committed: https://crrev.com/fced280f37588f8a232a414201276e053117e9ea
> Cr-Commit-Position: refs/heads/master@{#30587}
TBR=danno@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org,karl@skomski.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1331433002
Cr-Commit-Position: refs/heads/master@{#30588}
Uses the lower byte with memchr which is
significantly faster than a naive compare
Performance difference with bench (http://hastebin.com/xuxexataso.js):
old new
single character single character
Κ found at 922 Κ found at 922
3324 616
㎡ found at 13217 ㎡ found at 13217
42366 4931
က found at 4096 က found at 4096
13369 9836
found at 65280 found at 65280
207472 36149
ᆬ found at 65445 ᆬ found at 65445
209344 36666
found at 8197 found at 8197
26731 11757
倂 found at 20482 倂 found at 20482
66071 17193
linear search linear search
ΚΛ found at 922 ΚΛ found at 922
4112 504
㎡㎢ found at 13217 ㎡㎢ found at 13217
55105 5119
ᆬᆭ found at 65445 ᆬᆭ found at 65445
268016 35496
linear + bmh search linear + bmh search
ΚΛΜΝΞΟΠΡ found at 922 ΚΛΜΝΞΟΠΡ found at 922
2897 522
ᆬᆭᄃᄄᄅᆰᆱᆲ found at 65445 ᆬᆭᄃᄄᄅᆰᆱᆲ found at 65445
167687 158465
Review URL: https://codereview.chromium.org/1303033012
Cr-Commit-Position: refs/heads/master@{#30587}
- Use the new ElementsAccessor methods
- improve test coverage
BUG=
Review URL: https://codereview.chromium.org/1317053006
Cr-Commit-Position: refs/heads/master@{#30546}
Since the constructor is also the class object itself, allowing it to
retroactively become a strong object would have unintuitive consequences
wrt the strength of the other functions of the class, and whether instances
would be considered instances of a strong class.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1314203002
Cr-Commit-Position: refs/heads/master@{#30519}
This is a change for ES2015. Date objects have mutable state, so having
a mutable prototype is bad for SES requirements, and it is an
inconsistency from the typical ES2015 class style of objects
BUG=v8:4004
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1317403002
Cr-Commit-Position: refs/heads/master@{#30486}
This way we don't need to expose JSReceiver::OrdinaryToPrimitive
as runtime function, and we don't need the separate JS trampoline.
This also adds tests for ToPrimitive on date objects, which are
special.
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1324713002
Cr-Commit-Position: refs/heads/master@{#30473}
- Move fast paths from builtins.cc ArraySlice to ElementsAccessor
- Handle more argument types in the fast path
BUG=
Review URL: https://codereview.chromium.org/1321773002
Cr-Commit-Position: refs/heads/master@{#30471}
This patch changes the switch scope desugaring to create blocks which
propagate their 'return value' for eval.
BUG=v8:4399
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1309303006
Cr-Commit-Position: refs/heads/master@{#30454}
Switch statements introduce their own scope for cases, but this scope
is not necessarily executed in order, as the following function shows:
switch (x) {
case 1:
let y = 1;
case 2:
y = 2;
case 3:
print(y);
}
If x = 2 or x = 3, the code should throw a ReferenceError. However,
FullCodeGen's hole check elimination used the simple algorithm of
assuming that if the initializer was in the same scope, then it was
reached before the use, and therefore the hole check could be
eliminated.
This patch adds an extra bit to scopes, to track if they may
nonlinearly. The parser marks the scope that switch introduces as
nonlinear. FullCodeGen does not eliminate the hole check from
a scope which is nonlinear. This patch refactors FullCodeGen to
put the hole check elimination in one place, rather than in each
backend.
BUG=v8:3926
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1312613003
Cr-Commit-Position: refs/heads/master@{#30453}
This patch makes 'let' a contextual keyword in both strict and sloppy mode.
It behaves as a keyword when used at the beginning of a StatementListItem
or lexical declaration at the beginning of a for statement, if it is followed
by an identifier, [ or {. Implementing this change requires an extra token
look-ahead by the parser which is only invoked in certain cases (so as to
avoid parsing RegExps as ECMAScript tokens). This might result in a slowdown
of the scanner, but performance testing of this patch hasn't yet found much
of a regression.
BUG=v8:3305
LOG=Y
R=adamk,vogelheim
Review URL: https://codereview.chromium.org/1315673009
Cr-Commit-Position: refs/heads/master@{#30451}
This adds a new ToString runtime function and a fast-path ToStringStub
(which is just a simple dispatcher for existing functionality), and also
implements %_ToName using the ToStringStub.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1319973007
Cr-Commit-Position: refs/heads/master@{#30442}
This adds a %ToName runtime entry that uses the previously introduced
Object::ToName, which is based on the new Object::ToPrimitive method.
Also removes the need to expose ToName in various way via the builtins
and/or context.
Drive-by-fix: Let %HasProperty do the ToName conversion implicitly as
required.
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1319133002
Cr-Commit-Position: refs/heads/master@{#30435}
This is the first step towards a spec compliant ToPrimitive
implementation (and therefore spec compliant ToNumber, ToString,
ToName, and friends). It adds support for the @@toPrimitive
symbol that was introduced with ES2015, and also adds the new
Symbol.prototype[@@toPrimitive] and Date.prototype[@@toPrimitive]
initial properties.
There are now runtime functions for %ToPrimitive, %ToNumber and
%ToString, which do the right thing and should be used as fallbacks
instead of the hairy runtime.js implementations. I will do the
same for the other conversion operations mentioned by the spec in
follow up CLs. Once everything is in place we can look into
optimizing things further, so that we don't always call into the
runtime.
Also fixed Date.prototype.toJSON to be spec compliant.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=y
Review URL: https://codereview.chromium.org/1306303003
Cr-Commit-Position: refs/heads/master@{#30434}
- remove the Backing-Store specific code from builtins.cc and put it in elements.cc.
- adding tests to improve coverage of the splice method
BUG=
Review URL: https://codereview.chromium.org/1312033003
Cr-Commit-Position: refs/heads/master@{#30410}
TC39 agreed to disallow "use strict" directives in function body when
non-simple parameter lists are used.
This is a continuation of caitp's CL https://codereview.chromium.org/1281163002/
with some refactorings removed for now.
Still TODO: there is a lot of duplication between the is_simple field of
FormalParametersBase and the NonSimpleParameter property ExpressionClassifier
keeps track of. It should be possible to remove the former with a minor
refactoring of arrow function parsing. This will be attempted in a follow-up CL.
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1300103005
Cr-Commit-Position: refs/heads/master@{#30388}
%_IsObject(foo) is equivalent to typeof foo === 'object' and has
exactly the same optimizations, so there's zero need for %_IsObject
in our code base.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1313903003
Cr-Commit-Position: refs/heads/master@{#30380}
This fixes broken dynamic hole-checks for the temporal dead zone of
non-initializing assignments to {let} and {const} declared variables.
Also note that this exemplifies a case where the dynamic check for such
assignments to {let} declared variables can no longer be elided as the
comment suggested.
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-4388
BUG=v8:4388
LOG=n
Review URL: https://codereview.chromium.org/1318693002
Cr-Commit-Position: refs/heads/master@{#30375}
Make ObjectLiteral::is_simple() false for literals containing computed
property names, which causes IsCompileTimeValue() to return false and
thus force code to be generated for setting up such properties. This
mirrors the handling of '__proto__' in literals.
BUG=v8:4387
LOG=y
Review URL: https://codereview.chromium.org/1307943007
Cr-Commit-Position: refs/heads/master@{#30362}
The HUnaryMathOperation cannot be eliminated in general, because the
spec requires a ToNumber conversion on the input, which is observable
of course.
BUG=v8:4389
LOG=y
Review URL: https://codereview.chromium.org/1307413003
Cr-Commit-Position: refs/heads/master@{#30343}
The previous hack with HInstanceOfKnownGlobal was not only slower,
but also very brittle and required a lot of weird hacks to support it. And
what's even more important it wasn't even correct (because a map check
on the lhs is never enough for instanceof).
The new implementation provides a sane runtime implementation
for InstanceOf plus a fast case in the InstanceOfStub, combined with
a proper specialization in the case of a known global in CrankShaft,
which does only the prototype chain walk (coupled with a code
dependency on the known global).
As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
implementation.
BUG=v8:4376
LOG=y
Review URL: https://codereview.chromium.org/1304633002
Cr-Commit-Position: refs/heads/master@{#30342}
The ES2015 specification for switch statements 13.12.11 specifies that
they get their own lexical scope. This patch introduces such a scope
through a complex desugaring in terms of blocks, done so that Crankshaft
does not have to be updated to support multiple constructs providing
scopes.
Recommitting this patch after a bug fix in Crankshaft to allow a
desugaring with certain elements missing a source location:
https://codereview.chromium.org/1313443002
BUG=v8:4377
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1309163003
Cr-Commit-Position: refs/heads/master@{#30340}
The simulator uses a separate JS stack, exhaustion of the C stack
however is not caught by JS limit checks. This change now lowers the
limit of the JS stack accordingly on function calls.
R=mvstanton@chromium.org
BUG=chromium:522380
TEST=mjsunit/regress/regress-crbug-522380
LOG=n
Review URL: https://codereview.chromium.org/1314623002
Cr-Commit-Position: refs/heads/master@{#30334}
Adds Uint32x4, Uint16x8, and Uint8x16 types.
Adds all functions in the current spec, except for loads and stores.
LOG=Y
BUG=v8:4124
Review URL: https://codereview.chromium.org/1294513004
Cr-Commit-Position: refs/heads/master@{#30322}
Reason for revert:
Breaks cctest/test-cpu-profiler/SourceLocation on nosnap
Original issue's description:
> Add a separate scope for switch
>
> The ES2015 specification for switch statements 13.12.11 specifies that
> they get their own lexical scope. This patch introduces such a scope
> through a complex desugaring in terms of blocks, done so that Crankshaft
> does not have to be updated to support multiple constructs providing
> scopes.
>
> BUG=v8:4377
> LOG=Y
> R=adamk
>
> Committed: https://crrev.com/9edbc1f21eb1050cabbe3b8bc9aebf89ada7ebd7
> Cr-Commit-Position: refs/heads/master@{#30314}
TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4377
Review URL: https://codereview.chromium.org/1309043004
Cr-Commit-Position: refs/heads/master@{#30316}
The parser has special behavior with respect to the bindings
of inner functions in sloppy mode which are not at the top
level of scopes. This behavior should be turned off when the
--harmony-sloppy-function flag is set, as lexical scoping
rules are used instead. Previously, the incorrect flag
--harmony-sloppy was used, resulting in a crashing bug.
BUG=chromium:520029
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1303033003
Cr-Commit-Position: refs/heads/master@{#30315}
The ES2015 specification for switch statements 13.12.11 specifies that
they get their own lexical scope. This patch introduces such a scope
through a complex desugaring in terms of blocks, done so that Crankshaft
does not have to be updated to support multiple constructs providing
scopes.
BUG=v8:4377
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1293283002
Cr-Commit-Position: refs/heads/master@{#30314}
This CL is a nightmare! For the utterly irrelevant edge case of a sloppy function with non-simple parameters and a call to direct eval, like here,
let x = 1;
function f(g = () => x) {
var y
eval("var x = 2")
return g() + x // f() = 3
}
we have to do all of the following, on top of the declaration block ("varblock") contexts we already introduce around the body:
- Introduce the ability for varblock contexts to have both a ScopeInfo and an extension object (e.g., the body varblock in the example will contain both a static var y and a dynamic var x). No other scope needs that. Since there are no context slots left, a special new struct is introduced that pairs up scope info and extension object.
- When declaring lookup slots in the runtime, this new struct is allocated in the case where an extension object has to be added to a block scope (at which point the block's extension slot still contains a plain ScopeInfo).
- While at it, introduce some abstraction to access context extension slots in a more controlled manner, in order to keep special-casing to a minimum.
- Make sure that even empty varblock contexts do not get optimised away when they contain a sloppy eval, so that they can host the potential extension object.
- Extend dynamic search for declaration contexts (used by sloppy direct eval) to recognize varblock contexts.
- In the parser, if a function has a sloppy direct eval, introduce an additional varblock scope around each non-simple (desugared) parameter, as required by the spec to contain possible dynamic var bindings.
- In the pattern rewriter, add the ability to hoist the named variables the pattern declares to an outer scope. That is required because the actual destructuring has to be evaluated inside the protecting varblock scope, but the bindings that the desugaring introduces are in the outer scope.
- ScopeInfos need to save the information whether a block is a varblock, to make sloppy eval calls work correctly that deserialise them as part of the scope chain.
- Add the ability to materialize block scopes with extension objects in the debugger. Likewise, enable setting extension variables in block scopes via the debugger interface.
- While at it, refactor and unify some respective code in the debugger.
Sorry, this CL is large. I could try to split it up, but everything is rather entangled.
@mstarzinger: Please review the changes to contexts.
@yangguo: Please have a look at the debugger stuff.
R=littledan@chromium.org, mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:811,v8:2160
LOG=N
Review URL: https://codereview.chromium.org/1292753007
Cr-Commit-Position: refs/heads/master@{#30295}
The ES6 spec for this function declares that ToLength
should only be called once. We were evaluating it multiple
times, so if length was an object with a valueOf method,
we could see effects take place multiple times.
R=littledan@chromium.org
LOG=N
BUG=v8:4218
Review URL: https://codereview.chromium.org/1237583005
Cr-Commit-Position: refs/heads/master@{#30240}
Second item in section 13.7.5.1 states that the error should be a
SyntaxError, when previously CheckAndRewriteReferenceExpression
would always emit a ReferenceError.
BUG=v8:4373
R=adamk, rossberg
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1292393002
Cr-Commit-Position: refs/heads/master@{#30184}
In doing so, fix calls CheckAndRewriteReferenceExpression to take proper
start and end positions (instead of just pointing at the first token in
the LHS expression).
BUG=v8:4370
LOG=n
Review URL: https://codereview.chromium.org/1290013002
Cr-Commit-Position: refs/heads/master@{#30166}
This patch strengthens testing of classes by verifying that the binding
that they export externally follows block scoping, as opposed to var-style
scoping. The tests are based on existing tests for let and const.
R=adamk
LOG=N
BUG=v8:3305
Review URL: https://codereview.chromium.org/1286923002
Cr-Commit-Position: refs/heads/master@{#30140}
In an initial attempt to implement sloppy mode lexical bindings,
functions were made lexically scoped in sloppy mode. However, the
ES2015 spec says that they need an additional hoisted var binding,
and further, it's not clear when we'll implement that behavior
or whether it's web-compatible.
This patch splits off function block scoping into a new, separate
flag called --harmony_sloppy_function. This change will enable the
possibility of testing and shipping this feature separately from
other block scoping-related features which don't have the same risks.
BUG=v8:4285
R=adamk
LOG=N
Review URL: https://codereview.chromium.org/1282093002
Cr-Commit-Position: refs/heads/master@{#30122}
In ES6, direct eval() in sloppy mode uses the enclosing function-level
("var") scope for var-style bindings and a new lexical scope for lexical
bindings like let and class. This patch implements that feature by making
lexical bindings that are directly within an EVAL_SCOPE be on the local
scope rather than the enclosing one.
BUG=v8:4288
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1274193004
Cr-Commit-Position: refs/heads/master@{#30120}
This avoids many back-and-forth calls to the runtime.
This also slightly changes the way we avoid getters. Previously, we circumvent getting the name property of ReferenceError, SyntaxError and TypeError due to crbug/69187 (in order to avoid leaking information from those errors through a 'name' getter installed on their prototypes). Now we do that for all errors created by V8.
R=jkummerow@chromium.org, rossberg@chromium.org
BUG=crbug:513472, crbug:69187
LOG=N
Review URL: https://codereview.chromium.org/1281833002
Cr-Commit-Position: refs/heads/master@{#30105}
Previously, examples like (({a = x}, x) => {})({}, 0) did not throw a ReferenceError like they should. This CL
- Splits up DeclareFormalParameters such that the formals can be recorded first and declared later.
- Declaration then takes the complete parameter list into account. If it is not simple, temporaries are introduced for all parameters.
- BuildParameterInitializationBlock desugars all parameters from non-simple lists into let-bindings.
- Refactored Pre/ParserFormalParameters, so that the arity information is no longer duplicated in Parser.
- Rest is currently handled specially, until rest-via-destructuring has landed.
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:811
LOG=N
Review URL: https://codereview.chromium.org/1259283002
Cr-Commit-Position: refs/heads/master@{#30025}
To avoid tanking context startup performance, only the actual installation of the
JS-exposed API is flag-guarded. The remainder of the implementation still
resides in the snapshot.
Review URL: https://codereview.chromium.org/1257063003
Cr-Commit-Position: refs/heads/master@{#30017}
This introduces a CopyFixedArrayAndGrow method on Factory that takes
the "grow amount" instead of the "new size" as an argument. The new
interface is safer because it allows for mutations by the GC that
potentially trim the source array.
This also fixes a bug in SharedFunctionInfo::AddToOptimizedCodeMap
where the aformentioned scenario led to unused entries within the
optimized code map.
Note that FixedArray::CopySize is hereby deprecated because it is
considered unsafe and should no longer be used.
R=hpayer@chromium.org
TEST=mjsunit/regress/regress-crbug-513507
BUG=chromium:513507
LOG=n
Review URL: https://codereview.chromium.org/1255173006
Cr-Commit-Position: refs/heads/master@{#30012}
The calculation now takes into account the size of the arguments object
if it is present in the optimized frame.
(Yang, many thanks for the awesome repro!)
BUG=chromium:514362
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1264483008
Cr-Commit-Position: refs/heads/master@{#29973}
This fixes a bug introduced by r28826 (Unify decoding of deoptimization
translations, https://codereview.chromium.org/1136223004), where we
started leaking arguments marker sentinel to the debugger, which would
then cause crashes. This change replaces the sentinel with the undefined
value in the debugger-inspectable frame.
BUG=chromium:514362
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1263333002
Cr-Commit-Position: refs/heads/master@{#29971}
Moves some uncommon type checking from ToString and
NonStringToString into DefaultString. This should
speed up string operations.
LOG=N
BUG=none
Review URL: https://codereview.chromium.org/1256323004
Cr-Commit-Position: refs/heads/master@{#29913}
script_executed and last_run are read/written by multiple threads. Also
externalized_shared_contents_ is modified by multiple threads.
BUG=4306
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1252623003
Cr-Commit-Position: refs/heads/master@{#29912}
When the main thread terminates, it forcibly terminates all Worker threads.
When this happens, the threads objects were only half-created; they had a
JavaScript Worker object, but not a C++ worker object.
This CL fixes that bug, as well as some other fixes:
* Signatures on Worker methods
* Use SetAlignedPointerFromInternalField instead of using an External.
* Remove state_ from Worker. Simplify to atomic bool running_.
BUG=chromium:511880
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1255563002
Cr-Commit-Position: refs/heads/master@{#29911}
When a prototype object migrates from a slow to a fast map, where the slow map
was registered as a user of its own prototype, then the registration must be
transferred to the new map (just like MigrateToMap does for all other cases).
BUG=chromium:513602
LOG=y
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1263543004
Cr-Commit-Position: refs/heads/master@{#29898}
Class bindings are mutable and lexically scoped, with TDZ semantics.
They may not overlap with var bindings in the same scope. This patch
adds tests for those properties.
R=adamk
BUG=v8:3305
LOG=N
Review URL: https://codereview.chromium.org/1254003004
Cr-Commit-Position: refs/heads/master@{#29856}
--harmony_sloppy includes behavior to turn on sloppy mode lexical
bindings. Before this patch, it also included a way to parse let
which is likely web-incompatible (let is disallowed as an
identifier). This patch splits off the let parsing from the more
general block scoping code, so that block scoping can be developed
independently.
R=adamk
LOG=N
BUG=v8:3305
Review URL: https://codereview.chromium.org/1255013002
Cr-Commit-Position: refs/heads/master@{#29855}
In ES5, dates were supposed to default to UTC if no timezone was specified. However, this changed in ES6, which specified that dates should be in the local timezone if no timezone was specified. This CL updates our behavior to match that part of the ES6 spec.
BUG=chromium:391730, v8:4242
LOG=Y
Review URL: https://codereview.chromium.org/1229903004
Cr-Commit-Position: refs/heads/master@{#29854}
According to the ECMA spec, a 24th hour is allowed if the minutes, seconds, and milliseconds are all zero (i.e. it's midnight). Previously, we parsed the date correctly, however, we failed to account in all checks for the possibility of a 24th hour. This CL changes the check to allow a 24th hour if it's exactly midnight.
BUG=chromium:174609
LOG=Y
Review URL: https://codereview.chromium.org/1240093005
Cr-Commit-Position: refs/heads/master@{#29816}
While at it, remove the notion of INTERNAL variables.
@caitp: Took some parts from your CL, since I was blocked on the temp scope bug.
R=mstarzinger@chromium.org
BUG=512574
LOG=N
Review URL: https://codereview.chromium.org/1250513004
Cr-Commit-Position: refs/heads/master@{#29812}
Previous to this CL, ICs used a slightly different code idiom
to get to C++ code from generated code than runtime intrinsics,
using an IC_Utility class that in essence provided exactly
the same functionality as Runtime::FunctionForId, but in its
own quirky way.
This CL unifies the two mechanisms, folding IC_Utility
away by making all IC entry points in C++ code, e.g. IC
miss handlers, full-fledged runtime intrinsics. This makes
it possible to eliminate a bunch of ad-hoc declarations and
adapters that the IC system had to needlessly re-invent.
As a bonus and the original reason for this yak-shave:
IC-related C++ runtime functions are now callable from
TurboFan.
Review URL: https://codereview.chromium.org/1248303002
Cr-Commit-Position: refs/heads/master@{#29811}
There is already non-throwing version FrameMirror.restart and RestartFrame in the livedit-debugger.js just adds a throwing wrapper around it.
Also NEEDS_STEP_IN_PROPERTY_NAME was removed, the client code can decide based on the stack_modified field if "step in" is required.
Chromium side was fixed in https://codereview.chromium.org/1249013002/
BUG=None
LOG=N
Review URL: https://codereview.chromium.org/1247363002
Cr-Commit-Position: refs/heads/master@{#29797}
Many mjsunit tests (as well as the promises-aplus adapter scripts) were
using Object.observe simply for microtask-enqueueing purposes. Replaced
such uses with %EnqueueMicrotask.
Review URL: https://codereview.chromium.org/1246933002
Cr-Commit-Position: refs/heads/master@{#29779}
Prior to this patch, we enter a global debug mode whenever a break point
is set. By entering this mode, all code is deoptimized and activated
frames are recompiled and redirected to newly compiled debug code.
After this patch, we only deoptimize/redirect for functions we want to
debug. Trigger for this is Debug::EnsureDebugInfo, and having DebugInfo
object attached to the SFI prevents optimization/inlining.
The result is that we can have optimized code for functions without break
points alongside functions that do have break points, which are not
optimized.
R=mstarzinger@chromium.org, ulan@chromium.org
BUG=v8:4132
LOG=Y
Review URL: https://codereview.chromium.org/1233073005
Cr-Commit-Position: refs/heads/master@{#29758}
