Import fdlibm versions of acos, acosh, asin and asinh, which are more
precise and produce the same result across platforms (we were using
libm versions for asin and acos so far, where both speed and precision
depended on the operating system so far). Introduce appropriate TurboFan
operators for these functions and use them both for inlining and for the
generic builtin.
Also migrate the Math.imul and Math.fround builtins to TurboFan builtins
to ensure that their behavior is always exactly the same as the inlined
TurboFan version (i.e. C++ truncation semantics for double to float
don't necessarily meet the JavaScript semantics).
For completeness, also migrate Math.sign, which can even get some nice
love in TurboFan.
Drive-by-fix: Some alpha-sorting on the Math related functions, and
cleanup the list of Math intrinsics that we have to export via the
native context currently.
BUG=v8:3266,v8:3496,v8:3509,v8:3952,v8:5169,v8:5170,v8:5171,v8:5172
TBR=rossberg@chromium.orgR=franzih@chromium.org
Review-Url: https://codereview.chromium.org/2116753002
Cr-Commit-Position: refs/heads/master@{#37476}
Migrate Math.hypot() from JS to C++ builtins. Use normalization and
Kahan summation to avoid overflow and rounding errors.
R=bmeurer@chromium.org
BUG=v8:5165, v8:5086
LOG=n
Review-Url: https://codereview.chromium.org/2102223005
Cr-Commit-Position: refs/heads/master@{#37473}
AddBoundMethod, in i18n.js, returns functions all of which share the
same backing SharedFunctionInfo, which means that its calls to
InstallGetter were causing all such functions to have a single name
(that of the last caller, "get breakType").
This patch skips calling InstallGetter and instead directly calls
%DefineGetterPropertyUnchecked, which itself sets the name property
on the JSFunction instance (it knows how to do this in order to handle
getters that have computed property names).
Also takes care of a TODO having to do with the inner boundMethod:
its name is now made empty, by using a new macro that gets around
ES2015's function name inference.
Finally, removes a redundant %FunctionRemovePrototype: arrow functions
have no prototypes to begin with.
R=littledan@chromium.org
BUG=v8:4778
Review-Url: https://codereview.chromium.org/2109223002
Cr-Commit-Position: refs/heads/master@{#37459}
Reason for revert:
Found to break SAP Web IDE, and these semantics are not shipped in any other browser.
Revert to legacy semantics while assessing web compatibility.
BUG=chromium:624318
Original issue's description:
> Put RegExp js code in strict mode
>
> src/js/regexp.js was one of the few files that was left in sloppy
> mode. The ES2017 draft specification requires that writes to
> lastIndex throw when the property is non-writable, and test262
> tests enforce this behavior. This patch puts that file in strict
> mode.
>
> BUG=v8:4504
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/80b1b2a45bbd9bf3d08e4e6516acfaaa8f438213
> Cr-Commit-Position: refs/heads/master@{#34801}
TBR=yangguo@chromium.org,adamk@chromium.org
Review-Url: https://codereview.chromium.org/2112713003
Cr-Commit-Position: refs/heads/master@{#37449}
Like the other Math builtins, Math.abs() is now a TurboFan builtin.
It uses RawMachineAssembler::Float64Abs().
R=bmeurer@chromium.org
BUG=v8:5163, v8:5086
LOG=N
Review-Url: https://codereview.chromium.org/2115493002
Cr-Commit-Position: refs/heads/master@{#37433}
Reason for revert:
Speculative revert to unblock roll: https://codereview.chromium.org/2107223003/
Original issue's description:
> Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
>
> The spec was modified to relax some requirements which implementors had not been
> enforcing. Part of this process involved introducing a new abstract operation
> ToIndex, which had partial overlap with our existing semantics as well as some
> differences (most notably treating undefined as 0). Test262 tests were introduced to
> check for the new semantics, some of which we were failing. This patch amends the
> parts of our implementation corresponding to specification algorithms which use
> ToIndex to follow its semantics precisely.
>
> BUG=v8:4784,v8:5120
>
> Committed: https://crrev.com/09720349ea058d178521ec58d0a5676443a5a132
> Cr-Commit-Position: refs/heads/master@{#37406}
TBR=littledan@chromium.org,adamk@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2113593002
Cr-Commit-Position: refs/heads/master@{#37417}
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.
BUG=v8:5124
Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
Review-Url: https://codereview.chromium.org/2096873002
Cr-Original-Commit-Position: refs/heads/master@{#37234}
Cr-Commit-Position: refs/heads/master@{#37407}
The spec was modified to relax some requirements which implementors had not been
enforcing. Part of this process involved introducing a new abstract operation
ToIndex, which had partial overlap with our existing semantics as well as some
differences (most notably treating undefined as 0). Test262 tests were introduced to
check for the new semantics, some of which we were failing. This patch amends the
parts of our implementation corresponding to specification algorithms which use
ToIndex to follow its semantics precisely.
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2090353003
Cr-Commit-Position: refs/heads/master@{#37406}
The start argument must be converted to an integer before the length argument is
converted. (Consequently, the start argument is converted even when the length
is 0.) This matters because conversion is observable.
Also rewrite the function in a way that closely resembles the spec text.
R=littledan@chromium.org
BUG=v8:5140
Review-Url: https://codereview.chromium.org/2109583002
Cr-Commit-Position: refs/heads/master@{#37378}
Introduce a new machine operator Float64Pow that for now is backed by
the existing MathPowStub to start the unification of Math.pow, and at
the same time address the main performance issue that TurboFan still has
with the imaging-darkroom benchmark in Kraken.
Also migrate the Math.pow builtin itself to a TurboFan builtin and
remove a few hundred lines of hand-written platform code for special
handling of the fullcodegen Math.pow version.
BUG=v8:3599,v8:5086,v8:5157
Review-Url: https://codereview.chromium.org/2103733003
Cr-Commit-Position: refs/heads/master@{#37323}
Add NumberAbs operator to implement an inline version of Math.abs, that
can be optimized and eliminated. We don't use any speculation here, but
for now stick to the information we can infer (this way we avoid the
inherent deopt loops that Crankshaft has around Math.abs).
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=jarin@chromium.org
BUG=v8:5086
Review-Url: https://codereview.chromium.org/2096403002
Cr-Commit-Position: refs/heads/master@{#37306}
Instead of a JS implementation that calls C++ runtime functions, migrate String.fromCodePoint() to C++.
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2038563003
Cr-Commit-Position: refs/heads/master@{#37293}
Reason for revert:
[Sheriff] Breaks layout tests. Please rebase upstream if intended:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7691
Original issue's description:
> Amends the TypedArray constructor to use the path for primitives for all
> types of primitives, not just undefined, booleans, numbers, and strings.
> (The missing cases were null and Symbol.) This is required by the
> specification, and there are test262 tests which we were failing due to
> this bug.
>
> BUG=v8:5124
>
> Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
> Cr-Commit-Position: refs/heads/master@{#37234}
TBR=littledan@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5124
Review-Url: https://codereview.chromium.org/2091693004
Cr-Commit-Position: refs/heads/master@{#37236}
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.
BUG=v8:5124
Review-Url: https://codereview.chromium.org/2096873002
Cr-Commit-Position: refs/heads/master@{#37234}
TypedArrays store their true length in an internal slot. This is
normally reflected in the .length property, but that property is
configurable. Algorithms which need the length of a typed array are to
use the internal slot, not the property; TypedArray.prototype.set was
not doing this.
BUG=v8:5133
Review-Url: https://codereview.chromium.org/2091153002
Cr-Commit-Position: refs/heads/master@{#37232}
While the EcmaScript specification doesn't define precise values for the
Math constants or the Math functions, we should at least ensure that the
values of the constants and the functions agree, i.e. Math.E should be
exactly the same value as Math.exp(1).
Also make sure that Math.exp(1) returns the expected value; we should
revisit the fdlibm algorithm and figure out why it's wrong in the last
bit.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:626111,v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2079233005
Cr-Commit-Position: refs/heads/master@{#37128}
Import base::ieee754::tan() from fdlibm and introduce Float64Tan TurboFan
operator based on that, similar to what we do for Float64Cos and Float64Sin.
Rewrite Math.tan() as TurboFan builtin and use those operators to also
inline Math.tan() into optimized TurboFan functions.
Drive-by-fix: Kill the %_ConstructDouble intrinsics, and provide only
the %ConstructDouble runtime entry for writing tests.
BUG=v8:5086,v8:5126
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2083453002
Cr-Commit-Position: refs/heads/master@{#37087}
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108,chromium:620786
R=mvstanton@chromium.org
Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
Review-Url: https://codereview.chromium.org/2077533002
Cr-Original-Commit-Position: refs/heads/master@{#37037}
Cr-Commit-Position: refs/heads/master@{#37047}
Reason for revert:
[Sheriff] Leads to some different rounding as it seems in some audio layout tests. Please rebase upstream first if intended:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7508
Original issue's description:
> [builtins] Introduce proper Float64Exp operator.
>
> Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
> TurboFan operator based on that, similar to what we do for Float64Log.
> Rewrite Math.exp() as TurboFan builtin and use that operator to also
> inline Math.exp() into optimized TurboFan functions.
>
> BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
> Cr-Commit-Position: refs/heads/master@{#37037}
TBR=mvstanton@chromium.org,ahaas@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
Review-Url: https://codereview.chromium.org/2070813002
Cr-Commit-Position: refs/heads/master@{#37039}
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2077533002
Cr-Commit-Position: refs/heads/master@{#37037}
Import base::ieee754::atan() and base::ieee754::atan2() from fdlibm and
introduce Float64Atan and Float64Atan2 TurboFan operators based on those,
similar to what we already did for Float64Log and Float64Log1p. Rewrite
Math.atan() and Math.atan2() as TurboFan builtin and use the operators
to also inline Math.atan() and Math.atan2() into optimized TurboFan functions.
R=yangguo@chromium.org
BUG=v8:5086,v8:5095
Review-Url: https://codereview.chromium.org/2065503002
Cr-Commit-Position: refs/heads/master@{#36916}
This patch adds a test for async/await analogous to a previous Promise test.
It also fixes a typo in promise.js and makes a previous Promise test more
correct by ensuring that all assertions run before completion, fixing the
test expectations for the real result (which seems correct).
BUG=v8:4483
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2037653002
Cr-Commit-Position: refs/heads/master@{#36903}
This reverts commit d3a43e47dd.
This patch also adds typed_array_fun and typed_array_protoype to the
native context. These are used in InstallTypedArray to set up the
prototype chain correctly for each typed array sub class. This removes
the need to later monkey patch them prototype chain in typedarray.js.
This mechanism is also used to get hold of the TypedArray in
typedarray.js, removing the need for a global TypedArray.
This patch updates CallRuntime.golden to account for the two extra
native runtime calls. This patch also fixes some formatting issues (by
running git cl format).
BUG=chromium:579905, chromium:593634, v8:4085, v8:5073
Review-Url: https://codereview.chromium.org/2046333002
Cr-Commit-Position: refs/heads/master@{#36811}
Reason for revert:
Blink:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7296
Original issue's description:
> [builtins] Properly optimize TypedArray/DataView accessors.
>
> The following getters were moved to the TypedArray/DataView prototype
> chain with ES2015, and hence need different treatment now:
>
> - DataView.prototype.buffer
> - DataView.prototype.byteLength
> - DataView.prototype.byteOffset
> - TypedArray.prototype.buffer
> - TypedArray.prototype.byteLength
> - TypedArray.prototype.byteOffset
> - TypedArray.prototype.length
>
> Instead of having special magic on the LoadIC in the IC system and the
> optimizing compilers, as we used to do before (and which we got rid of
> already), we just treat those as normal accessors and make them
> recognizable via the BuiltinFunctionId mechanism. This allows us to
> remove some of the additional magic from the IC subsystem, and just
> extend the BuiltinFunctionId mechanism in Crankshaft slightly to cover
> these cases too (TurboFan doesn't yet support accessors, but that will
> be fixed soonish anyways).
>
> This addresses most of the 15-20% regression we saw on the Octane
> GameBoy emulator benchmark.
>
> BUG=chromium:579905,chromium:593634,v8:4085,v8:5073
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/1ef737026565ea2becc84f30cfd432e581d50c6b
> Cr-Commit-Position: refs/heads/master@{#36782}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:579905,chromium:593634,v8:4085,v8:5073
Review-Url: https://codereview.chromium.org/2039093005
Cr-Commit-Position: refs/heads/master@{#36783}
The following getters were moved to the TypedArray/DataView prototype
chain with ES2015, and hence need different treatment now:
- DataView.prototype.buffer
- DataView.prototype.byteLength
- DataView.prototype.byteOffset
- TypedArray.prototype.buffer
- TypedArray.prototype.byteLength
- TypedArray.prototype.byteOffset
- TypedArray.prototype.length
Instead of having special magic on the LoadIC in the IC system and the
optimizing compilers, as we used to do before (and which we got rid of
already), we just treat those as normal accessors and make them
recognizable via the BuiltinFunctionId mechanism. This allows us to
remove some of the additional magic from the IC subsystem, and just
extend the BuiltinFunctionId mechanism in Crankshaft slightly to cover
these cases too (TurboFan doesn't yet support accessors, but that will
be fixed soonish anyways).
This addresses most of the 15-20% regression we saw on the Octane
GameBoy emulator benchmark.
BUG=chromium:579905,chromium:593634,v8:4085,v8:5073
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2042013003
Cr-Commit-Position: refs/heads/master@{#36782}
Reason for revert:
As a side effect of calling PromiseSet from
FulfillPromise, clears the deferred symbol and the
resolve/reject callback symbols. Although this
isn't strictly necessary, not doing this seems to
result in a leak as seen in --
https://bugs.chromium.org/p/chromium/issues/detail?id=617137#c10
Original issue's description:
> Promises: Make PromiseSet operation monomorphic
>
> The PromiseSet operation is called with two types of promises
> 1) A newly created promise object with no properties
> 2) Promise object with callbacks and other properties
>
> PromiseSet is called with the first type of promise (with no
> properties) from multiple call sites. PromiseSet is called with the
> second type of promise object only from FulfillPromise. Furthermore,
> this call only sets the value and status of the promise, the rest of
> the values are reset to UNDEFINED (which isn't necessary).
>
> This patch inlines the calls to set the value and status of the
> promise in FulfillPromise, instead of calling out to PromiseSet.
>
> This patch also reduces the number of symbol lookups, as we only set
> the value and status of the promise, and don't change the callback or
> deferred symbols.
>
> This patch results in a performance improvement of 2.8% over 5 runs in
> the bluebird benchmark.
>
> BUG=v8:5046
>
> Committed: https://crrev.com/df4f8a2b9ee9e474e674301718d19b63650a0ba5
> Cr-Commit-Position: refs/heads/master@{#36688}
TBR=littledan@chromium.org,adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2047553002
Cr-Commit-Position: refs/heads/master@{#36766}
When |ResolvePromise| is resolved with a promise that is
already fulfilled or resolved, we can short circuit the
promise resolution procedure by directly looking up the
result from the promise. We save creating two closures, enqueuing in
the promise queue, and running through PromiseThen.
This patch uses IsPromise to check if the |resolution| object is a native
promise and also checks if |resolution.then| hasn't been monkey
patched.
This patch adds some redundant code from PromiseThen like setting
the promiseHasHandlerSymbol and calling PromiseRevokeReject call,
which would've been taken care of by PromiseThen in the old code path.
This patch results in a 13.8% improvement(over 5 runs) in the bluebird
benchmarks.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2028253004
Cr-Commit-Position: refs/heads/master@{#36765}
Introduce a dedicated Float64Log machine operator, that is either
implemented by a direct C call or by platform specific code, i.e.
using the FPU on x64 and ia32.
This operator is used to implement Math.log as a proper TurboFan
builtin on top of the CodeStubAssembler.
Also introduce a NumberLog simplified operator on top of Float64Log
and use that for the fast inline path of Math.log inside TurboFan
optimized code.
BUG=v8:5065
Review-Url: https://codereview.chromium.org/2029413005
Cr-Commit-Position: refs/heads/master@{#36703}
The PromiseSet operation is called with two types of promises
1) A newly created promise object with no properties
2) Promise object with callbacks and other properties
PromiseSet is called with the first type of promise (with no
properties) from multiple call sites. PromiseSet is called with the
second type of promise object only from FulfillPromise. Furthermore,
this call only sets the value and status of the promise, the rest of
the values are reset to UNDEFINED (which isn't necessary).
This patch inlines the calls to set the value and status of the
promise in FulfillPromise, instead of calling out to PromiseSet.
This patch also reduces the number of symbol lookups, as we only set
the value and status of the promise, and don't change the callback or
deferred symbols.
This patch results in a performance improvement of 2.8% over 5 runs in
the bluebird benchmark.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2025073002
Cr-Commit-Position: refs/heads/master@{#36688}
There are 2 possible states for the deferred symbol --
1) UNDEFINED -- This is the zero state, no deferred object is attached
to this symbol. When we want to add a new deferred we directly
attach it to this symbol.
2) symbol with attached deferred object -- New deferred objects are
not attached to this symbol, but instead they are directly attached
to the resolve, reject callback arrays. At this point, the deferred
symbol's state is stale, and the deferreds should be read from the
reject, resolve callbacks.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2018913004
Cr-Commit-Position: refs/heads/master@{#36623}
The in-operator has recently been optimized making our smart macros obsolete.
This should give up to 10% speedup on forEach and friends.
BUG=v8:5041
Review-Url: https://codereview.chromium.org/2013873002
Cr-Commit-Position: refs/heads/master@{#36576}
These builtins always call into C++ anyways and so there's no point in
having the JavaScript wrapper around them, but instead they can be
implemented as C++ builtins directly.
R=franzih@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2018983002
Cr-Commit-Position: refs/heads/master@{#36569}
This was initially used to special case some weird date.js behavior, but
has since been abused in other areas. In case of the string character
access, everything that is outside the Smi range cannot be a valid
string index anyways, so %NumberToSmi is perfect here in either case,
and for ToPositiveInteger it's better to just use ToInteger adding +0 to
turn -0 into +0.
R=ishell@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2010183003
Cr-Commit-Position: refs/heads/master@{#36545}
Rewrite decodeURI and decodeURIComponent as builtin functions
and install them in the bootstrapper.
Delete unused runtime functions:
- TruncateString
- NewString
- OneByteSeqStringGetChar
- OneByteSeqStringSetChar
- TwoByteSeqStringGetChar
- TwoByteSeqStringSetChar
Add regression test for decoding large strings. Clusterfuzz detected
a problem with %TruncateString, see
https://bugs.chromium.org/p/chromium/issues/detail?id=612109#c6
This is automatically fixed by this rewrite because %TruncateString
is deleted anyways.
Crude benchmark on 585 decodeURI and decodeURIComponent tests
averaged over five runs:
* builtin functions
real 0m9.69s
user 2m39.8816s
sys 0m12.6398s
* JS functions calling into the runtime e.g., for %TruncateString
real 0m11.0598s
user 3m6.7026s
sys 0m13.5756s
By running:
$ time tools/run-tests.py --arch=x64 --mode=Release --buildbot
test262/built-ins/decodeURI* mjsunit/uri
>>> Running tests for x64.Release
BUG=v8:4912, chromium:612109
R=yangguo@chromium.org, bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1994733003
Cr-Commit-Position: refs/heads/master@{#36543}
For the common use case of having a single resolve or reject callback,
the callbacks are stored directly. Only when an additional callback is
registered, we create an array to store these callbacks.
There are 3 possible states for the resolve, reject symbols when we add
a new callback --
1) UNDEFINED -- This is the zero state where there is no callback
registered. When we see this state, we directly attach the callbacks to
the symbol.
2) !IS_ARRAY -- There is a single callback directly attached to the
symbols. We need to create a new array to store additional callbacks.
3) IS_ARRAY -- There are multiple callbacks already registered,
therefore we can just push the new callback to the existing array.
Also, this change creates a new symbol for storing the deferred objects.
Previously the deferred objects were stored in the callback arrays, but
since we no longer create arrays for the initial case, we need this new
symbol. The cctest has been updated to account for this new symbol.
This patch results in a 19% improvement(over 5 runs) in the bluebird benchmark.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2007803002
Cr-Commit-Position: refs/heads/master@{#36536}
Removes the DONT_DELETE enum bit from the properties to make them
configurable.
Also, updates the regress-typedarray-length test to --
- Check for true boolean return value on deletion of these
properties.
- Check for undefined return value on trying to access these
properties after deletion.
BUG=v8:4902
LOG=Y
Review-Url: https://codereview.chromium.org/2001393004
Cr-Commit-Position: refs/heads/master@{#36528}
Moved functionality of Script.{lineCount, lineFromPosition, sourceLine,
locationFromLine, and sourceSlice} into runtime functions.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2003303002
Cr-Commit-Position: refs/heads/master@{#36469}
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method. The line_ends accessor is still
in use by chromium and thus cannot be removed yet.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2002993002
Cr-Commit-Position: refs/heads/master@{#36458}
Previously, certain calls to DebugPushPromise and DebugPopPromise
happened always, without any check to see if we were in a debugging
environment. This patch adds a conditional check before making these
debug calls to make sure they aren't called when not needed.
Before the patch, running --prof over the bluebird benchmarks,
brings up these unprotected debug calls --
ticks cpp total name
16 6.7% 2.0% v8::internal::Runtime_DebugPushPromise(int, v8::internal::Object**, v8::internal::Isolate*)
7 2.9% 0.9% v8::internal::Runtime_DebugPopPromise(int, v8::internal::Object**, v8::internal::Isolate*)
This patch removes the above calls and provides a 4% improvement (with
a 2% variance over 10 runs) in the bluebird benchmark.
Review-Url: https://codereview.chromium.org/1985293002
Cr-Commit-Position: refs/heads/master@{#36451}
The previous JavaScript version created way too many ConsStrings for
longer strings, i.e. when using String.fromCharCode together with
Function.prototype.apply and arrays of char codes.
This version now always allocates sequential strings and therefore uses
way less memory when turning longer character sequences into strings,
and therefore fixes the memory regression on Google Maps.
BUG=chromium:609831
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2004733002
Cr-Commit-Position: refs/heads/master@{#36427}
In case of calling 'toLocaleString', 'toLocaleTimeString' and
'toLocaleDateString' functions of 'Date' with empty 'locales' and
'options', DateTimeFormat is cached inside 'defaultObjects'.
If we change the timezone the cache is not invalidated.
BUG=v8:5022
TEST=cctest:DateCacheVersion. See the bug
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/1985423003
Cr-Commit-Position: refs/heads/master@{#36420}
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method. The line_ends accessor is still
in use by chromium and thus cannot be removed yet.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2003483002
Cr-Commit-Position: refs/heads/master@{#36398}
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method and removed the line_ends JS
accessor.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1986173002
Cr-Commit-Position: refs/heads/master@{#36359}
Empty function names are allowed and are output as such, unnamed
functions or functions with no valid UTF-8 name are output as
"<WASM UNNAMED>", while the CallSite object returns null as the
function name.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1970503004
Cr-Commit-Position: refs/heads/master@{#36348}
Instead of directly looking up Uint8Array.__proto__, to get a hold of
the TypedArray prototype, use object_get_prototype_of. This is a
functionally equivalent, but cleaner approach.
Review-Url: https://codereview.chromium.org/1990983002
Cr-Commit-Position: refs/heads/master@{#36340}
This patch ensures that Intl bound method getters can't be retargeted
to other Intl types. If that were to happen, then a RUNTIME_ASSERT
would trigger later. This patch throws a TypeError instead, as the
specification requires.
BUG=v8:4870
Review-Url: https://codereview.chromium.org/1986763003
Cr-Commit-Position: refs/heads/master@{#36330}
Repackage encodeURI and encodeURIComponent as builtin functions
and install them in the bootstrapper.
Crude benchmark on 351 encodeURI and encodeURIComponent tests averaged
over five runs:
* builtin functions
real 0m8.01s
user 0m18.00s
sys 0m7.37s
* JS functions calling into the runtime e.g., for %NewString
real 0m8.44s
user 0m19.52s
sys 0m7.49s
By running:
$ time tools/run-tests.py --arch=x64 --mode=Release --buildbot
mjsunit/uri test262/built-ins/encodeURI*
>>> Running tests for x64.Release
BUG=v8:4912
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1983593002
Cr-Commit-Position: refs/heads/master@{#36273}
This reverts commit 41d571dfe8.
Reason for revert: This patch breaks the correctness of the typedarray
properties such as length, byteOffset, byteLength.
The accessor check optimization code is dead code eliminated. A follow
up patch will fix this optimization correctly.
BUG=chromium:593634
Review-Url: https://codereview.chromium.org/1977983002
Cr-Commit-Position: refs/heads/master@{#36254}
This patch removes the following properties, as their use count is
very low, they are V8-only, and not on a standards track.
- v8Parse
- resolved
- pattern
v8BreakIterator is left in as it has significantly more usage.
BUG=v8:3785
R=adamk,jshin@chromium.org
Review-Url: https://codereview.chromium.org/1968893002
Cr-Commit-Position: refs/heads/master@{#36190}
When I18N is enabled, use ICU's case conversion API and transliteration
API [1] to implement String.prototype.to{Upper,Lower}Case and
String.prototype.toLocale{Upper,Lower}Case.
* ICU-based case conversion was implemented in runtime-i18n.cc/i18n.js
* The above 4 functions are overridden with those in i18n.js when
--icu_case_mapping flag is turned on. To control the override by the flag,
they're overriden in icu-case-mapping.js
Previously, toLocale{U,L}Case just called to{U,L}Case so that they didn't
support locale-sensitive case conversion for Turkic languages (az, tr),
Greek (el) and Lithuanian (lt).
Before ICU APIs for the most general case are called, a fast-path for Latin-1
is tried. It's taken from Blink and adopted as necessary. This fast path
is always tried for to{U,L}Case. For toLocale{U,L}Case, it's only taken
when a locale (explicitly specified or default) is not in {az, el, lt, tr}.
With these changes, a build with --icu_case_mapping=true passes a bunch
of tests in test262/intl402/Strings/* and intl/* that failed before.
Handling of pure ASCII strings (aligned at word boundary) are not as fast
as Unibrow's implementation that uses word-by-word case conversion. OTOH,
Latin-1 input handling is faster than Unibrow. General Unicode input
handling is slower but more accurate.
See https://docs.google.com/spreadsheets/d/1KJCJxKc1FxFXjwmYqABS0_2cNdPetvnd8gY8_HGSbrg/edit?usp=sharing for the benchmark.
This CL started with http://crrev.com/1544023002#ps200001 by littledan@,
but has changed significantly since.
[1] See why transliteration API is needed for uppercasing in Greek.
http://bugs.icu-project.org/trac/ticket/10582
R=yangguo
BUG=v8:4476,v8:4477
LOG=Y
TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*, mjsunit/string-case,
intl/general/case*
Review-Url: https://codereview.chromium.org/1812673005
Cr-Commit-Position: refs/heads/master@{#36187}
This patch installs %TypedArray% and its prototype on the native
context, and wires them up to each TypedArray subclass. This is later
used to check the holder of length, byteLength and byteOffset is
%Typedarray% and apply the appropriate optimizations.
BUG=chromium:593634
LOG=Y
Review-Url: https://codereview.chromium.org/1949863002
Cr-Commit-Position: refs/heads/master@{#36116}
This changes different locations to extract the reference to the wasm
object and the function index from the stack trace, and make it
available through all the APIs which process stack traces.
The javascript CallSite object now has the new methods isWasm(),
getWasmObject() and getWasmFunctionIndex(); the byte offset is
available via getPosition().
Function names of wasm frames should be fully functional with this
commit, position information works reliably for calls, but not for
traps like unreachable or out-of-bounds accesses.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1909353002
Cr-Commit-Position: refs/heads/master@{#36067}
The Promise code previously used many names which were gratuitiously
different from the specification. This patch swaps in names from the
ES2015 spec, and inserts crossreferences to the spec. The patch
leaves mirrors over Promises unchanged for now, as these changes
could have compatibility risk.
R=cbruni@chromium.org
Review-Url: https://codereview.chromium.org/1919143004
Cr-Commit-Position: refs/heads/master@{#35962}
The ECMA 402 implementation previously pushed directly to real
Arrays, which risks having observably incorrect behavior in the
presence of monkey patching. This patch uses InternalArrays instead
to avoid that hazard.
R=jshin@chromium.org,yangguo@chromium.org
BUG=chromium:604299
LOG=N
Review-Url: https://codereview.chromium.org/1923803002
Cr-Commit-Position: refs/heads/master@{#35949}
Our implementation of the spec got one comparison wrong, at
step 19.d.iii (we were comparing against 'q' instead of 'p').
R=littledan@chromium.org
BUG=chromium:607566
LOG=n
Review-Url: https://codereview.chromium.org/1940643002
Cr-Commit-Position: refs/heads/master@{#35947}
This moves __{define,lookup}{Getter,Setter}__ to builtins.cc.
Compared to the first attempt, this patch now preserves non-spec-compliant legacy behavior and does not throw on failure.
Original review: https://codereview.chromium.org/1904313004
Review-Url: https://codereview.chromium.org/1932163002
Cr-Commit-Position: refs/heads/master@{#35899}
Reason for revert:
[Sheriff] Looks like this breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/6442
Original issue's description:
> Remove more dead code after Object.observe removal
>
> This moves __{define,lookup}{Getter,Setter}__ to builtins.cc to free up the JavaScript implementation of DefineOwnProperty for deletion.
TBR=verwaest@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/1929293002
Cr-Commit-Position: refs/heads/master@{#35886}
These checks ensure that a TypeError is thrown, per spec, rather than
a runtime assert failure.
BUG=v8:4964
R=adamk
LOG=Y
Review-Url: https://codereview.chromium.org/1929123002
Cr-Commit-Position: refs/heads/master@{#35885}
This moves __{define,lookup}{Getter,Setter}__ to builtins.cc to free up the JavaScript implementation of DefineOwnProperty for deletion.
Review-Url: https://codereview.chromium.org/1904313004
Cr-Commit-Position: refs/heads/master@{#35876}
Return the empty string from StringPad if the filler argument is the empty
string, effectively returning the string unchanged in StringPadStart and
StringPadEnd.
```
"foo".padStart(100000, "") -> "foo"
```
BUG=v8:4957, v8:4954
LOG=N
R=littledan@chromium.org
Review-Url: https://codereview.chromium.org/1926773003
Cr-Commit-Position: refs/heads/master@{#35837}
The feature was deprecated in M49 and flagged off in M50.
This patch removes it entirely from the codebase.
Review URL: https://codereview.chromium.org/1909433003
Cr-Commit-Position: refs/heads/master@{#35714}
This should bring back the performance of speedometer-backbone at least very close to the performance before @@species.
BUG=chromium:596825
LOG=n
Review URL: https://codereview.chromium.org/1879053003
Cr-Commit-Position: refs/heads/master@{#35468}
Reland of (https://codereview.chromium.org/1617503003)
* New atomic code stubs for x64, ia32, arm, arm64
* Add convenience functions JumpIfNotValidSmiValue, JumpIfUintNotValidSmiValue
to macro-assembler-ia32 (API based on x64 macro assembler)
* Remove runtime implementation of Atomics.load, the code stub should always be
called instead
* Add new test to mjsunit atomics test; check that Smi values of different
sizes are supported when possible, else fall back to HeapNumbers
These changes were needed to add another codestub:
* Bump kStubMajorKeyBits from 7 to 8
* Reduce ScriptContextFieldStub::kSlotIndexBits from 13 to 12
BUG=v8:4614
LOG=y
TBR=jarin@chromium.org,bmeurer@chromium.org,rodolph.perfetta@gmail.com,machenbach@chromium.org
Review URL: https://codereview.chromium.org/1617503003
Cr-Commit-Position: refs/heads/master@{#35427}
Review URL: https://codereview.chromium.org/1881383003
Cr-Commit-Position: refs/heads/master@{#35453}
Reason for revert:
[Sheriff] Roll was reverted. Please fix unused methods, see:
https://codereview.chromium.org/1884913002/https://build.chromium.org/p/tryserver.chromium.win/builders/win_clang/builds/5585/steps/compile%20%28with%20patch%29/logs/stdio
Original issue's description:
> [Atomics] code stubs for atomic operations
>
> * New atomic code stubs for x64, ia32, arm, arm64
> * Add convenience functions JumpIfNotValidSmiValue, JumpIfUintNotValidSmiValue
> to macro-assembler-ia32 (API based on x64 macro assembler)
> * Remove runtime implementation of Atomics.load, the code stub should always be
> called instead
> * Add new test to mjsunit atomics test; check that Smi values of different
> sizes are supported when possible, else fall back to HeapNumbers
>
> These changes were needed to add another codestub:
> * Bump kStubMajorKeyBits from 7 to 8
> * Reduce ScriptContextFieldStub::kSlotIndexBits from 13 to 12
>
> BUG=v8:4614
> LOG=y
>
> Committed: https://crrev.com/10b5febe11b318cfef130abae343183ac862e60d
> Cr-Commit-Position: refs/heads/master@{#35427}
TBR=jarin@chromium.org,bmeurer@chromium.org,rodolph.perfetta@gmail.com,binji@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4614
Review URL: https://codereview.chromium.org/1884883003
Cr-Commit-Position: refs/heads/master@{#35443}
* New atomic code stubs for x64, ia32, arm, arm64
* Add convenience functions JumpIfNotValidSmiValue, JumpIfUintNotValidSmiValue
to macro-assembler-ia32 (API based on x64 macro assembler)
* Remove runtime implementation of Atomics.load, the code stub should always be
called instead
* Add new test to mjsunit atomics test; check that Smi values of different
sizes are supported when possible, else fall back to HeapNumbers
These changes were needed to add another codestub:
* Bump kStubMajorKeyBits from 7 to 8
* Reduce ScriptContextFieldStub::kSlotIndexBits from 13 to 12
BUG=v8:4614
LOG=y
Review URL: https://codereview.chromium.org/1617503003
Cr-Commit-Position: refs/heads/master@{#35427}
Reason for revert:
Needed to revert https://codereview.chromium.org/1838283003/
Original issue's description:
> [builtins] Migrate String.prototype.charCodeAt and String.prototype.charAt to TurboFan.
>
> Make these builtins fast by default w/o relying on the
> %_StringCharCodeAt and %_StringCharAt intrinsics, which we cannot deal
> with well in TurboFan (and ignition).
>
> R=epertoso@chromium.org
>
> Committed: https://crrev.com/43d3331d87f68ea7efa1b58f559f33f60e5dacfb
> Cr-Commit-Position: refs/heads/master@{#35350}
TBR=epertoso@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1870993002
Cr-Commit-Position: refs/heads/master@{#35351}
Make these builtins fast by default w/o relying on the
%_StringCharCodeAt and %_StringCharAt intrinsics, which we cannot deal
with well in TurboFan (and ignition).
R=epertoso@chromium.org
Review URL: https://codereview.chromium.org/1868963002
Cr-Commit-Position: refs/heads/master@{#35350}
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
R=mstarzinger@chromium.org, neis@chromium.orgTBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n
Review URL: https://codereview.chromium.org/1865833002
Cr-Commit-Position: refs/heads/master@{#35283}
When seeing a rest pattern, we used to get the remaining elements from the
iterator by calling %concat_iterable_to_array on it. This was wrong because it
caused an observable [[Get]] for @@iterator (which the iterator may not even
provide).
This CL gets rid of the call to %concat_iterable_to_array and does the iteration
manually in a simple while-loop. It also gets rid of %concat_iterable_to_array
itself because there aren't any other uses of it.
BUG=v8:4759
LOG=n
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1852703002
Cr-Commit-Position: refs/heads/master@{#35251}
- RegExp.prototype.toString() doesn't have any special handling of
RegExp instances and simply calls the source and flags getters
- Use the original values of global and sticky, rather than based
on the current flag getters, as specified in
https://github.com/tc39/ecma262/pull/494R=yangguo@chromium.org,adamk
LOG=Y
BUG=v8:4602
Review URL: https://codereview.chromium.org/1846303002
Cr-Commit-Position: refs/heads/master@{#35225}
This allows us to remove the troublesome %_MathClz32 intrinsic and also
allows us to utilize the functionality that is already available in
TurboFan. Also introduce a proper NumberClz32 operator so we don't need
to introduce a machine operator at the JS level.
R=epertoso@chromium.org
Review URL: https://codereview.chromium.org/1852553003
Cr-Commit-Position: refs/heads/master@{#35208}
This should help speeding up Promise and RegExp instantiations substantially.
BUG=
Review URL: https://codereview.chromium.org/1850643002
Cr-Commit-Position: refs/heads/master@{#35200}
Reason for revert:
TC39 decided that this compatibility fix should be standardized.
Original issue's description:
> Remove RegExp.prototype.source getter compat workaround
>
> The getter RegExp.prototype.source is specified in ES2015 to throw when
> called on a non-RegExp instance, such as RegExp.prototype. We had previously
> put in a compatibility workaround for all RegExp getters to make them
> throw on access specifically with RegExp.prototype as the receiver; however,
> we only have evidence that this is needed for properties other than source.
> This patch removes the compatibility workaround for get RegExp.prototype.source
> and gives it semantics precisely as per the ES2015 specification.
>
> R=adamk
> BUG=chromium:581577,v8:4827
> LOG=Y
>
> Committed: https://crrev.com/80803aa89e31839b8f73959776fa7e1923c6b461
> Cr-Commit-Position: refs/heads/master@{#35086}
R=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:581577,v8:4827
LOG=Y
Review URL: https://codereview.chromium.org/1847783003
Cr-Commit-Position: refs/heads/master@{#35180}
Migrate Math.ceil, Math.round and Math.trunc to TurboFan code stubs,
similar to what we did with Math.floor, and make these builtins properly
optimizable in TurboFan via appropriate simplified operators NumberCeil,
NumberRound and NumberTrunc, which are intended to be reusable for
ToInteger and ToLength optimizations that will be done in a followup CL.
Also allows us to kill the funky %RoundNumber runtime function, which
was quite heavy.
Improve test coverage for Math.ceil and Math.trunc a lot, especially
making sure that we also properly trigger the TurboFan builtin reducer
case.
R=jarin@chromium.org
BUG=v8:4059
LOG=n
Review URL: https://codereview.chromium.org/1841993002
Cr-Commit-Position: refs/heads/master@{#35135}
This patch adds fast paths for @@replace and @@split that call into
the old, side-effect free (and faster) versions of those builtin
operations when possible (roughly, when the receiver is a RegExp
and the 'exec' method is untampered). Also add some micro-optimizations
that further improve performance.
Taken altogether, this takes us from a ~70% regression on the Octane
RegExp benchmark to a ~9% regression.
The test262.status lines for RegExps has been reorganized to make it
clearer the status of individual tests. More work will likely be
required to increase spec compliance before the --harmony-regexp-exec
flag is shipped; some of that work is happening on the spec side.
BUG=v8:4602
LOG=y
Review URL: https://codereview.chromium.org/1836123002
Cr-Commit-Position: refs/heads/master@{#35118}
This fixes another bug in Array.prototype.sort (when the array is not a
JSArray and there is a proxy on the prototype chain).
R=cbruni@chromium.org
BUG=chromium:596866
LOG=n
Review URL: https://codereview.chromium.org/1842563004
Cr-Commit-Position: refs/heads/master@{#35101}
The getter RegExp.prototype.source is specified in ES2015 to throw when
called on a non-RegExp instance, such as RegExp.prototype. We had previously
put in a compatibility workaround for all RegExp getters to make them
throw on access specifically with RegExp.prototype as the receiver; however,
we only have evidence that this is needed for properties other than source.
This patch removes the compatibility workaround for get RegExp.prototype.source
and gives it semantics precisely as per the ES2015 specification.
R=adamk
BUG=chromium:581577,v8:4827
LOG=Y
Review URL: https://codereview.chromium.org/1837843002
Cr-Commit-Position: refs/heads/master@{#35086}
Previously, they would check for Symbol.match/Symbol.search, and then
do another check for Symbol.match in the RegExp constructor. This patch
avoids the second one by skipping the RegExp constructor, as the spec does.
Review URL: https://codereview.chromium.org/1840723002
Cr-Commit-Position: refs/heads/master@{#35085}
This way we avoid the second deoptimization for the Math.floor and
Math.ceil builtins when -0 is involved. We still deoptimize the inlined
Crankshaft version in various cases, that's a separate issue.
The algorithm used for implement CodeStubAssembler::Float64Floor is
vaguely based on the fast math version used in the libm of various BSDs,
but had to be reengineered to match the EcmaScript specification.
R=epertoso@chromium.org
BUG=v8:2890, v8:4059
LOG=n
Review URL: https://codereview.chromium.org/1828253002
Cr-Commit-Position: refs/heads/master@{#35083}
It's been on since M49. Also moved tests from harmony -> es6,
one of which was merged with another test of the same name.
While moving stuff over to regexp.js, I also noticed that there
were unused calls to %FunctionSetName and %SetNativeFlag (those
calls are already handled by InstallGetter()).
Review URL: https://codereview.chromium.org/1838563003
Cr-Commit-Position: refs/heads/master@{#35076}
"IS_RECEIVER" used to be called "IS_SPEC_OBJECT", which might be a better
name: it's what the spec means when it says "Type(O) is Object".
R=littledan@chromium.org
BUG=v8:4602
LOG=n
Review URL: https://codereview.chromium.org/1838593002
Cr-Commit-Position: refs/heads/master@{#35075}
A bug in error printing meant that we failed to do proper type checks
before calling into C++ code, which could lead to RUNTIME_ASSERT
failures if methods are called on alternative receivers. This patch
adds the right type checks.
BUG=chromium:596718
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1831053003
Cr-Commit-Position: refs/heads/master@{#35069}
This patch implements ES2015 RegExp subclassing semantics, namely the
hardest part where RegExp.prototype.exec and certain flag getters can
be overridden in order to provide different behavior. This change is
hidden behind a new flag, --harmony-regexp-exec. The flag guards the
behavior by installing entirely different implementations of the
methods which follow the new semantics.
Preliminary performance tests show a 3-4x regression in the Octane
RegExp benchmark. The new code doesn't call out into several fast
paths that the old code supported, so this is expected.
The patch is tested mostly by test262, where most RegExp tests are fixed,
with the exception of deliberate spec violations for web compatibility,
and for the 'sticky' flag, which is not dynamically read by this patch
in all cases but rather statically compiled into the RegExp. The latter
will require a follow-on patch to implement. A small additional set of
tests verifies one particular case, mostly to check whether the flag
mechanism works.
R=adamk,yangguo@chromium.org
LOG=Y
BUG=v8:4602
Review URL: https://codereview.chromium.org/1596483005
Cr-Commit-Position: refs/heads/master@{#35068}
String.prototype.match is specified to call out to the current
value of RegExp.prototype[Symbol.match] when passed a string argument,
rather than the original value. This patch updates the RegExp code
to do that.
R=yangguo@chromium.org
BUG=v8:4602
LOG=Y
Review URL: https://codereview.chromium.org/1821773003
Cr-Commit-Position: refs/heads/master@{#35001}
This CL adds support for builtins with JavaScript linkage written using
the TurboFan CodeStubAssembler, but with a JSCall descriptor (which was
already supported thanks to a previous patch by Ben Smith). As a first
example, we convert the Math.sqrt builtin and thereby get rid of the
%_MathSqrt intrinsic, which causes trouble for the representation
selection pass in the JavaScript pipeline.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1824993002
Cr-Commit-Position: refs/heads/master@{#34989}
Reason for revert:
This patch actually seemed to cause a further GameBoy regression! Reverting it seems to address the regression.
Original issue's description:
> Restore per-TypedArray-class length accessors as a perf workaround
>
> This patch is a workaround to the performance regression caused by
> implementing the ES2015 TypedArray prototype chain: Include a
> per-TypedArray-subclass length getter so that the superclass getter does
> not become polymorphic. The patch appears to fix a regression in the
> Gameboy Octane benchmark.
>
> BUG=chromium:579905
> R=adamk
> LOG=Y
>
> Committed: https://crrev.com/03ce7711e474a0ef74f723b30ae1527c89dec010
> Cr-Commit-Position: refs/heads/master@{#33501}
R=adamk@chromium.org
BUG=chromium:579905,chromium:593634
LOG=Y
Review URL: https://codereview.chromium.org/1812143004
Cr-Commit-Position: refs/heads/master@{#34906}
src/js/regexp.js was one of the few files that was left in sloppy
mode. The ES2017 draft specification requires that writes to
lastIndex throw when the property is non-writable, and test262
tests enforce this behavior. This patch puts that file in strict
mode.
BUG=v8:4504
R=yangguo@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1776883005
Cr-Commit-Position: refs/heads/master@{#34801}
ES2015 Object.prototype.toString semantics were enabled in version 4.9,
which has been in stable Chrome for nearly two weeks at this point.
R=littledan@chromium.org
Review URL: https://codereview.chromium.org/1784033002
Cr-Commit-Position: refs/heads/master@{#34732}
- Make separate iterator functions for TypedArrays which do a type check
(and in the future should check for detached TypedArrays)
- Share the toString method with Arrays
BUG=v8:4785
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1780113002
Cr-Commit-Position: refs/heads/master@{#34698}
When the TypedArray iterator constructor code path was added, a technically
incorrect optimization was added which uses the arraylike code path on array
arguments, even though the %ArrayIterator% could have been monkey-patched
to give different behavior. A previous patch removed this optimization, and
this patch restores it due to the huge performance regression that resulted.
The optimization was previously removed in
https://codereview.chromium.org/1767893002
BUG=chromium:593644
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1779373002
Cr-Commit-Position: refs/heads/master@{#34697}
This check is guaranteed by the Promise spec and tested by test262
tests. It only has to run for subclasses. This patch adds the check
to the Promise code.
BUG=v8:4633
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1780823003
Cr-Commit-Position: refs/heads/master@{#34693}
A previous spec compliance fix for TypedArrays caused a ~4x performance
regression. This patch removes the regression by calling out
to a path within the runtime which implements array copying more
efficiently.
BUG=chromium:592007
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1767893002
Cr-Commit-Position: refs/heads/master@{#34601}
We have compatibility workarounds to return 'undefined' on accessors
to RegExp.prototype. This patch adds two UseCounters for two categories
of this non-spec-compliant path:
- source
- ignorecase, multiline, global
R=yangguo
BUG=chromium:581577
LOG=Y
Review URL: https://codereview.chromium.org/1762423002
Cr-Commit-Position: refs/heads/master@{#34597}
The ES2015 specification requires that String.prototype.startsWith,
String.prototype.endsWith and String.prototype.includes use the IsRegExp
internal algorithm to determine whether to throw a TypeError to prevent
a RegExp from being accidentally cast to a String for those methods.
That internal algorithm checks the presence/truthiness of Symbol.match
to make its determination. This patch switches the builtins to use
this correct test, rather than checking for the [[RegExpMatcher]]
internal slot as the builtins previously did.
R=yangguo
Review URL: https://codereview.chromium.org/1762183002
Cr-Commit-Position: refs/heads/master@{#34547}
The ES2016 draft spec defines a sort of fast path for constructing
a TypedArray based on another TypedArray. This patch implements that
alternative path in TypedArray construction. It is verified by
test262 tests, which now pass. This patch also has a slight cleanup
of TypedArray code by using a macro for TypedArray type checks, as
is done for other types.
This patch includes a minor spec violation: In the same-type case, the
spec indicates that the underlying ArrayBuffer should be copied until
the end, and this is fixed up by making the [[ArrayLength]] shorter.
This is observable with the buffer getter. This patch just copies the
used part of the underlying ArrayBuffer.
R=adamk
BUG=v8:4726
LOG=Y
Review URL: https://codereview.chromium.org/1754593003
Cr-Commit-Position: refs/heads/master@{#34443}
ArrayIteratorPrototype must not provide Symbol.iterator.
R=rossberg
BUG=
Review URL: https://codereview.chromium.org/1749093002
Cr-Commit-Position: refs/heads/master@{#34386}
The code used to [[Get]] the first element twice instead of once, which can be
observed (one of the kangax tests does so).
R=rossberg
BUG=
Review URL: https://codereview.chromium.org/1747933002
Cr-Commit-Position: refs/heads/master@{#34383}
This patch fixes %TypedArray%.from to follow the ES2016 draft spec
more precisely. Specifically, the input is first converted to an
ArrayLike, and then afterwards, the mapping function is run and the
results written into the TypedArray. This fixes a test262 test.
R=adamk
LOG=Y
BUG=v8:4782
Review URL: https://codereview.chromium.org/1743463004
Cr-Commit-Position: refs/heads/master@{#34373}
This gets rid of the JavaScript wrapper. That way we can more quickly handle non-JSReceivers and indexed properties; and don't need to optimize the JavaScript wrapper either.
BUG=
Review URL: https://codereview.chromium.org/1742283002
Cr-Commit-Position: refs/heads/master@{#34356}
This reland fixes a bug by pulling properties off the utils object, so
that it can be garbage collected in nosnap builds.
Original commit message:
Intl has been somewhat of an oddball for how it integrates with V8.
One aspect is that it largely didn't use utils to install itself
into the snapshot, which led to some missing names, which new
test262 tests check for, and duplicated code. This patch brings
Intl a bit closer to how the rest of the builtins do things, though
not entirely as it is currently structured to do unusual things,
such as creating new constructors from JavaScript rather than C++.
New test262 tests check for some of the names that are added in
this patch.
R=adamk
CC=jshin
BUG=v8:4778
LOG=Y
Review URL: https://codereview.chromium.org/1745483002
Cr-Commit-Position: refs/heads/master@{#34337}
The %TailCall runtime entry and the %_TailCall intrinsic is not used,
and will never be used (because %TailCall doesn't actually do a tail
call). We will soon have proper ES6 tail calls, which are correct and
properly tested.
The %Apply runtime entry is basically a super-slow, less correct version
of Reflect.apply, so we can as well just use Reflect.apply, which is
exposed to builtins via %reflect_apply.
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/1739233002
Cr-Commit-Position: refs/heads/master@{#34317}
Reason for revert:
Breaks a bot: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/6812
Original issue's description:
> Make Intl install properties more like how other builtins do
>
> Intl has been somewhat of an oddball for how it integrates with V8.
> One aspect is that it largely didn't use utils to install itself
> into the snapshot, which led to some missing names, which new
> test262 tests check for, and duplicated code. This patch brings
> Intl a bit closer to how the rest of the builtins do things, though
> not entirely as it is currently structured to do unusual things,
> such as creating new constructors from JavaScript rather than C++.
> New test262 tests check for some of the names that are added in
> this patch.
>
> R=adamk
> CC=jshin
> BUG=v8:4778
> LOG=Y
>
> Committed: https://crrev.com/a40830577d80f699282dd83864619656b7a7966c
> Cr-Commit-Position: refs/heads/master@{#34311}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4778
Review URL: https://codereview.chromium.org/1737873003
Cr-Commit-Position: refs/heads/master@{#34314}
Reason for revert:
An Intl change that this depends on breaks a bot
Original issue's description:
> Test262 roll, 2016-2-23
>
> R=adamk
>
> Committed: https://crrev.com/34492040fbfb04fead21416245c8696b9847e751
> Cr-Commit-Position: refs/heads/master@{#34312}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1736223002
Cr-Commit-Position: refs/heads/master@{#34313}
Intl has been somewhat of an oddball for how it integrates with V8.
One aspect is that it largely didn't use utils to install itself
into the snapshot, which led to some missing names, which new
test262 tests check for, and duplicated code. This patch brings
Intl a bit closer to how the rest of the builtins do things, though
not entirely as it is currently structured to do unusual things,
such as creating new constructors from JavaScript rather than C++.
New test262 tests check for some of the names that are added in
this patch.
R=adamk
CC=jshin
BUG=v8:4778
LOG=Y
Review URL: https://codereview.chromium.org/1733293003
Cr-Commit-Position: refs/heads/master@{#34311}
Migrate Math.imul, Math.fround, Math.acos, Math.asin and Math.atan to
C++ builtins, as these ones call into C++ anyway and so there's no
need to have this extra wrapper around it.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1731543004
Cr-Commit-Position: refs/heads/master@{#34274}
When there is no receiver object, plain function calls are a few
percent faster than %_Call().
This patch also fixes the HAS_INDEX macro used in a bunch of
Array.prototype functions to properly check for elements inherited
from prototypes.
Review URL: https://codereview.chromium.org/1706213002
Cr-Commit-Position: refs/heads/master@{#34269}
The Intl object used to keep around functions which are bound to the
receiver and memoized in the object (as required by the ECMA-402 spec)
in ordinary properties with names like __boundformat__. This patch
instead stores those methods in private symbol properties, so they are
not exposed to users. A search in GitHub didn't find any uses of
__boundformat__ (whereas the same search found plenty of usages of
other V8 Intl features), so I think this should be fine in terms of
web compatibility.
BUG=v8:3785
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1728823002
Cr-Commit-Position: refs/heads/master@{#34230}
A recent ES2016 draft spec clarification indicates that, if -0 is
passed into Array.prototype.indexOf or Array.prototype.lastIndexOf
as the starting index, and the result is found at index 0, then +0
rather than -0 should be returned. This patch ensures that V8 has
that result, which is consistent with what some other browsers
return. The patch allows a couple test262 tests to pass.
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1729653002
Cr-Commit-Position: refs/heads/master@{#34229}
It turns out that some old polyfill library uses
RegExp.prototype.flags as a way of feature testing. It's not clear
how widespread this is. For now, as a minimal workaround, we can
return undefined from getters like RegExp.prototype.global when
the receiver is RegExp.prototype. This patch implements that strategy
but omits a UseCounter to make backports easier.
R=adamk
CC=yangguo@chromium.org
BUG=chromium:581577
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1640803003
Cr-Commit-Position: refs/heads/master@{#34201}
In ES2016, the Proxy enumerate trap is removed. This patch changes
for-in iteration on Proxies to use the ownKeys trap. Due to the clean
organization of that code, the patch basically consists of deletions.
R=adamk
LOG=Y
BUG=v8:4768
Review URL: https://codereview.chromium.org/1717893002
Cr-Commit-Position: refs/heads/master@{#34200}
The Proxy enumerate trap and Reflect.enumerate are removed from the
ES2016 draft specification. This patch removes the Reflect.enumerate
function, and a follow-on patch will be responsible for the Proxy
trap changes.
R=adamk
LOG=Y
BUG=v8:4768
Review URL: https://codereview.chromium.org/1721453002
Cr-Commit-Position: refs/heads/master@{#34196}
Most libraries use `JSON.stringify` with all three arguments [1] to allow for
configuration, even if `replacer` and `space` are falsey, causing the
optimized native stringifying to be missed. This commit allows for the common
case where `replacer` and `space` are not used to be fast.
[1]: https://github.com/hapijs/hapi/pull/3014
BUG=v8:4730
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1710933002
Cr-Commit-Position: refs/heads/master@{#34174}
This was changed to match Annex B.2.5.1 of ES2015 and Firefox in
https://chromium.googlesource.com/v8/v8/+/469d9bfa, but website
breakage was seen in M49 Beta. JSC still returns undefined here.
BUG=chromium:585775
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1714903004
Cr-Commit-Position: refs/heads/master@{#34172}
The DataView constructor calls into C++ anyway, and is easier to deal
with this way, especially since we don't have the half initialized
object floating through JavaScript.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1712163002
Cr-Commit-Position: refs/heads/master@{#34145}
Reason for revert:
See Domenic's comment on the V8 bug.
Original issue's description:
> Use displayName in Error.stack rendering if present.
>
> BUG=v8:4761
> LOG=y
>
> Committed: https://crrev.com/953874e974037e7e96ef282a7078760ccc905878
> Cr-Commit-Position: refs/heads/master@{#34105}
TBR=jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4761
Review URL: https://codereview.chromium.org/1713663002
Cr-Commit-Position: refs/heads/master@{#34129}
This intrinsic was only supported in fullcodegen, and is actually no
longer relevant for SunSpider peak performance it seems, so let's get
rid of it and maybe just implement Array.prototype.join with a fast
path at some point instead.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1708523002
Cr-Commit-Position: refs/heads/master@{#34084}
There's no need to have inline platform code for this intrinsic, which
is only used when generating a descriptive string for an error, the
runtime call is just fine here.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1706743002
Cr-Commit-Position: refs/heads/master@{#34080}
There's no point in having the setup or the toString/valueOf methods in
JavaScript. The full setup can be done during bootstrapping when the
Boolean constructor is created, and the prototype methods don't benefit
from JS + %_ at all.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1701273003
Cr-Commit-Position: refs/heads/master@{#34068}
Drive-by-fix: Remove the (now) unused %_SetValueOf and %_JSValueGetValue
intrinsics from the various compilers and the runtime.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698343002
Cr-Commit-Position: refs/heads/master@{#34037}
There are only two uses of %_ObjectEquals left, which should actually
use strict equality instead, so there's no need to keep this special
logic at all.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1692193002
Cr-Commit-Position: refs/heads/master@{#33948}
There's only one last user of %_Arguments and %_ArgumentsLength left,
the rest was updated to either strict mode arguments object or to not
use arguments at all.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1692003003
Cr-Commit-Position: refs/heads/master@{#33935}
There are a bunch of places in our builtins where we use %_Arguments and
%_ArgumentsLength for no good reason, as arguments object and/or rest
parameter is as good and performant in these cases. Now the only uses
of %_Arguments and %_ArgumentsLength left are in string.js, which
requires dedicated investigation.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=yangguo@chromium.org
Committed: https://crrev.com/2160429fd458e3c095475e718c97f77ac90d906f
Cr-Commit-Position: refs/heads/master@{#33834}
Review URL: https://codereview.chromium.org/1678953004
Cr-Commit-Position: refs/heads/master@{#33881}
If Array.from is passed an iterable, then it will copy the contents
to the newly created Array (or subclass). The iteration protocol here
includes calling IteratorClose if the loop is exited early due to an
exception thrown. This patch converts Array.from to use a for-of loop
rather than explicitly invoking the iteration protocol so that, when
IteratorClose is invoked on early for-of exit, then Array.from will
call IteratorClose in the appropriate case.
R=neis
LOG=Y
BUG=v8:4739
Review URL: https://codereview.chromium.org/1686433003
Cr-Commit-Position: refs/heads/master@{#33859}
Reason for revert:
Breaks tree
Original issue's description:
> [builtins] Remove bunch of uses of %_Arguments and %_ArgumentsLength.
>
> There are a bunch of places in our builtins where we use %_Arguments and
> %_ArgumentsLength for no good reason, as arguments object and/or rest
> parameter is as good and performant in these cases. Now the only uses
> of %_Arguments and %_ArgumentsLength left are in string.js, which
> requires dedicated investigation.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/2160429fd458e3c095475e718c97f77ac90d906f
> Cr-Commit-Position: refs/heads/master@{#33834}
TBR=yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1677063005
Cr-Commit-Position: refs/heads/master@{#33835}
There are a bunch of places in our builtins where we use %_Arguments and
%_ArgumentsLength for no good reason, as arguments object and/or rest
parameter is as good and performant in these cases. Now the only uses
of %_Arguments and %_ArgumentsLength left are in string.js, which
requires dedicated investigation.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1678953004
Cr-Commit-Position: refs/heads/master@{#33834}
