It's expensive to walk all shared function infos during the gc atomic
pause. Instead, use WeakCells to implement this structure without
manual clearing.
Reland due to a bug when reusing entries in the optimized code map.
BUG=
Review URL: https://codereview.chromium.org/1508703002
Cr-Commit-Position: refs/heads/master@{#32696}
Error still to be done, since that's not yet available in the bootstrapper.
BUG=v8:3900, v8:3931, v8:1543, v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1499923002
Cr-Commit-Position: refs/heads/master@{#32662}
It's expensive to walk all shared function infos during the gc atomic pause. Instead, use WeakCells to implement this structure without manual clearing.
BUG=
Review URL: https://codereview.chromium.org/1478943003
Cr-Commit-Position: refs/heads/master@{#32567}
This way we avoid the %_IsSmi magic that is required in TurboFan to
(efficiently) check abitrary context slots for smi 0. Checking against
"the hole" is common in the AstGraphBuilder and "the hole" is also used
to mark other context slots as not initialized.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1484723003
Cr-Commit-Position: refs/heads/master@{#32407}
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=yangguo@chromium.org,mstarzinger@chromium.org
Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
Cr-Commit-Position: refs/heads/master@{#32375}
Review URL: https://codereview.chromium.org/1480003002
Cr-Commit-Position: refs/heads/master@{#32381}
Reason for revert:
[Sheriff] Breaks:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5472
Original issue's description:
> [runtime] Replace global object link with native context link in all contexts.
>
> Previously all contexts had a link to the global object, but what is
> required in most cases (except for the global load, store and delete
> case) is the native context.
>
> This also removes the second dummy global object that was still linked
> to every native context. We will add a different mechanism to ensure
> that builtins do not pollute the actual global object during
> bootstrapping.
>
> Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
> Cr-Commit-Position: refs/heads/master@{#32375}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1478303002
Cr-Commit-Position: refs/heads/master@{#32377}
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1480003002
Cr-Commit-Position: refs/heads/master@{#32375}
Now that we have a C++ implementation, calling into JS builtins is needlessly inefficient.
Review URL: https://codereview.chromium.org/1410553006
Cr-Commit-Position: refs/heads/master@{#31637}
This reverts commit 24aca87090.
The API makes these values appear to be per-isolate, when in fact
they are per-context. Installing the results of these on Template
objects instantiated in multiple contexts can result in security
violations and contexts being retained indefinitely.
An alternative mechanism for using these in a sensible way is
provided by https://crrev.com/1409593002
BUG=
LOG=N
R=jochen@chromium.org, adamk@chromium.org
Review URL: https://codereview.chromium.org/1415663002
Cr-Commit-Position: refs/heads/master@{#31417}
Previously, name conflicts between var and let declarations were only
made into exceptions if they were visible at parse-time. This patch adds
runtime checks so that sloppy-mode direct eval can't introduce conflicting
var declarations. The change is implemented by traversing the scope chain
when a direct eval introduces a var declaration to look for conflicting
let declarations, up to the function boundary.
BUG=v8:4454
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1382513003
Cr-Commit-Position: refs/heads/master@{#31211}
Allow access to Array Iterator through the API, in order to simplify
setting up interfaces which use these methods. This applies to
WebIDL interfaces with "length" attributes returning integer types and
a getter taking an unsigned long type.
BUG=
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1378403004
Cr-Commit-Position: refs/heads/master@{#31152}
Properly share both the constructor and the non-constructor maps
for bound functions. Previously we had only the non-constructor
map shared on the native context, and we had to create a new map
for every bound function whose [[BoundTargetFunction]] is a
constructor (in the ES6 sense).
This should repair the most recent regression on Speedometer.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=chromium:536114,chromium:535408,v8:4430
LOG=n
Review URL: https://codereview.chromium.org/1379323002
Cr-Commit-Position: refs/heads/master@{#31086}
Introduce %_ToNumber intrinsic, which just calls to the existing
ToNumberStub, and remove all uses of our custom JavaScript plus
intrinsics based ToNumber and friends.
Also replace the TO_NUMBER_INLINE macro with TO_NUMBER,
which is currently a wrapper for %_ToNumber. Newly written JS
code should use TO_NUMBER (similar to TO_STRING, TO_INT32,
and friends).
Also finally remove the DefaultString/DefaultNumber builtins, which
are basically the ES5 version of ToPrimitive. Now all code uses the
ES6 version, which is implemented in Object::ToPrimitive and
JSReceiver::ToPrimitive in C++.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1384443002
Cr-Commit-Position: refs/heads/master@{#31054}
This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1371083003
Cr-Commit-Position: refs/heads/master@{#31019}
This adds ES6 compliant Object::ToInteger, Object::ToInt32,
Object::ToUint32 and Object::ToLength, and replaces the old
Execution wrappers of those abstract operations (which were
not using the correct ToPrimitive).
This also introduces proper %ToInteger and %ToLength runtime
entries, with a fast path %_ToInteger supported in fullcodegen
and Crankshaft (for now). Internal JavaScript code should use
TO_INTEGER and TO_LENGTH respectively.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1378533002
Cr-Commit-Position: refs/heads/master@{#30993}
There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).
This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.
Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org, rossberg@chromium.org
BUG=v8:4413, v8:4430
LOG=n
Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
Cr-Commit-Position: refs/heads/master@{#30900}
Review URL: https://codereview.chromium.org/1358423002
Cr-Commit-Position: refs/heads/master@{#30902}
Reason for revert:
Failed on Fuzzer and MIPS bot.
Original issue's description:
> [es6] Introduce spec compliant IsConstructor.
>
> There was already a bit on the Map named "function with prototype",
> which basically meant that the Map was a map for a JSFunction that could
> be used as a constructor. Now this CL generalizes that bit to
> IsConstructor, which says that whatever (Heap)Object you are looking at
> can be used as a constructor (i.e. the bit is also set for bound
> functions that can be used as constructors and proxies that have a
> [[Construct]] internal method).
>
> This way we have a single chokepoint for IsConstructor checking, which
> allows us to get rid of the various ways in which we tried to guess
> whether something could be used as a constructor or not.
>
> Drive-by-fix: Renamed IsConstructor on FunctionKind to
> IsClassConstructor to resolve the weird name clash, and the
> IsClassConstructor name also matches the spec.
>
> R=jarin@chromium.org, rossberg@chromium.org
> BUG=v8:4430
> LOG=n
>
> Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
> Cr-Commit-Position: refs/heads/master@{#30900}
TBR=jarin@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4430
Review URL: https://codereview.chromium.org/1360403002
Cr-Commit-Position: refs/heads/master@{#30901}
There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).
This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.
Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.
R=jarin@chromium.org, rossberg@chromium.org
BUG=v8:4430
LOG=n
Review URL: https://codereview.chromium.org/1358423002
Cr-Commit-Position: refs/heads/master@{#30900}
Introduce a new macro TO_STRING that maps to %_ToString and use that
instead of calling into any of the ToString/NonStringToString JavaScript
builtins. Also remove the TO_STRING_INLINE macro, which is basically
obsolete with %_ToString. We still have a few uses of ToString left (via
the utils export mechanism), where we need to investigate whether we
will tank badly if we replace them with TO_STRING as well.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=yangguo@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1323543002
Cr-Commit-Position: refs/heads/master@{#30895}
For string wrappers (JSValue instances with [[StringData]] internal
fields), we can shortcirciut the ToPrimitive if
(a) the {input} map matches the initial map of the String function,
(b) the {input} [[Prototype]] is the unmodified %StringPrototype% (i.e.
no one monkey-patched toString, @@toPrimitive or valueOf), and
(c) the %ObjectPrototype% (i.e. the [[Prototype]] of the
%StringPrototype%) is also unmodified, that is no one sneaked a
@@toPrimitive into the %ObjectPrototype%.
If all these assumptions hold, we can just take the [[StringData]] value
and return it.
This just repairs a regression introduced by removing the
weird (and broken) intrinsic %_IsStringWrapperSafeForDefaultValue, which
was intendend to something similar to this, although less efficient and
wrong in the presence of @@toPrimitive. Long-term we might want to move
into the direction of having a ToPrimitiveStub that can do common cases
while staying in JavaScript land (i.e. not going to C++).
R=jarin@chromium.org
BUG=chromium:532524
LOG=n
Review URL: https://codereview.chromium.org/1366563002
Cr-Commit-Position: refs/heads/master@{#30890}
Previously we only collected the known map for equality comparisons. But
if we also collect it for relational comparisons, we can inline a fast
path of ToPrimitive on the objects, which is especially interesting
since both sides have the same map.
For now we only inline a very limited subset of ToPrimitive in
Crankshaft, which is when the receiver map (and its prototype chain)
doesn't have @@toPrimitive, and both valueOf and toString are the
default versions on the %ObjectPrototype%. In this case the relational
comparison would reduce to a string comparison of "[object CLASS]" with
itself and so we can reduce that to a boolean constant plus map checks
on both left and right hand side, plus code dependencies on the
prototype chain. This repairs the regression on box2d.
R=jkummerow@chromium.org
BUG=chromium:534200
LOG=n
Review URL: https://codereview.chromium.org/1355113002
Cr-Commit-Position: refs/heads/master@{#30852}
This way we can finally remove the ES5 ToPrimitive builtin from
runtime.js, and the Date Constructor now properly supports
@@toPrimitive for the single argument case as well.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=rossberg@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1346893003
Cr-Commit-Position: refs/heads/master@{#30832}
This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
and replaces them with a proper C++ implementation in Object::Compare
and appropriate wrappers Object::LessThan, Object::GreaterThan, and
friends that are intended to be used by a true/false returning CompareIC
in the future, as well as the interpreter. As a short-term solution we
provide %Compare and %Compare_Strong entry points for the current
CompareIC that return the appropriate integer values expected by
fullcodegen currently.
Now the Abstract Relational Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1350113002
Cr-Commit-Position: refs/heads/master@{#30816}
This adds a utils object meant specifically for V8 extras, presenting a limited
API surface for doing things that would otherwise require %-functions.
BUG=v8:4276
LOG=Y
R=jochen@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1343113003
Cr-Commit-Position: refs/heads/master@{#30773}
Move the implementation of the Abstract Equality Comparison to the
runtime and thereby remove the EQUALS dispatcher builtin. Also remove
the various runtime entry points that were only used to support the
EQUALS builtin.
Now the Abstract Equality Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1337993005
Cr-Commit-Position: refs/heads/master@{#30747}
These builtins present an optimization for the general addition case,
where one side is already known to be a string. Unfortunately this
optimization is wrong in the presence of @@toPrimitive (there are some
ideas how to implement a similar optimization using the prototype
backpointer mechanism that jkummerow@ introduced earlier). So this
also removes the broken %_IsStringWrapperSafeForDefaultValueOf, which is
the key part of the optimization mentioned above.
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1336273002
Cr-Commit-Position: refs/heads/master@{#30707}
Just use a %ThrowStackOverflow runtime function instead, which
does the trick, especially since the Isolate already has a
preallocated StackOverflow error for that.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1337883002
Cr-Commit-Position: refs/heads/master@{#30693}
Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.
Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1335723002
Cr-Commit-Position: refs/heads/master@{#30691}
Replace the ADD, SUB, etc. builtins with proper runtime implementations,
and expose them as runtime calls that can be used by the code stubs and
the interpreter (for now).
Also remove all the support runtime functions for ADD, SUB and friends,
namely %NumberAdd, %NumberSub, and so on.
R=mstarzinger@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
Review URL: https://codereview.chromium.org/1333843002
Cr-Commit-Position: refs/heads/master@{#30680}
This fixes the Runtime_DeclareGlobals performance regression caused by a huge number of global var declarations mentioned in chromium:517778.
BUG=chromium:517778
LOG=N
Review URL: https://codereview.chromium.org/1335633002
Cr-Commit-Position: refs/heads/master@{#30679}
The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.
This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.
This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.
MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4413
LOG=n
Committed: https://crrev.com/ef268a83be4dead004047c25b702319ea4be7277
Cr-Commit-Position: refs/heads/master@{#30627}
Review URL: https://codereview.chromium.org/1311013008
Cr-Commit-Position: refs/heads/master@{#30629}
Reason for revert:
Breaks nosnap, needs investigation
Original issue's description:
> [builtins] Unify the various versions of [[Call]] with a Call builtin.
>
> The new Call and CallFunction builtins supersede the current
> CallFunctionStub (and CallIC magic) and will be the single bottleneck
> for all calling, including the currently special Function.prototype.call
> and Function.prototype.apply builtins, which had handwritten (and
> not fully compliant) versions of CallFunctionStub, and also the
> CallIC(s), which where also slightly different.
>
> This also reduces the overhead for API function calls, which is still
> unnecessary high, but let's do that step-by-step.
>
> This also fixes a bunch of cases where the implicit ToObject for
> sloppy receivers was done in the wrong context (in the caller
> context instead of the callee context), which basically meant
> that we allowed cross context access to %ObjectPrototype%.
>
> MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
>
> R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
> BUG=v8:4413
> LOG=n
>
> Committed: https://crrev.com/ef268a83be4dead004047c25b702319ea4be7277
> Cr-Commit-Position: refs/heads/master@{#30627}
TBR=rmcilroy@chromium.org,jarin@chromium.org,mstarzinger@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413
Review URL: https://codereview.chromium.org/1328963004
Cr-Commit-Position: refs/heads/master@{#30628}
The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.
This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.
This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.
MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1311013008
Cr-Commit-Position: refs/heads/master@{#30627}
Similar to DELETE, the IN builtin is just a thin wrapper for %HasElement
and %HasProperty anyway, and cannot be optimized, plus it had a weird
special fast case (which also involved at least one LOAD_IC plus some
intrinsic magic).
R=yangguo@chromium.org,jarin@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_win_nosnap_shared_rel
Committed: https://crrev.com/72d60a1e80e81e2e68ca402665e2acbc46c5e471
Cr-Commit-Position: refs/heads/master@{#30154}
Review URL: https://codereview.chromium.org/1295433002
Cr-Commit-Position: refs/heads/master@{#30582}
Use a single JSIteratorResult type for all implementation provided
iterator results (i.e. the String, Array and collection iterators,
and also for generators). This removes one source of unnecessary
polymorphism in for-of loops. It is accomplished by a new intrinsic
%_CreateIterResultObject() that should be used to create iterator
result objects from JavaScript builtins (there's a matching factory
method for C++ code).
Also restructure the %StringIteratorPrototype%.next() and
%ArrayIteratorPrototype%.next() functions to be a bit more friendly
to optimizing compilers.
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/1302173007
Cr-Commit-Position: refs/heads/master@{#30557}
This CL us a pure refactoring that makes an empty compilation unit
including just "isolate.h" or "contexts.h" but not "objects-inl.h"
compile without warnings or errors. This is needed to further reduce
the header dependency tangle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1322883002
Cr-Commit-Position: refs/heads/master@{#30500}
This CL introduces HPrologue instruction which does the context allocation work and supports deoptimization.
Review URL: https://codereview.chromium.org/1317383002
Cr-Commit-Position: refs/heads/master@{#30496}
This adds a new ToString runtime function and a fast-path ToStringStub
(which is just a simple dispatcher for existing functionality), and also
implements %_ToName using the ToStringStub.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1319973007
Cr-Commit-Position: refs/heads/master@{#30442}
This adds a %ToName runtime entry that uses the previously introduced
Object::ToName, which is based on the new Object::ToPrimitive method.
Also removes the need to expose ToName in various way via the builtins
and/or context.
Drive-by-fix: Let %HasProperty do the ToName conversion implicitly as
required.
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1319133002
Cr-Commit-Position: refs/heads/master@{#30435}
This is the first step towards a spec compliant ToPrimitive
implementation (and therefore spec compliant ToNumber, ToString,
ToName, and friends). It adds support for the @@toPrimitive
symbol that was introduced with ES2015, and also adds the new
Symbol.prototype[@@toPrimitive] and Date.prototype[@@toPrimitive]
initial properties.
There are now runtime functions for %ToPrimitive, %ToNumber and
%ToString, which do the right thing and should be used as fallbacks
instead of the hairy runtime.js implementations. I will do the
same for the other conversion operations mentioned by the spec in
follow up CLs. Once everything is in place we can look into
optimizing things further, so that we don't always call into the
runtime.
Also fixed Date.prototype.toJSON to be spec compliant.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=y
Review URL: https://codereview.chromium.org/1306303003
Cr-Commit-Position: refs/heads/master@{#30434}
Adds Uint32x4, Uint16x8, and Uint8x16 types.
Adds all functions in the current spec, except for loads and stores.
LOG=Y
BUG=v8:4124
Review URL: https://codereview.chromium.org/1294513004
Cr-Commit-Position: refs/heads/master@{#30322}
This CL is a nightmare! For the utterly irrelevant edge case of a sloppy function with non-simple parameters and a call to direct eval, like here,
let x = 1;
function f(g = () => x) {
var y
eval("var x = 2")
return g() + x // f() = 3
}
we have to do all of the following, on top of the declaration block ("varblock") contexts we already introduce around the body:
- Introduce the ability for varblock contexts to have both a ScopeInfo and an extension object (e.g., the body varblock in the example will contain both a static var y and a dynamic var x). No other scope needs that. Since there are no context slots left, a special new struct is introduced that pairs up scope info and extension object.
- When declaring lookup slots in the runtime, this new struct is allocated in the case where an extension object has to be added to a block scope (at which point the block's extension slot still contains a plain ScopeInfo).
- While at it, introduce some abstraction to access context extension slots in a more controlled manner, in order to keep special-casing to a minimum.
- Make sure that even empty varblock contexts do not get optimised away when they contain a sloppy eval, so that they can host the potential extension object.
- Extend dynamic search for declaration contexts (used by sloppy direct eval) to recognize varblock contexts.
- In the parser, if a function has a sloppy direct eval, introduce an additional varblock scope around each non-simple (desugared) parameter, as required by the spec to contain possible dynamic var bindings.
- In the pattern rewriter, add the ability to hoist the named variables the pattern declares to an outer scope. That is required because the actual destructuring has to be evaluated inside the protecting varblock scope, but the bindings that the desugaring introduces are in the outer scope.
- ScopeInfos need to save the information whether a block is a varblock, to make sloppy eval calls work correctly that deserialise them as part of the scope chain.
- Add the ability to materialize block scopes with extension objects in the debugger. Likewise, enable setting extension variables in block scopes via the debugger interface.
- While at it, refactor and unify some respective code in the debugger.
Sorry, this CL is large. I could try to split it up, but everything is rather entangled.
@mstarzinger: Please review the changes to contexts.
@yangguo: Please have a look at the debugger stuff.
R=littledan@chromium.org, mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:811,v8:2160
LOG=N
Review URL: https://codereview.chromium.org/1292753007
Cr-Commit-Position: refs/heads/master@{#30295}
We currently have several ways to share symbols that are used in
both native scripts and the runtime. This change unifies this.
We do not use the symbols registry since we don't need the
registry any longer after bootstrapping, but the registry stays
alive afterwards.
R=mlippautz@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1293493004
Cr-Commit-Position: refs/heads/master@{#30280}
Reason for revert:
This performance hack is no longer necessary.
Original issue's description:
> Group lexical context variables for faster look up.
>
> Currently, looking up a lexical context variable requires looking up
> the variable name and then checking its mode. This can be a bottleneck
> in Runtime_DeclareGlobals, even when no lexical context variables are
> declared.
>
> R=rossberg@chromium.org
> BUG=crbug:517778
> LOG=N
>
> Committed: https://crrev.com/a45ed17bb6aca02e940f13bbf456d660cccc86ae
> Cr-Commit-Position: refs/heads/master@{#30075}
TBR=rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=crbug:517778
Review URL: https://codereview.chromium.org/1290053002
Cr-Commit-Position: refs/heads/master@{#30145}
No need to provide TO_INT32/TO_UINT32 functions for every native
context, as they can be implemented in terms of TO_NUMBER more easily
and efficiently.
Also remove the obsolete TO_BOOLEAN_FUN_INDEX from the native contexts.
Review URL: https://codereview.chromium.org/1275013004
Cr-Commit-Position: refs/heads/master@{#30080}
Currently, looking up a lexical context variable requires looking up
the variable name and then checking its mode. This can be a bottleneck
in Runtime_DeclareGlobals, even when no lexical context variables are
declared.
R=rossberg@chromium.org
BUG=crbug:517778
LOG=N
Review URL: https://codereview.chromium.org/1281883002
Cr-Commit-Position: refs/heads/master@{#30075}
There is only one use case for it: String.prototype.search converts a
string argument into a RegExp. The cache is used to avoid repeating that
conversion. However, this does not make the added complexity worthwhile.
Review URL: https://codereview.chromium.org/1267493006
Cr-Commit-Position: refs/heads/master@{#29985}
This is the initial (big) step towards a more uniform implementation of
the ToObject abstract operation (ES6 7.1.13), where we have a fallback
implementation in JSReceiver::ToObject() and a fast (hydrogen) CodeStub
to deal with the fast case (we should be able to do more cleanup on this
in a followup CL). For natives we expose the abstract operation via a
%_ToObject intrinsic, also exposed via a macro TO_OBJECT, that unifies
the previous confusion with TO_OBJECT_INLINE, ToObject, TO_OBJECT,
$toObject and %$toObject. Now the whole implementation of the abstract
operation is context independent, meaning we don't need any magic in the
builtins object nor the native context.
R=mvstanton@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1266013006
Cr-Commit-Position: refs/heads/master@{#29953}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29712}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29689}
Until now, TF-generated code stubs piggy-backed off of the builtin
context. Since generation of code stubs is lazy, stubs generated at
different times in different native contexts would contain embedded
pointers different builtin contexts, leading to cross-context references
and memory leaks.
After this CL, all TF-generated code stubs are generated inside a
internal thinned-out, native context that lives solely for the
purpose of hosting generated code stubs.
Review URL: https://codereview.chromium.org/1213203007
Cr-Commit-Position: refs/heads/master@{#29593}
Map: get, set, has, delete, clear
Set: add, has, delete, clear
All except clear are implemented as calls into collection.js.
Note that some of these shadow methods of v8::Object. It's unclear
how confusing that's going to be: on the one hand, it seems likely
that most operations you would want to do on a Map or Set are these.
On the other, generic code could get confused if it somehow gets
ahold of a variable that happens to be C++-typed as a v8::Map or v8::Set.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1204623002
Cr-Commit-Position: refs/heads/master@{#29237}
The Map and Set maps get overwritten when collection.js executes, so in
a nosnap build we have to wait until it runs before we grab the maps.
To facilitate that, store the functions in the native context as well.
Review URL: https://codereview.chromium.org/1161363002
Cr-Commit-Position: refs/heads/master@{#28743}
These are similar to the Map/Set constructors when called with an array,
except that they are guaranteed to be side-effect free if called with
a packed array.
This will be useful in implementing structured clone which, as
specified in HTML, speaks in terms of the internal [[MapData]]
and [[SetData]] slots without going through the exposed iteration
ES semantics.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1155893003
Cr-Commit-Position: refs/heads/master@{#28642}
Only supports constructing new objects and returning size.
Followup patch will need to add ability to retrieve and
set contents in order to support structured clone.
Also removes a bunch of outdated "experimental" markers from v8.h.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1157453002
Cr-Commit-Position: refs/heads/master@{#28637}
This adds a new external type (v8::SharedArrayBuffer) that uses a JSArrayBuffer
under the hood. It can be distinguished from an ArrayBuffer by the newly-added
is_shared() bit.
Currently there is no difference in functionality between a SharedArrayBuffer
and an ArrayBuffer. However, a future CL will add the Atomics API, which is
only available on an SharedArrayBuffer. All non-atomic accesses are identical
to ArrayBuffer accesses.
LOG=N
BUG=
Review URL: https://codereview.chromium.org/1136553006
Cr-Commit-Position: refs/heads/master@{#28594}
Reason for revert:
breaks build
Original issue's description:
> Implement SharedArrayBuffer.
>
> This adds a new external type (v8::SharedArrayBuffer) that uses a JSArrayBuffer under the hood. It can be distinguished from an ArrayBuffer by the newly-added is_shared() bit.
>
> Currently there is no difference in functionality between a SharedArrayBuffer and an ArrayBuffer. However, a future CL will add the Atomics API, which is only available on an SharedArrayBuffer. All non-atomic accesses are identical to ArrayBuffer accesses.
>
> BUG=
>
> Committed: https://crrev.com/57170bff7baf341c666252a7f6a49e9c08d51263
> Cr-Commit-Position: refs/heads/master@{#28588}
TBR=jarin@chromium.org,jochen@chromium.org,binji@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1149203003
Cr-Commit-Position: refs/heads/master@{#28589}
This adds a new external type (v8::SharedArrayBuffer) that uses a JSArrayBuffer under the hood. It can be distinguished from an ArrayBuffer by the newly-added is_shared() bit.
Currently there is no difference in functionality between a SharedArrayBuffer and an ArrayBuffer. However, a future CL will add the Atomics API, which is only available on an SharedArrayBuffer. All non-atomic accesses are identical to ArrayBuffer accesses.
BUG=
Review URL: https://codereview.chromium.org/1136553006
Cr-Commit-Position: refs/heads/master@{#28588}
Some of the DevTools' clients need to inspect JS objects without enabling debugger. This CL allows to inspect object's internal properties without enabling debugger and instantiating debug context.
Note that now debug context can be created lazily if v8::Debug::GetDebugContext is called when there is no debug listener. This is fragile and has already resulted in some subtle error. I'm going to fix that in a separate CL.
BUG=chromium:481845
LOG=Y
Review URL: https://codereview.chromium.org/1134193002
Cr-Commit-Position: refs/heads/master@{#28371}
