The ES6 spec for this function declares that ToLength
should only be called once. We were evaluating it multiple
times, so if length was an object with a valueOf method,
we could see effects take place multiple times.
R=littledan@chromium.org
LOG=N
BUG=v8:4218
Review URL: https://codereview.chromium.org/1237583005
Cr-Commit-Position: refs/heads/master@{#30240}
Bytecode generator for local assignment and basic binary operations.
Command-line flag for printing bytecodes.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1294543002
Cr-Commit-Position: refs/heads/master@{#30221}
Makes the following modifications to the interpreter builtins and
InterpreterAssembler:
- Adds an accumulator register and initializes it to undefined()
- Adds a register file pointer register and use it instead of FramePointer to
access registers
- Modifies builtin to support functions with 0 regiters in the register file
- Modifies builtin to Call rather than TailCall to first bytecode handler.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1289863003
Cr-Commit-Position: refs/heads/master@{#30219}
Second item in section 13.7.5.1 states that the error should be a
SyntaxError, when previously CheckAndRewriteReferenceExpression
would always emit a ReferenceError.
BUG=v8:4373
R=adamk, rossberg
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1292393002
Cr-Commit-Position: refs/heads/master@{#30184}
- Make the API look like v8::V8::InitializeICU.
(That is: A static method call, not an object to be created on the stack.)
- Fix path separator on Windows, by calling base::OS::isPathSeparator.
- Move into API, so that it can be called by hello-world & friends.
- Actually call it from hello-world and friends.
R=jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1292053002
Cr-Commit-Position: refs/heads/master@{#30174}
In doing so, fix calls CheckAndRewriteReferenceExpression to take proper
start and end positions (instead of just pointing at the first token in
the LHS expression).
BUG=v8:4370
LOG=n
Review URL: https://codereview.chromium.org/1290013002
Cr-Commit-Position: refs/heads/master@{#30166}
This test enumerates properties on all the builtins and makes sure that
they never change. In practice, this just generates busywork when trying
to add new language features; I've never seen it catch an
accidentally-exposed bit of API.
Review URL: https://codereview.chromium.org/1275423006
Cr-Commit-Position: refs/heads/master@{#30160}
Reason for revert:
Breaks win32 nosnap
Original issue's description:
> [runtime] Remove useless IN builtin.
>
> Similar to DELETE, the IN builtin is just a thin wrapper for %HasElement
> and %HasProperty anyway, and cannot be optimized, plus it had a weird
> special fast case (which also involved at least one LOAD_IC plus some
> intrinsic magic).
>
> R=yangguo@chromium.org,jarin@chromium.org
>
> Committed: https://crrev.com/72d60a1e80e81e2e68ca402665e2acbc46c5e471
> Cr-Commit-Position: refs/heads/master@{#30154}
TBR=yangguo@chromium.org,jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1288923002
Cr-Commit-Position: refs/heads/master@{#30155}
Similar to DELETE, the IN builtin is just a thin wrapper for %HasElement
and %HasProperty anyway, and cannot be optimized, plus it had a weird
special fast case (which also involved at least one LOAD_IC plus some
intrinsic magic).
R=yangguo@chromium.org,jarin@chromium.org
Review URL: https://codereview.chromium.org/1295433002
Cr-Commit-Position: refs/heads/master@{#30154}
Modifies the BytecodeArrayBuilder to create register operands which are
negative. This reduces the number of instructions to access registers
by the interpreter and allows us to use positive register operands to
access parameter values.
Adds a Register class to keep register usage typesafe and simplify the
convertion to bytecode operand values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1283313003
Cr-Commit-Position: refs/heads/master@{#30151}
The DELETE builtin calls through to %DeleteProperty anyway, so we
can as well skip the builtin completely and always call into the
runtime directly. Also add different entries depending on whether
calling code is in sloppy or strict/strong mode.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1291973002
Cr-Commit-Position: refs/heads/master@{#30148}
This patch puts --harmony-sloppy into staging. Now that let, lexically-scoped
functions and ES2015 sloppy mode const semantics have been split off into
separate flags, the change only enables classes in sloppy mode.
BUG=v8:3305
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1288153003
Cr-Commit-Position: refs/heads/master@{#30141}
This patch strengthens testing of classes by verifying that the binding
that they export externally follows block scoping, as opposed to var-style
scoping. The tests are based on existing tests for let and const.
R=adamk
LOG=N
BUG=v8:3305
Review URL: https://codereview.chromium.org/1286923002
Cr-Commit-Position: refs/heads/master@{#30140}
The operations were available on ARM64 and x86-32 but were unused.
It has been conjectured that nontemporals can be used for rowhammer-like bitflips more easily than regular load/store operations. It is therefore desirable to avoid generating these instructions in the future.
R= titzer, jochen, jln, Mark Seaborn, ruiq
Review URL: https://codereview.chromium.org/1276113002
Cr-Commit-Position: refs/heads/master@{#30139}
This tries to remove includes of "-inl.h" headers from normal ".h"
headers, thereby reducing the chance of any cyclic dependencies and
decreasing the average size of our compilation units.
Note that this change still leaves 7 violations of that rule in the
code. However there now is the "tools/check-inline-includes.sh" tool
detecting such violations.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1283033003
Cr-Commit-Position: refs/heads/master@{#30125}
In an initial attempt to implement sloppy mode lexical bindings,
functions were made lexically scoped in sloppy mode. However, the
ES2015 spec says that they need an additional hoisted var binding,
and further, it's not clear when we'll implement that behavior
or whether it's web-compatible.
This patch splits off function block scoping into a new, separate
flag called --harmony_sloppy_function. This change will enable the
possibility of testing and shipping this feature separately from
other block scoping-related features which don't have the same risks.
BUG=v8:4285
R=adamk
LOG=N
Review URL: https://codereview.chromium.org/1282093002
Cr-Commit-Position: refs/heads/master@{#30122}
In ES6, direct eval() in sloppy mode uses the enclosing function-level
("var") scope for var-style bindings and a new lexical scope for lexical
bindings like let and class. This patch implements that feature by making
lexical bindings that are directly within an EVAL_SCOPE be on the local
scope rather than the enclosing one.
BUG=v8:4288
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1274193004
Cr-Commit-Position: refs/heads/master@{#30120}
This way we can greatly simplify the different variants of ToObject in
our codebase and make them more uniform and robust. Adding a new
primitive doesn't require finding and changing all those places again,
but it is sufficient to setup the constructor function index when
allocating the map.
We use the inobject properties field of Map, which is invalid primitive
maps anyway.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1276533003
Cr-Commit-Position: refs/heads/master@{#30119}
Also remove unused max_capcity_ field in old spaces.
BUG=chromium:518028,chromium:504854
LOG=n
Review URL: https://codereview.chromium.org/1284853003
Cr-Commit-Position: refs/heads/master@{#30114}
There's no need to have one InstanceType per SIMD primitive type (this
will not scale long-term). Also reduce the amount of code duplication
and make it more robust wrt adding new SIMD types.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1273353003
Cr-Commit-Position: refs/heads/master@{#30107}
This avoids many back-and-forth calls to the runtime.
This also slightly changes the way we avoid getters. Previously, we circumvent getting the name property of ReferenceError, SyntaxError and TypeError due to crbug/69187 (in order to avoid leaking information from those errors through a 'name' getter installed on their prototypes). Now we do that for all errors created by V8.
R=jkummerow@chromium.org, rossberg@chromium.org
BUG=crbug:513472, crbug:69187
LOG=N
Review URL: https://codereview.chromium.org/1281833002
Cr-Commit-Position: refs/heads/master@{#30105}
The following errors come up when compiling v8
with clang 3.7 on FreeBSD/amd64:
src/runtime/runtime-i18n.cc:629:37: error: reinterpret_cast from
'nullptr_t' to 'v8::internal::Smi *' is not allowed
local_object->SetInternalField(1, reinterpret_cast<Smi*>(NULL));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/cctest/test-heap.cc:131:20: error: reinterpret_cast from
'nullptr_t' to 'v8::internal::Object *' is not allowed
Handle<Object> n(reinterpret_cast<Object*>(NULL), isolate);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/cctest/test-heap.cc:1989:18: error: reinterpret_cast from
'nullptr_t' to 'Address' (aka 'unsigned char *') is not
allowed
Address base = reinterpret_cast<Address>(NULL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+add myself to the AUTHORS file.
BUG=
Review URL: https://codereview.chromium.org/1277353002
Cr-Commit-Position: refs/heads/master@{#30103}
Moves the creation of the interpreter table early on during initialization
to ensure that even on nosnap builds it still gets allocated in the
first page.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1278413002
Cr-Commit-Position: refs/heads/master@{#30096}
TurboFan is now a requirement and supported by all backends, so we don't
need those macros (plus all the machinery on top) anymore.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1282763002
Cr-Commit-Position: refs/heads/master@{#30082}
When a (prototype) map registers as a user of its own prototype, it now remembers the index in that prototype's registry where it is listed.
This remembered index is used on un-registration to find the right slot to clear without walking the entire registry.
Compaction of the registry must update all entries' remembered indices.
BUG=chromium:517778,chromium:517406
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1276353004
Cr-Commit-Position: refs/heads/master@{#30079}
Also clean up variable naming in min_max and other tests. Fix class_fmt in mips64 assembler test for proper NaN checking
Review URL: https://codereview.chromium.org/1276813004
Cr-Commit-Position: refs/heads/master@{#30073}
Note that this tests performed unnecessary many iterations which led to
long runtimes in debug mode and also caused flaky GCs during that would
cause the optimized code map to be flushed and violated assumptions.
R=yangguo@chromium.org
BUG=v8:4363
LOG=N
Review URL: https://codereview.chromium.org/1280973002
Cr-Commit-Position: refs/heads/master@{#30070}
Rationale: The {kind} of a call descriptor describes what the {target} being
called is--i.e. a JSFunction, code object, or address. That kind materially
dictates the instruction(s) generated for an outgoing call.
The other flags on a call descriptor should describe specific properties
(like whether a roots register is valid or not) so that backend logic doesn't
have to switch over the kind, but is informed directly of what it wants to
know.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1268273003
Cr-Commit-Position: refs/heads/master@{#30065}
This fixes a corner-case where extending an optimized code map left
stale entries in the abandoned copy. This can cause havoc not only in
the heap verifier but also in the GC, because stale entries have not
been recorded when being trated weakly.
Note that this also pre-tenures all optimized code maps into old-space
because their lifetime is coupled to the SharedFunctionInfo anyways.
R=hpayer@chromium.org
TEST=cctest/test-heap/Regress514122
BUG=chromium:514122
LOG=N
Review URL: https://codereview.chromium.org/1277873002
Cr-Commit-Position: refs/heads/master@{#30047}
We missed a check whether we can actually do incremental marking when starting
it on reaching the external allocation limit.
BUG=chromium:517195
LOG=N
Review URL: https://codereview.chromium.org/1274983002
Cr-Commit-Position: refs/heads/master@{#30043}
These flags weren't doing any real work, since the decision of whether some
source code is a script or module is made outside the parser (currently,
by the V8 API).
The only behavior change in this patch is to always parse 'import' and
'export' as their Token values, which changes the error message from
"Unexpected reserved word" to "Unexpected token import" (which doesn't
seem particularly harmful).
Review URL: https://codereview.chromium.org/1262913003
Cr-Commit-Position: refs/heads/master@{#30034}
This is only an estimate since it counts objects that could be shared,
for example strings, cow arrays, heap numbers, etc.
It however ignores objects that could be shared, but may only be used
by the context to be measured, for example shared function infos,
script objects, scope infos, etc.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1268333004
Cr-Commit-Position: refs/heads/master@{#30029}
Previously, examples like (({a = x}, x) => {})({}, 0) did not throw a ReferenceError like they should. This CL
- Splits up DeclareFormalParameters such that the formals can be recorded first and declared later.
- Declaration then takes the complete parameter list into account. If it is not simple, temporaries are introduced for all parameters.
- BuildParameterInitializationBlock desugars all parameters from non-simple lists into let-bindings.
- Refactored Pre/ParserFormalParameters, so that the arity information is no longer duplicated in Parser.
- Rest is currently handled specially, until rest-via-destructuring has landed.
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:811
LOG=N
Review URL: https://codereview.chromium.org/1259283002
Cr-Commit-Position: refs/heads/master@{#30025}
To avoid tanking context startup performance, only the actual installation of the
JS-exposed API is flag-guarded. The remainder of the implementation still
resides in the snapshot.
Review URL: https://codereview.chromium.org/1257063003
Cr-Commit-Position: refs/heads/master@{#30017}
This introduces a CopyFixedArrayAndGrow method on Factory that takes
the "grow amount" instead of the "new size" as an argument. The new
interface is safer because it allows for mutations by the GC that
potentially trim the source array.
This also fixes a bug in SharedFunctionInfo::AddToOptimizedCodeMap
where the aformentioned scenario led to unused entries within the
optimized code map.
Note that FixedArray::CopySize is hereby deprecated because it is
considered unsafe and should no longer be used.
R=hpayer@chromium.org
TEST=mjsunit/regress/regress-crbug-513507
BUG=chromium:513507
LOG=n
Review URL: https://codereview.chromium.org/1255173006
Cr-Commit-Position: refs/heads/master@{#30012}
Store arity in FormalParameters; store name (instead of var) and is_rest flag in individual parameters. Ensure that the arity is always maintained consistently.
This is preparation for more parameter destructuring adjustments. In particular, a follow-up CL will separate parameter recording from declaring the variables.
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:811
LOG=N
Review URL: https://codereview.chromium.org/1259013003
Cr-Commit-Position: refs/heads/master@{#30002}
Change minimum BytecodeArray frame size to zero now return value is in
the accumulator.
Fix inconsistent checks in bytecode-array-builder.cc.
Simplify bytecode disassembly by adding Bytecodes::Decode to
disassemble one bytecode and operands.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1259193004
Cr-Commit-Position: refs/heads/master@{#29988}
There is only one use case for it: String.prototype.search converts a
string argument into a RegExp. The cache is used to avoid repeating that
conversion. However, this does not make the added complexity worthwhile.
Review URL: https://codereview.chromium.org/1267493006
Cr-Commit-Position: refs/heads/master@{#29985}
The calculation now takes into account the size of the arguments object
if it is present in the optimized frame.
(Yang, many thanks for the awesome repro!)
BUG=chromium:514362
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1264483008
Cr-Commit-Position: refs/heads/master@{#29973}
This fixes a bug introduced by r28826 (Unify decoding of deoptimization
translations, https://codereview.chromium.org/1136223004), where we
started leaking arguments marker sentinel to the debugger, which would
then cause crashes. This change replaces the sentinel with the undefined
value in the debugger-inspectable frame.
BUG=chromium:514362
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1263333002
Cr-Commit-Position: refs/heads/master@{#29971}
The BytecodeArrayBuilder has responsibility for emitting the BytecodeArray. It will be used by the AST walker.
Bytecode now uses an accumulator plus registers rather being pure register based.
Update BytecodeArray::Disassemble to print operand information.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1266713004
Cr-Commit-Position: refs/heads/master@{#29970}
Since we need the notion of a dummy vector ic, we can use that to avoid
a special case of the IC constructor. Also, consolidate the two dummy
ICs into one.
BUG=
Review URL: https://codereview.chromium.org/1268783004
Cr-Commit-Position: refs/heads/master@{#29956}
Add factory methods for different types of LinkageLocations, and ensure that
accesses to the underlying data in the location are classified by type and
funneled through explicit accessors.
Also change the representation of LinkageLocation to use a BitField rather
than using a reserved section of the integer range.
Review URL: https://codereview.chromium.org/1262343002
Cr-Commit-Position: refs/heads/master@{#29938}
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
MIPS and MIPS64 port contributed by Paul Lind (paul.lind@imgtec.com)
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1245133002
Cr-Commit-Position: refs/heads/master@{#29929}
The idle time handler should never return DONE or DO_SCAVENGE for
background tabs. Upon receiving DONE chrome will stop sending idle notifications.
BUG=chromium:515174
LOG=NO
Review URL: https://codereview.chromium.org/1269583002
Cr-Commit-Position: refs/heads/master@{#29926}
When a Property or a VariableProxy is used as the left hand side of an
assignment statement, there is no need to allocate a LOAD_IC feedback
vector slot for it. Alter the numbering phase to support this.
BUG=
Review URL: https://codereview.chromium.org/1262803002
Cr-Commit-Position: refs/heads/master@{#29924}
Moves some uncommon type checking from ToString and
NonStringToString into DefaultString. This should
speed up string operations.
LOG=N
BUG=none
Review URL: https://codereview.chromium.org/1256323004
Cr-Commit-Position: refs/heads/master@{#29913}
script_executed and last_run are read/written by multiple threads. Also
externalized_shared_contents_ is modified by multiple threads.
BUG=4306
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1252623003
Cr-Commit-Position: refs/heads/master@{#29912}
When the main thread terminates, it forcibly terminates all Worker threads.
When this happens, the threads objects were only half-created; they had a
JavaScript Worker object, but not a C++ worker object.
This CL fixes that bug, as well as some other fixes:
* Signatures on Worker methods
* Use SetAlignedPointerFromInternalField instead of using an External.
* Remove state_ from Worker. Simplify to atomic bool running_.
BUG=chromium:511880
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1255563002
Cr-Commit-Position: refs/heads/master@{#29911}
Changes the interpreter to use a BytecodeArray pointer and an offset to avoid
having an inner pointer to a BytecodeArray object in registers during dispatch.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1254293006
Cr-Commit-Position: refs/heads/master@{#29910}
This allows variants to be named on test failures (follow
up) and then to be used in the test runner for a repro.
This also speeds up variant iteration for test262 and fixes
a bug with variants for benchmarks.
BUG=chromium:511215
NOTREECHECKS=true
LOG=n
Review URL: https://codereview.chromium.org/1245623005
Cr-Commit-Position: refs/heads/master@{#29899}
When a prototype object migrates from a slow to a fast map, where the slow map
was registered as a user of its own prototype, then the registration must be
transferred to the new map (just like MigrateToMap does for all other cases).
BUG=chromium:513602
LOG=y
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1263543004
Cr-Commit-Position: refs/heads/master@{#29898}
Scoping rules are different on recompile vis-a-vis global loads.
BUG=chromium:514526
LOG=y
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1256413005
Cr-Commit-Position: refs/heads/master@{#29896}
Class bindings are mutable and lexically scoped, with TDZ semantics.
They may not overlap with var bindings in the same scope. This patch
adds tests for those properties.
R=adamk
BUG=v8:3305
LOG=N
Review URL: https://codereview.chromium.org/1254003004
Cr-Commit-Position: refs/heads/master@{#29856}
--harmony_sloppy includes behavior to turn on sloppy mode lexical
bindings. Before this patch, it also included a way to parse let
which is likely web-incompatible (let is disallowed as an
identifier). This patch splits off the let parsing from the more
general block scoping code, so that block scoping can be developed
independently.
R=adamk
LOG=N
BUG=v8:3305
Review URL: https://codereview.chromium.org/1255013002
Cr-Commit-Position: refs/heads/master@{#29855}
In ES5, dates were supposed to default to UTC if no timezone was specified. However, this changed in ES6, which specified that dates should be in the local timezone if no timezone was specified. This CL updates our behavior to match that part of the ES6 spec.
BUG=chromium:391730, v8:4242
LOG=Y
Review URL: https://codereview.chromium.org/1229903004
Cr-Commit-Position: refs/heads/master@{#29854}
- Ensure frame_size is always set during allocation.
- Add DCHECKs that frame_size is a valid value
- Remove locals_count, which we don't need yet (possibly every)
- Add a newline at the end of BytecodeArray::Dissassemble
for each bytecode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1254873002
Cr-Commit-Position: refs/heads/master@{#29852}
$toLength is slow, causing a 3.8%-8% regression in the Octane RegExp
benchmark. Reverting this patch brings it back up. To make this change,
we'll need a faster implementation fo $toLength.
BUG=chromium:513160
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1243053005
Cr-Commit-Position: refs/heads/master@{#29830}
According to the ECMA spec, a 24th hour is allowed if the minutes, seconds, and milliseconds are all zero (i.e. it's midnight). Previously, we parsed the date correctly, however, we failed to account in all checks for the possibility of a 24th hour. This CL changes the check to allow a 24th hour if it's exactly midnight.
BUG=chromium:174609
LOG=Y
Review URL: https://codereview.chromium.org/1240093005
Cr-Commit-Position: refs/heads/master@{#29816}
Adds basic support for generation of interpreter bytecode handler code
snippets. The InterpreterAssembler class exposes a set of low level,
interpreter specific operations which can be used to build a Turbofan
graph. The Interpreter class generates a bytecode handler snippet for
each bytecode by assembling operations using an InterpreterAssembler.
Currently only two simple bytecodes are supported: LoadLiteral0 and Return.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1239793002
Cr-Commit-Position: refs/heads/master@{#29814}
While at it, remove the notion of INTERNAL variables.
@caitp: Took some parts from your CL, since I was blocked on the temp scope bug.
R=mstarzinger@chromium.org
BUG=512574
LOG=N
Review URL: https://codereview.chromium.org/1250513004
Cr-Commit-Position: refs/heads/master@{#29812}
Previous to this CL, ICs used a slightly different code idiom
to get to C++ code from generated code than runtime intrinsics,
using an IC_Utility class that in essence provided exactly
the same functionality as Runtime::FunctionForId, but in its
own quirky way.
This CL unifies the two mechanisms, folding IC_Utility
away by making all IC entry points in C++ code, e.g. IC
miss handlers, full-fledged runtime intrinsics. This makes
it possible to eliminate a bunch of ad-hoc declarations and
adapters that the IC system had to needlessly re-invent.
As a bonus and the original reason for this yak-shave:
IC-related C++ runtime functions are now callable from
TurboFan.
Review URL: https://codereview.chromium.org/1248303002
Cr-Commit-Position: refs/heads/master@{#29811}
Using the GraphBuilder base class forces each node creation to go
through a virtual function dispatch just for the sake of saving the
duplication of the NewNode helper methods. In total that added up to
saving minus (sic!) six lines of code.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1252093002
Cr-Commit-Position: refs/heads/master@{#29799}
There is already non-throwing version FrameMirror.restart and RestartFrame in the livedit-debugger.js just adds a throwing wrapper around it.
Also NEEDS_STEP_IN_PROPERTY_NAME was removed, the client code can decide based on the stack_modified field if "step in" is required.
Chromium side was fixed in https://codereview.chromium.org/1249013002/
BUG=None
LOG=N
Review URL: https://codereview.chromium.org/1247363002
Cr-Commit-Position: refs/heads/master@{#29797}
In simulator data trace, DSLL did not print result and
BAL/BGEZAL omitted result from an instruction executed
in delay slot.
TEST=cctest/test-assembler-mips[64]
BUG=
Review URL: https://codereview.chromium.org/1245173002
Cr-Commit-Position: refs/heads/master@{#29796}
This allows the optimized code map to contain no context-dependent
entries, but still hold one context-independent entry. This is a
precursor to extending the lifetime of the context-independent entry.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1249543005
Cr-Commit-Position: refs/heads/master@{#29788}
The background parser checks for debugger state in its constructor. This
is not good enough, since the debugger state may change afterwards, but
before compiling takes place. As the background parser can only parse
lazily, this could mean that due to debugging, we try to eagerly compile
an inner function we have not eagerly parsed.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1247743002
Cr-Commit-Position: refs/heads/master@{#29784}
Consolidated conflict detection and traversal logic in CoalescedLiveRanges to avoid duplication in both code and testing. In addition, this change achieves better separation between CoalescedLiveRanges and other register allocator components, improving testability and maintainability.
BUG=
Review URL: https://codereview.chromium.org/1219063017
Cr-Commit-Position: refs/heads/master@{#29783}
Many mjsunit tests (as well as the promises-aplus adapter scripts) were
using Object.observe simply for microtask-enqueueing purposes. Replaced
such uses with %EnqueueMicrotask.
Review URL: https://codereview.chromium.org/1246933002
Cr-Commit-Position: refs/heads/master@{#29779}
This reverts commit 80b3f16951.
Revert "Record code slots that may point to evacuation candidate objects after deoptimizing them."
This reverts commit 4621210cfe.
BUG=chromium:507840
LOG=n
Review URL: https://codereview.chromium.org/1239383004
Cr-Commit-Position: refs/heads/master@{#29778}
The InterpreterAssembler needs to specify a specific CallDescriptor type
instead of using the SimplifiedCDescriptor type. This CL makes it possible
to specify the CallDescriptor used by the RawMachineAssembler instead of
specifying a MachineSignature.
Also removes instruction-selector-tester.h which was erroneously resurrected
at some point.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1235313002
Cr-Commit-Position: refs/heads/master@{#29777}
In many cases, the context that TurboFan's ASTGraphBuilder or subsequent
reduction operations attaches to nodes does not need to be that exact
context, but rather only needs to be one with the same native context,
because it is used internally only to fetch the native context, e.g. for
creating and throwing exceptions.
This reducer recognizes common cases where the context that is specified
for a node can be relaxed to a canonical, less specific one. This
relaxed context can either be the enclosing function's context or a specific
Module or Script context that is explicitly created within the function.
This optimization is especially important for TurboFan-generated code stubs
which use context specialization and inlining to generate optimal code.
Without context relaxation, many extraneous moves are generated to pass
exactly the right context to internal functions like ToNumber and
AllocateHeapNumber, which only need the native context. By turning context
relaxation on, these moves disappear because all these common internal
context uses are unified to the context passed into the stub function, which
is typically already in the correct context register and remains there for
short stubs. It also eliminates the explicit use of a specialized context
constant in the code stub in these cases, which could cause memory leaks.
Review URL: https://codereview.chromium.org/1244583003
Cr-Commit-Position: refs/heads/master@{#29763}
Prior to this patch, we enter a global debug mode whenever a break point
is set. By entering this mode, all code is deoptimized and activated
frames are recompiled and redirected to newly compiled debug code.
After this patch, we only deoptimize/redirect for functions we want to
debug. Trigger for this is Debug::EnsureDebugInfo, and having DebugInfo
object attached to the SFI prevents optimization/inlining.
The result is that we can have optimized code for functions without break
points alongside functions that do have break points, which are not
optimized.
R=mstarzinger@chromium.org, ulan@chromium.org
BUG=v8:4132
LOG=Y
Review URL: https://codereview.chromium.org/1233073005
Cr-Commit-Position: refs/heads/master@{#29758}
NumberFormat previously just used a min of 0 digits after the decimal and a max of 3. This CL changes it so that we use the ICU currency data, and set the min and max to the number of numbers after the decimal point for each currency.
This CL also fixes a small bug where if the minimum fraction digits is above 3 but the maximum fraction digits isn't set, then it returns with only three numbers after the decimal point.
BUG=435465,473104,304722
LOG=Y
Review URL: https://codereview.chromium.org/1231613006
Cr-Commit-Position: refs/heads/master@{#29734}
Additionally, push the allocation site or undefined independently of creating a memento to preserve a fixed size for the construct frames.
BUG=
Review URL: https://codereview.chromium.org/1239593003
Cr-Commit-Position: refs/heads/master@{#29719}
- Test that TypedArray properties cannot be set in strict mode
Properties like %TypedArray%.prototype.length have a getter and no
setter. This test verifies that property, which was apparently not
true in the past or had no test ensuring throwing in this case.
- Test that TypedArray integer indexed properties (array elements)
are not configurable
Both of these have passed for some time, but there are open bugs against
them and apparently no tests verifying that they are fixed.
BUG=v8:3048, v8:3799
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1232843005
Cr-Commit-Position: refs/heads/master@{#29717}
This is a change from ES5 to ES6: When reversing an array, first it is checked
whether the element exists, before the element is looked up. The order in ES6
is
[[HasElement]] lower
[[Get]] lower (if present)
[[HasElement]] upper
[[Get]] upper (if present)
In ES5, on the other hand, the order was
[[Get]] lower
[[Get]] upper
[[HasElement]] lower
[[HasElement]] upper
To mitigate the performance impact, this patch implements a new, third copy
of reversing arrays if %_HasPackedElements. This allows us to skip all
membership tests, and a quick and dirty benchmark shows that the new version
is faster:
Over 4 runs, the slowest for the new version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
4658
Over 3 runs, the fastest for the old version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
5176
BUG=v8:4223
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1238593003
Cr-Commit-Position: refs/heads/master@{#29716}
ES2015 made a change vs ES5, where the "lastIndex" property of a
RegExp (which can be modified by a user to start the next search at
a different location) is cast to an integer with ToLength rather
than ToInteger. The main difference is on negative numbers, and
this is tested by test262. This patch implements that change on
RegExps and enables the test262 test now that it passes.
R=adamk
LOG=Y
BUG=v8:4244
Review URL: https://codereview.chromium.org/1241713004
Cr-Commit-Position: refs/heads/master@{#29715}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29712}
This makes the implicit initializing assignment to 'this' performed
after a super constructor call explicit in the AST. It removes the
need to handle the special case where a CallExpression behaves like a
AssignmentExpression from various AstVisitor implementations.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1226123010
Cr-Commit-Position: refs/heads/master@{#29705}
Improved checking target ranges for J and JAL instructions.
Adapted disassembler test for J and JAL instructions.
TEST=cctest/test-disasm-mips[64]
BUG=
Review URL: https://codereview.chromium.org/1237083003
Cr-Commit-Position: refs/heads/master@{#29693}
These were added when I thought they would be useful in Blink, but as
it turned out they were not. They could likely be deleted immediately,
but to play it safe I'll go through the usual deprecation process.
Review URL: https://codereview.chromium.org/1236263004
Cr-Commit-Position: refs/heads/master@{#29690}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29689}
During parsing, we now keep track of the first spread seen in an array
literal (if any), and make use of that information when creating the
FixedArray backing store representing the constant elements for array
literal materialization.
The old code tried to do this by setting the generated JSArray's length
in ArrayLiteral::BuildConstantElements(), but that Array length is never
read by the rest of the literal materialization code (it always uses
the length of the FixedArray backing store).
BUG=v8:4298
LOG=n
Review URL: https://codereview.chromium.org/1225223004
Cr-Commit-Position: refs/heads/master@{#29684}
By not having to patch the return sequence (we patch the debug
break slot right before it), we don't overwrite it and therefore
don't have to keep the original copy of the code around.
R=ulan@chromium.org
BUG=v8:4269
LOG=N
Review URL: https://codereview.chromium.org/1234833003
Cr-Commit-Position: refs/heads/master@{#29672}
A sloppy mode eval call that establishes strict mode will leak that strictness
into the sloppy surrounding scope on recompile. This changes the structure
of the type feedback vector for the function and crashes follow.
The fix is straightforward.
BUG=491536, 503565
LOG=N
Review URL: https://codereview.chromium.org/1231343003
Cr-Commit-Position: refs/heads/master@{#29671}
Duplicate parameters are banned both overall in strict mode and also
in arrow functions. Our error message for both cases blamed strict
mode, which is confusing. This patch fixes the message to point to
arrow functions as a possible source as well.
R=wingo, adamk
LOG=N
Review URL: https://codereview.chromium.org/1236863008
Cr-Commit-Position: refs/heads/master@{#29662}
For destructuring bind, the parser needs to complain about things
which are inappropriate to have on the left-hand side.
Previously, regexp literals and template literals were let through
the parser inappropriately. This patch turns those into errors.
This patch also fixes off-by-one errors in reporting the location
of this type of error for strings and numbers. Before the patch,
the error would look like:
d8> var {x: 3} = {x: 4}
(d8):1: SyntaxError: Unexpected number
var {x: 3} = {x: 4}
^
SyntaxError: Unexpected number
And with the patch, the error is
d8> var {x: 3} = {x: 4}
(d8):1: SyntaxError: Unexpected number
var {x: 3} = {x: 4}
^
SyntaxError: Unexpected number
R=rossberg
Review URL: https://codereview.chromium.org/1236803003
Cr-Commit-Position: refs/heads/master@{#29661}
Note: the previous try was reverted for occasional flaky tests. This continued
after the revert, and should be fixed by
https://codereview.chromium.org/1226143003.
Previously, the serialization code would call Externalize for every transferred
ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
the buffer is already externalized, we should call GetContents instead.
Also fix use-after-free bug when transferring ArrayBuffers. The transferred
ArrayBuffer must be internalized in the new isolate, or be managed by the
Shell. The current code gives it to the isolate externalized and frees it
immediately afterward when the SerializationData object is destroyed.
BUG=chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1223813008
Cr-Commit-Position: refs/heads/master@{#29658}
--debug-code causes full-codegen on arm64 to emit different number
of calls, which confuses the debugger when on-stack replacing code
with recompiled debug version on-stack.
BUG=chromium:507070
TBR=mstarzinger@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1228353004
Cr-Commit-Position: refs/heads/master@{#29638}
The new implemtation counts the number of calls (or continuations)
before the PC to find the corresponding PC in the new code.
R=mstarzinger@chromium.org
BUG=chromium:507070
LOG=N
Review URL: https://codereview.chromium.org/1235603002
Cr-Commit-Position: refs/heads/master@{#29636}
The CL addes convenienve method that allows to write code like the following
v8::Local<v8::Object> local = v8::Local<v8::Object>::New(global, isolate);
in a more readable way:
v8::Local<v8::Object> local = global.Get(isolate);
There is already v8::Eternal::Get that does similar thing.
BUG=None
LOG=Y
Review URL: https://codereview.chromium.org/1237603003
Cr-Commit-Position: refs/heads/master@{#29616}
