Annex B.3.3 of the spec requires that sloppy-mode block-scoped functions
declared by "eval" are hoisted unless doing so would cause an early
error (which is to say, conflict with a lexical declaration). This patch
amends the check for conflicting declarations to include those outside
of the eval itself.
BUG=v8:4468, v8:4479
Review-Url: https://codereview.chromium.org/2112163002
Cr-Commit-Position: refs/heads/master@{#37783}
Fast accessors do not have an associated JSFunction, similar to lazy accessors.
Now using the 'lazy' version of the CallApiCallbackStub.
R=vogelheim@chromium.org
BUG=chromium:508898
Review-Url: https://codereview.chromium.org/2143983002
Cr-Commit-Position: refs/heads/master@{#37782}
Instead of unconditionally parsing the catch parameter as an expression
and then recovering if it turns out to be a simple variable proxy
(the overwhelmingly common case), this patch peeks one token ahead
before attempting to parse. This avoids doing the usual RemoveUnresolved
gymnastics in ParseTryStatement, and as a side-effect slightly improves
function name inference for an async arrow function test case.
Review-Url: https://codereview.chromium.org/2151433005
Cr-Commit-Position: refs/heads/master@{#37780}
All stores require a Slot parameter so VectorStoreICTrampolineDescriptor is a new StoreDescriptor.
VectorStoreICDescriptor renamed to StoreWithVectorDescriptor.
Review-Url: https://codereview.chromium.org/2147043002
Cr-Commit-Position: refs/heads/master@{#37779}
Reason for reland:
https://codereview.chromium.org/2122953002 fixed context issues.
Original issue's description:
> Revert of Avoid Context::Enter and Context::Exit if we're reentering the active and last entered context (patchset #2 id:20001 of https://codereview.chromium.org/2131483002/ )
>
> Reason for revert:
> crashes: crbug.com/626719
>
> Original issue's description:
> > Avoid Context::Enter and Context::Exit if we're reentering the active and last entered context
> >
> > A bit of browsing around indicates that the new fast-path is taken most of the time:
> > 3496 Entering new
> > 152295 Reentering same
> >
> > BUG=
> >
> > Committed: https://crrev.com/1829eb661ef1cf432fb551bcb193f521a219d490
> > Cr-Commit-Position: refs/heads/master@{#37570}
>
> TBR=jochen@chromium.org,verwaest@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=
>
> Committed: https://crrev.com/bec49a4876fdf8a20600ecdfc8534d0ef45c9528
> Cr-Commit-Position: refs/heads/master@{#37632}
TBR=jochen@chromium.org,verwaest@chromium.org,jkummerow@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2152803003
Cr-Commit-Position: refs/heads/master@{#37778}
1) Validation fails for literal indexes too large for accessing a given
heap type
2) Removes the special handling of FloatishDoubleQ, and FloatQDoubleQ;
the inheritance issue that required this special handling was fixed in
another CL.
3) Fix a macro name (from asm_* to ASM_*)
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST=cctest/asmjs/test-asm-typer.cc
LOG=N
Review-Url: https://codereview.chromium.org/2150583003
Cr-Commit-Position: refs/heads/master@{#37776}
Implemented the WebAssembly.Module and WebAssembly.Instance
in terms of the WasmModule::CompileFunctions and
WasmModule::Instantiate APIs.
Added negative tests - for invalid module object.
BUG=
Review-Url: https://codereview.chromium.org/2121593002
Cr-Commit-Position: refs/heads/master@{#37775}
This removes the obsolete use of FrameStateBeforeAndAfter when visiting
compare operations. None of the operators in question require a "before"
frame state by now.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2144063003
Cr-Commit-Position: refs/heads/master@{#37771}
This is a requirement to replace AstNode vtable with a NodeType tag. In a second CL (https://codereview.chromium.org/2142233003/) I switch over that tag rather than double dispatch. With additional packing in a third CL there's roughly 8 byte reduction for almost all AstNode types, and for some even more.
BUG=
Review-Url: https://codereview.chromium.org/2126233002
Cr-Commit-Position: refs/heads/master@{#37770}
This CL introduces explicit LoopExit control nodes at loop exits.
We also attach explicit value renames (LoopExitMarker) and effect
rename (LoopExitEffect) to each loop exit. This is in preparation
to loop peeling, which will replace LoopExit, LoopExitMarker and
LoopExitEffect with Merge, Phi and EffectPhi respectively.
At the moment, we insert loop exit at every return, break,
continue and locally caught throw. We do not yet handle
uncaught throws (including error throws, such as ReferenceError).
Review-Url: https://codereview.chromium.org/2140673007
Cr-Commit-Position: refs/heads/master@{#37769}
- Fix recording sub types that have their own instance type
- Fix double accounting by keeping a shadow map for tracking recorded status
- Add recording of more fixed array sub types
BUG=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2147693004
Cr-Commit-Position: refs/heads/master@{#37768}
This removes the fallback path in question. Now the {AstNumbering} phase
is the only phase deciding whether Crankshaft is supposed to be disabled
or not. This in turn simplifies reasoning about the paths through the
compilation pipeline. We can decide early whether we want Ignition to
kick in depending on whether Crankshaft is enabled or not.
R=mvstanton@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2146573004
Cr-Commit-Position: refs/heads/master@{#37763}
Typed lowering now produces SpeculativeNumberShiftLeft for JSShiftLeft if the type feedback is kSignedSmall or kSigned32.
BUG=v8:4583
LOG=n
Review-Url: https://codereview.chromium.org/2150553002
Cr-Commit-Position: refs/heads/master@{#37762}
Reason for revert:
blink is unhappy about the microtask change
Original issue's description:
> Reland "Don't compile functions in a context the caller doesn't have access to"
>
> Original issue's description:
> > Don't compile functions in a context the caller doesn't have access to
> >
> > Instead just return undefined
> >
> > A side effect of this is that it's no longer possible to compile
> > functions in a detached context.
> >
> > BUG=chromium:541703
> > R=verwaest@chromium.org,bmeurer@chromium.org
>
> BUG=chromium:541703
> R=verwaest@chromium.org
>
> Committed: https://crrev.com/6bceabac5b705b2ce1f52d34650cea1ae3b8c617
> Cr-Commit-Position: refs/heads/master@{#37756}
TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:541703
Review-Url: https://codereview.chromium.org/2151843002
Cr-Commit-Position: refs/heads/master@{#37760}
Using the Hydrogen code stub bailout mechanism is not correct for the
string length overflow check in the StringAddStub. Instead make sure we
just throw the proper exception.
R=mstarzinger@chromium.org
BUG=chromium:627934
Review-Url: https://codereview.chromium.org/2146353002
Cr-Commit-Position: refs/heads/master@{#37758}
This adds a missing conversion of time zone names to string primitives
before case conversion and regular expression matching are applied.
This is in sync with ECMA-402, section 12.1.1.1, step 16(a).
R=jochen@chromium.org
TEST=mjsunit/regress/regress-crbug-627935
BUG=chromium:627935
Review-Url: https://codereview.chromium.org/2143003005
Cr-Commit-Position: refs/heads/master@{#37757}
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
BUG=chromium:541703
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2143893005
Cr-Commit-Position: refs/heads/master@{#37756}
This should avoid weird performance issues when changing layout of Code::flags field.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2147433002
Cr-Commit-Position: refs/heads/master@{#37755}
Original commit message:
Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
to a EhFrameWriter and will attach unwinding information to the code
object when passed one.
Reason for reverting:
The STATIC_CONST_MEMBER_DEFINITION in eh-frame-writer-unittest.cc
causes a compiler error on V8 Win64 - clang buildbot.
Removing that bit.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2023503002
Cr-Commit-Position: refs/heads/master@{#37754}
This adds initial support for ToPrimitive in JavaScript w/o having to
call out to C++. This uses the newly introduced GetPropertyStub.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2152693002
Cr-Commit-Position: refs/heads/master@{#37753}
If --turbo-type-feedback is off, the type hints on the operators will
just be kAny, so we don't need to do additional checks in the
JSTypedLowering reducer.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2144203002
Cr-Commit-Position: refs/heads/master@{#37750}
Simulators use separate stacks for C++ and JS. JS stack overflow checks
are performed whenever a JS function is called. However, it can be the
case that the C++ stack grows faster than the JS stack, resulting in an
overflow there. Add a check here to make that less likely.
BUG=chromium:604376
R=bmeurer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2151663003
Cr-Commit-Position: refs/heads/master@{#37749}
This will be temporarily added to the V8 CQ in a follow up
to prevent win-specific gn breakages. It will be removed
once v8 has its own full gn coverage on windows.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2144193002
Cr-Commit-Position: refs/heads/master@{#37747}
This fix was made to address a performance issue in
memory.long_running_idle_gmail_tbmv2, but it didn't improve things.
BUG=615831
Review-Url: https://codereview.chromium.org/2144183002
Cr-Commit-Position: refs/heads/master@{#37746}
Reason for revert:
Breaks the roll, possibly win gn:
https://codereview.chromium.org/2148863002/
Original issue's description:
> [interpreter] Reduce dependencies in bytecodes.{h,cc}
>
> This CL reduces the number of dependencies bytecodes.{h,cc} to facilitate
> generating the bytecode peephole optimizer table during build. Specifically,
> it avoids depending on v8_base.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/4edebb1cd870ae6c1359ad54f83e618e185883b1
> Cr-Commit-Position: refs/heads/master@{#37715}
TBR=mstarzinger@chromium.org,rmcilroy@chromium.org,oth@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2151693003
Cr-Commit-Position: refs/heads/master@{#37743}
Currently the code example in the FunctionTemplate class documentation
is out of date. This commit updates the examples so they compile and run
without error.
BUG=
Review-Url: https://codereview.chromium.org/2127523003
Cr-Commit-Position: refs/heads/master@{#37741}
Rolling v8/build to 0942801bf0d49016e44591d3e47ad3f41ad2d8a4
Rolling v8/buildtools to 031420bbafaaa8c33e2bc0623c22fb6181a57f47
Rolling v8/tools/mb to 18b92420fb0cb4378c9496b966507842b99d56b5
Rolling v8/tools/swarming_client to 7f63a272f7d9785ce41b6d10bb3106c49a968e57
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2145303002
Cr-Commit-Position: refs/heads/master@{#37739}
port 574f6fe127 (r37701)
original commit message:
Previously, the following schedule fragment:
1: Parameter[0](0)
2: Parameter[1](0)
7: Int32Constant[1]
8: Int32Sub(2, 7)
9: Load[kRepTagged|kTypeAny](1, 8)
would generate the following code (on ia32):
mov eax,[ebp+0x8]
mov ecx,[ebp+0xc]
sub eax,0x1
mov eax,[eax+ecx*1]
Now it generates:
mov eax,[ebp+0x8]
mov ecx,[ebp+0xc]
mov eax,[eax+ecx*1-1]
Similar pattern matching also now works on x64.
BUG=
Review-Url: https://codereview.chromium.org/2151753002
Cr-Commit-Position: refs/heads/master@{#37738}
port fd420203ec (r37700)
original commit message:
Collect type feedback in the call bytecode handler. The current
implementation only collects feedback for JS function objects. The other
objects and Array functions do not collect any feedback. They will be
marked Megamorphic.
BUG=
Review-Url: https://codereview.chromium.org/2149493005
Cr-Commit-Position: refs/heads/master@{#37737}
Reason for revert:
Causes crashes on Canary
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng
>
> Committed: https://crrev.com/992e34c21635b179a993b82ac1d81753e7a6a57a
> Cr-Commit-Position: refs/heads/master@{#37657}
TBR=bmeurer@chromium.org,verwaest@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:541703, chromium:628053
Review-Url: https://codereview.chromium.org/2148163002
Cr-Commit-Position: refs/heads/master@{#37736}
The runtime JIT function is passed in the function table to hook up the compiled code and the starting address of the memory to locate the bytes to be compiled.
BUG=5044
Review-Url: https://codereview.chromium.org/2137993003
Cr-Commit-Position: refs/heads/master@{#37735}