When calling into C++ for a ConstructStub, we need to enter the target
context manually currently, which seems to be too fragile and easy to
forget. So instead of doing that manually, we just always enter the
correct context in the trampoline.
Drive-by-fix: Trivial cleanups for some builtins.
R=cbruni@chromium.org
Review URL: https://codereview.chromium.org/1551473002
Cr-Commit-Position: refs/heads/master@{#33051}
This patch switches TypedArrays to use the prototype chain described
in the ES2015 specification, which adds a %TypedArray% superclass above
all individual TypedArray types. Most methods are defined on the
superclass rather than the subclasses.
In order to prevent a performance regression, a few methods are
marked as inline. Inlining might prevent code which was previously
monomorphic from becoming polymorphic, and it was specifically
applied in places where methods became more polymorphic than before.
Tests with realistic workloads would be nice to do before this
ships in stable.
This patch does not bring TypedArrays up to full spec compliance. In
particular, @@species is not yet supported.
R=cbruni
BUG=v8:4085
LOG=Y
Review URL: https://codereview.chromium.org/1541233002
Cr-Commit-Position: refs/heads/master@{#33050}
When the 'y' flag was shipped, the property RegExp.prototype.unicode was
accidentally also shipped. However, the existence of this property should
be a usable feature testing point. This patch adds the 'unicode' getter on
RegExp.prototype only if the --harmony-regexp-unicode flag is turned on.
R=cbruni
CC=yangguo
BUG=v8:4644
LOG=Y
Review URL: https://codereview.chromium.org/1550713002
Cr-Commit-Position: refs/heads/master@{#33049}
Fix 97def8070c
On MIPS64, the address of BoundTargetFunction was calculated badly
because instruction ADD was used for this instead of instruction DADD.
This caused flaky crashes of several tests.
TEST=mjsunit/es6/debug-step-into-constructor,mjsunit/es6/array-of,
mjsunit/function-bind,...
BUG=
Review URL: https://codereview.chromium.org/1549383002
Cr-Commit-Position: refs/heads/master@{#33048}
port 97def8070c (r33044)
original commit message:
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.
There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.
The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
BUG=
Review URL: https://codereview.chromium.org/1548253002
Cr-Commit-Position: refs/heads/master@{#33046}
As the operand in double register is put into stack, the SP delta should be increased too similar to
the operand of kX87Push is in double slot of stack.
BUG=
Review URL: https://codereview.chromium.org/1549133002
Cr-Commit-Position: refs/heads/master@{#33045}
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.
There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.
The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n
Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
Cr-Commit-Position: refs/heads/master@{#33042}
Review URL: https://codereview.chromium.org/1542963002
Cr-Commit-Position: refs/heads/master@{#33044}
Reason for revert:
Breaks arm64 sim nosnap: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/805/steps/Check/logs/function-bind
Original issue's description:
> [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
>
> According to the ES2015 specification, bound functions are exotic
> objects, and thus don't need to be implemented as JSFunctions. So
> we introduce a new JSBoundFunction type to represent bound functions
> and make them optimizable. This already improves the performance of
> calling or constructing bound functions by 10-100x depending on the
> use case because we avoid the crazy dance between JavaScript and C++
> that was implemented in v8natives.js previously.
>
> There's still room for improvement in the performance of actually
> creating bound functions, which is also relevant in practice, but
> we already have a plan how to accomplish that later.
>
> The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=chromium:535408, chromium:571299, v8:4629
> LOG=n
>
> Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
> Cr-Commit-Position: refs/heads/master@{#33042}
TBR=cbruni@chromium.org,hpayer@chromium.org,yangguo@chromium.org,akos.palfi@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:535408, chromium:571299, v8:4629
Review URL: https://codereview.chromium.org/1552473002
Cr-Commit-Position: refs/heads/master@{#33043}
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.
There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.
The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n
Review URL: https://codereview.chromium.org/1542963002
Cr-Commit-Position: refs/heads/master@{#33042}
Per request in https://codereview.chromium.org/1047213002/
These files will continue to have a lot of churn in next two months
as we finish support for MIPS r6 instruction set. When things settle
down, we will do a clang-format --full to clean them up. For now,
we'd prefer to be able to do easy diffs, and will do incremental
re-formats as we make changes.
BUG=
Review URL: https://codereview.chromium.org/1546973003
Cr-Commit-Position: refs/heads/master@{#33038}
In Builtins::Generate_Construct, the system was trying to
call ConstructProxy on a Proxy object without a constructor
because it was checking the wrong bit in the Proxy object's
supported operation mask.
TEST=test262/built-ins/Proxy/create-target-is-not-constructor
BUG=
Review URL: https://codereview.chromium.org/1545983002
Cr-Commit-Position: refs/heads/master@{#33036}
port d3f074b231 (r33024)
original commit message:
We'll be able to optimize rest parameters in TurboFan similarly to the arguments array. This CL restores the previous behavior, and a follow-on will enable TurboFan optimization.
(TBR for rossberg since we discussed the revert beforehand. The only changes are a few lines related to tests and rebasing.)
BUG=
Review URL: https://codereview.chromium.org/1545053002
Cr-Commit-Position: refs/heads/master@{#33034}
atOrUndefined() will return undefined if the index is >= length()
BUG=
Review URL: https://codereview.chromium.org/1541413002
Cr-Commit-Position: refs/heads/master@{#33033}
We'll be able to optimize rest parameters in TurboFan similarly to the arguments array. This CL restores the previous behavior, and a follow-on will enable TurboFan optimization.
(TBR for rossberg since we discussed the revert beforehand. The only changes are a few lines related to tests and rebasing.)
TBR=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1537683002
Cr-Commit-Position: refs/heads/master@{#33024}
Essentially a revert of https://codereview.chromium.org/1346013005 but
preserving the refactorings in elements.cc which happened in the mean time.
drive-by-fix: pass isolate as argument to more functions in elements.cc.
BUG=v8:4606
LOG=y
Review URL: https://codereview.chromium.org/1543563002
Cr-Commit-Position: refs/heads/master@{#33023}
Changes LoadGlobal, StoreGlobal, LoadNamedProperty, and StoreNamedProperty to accept
the name of variable instead of index into the constant pool entry. Also made
GetConstantPoolEntry as a private function since it is no longer used outside of
BytecodeArrayBuilder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1546643002
Cr-Commit-Position: refs/heads/master@{#33020}
Adds support for deleting a variable in a lookup slot. Adds a new bytecode,
its implementation and tests. Also adds support for this bytecode to the
bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1542083002
Cr-Commit-Position: refs/heads/master@{#33019}
port 4acca53e62cdfe6f3c495c87ca7d3c8fe1059f01(r32996)
original commit message:
There's actually no point trying to do Function.prototype.toString in
JavaScript, as it always calls into C++ at least once, so it only
complicates things (esp. once we start optimizing bound functions).
Drive-by-fix: Rename FunctionApply and FunctionCall builtins to also
reflect the fact that these are builtins in the Function.prototype and
not on Function itself.
BUG=
Review URL: https://codereview.chromium.org/1548483003
Cr-Commit-Position: refs/heads/master@{#33017}
I believe the code reads easier after this change. The original code
probably dates back to when we had 4 gap positions. Now that there
are only 2, the logic can be simpler by avoiding a loop and instead
treating each case explicitly: no gaps; gaps just at end; gaps at start and
maybe end. That way, it is also easier to understand how the moves get
pushed downwards. This is what got me to make this change in the first
place: trying to work out a finer grained move optimization.
BUG=
Review URL: https://codereview.chromium.org/1543973002
Cr-Commit-Position: refs/heads/master@{#33016}
Port 4acca53e62
Original commit message:
There's actually no point trying to do Function.prototype.toString in
JavaScript, as it always calls into C++ at least once, so it only
complicates things (esp. once we start optimizing bound functions).
Drive-by-fix: Rename FunctionApply and FunctionCall builtins to also
reflect the fact that these are builtins in the Function.prototype and
not on Function itself.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:535408
LOG=n
Review URL: https://codereview.chromium.org/1544833002
Cr-Commit-Position: refs/heads/master@{#33014}
Add API-accessors for [[ProxyTarget]], [[ProxyHandler]]. Additionally
create new proxies and revoke proxies via the API.
BUG=v8:1543
LOG=n
Review URL: https://codereview.chromium.org/1542943002
Cr-Commit-Position: refs/heads/master@{#33013}
These constructors always go through C++ at least twice anyway, so
there's not really a point in trying to implement them in JavaScript.
R=yangguo@chromium.org
BUG=chromium:535408
LOG=n
Review URL: https://codereview.chromium.org/1548623002
Cr-Commit-Position: refs/heads/master@{#33012}
Function proxies would not be printed so far since they ended up in Function.prototype.toString which only works with Function as a receiver but no Proxy. Additionally added support for more gracefully dealing with recursive __proto__ structures introduced by proxies.
drive-by-fix: use IS_PROXY if possible in .js files.
BUG=v8:1543
LOG=n
Committed: https://crrev.com/8bfb7189a3472bc9d0820a1bd4534eaaf78ff847
Cr-Commit-Position: refs/heads/master@{#32985}
Review URL: https://codereview.chromium.org/1530293004
Cr-Commit-Position: refs/heads/master@{#33010}
Creating proto-recursive proxies might lead to instanceof while-looping
endlessly in Object::HasInPrototypeChain (For traps we already have stack
guards in place to prevent stack overflows). We prevent this by limiting
the number of proxies we visit in PrototypeIterator to a magic large number.
LOG=n
BUG=v8:1534
Review URL: https://codereview.chromium.org/1542583003
Cr-Commit-Position: refs/heads/master@{#33007}
The GlobalEval JavaScript function was just a small driver for stuff
implemented in C++ anyway, so there's no point in having it around at
all. The next step will be to move the Function constructor to C++ as
well, which is the other user of %CompileString.
R=yangguo@chromium.org
BUG=chromium:535408
LOG=n
Review URL: https://codereview.chromium.org/1540893004
Cr-Commit-Position: refs/heads/master@{#33006}
Consecutive registers are allocated in two passes. First we "reserve"
a set of registers and these get allocated when we actually use them.
If we request for a temporary register before we use all the consecutive
registers, the earlier implementation does not gaurantee that it allocates
outside the reservation for consecutive registers. This could cause problems
for example, in call_func(a, b++, c). This cl fixes
TemporaryRegisterScope::NewRegister, to return a new temporary register
outside the reservation for consecutive registers.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1531273002
Cr-Commit-Position: refs/heads/master@{#33005}
Adds implementation and tests for CreateMappedArguments and
CreateUnmappedArguments to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1490283003
Cr-Commit-Position: refs/heads/master@{#33004}