The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
R=jarin@chromium.orgTBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1693513002
Cr-Commit-Position: refs/heads/master@{#33925}
This allows the helper to avoid write barriers while copying, speeding up Object.keys by 5-10%.
BUG=
Review URL: https://codereview.chromium.org/1690953002
Cr-Commit-Position: refs/heads/master@{#33916}
By keeping track of the stack of counters we can properly subtract the
subcounter times and properly measure the own-time spent in each runtime
function. This is useful to get more details for builtins like HandleApiCall
which are typical top-level entries for chome which previously prevent
measurements of sub-calls to builtins/runtime functions.
BUG=
Review URL: https://codereview.chromium.org/1681943002
Cr-Commit-Position: refs/heads/master@{#33901}
In the case of a simple fast-mode receiver without fancy properties, we
can just walk over the descriptor array to find all its initial property
names. As long as the map stays the same, we can also use that
descriptor array to figure out how to handle the properties.
This speeds up
https://github.com/kpdecker/six-speed/tree/master/tests/object-assign by
~2x.
BUG=
Review URL: https://codereview.chromium.org/1688953004
Cr-Commit-Position: refs/heads/master@{#33895}
Additionally list C++ builtins as well under --runtime_call_stats.
Let's try to keep all counters in one place, that makes it a bit
easier to maintain and especially discard unused ones.
BUG=
Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
Cr-Commit-Position: refs/heads/master@{#33847}
Review URL: https://codereview.chromium.org/1678973002
Cr-Commit-Position: refs/heads/master@{#33893}
Reason for revert:
failing gc-stress tests
Original issue's description:
> Reland of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1681923003/ )
>
> Reason for revert:
> This CL was not the cause for the TSAN failures, the instruction-selector backend for x64 emitted a wrong compare which accidentally showed up with tsan + code moves.
> The instruction-selectors changes have been reverted with https://codereview.chromium.org/1693433002
>
> Original issue's description:
> > Revert of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1678973002/ )
> >
> > Reason for revert:
> > [Sheriff] Breaks TSAN:
> > https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7727
> >
> > Original issue's description:
> > > [counters] moving runtime counters to counter.h
> > >
> > > Additionally list C++ builtins as well under --runtime_call_stats.
> > > Let's try to keep all counters in one place, that makes it a bit
> > > easier to maintain and especially discard unused ones.
> > >
> > > BUG=
> > >
> > > Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
> > > Cr-Commit-Position: refs/heads/master@{#33847}
> >
> > TBR=jarin@chromium.org,cbruni@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=
> >
> > Committed: https://crrev.com/2d669b96639517cfc33e6fc6d4c3814587bc7366
> > Cr-Commit-Position: refs/heads/master@{#33848}
>
> TBR=jarin@chromium.org,machenbach@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=
>
> Committed: https://crrev.com/ad943fe44ede22b90b871e1233334dff5ff545c3
> Cr-Commit-Position: refs/heads/master@{#33887}
TBR=jarin@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1687313002
Cr-Commit-Position: refs/heads/master@{#33889}
Reason for revert:
This CL was not the cause for the TSAN failures, the instruction-selector backend for x64 emitted a wrong compare which accidentally showed up with tsan + code moves.
The instruction-selectors changes have been reverted with https://codereview.chromium.org/1693433002
Original issue's description:
> Revert of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1678973002/ )
>
> Reason for revert:
> [Sheriff] Breaks TSAN:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7727
>
> Original issue's description:
> > [counters] moving runtime counters to counter.h
> >
> > Additionally list C++ builtins as well under --runtime_call_stats.
> > Let's try to keep all counters in one place, that makes it a bit
> > easier to maintain and especially discard unused ones.
> >
> > BUG=
> >
> > Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
> > Cr-Commit-Position: refs/heads/master@{#33847}
>
> TBR=jarin@chromium.org,cbruni@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/2d669b96639517cfc33e6fc6d4c3814587bc7366
> Cr-Commit-Position: refs/heads/master@{#33848}
TBR=jarin@chromium.org,machenbach@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review URL: https://codereview.chromium.org/1688783005
Cr-Commit-Position: refs/heads/master@{#33887}
Additionally list C++ builtins as well under --runtime_call_stats.
Let's try to keep all counters in one place, that makes it a bit
easier to maintain and especially discard unused ones.
BUG=
Review URL: https://codereview.chromium.org/1678973002
Cr-Commit-Position: refs/heads/master@{#33847}
Previously, Object.values() and Object.entries() were piggy-backing on
Object.keys(). This meant that they would pre-filter non-enumerable properties,
violating the runtime behaviour of the methods. Unfortunately, this does not
match the current proposal text.
Also incorporates several tests verifying this behaviour based on tests included
in the ChakraCore implementation.
In this reland, the new patch fills up the longer-lasting FixedArray with
`undefined` to avoid the crash in Heap::Verify().
Originally reviewed at https://codereview.chromium.org/1637753004
BUG=v8:4663
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org
Review URL: https://codereview.chromium.org/1673673002
Cr-Commit-Position: refs/heads/master@{#33818}
Generally we only care whether the next object is a hidden prototype.
It's simpler to check whether the current object has a hidden prototype
instead of walking to the next prototype and checking its map.
BUG=
Review URL: https://codereview.chromium.org/1675223002
Cr-Commit-Position: refs/heads/master@{#33816}
Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
BUG=chromium:579009
LOG=Y
Committed: https://crrev.com/6a118774244d087b5979e9291d628a994f21d59d
Cr-Commit-Position: refs/heads/master@{#33674}
Review URL: https://codereview.chromium.org/1642223003
Cr-Commit-Position: refs/heads/master@{#33798}
Reason for revert:
[Sheriff] Breaks gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/1642
Original issue's description:
> [es7] refactor and fix Object.values() / Object.entries()
>
> Previously, Object.values() and Object.entries() were piggy-backing on
> Object.keys(). This meant that they would pre-filter non-enumerable properties,
> violating the runtime behaviour of the methods. Unfortunately, this does not
> match the current proposal text.
>
> Also incorporates several tests verifying this behaviour based on tests included
> in the ChakraCore implementation.
>
> BUG=v8:4663
> LOG=N
> R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org
>
> Committed: https://crrev.com/5c5ccd9d7f8693990d1a9eb26ba3a94f376dcf0b
> Cr-Commit-Position: refs/heads/master@{#33782}
TBR=littledan@chromium.org,adamk@chromium.org,cbruni@chromium.org,rossberg@chromium.org,caitpotter88@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4663
Review URL: https://codereview.chromium.org/1675663002
Cr-Commit-Position: refs/heads/master@{#33787}
Previously, Object.values() and Object.entries() were piggy-backing on
Object.keys(). This meant that they would pre-filter non-enumerable properties,
violating the runtime behaviour of the methods. Unfortunately, this does not
match the current proposal text.
Also incorporates several tests verifying this behaviour based on tests included
in the ChakraCore implementation.
BUG=v8:4663
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org
Review URL: https://codereview.chromium.org/1637753004
Cr-Commit-Position: refs/heads/master@{#33782}
This removes --harmony-completion, --harmony-concat-spreadable, and
--harmony-tolength and moves the appropriate tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1667453002
Cr-Commit-Position: refs/heads/master@{#33712}
Reason for revert:
Fails a lot of layout tests and blocks the roll. Can be easily reproduced with a local Chromium checkout.
Reference: https://codereview.chromium.org/1652413003/
Original issue's description:
> [api] Make ObjectTemplate::SetNativeDataProperty() work even if the ObjectTemplate does not have a constructor.
>
> Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
> When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
> ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
>
> The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
>
> This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
>
> BUG=chromium:579009
> LOG=Y
>
> Committed: https://crrev.com/6a118774244d087b5979e9291d628a994f21d59d
> Cr-Commit-Position: refs/heads/master@{#33674}
TBR=verwaest@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:579009
Review URL: https://codereview.chromium.org/1660263003
Cr-Commit-Position: refs/heads/master@{#33698}
This includes 2 fixes:
1) We didn't properly advance the holder when checking whether
Receiver==Holder, so we'd inadvertently block loading the property if
the first property we find is on the typed array.
2) Reflect.get may cause any object on the prototype chain of the holder
to be the receiver; so we need to recheck for this special state for
each object we perform lookup on.
Review URL: https://codereview.chromium.org/1651913005
Cr-Commit-Position: refs/heads/master@{#33689}
Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
BUG=chromium:579009
LOG=Y
Review URL: https://codereview.chromium.org/1642223003
Cr-Commit-Position: refs/heads/master@{#33674}
String wrappers (new String("foo")) are special objects: their string
characters are accessed like elements, and they also have an elements
backing store. This used to require a bunch of explicit checks like:
if (obj->IsJSValue() && JSValue::cast(obj)->value()->IsString()) {
/* Handle string characters */
}
// Handle regular elements (for string wrappers and other objects)
obj->GetElementsAccessor()->Whatever(...);
This CL introduces new ElementsKinds for string wrapper objects (one for
fast elements, one for dictionary elements), which allow folding the
special-casing into new StringWrapperElementsAccessors.
No observable change in behavior is intended.
Review URL: https://codereview.chromium.org/1612323003
Cr-Commit-Position: refs/heads/master@{#33616}
This CL implements PrepareForTailCall() mentioned in ES6 spec for full codegen, Crankshaft and Turbofan.
When debugger is active tail calls are disabled.
Tail calling can be enabled by --harmony-tailcalls flag.
BUG=v8:4698
LOG=Y
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1609893003
Cr-Commit-Position: refs/heads/master@{#33509}
This patch makes Array.prototype.concat support subclassing Arrays
and constructing instances properly with Symbol.species. It is
guarded by the --harmony-species flag.
R=cbruni
LOG=Y
BUG=v8:4093
Review URL: https://codereview.chromium.org/1577043002
Cr-Commit-Position: refs/heads/master@{#33503}
The Object.getOwnPropertyNames method always calls into C++ anyway,
so there's no point in having the JavaScript wrapper around at all.
Drive-by-fix: Inline GetOwnEnumerablePropertyNames into its single
call site.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_chromium_rel_ng
R=yangguo@chromium.org
Committed: https://crrev.com/bf027fe756f62b4abcac8aa08134c8c5ed055620
Cr-Commit-Position: refs/heads/master@{#33380}
Review URL: https://codereview.chromium.org/1605803002
Cr-Commit-Position: refs/heads/master@{#33417}
Reason for revert:
Breaks roll: https://codereview.chromium.org/1603953002/
Original issue's description:
> [runtime] Migrate Object.getOwnPropertyNames to C++.
>
> The Object.getOwnPropertyNames method always calls into C++ anyway,
> so there's no point in having the JavaScript wrapper around at all.
>
> Drive-by-fix: Inline GetOwnEnumerablePropertyNames into its single
> call site.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/bf027fe756f62b4abcac8aa08134c8c5ed055620
> Cr-Commit-Position: refs/heads/master@{#33380}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review URL: https://codereview.chromium.org/1609173002
Cr-Commit-Position: refs/heads/master@{#33399}
The Object.getOwnPropertyNames method always calls into C++ anyway,
so there's no point in having the JavaScript wrapper around at all.
Drive-by-fix: Inline GetOwnEnumerablePropertyNames into its single
call site.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1605803002
Cr-Commit-Position: refs/heads/master@{#33380}
The implementation of Object.getOwnPropertyDescriptor always called into
C++ anyway, so there's no need to have this JavaScript wrapper around at
all.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1606783002
Cr-Commit-Position: refs/heads/master@{#33379}
Unify Object::ToObject and Execution::ToObject, and unify all users to
go to Object::ToObject directly. Also remove some dead code from the
frame details debug API.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1589323002
Cr-Commit-Position: refs/heads/master@{#33327}
The Object.getOwnPropertySymbols() calls into C++ at least once on every
possible path, so no point in having the JavaScript wrapper.
Drive-by-cleanup: Also move Symbol.prototype creation to C++ as well.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1587153003
Cr-Commit-Position: refs/heads/master@{#33318}
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1575973006
Cr-Commit-Position: refs/heads/master@{#33258}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33231}
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711
Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574
Review URL: https://codereview.chromium.org/1574223002
Cr-Commit-Position: refs/heads/master@{#33230}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33228}
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1567353002
Cr-Commit-Position: refs/heads/master@{#33172}
Everything necessary to implement Object.keys efficiently is already
available in C++ land for quite some time now, and only the thin
JavaScript wrapper was left, so get rid of that as well and move the
whole builtin to C++ instead.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1567963002
Cr-Commit-Position: refs/heads/master@{#33167}
This patch implements @@species, guarded behind the --harmony-species
flag, on Arrays. Methods which return an Array will instead return
the appropriate instance based on the ArraySpeciesCreate algorithm.
The algorithm is implemented in C++ to get access to realm information
and to implement some Array methods in C++, but it is also accessed
from JavaScript through a new runtime function. A couple interactive
Octane runs show no performance regression with the flag turned off,
but turning --harmony-species on will surely have a significant
regression, as Array methods now heavily use ObjectDefineProperty.
BUG=v8:4093
LOG=Y
R=adamk,cbruni
Review URL: https://codereview.chromium.org/1560763002
Cr-Commit-Position: refs/heads/master@{#33144}
Almost all of the Date builtins always call into C++ at least once
anyway, so parsing, compiling and executing the JavaScript wrappers
is just a waste of time. The most important part here is the Date
constructor itself, which is one of the blockers for new.target in
TurboFan, because compiling the Date constructor takes too much time
with TurboFan (for no reason since we end up in C++ anway).
R=cbruni@chromium.org
Review URL: https://codereview.chromium.org/1556333002
Cr-Commit-Position: refs/heads/master@{#33109}
