Previously, FrameFunctionIterator::next() assumed that the frame summary
was non-empty. It's now possible for the list not to be empty, if the
JS microtask pump invokes a builtin function which uses
FrameFunctionIterator directly. While this is unlikely to show up in
real world code, it is necessary to handle it to prevent crashes.
BUG=chromium:794744
R=mstarzinger@chromium.org, cbruni@chromium.org, verwaest@chromium.org
Change-Id: Ie95c2228544f57730d1c6c1ff955b2c94ff1c06b
Reviewed-on: https://chromium-review.googlesource.com/833266
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#50221}
This changes the implementation of
v8::ScriptCompiler::CompileFunctionInContext
See design doc: https://goo.gl/ppkK6QR=adamk@chromium.org, marja@chromium.org, mstarzinger@chromium.org
Bug: v8:7172, chromium:70895
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iab0b6e879c1a3b33b623bfa2af9c706643c06fa7
Reviewed-on: https://chromium-review.googlesource.com/810946
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50148}
Currently RuntimeCallStats stores CounterIds as inner pointers.
This patch replaces them with enums and removes static table.
Bug: chromium:758183
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icb4030fc3ad3dd02e9c2648ce7c43b6f2d47fa9d
Reviewed-on: https://chromium-review.googlesource.com/796477
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49743}
This fixes debug-evaluate in the presence of a de-materialized function
object. The creation of an arguments object is now requested based on a
given frame (potentially inlined) instead of a target function. It makes
sure that multiple calls to {StandardFrame::Summarize} don't cause any
confusion when they give back non-identical function objects.
R=jgruber@chromium.org
TEST=debugger/debug/debug-evaluate-arguments
BUG=chromium:788647
Change-Id: I575bb6cb20b4657dc09019e631b5d6e36c1b5189
Reviewed-on: https://chromium-review.googlesource.com/796474
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49721}
Unaligned access is still unused, but will be necessary to load String-length
once we store it as an int32 next to the hash-field.
Bug: v8:7065
Change-Id: I7fa9364e062774c0a6b32e7f961031dcd30c564c
Reviewed-on: https://chromium-review.googlesource.com/763349
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49358}
This CL adds a very crude unittest to check that RuntimeCallStats work
correctly with api callbacks present. This currently doesn't check that
all parent timers (namely FunctionCallback) are handled properly.
Drive-by-Fix:
- Use Microseconds for all RCS timer tests
- Add TestWithContext::SetGlobalProperty helper
- Use explicit v8:: prefix in test-utils.{h,cc}
Change-Id: I054e78abca0b87a3b9e07d3b06cccdad15403bae
Reviewed-on: https://chromium-review.googlesource.com/766429
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49348}
This should avoid changes in code serializer in a follow-up class literals
improvement CL.
Bug: v8:5799
Change-Id: I4e4386333bcc7abb30399d4e9abba4eee80ca932
Reviewed-on: https://chromium-review.googlesource.com/733037
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48996}
Rename |property_attributes| to |initial_property_attributes| and ensure
that it is used as a storage of values only for AccessorInfos installed in
API Templates (i.e. ObjectTemplate and FunctionTemplate).
When an AccessorInfo is installed directly into an existing JS object
(via JSObject::SetAccessor) or into a DescriptorArray (when certain V8
objects' shapes are configured) it is not necessary to thread attributes
being set through the AccessorInfo instance.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibe61026f08c42549756f694129a286635ffe5769
Reviewed-on: https://chromium-review.googlesource.com/730425
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48978}
This CL speeds up a common pattern found in the React framework:
function f(a, b, c) { ... };
let f_bound = f.bind(this, 1);
let f_bound2 = f_bound(this, 2);
This CL yields roughly a 15x improvement for rebinding a bound function.
Change-Id: I4d8580a5bce422af411148bc6b3e4eb287fac9ce
Reviewed-on: https://chromium-review.googlesource.com/695206
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48283}
This is a reland of 9d3c4b4b91
Original change's description:
> [turbofan] Implement lowering of {JSCreateClosure}.
>
> This adds support for inline allocation of {JSFunction} objects as part
> of closures instantiation for {JSCreateClosure} nodes. The lowering is
> limited to instantiation sites which have already seen more than one
> previous instantiation, this avoids the need to increment the respective
> counter.
>
> R=jarin@chromium.org
>
> Change-Id: I462c557453fe58bc5f09020a3d5ebdf11c2ea68b
> Reviewed-on: https://chromium-review.googlesource.com/594287
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48176}
Change-Id: I3ec3880bea89798a34a3878e6122b95db1014151
Reviewed-on: https://chromium-review.googlesource.com/686834
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48198}
This reverts commit 9d3c4b4b91.
Reason for revert: Breaks cctest/test-debug/NoBreakWhenBootstrapping in no-snap mode.
Original change's description:
> [turbofan] Implement lowering of {JSCreateClosure}.
>
> This adds support for inline allocation of {JSFunction} objects as part
> of closures instantiation for {JSCreateClosure} nodes. The lowering is
> limited to instantiation sites which have already seen more than one
> previous instantiation, this avoids the need to increment the respective
> counter.
>
> R=jarin@chromium.org
>
> Change-Id: I462c557453fe58bc5f09020a3d5ebdf11c2ea68b
> Reviewed-on: https://chromium-review.googlesource.com/594287
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48176}
TBR=mstarzinger@chromium.org,jarin@chromium.org
Change-Id: Id52281f6a3c0b7c2603053ecf002777d5b0d6f1f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/686534
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48178}
This adds support for inline allocation of {JSFunction} objects as part
of closures instantiation for {JSCreateClosure} nodes. The lowering is
limited to instantiation sites which have already seen more than one
previous instantiation, this avoids the need to increment the respective
counter.
R=jarin@chromium.org
Change-Id: I462c557453fe58bc5f09020a3d5ebdf11c2ea68b
Reviewed-on: https://chromium-review.googlesource.com/594287
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48176}
This adds support to materialize objects when generating a frame summary
for an optimized frame via {OptimizedFrame::Summarize}. Note that this
means each summary might re-materialize objects and hence produce new
object identities every time. All use sites need to be able to cope with
such semantics.
R=jarin@chromium.org
BUG=v8:6586
Change-Id: I85c66ad3e7d247cd40f37a0a6e4391c0ee279706
Reviewed-on: https://chromium-review.googlesource.com/595745
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47067}
Counters for some of the getters are renamed to remove the
AccessorNameGetterCallback_ prefix. The prefix causes these getters to
be categorized under Blink C++ (and they shouldn't be). Counters are
also added for some setters which are currently being counted under
GenericNamedPropertySetterCallback and AccessorNameSetterCallback which
are both categorized as Blink C++.
Bug:
Change-Id: Ifc2c08d3eca0460ea6b5572c7a96b3625dd7d7ea
Reviewed-on: https://chromium-review.googlesource.com/587593
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Adithya Srinivasan <adithyas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46979}
Calls to this method are currently being wrongly categorized as Blink C++
when it is cast to a GenericNamedPropertySetterCallback in
Object::GetPropertyWithAccessor and called.
Bug:
Change-Id: I691346d0d1e6b22dfc12cf4cfb07cfff71a36baf
Reviewed-on: https://chromium-review.googlesource.com/585169
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Adithya Srinivasan <adithyas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46907}
Properly propagate the fact that the function has a statically known name from
parser to SharedFunctionInfo objects. The empty string that has been set as
name before this CL does not help to distinguish cases like:
var o1 = { ''(){} };
var o1 = { [foo()](){} };
or
var o2 = { get ''(){} };
var o2 = { get [foo()](){} };
This is a preliminary step for using different layouts for closure objects with
and without computed names.
TBR=bmeurer@chromium.org, marja@chromium.org
Bug: v8:6459
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I10afa6f4bda7881c3714711a75f720f83c1d875d
Reviewed-on: https://chromium-review.googlesource.com/522073
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45744}
It was a straight pass-through to JSFunction::SetPrototype, with the
added wrinkle that it appeared to sometimes throw (although it never did).
Also improves typing of JSFunction::SetInstancePrototype signature to
require being passed a JSReceiver.
Change-Id: Ie85b9a74955f72bf988cd902c5eec34e32b51a24
Reviewed-on: https://chromium-review.googlesource.com/482421
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44757}
info.This returns a Local<Object>, which results in a call to
Utils::OpenHandle<JSReceiver>. Casting to a Local<Value> first uses the
correct OpenHandle<Object> overload.
BUG=chromium:693500
Review-Url: https://codereview.chromium.org/2706833002
Cr-Commit-Position: refs/heads/master@{#43314}
This adapts the aformentioned interface to no longer return a list of
{JSFunction} objects, but {SharedFunctionInfo} objects instead. Since
deoptimization data only contains the latter as literals, this by now
represents the fast path. All call sites requiring the former can use
the slow path via {JavaScriptFrame::Summarize} instead.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2626213002
Cr-Original-Commit-Position: refs/heads/master@{#42311}
Committed: 25a9364f25
Review-Url: https://codereview.chromium.org/2626213002
Cr-Commit-Position: refs/heads/master@{#42314}
Reason for revert:
Breaks compilation.
Original issue's description:
> [runtime] Change JavaScriptFrame::GetFunctions interface.
>
> This adapts the aformentioned interface to no longer return a list of
> {JSFunction} objects, but {SharedFunctionInfo} objects instead. Since
> deoptimization data only contains the latter as literals, this by now
> represents the fast path. All call sites requiring the former can use
> the slow path via {JavaScriptFrame::Summarize} instead.
>
> R=jarin@chromium.org
>
> Review-Url: https://codereview.chromium.org/2626213002
> Cr-Commit-Position: refs/heads/master@{#42311}
> Committed: 25a9364f25TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2629113004
Cr-Commit-Position: refs/heads/master@{#42312}
This adapts the aformentioned interface to no longer return a list of
{JSFunction} objects, but {SharedFunctionInfo} objects instead. Since
deoptimization data only contains the latter as literals, this by now
represents the fast path. All call sites requiring the former can use
the slow path via {JavaScriptFrame::Summarize} instead.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2626213002
Cr-Commit-Position: refs/heads/master@{#42311}
The "writable" property descriptor may legally change during the call to
AnythingToArrayLength(). This change needs to be honoured before calling
JSArray::SetLength(). The change is only honoured when the "length"
property was previously writable, so that changes during a call to
DefineOwnPropertyIgnoreAttributes() is ignored.
BUG=v8:5688
R=cbruni@chromium.org, verwaest@chromium.org, jkummerow@chromium.org
Review-Url: https://codereview.chromium.org/2543553002
Cr-Commit-Position: refs/heads/master@{#41396}
This ensures the deoptimization triggered due to materialization of
objects by the {TranslatedState} works in conjunction with OSR. The
optimized code used for OSR is not installed on the function, hence
needs to be specified explicitly when requesting deoptimization for
specific stack frames.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-668795
BUG=chromium:668795
Review-Url: https://codereview.chromium.org/2534143002
Cr-Commit-Position: refs/heads/master@{#41348}
Inspector uses this type for all internal scripts, e.g. injected-script-source.js. Scripts with new type are not reported by remote debugging protocol, frames from them are ignored.
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
BUG=none
R=yangguo@chromium.org,dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2499273003
Cr-Commit-Position: refs/heads/master@{#41056}
line_ends is either undefined (if uninitialized) or a fixed array (after
Script::InitLineEnds). All accesses from JS have been removed, therefore
we can skip assigning a COW map and remove the accessor.
Review-Url: https://codereview.chromium.org/2490903002
Cr-Commit-Position: refs/heads/master@{#40876}
This is useful for things that don't ever change, but we don't want to
eagerly compute the result.
Doing this from the embedder is difficult, using DefineOwnProperty would
read the property to get the property descriptor, creating an endless
recursion.
R=verwaest@chromium.org,haraken@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2449783006
Cr-Commit-Position: refs/heads/master@{#40648}
Native setters (see AccessorInfo in accessors.h) didn't have the ability
to return a result value. As a consequence of this, for instance, Reflect.set
on the length property of arrays had the wrong behavior:
var y = [];
Object.defineProperty(y, 0, {value: 42, configurable: false})
Reflect.set(y, 'length', 0)
The Reflect.set call used to return true. Now it returns false as
required by the spec.
BUG=v8:5401
Review-Url: https://codereview.chromium.org/2397603003
Cr-Commit-Position: refs/heads/master@{#40579}
This implements namespace imports (import * as foo from "bar"), except for the
@@iterator property on namespace objects (to be done later).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2388153003
Cr-Commit-Position: refs/heads/master@{#40096}
This reverts commit 7db0ecdec3.
Manual revert since automatic revert is too large for the web interface.
BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
This allows us to skip complicated logic for setting the accessors.
BUG=
Review-Url: https://codereview.chromium.org/2164903004
Cr-Commit-Position: refs/heads/master@{#37969}
This ports a large portion of Error methods to C++,
including the constructor, stack setter and getter,
and Error.prototype.toString.
BUG=
Review-Url: https://codereview.chromium.org/2142933003
Cr-Commit-Position: refs/heads/master@{#37870}
Drive-by-fix: hydrogen code does not blindly return the
byteLength offset, instead it executes what is defined
in the byteLength getter.
BUG=
Review-Url: https://codereview.chromium.org/2123263002
Cr-Commit-Position: refs/heads/master@{#37595}
This is a quick fix for the hole leaking from generators via the debugger's frame
inspection feature: when collecting the arguments, convert each hole to undefined.
In the long term, we probably want to remember and restore the actual arguments
rather than pushing these dummy arguments on each resume.
BUG=v8:5164
Review-Url: https://codereview.chromium.org/2122923003
Cr-Commit-Position: refs/heads/master@{#37544}
