This splits the SuperReference AST node into SuperPropertyReference and
SuperCallReference. The super call reference node consists of three
unresolved vars to this, new.target and this_function. These gets
declared when the right function is entered and if it is in use. The
variables gets assigned in FullCodeGenerator::Generate.
BUG=v8:3768
LOG=N
R=wingo@igalia.com, adamk@chromium.org
Review URL: https://codereview.chromium.org/1146863007
Cr-Commit-Position: refs/heads/master@{#28731}
Implements the strong mode proposal's restrictions on the behaviour of the
delete operator for strong objects.
Setting the strong bit is still wip, so this change will only affect those
objects that have the bit correctly set. The tests reflect this, and will be
expanded as more objects can be marked as strong.
Attempt 2, last version did not work with API.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1156573002
Cr-Commit-Position: refs/heads/master@{#28724}
Moves alignment fill calculations into two static Heap methods.
Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
Makes DoubleAlignForDeserialization explicitly fill after an already
aligned object.
LOG=N
BUG=v8:4124
Committed: https://crrev.com/fcfb080eb9a637f0ae066bed4c45095e60df8a84
Cr-Commit-Position: refs/heads/master@{#28687}
Review URL: https://codereview.chromium.org/1150593003
Cr-Commit-Position: refs/heads/master@{#28702}
The point of this change is so that when emitting code for a call in
FullCodegen::VisitCall, the statement position is not associated to
any code that loads the function, but to the actual CallIC.
R=mvstanton@chromium.org
BUG=chromium:481896
LOG=N
Review URL: https://codereview.chromium.org/1157543004
Cr-Commit-Position: refs/heads/master@{#28701}
Implements the strong mode proposal's restrictions on changing a strong object's
writable, non-configurable property to non-writable.
Setting the strong bit is still wip, so this change will only affect those
objects that have the bit correctly set. The tests reflect this, and will be
expanded as more objects can be marked as strong.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1142393003
Cr-Commit-Position: refs/heads/master@{#28698}
Reason for revert:
Breaks mjsunit, webkit, mozilla, benchmarks.
TBR=hpayer@chromium.org
Original issue's description:
> Clean up aligned allocation code in preparation for SIMD alignments.
>
> Moves alignment fill calculations into two static Heap methods.
> Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
> Makes DoubleAlignForDeserialization explicitly fill after an already
> aligned object.
>
> LOG=N
> BUG=v8:4124
>
> Committed: https://crrev.com/fcfb080eb9a637f0ae066bed4c45095e60df8a84
> Cr-Commit-Position: refs/heads/master@{#28687}
TBR=hpayer@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124
Review URL: https://codereview.chromium.org/1159123002
Cr-Commit-Position: refs/heads/master@{#28688}
Moves alignment fill calculations into two static Heap methods.
Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
Makes DoubleAlignForDeserialization explicitly fill after an already
aligned object.
LOG=N
BUG=v8:4124
Review URL: https://codereview.chromium.org/1150593003
Cr-Commit-Position: refs/heads/master@{#28687}
This introduces a conservative prediction for each exception handler
whether it will locally catch an exception or re-throw it to outside
the code bondaries. It will allow for a more intuitive prediction of
whether an exception is considered "caught" or "uncaught".
R=bmeurer@chromium.org,yangguo@chromium.org
BUG=chromium:492522
LOG=N
Review URL: https://codereview.chromium.org/1158563008
Cr-Commit-Position: refs/heads/master@{#28681}
The control flow optimization should work independent of the JSGraph. We
used the JSGraph there because it was convinient, not because it was
necessary.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1160863003
Cr-Commit-Position: refs/heads/master@{#28674}
The SimplifiedOperatorReducer is (mostly) unused, except for the very
rough store elimination, and just eats compilation time.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1162563002
Cr-Commit-Position: refs/heads/master@{#28673}
This test is little-endian specific and therefore it can't run
correctly on big-endian platforms.
BUG=
Review URL: https://codereview.chromium.org/1155113008
Cr-Commit-Position: refs/heads/master@{#28667}
Implements the strong mode proposal's restrictions on the ability of user code
to modify the prototype of strong objects.
Setting the strong bit is still wip, so this change will only affect those
objects that have the bit correctly set. The tests reflect this, and will be
expanded as more objects can be marked as strong.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1143623002
Cr-Commit-Position: refs/heads/master@{#28664}
Strong Object/Array literals are currently being created with incorrect
internal prototypes. This CL fixes this and extends the test suite to check.
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1158933002
Cr-Commit-Position: refs/heads/master@{#28655}
This simplifies inlining, in that we only need to update uses of Start
and inputs of End instead of walking the whole inlinee to update all
outer frame states.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1146403008
Cr-Commit-Position: refs/heads/master@{#28649}
If both inputs to JSStrictEqual/JSStrictNotEqual are unique values (i.e.
values with a canonical representation), we can lower the comparison to
ReferenceEqual instead of StringEqual or CompareIC.
Review URL: https://codereview.chromium.org/1154303002
Cr-Commit-Position: refs/heads/master@{#28646}
When we enter a method that needs access to the [[HomeObject]]
we allocate a local variable `.home_object` and assign it the
value from the [[HomeObject]] private symbol. Something along
the lines of:
method() {
var .home_object = %ThisFunction()[home_object_symbol];
...
}
BUG=v8:3867, v8:4031
LOG=N
Review URL: https://codereview.chromium.org/1135243004
Cr-Commit-Position: refs/heads/master@{#28644}
These are similar to the Map/Set constructors when called with an array,
except that they are guaranteed to be side-effect free if called with
a packed array.
This will be useful in implementing structured clone which, as
specified in HTML, speaks in terms of the internal [[MapData]]
and [[SetData]] slots without going through the exposed iteration
ES semantics.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1155893003
Cr-Commit-Position: refs/heads/master@{#28642}
The April 14 2015 final draft of the ES6 specification states that the
`prototype` property of generator function instances should be writable.
BUG=v8:4140, v8:4140
LOG=N
R=arv@chromium.org
Review URL: https://codereview.chromium.org/1153633003
Cr-Commit-Position: refs/heads/master@{#28641}
These return arrays representing the current contents of the given
Map/Set. They are similar to what would be returned by the JS code:
Array.from(collection)
except that they are guaranteed side-effect free.
This will be useful in implementing structured clone which, as
specified in HTML, speaks in terms of the internal [[MapData]]
and [[SetData]] slots without going through the exposed iteration
ES semantics.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1148383007
Cr-Commit-Position: refs/heads/master@{#28640}
Only supports constructing new objects and returning size.
Followup patch will need to add ability to retrieve and
set contents in order to support structured clone.
Also removes a bunch of outdated "experimental" markers from v8.h.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1157453002
Cr-Commit-Position: refs/heads/master@{#28637}
This way we don't need to connect (potentially) non-terminating loops
later during control reduction, which saves one forward pass over the
control graph. Long term we will move the trimming functionality of
the control reducer to the GraphReducer, and get rid of the Finish
method again.
As a bonus, this change also properly rewires Terminate, Throw and
Deoptimize during inlining.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1155683004
Cr-Commit-Position: refs/heads/master@{#28625}
* Hash code is now just done with a private own symbol instead of the hidden string, which predates symbols.
* In the long run we should do all hidden properties this way and get rid of the
hidden magic 0-length string with the zero hash code. The advantages include
less complexity and being able to do things from JS in a natural way.
* Initially, the performance of weak set regressed, because it's a little harder
to do the lookup in C++. Instead of heroics in C++ to make things faster I
moved some functionality into JS and got the performance back. JS is supposed to be good at looking up named properties on objects.
* This also changes hash codes of Smis so that they are always Smis.
Performance figures are in the comments to the code review. Summary: Most of js-perf-test/Collections is neutral. Set and Map with object keys are 40-50% better. WeakMap is -5% and WeakSet is +9%. After the measurements, I fixed global proxies, which cost 1% on most tests and 5% on the weak ones :-(.
In the code review comments is a patch with an example of the heroics we could do in C++ to make lookup faster (I hope we don't have to do this. Instead of checking for the property, then doing a new lookup to insert it, we could do one lookup and handle the addition immediately). With the current benchmarks above this buys us nothing, but if we go back to doing more lookups in C++ instead of in stubs and JS then it's a win.
In a similar vein we could give the magic zero hash code to the hash code
symbol. Then when we look up the hash code we would sometimes see the table
with all the hidden properties. This dual use of the field for either the hash
code or the table with all hidden properties and the hash code is rather ugly,
and this CL gets rid of it. I'd be loath to bring it back. On the benchmarks quoted above it's slightly slower than moving the hash code lookup to JS like in this CL.
One worry is that the benchmark results above are more monomorphic than real
world code, so may be overstating the performance benefits of moving to JS. I
think this is part of a general issue we have with handling polymorphic code in
JS and any solutions there will benefit this solution, which boils down to
regular property access. Any improvement there will lift all boats.
R=adamk@chromium.org, verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1149863005
Cr-Commit-Position: refs/heads/master@{#28622}
This simplifies the handling of the End node. Based on this CL we will
finally fix terminating every loop from the beginning (via Terminate
nodes) and fix inlining of Throw, Deoptimize and Terminate.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1157023002
Cr-Commit-Position: refs/heads/master@{#28620}
This fixes a corner-case where deoptimization while evaluating the
value to a __proto__ property after computed property names appeared
in an object literal, lead to environments not being in sync with
unoptimized code.
R=arv@chromium.org
TEST=mjsunit/harmony/computed-property-names-deopt
Review URL: https://codereview.chromium.org/1158443004
Cr-Commit-Position: refs/heads/master@{#28613}
Implement assembler, disassembler tests for all instructions for mips32 and mips64. Additionally, add missing single precision float instructions for r2 and r6 architecture variants in assembler, simulator and disassembler with corresponding tests.
Review URL: https://codereview.chromium.org/1145223002
Cr-Commit-Position: refs/heads/master@{#28595}
This adds a new external type (v8::SharedArrayBuffer) that uses a JSArrayBuffer
under the hood. It can be distinguished from an ArrayBuffer by the newly-added
is_shared() bit.
Currently there is no difference in functionality between a SharedArrayBuffer
and an ArrayBuffer. However, a future CL will add the Atomics API, which is
only available on an SharedArrayBuffer. All non-atomic accesses are identical
to ArrayBuffer accesses.
LOG=N
BUG=
Review URL: https://codereview.chromium.org/1136553006
Cr-Commit-Position: refs/heads/master@{#28594}
