Commit Graph

485 Commits

Author SHA1 Message Date
petermarshall
08217e45a7 [builtins] Move StringStartsWith to a C++ builtin.
BUG=v8:5364

Review-Url: https://codereview.chromium.org/2407173002
Cr-Commit-Position: refs/heads/master@{#40165}
2016-10-11 11:36:12 +00:00
petermarshall
5af6ec76b2 [builtins] Move StringEndsWith to a C++ builtin.
BUG=v8:5364

Review-Url: https://codereview.chromium.org/2406873002
Cr-Commit-Position: refs/heads/master@{#40164}
2016-10-11 11:28:12 +00:00
petermarshall
8b48aa1cda [builtins] Move StringIncludes to a builtin.
Also add a test for when the first argument is null or undefined, as there are no tests that cover this currently.

BUG=v8:5364

Review-Url: https://codereview.chromium.org/2399423003
Cr-Commit-Position: refs/heads/master@{#40127}
2016-10-10 15:01:32 +00:00
caitp
3c52ac79cd Reland "[builtins] migrate C++ String Iterator builtins to baseline TurboFan"
Migrate newly added C++ String Iterator builtins to TFJ builtins, per
step 4. of the String Iterator Baseline Implementation section of the design doc

BUG=v8:5388
R=bmeurer@chromium.org, mstarzinger@chromium.org, jkummerow@chromium.org

Committed: https://crrev.com/f9a2c8b1112c4e915df8bc5f7ea1fccdf7a33ff8
Cr-Commit-Position: refs/heads/master@{#39765}

patch from issue 2358263002 at patchset 260001 (http://crrev.com/2358263002#ps260001)

Review-Url: https://codereview.chromium.org/2381053002
Cr-Commit-Position: refs/heads/master@{#39879}
2016-09-29 15:49:19 +00:00
caitp
8fea775784 [builtins] adapt arguments for Builtins::kIteratorPrototypeIterator
BUG=chromium:650172
R=mstarzinger@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2368323002
Cr-Commit-Position: refs/heads/master@{#39760}
2016-09-27 11:05:42 +00:00
bmeurer
0702ea3000 [turbofan] Don't take into account source size for inlining heuristics.
The source size is not a real indicator for whether or not to inline a
certain function.

R=ishell@chromium.org, jarin@chromium.org
BUG=v8:3354,v8:5267

Committed: 1b33028607
Review-Url: https://codereview.chromium.org/2361813002
Cr-Commit-Position: refs/heads/master@{#39681}
2016-09-23 16:23:34 +00:00
machenbach
99160dc1c1 Revert of [turbofan] Don't take into account source size for inlining heuristics. (patchset id:60001 of https://codereview.chromium.org/2361813002/ )
Reason for revert:
timeouts on windows:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12504

Original issue's description:
> [turbofan] Don't take into account source size for inlining heuristics.
>
> The source size is not a real indicator for whether or not to inline a
> certain function.
>
> R=ishell@chromium.org, jarin@chromium.org
> BUG=v8:3354,v8:5267
>
> Committed: 1b33028607

TBR=ishell@chromium.org,jarin@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3354,v8:5267

Review-Url: https://codereview.chromium.org/2362853003
Cr-Commit-Position: refs/heads/master@{#39661}
2016-09-23 12:43:45 +00:00
Benedikt Meurer
1b33028607 [turbofan] Don't take into account source size for inlining heuristics.
The source size is not a real indicator for whether or not to inline a
certain function.

R=ishell@chromium.org, jarin@chromium.org
BUG=v8:3354,v8:5267

Review URL: https://codereview.chromium.org/2361813002 .

Cr-Commit-Position: refs/heads/master@{#39659}
2016-09-23 11:47:19 +00:00
gsathya
8c87ae9b88 [promises] Move PromiseResolveThenableJob to c++
- Add a new container object to store the data required for
PromiseResolveThenableJob.

- Create a new runtime function to enqueue the microtask event with
the required data.

This patches causes a 4% regression in the bluebird benchmark.

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2314903004
Cr-Commit-Position: refs/heads/master@{#39571}
2016-09-21 03:49:50 +00:00
littledan
377358516f Make Promise.all/Promise.race catch prediction conditional on DevTools
To improve performance, this patch makes Promise.all and Promise.race not
perform correct catch prediction when the debugger is not open. The case
may come up if Promise.race or Promise.all is called, then DevTools is
open, then a component Promise is rejected. In this case, the user would
falsely get an exception event even if the "pause on caught exceptions"
box is unchecked. There are tests which triggered this case; however, it
seems both unlikely and and acceptable to have an event in this case.
Many analogous events are already produced when DevTools is enabled
during the operation of a program.

BUG=v8:3093

Review-Url: https://codereview.chromium.org/2350363002
Cr-Commit-Position: refs/heads/master@{#39565}
2016-09-20 19:34:35 +00:00
nikolaos
d5dcce33bf [parser] Fix tail calls in for in/of loops
According to the ES6 specification, in "for in/of" loops like:

   for (var v of [1,2,3]) return f(...);

the call to f() should not be considered a tail call.  This was
not working properly, i.e., the case without declarations:

   var v;
   for (v of [1,2,3]) return f(...);

R=adamk@chromium.org, ishell@chromium.org
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2343823002
Cr-Commit-Position: refs/heads/master@{#39497}
2016-09-19 09:47:56 +00:00
adamk
624bc966b3 Super property loads and stores should throw if [[Prototype]] is null
While fixing the bug, removed code duplication from super load/store
runtime calls, and inlined calls of Object::ReadAbsentProperty (left
over from strong mode).

BUG=v8:5335

Review-Url: https://codereview.chromium.org/2311413002
Cr-Commit-Position: refs/heads/master@{#39257}
2016-09-07 17:14:14 +00:00
marja
8ee581af4b Move sloppy block function hoisting logic from Parser to Scope.
This moves scope-related logic (such as looking up variables) to Scope
where it belongs, and enables PreParser to do more Scope-related
operations in the future.

BUG=

Review-Url: https://codereview.chromium.org/2301183003
Cr-Commit-Position: refs/heads/master@{#39233}
2016-09-07 08:48:32 +00:00
bakkot
2aab10f5b3 [parser] Simplify parse-time function name inference for properties
Move the code to perform function name inference for properties into
parsing the properties themselves, instead of the containing object.

This allows us to avoid unnecessary calls when parsing shorthand
properties and methods and simplifies the logic in the remaining cases.

Also fixes an edge case bug: inferring the name of the getter in
`class { static get constructor(){} }`.

Review-Url: https://codereview.chromium.org/2313723005
Cr-Commit-Position: refs/heads/master@{#39222}
2016-09-06 18:49:49 +00:00
nikolaos
628e9e3eb8 Fix bug with nested spreads as patterns
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:5337
LOG=N

Review-Url: https://codereview.chromium.org/2297303003
Cr-Commit-Position: refs/heads/master@{#39118}
2016-09-02 07:53:00 +00:00
littledan
aae17eb31b Do not trigger ExceptionEvents for another forwarding case
This patch fixes up one last case of redundant ExceptionEvents being
triggered in the debugger for Promises--it makes the default reject
handler for Promises (e.g., if the second argument for
Promise.prototype.then is missing) appear to the debugger as a
rethrow.

R=adamk@chromium.org,jgruber@chromium.org
BUG=v8:5167

Review-Url: https://codereview.chromium.org/2278643002
Cr-Commit-Position: refs/heads/master@{#38876}
2016-08-24 20:38:13 +00:00
littledan
013e49f73c Change which ExceptionEvents are triggered by Promises
To make async/await catch prediction work well, this patch regularizes
the exception events sent to DevTools from various places in the Promise
lifecycle. The core is that there should be an exception event when the
rejection first starts, rather than when it is propagated.

- Several cases within Promise code which propagate errors are
  modified to not trigger a new ExceptionEvent in that case, such
  as .then on a rejected Promise and returning a rejected Promise
  from .then, as well as Promise.race and Promise.all.
- Make Promise.reject() create an ExceptionEvent, subject to catch
  prediction based on the Promise stack. This is important
  so that, e.g., if "await Promise.reject()" will trigger a new
  throw (rather than a silent rethrow of something that never
  triggered an event in the first place).

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2244003003
Cr-Commit-Position: refs/heads/master@{#38847}
2016-08-24 00:20:50 +00:00
littledan
b2a257f9ff Remove --promise-extra flag
This flag was shipped on in 52, so it's due for removal. The patch includes
removing the deprecated and unused-in-Blink API Promise::Chain, and many
test updates.

R=adamk@chromium.org
BUG=v8:4633

Review-Url: https://codereview.chromium.org/2267033002
Cr-Commit-Position: refs/heads/master@{#38804}
2016-08-22 21:35:06 +00:00
bakkot
95e0ba65ec Reland of Amends the TypedArray constructor to use the path for primitives for all (patchset id:1 of https://codereview.chromium.org/2120763002/ )
Reason for revert:
WebGL tests have been updated and rolled (at https://codereview.chromium.org/2227023002), so this should no longer fail outdated tests.

Original issue's description:
> Revert of Amends the TypedArray constructor to use the path for primitives for all (patchset  id:60001 of https://codereview.chromium.org/2096873002/ )
>
> Reason for revert:
> Speculative revert to unblock roll https://codereview.chromium.org/2114113002/
>
> Original issue's description:
> > Amends the TypedArray constructor to use the path for primitives for all
> > types of primitives, not just undefined, booleans, numbers, and strings.
> > (The missing cases were null and Symbol.) This is required by the
> > specification, and there are test262 tests which we were failing due to
> > this bug.
> >
> > BUG=v8:5124
> >
> > Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
> > Committed: https://crrev.com/f772c22cd1c492aa0235a8e6012d0386146d2eb2
> > Cr-Original-Commit-Position: refs/heads/master@{#37234}
> > Cr-Commit-Position: refs/heads/master@{#37407}
>
> TBR=littledan@chromium.org,bakkot@google.com
> NOTREECHECKS=true
> BUG=v8:5124
>
> Committed: https://crrev.com/9c0aef52fa672db856ebfac7f4bdcd7d7b103663
> Cr-Commit-Position: refs/heads/master@{#37487}

TBR=littledan@chromium.org,hablich@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5124

Review-Url: https://codereview.chromium.org/2255543002
Cr-Commit-Position: refs/heads/master@{#38691}
2016-08-17 17:44:11 +00:00
littledan
7ea3b09982 Destructuring/default tests for generators and async functions
This patch adds additional tests for async functions and generators, in how
they interact with destructuring, default arguments and shadow parameter
copying.

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2229243002
Cr-Commit-Position: refs/heads/master@{#38560}
2016-08-10 19:32:29 +00:00
adamk
83b63c308a Sloppy eval declarations should not shadow lexical function declarations
This was being allowed due to the use of BindingFlags instead of VariableMode
to determine whether a looked-up binding was lexical. Because function
declarations are hoisted, they never need hole checks, and so were being
miscategorized as non-lexical.

This patch augments Context::Lookup with a VariableMode out param, which
allows this check to determine precisely whether the binding is lexical.

BUG=v8:4454, v8:5256

Review-Url: https://codereview.chromium.org/2206483004
Cr-Commit-Position: refs/heads/master@{#38260}
2016-08-02 20:27:38 +00:00
yangguo
1515ddd8f1 [debugger] use handler table on unoptimized code for exception prediction.
R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2197183002
Cr-Commit-Position: refs/heads/master@{#38247}
2016-08-02 13:47:49 +00:00
cbruni
f4f06c5029 [keys] Trigger [[getOwnPropertyDescriptor]] trap on proxies for Object.keys
This CL fixes a long-standing bug with Object.keys where the enumerability
check was omitted if the [ownKeys] trap is not present. The only distinction the
KeyAccumulator needs is whether it collects keys for for-in (is_for_in_) or not.
ForInFilter performs a separate step to filter out non-enumerable keys later-on
while in all the other use-cases we have to filter keys.

BUG=v8:1543, v8:5250

Review-Url: https://codereview.chromium.org/2176113009
Cr-Commit-Position: refs/heads/master@{#38199}
2016-08-01 10:10:52 +00:00
neis
d4e5851bad Make Array.prototype[Symbol.iterator] non-constructible.
R=adamk@chromium.org
BUG=v8:5237

Review-Url: https://codereview.chromium.org/2188753002
Cr-Commit-Position: refs/heads/master@{#38116}
2016-07-28 08:19:55 +00:00
caitp
917f0093fb [test] copy revoked proxy tests for array-concat to new files
The tests array-concat-revoked-proxy-*.js are copied out from array-concat.js,
in order to verify that they work correctly with a valid ArrayProtector cell.

These tests pass with https://crrev.com/122a9b7af02606dae558336082ab139a87eba39d
applied, but fail without it.

BUG=v8:5134
R=neis@chromium.org, cbruni@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2177903002
Cr-Commit-Position: refs/heads/master@{#38026}
2016-07-25 15:26:16 +00:00
neis
88a795d1c8 Remove the --ignition-generators flag.
This flag has been enabled by default for over a month now.

R=mstarzinger@chromium.org, rmcilroy@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2176143002
Cr-Commit-Position: refs/heads/master@{#38020}
2016-07-25 12:56:27 +00:00
caitp
122a9b7af0 [builtins] take slow path in IsConcatSpreadable if proxy in prototype
BUG=v8:5134
R=cbruni@chromium.org, littledan@chromium.org, neis@chromium.org

Review-Url: https://codereview.chromium.org/2131383002
Cr-Commit-Position: refs/heads/master@{#37987}
2016-07-22 18:43:19 +00:00
yangguo
6d0a420298 [debug] use catch prediction flag for promise rejections.
This is in preparation to implementing exception prediction for async
functions.  Each handler table entry can now predict "caught", "uncaught", or
"promise". The latter indicates that the exception will lead to a promise
rejection.

To mark the relevant try-catch blocks, we add a new native syntax.
try { } %catch (e) { } indicates a TryCatchStatement with the "promise"
prediction.

The previous implementation of using the function to tell the relevant
try-catch apart from inner try-catch blocks will not work for async functions
since these can have inner try-catch blocks inside the same function.

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2161263003
Cr-Commit-Position: refs/heads/master@{#37966}
2016-07-22 06:04:54 +00:00
jwolfe
3cfd80d6a2 Adjust whitespace to make tests oblivious to --harmony-function-tostring
See discussion in https://codereview.chromium.org/2156303002/#msg8

With the new --harmony-function-tostring behavior, these tests would
fail without this change. This change makes the tests pass regardless
of whether or not --harmony-function-tostring is used.

All of these changes are simply inserting a space after the "function"
keyword to match the current function toString behavior. When
--harmony-function-tostring is enabled, the toString behavior matches
the spacing used in the function declaration. With the declaration
matching the current formatting, the toString behavior becomes
unaffected by --harmony-function-tostring.

BUG=v8:4958
LOG=n

Review-Url: https://codereview.chromium.org/2161413002
Cr-Commit-Position: refs/heads/master@{#37959}
2016-07-22 00:18:41 +00:00
neis
f2c2ef1f0e Make toLocaleString on arrays always call toLocaleString on its elements.
As required by the spec.

This is a variant of what I reverted in f47e722403.
It will probably still cause a regression but now it's easier to migrate (parts of)
the current implementation to C++, which is expected to make things faster again.

BUG=chromium:627729,v8:5113

Review-Url: https://codereview.chromium.org/2164923002
Cr-Commit-Position: refs/heads/master@{#37897}
2016-07-20 09:32:20 +00:00
jochen
02ba244125 Reland^2 "Don't compile functions in a context the caller doesn't have access to"
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org

BUG=chromium:541703
R=verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2155503004
Cr-Commit-Position: refs/heads/master@{#37842}
2016-07-18 15:35:45 +00:00
neis
f47e722403 Revert "Make toLocaleString on arrays always call toLocaleString on its elements."
This reverts commit 457c02573c because it caused a
regression in SunSpider/string-fasta and possibly AreWeFastYet/Life.  Need to
implement this in a smarter way.

TBR=littledan@chromium.org
BUG=chromium:627729,v8:5113

Review-Url: https://codereview.chromium.org/2149303003
Cr-Commit-Position: refs/heads/master@{#37793}
2016-07-15 11:28:42 +00:00
bakkot
f6c6ae9034 Block-scoped functions in evals are now only conditionally hoisted out.
Annex B.3.3 of the spec requires that sloppy-mode block-scoped functions
declared by "eval" are hoisted unless doing so would cause an early
error (which is to say, conflict with a lexical declaration). This patch
amends the check for conflicting declarations to include those outside
of the eval itself.

BUG=v8:4468, v8:4479

Review-Url: https://codereview.chromium.org/2112163002
Cr-Commit-Position: refs/heads/master@{#37783}
2016-07-14 22:43:01 +00:00
jochen
63449d21d3 Revert of Reland "Don't compile functions in a context the caller doesn't have access to" (patchset id:60001 of https://codereview.chromium.org/2143893005/ )
Reason for revert:
blink is unhappy about the microtask change

Original issue's description:
> Reland "Don't compile functions in a context the caller doesn't have access to"
>
> Original issue's description:
> > Don't compile functions in a context the caller doesn't have access to
> >
> > Instead just return undefined
> >
> > A side effect of this is that it's no longer possible to compile
> > functions in a detached context.
> >
> > BUG=chromium:541703
> > R=verwaest@chromium.org,bmeurer@chromium.org
>
> BUG=chromium:541703
> R=verwaest@chromium.org
>
> Committed: https://crrev.com/6bceabac5b705b2ce1f52d34650cea1ae3b8c617
> Cr-Commit-Position: refs/heads/master@{#37756}

TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:541703

Review-Url: https://codereview.chromium.org/2151843002
Cr-Commit-Position: refs/heads/master@{#37760}
2016-07-14 12:39:13 +00:00
jochen
6bceabac5b Reland "Don't compile functions in a context the caller doesn't have access to"
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org

BUG=chromium:541703
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2143893005
Cr-Commit-Position: refs/heads/master@{#37756}
2016-07-14 11:08:52 +00:00
adamk
68f205b2a7 Revert of Don't compile functions in a context the caller doesn't have access to (patchset id:160001 of https://codereview.chromium.org/2034083002/ )
Reason for revert:
Causes crashes on Canary

Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng
>
> Committed: https://crrev.com/992e34c21635b179a993b82ac1d81753e7a6a57a
> Cr-Commit-Position: refs/heads/master@{#37657}

TBR=bmeurer@chromium.org,verwaest@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:541703, chromium:628053

Review-Url: https://codereview.chromium.org/2148163002
Cr-Commit-Position: refs/heads/master@{#37736}
2016-07-14 02:02:20 +00:00
bakkot
819fe04645 Reland of Add errors for declarations which conflict with catch parameters. (patchset id:1 of https://codereview.chromium.org/2112223002/ )
Reason for revert:
Correcting issue.

Original issue's description:
> Revert of Add errors for declarations which conflict with catch parameters. (patchset  id:100001 of https://codereview.chromium.org/2109733003/ )
>
> Reason for revert:
> Fuzzer claims `try {  \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash.
>
> Original issue's description:
> > Add errors for declarations which conflict with catch parameters.
> >
> > Catch parameters are largely treated as lexical declarations in the
> > block which contains their body for the purposes of early syntax errors,
> > with some exceptions outlined in B.3.5. This patch introduces most of
> > those errors, except those from `eval('for (var e of ...);')` inside of
> > a catch with a simple parameter named 'e'.
> >
> > Note that annex B.3.5 allows var declarations to conflict with simple
> > catch parameters, except when the variable declaration is the init of a
> > for-of statement.
> >
> > BUG=v8:5112,v8:4231
> >
> > Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406
> > Cr-Commit-Position: refs/heads/master@{#37462}
>
> TBR=littledan@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5112,v8:4231
>
> Committed: https://crrev.com/8834d5ecb559001c87c42322969471da60574a8c
> Cr-Commit-Position: refs/heads/master@{#37464}

R=littledan@chromium.org
BUG=v8:5112,v8:4231

Review-Url: https://codereview.chromium.org/2119933002
Cr-Commit-Position: refs/heads/master@{#37728}
2016-07-13 19:29:11 +00:00
mstarzinger
04062e92cc [runtime] Fully remove RUNTIME_ASSERT for good.
This fully deprecates all uses of the RUNTIME_ASSERT macro and removes
the macro and underlying logging function in question. All uses have
been replaces with CHECK macros which crash safely even in production.

It makes sure we discover abuse of runtime functions in the wild early
and also abort the process safely. Breaking assumptions in any runtime
function can no longer accidentally be caught by JavaScript.

R=yangguo@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2132493002
Cr-Commit-Position: refs/heads/master@{#37704}
2016-07-13 08:36:04 +00:00
neis
457c02573c Make toLocaleString on arrays always call toLocaleString on its elements.
As required by the spec.

BUG=v8:5113

Review-Url: https://codereview.chromium.org/2141603002
Cr-Commit-Position: refs/heads/master@{#37689}
2016-07-12 17:33:36 +00:00
jochen
992e34c216 Don't compile functions in a context the caller doesn't have access to
Instead just return undefined

A side effect of this is that it's no longer possible to compile
functions in a detached context.

BUG=chromium:541703
R=verwaest@chromium.org,bmeurer@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2034083002
Cr-Commit-Position: refs/heads/master@{#37657}
2016-07-11 20:11:51 +00:00
caitp
08d0012dda [keys] propagate PropertyFilter to proxy targets in KeyAccumulator
BUG=v8:5174, v8:1543
R=cbruni@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2129193003
Cr-Commit-Position: refs/heads/master@{#37634}
2016-07-11 10:39:35 +00:00
neis
d3aefe8cc3 [parser] Fix bug in for-of desugaring.
When reading the value property of an iterator result fails, we must not close the iterator.
This was not discovered earlier because the tests had a subtle bug.

This CL fixes both the desugaring and the tests.

BUG=

Review-Url: https://codereview.chromium.org/2119353002
Cr-Commit-Position: refs/heads/master@{#37571}
2016-07-07 08:16:13 +00:00
yangguo
7a834e8b69 [debugger] add test case for throwing in generators.
R=neis@chromium.org

Review-Url: https://codereview.chromium.org/2117303003
Cr-Commit-Position: refs/heads/master@{#37520}
2016-07-05 10:12:33 +00:00
hablich
9c0aef52fa Revert of Amends the TypedArray constructor to use the path for primitives for all (patchset id:60001 of https://codereview.chromium.org/2096873002/ )
Reason for revert:
Speculative revert to unblock roll https://codereview.chromium.org/2114113002/

Original issue's description:
> Amends the TypedArray constructor to use the path for primitives for all
> types of primitives, not just undefined, booleans, numbers, and strings.
> (The missing cases were null and Symbol.) This is required by the
> specification, and there are test262 tests which we were failing due to
> this bug.
>
> BUG=v8:5124
>
> Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
> Committed: https://crrev.com/f772c22cd1c492aa0235a8e6012d0386146d2eb2
> Cr-Original-Commit-Position: refs/heads/master@{#37234}
> Cr-Commit-Position: refs/heads/master@{#37407}

TBR=littledan@chromium.org,bakkot@google.com
NOTREECHECKS=true
BUG=v8:5124

Review-Url: https://codereview.chromium.org/2120763002
Cr-Commit-Position: refs/heads/master@{#37487}
2016-07-02 14:53:11 +00:00
littledan
0ff7b4830c Implement immutable prototype chains
This patch implements "immutable prototype exotic objects" from the ECMAScript
spec, which are objects whose __proto__ cannot be changed, but are not otherwise
frozen. They are introduced in order to prevent a Proxy from being introduced
to the prototype chain of the global object.

The API is extended by a SetImmutablePrototype() call in ObjectTemplate, which
can be used to vend new immutable prototype objects. Additionally, Object.prototype
is an immutable prototype object.

In the implementation, a new bit is added to Maps to say whether the prototype is
immutable, which is read by SetPrototype. Map transitions to the immutable prototype
state are not saved in the transition tree because the main use case is just for
the prototype chain of the global object, which there will be only one of per
Context, so no need to take up the extra word for a pointer in each full transition
tree.

BUG=v8:5149

Review-Url: https://codereview.chromium.org/2108203002
Cr-Commit-Position: refs/heads/master@{#37482}
2016-07-01 19:20:11 +00:00
bakkot
8834d5ecb5 Revert of Add errors for declarations which conflict with catch parameters. (patchset id:100001 of https://codereview.chromium.org/2109733003/ )
Reason for revert:
Fuzzer claims `try {  \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash.

Original issue's description:
> Add errors for declarations which conflict with catch parameters.
>
> Catch parameters are largely treated as lexical declarations in the
> block which contains their body for the purposes of early syntax errors,
> with some exceptions outlined in B.3.5. This patch introduces most of
> those errors, except those from `eval('for (var e of ...);')` inside of
> a catch with a simple parameter named 'e'.
>
> Note that annex B.3.5 allows var declarations to conflict with simple
> catch parameters, except when the variable declaration is the init of a
> for-of statement.
>
> BUG=v8:5112,v8:4231
>
> Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406
> Cr-Commit-Position: refs/heads/master@{#37462}

TBR=littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5112,v8:4231

Review-Url: https://codereview.chromium.org/2112223002
Cr-Commit-Position: refs/heads/master@{#37464}
2016-07-01 04:28:57 +00:00
bakkot
2907c726b2 Add errors for declarations which conflict with catch parameters.
Catch parameters are largely treated as lexical declarations in the
block which contains their body for the purposes of early syntax errors,
with some exceptions outlined in B.3.5. This patch introduces most of
those errors, except those from `eval('for (var e of ...);')` inside of
a catch with a simple parameter named 'e'.

Note that annex B.3.5 allows var declarations to conflict with simple
catch parameters, except when the variable declaration is the init of a
for-of statement.

BUG=v8:5112,v8:4231

Review-Url: https://codereview.chromium.org/2109733003
Cr-Commit-Position: refs/heads/master@{#37462}
2016-07-01 00:01:31 +00:00
bakkot
f772c22cd1 Amends the TypedArray constructor to use the path for primitives for all
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.

BUG=v8:5124

Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
Review-Url: https://codereview.chromium.org/2096873002
Cr-Original-Commit-Position: refs/heads/master@{#37234}
Cr-Commit-Position: refs/heads/master@{#37407}
2016-06-29 22:23:18 +00:00
bakkot
9bbba1441a Sloppy-mode function declarations in blocks are now hoisted appropriately.
In ES2016, function declarations nested in blocks are formally allowed. This was
never a part of ECMAScript, but was a common extension. Unfortunately
implementations differed in the exact semantics. Annex B.3.3 in the spec tries
to standardize the parts which are common to different implementations, but does
so with some fairly complicated semantics.

This CL addresses three issues related to annex B.3.3:
* When the outer function had a complex parameter list, no hoisting whatsoever was
  being performed.
* Hoisting was not blocked by parameters of the same name.
* Hoisting was not blocked by nested lexical declarations of the same name.

We had tests which checked for the second, but they were incorrectly passing due to
the first. This CL adds more complete tests.

BUG=v8:5151, v8:5111

Review-Url: https://codereview.chromium.org/2099623003
Cr-Commit-Position: refs/heads/master@{#37405}
2016-06-29 20:55:35 +00:00
franzih
7e4c4cb5c5 Fix toString() behavior on proxy objects.
Proxy objects need special treatment in toString(). Usually, we use the
@@toStringTag, if it is set, otherwise we determine the result of toString()
by checking IsArray() and other internal slots. According to
ES2017 19.1.3.6, IsArray() and the internal slots  must be checked first,
then get(@@toStringTag). The result of IsArray() and internal slots is discarded if
@@toStringTag is set. For proxy
objects, we must obey this order, because get() can have side-effects, i.e.,
revoke the proxy. For all other objects, we can skip the check of the
internal slots, if @@toStringTag is set.

BUG=

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2090773006
Cr-Commit-Position: refs/heads/master@{#37289}
2016-06-27 12:12:46 +00:00