The current implementation of classes throws the TypeError at the wrong
point, after activating a new context when directly calling a class
constructor. According to the spec, the TypeError has to be thrown
in the caller context.
LOG=N
BUG=v8:4428
Committed: https://crrev.com/6a06bc0a774933719f62009d81b3f1686d83bb90
Cr-Commit-Position: refs/heads/master@{#31786}
Review URL: https://codereview.chromium.org/1418623007
Cr-Commit-Position: refs/heads/master@{#31790}
Reason for revert:
failing build bot
Original issue's description:
> [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
>
> The current implementation of classes throws the TypeError at the wrong
> point, after activating a new context when directly calling a class
> constructor. According to the spec, the TypeError has to be thrown
> in the caller context.
>
> LOG=N
> BUG=v8:4428
>
> Committed: https://crrev.com/6a06bc0a774933719f62009d81b3f1686d83bb90
> Cr-Commit-Position: refs/heads/master@{#31786}
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4428
Review URL: https://codereview.chromium.org/1415783006
Cr-Commit-Position: refs/heads/master@{#31787}
The current implementation of classes throws the TypeError at the wrong
point, after activating a new context when directly calling a class
constructor. According to the spec, the TypeError has to be thrown
in the caller context.
LOG=N
BUG=v8:4428
Review URL: https://codereview.chromium.org/1418623007
Cr-Commit-Position: refs/heads/master@{#31786}
This removes special casing for the 'f.arguments' property accessor. Any
local 'arguments' variable should not be allowed to influence the value
returned by the indirect 'f.arguments' property. That property creates a
new object with a separate identity everytime it is read. This is by now
consistent with other browsers.
R=rossberg@chromium.org
TEST=mjsunit/arguments-indirect
Review URL: https://codereview.chromium.org/1408983006
Cr-Commit-Position: refs/heads/master@{#31776}
This fixes the representation type for values in JSArray::length fields
when JSNativeContextSpecialization lowers loads. Only arrays with fast
elements kind are guaranteed to have a Smi represented length.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-4515
BUG=v8:4515, v8:4493, v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1410393006
Cr-Commit-Position: refs/heads/master@{#31558}
The reason is when native_context_specialization flag is ture, X87 turbofan
will hit the known issue that X87 will change a sNaN to qNaN by default. And
then it will fail when bit-comparing the source (sNaN) and the result (qNaN).
reland https://codereview.chromium.org/1414733004/.
BUG=
Review URL: https://codereview.chromium.org/1419573007
Cr-Commit-Position: refs/heads/master@{#31552}
Reason for revert:
because of merge mistake, "regress/" is missed when skipping one test case for X87.
"regress/" will be added when relanding it.
Original issue's description:
> X87: disable the regress-undefined-nan test case for x87.
>
> The reason is when native_context_specialization flag is ture, X87 turbofan
> will hit the known issue that X87 will change a sNaN to qNaN by default. And
> then it will fail when bit-comparing the source (sNaN) and the result (qNaN).
>
> BUG=
>
> Committed: https://crrev.com/b3c719ebbad6c87afefa33a7d0b3f412b2e304db
> Cr-Commit-Position: refs/heads/master@{#31530}
TBR=bmeurer@chromium.org,weiliang.lin@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1417303005
Cr-Commit-Position: refs/heads/master@{#31543}
The reason is when native_context_specialization flag is ture, X87 turbofan
will hit the known issue that X87 will change a sNaN to qNaN by default. And
then it will fail when bit-comparing the source (sNaN) and the result (qNaN).
BUG=
Review URL: https://codereview.chromium.org/1414733004
Cr-Commit-Position: refs/heads/master@{#31530}
The newly introduced root makes sure that we do not flush the
optimized code while the function is being compiled.
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1415133002
Cr-Commit-Position: refs/heads/master@{#31444}
This makes sure that initializing assignments of let-declared variables
perform an environment lookup and hence keep the variable alive. This is
needed because full-codegen contains debug code verifying the variable
is still inside the TDZ at the initializing assignment.
R=jarin@chromium.org
TEST=mjsunit/compiler/regress-variable-liveness-let
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1420573002
Cr-Commit-Position: refs/heads/master@{#31437}
This stages the general purpose inlining mechanism in TurboFan and
also disables the remaining tests that still fail. We do this to get
test coverage early and to avoid regressing inlining as we go along.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1419623002
Cr-Commit-Position: refs/heads/master@{#31406}
This stages the general purpose inlining mechanism in TurboFan and also
disables the remaining tests that still fail. We do this to get test
coverage early and to avoid regressing inlining as we go along.
R=bmeurer@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1412703002
Cr-Commit-Position: refs/heads/master@{#31386}
This introduces an explicit lazy bailout. It is wrapped in the call
node, mostly because the lazy deoptimization processing is married
to the call processing in the instruction selector and the code generator.
It is still a terrible hack.
R=bmeurer@chromium.org,mstarzinger@chromium.org
BUG=chromium:543994,v8:4195
LOG=n
Review URL: https://codereview.chromium.org/1412443003
Cr-Commit-Position: refs/heads/master@{#31353}
The runtime flag in question makes no sense, because the feature cannot
be disabled without keeping the snapshot in sync. We should avoid having
the flag in our "mjsunit" test suite, so that CluserFuzz doesn't pick it
up. The test in question is already skipped, the change will not affect
test results on our waterfall.
R=mvstanton@chromium.org
TEST=mjsunit/call-counts
BUG=v8:4458
LOG=n
Review URL: https://codereview.chromium.org/1409533003
Cr-Commit-Position: refs/heads/master@{#31302}
This is in preparation to enabling --turbo-inlining by default, fixing
various issues when general purpose inlining is running against our
entire test suite.
R=bmeurer@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1407533004
Cr-Commit-Position: refs/heads/master@{#31294}
Swarming won't support an incremental data file. By just
sorting the lowest hanging fruits to the beginning we
already get a big bang for the buck (>80% of the improvement
we get otherwise).
This will require semi-regular manual updates of the
slowest tests.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1385443002
Cr-Commit-Position: refs/heads/master@{#31061}
Whenever a generalization is computed, the inputs must be checked for being cleared, and if they are, the generalization must be Type::Any.
Hopefully this fixes Chromium issue 527994 as well.
BUG=v8:4325,chromium:527994
LOG=n
Review URL: https://codereview.chromium.org/1361103002
Cr-Commit-Position: refs/heads/master@{#30887}
The two tests in question got a lot slower and started to timeout now
that the C++ fallback implementation of the %Arguments intrinsics is
composable with respect to inlining.
R=bmeurer@chromium.org,machenbach@chromium.org
Review URL: https://codereview.chromium.org/1330203003
Cr-Commit-Position: refs/heads/master@{#30674}
