Previous changes with subclassable builtins and @@species were a bit
aggressive in making TypedArray.prototype.subarray act like the
ES2016 specification in terms of returning an instance of the
subclass as a result. It turns out that Node.js, and extracted
libraries for the web, subclass TypedArrays but don't expect the
subclass constructor to be called by subarray. @@species will provide
an escape hatch, but it has not shipped yet, and will take some time
for uptake by libraries.
For now, this patch makes TypedArray.prototype.subarray fall back to
constructing an instance of the parent TypedArray class, such as
Uint8Array.
R=adamk
LOG=Y
BUG=v8:4665
Review URL: https://codereview.chromium.org/1583773005
Cr-Commit-Position: refs/heads/master@{#33312}
This avoids generating different scopes on the two compilation passes, which
results in various delirious side-effects.
There's some cleanup to be done in lazy arrow function parsing, but I'd
rather do that in a separate patch, with this one targeted at fixing the
particular crash.
BUG=chromium:572589
LOG=n
Review URL: https://codereview.chromium.org/1575333004
Cr-Commit-Position: refs/heads/master@{#33311}
Respective declarations will explicitly initialise slots
with the hole anyway, so this always was unnecessary.
With varblocks it even became wrong, because block contexts
may now host var bindings, which want undefined.
Fixes the hole leaking when accessing an unitialised,
block-context-allocated var.
R=neis@chromium.org
BUG=571149
LOG=N
Review URL: https://codereview.chromium.org/1584243002
Cr-Commit-Position: refs/heads/master@{#33309}
In short, array literals containing spreads, when used as expressions,
are rewritten using do expressions. E.g.
[1, 2, 3, ...x, 4, ...y, 5]
is roughly rewritten as:
do {
$R = [1, 2, 3];
for ($i of x) %AppendElement($R, $i);
%AppendElement($R, 4);
for ($j of y) %AppendElement($R, $j);
%AppendElement($R, 5);
$R
}
where $R, $i and $j are fresh temporary variables.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1564083002
Cr-Commit-Position: refs/heads/master@{#33307}
As luck would have it, there doesn't seem to be a way to trigger
observable misbehavior currently (only with special flags).
BUG=chromium:380671
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1588013002
Cr-Commit-Position: refs/heads/master@{#33305}
This is the first of several commits to contribute Linux on z Systems
(s390/s390x) port of V8. We will be breaking up the changes into several
(hopefully) logical commits.
This commit contains the changes to V8 Makefile and build toolchains to
introduce S390 macros and compiler options. Just for awareness for reviewers
is that s390 is 31-bit (not 32!) big-endian platform on Linux on z. (MSB of address
is used to distinguish between 24-bit vs 31-bit addressing!) s390x is
64-bit Linux on z. Names follow the general linux convention on the platform.
A quick roadmap on upcoming commits:
- Add \#include of S390 header files in common files
- S390 related tests + tooling changes
- printf macro for printing size_t values.
- S390 platform-specific code generation code (bulk of changes!)
R=danno@chromium.org,svenpanne@chromium.org,michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1585813002
Cr-Commit-Position: refs/heads/master@{#33304}
We were sometimes losing a splintering opportunity when a range was
ending at the beginning of a hot (==non-deferred) block, when giving
its value to some fixed range - i.e. a fixed operand of the first instruction
in that hot block.
Renamed 2 APIs to better reflect what their intent is.
Added self-checking when introducing moves connecting ranges, to
ensure we don't spill/fill in hot blocks ranges spilled only in deferred
blocks. Verified locally that these checks would have tripped in a few
cases before this change.
BUG=
Review URL: https://codereview.chromium.org/1564583002
Cr-Commit-Position: refs/heads/master@{#33301}
This patch implements eager expression rewriting when parsing. It will
be used for desugaring spreads but may have other uses in the future.
We call Traits::RewriteExpression as soon as we realise that something
parsed as an expression is actually used as an expression (and not as
a pattern). This patch adds a dummy implementation for this function,
doing no rewriting at all, and adds the trigers in the right places of
the parser.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1567603005
Cr-Commit-Position: refs/heads/master@{#33300}
When reserving a stack slot for the receiver, push an Immediate(0)
rather than a register that contains an untagged integer.
All other platforms push zero already.
Review URL: https://codereview.chromium.org/1585183002
Cr-Commit-Position: refs/heads/master@{#33299}
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1587033002
Cr-Commit-Position: refs/heads/master@{#33296}
CompatibleReceiverCheck used by the HandleFastApiCall builtin was terminating with failure upon encountering a hidden prototype.
It should actually stop iterating on the first non-hidden prototype.
BUG=
Review URL: https://codereview.chromium.org/1576423003
Cr-Commit-Position: refs/heads/master@{#33294}
This restores the case that was removed by
commit f0e41175fd
Author: jarin <jarin@chromium.org>
Date: Tue Jan 5 03:56:04 2016 -0800
[turbofan] Bidirectional representation inference.
BUG=v8:4667
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1584913003
Cr-Commit-Position: refs/heads/master@{#33292}
This solves a bug discovered with fast accessors, where a pre-age prologue
was written into a stub. Since StaticMarkingVisitor<.>::IsFlushable will
only flush Code::FUNCTION [1], we'll restrict GeneratePreagedPrologue to
functions, too, instead of adding a Code::STUB restriction.
Also, generalize api accessor test cases to --optimize-for-size.
Also, fix CompilationCacheCachingBehavior for --optimize-for-size.
[1] https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/heap/objects-visiting-inl.h&l=629-632
R=epertoso
BUG=
Review URL: https://codereview.chromium.org/1580323003
Cr-Commit-Position: refs/heads/master@{#33291}
Apparently, some StateValues have other StateValues as input. This
CL makes escape analysis transformation phase aware of it.
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1581183004
Cr-Commit-Position: refs/heads/master@{#33285}
Support inlining across bound functions in the JSCallReducer when we
specialize to the native context. This basically removes all overhead
from bound functions in TurboFan and gives another speed of 10x on my
microbenchmark.
BUG=chromium:535408, chromium:571299, v8:4629
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1581343002
Cr-Commit-Position: refs/heads/master@{#33283}
On Intel, xchg stalls the pipeline. We use xchg to implement swap
moves. In a separate exploration, the presence of xchg in a very hot
loop, due to a change in register allocation, lead to over 20% regression.
Simply changing that instruction with push/mov/pop (almost) eliminated
the regression.
In light of that, I removed uses of xchg. This leads to more instructions,
though. That is particularly problematic for long cycles, which, today,
we translate to successions of swaps.
I plan to address this cycle issue in a separate change. For now, the
goal is to unblock the initial work that lead here.
Review URL: https://codereview.chromium.org/1580233003
Cr-Commit-Position: refs/heads/master@{#33282}
port 322ffda30d (r33265)
original commit message:
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.
Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.
BUG=
Review URL: https://codereview.chromium.org/1581313002
Cr-Commit-Position: refs/heads/master@{#33280}
port 12bcba1543 (r33258)
original commit message:
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.
BUG=
Review URL: https://codereview.chromium.org/1582173002
Cr-Commit-Position: refs/heads/master@{#33278}
Port 322ffda30d
Original commit message:
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.
Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1583903002
Cr-Commit-Position: refs/heads/master@{#33272}
exception operand in a handler block. This avoids confusing
unrelated ranges, which may happen if escape analysis elides
the exception operand.
BUG=chromium:576195
LOG=N
Review URL: https://codereview.chromium.org/1579603005
Cr-Commit-Position: refs/heads/master@{#33271}
Removes assignment hazard scope. Reverts back to the naive scheme of
allocating a temporary for every variable load. It was decided to revert it
because the current implementation does not handle logical expressions,
ternary operators, visiting objects in named/keyed loads. Also, we wanted
to evaluate alternate approaches and choose one when we have a mechanism
to measure performance.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1576403004
Cr-Commit-Position: refs/heads/master@{#33269}
Once we use type feedback, we need to reflect the feedback in the types, propagate
the new narrower types forward and use them in the subsequent
representation inference. This CL propagates and uses the recomputed types
for Phi and Select nodes (rather than using the types from the typer).
Review URL: https://codereview.chromium.org/1580353003
Cr-Commit-Position: refs/heads/master@{#33268}
This bug improves performance of escape analysis.
* A allocation discovery phase (EscapeAnalysis::AssignAliases)
ensures compact representation of virtual state
* Node revisiting in EscapeStatusAnalysis has been improved
* Escape analysis no longer requires a trimmed graph
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1559123003
Cr-Commit-Position: refs/heads/master@{#33267}
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.
Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1573243009
Cr-Commit-Position: refs/heads/master@{#33265}
ReportFailedAccessCheck() sometimes doesn't throw an exception (it's up
to the embedder). Pretend that OrdinaryDefineOwnProperty() succeeded in
that case. This is consistent with existing behavior of other methods:
- JSObject::DefineOwnPropertyIgnoreAttributes
- JSObject::SetPropertyWithFailedAccessCheck
- Object::SetPropertyWithAccessor
See also commit f66c3f5c35.
BUG=chromium:574217
LOG=n
R=neis@chromium.org
Review URL: https://codereview.chromium.org/1580823002
Cr-Commit-Position: refs/heads/master@{#33262}
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1575973006
Cr-Commit-Position: refs/heads/master@{#33258}
Failing to do so results in out-of-date marking information, because live bytes
is not properly adjusted.
This CL adds support for right trimming ByteArray and properly DCHECKs that we
do not left trim ByteArray (as we already do for FixedTypedArrayBase).
BUG=
Review URL: https://codereview.chromium.org/1577263003
Cr-Commit-Position: refs/heads/master@{#33252}
The hash calculation was dependent on upper part of |inner_pointer| and caused non-deterministic cache miss events which in turn caused non-deterministic progress of pages sweeping (see GcSafeFindCodeForInnerPointer()).
Review URL: https://codereview.chromium.org/1582573002
Cr-Commit-Position: refs/heads/master@{#33246}
There's no need to mark these as possibly-direct-eval, since all such an
eval-tagged string will ever get passed is the array of string parts, which
will be immediately returns (since it's not a string). It will
never do a lookup in the current scope, nor (in sloppy mode) introduce
new declarations.
This patch is not intended to change behavior, but I've added tests that
demonstrate the stuff explained in the preceding paragraph.
Review URL: https://codereview.chromium.org/1580463003
Cr-Commit-Position: refs/heads/master@{#33245}
This fixes a number of crashes where other code was assuming there would
be at least one deopt point in all optimized functions (i.e., the
StackCheck) but we weren't producing any.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1572333002
Cr-Commit-Position: refs/heads/master@{#33243}
No need to distribute the setup of the Function global property across
three different places, instead do everything in a single place during
bootstrapping.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1577703005
Cr-Commit-Position: refs/heads/master@{#33242}
That will allow for adding private symbols to JSProxies in a follow-up
change
BUG=chromium:571365
R=neis@chromium.org,verwaest@chromium.org,rossberg@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1575423002
Cr-Commit-Position: refs/heads/master@{#33241}
Adds support for LOOKUP_SLOT_CALL calls to the interpreter. Also changes
VisitCall to keep callee and reciever consecutive to avoid register
shuffles when performing LOOKUP_SLOT_CALL calls. Adds tests for the
interpreter and bytecode graph generator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1568323002
Cr-Commit-Position: refs/heads/master@{#33237}
- Simplify the variable-length pop sequence on entry. (It now uses
smaller code with no branches.)
- Use conditional compare to merge branches where appropriate.
- Make use of Ldrsw + UntagSmiFieldMemOperand to load smis more
efficiently.
- Only load 'undefined' and 'null' once per builtin.
- A few other small improvements.
BUG=
Review URL: https://codereview.chromium.org/1576403002
Cr-Commit-Position: refs/heads/master@{#33235}
We use a scratchpad to remember visited allocation sites for post processing
(making tenure decisions). The previous implementation used a rooted FixedArray
with constant length (256) to remember all sites. Updating the scratchpad is a
bottleneck in any parallel/concurrent implementation of newspace evacuation.
The new implementation uses a HashMap with allocation sites as keys and
temporary counts as values. During evacuation we collect a local hashmap of
visited allocation sites. Upon merging the local hashmap back into a global one
we update potential forward pointers of compacted allocation sites. The
scavenger can directly enter its entries into the global hashmap. Note that the
actual memento found count is still kept on the AllocationSite as it needs to
survive scavenges and full GCs.
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1535723002
Cr-Commit-Position: refs/heads/master@{#33233}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33231}
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711
Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574
Review URL: https://codereview.chromium.org/1574223002
Cr-Commit-Position: refs/heads/master@{#33230}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33228}
This patch makes Promise.prototype.then use @@species as specified
in ES2015. The fix is hoped for by certain users, such as legacy
core.js versions which encounter an unhandled Promise reject (complete
with an ugly console message) when Promise subclassing is supported
in a mostly correct way, and we do error checking on Promise
constructors, but @@species is not supported.
BUG=chromium:575314,v8:4633
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1577223002
Cr-Commit-Position: refs/heads/master@{#33225}
This CL introduces ExternalStringResourceBase::IsCompressible.
This CL is a preparation for CompressibleString, which can
be compressed for memory reduction in Blink. We've found that
JavaScript strings account for a relatively large part of Blink
memory usage, and we are now trying to replace JavaScript String/
AtomicString with CompressibleString.
When a string is compressed, the original char data is deleted
and V8 pointer cache becomes invalid. This CL introduces
isCompressible property and if an external string's isCompressble
return true, this is stored short_external_*_map instead of
external_*_map so that V8 always requires the char pointer whenever
V8 needs the string data.
BUG=chromium:574317
LOG=n
Review URL: https://codereview.chromium.org/1490193002
Cr-Commit-Position: refs/heads/master@{#33224}
This patch improves ArrayBuffer and TypedArray subclassing by adding
support for @@species and constructing outputs to certain methods
by creating an instance of the constructor determined by the
SpeciesConstructor algorithm, rather than fixed to a superclass or
naively the constructor. The new behavior is enabled by the
--harmony-species flag. Care is taken to not significantly change the
observable behavior when the flag is off. Previously, TypedArrays
already supported subclassing by reading the constructor of the
receiver, but ArrayBuffers did not, and this old behavior is
preserved and tested for, to avoid a multi-stage upgrade path and keep
things simple for users.
R=adamk
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1574903004
Cr-Commit-Position: refs/heads/master@{#33223}
Besides reducing code duplication, this makes it easier to change the
implementation, which may be necessary to properly support eval calls
in arrow function parameter initializers.
Review URL: https://codereview.chromium.org/1573363002
Cr-Commit-Position: refs/heads/master@{#33219}
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.
R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1571873004
Cr-Commit-Position: refs/heads/master@{#33218}
As V8 becomes more and more spec-compliant, Promise polyfill libraries
like core.js expect fully correct. However, our Promises do not yet
support Symbol.species. Therefore, a case like
```
var test = new Promise(function(){});
test.constructor = function(){};
Promise.resolve(test)
```
would lead to an unhandled Promise rejection, whereas it should not
because test.constructor[Symbol.species] is undefined, so test.then
should end up constructing %Promise% as a fallback, rather than
calling test.constructor as if it were a constructor, which leads
this error checking code to throw.
For now, this patch removes the error checking code (which was not
present until recently). In an interactive test using core.js, the
error message on the console goes away with this patch. When @@species
support is in place, this patch can be reverted. A regression test
is added which checks for the same thing.
Partially reverted patch was originally out for review at
https://codereview.chromium.org/1531073004
BUG=v8:4633
LOG=Y
R=adamk,caitp88@gmail.com
Review URL: https://codereview.chromium.org/1578893002
Cr-Commit-Position: refs/heads/master@{#33217}
Does not remove the extra private state added, as doing so seems to break the
debugger.
Fixes new Test262 tests:
- built-ins/Promise/race/same-resolve-function
- built-ins/Promise/race/same-reject-function
BUG=v8:4632
LOG=N
R=littledan@chromium.org, cbruni@chromium.org
Review URL: https://codereview.chromium.org/1538853002
Cr-Commit-Position: refs/heads/master@{#33214}
This CL changes the color for encoding black and grey. Moreover, it introduces a higher level live object iterator.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1517993003
Cr-Commit-Position: refs/heads/master@{#33208}
A concurrent sweeper thread can access the same markbit cell as the main thread
during right trimming a fixed array, resulting in a data race on a markbit cell.
Previously we checked whether we were currently marking incrementally, filtering
out this case.
The current check has the benefit of keeping live_bytes accurate (modulo other
bugs) until the sweeper starts.
BUG=chromium:576193
LOG=N
Review URL: https://codereview.chromium.org/1576853002
Cr-Commit-Position: refs/heads/master@{#33203}
Escape analysis will eliminate the context, if possible. Materialization
must then ensure that the materialized object has the right map, and that
the context register is set accordingly.
R=jarin@chromium.org
BUG=569530,v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1572293002
Cr-Commit-Position: refs/heads/master@{#33201}
In particular, Claim doesn't work with a negative size, so ensure that
it is positive.
BUG=
Review URL: https://codereview.chromium.org/1565193002
Cr-Commit-Position: refs/heads/master@{#33198}
port fc5c7e0486 (r33172)
original commit message:
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.
BUG=
Review URL: https://codereview.chromium.org/1576813003
Cr-Commit-Position: refs/heads/master@{#33196}
Removed unused name_ field, made bitfield 16-bits long, and moved it to
the start of the struct, resulting in a reduction of 8 bytes on both
32 and 64-bit platforms.
Most other changes (which prompted this work) are cosmetic:r
- Combined redundant enums
- Named enum values kConsistently
- Consistently use booleans in bitfield, using enum values
only for passing information into NewFunctionLiteral
- Removed unneeded arguments from NewFunctionLiteral, reducing
clutter at callsites
- Added const correctness consistently
Review URL: https://codereview.chromium.org/1566053002
Cr-Commit-Position: refs/heads/master@{#33194}
Port fc5c7e0486
Original commit message:
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.
BUG=
TEST=test262/built-ins/Date/prototype/toISOString/15.9.5.43-0-10, test262/built-ins/Date/prototype/toISOString/15.9.5.43-0-11, test262/built-ins/Date/S15.9.3.1_A5_T1
Review URL: https://codereview.chromium.org/1569353002
Cr-Commit-Position: refs/heads/master@{#33191}
Reason for revert:
Crash fixed by https://codereview.chromium.org/1564923007
Original issue's description:
> Revert of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #7 id:120001 of https://codereview.chromium.org/1551443002/ )
>
> Reason for revert:
> Causes frequent crashes in Canary: chromium:537816
>
> Original issue's description:
> > Ship ES2015 sloppy-mode function hoisting, let, class
> >
> > This patch doesn't ship all features of ES2015 variable/scoping
> > changes, notably omitting the removal of legacy const. I think
> > function hoisting, let and class in sloppy mode can stand to
> > themselves as a package, and the legacy const change is much
> > riskier and more likely to be reverted, so my intention is to
> > pursue those as a separate, follow-on patch.
> >
> > R=adamk@chromium.org
> > BUG=v8:4285,v8:3305
> > LOG=Y
> > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> >
> > Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> > Cr-Commit-Position: refs/heads/master@{#33133}
>
> TBR=adamk@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:4285,v8:3305,chromium:537816
> LOG=Y
>
> Committed: https://crrev.com/adac5956c6216056a211cfaa460a00ac1500d8f8
> Cr-Commit-Position: refs/heads/master@{#33162}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285,v8:3305,chromium:537816
Review URL: https://codereview.chromium.org/1571793002
Cr-Commit-Position: refs/heads/master@{#33189}
Fixed a bug in VisitForInAssignment. After visiting the object the value
to be stored was not loaded back to the accumulator. Also added two tests
to check this case.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1571753002
Cr-Commit-Position: refs/heads/master@{#33188}
Adds support for the CallRuntimeForPair bytecode to the Bytecode Graph
Builder. Modifies the FrameState support to allow updating of output
registers.
Also adds Eval tests to test-run-bytecode-graph-builder since these are
enabled by CallRuntimeForPair support.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1570623007
Cr-Commit-Position: refs/heads/master@{#33186}
The sloppy block-scoped function declaration placeholder statements
are held in parser_zone_-allocated hashtables. These hashtables are
not updated when local_zone_s are removed. Therefore, the
NewSloppyBlockFunctionStatement method should allocate
SloppyBlockScopeFunctionStatements in the parser_zone_ to avoid a
use-after-free. Scope fixup code may end up updating something which
is thrown away, but this is a small cost and much simpler than
removing dead hashtable entries later.
R=adamk
LOG=Y
BUG=chromium:537816
Review URL: https://codereview.chromium.org/1564923007
Cr-Commit-Position: refs/heads/master@{#33185}
Adds support for calling eval to the interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1508293003
Cr-Commit-Position: refs/heads/master@{#33184}
This patch introduces a mechanism for changing the scope of temporary
variables, which is necessary for rewriting arrow parameter
initializers.
It also fixes a potential bug in AstExpressionVisitor, which did not
visit the automatically generated members of ForEachStatement.
Fixes test/mjsunit/harmony/regress/regress-4658.js
R=rossberg@chromium.org
BUG=v8:4658
LOG=N
Review URL: https://codereview.chromium.org/1564343002
Cr-Commit-Position: refs/heads/master@{#33183}
Adds support for calling runtime functions which return a pair of
values. Adds the bytecode CallRuntimePair. Also adds support to TurboFan
for calling stubs which return multiple values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1568493002
Cr-Commit-Position: refs/heads/master@{#33181}
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1567353002
Cr-Commit-Position: refs/heads/master@{#33172}
* Buffer counter updates in the corresponding visitor to allow parallel
processing of pages.
* Fix a bug where we don't keep live bytes in sync when marking is already
finished.
LOG=N
BUG=524425
Review URL: https://codereview.chromium.org/1559873004
Cr-Commit-Position: refs/heads/master@{#33170}
Everything necessary to implement Object.keys efficiently is already
available in C++ land for quite some time now, and only the thin
JavaScript wrapper was left, so get rid of that as well and move the
whole builtin to C++ instead.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1567963002
Cr-Commit-Position: refs/heads/master@{#33167}
The original kX87BitcastFI and kX87BitcastIF of x87 code generation in TurboFan have bugs and caused all Run_Wasm_F32CopySign test cases failed.
This CL will fix them.
BUG=
Review URL: https://codereview.chromium.org/1565183003
Cr-Commit-Position: refs/heads/master@{#33166}
Requesting reservation of a wasm section for experimentation with
storing source code meta information, such as source code comments,
and also extra inform on presentation of the AST such an `if-block`
pattern being presented as a `when` operation.
The wasm design already defines unrecognized sections to be ignored,
and this reserved section is ignored. This section is only intended to
hold source code meta information and to have no effect on code
execution.
With wasm going live (behind a flag) on v8, I would also like to be
able to give people something to play with in terms of the deployed
binary code being a useful source code. It's all experimental, but I
understand the entire binary format that V8 is currently using is
basically a throwaway, and that the working strategy is to get
something running and then revisit format decisions.
I would like a fixed reserved section number to avoid potential
clashes with other projects - although I am not aware of any other
calls for addition sections beyond the need for debug info. If a fixed
number is not acceptable, then could this patch alternatively ignore
all unrecognized sections and perhaps add the section size to them
all - something which is already noted todo in the design document?
BUG=
Review URL: https://codereview.chromium.org/1565693002
Cr-Commit-Position: refs/heads/master@{#33165}
Testing the promise status is not enough to ensure that resolve functions are
called only once.
This change adds a similar version of the [[AlreadyResolved]] slot to the
Promise.all resolve element function, and also ensures that [[AlreadyResolved]]
is respected in the Promise executor, and when resolving thenables. This means
replacing PromiseReject() shortcuts with promiseCapability.reject(), which has
an [[AlreadyResolved]] record in a context slot.
Also ensures that changes to the list accumulator in Promise.all() is not observable
via accessors installed in the Array prototype chain, using the same mechanism used
in several Array methods.
Fixes the following Test262 tests:
- built-ins/Promise/all/call-resolve-element-items.js
- built-ins/Promise/all/call-resolve-element.js
- built-ins/Promise/all/call-resolve-element-after-return.js
- built-ins/Promise/all/same-reject-function.js
- built-ins/Promise/all/resolve-from-same-thenable.js
- built-ins/Promise/all/resolve-before-loop-exit.js
- built-ins/Promise/all/resolve-before-loop-exit-from-same.js
- built-ins/Promise/exception-after-resolve-in-executor.js
- built-ins/Promise/exception-after-resolve-in-thenable-job.js
- built-ins/Promise/all/does-not-invoke-array-setters.js
BUG=v8:4633
LOG=N
R=littledan@chromium.org, cbruni@chromium.org
Review URL: https://codereview.chromium.org/1534813005
Cr-Commit-Position: refs/heads/master@{#33163}
Reason for revert:
Causes frequent crashes in Canary: chromium:537816
Original issue's description:
> Ship ES2015 sloppy-mode function hoisting, let, class
>
> This patch doesn't ship all features of ES2015 variable/scoping
> changes, notably omitting the removal of legacy const. I think
> function hoisting, let and class in sloppy mode can stand to
> themselves as a package, and the legacy const change is much
> riskier and more likely to be reverted, so my intention is to
> pursue those as a separate, follow-on patch.
>
> R=adamk@chromium.org
> BUG=v8:4285,v8:3305
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> Cr-Commit-Position: refs/heads/master@{#33133}
TBR=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4285,v8:3305,chromium:537816
LOG=Y
Review URL: https://codereview.chromium.org/1565263002
Cr-Commit-Position: refs/heads/master@{#33162}
Previously only references to function contexts embedded in optimized
were treated weakly, but TurboFan (and to some extend Crankshaft) can
embed any kind of context into optimized code.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1562083003
Cr-Commit-Position: refs/heads/master@{#33155}
port a94d6d6ede (r33108)
original commit message:
The mode requires an extra register, and since we aren't supporting it now, we can dispense with it.
BUG=
Review URL: https://codereview.chromium.org/1561943002
Cr-Commit-Position: refs/heads/master@{#33147}
This correctly marks functions containing a new.target reference as
being disabled with Crankshaft, which would have bailed out anyways.
Also note that this will trigger TurboFan for such functions and hence
widens the TurboFan intake valve.
Review URL: https://codereview.chromium.org/1568763002
Cr-Commit-Position: refs/heads/master@{#33146}
This patch implements @@species, guarded behind the --harmony-species
flag, on Arrays. Methods which return an Array will instead return
the appropriate instance based on the ArraySpeciesCreate algorithm.
The algorithm is implemented in C++ to get access to realm information
and to implement some Array methods in C++, but it is also accessed
from JavaScript through a new runtime function. A couple interactive
Octane runs show no performance regression with the flag turned off,
but turning --harmony-species on will surely have a significant
regression, as Array methods now heavily use ObjectDefineProperty.
BUG=v8:4093
LOG=Y
R=adamk,cbruni
Review URL: https://codereview.chromium.org/1560763002
Cr-Commit-Position: refs/heads/master@{#33144}
- Each of the three deprecated Promise functions
- Two nonstandard pieces of Intl functionality
- Accesses of the RegExp.prototype.unicode getter on the prototype
BUG=v8:3785,v8:3238,v8:4633
LOG=N
R=adamk
TBR=hpayer
Review URL: https://codereview.chromium.org/1558113002
Cr-Commit-Position: refs/heads/master@{#33142}
This required refactoring ParsePropertyDefinition to pass the parsed
string name as an out param, since ObjectLiteralProperty stores Smis
for Smi-representable property keys.
Computed properties are not yet handled in this patch.
BUG=v8:3699
LOG=n
Review URL: https://codereview.chromium.org/1563923002
Cr-Commit-Position: refs/heads/master@{#33141}
Utilise Dextu, Dextm on mips64 for widths and positions larger
than 32.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1552483002
Cr-Commit-Position: refs/heads/master@{#33138}
Addresses TODO by Dan --- simply by moving the check and exception
earlier in the function, before calling NewPromiseCapability() or
loading the constructor.
BUG=v8:4633
LOG=N
R=adamk@chromium.org, littledan@chromium.org, cbruni@chromium.org
Fixes 'test262/built-ins/Promise/prototype/then/context-check-on-entry'
Review URL: https://codereview.chromium.org/1561193002
Cr-Commit-Position: refs/heads/master@{#33137}
Several ports to enable r6 compact branch optimizations on MIPS64
Port 3573d3cb58
Original commit message:
MIPS: r6 compact branch optimization.
Port bddf8c9e08
Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()
Port 6993cd0de5
Original commit message:
MIPS: Fix 'MIPS:r6 compact branch optimization.'
Jic and jialc compact branch ops are fixed as they does
not have 'forbidden slot' restriction. Also COP1 branches
(CTI instructions) added to IsForbiddenAfterBranchInstr().
Port bb332195d3
Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()
Port c91bcf7192
Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()
for r6.
BUG=
Review URL: https://codereview.chromium.org/1534183002
Cr-Commit-Position: refs/heads/master@{#33136}
The implementation temporarily modifies jssp to avoid needing a scratch
register, then restores it afterwards. However, the exception path
wasn't properly restoring the value.
With this patch, failures in this part of AssertStackConsistency get
reported properly (with backtrace and a BailoutReason).
BUG=
Review URL: https://codereview.chromium.org/1556993004
Cr-Commit-Position: refs/heads/master@{#33135}
This patch doesn't ship all features of ES2015 variable/scoping
changes, notably omitting the removal of legacy const. I think
function hoisting, let and class in sloppy mode can stand to
themselves as a package, and the legacy const change is much
riskier and more likely to be reverted, so my intention is to
pursue those as a separate, follow-on patch.
R=adamk@chromium.org
BUG=v8:4285,v8:3305
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1551443002
Cr-Commit-Position: refs/heads/master@{#33133}
JIC and JIALC instructions do not have a forbidden slot so their
simulator implementation should not call CheckForbiddenSlot function.
BUG=
Review URL: https://codereview.chromium.org/1562473002
Cr-Commit-Position: refs/heads/master@{#33130}
Correctly validate promise capabilities in NewPromiseCapabilities() and in
GetCapabilitiesExtractor(). Also explicitly follows Promise.race step 2 and
similar cases in the spec, rather than passing tests asserting these steps
are taken in NewPromiseCapability
Also changes Promise.reject to match specification.
Fixes the following test262 tests:
- built-ins/Promise/all/capability-executor-called-twice.js
- built-ins/Promise/all/capability-executor-not-callable.js
- built-ins/Promise/prototype/then/capability-executor-called-twice.js
- built-ins/Promise/prototype/then/capability-executor-not-callable.js
- built-ins/Promise/reject/capability-executor-called-twice.js
- built-ins/Promise/reject/capability-executor-not-callable.js
- built-ins/Promise/resolve/capability-executor-called-twice.js
- built-ins/Promise/resolve/capability-executor-not-callable.js
- built-ins/Promise/race/capability-executor-called-twice.js
- built-ins/Promise/race/capability-executor-not-callable.js
- built-ins/Promise/reject/S25.4.4.4_A3.1_T1.js
- built-ins/Promise/race/S25.4.4.3_A3.1_T2.js
Per v8:3641, mjsunit/es6/debug-promises/throw-with-undefined-reject.js becomes invalid. The exception is thrown before the chain handler is ever invoked, and is caught externally by d8's own handler --- thus evading the uncaught exception event.
BUG=v8:4633, v8:4631, v8:4243, v8:3641
LOG=N
R=littledan@chromium.org, cbruni@chromium.org
Review URL: https://codereview.chromium.org/1531073004
Cr-Commit-Position: refs/heads/master@{#33128}
Work around ppc assembler use of Mul, Div macros.
Disable several tests that fail for nosse4.
Disable several tests that fail for msan.
BUG=
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1562513002
Cr-Commit-Position: refs/heads/master@{#33126}
This increases the size of addressable constant pool entries for jumps
to match other bytecodes using operands indexing the constant pool.
This change also introduces reservations for constant pool entries.
Reservations are used for forward jumps to ensure a constant pool entry
will be available when the jump target (label) is bound and the jump is
patched up in the bytecode array.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1546683002
Cr-Commit-Position: refs/heads/master@{#33125}
Throws an error if rest parameters are used. This feature is not
yet supported in interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1561603002
Cr-Commit-Position: refs/heads/master@{#33120}
For a prototype chain foo -> global_proxy -> global_object, we used to
register a dependency from foo -> global_object. This is incorrect when
the global_proxy/global_object pairing is modified, e.g. when navigating
in iframes. With this patch, we properly register foo -> global_proxy and
global_proxy -> global_object dependencies.
Additionally, when a prototype's prototype changes from null to something
else, this new usage relation must be registered if there are other users
further down on the prototype chain that might expect a complete chain of
registrations to exist (which was the case before, and must be preserved).
BUG=chromium:571517
LOG=n
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1559323002
Cr-Commit-Position: refs/heads/master@{#33119}
Fixes StateValuesRequireUpdate function to return false if deoptimization is not enabled.
When deoptimization is not enabled there is no need to create nodes for state values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1551363002
Cr-Commit-Position: refs/heads/master@{#33116}
Deopt support is added on two levels. On the IR level,
a new ObjectState node is added, which represenents an
object to be materialized. ObjectState nodes appear as
inputs of FrameState and StateValues nodes. On the
instruction select/code-generation level, the
FrameStateDescriptor class handles the nesting
introduced by ObjectState, and ensures that deopt code
with CAPTURED_OBJECT/DUPLICATED_OBJECT entries are
generated similarly to what crankshaft's escape
analysis does.
Two unittests test correctness of the IR level implementation.
Correctness for instruction selection / code generation
is tested by mjsunit tests.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1485183002
Cr-Commit-Position: refs/heads/master@{#33115}
This changes representation inference to be bidirectional:
1. truncations are propagated from uses to definitions.
2. output types are propagated from definitions to uses.
(and nodes are revisited until fixpoint.)
At the moment, (2) is used only superficially; the idea here is to
use the output type propagation to propagate types from type feedback.
For the output types to be usable, we need to keep track of the type
of the JavaScript value rather than the truncated value. Otherwise,
representation inference could not rely on the ranges indicated
by the values.
For example, for "var b = (a|0) + (a|0); return (b/16) >>> 0",
the type of b cannot be int32; otherwise the division "b/16"
would believe that it is fine to do an integer division on
the truncated value, which would give a wrong result for
2^31 <= a < 2^32.
The change makes representation inference a bit more expensive
(the phase is about 20% slower), but since this is only small part
of the overall compiler time, the overall effect is negligible.
If the running time becomes a problem, we could optimize this by
remembering when the nodes are stable (ie., no further changes to
type/truncations) and/or explicit subscriptions for changes.
BUG=v8:4583
R=bmeurer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1490763003
Cr-Commit-Position: refs/heads/master@{#33112}
The FP parameters for X87 should be put in stack and the FP return value
should be put in stX_0 register.
So this CL defines the FP_RETURN_REGISTERS as stX_0 only.
BUG=
Review URL: https://codereview.chromium.org/1545203002
Cr-Commit-Position: refs/heads/master@{#33110}
Almost all of the Date builtins always call into C++ at least once
anyway, so parsing, compiling and executing the JavaScript wrappers
is just a waste of time. The most important part here is the Date
constructor itself, which is one of the blockers for new.target in
TurboFan, because compiling the Date constructor takes too much time
with TurboFan (for no reason since we end up in C++ anway).
R=cbruni@chromium.org
Review URL: https://codereview.chromium.org/1556333002
Cr-Commit-Position: refs/heads/master@{#33109}
The mode requires an extra register, and since we aren't supporting
it now, we can dispense with it.
BUG=
Review URL: https://codereview.chromium.org/1559903003
Cr-Commit-Position: refs/heads/master@{#33108}
port 82ca2a414deb4221100562a0fb2af0f216c4c3ef(r33084)
original commit message:
This is preferable because in TurboFan we need to call it, and can't pass
untagged external pointers on the stack.
BUG=
Review URL: https://codereview.chromium.org/1557283002
Cr-Commit-Position: refs/heads/master@{#33102}
In the Date constructor or Date.parse, other browsers will accept time
zones like GMT-8, but before this patch, Chrome would interpret 8 as
8 minutes. This patch interprets GMT-+ a one or two digit number as hours,
not minutes.
R=adamk,jshin@chromium.org
LOG=Y
BUG=chromium:422858
Review URL: https://codereview.chromium.org/1557053002
Cr-Commit-Position: refs/heads/master@{#33100}
1. Location names with more than one underscores (e.g. Ho_Chi_Minh)
didn't work because of the way capturing works with repeated patterns
in RE. It's now supported by changing the RE to capture the whole string
and splitting on '_' in the next step.
2. Adds support for location names with a hyphen
3. Adds support for timezone ids with three parts (e.g.
American/Argentina/Buenos_Aires)
4. Adds special handling of 'au', 'es' and 'of' in zone ids. They need to be kept in lowercase. (see the full list at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones )
5. Adds regression tests for all the above and make the existing tests
more robust against future ICU changes. ICU canonicalizes zone names to
deprecated names, but it may change. (
http://bugs.icu-project.org/trac/ticket/12044 )
BUG=364374
LOG=Y
Review URL: https://codereview.chromium.org/1529363005
Cr-Commit-Position: refs/heads/master@{#33097}
This patch adds the basis for subclassing TypedArrays, Arrays and
ArrayBuffers through the @@species hook, added in ES2015. This is
the first patch in a series. This patch simply defines the
@@species Symbol and installs it on the appropriate constructors.
The behavior is guarded behind the --harmony-species flag.
R=cbruni
BUG=v8:4093
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1558543002
Cr-Commit-Position: refs/heads/master@{#33095}
There were some functions that were used when atomic floats were supported, but
can now be removed.
BUG=
Review URL: https://codereview.chromium.org/1552683003
Cr-Commit-Position: refs/heads/master@{#33093}
New bytecodes for making registers with indicies wider than 1-byte
accessible.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1555713002
Cr-Commit-Position: refs/heads/master@{#33091}
Adds --turbo to the set of flags run with ignition (making the
configuration pure Ignition+TurboFan except for fallbacks to
full-codegen for catch / eval). Also changes the default
--ignition-filter to allow everything, rather than omit everything.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1537433003
Cr-Commit-Position: refs/heads/master@{#33090}
VisitNewLocalBlockContext funciton was allocating two registers and checking
if they are consecutive. This cl changes it to reserve consecutive registers.
The earlier code breaks this test mjsunit/regress/regress-542099.js.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1545003003
Cr-Commit-Position: refs/heads/master@{#33086}
This restricts turbofan to turbofan-supported subset for the shipping
configuration ("use asm" and features unsupported by Crankshaft).
Without this, we compile with Turbofan even when there is
try-catch-finally as long as the function is "use asm" or
it contains a feature unsupported by crankshaft but supported
by turbofan (e.g., 'with' statement).
BUG=
Review URL: https://codereview.chromium.org/1552233002
Cr-Commit-Position: refs/heads/master@{#33085}
In addition to ThrowTypeError not being a constructor, it was invalidly set up by simply swapping the map. Swapping the map is insufficient since NewFunction* actually set up the function depending on the used map.
BUG=chromium:573858
LOG=n
Review URL: https://codereview.chromium.org/1552223002
Cr-Commit-Position: refs/heads/master@{#33082}
LoadElement nodes used a Int32Constant in some cases, which made
matching for constant values in optimizations more difficult than
necessary.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1559853002
Cr-Commit-Position: refs/heads/master@{#33081}
Adds support for loads and stores to lookup slots to BytecodeGraphBuilder.
Also adds tests for them.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1541143003
Cr-Commit-Position: refs/heads/master@{#33075}
The Object.freeze, Object.isExtensible, Object.isFrozen,
Object.isSealed, Object.preventExtensions and Object.seal builtins were
already implemented in C++, but they still had some funny JavaScript
wrappers that just called into the C++ implementation on every
(interesting) execution path.
Review URL: https://codereview.chromium.org/1553043002
Cr-Commit-Position: refs/heads/master@{#33074}
Use the same mechanism that is already available for Crankshaft to not
leak all kinds of things in TurboFan generated code. Long-term we will
support weakness in a better way, but for now, just use the
infrastructure that is already in place to avoid memory leaks via
TurboFan generated code.
R=jarin@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/1555743003
Cr-Commit-Position: refs/heads/master@{#33073}
Unify the constructors and isView methods for ArrayBuffer and
SharedArrayBuffer, moving them to C++ because there's no point
in having the JavaScript wrappers for them.
We choose to deliberately violate the ES2015 specification and
implement the ArrayBuffer constructor in a way that matches
Firefox and Safari instead.
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
BUG=chromium:565917, v8:4592
TBR=hpayer@chromium.orgR=cbruni@chromium.org
LOG=n
Committed: https://crrev.com/3235ccbb7826ceec2188f6ebab98fc851b54f60e
Cr-Commit-Position: refs/heads/master@{#32590}
Review URL: https://codereview.chromium.org/1500543002
Cr-Commit-Position: refs/heads/master@{#33072}
port b889d79de1e9af4719228536c736351c5680f25e(r33066)
original commit message:
In the vast majority of the cases when we call into the runtime we use
the default number of arguments. Hence, there is not need to specify it
again. This CL also removes TailCallExternalReference as there were no
users.
BUG=
Review URL: https://codereview.chromium.org/1559693002
Cr-Commit-Position: refs/heads/master@{#33070}
In a rare edge case, a difference in checks between C++ and
JavaScript lead to an 'illegal access' being thrown by the Date
constructor. This patch harmonizes the checks from both sides.
It's possible that slightly larger dates could be permitted,
as the ECMAScript 2015 specification indicates that +287396-10-12
would be a permissible date in the note in
http://tc39.github.io/ecma262/#sec-extended-years
This patch does not revisit the limit, only clears up the
inconsistency.
BUG=v8:4640
R=cbruni
LOG=Y
Review URL: https://codereview.chromium.org/1545883003
Cr-Commit-Position: refs/heads/master@{#33068}
Reason for revert:
Should be fixed again with this Blink change to add NeedsManualRebaseline
Original issue's description:
> Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )
>
> Reason for revert:
> [Sheriff] Changes layout tests. Please fix upstream first if intended.
>
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689
>
> Original issue's description:
> > Use ES2015-style TypedArray prototype chain
> >
> > This patch switches TypedArrays to use the prototype chain described
> > in the ES2015 specification, which adds a %TypedArray% superclass above
> > all individual TypedArray types. Most methods are defined on the
> > superclass rather than the subclasses.
> >
> > In order to prevent a performance regression, a few methods are
> > marked as inline. Inlining might prevent code which was previously
> > monomorphic from becoming polymorphic, and it was specifically
> > applied in places where methods became more polymorphic than before.
> > Tests with realistic workloads would be nice to do before this
> > ships in stable.
> >
> > This patch does not bring TypedArrays up to full spec compliance. In
> > particular, @@species is not yet supported.
> >
> > R=cbruni
> > BUG=v8:4085
> > LOG=Y
> >
> > Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> > Cr-Commit-Position: refs/heads/master@{#33050}
>
> TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4085
>
> Committed: https://crrev.com/28b55ffd1e32e09aaf42b8bbb407944d4808e07c
> Cr-Commit-Position: refs/heads/master@{#33053}
TBR=caitpotter88@gmail.com,cbruni@chromium.org,machenbach@chromium.org
BUG=v8:4085
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1558663002
Cr-Commit-Position: refs/heads/master@{#33067}
counts specified in runtime.h.
In the vast majority of the cases when we call into the runtime we use
the default number of arguments. Hence, there is not need to specify it
again. This CL also removes TailCallExternalReference as there were no
users.
BUG=
Review URL: https://codereview.chromium.org/1553703002
Cr-Commit-Position: refs/heads/master@{#33066}
This patch relands a change to ES2015 Promises which brings us closer to
spec compliance. In this new version, a bug which would lose async callstack
data was fixed.
R=adamk
CC=rossberg,caitp
LOG=Y
BUG=v8:3641
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1538663002
Cr-Commit-Position: refs/heads/master@{#33065}
Port 97def8070c
Original commit message:
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.
There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n
Review URL: https://codereview.chromium.org/1559473002
Cr-Commit-Position: refs/heads/master@{#33064}
