Commit Graph

470 Commits

Author SHA1 Message Date
littledan
3f37c4462b Fix length of DataView and TypedArray get/set functions
Functions like DataView.prototype.getUint8 should have length 1,
and DataView.prototype.setUint8 should have length 2, as their
endianness arguments are optional. Additionally,
TypedArray.prototype.set.length should be 2. This follows the ES2015
specification, and a new test262 test tests for it. This patch
fixes the functions' lengths.

R=adamk

Review URL: https://codereview.chromium.org/1636953003

Cr-Commit-Position: refs/heads/master@{#33531}
2016-01-26 23:56:11 +00:00
ishell
6131ab1edd [es6] Tail calls support.
This CL implements PrepareForTailCall() mentioned in ES6 spec for full codegen, Crankshaft and Turbofan.
When debugger is active tail calls are disabled.

Tail calling can be enabled by --harmony-tailcalls flag.

BUG=v8:4698
LOG=Y
TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1609893003

Cr-Commit-Position: refs/heads/master@{#33509}
2016-01-26 11:07:40 +00:00
littledan
03ce7711e4 Restore per-TypedArray-class length accessors as a perf workaround
This patch is a workaround to the performance regression caused by
implementing the ES2015 TypedArray prototype chain: Include a
per-TypedArray-subclass length getter so that the superclass getter does
not become polymorphic. The patch appears to fix a regression in the
Gameboy Octane benchmark.

BUG=chromium:579905
R=adamk
LOG=Y

Review URL: https://codereview.chromium.org/1624383003

Cr-Commit-Position: refs/heads/master@{#33501}
2016-01-25 20:26:51 +00:00
neis
faf5e68169 Make generators non-constructable.
BUG=v8:4163,v8:4630
LOG=y

R=rossberg

Review URL: https://codereview.chromium.org/1590873002

Cr-Commit-Position: refs/heads/master@{#33360}
2016-01-18 13:11:06 +00:00
littledan
e13f2ff40b Construct instances of base class from TypedArray.prototype.subarray
Previous changes with subclassable builtins and @@species were a bit
aggressive in making TypedArray.prototype.subarray act like the
ES2016 specification in terms of returning an instance of the
subclass as a result. It turns out that Node.js, and extracted
libraries for the web, subclass TypedArrays but don't expect the
subclass constructor to be called by subarray. @@species will provide
an escape hatch, but it has not shipped yet, and will take some time
for uptake by libraries.

For now, this patch makes TypedArray.prototype.subarray fall back to
constructing an instance of the parent TypedArray class, such as
Uint8Array.

R=adamk
LOG=Y
BUG=v8:4665

Review URL: https://codereview.chromium.org/1583773005

Cr-Commit-Position: refs/heads/master@{#33312}
2016-01-14 19:23:26 +00:00
adamk
f5828cb4db Stop treating scopes containing template strings tagged with 'eval' specially
There's no need to mark these as possibly-direct-eval, since all such an
eval-tagged string will ever get passed is the array of string parts, which
will be immediately returns (since it's not a string). It will
never do a lookup in the current scope, nor (in sloppy mode) introduce
new declarations.

This patch is not intended to change behavior, but I've added tests that
demonstrate the stuff explained in the preceding paragraph.

Review URL: https://codereview.chromium.org/1580463003

Cr-Commit-Position: refs/heads/master@{#33245}
2016-01-12 18:09:13 +00:00
littledan
2bd9bdbe62 TypedArray and ArrayBuffer support for @@species
This patch improves ArrayBuffer and TypedArray subclassing by adding
support for @@species and constructing outputs to certain methods
by creating an instance of the constructor determined by the
SpeciesConstructor algorithm, rather than fixed to a superclass or
naively the constructor. The new behavior is enabled by the
--harmony-species flag. Care is taken to not significantly change the
observable behavior when the flag is off. Previously, TypedArrays
already supported subclassing by reading the constructor of the
receiver, but ArrayBuffers did not, and this old behavior is
preserved and tested for, to avoid a multi-stage upgrade path and keep
things simple for users.

R=adamk
BUG=v8:4093
LOG=Y

Review URL: https://codereview.chromium.org/1574903004

Cr-Commit-Position: refs/heads/master@{#33223}
2016-01-12 06:07:59 +00:00
littledan
95145fa826 Ship ES2015 sloppy-mode const semantics
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.

R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1571873004

Cr-Commit-Position: refs/heads/master@{#33218}
2016-01-11 23:09:59 +00:00
caitpotter88
dfce900d64 [es6] enable destructuring rest parameters
Originally, only BindingIdentifiers were a legal operand for the `...` ellipsis
in a function rest parameter. This has since changed, allowing the rest array
to be destructured.

The grammar is now the following:

```
FunctionRestParameter[Yield]:
    BindingRestElement[?Yield]

BindingRestElement[Yield]:
    ... BindingIdentifier[?Yield]
    ... BindingPattern[?Yield]
```

*Spec change: d322357e6b
*TC39 Discussion: https://github.com/tc39/tc39-notes/blob/master/es7/2015-07/july-28.md#66-bindingrestelement-should-allow-a-bindingpattern-ala-assignmentrestelement

BUG=v8:4627, v8:2159
LOG=N
R=littledan@chromium.org, adamk@chromium.org, wingo@igalia.com, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1532873004

Cr-Commit-Position: refs/heads/master@{#33192}
2016-01-08 20:22:52 +00:00
littledan
23235b5fdb Reland of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #1 id:1 of https://codereview.chromium.org/1565263002/ )
Reason for revert:
Crash fixed by https://codereview.chromium.org/1564923007

Original issue's description:
> Revert of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #7 id:120001 of https://codereview.chromium.org/1551443002/ )
>
> Reason for revert:
> Causes frequent crashes in Canary: chromium:537816
>
> Original issue's description:
> > Ship ES2015 sloppy-mode function hoisting, let, class
> >
> > This patch doesn't ship all features of ES2015 variable/scoping
> > changes, notably omitting the removal of legacy const. I think
> > function hoisting, let and class in sloppy mode can stand to
> > themselves as a package, and the legacy const change is much
> > riskier and more likely to be reverted, so my intention is to
> > pursue those as a separate, follow-on patch.
> >
> > R=adamk@chromium.org
> > BUG=v8:4285,v8:3305
> > LOG=Y
> > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> >
> > Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> > Cr-Commit-Position: refs/heads/master@{#33133}
>
> TBR=adamk@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:4285,v8:3305,chromium:537816
> LOG=Y
>
> Committed: https://crrev.com/adac5956c6216056a211cfaa460a00ac1500d8f8
> Cr-Commit-Position: refs/heads/master@{#33162}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285,v8:3305,chromium:537816

Review URL: https://codereview.chromium.org/1571793002

Cr-Commit-Position: refs/heads/master@{#33189}
2016-01-08 17:34:59 +00:00
littledan
adac5956c6 Revert of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #7 id:120001 of https://codereview.chromium.org/1551443002/ )
Reason for revert:
Causes frequent crashes in Canary: chromium:537816

Original issue's description:
> Ship ES2015 sloppy-mode function hoisting, let, class
>
> This patch doesn't ship all features of ES2015 variable/scoping
> changes, notably omitting the removal of legacy const. I think
> function hoisting, let and class in sloppy mode can stand to
> themselves as a package, and the legacy const change is much
> riskier and more likely to be reverted, so my intention is to
> pursue those as a separate, follow-on patch.
>
> R=adamk@chromium.org
> BUG=v8:4285,v8:3305
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> Cr-Commit-Position: refs/heads/master@{#33133}

TBR=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4285,v8:3305,chromium:537816
LOG=Y

Review URL: https://codereview.chromium.org/1565263002

Cr-Commit-Position: refs/heads/master@{#33162}
2016-01-07 20:23:21 +00:00
neis
837900ef24 [tests] Fix bogus uses of assertThrows.
Some tests passed a string as second argument to assertThrows, expecting it to
be matched against the exception.  However, assertThrows simply ignored these.
(Some other tests actually seem to use that argument as a comment ...)

This CL
- changes assertThrows to fail if the second argument is not a function,
- adds assertThrowsEquals which compares the exception to a given value using
  assertEquals
- fixes some bogus tests that got exposed by this.

R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1544793002

Cr-Commit-Position: refs/heads/master@{#33159}
2016-01-07 14:49:21 +00:00
littledan
fcff8588a5 Ship ES2015 sloppy-mode function hoisting, let, class
This patch doesn't ship all features of ES2015 variable/scoping
changes, notably omitting the removal of legacy const. I think
function hoisting, let and class in sloppy mode can stand to
themselves as a package, and the legacy const change is much
riskier and more likely to be reverted, so my intention is to
pursue those as a separate, follow-on patch.

R=adamk@chromium.org
BUG=v8:4285,v8:3305
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1551443002

Cr-Commit-Position: refs/heads/master@{#33133}
2016-01-06 02:03:07 +00:00
caitpotter88
4f9471152c [promise] make Promise.resolve match spec
Fixes a number of test262 tests, including

- built-ins/Promise/resolve/resolve-from-promise-capability.js
- built-ins/Promise/resolve/context-non-object-with-promise.js
- built-ins/Promise/executor-function-length.js

BUG=v8:4633
LOG=N
R=littledan@chromium.org, cbruni@chromium.org

Review URL: https://codereview.chromium.org/1536013002

Cr-Commit-Position: refs/heads/master@{#33094}
2016-01-04 19:16:09 +00:00
littledan
e549c7a356 Reland of Use ES2015-style TypedArray prototype chain (patchset #1 id:1 of https://codereview.chromium.org/1554523002/ )
Reason for revert:
Should be fixed again with this Blink change to add NeedsManualRebaseline

Original issue's description:
> Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )
>
> Reason for revert:
> [Sheriff] Changes layout tests. Please fix upstream first if intended.
>
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689
>
> Original issue's description:
> > Use ES2015-style TypedArray prototype chain
> >
> > This patch switches TypedArrays to use the prototype chain described
> > in the ES2015 specification, which adds a %TypedArray% superclass above
> > all individual TypedArray types. Most methods are defined on the
> > superclass rather than the subclasses.
> >
> > In order to prevent a performance regression, a few methods are
> > marked as inline. Inlining might prevent code which was previously
> > monomorphic from becoming polymorphic, and it was specifically
> > applied in places where methods became more polymorphic than before.
> > Tests with realistic workloads would be nice to do before this
> > ships in stable.
> >
> > This patch does not bring TypedArrays up to full spec compliance. In
> > particular, @@species is not yet supported.
> >
> > R=cbruni
> > BUG=v8:4085
> > LOG=Y
> >
> > Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> > Cr-Commit-Position: refs/heads/master@{#33050}
>
> TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4085
>
> Committed: https://crrev.com/28b55ffd1e32e09aaf42b8bbb407944d4808e07c
> Cr-Commit-Position: refs/heads/master@{#33053}

TBR=caitpotter88@gmail.com,cbruni@chromium.org,machenbach@chromium.org
BUG=v8:4085
LOG=Y

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1558663002

Cr-Commit-Position: refs/heads/master@{#33067}
2015-12-30 22:14:16 +00:00
littledan
797d1090ae Reland "Clean up promises and fix an edge case bug (patchset #4 id:60001 of https://codereview.chromium.org/1488783002/ )"
This patch relands a change to ES2015 Promises which brings us closer to
spec compliance. In this new version, a bug which would lose async callstack
data was fixed.

R=adamk
CC=rossberg,caitp
LOG=Y
BUG=v8:3641
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1538663002

Cr-Commit-Position: refs/heads/master@{#33065}
2015-12-30 20:47:37 +00:00
machenbach
28b55ffd1e Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )
Reason for revert:
[Sheriff] Changes layout tests. Please fix upstream first if intended.

https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689

Original issue's description:
> Use ES2015-style TypedArray prototype chain
>
> This patch switches TypedArrays to use the prototype chain described
> in the ES2015 specification, which adds a %TypedArray% superclass above
> all individual TypedArray types. Most methods are defined on the
> superclass rather than the subclasses.
>
> In order to prevent a performance regression, a few methods are
> marked as inline. Inlining might prevent code which was previously
> monomorphic from becoming polymorphic, and it was specifically
> applied in places where methods became more polymorphic than before.
> Tests with realistic workloads would be nice to do before this
> ships in stable.
>
> This patch does not bring TypedArrays up to full spec compliance. In
> particular, @@species is not yet supported.
>
> R=cbruni
> BUG=v8:4085
> LOG=Y
>
> Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> Cr-Commit-Position: refs/heads/master@{#33050}

TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085

Review URL: https://codereview.chromium.org/1554523002

Cr-Commit-Position: refs/heads/master@{#33053}
2015-12-29 08:43:29 +00:00
littledan
07c91dccbe Use ES2015-style TypedArray prototype chain
This patch switches TypedArrays to use the prototype chain described
in the ES2015 specification, which adds a %TypedArray% superclass above
all individual TypedArray types. Most methods are defined on the
superclass rather than the subclasses.

In order to prevent a performance regression, a few methods are
marked as inline. Inlining might prevent code which was previously
monomorphic from becoming polymorphic, and it was specifically
applied in places where methods became more polymorphic than before.
Tests with realistic workloads would be nice to do before this
ships in stable.

This patch does not bring TypedArrays up to full spec compliance. In
particular, @@species is not yet supported.

R=cbruni
BUG=v8:4085
LOG=Y

Review URL: https://codereview.chromium.org/1541233002

Cr-Commit-Position: refs/heads/master@{#33050}
2015-12-28 17:28:54 +00:00
littledan
9c304f1e78 Guard the property RegExp.prototype.unicode behind --harmony-regexp-unicode
When the 'y' flag was shipped, the property RegExp.prototype.unicode was
accidentally also shipped. However, the existence of this property should
be a usable feature testing point. This patch adds the 'unicode' getter on
RegExp.prototype only if the --harmony-regexp-unicode flag is turned on.

R=cbruni
CC=yangguo
BUG=v8:4644
LOG=Y

Review URL: https://codereview.chromium.org/1550713002

Cr-Commit-Position: refs/heads/master@{#33049}
2015-12-28 16:38:54 +00:00
cbruni
e10fdbed6d [proxies] Limit recursive proxy prototype lookups to 100'000
Creating proto-recursive proxies might lead to instanceof while-looping
endlessly in Object::HasInPrototypeChain (For traps we already have stack
guards in place to prevent stack overflows). We prevent this by limiting
the number of proxies we visit in PrototypeIterator to a magic large number.

LOG=n
BUG=v8:1534

Review URL: https://codereview.chromium.org/1542583003

Cr-Commit-Position: refs/heads/master@{#33007}
2015-12-22 12:52:57 +00:00
littledan
424ef009a5 Reland of Add web compat workarounds for ES2015 RegExp semantics (patchset #3 id:40001 of https://codereview.chromium.org/1543723002/ )
Unexpectedly, websites depend on doing feature testing with
RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
ES2015 newly throws exceptions for both of these. In order to enable shipping
new ES2015 semantics, this patch puts in narrow workarounds for those two
cases, keeping their old behavior. UseCounters are added for how often
those particular cases come up, so we can see if it can be deprecated.

This reland replaces problematic legacy const usage with var, to
avoid issues with nosnap builds.

R=yangguo
CC=bmeurer
BUG=v8:4637,v8:4617
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1545633002

Cr-Commit-Position: refs/heads/master@{#33002}
2015-12-22 09:16:56 +00:00
bmeurer
08a1d1a288 Revert of Add web compat workarounds for ES2015 RegExp semantics (patchset #3 id:40001 of https://codereview.chromium.org/1543723002/ )
Reason for revert:
Breaks nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5883

Original issue's description:
> Add web compat workarounds for ES2015 RegExp semantics
>
> Unexpectedly, websites depend on doing feature testing with
> RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
> ES2015 newly throws exceptions for both of these. In order to enable shipping
> new ES2015 semantics, this patch puts in narrow workarounds for those two
> cases, keeping their old behavior. UseCounters are added for how often
> those particular cases come up, so we can see if it can be deprecated.
>
> R=yangguo
> BUG=v8:4637,v8:4617
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/98f819c3e0c92d54a306cdacadda73cf96d21b52
> Cr-Commit-Position: refs/heads/master@{#32997}

TBR=yangguo@google.com,yangguo@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4637,v8:4617

Review URL: https://codereview.chromium.org/1546493003

Cr-Commit-Position: refs/heads/master@{#32999}
2015-12-22 07:37:59 +00:00
littledan
98f819c3e0 Add web compat workarounds for ES2015 RegExp semantics
Unexpectedly, websites depend on doing feature testing with
RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
ES2015 newly throws exceptions for both of these. In order to enable shipping
new ES2015 semantics, this patch puts in narrow workarounds for those two
cases, keeping their old behavior. UseCounters are added for how often
those particular cases come up, so we can see if it can be deprecated.

R=yangguo
BUG=v8:4637,v8:4617
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1543723002

Cr-Commit-Position: refs/heads/master@{#32997}
2015-12-22 06:36:17 +00:00
neis
f723b12336 [proxies] Recognize arraylike proxies in Object.prototype.toString.
We must print "[object Array]" for proxies that satisfy Array.isArray.

Cosmetic change on the side: move ObjectProtoToString from JSObject to Object
since it deals with arbitrary objects.

R=adamk@chromium.org, verwaest@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1526023002

Cr-Commit-Position: refs/heads/master@{#32902}
2015-12-16 14:27:23 +00:00
yangguo
8bee91a58b [debugger] remove step count parameter from prepare step.
And tons of changes to debugger tests.

R=bmeurer@chromium.org
BUG=chromium:569835
LOG=N

Review URL: https://codereview.chromium.org/1525173003

Cr-Commit-Position: refs/heads/master@{#32885}
2015-12-16 08:39:54 +00:00
yangguo
abe2feb081 [debugger] debug-evaluate should not not modify local values.
Debug evaluate no longer writes back changes to the replicated
context chain to the original after execution. Changes to the
global object or script contexts still stick. Calling functions
that bind to the original context chain also have their expected
side effects.

As far as I can tell, DevTools is not interested in modifying
local variable values. Modifying global variable values still
works as expected. However, I have not yet removed the old
implementation, but merely keep it behind a flag.

R=mstarzinger@chromium.org, rossberg@chromium.org

Committed: https://crrev.com/92caa9b85eefffbef51c67428397951bd2e2c330
Cr-Commit-Position: refs/heads/master@{#32841}

Review URL: https://codereview.chromium.org/1513183003

Cr-Commit-Position: refs/heads/master@{#32857}
2015-12-15 09:54:46 +00:00
machenbach
a2f2e913f8 Revert of [debugger] debug-evaluate should not not modify local values. (patchset #2 id:20001 of https://codereview.chromium.org/1513183003/ )
Reason for revert:
[Sheriff] Layout test changes.

Original issue's description:
> [debugger] debug-evaluate should not not modify local values.
>
> Debug evaluate no longer writes back changes to the replicated
> context chain to the original after execution. Changes to the
> global object or script contexts still stick. Calling functions
> that bind to the original context chain also have their expected
> side effects.
>
> As far as I can tell, DevTools is not interested in modifying
> local variable values. Modifying global variable values still
> works as expected. However, I have not yet removed the old
> implementation, but merely keep it behind a flag.
>
> R=mstarzinger@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/92caa9b85eefffbef51c67428397951bd2e2c330
> Cr-Commit-Position: refs/heads/master@{#32841}

TBR=mstarzinger@chromium.org,rossberg@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1526553003

Cr-Commit-Position: refs/heads/master@{#32845}
2015-12-14 17:19:46 +00:00
yangguo
92caa9b85e [debugger] debug-evaluate should not not modify local values.
Debug evaluate no longer writes back changes to the replicated
context chain to the original after execution. Changes to the
global object or script contexts still stick. Calling functions
that bind to the original context chain also have their expected
side effects.

As far as I can tell, DevTools is not interested in modifying
local variable values. Modifying global variable values still
works as expected. However, I have not yet removed the old
implementation, but merely keep it behind a flag.

R=mstarzinger@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1513183003

Cr-Commit-Position: refs/heads/master@{#32841}
2015-12-14 14:54:28 +00:00
yangguo
089edbfa97 [debugger] fix debug-evaluate wrt shadowed context var.
Debug-evaluate used to resolve stack variables that shadow
context variables incorrectly, since the stack variable is
not visible in the context chain.

To fix this, we limit local variables accessible by debug-
evaluate to the ones directly referenced inside the function.
What is not referenced by the function itself, is considered
optimized out and not accessible by debug-evaluate.

To achieve this, we duplicate the entire context chain up to
the native context, and write back changes after debug-
evaluate. Changes to the original context chain will however
be overwritten. This already happens for catch and block
scopes though.

Also fix a crash caused by declaring variables inside debug-
evaluate.

R=mstarzinger@chromium.org
BUG=v8:4593
LOG=N

Review URL: https://codereview.chromium.org/1500933002

Cr-Commit-Position: refs/heads/master@{#32828}
2015-12-14 10:25:11 +00:00
yangguo
466da713c3 [es6] implement RegExp.@@search.
BUG=v8:4344
LOG=N
R=littledan@chromium.org

Review URL: https://codereview.chromium.org/1506353009

Cr-Commit-Position: refs/heads/master@{#32827}
2015-12-14 10:22:41 +00:00
adamk
5ceb4feca3 Remove always-on --harmony-rest-parameters flag
It shipped in Chrome 47.

Review URL: https://codereview.chromium.org/1519073004

Cr-Commit-Position: refs/heads/master@{#32816}
2015-12-12 00:00:38 +00:00
verwaest
a1e9ccf90f Fix Object.prototype.toString.call(proxy)
BUG=

Review URL: https://codereview.chromium.org/1517673002

Cr-Commit-Position: refs/heads/master@{#32806}
2015-12-11 15:57:30 +00:00
cbruni
df2a92972b [proxy] fixing for-in for proxies, fixing harmony/proxy.js tests, improving error messages and some drive-by fixes
BUG=v8:1543
LOG=n

patch from issue 1519473002 at patchset 1 (http://crrev.com/1519473002#ps1)

Review URL: https://codereview.chromium.org/1516843002

Cr-Commit-Position: refs/heads/master@{#32801}
2015-12-11 14:56:00 +00:00
mvstanton
3f648d7b44 Turbofan instanceof lowering needs to address proxies.
BUG=

Review URL: https://codereview.chromium.org/1518773003

Cr-Commit-Position: refs/heads/master@{#32788}
2015-12-11 11:03:07 +00:00
littledan
88c8361b8f Unstage non-standard Promise functions
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.

BUG=v8:3237
R=rossberg
LOG=Y

Review URL: https://codereview.chromium.org/1513873002

Cr-Commit-Position: refs/heads/master@{#32772}
2015-12-10 23:58:26 +00:00
ishell
dddcd0ac17 Fix Function subclassing.
Function subclasses did not have function properties installed (name, prototype, etc.).
Now when an instance of a Function subclass is created it gets initial map that corresponds
to the language mode of the function body. The language mode dependent maps are cached as
special transitions on initial map of the subclass constructor.

BUG=v8:4597, v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1510753005

Cr-Commit-Position: refs/heads/master@{#32764}
2015-12-10 17:28:08 +00:00
cbruni
a2d5641bc4 [runtime] [proxy] implement [[Construct]]
LOG=N
BUG=v8:1543

Review URL: https://codereview.chromium.org/1509603005

Cr-Commit-Position: refs/heads/master@{#32718}
2015-12-09 14:55:33 +00:00
verwaest
175c90f8f2 Support intriscDefaultProto for Error functions
BUG=v8:3900, v8:3931, v8:1543, v8:3330, v8:4002
LOG=n

Review URL: https://codereview.chromium.org/1496333002

Cr-Commit-Position: refs/heads/master@{#32692}
2015-12-09 07:53:34 +00:00
yangguo
4ff9bb070b [debugger] add test case for stepping into string template.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1502163002

Cr-Commit-Position: refs/heads/master@{#32647}
2015-12-07 09:41:01 +00:00
machenbach
0f2ed07f45 Revert of Clean up promises and fix an edge case bug (patchset #4 id:60001 of https://codereview.chromium.org/1488783002/ )
Reason for revert:
[Sheriff] Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3266

Please request rebase upstream first.

Original issue's description:
> Clean up promises and fix an edge case bug
>
> This patch builds on previous Promise spec compliance work by
> cleaning out some old code which existed to support
> Promise.prototype.chain, rephrasing some code to correspond more
> closely to the specification, and removing some incorrect brand
> checking. A test is added for a bug in an edge case which was fixed.
>
> R=rossberg
> BUG=v8:3641
> LOG=Y
>
> Committed: https://crrev.com/1deb89c8fd3cb69714ae0a24e3b5a4e78f6b73b4
> Cr-Commit-Position: refs/heads/master@{#32627}

TBR=rossberg@chromium.org,caitpotter88@gmail.com,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3641

Review URL: https://codereview.chromium.org/1501763004

Cr-Commit-Position: refs/heads/master@{#32629}
2015-12-05 08:51:20 +00:00
littledan
1deb89c8fd Clean up promises and fix an edge case bug
This patch builds on previous Promise spec compliance work by
cleaning out some old code which existed to support
Promise.prototype.chain, rephrasing some code to correspond more
closely to the specification, and removing some incorrect brand
checking. A test is added for a bug in an edge case which was fixed.

R=rossberg
BUG=v8:3641
LOG=Y

Review URL: https://codereview.chromium.org/1488783002

Cr-Commit-Position: refs/heads/master@{#32627}
2015-12-04 18:56:17 +00:00
machenbach
154a493cb7 Revert of [es6] Correctify and unify ArrayBuffer and SharedArrayBuffer constructors. (patchset #2 id:20001 of https://codereview.chromium.org/1500543002/ )
Reason for revert:
Blocks the roll:
https://codereview.chromium.org/1497763004/

Original issue's description:
> [es6] Correctify and unify ArrayBuffer and SharedArrayBuffer constructors.
>
> The ArrayBuffer and SharedArrayBuffer constructors should raise an
> exception when called with no arguments or undefined length.  Also
> unified the ArrayBuffer and SharedArrayBuffer implementations as C++
> builtins, and removed some (now) obsolete runtime entries.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/3235ccbb7826ceec2188f6ebab98fc851b54f60e
> Cr-Commit-Position: refs/heads/master@{#32590}

TBR=yangguo@chromium.org,cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1501673002

Cr-Commit-Position: refs/heads/master@{#32606}
2015-12-04 10:38:48 +00:00
bmeurer
3235ccbb78 [es6] Correctify and unify ArrayBuffer and SharedArrayBuffer constructors.
The ArrayBuffer and SharedArrayBuffer constructors should raise an
exception when called with no arguments or undefined length.  Also
unified the ArrayBuffer and SharedArrayBuffer implementations as C++
builtins, and removed some (now) obsolete runtime entries.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1500543002

Cr-Commit-Position: refs/heads/master@{#32590}
2015-12-03 21:16:31 +00:00
machenbach
15cb3fde7d Reland of [debugger] do not restart frames that reference new.target for liveedit. (patchset #1 id:1 of https://codereview.chromium.org/1493863004/ )
Reason for revert:
Didn't help...

Original issue's description:
> Revert of [debugger] do not restart frames that reference new.target for liveedit. (patchset #1 id:1 of https://codereview.chromium.org/1493363002/ )
>
> Reason for revert:
> [Sheriff] Speculative revert for https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225
>
> Original issue's description:
> > [debugger] do not restart frames that reference new.target for liveedit.
> >
> > R=mstarzinger@chromium.org
> >
> > Committed: https://crrev.com/6fca870240bdbb07a365189b5eb0c98fa65b3682
> > Cr-Commit-Position: refs/heads/master@{#32572}
>
> TBR=mstarzinger@chromium.org,yangguo@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/1a61dab34b9849f3f70a42ce69317e22758c53a1
> Cr-Commit-Position: refs/heads/master@{#32582}

TBR=mstarzinger@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1492393003

Cr-Commit-Position: refs/heads/master@{#32587}
2015-12-03 20:21:36 +00:00
machenbach
1a61dab34b Revert of [debugger] do not restart frames that reference new.target for liveedit. (patchset #1 id:1 of https://codereview.chromium.org/1493363002/ )
Reason for revert:
[Sheriff] Speculative revert for https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225

Original issue's description:
> [debugger] do not restart frames that reference new.target for liveedit.
>
> R=mstarzinger@chromium.org
>
> Committed: https://crrev.com/6fca870240bdbb07a365189b5eb0c98fa65b3682
> Cr-Commit-Position: refs/heads/master@{#32572}

TBR=mstarzinger@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1493863004

Cr-Commit-Position: refs/heads/master@{#32582}
2015-12-03 18:39:16 +00:00
yangguo
6fca870240 [debugger] do not restart frames that reference new.target for liveedit.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1493363002

Cr-Commit-Position: refs/heads/master@{#32572}
2015-12-03 15:19:17 +00:00
mstarzinger
440a42b741 [fullcode] Switch passing of new.target to register.
This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that this marks the last
consumer of said side-channel and the special slot in the construct
stub frame can be removed as a follow-up.

R=bmeurer@chromium.org,yangguo@chromium.org
TEST=mjsunit/es6/regress/regress-new-target-context

Review URL: https://codereview.chromium.org/1492793002

Cr-Commit-Position: refs/heads/master@{#32548}
2015-12-03 10:04:35 +00:00
littledan
c63236328e Revert of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1478533002/ )
Reason for revert:
Will test better; there seems to be a bug related to this.

Original issue's description:
> Reland of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1473603002/ )
>
> Reason for revert:
> Breakage in Ignition seems unrelated; relanding.
>
> Original issue's description:
> > Revert of Disable non-standard Promise functions in staging (patchset #5 id:80001 of https://codereview.chromium.org/1469543003/ )
> >
> > Reason for revert:
> > [Sheriff] This breaks ignition on arm sim debug:
> > https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/5317
> >
> > Seems to not be caught by the cq bot that builds release with dchecks.
> >
> > Original issue's description:
> > > Disable non-standard Promise functions in staging
> > >
> > > This patch removes Promise functions and methods which are absent
> > > from the ES2015 specification when the --es-staging flag is on.
> > >
> > > BUG=v8:3237
> > > R=rossberg
> > > LOG=Y
> > >
> > > Committed: https://crrev.com/941251af7e04d50ac2243da2870249a42111221a
> > > Cr-Commit-Position: refs/heads/master@{#32194}
> >
> > TBR=rossberg@chromium.org,littledan@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=v8:3237
> >
> > Committed: https://crrev.com/86bd2b3c23b562213d5af158849dcd65f347a827
> > Cr-Commit-Position: refs/heads/master@{#32199}
>
> TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3237
>
> Committed: https://crrev.com/9278b7b05a45c2089007e8b61822af96b5d0c8df
> Cr-Commit-Position: refs/heads/master@{#32235}

TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3237

Review URL: https://codereview.chromium.org/1493713004

Cr-Commit-Position: refs/heads/master@{#32530}
2015-12-02 20:35:40 +00:00
verwaest
a6ed24d61c Improve rendering of callsite with non-function target.
This hackily disambiguates multiple calls for the iterator protocols in ForOf / Yield* by adding -2 / -1 to the pos.

BUG=v8:3953
LOG=y

Review URL: https://codereview.chromium.org/1491923003

Cr-Commit-Position: refs/heads/master@{#32527}
2015-12-02 18:37:29 +00:00
yangguo
62dcf2fab6 [es6] correctly handle object wrappers in JSON.stringify.
R=bmeurer@chromium.org
BUG=v8:4581
LOG=N

Review URL: https://codereview.chromium.org/1495473002

Cr-Commit-Position: refs/heads/master@{#32494}
2015-12-02 08:44:03 +00:00
bmeurer
f618401a8e [builtins] Remove some (now) unused code from C++ builtin adaptor.
Sanitize ConstructStub handling and add a test case to ensure that the
Symbol constructor is using the correct context.

R=jarin@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1489323002

Cr-Commit-Position: refs/heads/master@{#32491}
2015-12-02 07:32:10 +00:00
mstarzinger
82e6bed4db Deprecate the %IsConstructCall intrinsic completely.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1479233002

Cr-Commit-Position: refs/heads/master@{#32470}
2015-12-01 15:58:55 +00:00
mstarzinger
8c793fed78 [crankshaft] Prevent inlining of new.target functions.
This moves the bailout for functions containing new.target variable to
the correct place so that Crankshaft doesn't accidentally inline such
functions, yielding an "undefined" new.target value all the time.

R=bmeurer@chromium.org
TEST=mjsunit/es6/regress/regress-inlined-new-target

Review URL: https://codereview.chromium.org/1484163003

Cr-Commit-Position: refs/heads/master@{#32468}
2015-12-01 14:19:43 +00:00
verwaest
970a7ad758 Fix Reflect.construct wrt proxy, generator, and non-subclass new.target
This makes sure that proxy + Function/Array works
Makes sure that new.target can be a generator
Makes sure that if new.target is not a subclass, but does not have a prototype, that we'll get that same prototype back the next time we look at new.target.prototype.

BUG=v8:1543, v8:3330, v8:3931
LOG=n

Review URL: https://codereview.chromium.org/1484473002

Cr-Commit-Position: refs/heads/master@{#32382}
2015-11-27 21:44:48 +00:00
verwaest
7ceaf72708 [Proxies] Support constructable proxy as new.target (reland)
BUG=v8:1543, v8:3330, v8:3931
LOG=n

Review URL: https://codereview.chromium.org/1481773003

Cr-Commit-Position: refs/heads/master@{#32370}
2015-11-27 12:17:16 +00:00
machenbach
87f7dc61fa Revert of [Proxies] Support constructable proxy as new.target (patchset #3 id:40001 of https://codereview.chromium.org/1481613003/ )
Reason for revert:
[Sheriff] Breaks:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3977

Original issue's description:
> [Proxies] Support constructable proxy as new.target
>
> BUG=v8:1543, v8:3330, v8:3931
> LOG=n
>
> Committed: https://crrev.com/88ac8aa5236195137d4a7aa18bcc5650a3bdca5a
> Cr-Commit-Position: refs/heads/master@{#32346}

TBR=ishell@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1543, v8:3330, v8:3931

Review URL: https://codereview.chromium.org/1480673004

Cr-Commit-Position: refs/heads/master@{#32350}
2015-11-26 16:21:00 +00:00
verwaest
88ac8aa523 [Proxies] Support constructable proxy as new.target
BUG=v8:1543, v8:3330, v8:3931
LOG=n

Review URL: https://codereview.chromium.org/1481613003

Cr-Commit-Position: refs/heads/master@{#32346}
2015-11-26 15:23:19 +00:00
yangguo
81e131ce48 [debugger] flood function for stepping before calling it.
R=verwaest@chromium.org

Committed: https://crrev.com/93eb633214e0f97bf70ae30d2a07b7fbbaa78266
Cr-Commit-Position: refs/heads/master@{#32285}

Review URL: https://codereview.chromium.org/1463803002

Cr-Commit-Position: refs/heads/master@{#32339}
2015-11-26 14:12:18 +00:00
ishell
5a3b4366cd Add test for Promises subclassing.
BUG=v8:3101, v8:3330
LOG=N

Review URL: https://codereview.chromium.org/1473323003

Cr-Commit-Position: refs/heads/master@{#32324}
2015-11-26 10:27:52 +00:00
ishell
05449f741b Allow in-object properties in JSArrayBuffer.
BUG=v8:4531
LOG=Y

Review URL: https://codereview.chromium.org/1479483004

Cr-Commit-Position: refs/heads/master@{#32321}
2015-11-26 09:46:01 +00:00
machenbach
df3dee87a7 Revert of [debugger] flood function for stepping before calling it. (patchset #7 id:120001 of https://codereview.chromium.org/1463803002/ )
Reason for revert:
[Sheriff] Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3074

Original issue's description:
> [debugger] flood function for stepping before calling it.
>
> R=verwaest@chromium.org
>
> Committed: https://crrev.com/93eb633214e0f97bf70ae30d2a07b7fbbaa78266
> Cr-Commit-Position: refs/heads/master@{#32285}

TBR=verwaest@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1474943005

Cr-Commit-Position: refs/heads/master@{#32299}
2015-11-25 19:26:46 +00:00
yangguo
93eb633214 [debugger] flood function for stepping before calling it.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1463803002

Cr-Commit-Position: refs/heads/master@{#32285}
2015-11-25 15:45:47 +00:00
littledan
9278b7b05a Reland of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1473603002/ )
Reason for revert:
Breakage in Ignition seems unrelated; relanding.

Original issue's description:
> Revert of Disable non-standard Promise functions in staging (patchset #5 id:80001 of https://codereview.chromium.org/1469543003/ )
>
> Reason for revert:
> [Sheriff] This breaks ignition on arm sim debug:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/5317
>
> Seems to not be caught by the cq bot that builds release with dchecks.
>
> Original issue's description:
> > Disable non-standard Promise functions in staging
> >
> > This patch removes Promise functions and methods which are absent
> > from the ES2015 specification when the --es-staging flag is on.
> >
> > BUG=v8:3237
> > R=rossberg
> > LOG=Y
> >
> > Committed: https://crrev.com/941251af7e04d50ac2243da2870249a42111221a
> > Cr-Commit-Position: refs/heads/master@{#32194}
>
> TBR=rossberg@chromium.org,littledan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3237
>
> Committed: https://crrev.com/86bd2b3c23b562213d5af158849dcd65f347a827
> Cr-Commit-Position: refs/heads/master@{#32199}

TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3237

Review URL: https://codereview.chromium.org/1478533002

Cr-Commit-Position: refs/heads/master@{#32235}
2015-11-24 23:18:30 +00:00
machenbach
86bd2b3c23 Revert of Disable non-standard Promise functions in staging (patchset #5 id:80001 of https://codereview.chromium.org/1469543003/ )
Reason for revert:
[Sheriff] This breaks ignition on arm sim debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/5317

Seems to not be caught by the cq bot that builds release with dchecks.

Original issue's description:
> Disable non-standard Promise functions in staging
>
> This patch removes Promise functions and methods which are absent
> from the ES2015 specification when the --es-staging flag is on.
>
> BUG=v8:3237
> R=rossberg
> LOG=Y
>
> Committed: https://crrev.com/941251af7e04d50ac2243da2870249a42111221a
> Cr-Commit-Position: refs/heads/master@{#32194}

TBR=rossberg@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3237

Review URL: https://codereview.chromium.org/1473603002

Cr-Commit-Position: refs/heads/master@{#32199}
2015-11-24 10:58:03 +00:00
littledan
941251af7e Disable non-standard Promise functions in staging
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.

BUG=v8:3237
R=rossberg
LOG=Y

Review URL: https://codereview.chromium.org/1469543003

Cr-Commit-Position: refs/heads/master@{#32194}
2015-11-24 08:51:54 +00:00
adamk
2ea7f3c869 [es6] Fix parsing of 'yield' in function and generator expressions
In a function expression, 'yield' is allowed, even if the expression
occurs inside a generator. Similarly, even in a non-generator,
a generator expression's name must not be 'yield'.

BUG=v8:3983
LOG=n

Review URL: https://codereview.chromium.org/1460393003

Cr-Commit-Position: refs/heads/master@{#32188}
2015-11-23 21:34:30 +00:00
adamk
8e2e69a4b5 [es6] Allow any valid repeat of empty string in String.prototype.repeat
This lets us pass one test262 test (and seems to match what other
implementations do to handle this case).

R=littledan@chromium.org
BUG=v8:4362
LOG=n

Review URL: https://codereview.chromium.org/1454543003

Cr-Commit-Position: refs/heads/master@{#32155}
2015-11-20 23:57:39 +00:00
verwaest
469d9bfa8d Introduce a BuiltinsConstructStub that sets up new.target and does a [[call]] per ES6 9.3.2
BUG=

Review URL: https://codereview.chromium.org/1448933002

Cr-Commit-Position: refs/heads/master@{#32120}
2015-11-19 16:11:09 +00:00
adamk
7d1d978654 Rename destructuring flag to "--harmony-destructuring-bind"
This is in preparation for the addition of --harmony-destructuring-assignment.

BUG=v8:811
LOG=n

Review URL: https://codereview.chromium.org/1450193002

Cr-Commit-Position: refs/heads/master@{#32098}
2015-11-18 23:30:09 +00:00
caitpotter88
24ff30b740 [es6] refactor Promise resolution
Several changes are included here:

1. Each resolution callback references shared data indicating whether
it has already been resolved or not, as described in 25.4.1.3
http://tc39.github.io/ecma262/#sec-createresolvingfunctions.
Previously this was handled exclusively by the Promise's status,
which does not work correctly with the current chaining behaviour.

2. During fulfillment, When a Promise is resolved with a thenable, the
spec chains the promises together by invoking the thenable's `then`
function with the original Promise's resolve and reject methods (per
section 25.4.2.2, or
http://tc39.github.io/ecma262/#sec-promiseresolvethenablejob, on the
next tick, regardless of whether or not there are pending tasks.

3. Adds a spec compliance fix to ensure that the Promise constructor
is only loaded once when `then()` is called, solving v8:4539 as well.
This involves refactoring PromiseChain to accept a constructor
argument. PromiseChain/PromiseDeferred will hopefully be removed soon,
simplifying the process.

BUG=v8:4162, v8:4539, v8:3237
LOG=N
R=rossberg@chromium.org, littledan@chromium.org, adamk@chromium.org

Review URL: https://codereview.chromium.org/1394463003

Cr-Commit-Position: refs/heads/master@{#32046}
2015-11-17 14:24:09 +00:00
cbruni
24e058d0ed [runtime] support new Proxy() instead of Proxy.create and install getPrototypeOf trap
LOG=N
BUG=v8:1543

Review URL: https://codereview.chromium.org/1417063011

Cr-Commit-Position: refs/heads/master@{#31983}
2015-11-13 14:14:07 +00:00
yangguo
483d8b9bd8 Unify setting accessor properties in native code.
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1416093006

Cr-Commit-Position: refs/heads/master@{#31910}
2015-11-10 06:58:41 +00:00
cbruni
83f60ab5ac [crankshaft] Do not optimize ClassConstructor calls and apply.
LOG=N
BUG=v8:4428

Review URL: https://codereview.chromium.org/1425293007

Cr-Commit-Position: refs/heads/master@{#31839}
2015-11-05 19:21:20 +00:00
yangguo
2237ba0dba Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
Cr-Commit-Position: refs/heads/master@{#31753}

Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
Cr-Commit-Position: refs/heads/master@{#31773}

Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
Cr-Commit-Position: refs/heads/master@{#31782}

Committed: https://crrev.com/152163c1646b45f5fc5d31a4ec2eb55d7f4a2ffc
Cr-Commit-Position: refs/heads/master@{#31804}

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31824}
2015-11-05 13:08:55 +00:00
yangguo
ca49355aba Revert of Implement flag and source getters on RegExp.prototype. (patchset #6 id:110001 of https://codereview.chromium.org/1419823010/ )
Reason for revert:
browser_tests failure with --gtest_filter=ExternallyConnectableMessagingTest.EnablingAndDisabling

Original issue's description:
> Implement flag and source getters on RegExp.prototype.
>
> R=littledan@chromium.org
> BUG=v8:3715, v8:4528
> LOG=Y
>
> Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
> Cr-Commit-Position: refs/heads/master@{#31753}
>
> Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
> Cr-Commit-Position: refs/heads/master@{#31773}
>
> Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
> Cr-Commit-Position: refs/heads/master@{#31782}
>
> Committed: https://crrev.com/152163c1646b45f5fc5d31a4ec2eb55d7f4a2ffc
> Cr-Commit-Position: refs/heads/master@{#31804}

TBR=littledan@chromium.org,jochen@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3715, v8:4528

Review URL: https://codereview.chromium.org/1426413002

Cr-Commit-Position: refs/heads/master@{#31818}
2015-11-05 09:08:51 +00:00
caitpotter88
096125deaa [es6] allow any LeftHandSideExpression in for-of loops
Fix an earlier regression which forbid non-VariableProxy LHS from being
used in for-of loops. Like for-in loops, the spec allows any LHS to be used,
with the sole exception that ObjectLiterals and ArrayLiterals must be valid
AssignmentPatterns.

Also fixes a bug in TurboFan which resulted in incorrectly replacing a variable load with a constant value in some instances, due to the AstLoopAssignmentAnalyzer failing to record the assignment to ForOfStatement's value.

BUG=v8:4418, v8:2720
LOG=N
R=wingo@igalia.com, littledan@chromium.org, adamk@chromium.org, bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1411873004

Cr-Commit-Position: refs/heads/master@{#31816}
2015-11-05 06:47:56 +00:00
littledan
5d44bf0263 Ship Harmony ToLength
This patch moves ES2015 ToLength semantics on array operations, etc
to from staging to shipping.

R=adamk
BUG=v8:3087
LOG=Y

Review URL: https://codereview.chromium.org/1433473003

Cr-Commit-Position: refs/heads/master@{#31810}
2015-11-05 00:45:05 +00:00
yangguo
152163c164 Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
Cr-Commit-Position: refs/heads/master@{#31753}

Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
Cr-Commit-Position: refs/heads/master@{#31773}

Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
Cr-Commit-Position: refs/heads/master@{#31782}

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31804}
2015-11-04 20:42:33 +00:00
hablich
a77aa3a2b4 Revert of Implement flag and source getters on RegExp.prototype. (patchset #6 id:110001 of https://codereview.chromium.org/1419823010/ )
Reason for revert:
Breaks Chromium tests and blocks the roll: http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/124490

Original issue's description:
> Implement flag and source getters on RegExp.prototype.
>
> R=littledan@chromium.org
> BUG=v8:3715, v8:4528
> LOG=Y
>
> Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
> Cr-Commit-Position: refs/heads/master@{#31753}
>
> Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
> Cr-Commit-Position: refs/heads/master@{#31773}
>
> Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
> Cr-Commit-Position: refs/heads/master@{#31782}

TBR=littledan@chromium.org,jochen@chromium.org,ulan@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3715, v8:4528

Review URL: https://codereview.chromium.org/1432683002

Cr-Commit-Position: refs/heads/master@{#31801}
2015-11-04 18:34:27 +00:00
cbruni
ab84025977 [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
The current implementation of classes throws the TypeError at the wrong
point, after activating a new context when directly calling a class
constructor. According to the spec, the TypeError has to be thrown
in the caller context.

LOG=N
BUG=v8:4428

Committed: https://crrev.com/6a06bc0a774933719f62009d81b3f1686d83bb90
Cr-Commit-Position: refs/heads/master@{#31786}

Review URL: https://codereview.chromium.org/1418623007

Cr-Commit-Position: refs/heads/master@{#31790}
2015-11-04 14:30:09 +00:00
cbruni
f1bb688e80 Revert of [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor. (patchset #20 id:370001 of https://codereview.chromium.org/1418623007/ )
Reason for revert:
failing build bot

Original issue's description:
> [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
>
> The current implementation of classes throws the TypeError at the wrong
> point, after activating a new context when directly calling a class
> constructor. According to the spec, the TypeError has to be thrown
> in the caller context.
>
> LOG=N
> BUG=v8:4428
>
> Committed: https://crrev.com/6a06bc0a774933719f62009d81b3f1686d83bb90
> Cr-Commit-Position: refs/heads/master@{#31786}

TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4428

Review URL: https://codereview.chromium.org/1415783006

Cr-Commit-Position: refs/heads/master@{#31787}
2015-11-04 13:56:44 +00:00
cbruni
6a06bc0a77 [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
The current implementation of classes throws the TypeError at the wrong
point, after activating a new context when directly calling a class
constructor. According to the spec, the TypeError has to be thrown
in the caller context.

LOG=N
BUG=v8:4428

Review URL: https://codereview.chromium.org/1418623007

Cr-Commit-Position: refs/heads/master@{#31786}
2015-11-04 13:24:09 +00:00
yangguo
85494e90bb Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
Cr-Commit-Position: refs/heads/master@{#31753}

Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
Cr-Commit-Position: refs/heads/master@{#31773}

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31782}
2015-11-04 12:28:48 +00:00
yangguo
5ee1a75c6d Revert of Implement flag and source getters on RegExp.prototype. (patchset #3 id:50001 of https://codereview.chromium.org/1419823010/ )
Reason for revert:
Performance issue.

Original issue's description:
> Implement flag and source getters on RegExp.prototype.
>
> R=littledan@chromium.org
> BUG=v8:3715, v8:4528
> LOG=Y
>
> Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
> Cr-Commit-Position: refs/heads/master@{#31753}
>
> Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
> Cr-Commit-Position: refs/heads/master@{#31773}

TBR=littledan@chromium.org,jochen@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3715, v8:4528

Review URL: https://codereview.chromium.org/1409013006

Cr-Commit-Position: refs/heads/master@{#31780}
2015-11-04 10:58:24 +00:00
yangguo
b5c80a31ad Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
Cr-Commit-Position: refs/heads/master@{#31753}

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31773}
2015-11-04 09:11:19 +00:00
ishell
059478165c [es6] Fix Object built-in subclassing.
BUG=v8:3886
LOG=Y

Review URL: https://codereview.chromium.org/1422853004

Cr-Commit-Position: refs/heads/master@{#31760}
2015-11-03 18:20:44 +00:00
ishell
208744bc10 [es6] Fix WeakMap/Set built-ins subclasssing.
BUG=v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1424283002

Cr-Commit-Position: refs/heads/master@{#31759}
2015-11-03 18:00:12 +00:00
machenbach
16e25179ec Revert of Implement flag and source getters on RegExp.prototype. (patchset #3 id:50001 of https://codereview.chromium.org/1419823010/ )
Reason for revert:
[Sheriff] Changes layout tests. Please rebase upstream first. E.g.:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/2686

Original issue's description:
> Implement flag and source getters on RegExp.prototype.
>
> R=littledan@chromium.org
> BUG=v8:3715, v8:4528
> LOG=Y
>
> Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
> Cr-Commit-Position: refs/heads/master@{#31753}

TBR=littledan@chromium.org,jochen@chromium.org,ulan@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3715, v8:4528

Review URL: https://codereview.chromium.org/1427733005

Cr-Commit-Position: refs/heads/master@{#31758}
2015-11-03 17:28:13 +00:00
ishell
babe50f083 Reland "[es6] Fix Function and GeneratorFunction built-ins subclassing."
Original issue's description:
> [es6] Fix Function and GeneratorFunction built-ins subclassing.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/99e7f872d3d0a5fb799dcbafb05537cda491314a
> Cr-Commit-Position: refs/heads/master@{#31708}

The problem was in another CL, this is a clean reland with improved tests.

BUG=v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1415683007

Cr-Commit-Position: refs/heads/master@{#31756}
2015-11-03 16:42:43 +00:00
ishell
0ac0e52847 [turbofan] Fix new.target when a function is inlined to a constructor.
Review URL: https://codereview.chromium.org/1432493003

Cr-Commit-Position: refs/heads/master@{#31754}
2015-11-03 16:20:28 +00:00
yangguo
60e8877e16 Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31753}
2015-11-03 16:17:03 +00:00
neis
b5d0e31582 Fix another corner-case behavior of Object::SetSuperProperty.
If the property is a data property on the holder (or does not exist) and is a readonly data property in the receiver, then we must fail.

R=rossberg, verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1424233005

Cr-Commit-Position: refs/heads/master@{#31751}
2015-11-03 14:53:09 +00:00
ishell
678a5583d6 [es6] Fix RegExp built-in subclassing.
1) The Map::CopyInitialMap() did not set descriptor's array if
the source initial map had one.
2) Subclasses are temporarily disallowed to have more in-object
properties than the parent class (for GC reasons).

BUG=v8:3101, v8:3330, v8:4531
LOG=N

Review URL: https://codereview.chromium.org/1431593003

Cr-Commit-Position: refs/heads/master@{#31743}
2015-11-03 12:16:15 +00:00
neis
8c1377a5b4 Fix corner-case behavior of Object::SetSuperProperty.
When the property is an accessor property in the receiver but not on the
holder (ES6 "target"), we must fail.

R=rossberg, verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1427113002

Cr-Commit-Position: refs/heads/master@{#31733}
2015-11-03 08:04:32 +00:00
yangguo
538197dada RegExp.prototype is an ordinary object.
R=littledan@chromium.org
BUG=v8:4003
LOG=N

Review URL: https://codereview.chromium.org/1423993006

Cr-Commit-Position: refs/heads/master@{#31730}
2015-11-03 06:18:44 +00:00
ishell
2210cc84de Revert of [es6] Fix Function and GeneratorFunction built-ins subclassing. (patchset #4 id:80001 of https://codereview.chromium.org/1428823002/ )
Reason for revert:
Buildbot failures

Original issue's description:
> [es6] Fix Function and GeneratorFunction built-ins subclassing.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/99e7f872d3d0a5fb799dcbafb05537cda491314a
> Cr-Commit-Position: refs/heads/master@{#31708}

TBR=verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3101, v8:3330

Review URL: https://codereview.chromium.org/1413723008

Cr-Commit-Position: refs/heads/master@{#31709}
2015-11-02 11:59:14 +00:00
ishell
99e7f872d3 [es6] Fix Function and GeneratorFunction built-ins subclassing.
BUG=v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1428823002

Cr-Commit-Position: refs/heads/master@{#31708}
2015-11-02 11:45:51 +00:00
ishell
4490ce8520 Reland "[es6] Better support for built-ins subclassing."
Original issue's description:
> [es6] Better support for built-ins subclassing.
>
> Create proper initial map for original constructor (new.target) instead of doing prototype
> transition on the base constructor's initial map. This approach fixes in-object slack tracking
> for subclass instances.
> This CL also fixes subclassing from String.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
> Cr-Commit-Position: refs/heads/master@{#31680}

It also fixes typed array map smashing done during typed array initialization.

BUG=v8:3101, v8:3330, v8:4419
LOG=Y

Review URL: https://codereview.chromium.org/1413033006

Cr-Commit-Position: refs/heads/master@{#31701}
2015-11-02 08:25:43 +00:00
bmeurer
08ca3f240c Revert of [es6] Better support for built-ins subclassing. (patchset #8 id:200001 of https://codereview.chromium.org/1427483002/ )
Reason for revert:
Breaks test on win32 nosnap.http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20nosnap%20-%20shared/builds/9680

Original issue's description:
> [es6] Better support for built-ins subclassing.
>
> Create proper initial map for original constructor (new.target) instead of doing prototype transition on the base constructor's initial map. This approach fixes in-object slack tracking for subclass instances.
> This CL also fixes subclassing from String.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
> Cr-Commit-Position: refs/heads/master@{#31680}

TBR=verwaest@chromium.org,ulan@chromium.org,ishell@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3101, v8:3330

Review URL: https://codereview.chromium.org/1416943005

Cr-Commit-Position: refs/heads/master@{#31684}
2015-10-30 11:36:35 +00:00
ishell
cd5f48302a [es6] Better support for built-ins subclassing.
Create proper initial map for original constructor (new.target) instead of doing prototype transition on the base constructor's initial map. This approach fixes in-object slack tracking for subclass instances.
This CL also fixes subclassing from String.

BUG=v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1427483002

Cr-Commit-Position: refs/heads/master@{#31680}
2015-10-30 10:58:29 +00:00
yangguo
798ce4e463 Debugger: correctly break in default constructor.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1423673003

Cr-Commit-Position: refs/heads/master@{#31665}
2015-10-29 17:22:50 +00:00
adamk
4c3c89c1de Properly handle direct evals referencing super in arrow functions
The fix is to broaden the set of cases for when NeedsHomeObject()
returns true. Note that this is broader than it needs to be (since,
e.g., non-arrow function scopes inside a method can't reference
super). But we don't track the types of inner scopes at the moment,
so this is the best we can do.

R=rossberg@chromium.org
BUG=v8:4522
LOG=n

Review URL: https://codereview.chromium.org/1411093008

Cr-Commit-Position: refs/heads/master@{#31659}
2015-10-29 15:09:51 +00:00
adamk
720c531a70 Remove --harmony-new-target flag
It was shipped in M46 without incident.

Review URL: https://codereview.chromium.org/1411723007

Cr-Commit-Position: refs/heads/master@{#31636}
2015-10-28 16:47:08 +00:00
adamk
a4689fc21f Remove flags for spread calls and arrays
These features shipped in M46 without issue.

Review URL: https://codereview.chromium.org/1429653006

Cr-Commit-Position: refs/heads/master@{#31635}
2015-10-28 15:57:27 +00:00
littledan
b436635ac4 Update to ES2015 == semantics for Symbol/SIMD wrappers
When == is invoked on a Symbol or SIMD vector and an object, the object should
be converted to a primitive with ToPrimitive and then compared again. This means,
for example, that for a Symbol or SIMD vector s, s == Object(s). This patch makes
that change in the implementation of ==. Only the runtime function needed to be
changed, as the code stubs and compiler specializations don't operate on Symbols
or SIMD vectors, and on these types, a fallback to the runtime function is always
used.

BUG=v8:3593
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1421413002

Cr-Commit-Position: refs/heads/master@{#31614}
2015-10-27 20:20:24 +00:00
neis
8e89e8203b Adapt tests in preparation of shipping --harmony-completion.
R=rossberg
BUG=

Review URL: https://codereview.chromium.org/1415283003

Cr-Commit-Position: refs/heads/master@{#31507}
2015-10-23 10:26:01 +00:00
yangguo
8be20eee3b Debugger: correctly report uncaught rejections in Promise.all and Promise.race.
The debugger calls PromiseHasUserDefinedRejectHandler to recursively search the
tree of dependent promises for user-defined reject handlers. If no such reject
handler exists, rejecting the promise is considered an uncaught exception.

Promise.race and Promise.all interupt the link of promise dependency wrt the
search. This change fixes that link.

R=rossberg@chromium.org
BUG=chromium:439585
LOG=N

Review URL: https://codereview.chromium.org/1411083003

Cr-Commit-Position: refs/heads/master@{#31392}
2015-10-20 05:40:08 +00:00
hablich
fb8a97eed9 Switch on unit test regarding -Infinity and TypedArrays
Should already work according to issue.

BUG=chromium:424619
LOG=N
R=adamk@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1413913002

Cr-Commit-Position: refs/heads/master@{#31379}
2015-10-19 14:26:38 +00:00
bmeurer
e1088b27b5 [turbofan] Initial support for monomorphic/polymorphic property loads.
Native context specialization now lowers monomorphic and
polymorphic accesses to data and constant data properties on
object and/or prototype chain. We don't deal with accessors
yet, and we also completely ignore proxies (which is compatible
with what Crankshaft does).

The code is more or less the straightforward implementation. We
will need to refactor that and extract common patterns once the
remaining bits for full load/store support is in.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n

Committed: https://crrev.com/3a0bf860b7177f7abef01ff308a53603389d958e
Cr-Commit-Position: refs/heads/master@{#31340}

Review URL: https://codereview.chromium.org/1396333010

Cr-Commit-Position: refs/heads/master@{#31352}
2015-10-19 05:24:51 +00:00
jarin
5c53481233 Revert of [turbofan] Initial support for monomorphic/polymorphic property loads. (patchset #3 id:100001 of https://codereview.chromium.org/1396333010/ )
Reason for revert:
Waterfall redness.

Original issue's description:
> [turbofan] Initial support for monomorphic/polymorphic property loads.
>
> Native context specialization now lowers monomorphic and
> polymorphic accesses to data and constant data properties on
> object and/or prototype chain. We don't deal with accessors
> yet, and we also completely ignore proxies (which is compatible
> with what Crankshaft does).
>
> The code is more or less the straightforward implementation. We
> will need to refactor that and extract common patterns once the
> remaining bits for full load/store support is in.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/3a0bf860b7177f7abef01ff308a53603389d958e
> Cr-Commit-Position: refs/heads/master@{#31340}

TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470

Review URL: https://codereview.chromium.org/1408123002

Cr-Commit-Position: refs/heads/master@{#31341}
2015-10-16 14:56:25 +00:00
bmeurer
3a0bf860b7 [turbofan] Initial support for monomorphic/polymorphic property loads.
Native context specialization now lowers monomorphic and
polymorphic accesses to data and constant data properties on
object and/or prototype chain. We don't deal with accessors
yet, and we also completely ignore proxies (which is compatible
with what Crankshaft does).

The code is more or less the straightforward implementation. We
will need to refactor that and extract common patterns once the
remaining bits for full load/store support is in.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1396333010

Cr-Commit-Position: refs/heads/master@{#31340}
2015-10-16 14:09:17 +00:00
yangguo
47c9e1c904 Implement Math.tanh using fdlibm port.
Contributed by Raymond Toy: http://rtoy.github.io/fdlibm-js/

R=jkummerow@chromium.org
BUG=v8:3495
LOG=N

Review URL: https://codereview.chromium.org/1407213002

Cr-Commit-Position: refs/heads/master@{#31335}
2015-10-16 12:56:37 +00:00
yangguo
f2bfa12654 Do not coerce lastIndex of a global RegExp in @@match and @@replace.
R=rossberg@chromium.org
BUG=v8:4471
LOG=N

Review URL: https://codereview.chromium.org/1410753002

Cr-Commit-Position: refs/heads/master@{#31330}
2015-10-16 11:25:37 +00:00
adamk
e5db1d58e5 Remove stale references to --harmony-arrays flag in mjsunit tests
Also move those tests from mjsunit/harmony to mjsunit/es6.

R=littledan@chromium.org

Review URL: https://codereview.chromium.org/1403633007

Cr-Commit-Position: refs/heads/master@{#31314}
2015-10-15 17:39:42 +00:00
yangguo
73c9be9b31 Debugger: allow stepping into resolver from Promise constructor.
R=rossberg@chromium.org
BUG=chromium:451967
LOG=N

Review URL: https://codereview.chromium.org/1404783002

Cr-Commit-Position: refs/heads/master@{#31296}
2015-10-15 12:27:40 +00:00
caitpotter88
e2be5ce542 [parser] fix token end position for regexp literals
Make the end position of a regexp literal the first character following the regexp. This matches the behaviour of number literals and string literals, as well as single-character tokens.

This change corrects the lazy-parsing of arrow functions with concise bodies, whose last token is a regular expression literal.

BUG=v8:4474
LOG=N
R=wingo@igalia.com, adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1389313003

Cr-Commit-Position: refs/heads/master@{#31189}
2015-10-09 01:02:02 +00:00
neis
7a0a682083 [es6] Implement completion value reform (--harmony-completion).
This CL depends on #1362363002.

R=rossberg
BUG=

Review URL: https://codereview.chromium.org/1361403003

Cr-Commit-Position: refs/heads/master@{#31180}
2015-10-08 13:57:04 +00:00
adamk
24565b8598 Use Scope::function_kind_ to distinguish arrow function scopes
Previously, arrow function scopes had a separate ScopeType. However,
Scope::DeserializeScopeChain() erroneously deserialized ARROW_SCOPE
ScopeInfos as FUNCTION_SCOPE. This could lead to bugs such as the
attached one, where "super" was disallowed where it should have
been allowed.

This patch utilizes the Scope's FunctionKind to distinguish arrow
functions from others. Besides fixing the above bug, this also
simplifies code in various places that had to deal with two different
ScopeTypes both of which meant "function".

BUG=v8:4466
LOG=n

Review URL: https://codereview.chromium.org/1386253002

Cr-Commit-Position: refs/heads/master@{#31154}
2015-10-07 14:55:45 +00:00
stefan.penner
dcbab0f5fb [es6] Align Promise.resolve with the spec
* Promise.resolve is now works with subclasses
* Spec removed [[PromiseConstructor]] now can simply use constructor
* Promise.resolve ignores species

R=littledan@chromium.org,domenic@chromium.org
BUG=v8:4161,v8:4341
LOG=Y

Review URL: https://codereview.chromium.org/1362773002

Cr-Commit-Position: refs/heads/master@{#31116}
2015-10-05 22:21:25 +00:00
adamk
163419e8fa Remove --harmony-arrow-functions flag
Arrow functions have been enabled by default since the 4.5 branch.

Review URL: https://codereview.chromium.org/1373633002

Cr-Commit-Position: refs/heads/master@{#31031}
2015-09-30 19:50:40 +00:00
bmeurer
ff2c9eace4 [es6] Remove left-overs from Function.prototype.toMethod.
The actual Function.prototype.toMethod was removed some time already,
but there were some stuff (esp. %ToMethod) left in the tree, including
tests for %ToMethod.  This code (and esp. the tests) cause trouble in
the process of moving bound functions away from JSFunction; so since
the code is unused anyway, we can as well remove it.

The original removal of Function.prototype.toMethod was in February
2015 in 68e4897586.

R=jarin@chromium.org
BUG=v8:3330
LOG=n

Review URL: https://codereview.chromium.org/1366063002

Cr-Commit-Position: refs/heads/master@{#30925}
2015-09-25 04:04:36 +00:00
stefan.penner
ab9898980e Don’t smash globals used by the test helper itself.
Since https://codereview.chromium.org/366103005 the promise tests null out
various globals, to ensure the promise implementation doesn’t itself rely
on functions patchable by monkeys.

Unfortunately, doing so breaks test assertion failures which rely on
those globals.

This isn’t the ideal solution, but does improve the current state.

R=littledan@chromium.org,domenic@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/1370583002

Cr-Commit-Position: refs/heads/master@{#30922}
2015-09-24 21:47:17 +00:00
adamk
7462e99667 Remove on-by-default flag --harmony-object
It's been enabled since M45, which is now well into its stable period,
with no problems reported.

Review URL: https://codereview.chromium.org/1356793002

Cr-Commit-Position: refs/heads/master@{#30835}
2015-09-18 18:37:57 +00:00
caitpotter88
b444da41ad [es6] support get and set in shorthand properties
Add support for `get` and `set` as shorthand properties. Also
supports them for CoverInitializedName in BindingPatterns and (once implemented)
AssignmentPatterns.

BUG=v8:4412, v8:3584
LOG=N
R=adamk, aperez, wingo, rossberg

Review URL: https://codereview.chromium.org/1328083002

Cr-Commit-Position: refs/heads/master@{#30769}
2015-09-16 16:02:05 +00:00
cbruni
2f1df49a6c Fixing Sloppy Symbol.iterator setter
In certiain cases the ArgumentsIteratorSetter would trigger an invalid
state in the LookupIterator when being overridden. This is now solved
by bypassing the SetDataProperty and directly using
DefinePropertyOrElementIgnoringAttributes since we know exactly which
property we're going to install

LOG=N
BUG=chromium:521484

Review URL: https://codereview.chromium.org/1332873002

Cr-Commit-Position: refs/heads/master@{#30705}
2015-09-14 07:22:35 +00:00
adamk
233d62f8e3 [es6] Fix computed property names in nested literals
Make ObjectLiteral::is_simple() false for literals containing computed
property names, which causes IsCompileTimeValue() to return false and
thus force code to be generated for setting up such properties. This
mirrors the handling of '__proto__' in literals.

BUG=v8:4387
LOG=y

Review URL: https://codereview.chromium.org/1307943007

Cr-Commit-Position: refs/heads/master@{#30362}
2015-08-25 21:10:44 +00:00
yangguo
e8ce7acf53 Debugger: use correct position for for-next expression statement.
R=rossberg@chromium.org
BUG=chromium:523543
LOG=N

Review URL: https://codereview.chromium.org/1310213002

Cr-Commit-Position: refs/heads/master@{#30328}
2015-08-24 13:08:22 +00:00
ejcaruso
df999c9790 Only evaluate length once in %TypedArray%.prototype.set
The ES6 spec for this function declares that ToLength
should only be called once. We were evaluating it multiple
times, so if length was an object with a valueOf method,
we could see effects take place multiple times.

R=littledan@chromium.org
LOG=N
BUG=v8:4218

Review URL: https://codereview.chromium.org/1237583005

Cr-Commit-Position: refs/heads/master@{#30240}
2015-08-19 01:33:06 +00:00
littledan
e261540b9e Add class to existing lexical scoping tests
This patch strengthens testing of classes by verifying that the binding
that they export externally follows block scoping, as opposed to var-style
scoping. The tests are based on existing tests for let and const.

R=adamk
LOG=N
BUG=v8:3305

Review URL: https://codereview.chromium.org/1286923002

Cr-Commit-Position: refs/heads/master@{#30140}
2015-08-12 18:43:06 +00:00
adamk
b7726c447a Delete --harmony-computed-property-names flag
It was shipped in V8 4.4.

Review URL: https://codereview.chromium.org/1273543002

Cr-Commit-Position: refs/heads/master@{#30038}
2015-08-05 21:32:38 +00:00
adamk
cd455055a0 Delete --harmony-unicode flag
It was shipped in V8 4.4.

Review URL: https://codereview.chromium.org/1271073002

Cr-Commit-Position: refs/heads/master@{#30035}
2015-08-05 19:08:42 +00:00
adamk
2e4efcfac2 Add a --harmony-object-observe runtime flag (on by default)
To avoid tanking context startup performance, only the actual installation of the
JS-exposed API is flag-guarded. The remainder of the implementation still
resides in the snapshot.

Review URL: https://codereview.chromium.org/1257063003

Cr-Commit-Position: refs/heads/master@{#30017}
2015-08-04 20:53:32 +00:00
yangguo
1667c15e37 Debugger: move implementation to a separate folder.
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1265923002

Cr-Commit-Position: refs/heads/master@{#29951}
2015-07-31 11:08:15 +00:00
rossberg
9ab8bfba7f [es6] Make sure temporaries are not allocated in block scope
While at it, remove the notion of INTERNAL variables.

@caitp: Took some parts from your CL, since I was blocked on the temp scope bug.

R=mstarzinger@chromium.org
BUG=512574
LOG=N

Review URL: https://codereview.chromium.org/1250513004

Cr-Commit-Position: refs/heads/master@{#29812}
2015-07-23 13:51:35 +00:00
adamk
3a74348e09 [es6] Array.prototype[Symbol.iterator].name should be 'values'
R=littledan@chromium.org
BUG=v8:4311
LOG=n

Review URL: https://codereview.chromium.org/1242623002

Cr-Commit-Position: refs/heads/master@{#29794}
2015-07-23 05:50:47 +00:00
adamk
4b8200078a Remove unnecessary coupling between Promise tests and Object.observe
Many mjsunit tests (as well as the promises-aplus adapter scripts) were
using Object.observe simply for microtask-enqueueing purposes. Replaced
such uses with %EnqueueMicrotask.

Review URL: https://codereview.chromium.org/1246933002

Cr-Commit-Position: refs/heads/master@{#29779}
2015-07-21 17:17:07 +00:00
yangguo
01902e4eab Debugger: use FrameInspector in ScopeIterator to find context.
In optimized code, it's not guaranteed that the current context
is stored in its frame slot.

R=bmeurer@chromium.org
BUG=v8:4309
LOG=N

Committed: https://crrev.com/3a0ee39cbde6a9778cfc4e2a6a0a8ff68933ff38
Cr-Commit-Position: refs/heads/master@{#29697}

Review URL: https://codereview.chromium.org/1239033002

Cr-Commit-Position: refs/heads/master@{#29744}
2015-07-20 08:53:39 +00:00
yangguo
c062b28aeb Revert of Debugger: use FrameInspector in ScopeIterator to find context. (patchset #3 id:40001 of https://codereview.chromium.org/1239033002/)
Reason for revert:
breaks roll: http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/87292/steps/browser_tests%20%28with%20patch%29/logs/DevToolsSanityTest.TestPauseWhenScriptIsRunning

Original issue's description:
> Debugger: use FrameInspector in ScopeIterator to find context.
>
> In optimized code, it's not guaranteed that the current context
> is stored in its frame slot.
>
> R=bmeurer@chromium.org
> BUG=v8:4309
> LOG=N
>
> Committed: https://crrev.com/3a0ee39cbde6a9778cfc4e2a6a0a8ff68933ff38
> Cr-Commit-Position: refs/heads/master@{#29697}

TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4309

Review URL: https://codereview.chromium.org/1243553002

Cr-Commit-Position: refs/heads/master@{#29722}
2015-07-17 09:53:49 +00:00
littledan
8068b91d15 Additional TypedArray tests
- Test that TypedArray properties cannot be set in strict mode
  Properties like %TypedArray%.prototype.length have a getter and no
  setter. This test verifies that property, which was apparently not
  true in the past or had no test ensuring throwing in this case.
- Test that TypedArray integer indexed properties (array elements)
  are not configurable

Both of these have passed for some time, but there are open bugs against
them and apparently no tests verifying that they are fixed.

BUG=v8:3048, v8:3799
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1232843005

Cr-Commit-Position: refs/heads/master@{#29717}
2015-07-17 00:21:31 +00:00
littledan
f76dfee9df Array.prototype.reverse should call [[HasProperty]] on elements before [[Get]]
This is a change from ES5 to ES6: When reversing an array, first it is checked
whether the element exists, before the element is looked up. The order in ES6
is

[[HasElement]] lower
[[Get]] lower (if present)
[[HasElement]] upper
[[Get]] upper (if present)

In ES5, on the other hand, the order was

[[Get]] lower
[[Get]] upper
[[HasElement]] lower
[[HasElement]] upper

To mitigate the performance impact, this patch implements a new, third copy
of reversing arrays if %_HasPackedElements. This allows us to skip all
membership tests, and a quick and dirty benchmark shows that the new version
is faster:

Over 4 runs, the slowest for the new version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
4658

Over 3 runs, the fastest for the old version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
5176

BUG=v8:4223
R=adamk
LOG=Y

Review URL: https://codereview.chromium.org/1238593003

Cr-Commit-Position: refs/heads/master@{#29716}
2015-07-16 23:12:23 +00:00
yangguo
3a0ee39cbd Debugger: use FrameInspector in ScopeIterator to find context.
In optimized code, it's not guaranteed that the current context
is stored in its frame slot.

R=bmeurer@chromium.org
BUG=v8:4309
LOG=N

Review URL: https://codereview.chromium.org/1239033002

Cr-Commit-Position: refs/heads/master@{#29697}
2015-07-16 09:28:20 +00:00
arv
a73338ba9e [es6] Enforce TDZ checks for let/const in StoreLookupSlot
With --harmony-sloppy we can get to a runtime store in the presence of
an eval. We therefor need to check that the value is not the hole which
is used to enforce TDZ.

BUG=v8:4284
LOG=N
R=rossberg@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1214733013

Cr-Commit-Position: refs/heads/master@{#29577}
2015-07-10 16:20:52 +00:00
arv
3b1aabc960 [es6] Initial support for let/const bindings in sloppy mode
Allow let in sloppy mode with --harmony-sloppy

Allow ES'15 const in sloppy mode with --harmony-sloppy --no-legacy-const

Functions in block are not done yet. They are only let bound in the block
at this point.

BUG=v8:3305, v8:2198
LOG=N
R=littledan@chromium.org, rossberg@chromium.org, adamk@chromium.org

Review URL: https://codereview.chromium.org/1219853004

Cr-Commit-Position: refs/heads/master@{#29536}
2015-07-08 15:04:13 +00:00
adamk
a1f20f0928 Add debug-stepnext test for for-let loops
Review URL: https://codereview.chromium.org/1215383002

Cr-Commit-Position: refs/heads/master@{#29523}
2015-07-07 19:11:38 +00:00
yangguo
a8a4c364c2 Debugger: use debug break slots instead of ICs (except for calls).
BUG=v8:3147,v8:4269
LOG=N

Review URL: https://codereview.chromium.org/1218493005

Cr-Commit-Position: refs/heads/master@{#29487}
2015-07-06 11:16:02 +00:00
littledan
a1dcac3df7 Include Harmony Array/TypedArray methods unconditionally
Conditionally including Array and TypedArray methods seems to cause
a slowdown in V8 context creation, possibly due to the new code added.

BUG=chromium:504629
R=adamk@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1215863003

Cr-Commit-Position: refs/heads/master@{#29430}
2015-07-01 23:10:21 +00:00
adamk
62572e011e [es6] Ensure that for-in/of loops have a proper TDZ for their lexically-bound variables
The enumerable expression in a for-in/of loop is supposed to have a TDZ for any
lexically bound names in that loop (there can be more than one with destructuring).

This patch accomplishes this with an almost-correct desugaring. The only thing missing
is proper debugger support (the let declarations added by the desugaring, while invisible
to code due to shadowing, are visible to the debugger).

BUG=v8:4210
LOG=n

Review URL: https://codereview.chromium.org/1218543003

Cr-Commit-Position: refs/heads/master@{#29396}
2015-07-01 00:27:30 +00:00
arv
473badf5fa [es6] Make sure we do not invoke setter when calling Promise.all
We were calling the setter for Object.prototype.promise if it existed
when calling PromiseAll.

BUG=v9:4232
LOG=N
R=rossberg@chromium.org, adamk@chromium.org

Review URL: https://codereview.chromium.org/1219623005

Cr-Commit-Position: refs/heads/master@{#29357}
2015-06-29 18:14:37 +00:00
arv
353b40e980 [es6] Remove harmony-classes flag
Move class tests to es6 directory

BUG=v8:3330
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1213813003

Cr-Commit-Position: refs/heads/master@{#29336}
2015-06-26 21:16:58 +00:00
arv
47dd45c0ab [es6] Remove harmony-object-literal flag
And move tests to es6 directory

BUG=v8:3516
LOG=N
R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1218473003

Cr-Commit-Position: refs/heads/master@{#29334}
2015-06-26 19:49:53 +00:00
arv
81f2c44047 Fix HTML string methods to not depend on replace method
Before this we were using String.prototype.replace. Now
we call the internal StringReplace instead.

BUG=v8:4221
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1199933005

Cr-Commit-Position: refs/heads/master@{#29206}
2015-06-22 21:55:56 +00:00
arv
6b268bce6a Fix string HTML methods to call ToString
Before this we were using + which calls valueOf which is not correct
for these methods.

BUG=v8:4222
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1194173004

Cr-Commit-Position: refs/heads/master@{#29202}
2015-06-22 19:07:24 +00:00
verwaest
49495ace70 Cleanup INTEGER_INDEXED_EXOTIC handling a bit
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1191813003

Cr-Commit-Position: refs/heads/master@{#29116}
2015-06-18 14:39:11 +00:00
conradw
1bb051b8a4 [es6] Fix completion values of for loops with lexical variables
Currently, the desugaring of for loops of the form for
(let/const ...; bla; bla) causes them to always have a
completion value of 1, regardless of whether the loop body
is executed or not. This CL fixes this, realigning
initializer blocks as a more general purpose way to avoid
the completion value rewriter (since that's all they really
do anyway).

BUG=

Review URL: https://codereview.chromium.org/1177053006

Cr-Commit-Position: refs/heads/master@{#29108}
2015-06-18 11:54:16 +00:00
machenbach
b4d3e1ceba Revert of Add %TypedArray% to proto chain (patchset #6 id:100001 of https://codereview.chromium.org/1186733002/)
Reason for revert:
[Sheriff] Changes layout tests:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/429

See e.g.:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_32/429/layout-test-results/inspector/console/console-big-array-pretty-diff.html

Please upload a blink side needsmanualrebaseline change first for these tests if the change is intended. Please also add a blink trybot on a reland of this CL.

Original issue's description:
> Add %TypedArray% to proto chain
>
> According to the ES6 spec, the main methods and getters shouldn't
> be properties of the individual TypedArray objects and prototypes
> but instead on %TypedArray% and %TypedArray%.prototype. This
> difference is observable through introspection. This patch moves
> some methods and getters to the proper place, with the exception
> of %TypedArray%.prototype.subarray and harmony methods. These will
> be moved in follow-on patches.
>
> BUG=v8:4085
> LOG=Y
> R=adamk
>
> Committed: https://crrev.com/a10590158260737b256fac3254b4939f48f90095
> Cr-Commit-Position: refs/heads/master@{#29057}

TBR=adamk@chromium.org,arv@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085

Review URL: https://codereview.chromium.org/1192433003

Cr-Commit-Position: refs/heads/master@{#29070}
2015-06-17 09:05:51 +00:00
littledan
a105901582 Add %TypedArray% to proto chain
According to the ES6 spec, the main methods and getters shouldn't
be properties of the individual TypedArray objects and prototypes
but instead on %TypedArray% and %TypedArray%.prototype. This
difference is observable through introspection. This patch moves
some methods and getters to the proper place, with the exception
of %TypedArray%.prototype.subarray and harmony methods. These will
be moved in follow-on patches.

BUG=v8:4085
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1186733002

Cr-Commit-Position: refs/heads/master@{#29057}
2015-06-16 23:39:10 +00:00
caitpotter88
6d22f7a794 [parser] parse CalllExpression TemplateLiteral production
BUG=v8:4183
R=arv@chromium.org, rossberg@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1184373002

Cr-Commit-Position: refs/heads/master@{#29055}
2015-06-16 18:08:28 +00:00
yangguo
75350f1ef0 Debugger: require debugger to be active when dealing with breaks.
This invariant will save us some head ache.
The changes to test-debug/DebugStub is due to the fact that it abuses
the ability to set break points in code that has no debug break slots.
This is now no longer possible.

R=ulan@chromium.org
BUG=v8:4132
LOG=N

Review URL: https://codereview.chromium.org/1181013007

Cr-Commit-Position: refs/heads/master@{#29038}
2015-06-16 07:11:21 +00:00
arv
5f72593d16 [es6] Make sure we call add property when adding a new property
When setting a property using `super.prop = val` we need to use
add property if we are adding a new property and not set property.

BUG=493566
LOG=N
R=verwaest@chromium.org, dslomov@chromium.org

Review URL: https://codereview.chromium.org/1161073002

Cr-Commit-Position: refs/heads/master@{#28971}
2015-06-11 21:24:41 +00:00
machenbach
4e7990d394 Revert of Revert of Revert of Promise assimilation fix. (patchset #1 id:1 of https://codereview.chromium.org/1181533006/)
Reason for revert:
[Sheriff] Changes/breaks layout tests. Please land upstream needsmanualrebaseline requests first or fix the tests.

E.g.
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Win/builds/400
One test fails, one times out. See e.g. expectations changes:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Win/400/layout-test-results/inspector/sources/debugger-async/async-callstack-promises-diff.txt

On linux debug theses tests crash:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/346
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_64__dbg_/346/layout-test-results/results.html

Original issue's description:
> Revert of Revert of Promise assimilation fix. (patchset #1 id:1 of https://codereview.chromium.org/1176163004/)
>
> Reason for revert:
> Test failures are bogus. Snapshot blob and natives blob are out of sync due to build being weird.
>
> Original issue's description:
> > Revert of Promise assimilation fix. (patchset #8 id:160001 of https://codereview.chromium.org/1098663002/)
> >
> > Reason for revert:
> > Test failures: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64/builds/3829
> >
> > Original issue's description:
> > > Promise assimilation fix.
> > >
> > > Let x be a fulfilled promise and y be another promise. |x.then(() => y)|
> > > should call |y.then|, but the current implementation calls PromiseChain.
> > > We can see the difference when we set a custom function to |y.then|.
> > >
> > > This CL fixes the spec violation, but as a result |then| is no longer
> > > a wrapper of |chain| and in some cases it does not work well with
> > > |accept| or |chain|. That is not a problem for ES6 promise users because
> > > ES6 promise doesn't have them.
> > >
> > > LOG=N
> > > BUG=477921
> > >
> > > Committed: https://crrev.com/2f57dff3ea0c45e1a61b334fda962460f89d71bc
> > > Cr-Commit-Position: refs/heads/master@{#28926}
> >
> > TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=477921
> >
> > Committed: https://crrev.com/5bb75f514027f79303396dba823c2d78c6add83b
> > Cr-Commit-Position: refs/heads/master@{#28927}
>
> TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=477921
>
> Committed: https://crrev.com/6f214bdd8bcdc76d48bd85c3bd897f0e2427ff95
> Cr-Commit-Position: refs/heads/master@{#28928}

TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=477921

Review URL: https://codereview.chromium.org/1181603003

Cr-Commit-Position: refs/heads/master@{#28931}
2015-06-11 09:09:18 +00:00
yangguo
6f214bdd8b Revert of Revert of Promise assimilation fix. (patchset #1 id:1 of https://codereview.chromium.org/1176163004/)
Reason for revert:
Test failures are bogus. Snapshot blob and natives blob are out of sync due to build being weird.

Original issue's description:
> Revert of Promise assimilation fix. (patchset #8 id:160001 of https://codereview.chromium.org/1098663002/)
>
> Reason for revert:
> Test failures: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64/builds/3829
>
> Original issue's description:
> > Promise assimilation fix.
> >
> > Let x be a fulfilled promise and y be another promise. |x.then(() => y)|
> > should call |y.then|, but the current implementation calls PromiseChain.
> > We can see the difference when we set a custom function to |y.then|.
> >
> > This CL fixes the spec violation, but as a result |then| is no longer
> > a wrapper of |chain| and in some cases it does not work well with
> > |accept| or |chain|. That is not a problem for ES6 promise users because
> > ES6 promise doesn't have them.
> >
> > LOG=N
> > BUG=477921
> >
> > Committed: https://crrev.com/2f57dff3ea0c45e1a61b334fda962460f89d71bc
> > Cr-Commit-Position: refs/heads/master@{#28926}
>
> TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=477921
>
> Committed: https://crrev.com/5bb75f514027f79303396dba823c2d78c6add83b
> Cr-Commit-Position: refs/heads/master@{#28927}

TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=477921

Review URL: https://codereview.chromium.org/1181533006

Cr-Commit-Position: refs/heads/master@{#28928}
2015-06-11 08:15:32 +00:00
yangguo
5bb75f5140 Revert of Promise assimilation fix. (patchset #8 id:160001 of https://codereview.chromium.org/1098663002/)
Reason for revert:
Test failures: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64/builds/3829

Original issue's description:
> Promise assimilation fix.
>
> Let x be a fulfilled promise and y be another promise. |x.then(() => y)|
> should call |y.then|, but the current implementation calls PromiseChain.
> We can see the difference when we set a custom function to |y.then|.
>
> This CL fixes the spec violation, but as a result |then| is no longer
> a wrapper of |chain| and in some cases it does not work well with
> |accept| or |chain|. That is not a problem for ES6 promise users because
> ES6 promise doesn't have them.
>
> LOG=N
> BUG=477921
>
> Committed: https://crrev.com/2f57dff3ea0c45e1a61b334fda962460f89d71bc
> Cr-Commit-Position: refs/heads/master@{#28926}

TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=477921

Review URL: https://codereview.chromium.org/1176163004

Cr-Commit-Position: refs/heads/master@{#28927}
2015-06-11 08:01:15 +00:00
yhirano
2f57dff3ea Promise assimilation fix.
Let x be a fulfilled promise and y be another promise. |x.then(() => y)|
should call |y.then|, but the current implementation calls PromiseChain.
We can see the difference when we set a custom function to |y.then|.

This CL fixes the spec violation, but as a result |then| is no longer
a wrapper of |chain| and in some cases it does not work well with
|accept| or |chain|. That is not a problem for ES6 promise users because
ES6 promise doesn't have them.

LOG=N
BUG=477921

Review URL: https://codereview.chromium.org/1098663002

Cr-Commit-Position: refs/heads/master@{#28926}
2015-06-11 07:42:42 +00:00
arv
07c1f277bd Unship harmony tostring
Blink's DOM bindings are not yet ready.

BUG=493137, 239915
LOG=N
R=rossberg, adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1153263004

Cr-Commit-Position: refs/heads/master@{#28804}
2015-06-04 17:33:33 +00:00
verwaest
2fb894fa58 Use GetProperty for getting elements.
This also fixes issues with
- kMaxUint32 being a valid length but not index cornercases
- exotic integer objects masking "exotic indexes" even though its in the prototype chain
- concating of holey sloppy arguments

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1159433003

Cr-Commit-Position: refs/heads/master@{#28754}
2015-06-02 10:42:29 +00:00
mike
f7b5912276 [es6] Define generator prototype as writable prop
The April 14 2015 final draft of the ES6 specification states that the
`prototype` property of generator function instances should be writable.

BUG=v8:4140, v8:4140
LOG=N
R=arv@chromium.org

Review URL: https://codereview.chromium.org/1153633003

Cr-Commit-Position: refs/heads/master@{#28641}
2015-05-26 18:31:49 +00:00
dslomov
7ffdb5194d [destructuring] Grand for statement parsing unification.
Also support patterns in ``for (var p in/of ...)``

This CL extends the rewriting we used to do for ``for (let p in/of...)`` to
``for (var p in/of ...)``. For all for..in/of loop declaring variable,
we rewrite
   for (var/let/const pattern in/of e) b
into
   for (x' in/of e) { var/let/const pattern = e; b }

This adds a small complication for debugger: for a statement
   for (var v in/of e) ...
we used to have
   var v;
   for (v in/of e) ...
and there was a separate breakpoint on ``var v`` line.
This breakpoint is actually useless since it is immediately followed by
a breakpoint on evaluation of ``e``, so this CL removes that breakpoint
location.

Similiraly, for let, it used to be that
  for (let v in/of e) ...
became
  for (x' in/of e) { let v; v  = x'; ... }
``let v``generetaed a useless breakpoint (with the location at the
loop's head. This CL removes that breakpoint as well.

R=arv@chromium.org,rossberg@chromium.org
BUG=v8:811
LOG=N

Review URL: https://codereview.chromium.org/1149043005

Cr-Commit-Position: refs/heads/master@{#28565}
2015-05-21 17:46:45 +00:00
verwaest
4268141ca6 Reland "Mark internal AccessorInfo properties as 'special data properties'"
This reverts commit ac5336baca.

BUG=

Review URL: https://codereview.chromium.org/1138483005

Cr-Commit-Position: refs/heads/master@{#28442}
2015-05-18 12:36:40 +00:00
machenbach
ac5336baca Revert of Mark internal AccessorInfo properties as "special data properties" (patchset #2 id:20001 of https://codereview.chromium.org/1123163005/)
Reason for revert:
[Sheriff] Blocks current roll:
https://codereview.chromium.org/1124403007/

Bisection (https://codereview.chromium.org/1142753002/) points to this CL.

Original issue's description:
> Mark internal AccessorInfo properties as "special data properties" to ensure correct strict-mode handling.
>
> BUG=
>
> Committed: https://crrev.com/188297160d2b82a4e2a206ebbddfc21dd99a9d8d
> Cr-Commit-Position: refs/heads/master@{#28369}

TBR=rossberg@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1142763002

Cr-Commit-Position: refs/heads/master@{#28437}
2015-05-17 16:50:17 +00:00
arv
834a8e9f63 [es6] Iterators and generators should "extend" %IteratorPrototype%
All the builtin iterators as well as the generator objects have an
object called %IteratorPrototype% in the spec between them and
%ObjectPrototype%.

BUG=v8:3568
LOG=N

Review URL: https://codereview.chromium.org/1128233008

Cr-Commit-Position: refs/heads/master@{#28426}
2015-05-15 15:09:38 +00:00
dslomov
0b620ad5e5 Fix test formatting
TBR=arv@chromium.org

Review URL: https://codereview.chromium.org/1129713004

Cr-Commit-Position: refs/heads/master@{#28380}
2015-05-12 18:12:54 +00:00
dslomov
30b771a662 Fix the behavior of 'super.foo' assignment when receiver is not an object.
R=arv@chromium.org,verwaest@chromium.org
BUG=v8:4097
LOG=N

Review URL: https://codereview.chromium.org/1132203005

Cr-Commit-Position: refs/heads/master@{#28377}
2015-05-12 17:13:07 +00:00
verwaest
188297160d Mark internal AccessorInfo properties as "special data properties" to ensure correct strict-mode handling.
BUG=

Review URL: https://codereview.chromium.org/1123163005

Cr-Commit-Position: refs/heads/master@{#28369}
2015-05-12 15:11:13 +00:00
conradw
382435480d [es6] Fix symbol comparison on some architectures
https://codereview.chromium.org/1125783002 did not handle all cases for some
architectures. These cases are now covered, and tests have been extended to
check them.

BUG=v8:4073
LOG=N

Review URL: https://codereview.chromium.org/1128143002

Cr-Commit-Position: refs/heads/master@{#28266}
2015-05-06 15:04:47 +00:00
dslomov
cf53fed972 Handle the case when derived constructor is [[Call]]ed with 0 args.
ArgumentsAdaptorStub for derived constructor (the one that needs
new.target) works in this way:
 - If the constructor is invoked via the Construct stub, we know that
   actual arguments always include new.target. ``arguments`` object
   however should not include a new.target, therefore we remove it.
   We achieve this by decrementing the argument count.
 - If the constructor is invoked as a call, we do not care for a correct
   ``arguments`` array since the constructor will immediately throw on
   entrance.
The bug is that the call could actually pass 0 actual arguments, but I
decrement unconditionally :(. The fix is to detect this case and avoid
decrementing. ``arguments`` is bogus, but it is ok as constructor
throws.

Long-term we should just remove mucking about with arguments for
new.target and just get it from the stack.

R=arv@chromium.org,rossberg@chromium.org
BUG=chromium:474783
LOG=Y

Review URL: https://codereview.chromium.org/1126783003

Cr-Commit-Position: refs/heads/master@{#28242}
2015-05-05 19:57:04 +00:00
arv
d26f5d3923 [es6] When comparing two symbols we may need to throw a TypeError
When comparing a symbol to istself using <, <=, > or >= we need to
throw a TypeError. This is correctly handled in the runtime function
so if we are comparing a symbol fall back to use the runtime.

BUG=v8:4073
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1125783002

Cr-Commit-Position: refs/heads/master@{#28226}
2015-05-05 14:17:46 +00:00
arv
2279dfe789 [es6] Map/Set size getter should have "get size" name
This reverts commit d5565c1f68.

Getter and setter function names in ES6 are defined as "get foo" and
"set foo".

This also moves the logic for handling symbols from runtime-function.cc
to v8natives.js.

BUG=None
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1093183006

Cr-Commit-Position: refs/heads/master@{#28050}
2015-04-24 18:15:59 +00:00
arv
d5565c1f68 Revert of [es6] Map/Set size getter should have "get size" name (patchset #4 id:80001 of https://codereview.chromium.org/1094323005/)
Reason for revert:
Breaks GCMole ia32

http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gcmole/builds/1685/steps/GCMole%20ia32/logs/stdio

src/runtime/runtime-function.cc:96:3: warning: Possible problem with evaluation order.
  f->shared()->set_name(*NameToFunctionName(name));
  ^
src/runtime/runtime-function.cc:96:3: warning: Possible problem with evaluation order.
2 warnings generated.

Original issue's description:
> [es6] Map/Set size getter should have "get size" name
>
> Getter and setter function names in ES6 are defined as "get foo" and
> "set foo".
>
> BUG=None
> LOG=N
> R=adamk@chromium.org
>
> Committed: https://crrev.com/83c89a2e71a363afb35595f903423e650d788e42
> Cr-Commit-Position: refs/heads/master@{#28034}

TBR=adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=None

Review URL: https://codereview.chromium.org/1106713002

Cr-Commit-Position: refs/heads/master@{#28035}
2015-04-23 22:06:27 +00:00
arv
83c89a2e71 [es6] Map/Set size getter should have "get size" name
Getter and setter function names in ES6 are defined as "get foo" and
"set foo".

BUG=None
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1094323005

Cr-Commit-Position: refs/heads/master@{#28034}
2015-04-23 21:56:10 +00:00
arv
d0db1c39ca [es6] Function.prototype.name should be the empty string
ES6 specifies the function name property (it was not part of ES5) and
it specifies the name of Function.prototype to the empty string ("" and
not "Empty"). This makes us match Firefox, Safari and IE developer
preview.

BUG=v8:4033
LOG=N
R=adamk@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1080393004

Cr-Commit-Position: refs/heads/master@{#28021}
2015-04-23 00:29:27 +00:00
dslomov
aec46ca54a Stack allocate lexical locals + hoist stack slots
Review URL: https://codereview.chromium.org/981203003

Cr-Commit-Position: refs/heads/master@{#28008}
2015-04-22 13:22:18 +00:00
arv
79be74364a Fix issues with name and length on poison pill function
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.

BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1061393002

Cr-Commit-Position: refs/heads/master@{#27855}
2015-04-15 17:15:26 +00:00
jkummerow
3eb277f270 %GetOptimizationStatus(): Unconditionally return a sentinel when --always-opt is present
Review URL: https://codereview.chromium.org/1086923002

Cr-Commit-Position: refs/heads/master@{#27822}
2015-04-14 14:57:48 +00:00
yangguo
2c01bd34b0 Fix Math.log10 implementation for 1 - Number.EPSILON.
R=svenpanne@chromium.org
BUG=v8:4025
LOG=N

Review URL: https://codereview.chromium.org/1084853002

Cr-Commit-Position: refs/heads/master@{#27815}
2015-04-14 11:56:02 +00:00
arv
186dd69b3a [es6] Fix length property of collection constructors
{Map, Set, WeakMap, WeakSet}.length should be 0.

BUG=v8:4021
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1073233002

Cr-Commit-Position: refs/heads/master@{#27798}
2015-04-13 18:59:39 +00:00
arv
0e539d1ca9 Revert "ES6: Number and Boolean prototype should be ordinary objects"
This reverts commit e965a1f84a.

The reason is that it breaks jsfiddle.com

BUG=476437, v8:4001
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1086673002

Cr-Commit-Position: refs/heads/master@{#27791}
2015-04-13 16:21:00 +00:00
ben
80b7a962b2 Use correct property descriptor in generators test
BUG=

Review URL: https://codereview.chromium.org/1077413002

Cr-Commit-Position: refs/heads/master@{#27771}
2015-04-12 21:18:31 +00:00
mike
0a4881600d Correct property descriptors on GeneratorPrototype
The ES6 specification does not explicitly state the attributes for the
'next' and 'throw' property descriptors, so their values are defined by
Section 17 [1]:

> Every other data property described in clauses 18 through 26 and in
> Annex B.2 has the attributes
> { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
> unless otherwise specified.

[1]
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-ecmascript-standard-built-in-objects

BUG=v8:3986
LOG=N
R=wingo,arv

Review URL: https://codereview.chromium.org/1051363003

Cr-Commit-Position: refs/heads/master@{#27770}
2015-04-11 21:14:20 +00:00
caitpotter88
9836c34dba [es6] do not add caller/arguments to ES6 function definitions
BUG=v8:3946, v8:3982
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
LOG=N
R=arv@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1027283004

Cr-Commit-Position: refs/heads/master@{#27729}
2015-04-09 22:40:28 +00:00
caitpotter88
48eff34c32 [es6] don't "replace" Object.prototype.toString for --harmony-tostring
When ObjectToString is installed on Object.prototype twice (once in v8natives.js, and once in harmony-tostring.js), this pollutes old code spaces on some devices. To prevent this, the function is only installed once, preventing test failures when the --harmony-tostring flag is flipped on by default.

BUG=v8:3502
LOG=N
R=arv@chromium.org

Review URL: https://codereview.chromium.org/1072083002

Cr-Commit-Position: refs/heads/master@{#27720}
2015-04-09 20:53:46 +00:00
arv
e965a1f84a ES6: Number and Boolean prototype should be ordinary objects
BUG=v8:4001
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1051373002

Cr-Commit-Position: refs/heads/master@{#27680}
2015-04-08 21:18:40 +00:00
mvstanton
af293729ad Tests that carefully checks opt/deopt status shouldn't --always-opt.
If we optimize a function before gathering feedback it may be
peppered with soft deoptimizations. So it can't help but deoptimize.
A judicious reading of the code isn't enough to determine what the
optimization state should be in the face of such chaotic gyrations.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1069363003

Cr-Commit-Position: refs/heads/master@{#27671}
2015-04-08 15:56:01 +00:00
mike
3b624a1796 Re-implement %Generator% intrinsic as an object
From ES6 25.2.3 ("Properties of the GeneratorFunction Prototype
Object"):

> The GeneratorFunction prototype object is an ordinary object. It is
> not a function object and does not have an [[ECMAScriptCode]] internal
> slot or any other of the internal slots listed in Table 27 or Table
> 56.

Introduce one assertion for the value's type and additional tests for its
properties. Remove an invalid assertion that fails as a result of this
fix.

BUG=v8:3991
LOG=N

Review URL: https://codereview.chromium.org/1062633002

Cr-Commit-Position: refs/heads/master@{#27603}
2015-04-06 21:04:51 +00:00
mike
30ea626886 Remove invalid assertion
The removed assertion consistently passes not because the invoked
`close` method internally throws a `TypeError` but because the `close`
method does not exist. The ES6 specification does not define a `close`
method on the GeneratorPrototype, so this test is a tautology.

BUG=None
LOG=N
R=arv

Review URL: https://codereview.chromium.org/1046963002

Cr-Commit-Position: refs/heads/master@{#27567}
2015-04-01 15:22:19 +00:00
mike
3badfdcd50 Re-write duplicated assertions
The modified assertions targeted the property descriptor for the
template object's first "cooked" value. The code immediately preceeding
these statements asserts these values.

Update the assertions to instead target the property descriptor for the
template object's first "raw" value (which are otherwise untested).

BUG=

Review URL: https://codereview.chromium.org/1049523003

Cr-Commit-Position: refs/heads/master@{#27566}
2015-04-01 15:13:21 +00:00
arv
bb21979adf ES6: Unscopable should use ToBoolean
The spec settled on ToBoolean instead of only using not undefined.

BUG=v8:3827
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1045113002

Cr-Commit-Position: refs/heads/master@{#27548}
2015-03-31 15:14:20 +00:00
arv
a373b089e9 Remove --harmony-numeric-literal flag
We have been shipping harmony numeric literals since M41

R=rossberg@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1024603002

Cr-Commit-Position: refs/heads/master@{#27545}
2015-03-31 14:24:30 +00:00
dslomov
15ef61d468 Make sure debugger is ready for breakpoins when we process 'debugger' statement.
On 'debugger' statement, if anything in debugger calls 'EnsureDebugInfo'
on a function, EnsureDebugInfo would compile and substitute code without
debug break slots. This causes weird behavior later when stepping fails
to work (see added test as an example).
This fix is to make sure the debugger is prepared for breakpoints in
that case as well.

Also adds extra testing for bug 468661.

R=yangguo@chromium.org,yurys@chromium.orh
BUG=v8:3990,chromium:468661
LOG=N

Review URL: https://codereview.chromium.org/1032353002

Cr-Commit-Position: refs/heads/master@{#27502}
2015-03-27 18:33:17 +00:00
dcarney
d76526032f fix reconfigure of indexed integer exotic objects
R=verwaest@chromium.org
BUG=466084
LOG=N

Review URL: https://codereview.chromium.org/1037213002

Cr-Commit-Position: refs/heads/master@{#27498}
2015-03-27 10:12:55 +00:00
yangguo
46cc8740a9 Debugger: remove unused JS Debugger API.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1005053004

Cr-Commit-Position: refs/heads/master@{#27464}
2015-03-26 08:15:45 +00:00