Functions like DataView.prototype.getUint8 should have length 1,
and DataView.prototype.setUint8 should have length 2, as their
endianness arguments are optional. Additionally,
TypedArray.prototype.set.length should be 2. This follows the ES2015
specification, and a new test262 test tests for it. This patch
fixes the functions' lengths.
R=adamk
Review URL: https://codereview.chromium.org/1636953003
Cr-Commit-Position: refs/heads/master@{#33531}
This CL implements PrepareForTailCall() mentioned in ES6 spec for full codegen, Crankshaft and Turbofan.
When debugger is active tail calls are disabled.
Tail calling can be enabled by --harmony-tailcalls flag.
BUG=v8:4698
LOG=Y
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1609893003
Cr-Commit-Position: refs/heads/master@{#33509}
This patch is a workaround to the performance regression caused by
implementing the ES2015 TypedArray prototype chain: Include a
per-TypedArray-subclass length getter so that the superclass getter does
not become polymorphic. The patch appears to fix a regression in the
Gameboy Octane benchmark.
BUG=chromium:579905
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1624383003
Cr-Commit-Position: refs/heads/master@{#33501}
Previous changes with subclassable builtins and @@species were a bit
aggressive in making TypedArray.prototype.subarray act like the
ES2016 specification in terms of returning an instance of the
subclass as a result. It turns out that Node.js, and extracted
libraries for the web, subclass TypedArrays but don't expect the
subclass constructor to be called by subarray. @@species will provide
an escape hatch, but it has not shipped yet, and will take some time
for uptake by libraries.
For now, this patch makes TypedArray.prototype.subarray fall back to
constructing an instance of the parent TypedArray class, such as
Uint8Array.
R=adamk
LOG=Y
BUG=v8:4665
Review URL: https://codereview.chromium.org/1583773005
Cr-Commit-Position: refs/heads/master@{#33312}
There's no need to mark these as possibly-direct-eval, since all such an
eval-tagged string will ever get passed is the array of string parts, which
will be immediately returns (since it's not a string). It will
never do a lookup in the current scope, nor (in sloppy mode) introduce
new declarations.
This patch is not intended to change behavior, but I've added tests that
demonstrate the stuff explained in the preceding paragraph.
Review URL: https://codereview.chromium.org/1580463003
Cr-Commit-Position: refs/heads/master@{#33245}
This patch improves ArrayBuffer and TypedArray subclassing by adding
support for @@species and constructing outputs to certain methods
by creating an instance of the constructor determined by the
SpeciesConstructor algorithm, rather than fixed to a superclass or
naively the constructor. The new behavior is enabled by the
--harmony-species flag. Care is taken to not significantly change the
observable behavior when the flag is off. Previously, TypedArrays
already supported subclassing by reading the constructor of the
receiver, but ArrayBuffers did not, and this old behavior is
preserved and tested for, to avoid a multi-stage upgrade path and keep
things simple for users.
R=adamk
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1574903004
Cr-Commit-Position: refs/heads/master@{#33223}
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.
R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1571873004
Cr-Commit-Position: refs/heads/master@{#33218}
Reason for revert:
Crash fixed by https://codereview.chromium.org/1564923007
Original issue's description:
> Revert of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #7 id:120001 of https://codereview.chromium.org/1551443002/ )
>
> Reason for revert:
> Causes frequent crashes in Canary: chromium:537816
>
> Original issue's description:
> > Ship ES2015 sloppy-mode function hoisting, let, class
> >
> > This patch doesn't ship all features of ES2015 variable/scoping
> > changes, notably omitting the removal of legacy const. I think
> > function hoisting, let and class in sloppy mode can stand to
> > themselves as a package, and the legacy const change is much
> > riskier and more likely to be reverted, so my intention is to
> > pursue those as a separate, follow-on patch.
> >
> > R=adamk@chromium.org
> > BUG=v8:4285,v8:3305
> > LOG=Y
> > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> >
> > Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> > Cr-Commit-Position: refs/heads/master@{#33133}
>
> TBR=adamk@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:4285,v8:3305,chromium:537816
> LOG=Y
>
> Committed: https://crrev.com/adac5956c6216056a211cfaa460a00ac1500d8f8
> Cr-Commit-Position: refs/heads/master@{#33162}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285,v8:3305,chromium:537816
Review URL: https://codereview.chromium.org/1571793002
Cr-Commit-Position: refs/heads/master@{#33189}
Reason for revert:
Causes frequent crashes in Canary: chromium:537816
Original issue's description:
> Ship ES2015 sloppy-mode function hoisting, let, class
>
> This patch doesn't ship all features of ES2015 variable/scoping
> changes, notably omitting the removal of legacy const. I think
> function hoisting, let and class in sloppy mode can stand to
> themselves as a package, and the legacy const change is much
> riskier and more likely to be reverted, so my intention is to
> pursue those as a separate, follow-on patch.
>
> R=adamk@chromium.org
> BUG=v8:4285,v8:3305
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> Cr-Commit-Position: refs/heads/master@{#33133}
TBR=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4285,v8:3305,chromium:537816
LOG=Y
Review URL: https://codereview.chromium.org/1565263002
Cr-Commit-Position: refs/heads/master@{#33162}
Some tests passed a string as second argument to assertThrows, expecting it to
be matched against the exception. However, assertThrows simply ignored these.
(Some other tests actually seem to use that argument as a comment ...)
This CL
- changes assertThrows to fail if the second argument is not a function,
- adds assertThrowsEquals which compares the exception to a given value using
assertEquals
- fixes some bogus tests that got exposed by this.
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1544793002
Cr-Commit-Position: refs/heads/master@{#33159}
This patch doesn't ship all features of ES2015 variable/scoping
changes, notably omitting the removal of legacy const. I think
function hoisting, let and class in sloppy mode can stand to
themselves as a package, and the legacy const change is much
riskier and more likely to be reverted, so my intention is to
pursue those as a separate, follow-on patch.
R=adamk@chromium.org
BUG=v8:4285,v8:3305
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1551443002
Cr-Commit-Position: refs/heads/master@{#33133}
Reason for revert:
Should be fixed again with this Blink change to add NeedsManualRebaseline
Original issue's description:
> Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )
>
> Reason for revert:
> [Sheriff] Changes layout tests. Please fix upstream first if intended.
>
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689
>
> Original issue's description:
> > Use ES2015-style TypedArray prototype chain
> >
> > This patch switches TypedArrays to use the prototype chain described
> > in the ES2015 specification, which adds a %TypedArray% superclass above
> > all individual TypedArray types. Most methods are defined on the
> > superclass rather than the subclasses.
> >
> > In order to prevent a performance regression, a few methods are
> > marked as inline. Inlining might prevent code which was previously
> > monomorphic from becoming polymorphic, and it was specifically
> > applied in places where methods became more polymorphic than before.
> > Tests with realistic workloads would be nice to do before this
> > ships in stable.
> >
> > This patch does not bring TypedArrays up to full spec compliance. In
> > particular, @@species is not yet supported.
> >
> > R=cbruni
> > BUG=v8:4085
> > LOG=Y
> >
> > Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> > Cr-Commit-Position: refs/heads/master@{#33050}
>
> TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4085
>
> Committed: https://crrev.com/28b55ffd1e32e09aaf42b8bbb407944d4808e07c
> Cr-Commit-Position: refs/heads/master@{#33053}
TBR=caitpotter88@gmail.com,cbruni@chromium.org,machenbach@chromium.org
BUG=v8:4085
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1558663002
Cr-Commit-Position: refs/heads/master@{#33067}
This patch relands a change to ES2015 Promises which brings us closer to
spec compliance. In this new version, a bug which would lose async callstack
data was fixed.
R=adamk
CC=rossberg,caitp
LOG=Y
BUG=v8:3641
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1538663002
Cr-Commit-Position: refs/heads/master@{#33065}
Reason for revert:
[Sheriff] Changes layout tests. Please fix upstream first if intended.
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689
Original issue's description:
> Use ES2015-style TypedArray prototype chain
>
> This patch switches TypedArrays to use the prototype chain described
> in the ES2015 specification, which adds a %TypedArray% superclass above
> all individual TypedArray types. Most methods are defined on the
> superclass rather than the subclasses.
>
> In order to prevent a performance regression, a few methods are
> marked as inline. Inlining might prevent code which was previously
> monomorphic from becoming polymorphic, and it was specifically
> applied in places where methods became more polymorphic than before.
> Tests with realistic workloads would be nice to do before this
> ships in stable.
>
> This patch does not bring TypedArrays up to full spec compliance. In
> particular, @@species is not yet supported.
>
> R=cbruni
> BUG=v8:4085
> LOG=Y
>
> Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> Cr-Commit-Position: refs/heads/master@{#33050}
TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085
Review URL: https://codereview.chromium.org/1554523002
Cr-Commit-Position: refs/heads/master@{#33053}
This patch switches TypedArrays to use the prototype chain described
in the ES2015 specification, which adds a %TypedArray% superclass above
all individual TypedArray types. Most methods are defined on the
superclass rather than the subclasses.
In order to prevent a performance regression, a few methods are
marked as inline. Inlining might prevent code which was previously
monomorphic from becoming polymorphic, and it was specifically
applied in places where methods became more polymorphic than before.
Tests with realistic workloads would be nice to do before this
ships in stable.
This patch does not bring TypedArrays up to full spec compliance. In
particular, @@species is not yet supported.
R=cbruni
BUG=v8:4085
LOG=Y
Review URL: https://codereview.chromium.org/1541233002
Cr-Commit-Position: refs/heads/master@{#33050}
When the 'y' flag was shipped, the property RegExp.prototype.unicode was
accidentally also shipped. However, the existence of this property should
be a usable feature testing point. This patch adds the 'unicode' getter on
RegExp.prototype only if the --harmony-regexp-unicode flag is turned on.
R=cbruni
CC=yangguo
BUG=v8:4644
LOG=Y
Review URL: https://codereview.chromium.org/1550713002
Cr-Commit-Position: refs/heads/master@{#33049}
Creating proto-recursive proxies might lead to instanceof while-looping
endlessly in Object::HasInPrototypeChain (For traps we already have stack
guards in place to prevent stack overflows). We prevent this by limiting
the number of proxies we visit in PrototypeIterator to a magic large number.
LOG=n
BUG=v8:1534
Review URL: https://codereview.chromium.org/1542583003
Cr-Commit-Position: refs/heads/master@{#33007}
Unexpectedly, websites depend on doing feature testing with
RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
ES2015 newly throws exceptions for both of these. In order to enable shipping
new ES2015 semantics, this patch puts in narrow workarounds for those two
cases, keeping their old behavior. UseCounters are added for how often
those particular cases come up, so we can see if it can be deprecated.
This reland replaces problematic legacy const usage with var, to
avoid issues with nosnap builds.
R=yangguo
CC=bmeurer
BUG=v8:4637,v8:4617
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1545633002
Cr-Commit-Position: refs/heads/master@{#33002}
Reason for revert:
Breaks nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5883
Original issue's description:
> Add web compat workarounds for ES2015 RegExp semantics
>
> Unexpectedly, websites depend on doing feature testing with
> RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
> ES2015 newly throws exceptions for both of these. In order to enable shipping
> new ES2015 semantics, this patch puts in narrow workarounds for those two
> cases, keeping their old behavior. UseCounters are added for how often
> those particular cases come up, so we can see if it can be deprecated.
>
> R=yangguo
> BUG=v8:4637,v8:4617
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/98f819c3e0c92d54a306cdacadda73cf96d21b52
> Cr-Commit-Position: refs/heads/master@{#32997}
TBR=yangguo@google.com,yangguo@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4637,v8:4617
Review URL: https://codereview.chromium.org/1546493003
Cr-Commit-Position: refs/heads/master@{#32999}
Unexpectedly, websites depend on doing feature testing with
RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
ES2015 newly throws exceptions for both of these. In order to enable shipping
new ES2015 semantics, this patch puts in narrow workarounds for those two
cases, keeping their old behavior. UseCounters are added for how often
those particular cases come up, so we can see if it can be deprecated.
R=yangguo
BUG=v8:4637,v8:4617
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1543723002
Cr-Commit-Position: refs/heads/master@{#32997}
We must print "[object Array]" for proxies that satisfy Array.isArray.
Cosmetic change on the side: move ObjectProtoToString from JSObject to Object
since it deals with arbitrary objects.
R=adamk@chromium.org, verwaest@chromium.org
BUG=v8:1543
LOG=n
Review URL: https://codereview.chromium.org/1526023002
Cr-Commit-Position: refs/heads/master@{#32902}
Debug evaluate no longer writes back changes to the replicated
context chain to the original after execution. Changes to the
global object or script contexts still stick. Calling functions
that bind to the original context chain also have their expected
side effects.
As far as I can tell, DevTools is not interested in modifying
local variable values. Modifying global variable values still
works as expected. However, I have not yet removed the old
implementation, but merely keep it behind a flag.
R=mstarzinger@chromium.org, rossberg@chromium.org
Committed: https://crrev.com/92caa9b85eefffbef51c67428397951bd2e2c330
Cr-Commit-Position: refs/heads/master@{#32841}
Review URL: https://codereview.chromium.org/1513183003
Cr-Commit-Position: refs/heads/master@{#32857}
Reason for revert:
[Sheriff] Layout test changes.
Original issue's description:
> [debugger] debug-evaluate should not not modify local values.
>
> Debug evaluate no longer writes back changes to the replicated
> context chain to the original after execution. Changes to the
> global object or script contexts still stick. Calling functions
> that bind to the original context chain also have their expected
> side effects.
>
> As far as I can tell, DevTools is not interested in modifying
> local variable values. Modifying global variable values still
> works as expected. However, I have not yet removed the old
> implementation, but merely keep it behind a flag.
>
> R=mstarzinger@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/92caa9b85eefffbef51c67428397951bd2e2c330
> Cr-Commit-Position: refs/heads/master@{#32841}
TBR=mstarzinger@chromium.org,rossberg@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1526553003
Cr-Commit-Position: refs/heads/master@{#32845}
Debug evaluate no longer writes back changes to the replicated
context chain to the original after execution. Changes to the
global object or script contexts still stick. Calling functions
that bind to the original context chain also have their expected
side effects.
As far as I can tell, DevTools is not interested in modifying
local variable values. Modifying global variable values still
works as expected. However, I have not yet removed the old
implementation, but merely keep it behind a flag.
R=mstarzinger@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1513183003
Cr-Commit-Position: refs/heads/master@{#32841}
Debug-evaluate used to resolve stack variables that shadow
context variables incorrectly, since the stack variable is
not visible in the context chain.
To fix this, we limit local variables accessible by debug-
evaluate to the ones directly referenced inside the function.
What is not referenced by the function itself, is considered
optimized out and not accessible by debug-evaluate.
To achieve this, we duplicate the entire context chain up to
the native context, and write back changes after debug-
evaluate. Changes to the original context chain will however
be overwritten. This already happens for catch and block
scopes though.
Also fix a crash caused by declaring variables inside debug-
evaluate.
R=mstarzinger@chromium.org
BUG=v8:4593
LOG=N
Review URL: https://codereview.chromium.org/1500933002
Cr-Commit-Position: refs/heads/master@{#32828}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1513873002
Cr-Commit-Position: refs/heads/master@{#32772}
Function subclasses did not have function properties installed (name, prototype, etc.).
Now when an instance of a Function subclass is created it gets initial map that corresponds
to the language mode of the function body. The language mode dependent maps are cached as
special transitions on initial map of the subclass constructor.
BUG=v8:4597, v8:3101, v8:3330
LOG=Y
Review URL: https://codereview.chromium.org/1510753005
Cr-Commit-Position: refs/heads/master@{#32764}
Reason for revert:
[Sheriff] Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3266
Please request rebase upstream first.
Original issue's description:
> Clean up promises and fix an edge case bug
>
> This patch builds on previous Promise spec compliance work by
> cleaning out some old code which existed to support
> Promise.prototype.chain, rephrasing some code to correspond more
> closely to the specification, and removing some incorrect brand
> checking. A test is added for a bug in an edge case which was fixed.
>
> R=rossberg
> BUG=v8:3641
> LOG=Y
>
> Committed: https://crrev.com/1deb89c8fd3cb69714ae0a24e3b5a4e78f6b73b4
> Cr-Commit-Position: refs/heads/master@{#32627}
TBR=rossberg@chromium.org,caitpotter88@gmail.com,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3641
Review URL: https://codereview.chromium.org/1501763004
Cr-Commit-Position: refs/heads/master@{#32629}
This patch builds on previous Promise spec compliance work by
cleaning out some old code which existed to support
Promise.prototype.chain, rephrasing some code to correspond more
closely to the specification, and removing some incorrect brand
checking. A test is added for a bug in an edge case which was fixed.
R=rossberg
BUG=v8:3641
LOG=Y
Review URL: https://codereview.chromium.org/1488783002
Cr-Commit-Position: refs/heads/master@{#32627}
Reason for revert:
Blocks the roll:
https://codereview.chromium.org/1497763004/
Original issue's description:
> [es6] Correctify and unify ArrayBuffer and SharedArrayBuffer constructors.
>
> The ArrayBuffer and SharedArrayBuffer constructors should raise an
> exception when called with no arguments or undefined length. Also
> unified the ArrayBuffer and SharedArrayBuffer implementations as C++
> builtins, and removed some (now) obsolete runtime entries.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/3235ccbb7826ceec2188f6ebab98fc851b54f60e
> Cr-Commit-Position: refs/heads/master@{#32590}
TBR=yangguo@chromium.org,cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1501673002
Cr-Commit-Position: refs/heads/master@{#32606}
The ArrayBuffer and SharedArrayBuffer constructors should raise an
exception when called with no arguments or undefined length. Also
unified the ArrayBuffer and SharedArrayBuffer implementations as C++
builtins, and removed some (now) obsolete runtime entries.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1500543002
Cr-Commit-Position: refs/heads/master@{#32590}
This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that this marks the last
consumer of said side-channel and the special slot in the construct
stub frame can be removed as a follow-up.
R=bmeurer@chromium.org,yangguo@chromium.org
TEST=mjsunit/es6/regress/regress-new-target-context
Review URL: https://codereview.chromium.org/1492793002
Cr-Commit-Position: refs/heads/master@{#32548}
This hackily disambiguates multiple calls for the iterator protocols in ForOf / Yield* by adding -2 / -1 to the pos.
BUG=v8:3953
LOG=y
Review URL: https://codereview.chromium.org/1491923003
Cr-Commit-Position: refs/heads/master@{#32527}
Sanitize ConstructStub handling and add a test case to ensure that the
Symbol constructor is using the correct context.
R=jarin@chromium.org
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1489323002
Cr-Commit-Position: refs/heads/master@{#32491}
This moves the bailout for functions containing new.target variable to
the correct place so that Crankshaft doesn't accidentally inline such
functions, yielding an "undefined" new.target value all the time.
R=bmeurer@chromium.org
TEST=mjsunit/es6/regress/regress-inlined-new-target
Review URL: https://codereview.chromium.org/1484163003
Cr-Commit-Position: refs/heads/master@{#32468}
This makes sure that proxy + Function/Array works
Makes sure that new.target can be a generator
Makes sure that if new.target is not a subclass, but does not have a prototype, that we'll get that same prototype back the next time we look at new.target.prototype.
BUG=v8:1543, v8:3330, v8:3931
LOG=n
Review URL: https://codereview.chromium.org/1484473002
Cr-Commit-Position: refs/heads/master@{#32382}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1469543003
Cr-Commit-Position: refs/heads/master@{#32194}
In a function expression, 'yield' is allowed, even if the expression
occurs inside a generator. Similarly, even in a non-generator,
a generator expression's name must not be 'yield'.
BUG=v8:3983
LOG=n
Review URL: https://codereview.chromium.org/1460393003
Cr-Commit-Position: refs/heads/master@{#32188}
This is in preparation for the addition of --harmony-destructuring-assignment.
BUG=v8:811
LOG=n
Review URL: https://codereview.chromium.org/1450193002
Cr-Commit-Position: refs/heads/master@{#32098}
Several changes are included here:
1. Each resolution callback references shared data indicating whether
it has already been resolved or not, as described in 25.4.1.3
http://tc39.github.io/ecma262/#sec-createresolvingfunctions.
Previously this was handled exclusively by the Promise's status,
which does not work correctly with the current chaining behaviour.
2. During fulfillment, When a Promise is resolved with a thenable, the
spec chains the promises together by invoking the thenable's `then`
function with the original Promise's resolve and reject methods (per
section 25.4.2.2, or
http://tc39.github.io/ecma262/#sec-promiseresolvethenablejob, on the
next tick, regardless of whether or not there are pending tasks.
3. Adds a spec compliance fix to ensure that the Promise constructor
is only loaded once when `then()` is called, solving v8:4539 as well.
This involves refactoring PromiseChain to accept a constructor
argument. PromiseChain/PromiseDeferred will hopefully be removed soon,
simplifying the process.
BUG=v8:4162, v8:4539, v8:3237
LOG=N
R=rossberg@chromium.org, littledan@chromium.org, adamk@chromium.org
Review URL: https://codereview.chromium.org/1394463003
Cr-Commit-Position: refs/heads/master@{#32046}
Fix an earlier regression which forbid non-VariableProxy LHS from being
used in for-of loops. Like for-in loops, the spec allows any LHS to be used,
with the sole exception that ObjectLiterals and ArrayLiterals must be valid
AssignmentPatterns.
Also fixes a bug in TurboFan which resulted in incorrectly replacing a variable load with a constant value in some instances, due to the AstLoopAssignmentAnalyzer failing to record the assignment to ForOfStatement's value.
BUG=v8:4418, v8:2720
LOG=N
R=wingo@igalia.com, littledan@chromium.org, adamk@chromium.org, bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1411873004
Cr-Commit-Position: refs/heads/master@{#31816}
This patch moves ES2015 ToLength semantics on array operations, etc
to from staging to shipping.
R=adamk
BUG=v8:3087
LOG=Y
Review URL: https://codereview.chromium.org/1433473003
Cr-Commit-Position: refs/heads/master@{#31810}
The current implementation of classes throws the TypeError at the wrong
point, after activating a new context when directly calling a class
constructor. According to the spec, the TypeError has to be thrown
in the caller context.
LOG=N
BUG=v8:4428
Committed: https://crrev.com/6a06bc0a774933719f62009d81b3f1686d83bb90
Cr-Commit-Position: refs/heads/master@{#31786}
Review URL: https://codereview.chromium.org/1418623007
Cr-Commit-Position: refs/heads/master@{#31790}
Reason for revert:
failing build bot
Original issue's description:
> [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
>
> The current implementation of classes throws the TypeError at the wrong
> point, after activating a new context when directly calling a class
> constructor. According to the spec, the TypeError has to be thrown
> in the caller context.
>
> LOG=N
> BUG=v8:4428
>
> Committed: https://crrev.com/6a06bc0a774933719f62009d81b3f1686d83bb90
> Cr-Commit-Position: refs/heads/master@{#31786}
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4428
Review URL: https://codereview.chromium.org/1415783006
Cr-Commit-Position: refs/heads/master@{#31787}
The current implementation of classes throws the TypeError at the wrong
point, after activating a new context when directly calling a class
constructor. According to the spec, the TypeError has to be thrown
in the caller context.
LOG=N
BUG=v8:4428
Review URL: https://codereview.chromium.org/1418623007
Cr-Commit-Position: refs/heads/master@{#31786}
Original issue's description:
> [es6] Fix Function and GeneratorFunction built-ins subclassing.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/99e7f872d3d0a5fb799dcbafb05537cda491314a
> Cr-Commit-Position: refs/heads/master@{#31708}
The problem was in another CL, this is a clean reland with improved tests.
BUG=v8:3101, v8:3330
LOG=Y
Review URL: https://codereview.chromium.org/1415683007
Cr-Commit-Position: refs/heads/master@{#31756}
If the property is a data property on the holder (or does not exist) and is a readonly data property in the receiver, then we must fail.
R=rossberg, verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1424233005
Cr-Commit-Position: refs/heads/master@{#31751}
1) The Map::CopyInitialMap() did not set descriptor's array if
the source initial map had one.
2) Subclasses are temporarily disallowed to have more in-object
properties than the parent class (for GC reasons).
BUG=v8:3101, v8:3330, v8:4531
LOG=N
Review URL: https://codereview.chromium.org/1431593003
Cr-Commit-Position: refs/heads/master@{#31743}
Original issue's description:
> [es6] Better support for built-ins subclassing.
>
> Create proper initial map for original constructor (new.target) instead of doing prototype
> transition on the base constructor's initial map. This approach fixes in-object slack tracking
> for subclass instances.
> This CL also fixes subclassing from String.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
> Cr-Commit-Position: refs/heads/master@{#31680}
It also fixes typed array map smashing done during typed array initialization.
BUG=v8:3101, v8:3330, v8:4419
LOG=Y
Review URL: https://codereview.chromium.org/1413033006
Cr-Commit-Position: refs/heads/master@{#31701}
Create proper initial map for original constructor (new.target) instead of doing prototype transition on the base constructor's initial map. This approach fixes in-object slack tracking for subclass instances.
This CL also fixes subclassing from String.
BUG=v8:3101, v8:3330
LOG=Y
Review URL: https://codereview.chromium.org/1427483002
Cr-Commit-Position: refs/heads/master@{#31680}
The fix is to broaden the set of cases for when NeedsHomeObject()
returns true. Note that this is broader than it needs to be (since,
e.g., non-arrow function scopes inside a method can't reference
super). But we don't track the types of inner scopes at the moment,
so this is the best we can do.
R=rossberg@chromium.org
BUG=v8:4522
LOG=n
Review URL: https://codereview.chromium.org/1411093008
Cr-Commit-Position: refs/heads/master@{#31659}
When == is invoked on a Symbol or SIMD vector and an object, the object should
be converted to a primitive with ToPrimitive and then compared again. This means,
for example, that for a Symbol or SIMD vector s, s == Object(s). This patch makes
that change in the implementation of ==. Only the runtime function needed to be
changed, as the code stubs and compiler specializations don't operate on Symbols
or SIMD vectors, and on these types, a fallback to the runtime function is always
used.
BUG=v8:3593
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1421413002
Cr-Commit-Position: refs/heads/master@{#31614}
The debugger calls PromiseHasUserDefinedRejectHandler to recursively search the
tree of dependent promises for user-defined reject handlers. If no such reject
handler exists, rejecting the promise is considered an uncaught exception.
Promise.race and Promise.all interupt the link of promise dependency wrt the
search. This change fixes that link.
R=rossberg@chromium.org
BUG=chromium:439585
LOG=N
Review URL: https://codereview.chromium.org/1411083003
Cr-Commit-Position: refs/heads/master@{#31392}
Native context specialization now lowers monomorphic and
polymorphic accesses to data and constant data properties on
object and/or prototype chain. We don't deal with accessors
yet, and we also completely ignore proxies (which is compatible
with what Crankshaft does).
The code is more or less the straightforward implementation. We
will need to refactor that and extract common patterns once the
remaining bits for full load/store support is in.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Committed: https://crrev.com/3a0bf860b7177f7abef01ff308a53603389d958e
Cr-Commit-Position: refs/heads/master@{#31340}
Review URL: https://codereview.chromium.org/1396333010
Cr-Commit-Position: refs/heads/master@{#31352}
Reason for revert:
Waterfall redness.
Original issue's description:
> [turbofan] Initial support for monomorphic/polymorphic property loads.
>
> Native context specialization now lowers monomorphic and
> polymorphic accesses to data and constant data properties on
> object and/or prototype chain. We don't deal with accessors
> yet, and we also completely ignore proxies (which is compatible
> with what Crankshaft does).
>
> The code is more or less the straightforward implementation. We
> will need to refactor that and extract common patterns once the
> remaining bits for full load/store support is in.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/3a0bf860b7177f7abef01ff308a53603389d958e
> Cr-Commit-Position: refs/heads/master@{#31340}
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review URL: https://codereview.chromium.org/1408123002
Cr-Commit-Position: refs/heads/master@{#31341}
Native context specialization now lowers monomorphic and
polymorphic accesses to data and constant data properties on
object and/or prototype chain. We don't deal with accessors
yet, and we also completely ignore proxies (which is compatible
with what Crankshaft does).
The code is more or less the straightforward implementation. We
will need to refactor that and extract common patterns once the
remaining bits for full load/store support is in.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1396333010
Cr-Commit-Position: refs/heads/master@{#31340}
Make the end position of a regexp literal the first character following the regexp. This matches the behaviour of number literals and string literals, as well as single-character tokens.
This change corrects the lazy-parsing of arrow functions with concise bodies, whose last token is a regular expression literal.
BUG=v8:4474
LOG=N
R=wingo@igalia.com, adamk@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1389313003
Cr-Commit-Position: refs/heads/master@{#31189}
Previously, arrow function scopes had a separate ScopeType. However,
Scope::DeserializeScopeChain() erroneously deserialized ARROW_SCOPE
ScopeInfos as FUNCTION_SCOPE. This could lead to bugs such as the
attached one, where "super" was disallowed where it should have
been allowed.
This patch utilizes the Scope's FunctionKind to distinguish arrow
functions from others. Besides fixing the above bug, this also
simplifies code in various places that had to deal with two different
ScopeTypes both of which meant "function".
BUG=v8:4466
LOG=n
Review URL: https://codereview.chromium.org/1386253002
Cr-Commit-Position: refs/heads/master@{#31154}
* Promise.resolve is now works with subclasses
* Spec removed [[PromiseConstructor]] now can simply use constructor
* Promise.resolve ignores species
R=littledan@chromium.org,domenic@chromium.org
BUG=v8:4161,v8:4341
LOG=Y
Review URL: https://codereview.chromium.org/1362773002
Cr-Commit-Position: refs/heads/master@{#31116}
Arrow functions have been enabled by default since the 4.5 branch.
Review URL: https://codereview.chromium.org/1373633002
Cr-Commit-Position: refs/heads/master@{#31031}
The actual Function.prototype.toMethod was removed some time already,
but there were some stuff (esp. %ToMethod) left in the tree, including
tests for %ToMethod. This code (and esp. the tests) cause trouble in
the process of moving bound functions away from JSFunction; so since
the code is unused anyway, we can as well remove it.
The original removal of Function.prototype.toMethod was in February
2015 in 68e4897586.
R=jarin@chromium.org
BUG=v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1366063002
Cr-Commit-Position: refs/heads/master@{#30925}
Since https://codereview.chromium.org/366103005 the promise tests null out
various globals, to ensure the promise implementation doesn’t itself rely
on functions patchable by monkeys.
Unfortunately, doing so breaks test assertion failures which rely on
those globals.
This isn’t the ideal solution, but does improve the current state.
R=littledan@chromium.org,domenic@chromium.org
LOG=N
BUG=
Review URL: https://codereview.chromium.org/1370583002
Cr-Commit-Position: refs/heads/master@{#30922}
It's been enabled since M45, which is now well into its stable period,
with no problems reported.
Review URL: https://codereview.chromium.org/1356793002
Cr-Commit-Position: refs/heads/master@{#30835}
Add support for `get` and `set` as shorthand properties. Also
supports them for CoverInitializedName in BindingPatterns and (once implemented)
AssignmentPatterns.
BUG=v8:4412, v8:3584
LOG=N
R=adamk, aperez, wingo, rossberg
Review URL: https://codereview.chromium.org/1328083002
Cr-Commit-Position: refs/heads/master@{#30769}
In certiain cases the ArgumentsIteratorSetter would trigger an invalid
state in the LookupIterator when being overridden. This is now solved
by bypassing the SetDataProperty and directly using
DefinePropertyOrElementIgnoringAttributes since we know exactly which
property we're going to install
LOG=N
BUG=chromium:521484
Review URL: https://codereview.chromium.org/1332873002
Cr-Commit-Position: refs/heads/master@{#30705}
Make ObjectLiteral::is_simple() false for literals containing computed
property names, which causes IsCompileTimeValue() to return false and
thus force code to be generated for setting up such properties. This
mirrors the handling of '__proto__' in literals.
BUG=v8:4387
LOG=y
Review URL: https://codereview.chromium.org/1307943007
Cr-Commit-Position: refs/heads/master@{#30362}
The ES6 spec for this function declares that ToLength
should only be called once. We were evaluating it multiple
times, so if length was an object with a valueOf method,
we could see effects take place multiple times.
R=littledan@chromium.org
LOG=N
BUG=v8:4218
Review URL: https://codereview.chromium.org/1237583005
Cr-Commit-Position: refs/heads/master@{#30240}
This patch strengthens testing of classes by verifying that the binding
that they export externally follows block scoping, as opposed to var-style
scoping. The tests are based on existing tests for let and const.
R=adamk
LOG=N
BUG=v8:3305
Review URL: https://codereview.chromium.org/1286923002
Cr-Commit-Position: refs/heads/master@{#30140}
To avoid tanking context startup performance, only the actual installation of the
JS-exposed API is flag-guarded. The remainder of the implementation still
resides in the snapshot.
Review URL: https://codereview.chromium.org/1257063003
Cr-Commit-Position: refs/heads/master@{#30017}
While at it, remove the notion of INTERNAL variables.
@caitp: Took some parts from your CL, since I was blocked on the temp scope bug.
R=mstarzinger@chromium.org
BUG=512574
LOG=N
Review URL: https://codereview.chromium.org/1250513004
Cr-Commit-Position: refs/heads/master@{#29812}
Many mjsunit tests (as well as the promises-aplus adapter scripts) were
using Object.observe simply for microtask-enqueueing purposes. Replaced
such uses with %EnqueueMicrotask.
Review URL: https://codereview.chromium.org/1246933002
Cr-Commit-Position: refs/heads/master@{#29779}
- Test that TypedArray properties cannot be set in strict mode
Properties like %TypedArray%.prototype.length have a getter and no
setter. This test verifies that property, which was apparently not
true in the past or had no test ensuring throwing in this case.
- Test that TypedArray integer indexed properties (array elements)
are not configurable
Both of these have passed for some time, but there are open bugs against
them and apparently no tests verifying that they are fixed.
BUG=v8:3048, v8:3799
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1232843005
Cr-Commit-Position: refs/heads/master@{#29717}
This is a change from ES5 to ES6: When reversing an array, first it is checked
whether the element exists, before the element is looked up. The order in ES6
is
[[HasElement]] lower
[[Get]] lower (if present)
[[HasElement]] upper
[[Get]] upper (if present)
In ES5, on the other hand, the order was
[[Get]] lower
[[Get]] upper
[[HasElement]] lower
[[HasElement]] upper
To mitigate the performance impact, this patch implements a new, third copy
of reversing arrays if %_HasPackedElements. This allows us to skip all
membership tests, and a quick and dirty benchmark shows that the new version
is faster:
Over 4 runs, the slowest for the new version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
4658
Over 3 runs, the fastest for the old version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
5176
BUG=v8:4223
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1238593003
Cr-Commit-Position: refs/heads/master@{#29716}
Conditionally including Array and TypedArray methods seems to cause
a slowdown in V8 context creation, possibly due to the new code added.
BUG=chromium:504629
R=adamk@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1215863003
Cr-Commit-Position: refs/heads/master@{#29430}
The enumerable expression in a for-in/of loop is supposed to have a TDZ for any
lexically bound names in that loop (there can be more than one with destructuring).
This patch accomplishes this with an almost-correct desugaring. The only thing missing
is proper debugger support (the let declarations added by the desugaring, while invisible
to code due to shadowing, are visible to the debugger).
BUG=v8:4210
LOG=n
Review URL: https://codereview.chromium.org/1218543003
Cr-Commit-Position: refs/heads/master@{#29396}
Before this we were using String.prototype.replace. Now
we call the internal StringReplace instead.
BUG=v8:4221
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1199933005
Cr-Commit-Position: refs/heads/master@{#29206}
Before this we were using + which calls valueOf which is not correct
for these methods.
BUG=v8:4222
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1194173004
Cr-Commit-Position: refs/heads/master@{#29202}
Currently, the desugaring of for loops of the form for
(let/const ...; bla; bla) causes them to always have a
completion value of 1, regardless of whether the loop body
is executed or not. This CL fixes this, realigning
initializer blocks as a more general purpose way to avoid
the completion value rewriter (since that's all they really
do anyway).
BUG=
Review URL: https://codereview.chromium.org/1177053006
Cr-Commit-Position: refs/heads/master@{#29108}
According to the ES6 spec, the main methods and getters shouldn't
be properties of the individual TypedArray objects and prototypes
but instead on %TypedArray% and %TypedArray%.prototype. This
difference is observable through introspection. This patch moves
some methods and getters to the proper place, with the exception
of %TypedArray%.prototype.subarray and harmony methods. These will
be moved in follow-on patches.
BUG=v8:4085
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1186733002
Cr-Commit-Position: refs/heads/master@{#29057}
This invariant will save us some head ache.
The changes to test-debug/DebugStub is due to the fact that it abuses
the ability to set break points in code that has no debug break slots.
This is now no longer possible.
R=ulan@chromium.org
BUG=v8:4132
LOG=N
Review URL: https://codereview.chromium.org/1181013007
Cr-Commit-Position: refs/heads/master@{#29038}
Reason for revert:
Test failures are bogus. Snapshot blob and natives blob are out of sync due to build being weird.
Original issue's description:
> Revert of Promise assimilation fix. (patchset #8 id:160001 of https://codereview.chromium.org/1098663002/)
>
> Reason for revert:
> Test failures: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64/builds/3829
>
> Original issue's description:
> > Promise assimilation fix.
> >
> > Let x be a fulfilled promise and y be another promise. |x.then(() => y)|
> > should call |y.then|, but the current implementation calls PromiseChain.
> > We can see the difference when we set a custom function to |y.then|.
> >
> > This CL fixes the spec violation, but as a result |then| is no longer
> > a wrapper of |chain| and in some cases it does not work well with
> > |accept| or |chain|. That is not a problem for ES6 promise users because
> > ES6 promise doesn't have them.
> >
> > LOG=N
> > BUG=477921
> >
> > Committed: https://crrev.com/2f57dff3ea0c45e1a61b334fda962460f89d71bc
> > Cr-Commit-Position: refs/heads/master@{#28926}
>
> TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=477921
>
> Committed: https://crrev.com/5bb75f514027f79303396dba823c2d78c6add83b
> Cr-Commit-Position: refs/heads/master@{#28927}
TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=477921
Review URL: https://codereview.chromium.org/1181533006
Cr-Commit-Position: refs/heads/master@{#28928}
Reason for revert:
Test failures: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64/builds/3829
Original issue's description:
> Promise assimilation fix.
>
> Let x be a fulfilled promise and y be another promise. |x.then(() => y)|
> should call |y.then|, but the current implementation calls PromiseChain.
> We can see the difference when we set a custom function to |y.then|.
>
> This CL fixes the spec violation, but as a result |then| is no longer
> a wrapper of |chain| and in some cases it does not work well with
> |accept| or |chain|. That is not a problem for ES6 promise users because
> ES6 promise doesn't have them.
>
> LOG=N
> BUG=477921
>
> Committed: https://crrev.com/2f57dff3ea0c45e1a61b334fda962460f89d71bc
> Cr-Commit-Position: refs/heads/master@{#28926}
TBR=arv@chromium.org,caitpotter88@gmail.com,rossberg@chromium.org,yhirano@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=477921
Review URL: https://codereview.chromium.org/1176163004
Cr-Commit-Position: refs/heads/master@{#28927}
Let x be a fulfilled promise and y be another promise. |x.then(() => y)|
should call |y.then|, but the current implementation calls PromiseChain.
We can see the difference when we set a custom function to |y.then|.
This CL fixes the spec violation, but as a result |then| is no longer
a wrapper of |chain| and in some cases it does not work well with
|accept| or |chain|. That is not a problem for ES6 promise users because
ES6 promise doesn't have them.
LOG=N
BUG=477921
Review URL: https://codereview.chromium.org/1098663002
Cr-Commit-Position: refs/heads/master@{#28926}
This also fixes issues with
- kMaxUint32 being a valid length but not index cornercases
- exotic integer objects masking "exotic indexes" even though its in the prototype chain
- concating of holey sloppy arguments
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/1159433003
Cr-Commit-Position: refs/heads/master@{#28754}
The April 14 2015 final draft of the ES6 specification states that the
`prototype` property of generator function instances should be writable.
BUG=v8:4140, v8:4140
LOG=N
R=arv@chromium.org
Review URL: https://codereview.chromium.org/1153633003
Cr-Commit-Position: refs/heads/master@{#28641}
Also support patterns in ``for (var p in/of ...)``
This CL extends the rewriting we used to do for ``for (let p in/of...)`` to
``for (var p in/of ...)``. For all for..in/of loop declaring variable,
we rewrite
for (var/let/const pattern in/of e) b
into
for (x' in/of e) { var/let/const pattern = e; b }
This adds a small complication for debugger: for a statement
for (var v in/of e) ...
we used to have
var v;
for (v in/of e) ...
and there was a separate breakpoint on ``var v`` line.
This breakpoint is actually useless since it is immediately followed by
a breakpoint on evaluation of ``e``, so this CL removes that breakpoint
location.
Similiraly, for let, it used to be that
for (let v in/of e) ...
became
for (x' in/of e) { let v; v = x'; ... }
``let v``generetaed a useless breakpoint (with the location at the
loop's head. This CL removes that breakpoint as well.
R=arv@chromium.org,rossberg@chromium.org
BUG=v8:811
LOG=N
Review URL: https://codereview.chromium.org/1149043005
Cr-Commit-Position: refs/heads/master@{#28565}
All the builtin iterators as well as the generator objects have an
object called %IteratorPrototype% in the spec between them and
%ObjectPrototype%.
BUG=v8:3568
LOG=N
Review URL: https://codereview.chromium.org/1128233008
Cr-Commit-Position: refs/heads/master@{#28426}
ArgumentsAdaptorStub for derived constructor (the one that needs
new.target) works in this way:
- If the constructor is invoked via the Construct stub, we know that
actual arguments always include new.target. ``arguments`` object
however should not include a new.target, therefore we remove it.
We achieve this by decrementing the argument count.
- If the constructor is invoked as a call, we do not care for a correct
``arguments`` array since the constructor will immediately throw on
entrance.
The bug is that the call could actually pass 0 actual arguments, but I
decrement unconditionally :(. The fix is to detect this case and avoid
decrementing. ``arguments`` is bogus, but it is ok as constructor
throws.
Long-term we should just remove mucking about with arguments for
new.target and just get it from the stack.
R=arv@chromium.org,rossberg@chromium.org
BUG=chromium:474783
LOG=Y
Review URL: https://codereview.chromium.org/1126783003
Cr-Commit-Position: refs/heads/master@{#28242}
When comparing a symbol to istself using <, <=, > or >= we need to
throw a TypeError. This is correctly handled in the runtime function
so if we are comparing a symbol fall back to use the runtime.
BUG=v8:4073
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1125783002
Cr-Commit-Position: refs/heads/master@{#28226}
This reverts commit d5565c1f68.
Getter and setter function names in ES6 are defined as "get foo" and
"set foo".
This also moves the logic for handling symbols from runtime-function.cc
to v8natives.js.
BUG=None
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1093183006
Cr-Commit-Position: refs/heads/master@{#28050}
ES6 specifies the function name property (it was not part of ES5) and
it specifies the name of Function.prototype to the empty string ("" and
not "Empty"). This makes us match Firefox, Safari and IE developer
preview.
BUG=v8:4033
LOG=N
R=adamk@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1080393004
Cr-Commit-Position: refs/heads/master@{#28021}
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.
BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1061393002
Cr-Commit-Position: refs/heads/master@{#27855}
The ES6 specification does not explicitly state the attributes for the
'next' and 'throw' property descriptors, so their values are defined by
Section 17 [1]:
> Every other data property described in clauses 18 through 26 and in
> Annex B.2 has the attributes
> { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
> unless otherwise specified.
[1]
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-ecmascript-standard-built-in-objects
BUG=v8:3986
LOG=N
R=wingo,arv
Review URL: https://codereview.chromium.org/1051363003
Cr-Commit-Position: refs/heads/master@{#27770}
When ObjectToString is installed on Object.prototype twice (once in v8natives.js, and once in harmony-tostring.js), this pollutes old code spaces on some devices. To prevent this, the function is only installed once, preventing test failures when the --harmony-tostring flag is flipped on by default.
BUG=v8:3502
LOG=N
R=arv@chromium.org
Review URL: https://codereview.chromium.org/1072083002
Cr-Commit-Position: refs/heads/master@{#27720}
If we optimize a function before gathering feedback it may be
peppered with soft deoptimizations. So it can't help but deoptimize.
A judicious reading of the code isn't enough to determine what the
optimization state should be in the face of such chaotic gyrations.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1069363003
Cr-Commit-Position: refs/heads/master@{#27671}
From ES6 25.2.3 ("Properties of the GeneratorFunction Prototype
Object"):
> The GeneratorFunction prototype object is an ordinary object. It is
> not a function object and does not have an [[ECMAScriptCode]] internal
> slot or any other of the internal slots listed in Table 27 or Table
> 56.
Introduce one assertion for the value's type and additional tests for its
properties. Remove an invalid assertion that fails as a result of this
fix.
BUG=v8:3991
LOG=N
Review URL: https://codereview.chromium.org/1062633002
Cr-Commit-Position: refs/heads/master@{#27603}
The removed assertion consistently passes not because the invoked
`close` method internally throws a `TypeError` but because the `close`
method does not exist. The ES6 specification does not define a `close`
method on the GeneratorPrototype, so this test is a tautology.
BUG=None
LOG=N
R=arv
Review URL: https://codereview.chromium.org/1046963002
Cr-Commit-Position: refs/heads/master@{#27567}
The modified assertions targeted the property descriptor for the
template object's first "cooked" value. The code immediately preceeding
these statements asserts these values.
Update the assertions to instead target the property descriptor for the
template object's first "raw" value (which are otherwise untested).
BUG=
Review URL: https://codereview.chromium.org/1049523003
Cr-Commit-Position: refs/heads/master@{#27566}
The spec settled on ToBoolean instead of only using not undefined.
BUG=v8:3827
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1045113002
Cr-Commit-Position: refs/heads/master@{#27548}
On 'debugger' statement, if anything in debugger calls 'EnsureDebugInfo'
on a function, EnsureDebugInfo would compile and substitute code without
debug break slots. This causes weird behavior later when stepping fails
to work (see added test as an example).
This fix is to make sure the debugger is prepared for breakpoints in
that case as well.
Also adds extra testing for bug 468661.
R=yangguo@chromium.org,yurys@chromium.orh
BUG=v8:3990,chromium:468661
LOG=N
Review URL: https://codereview.chromium.org/1032353002
Cr-Commit-Position: refs/heads/master@{#27502}