For functions declared in source code, the .toString() representation
will be an excerpt of the source code.
* For functions declared with the "function" keyword, the excerpt
starts at the "function" or "async" keyword and ends at the final "}".
The previous behavior would start the excerpt at the "(" of the
parameter list, and prepend a canonical `"function " + name` or
similar, which would discard comments and formatting surrounding the
function's name. Anonymous functions declared as function expressions
no longer get the name "anonymous" in their toString representation.
* For methods, the excerpt starts at the "get", "set", "*" (for
generator methods), or property name, whichever comes first.
Previously, the toString representation for methods would use a
canonical prefix before the "(" of the parameter list. Note that any
"static" keyword is omitted.
* For arrow functions and class declarations, the excerpt is unchanged.
For functions created with the Function, GeneratorFunction, or
AsyncFunction constructors:
* The string separating the parameter text and body text is now
"\n) {\n", where previously it was "\n/*``*/) {\n" or ") {\n".
* At one point, newline normalization was required by the spec here,
but that was removed from the spec, and so this CL does not do it.
Included in this CL is a fix for CreateDynamicFunction parsing. ')'
and '`' characters in the parameter string are no longer disallowed,
and Function("a=function(", "}){") is no longer allowed.
BUG=v8:4958, v8:4230
Review-Url: https://codereview.chromium.org/2156303002
Cr-Commit-Position: refs/heads/master@{#43262}
These experimental natives previously only installed functions to the
appropriate parent. In this patch, the exports container is retained
so that the bootstrapper may install the functions instead. This
change is intended to reduce startup time. SharedArrayBuffer retains
some experimental natives exported from JS; this may be addressed
in a follow-on patch. The patch includes some minor cleanup of the
bootstrap process by removing "experimental exports", which was unused.
R=yangguo@chromium.org
BUG=v8:5880
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/2683083003
Cr-Commit-Position: refs/heads/master@{#43221}
- Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
- Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
relies on std::memmove rather than accessing individual eleements.
- Fixes the case where copyWithin is invoked on a TypedArray with a
detached buffer.
- Add tests to ensure that +/-Infinity (for all 3 parameters) is handled
correctly by the
algorithm
The C++ version gets through the benchmark more than 25000 times as
quickly as the JS implementation.
BUG=v8:5925, v8:5929, v8:4648
R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
Review-Url: https://codereview.chromium.org/2697593002
Cr-Commit-Position: refs/heads/master@{#43213}
Reason for revert:
Due to security issue described in review thread.
Original issue's description:
> [typedarrays] move %TypedArray%.prototype.copyWithin to C++
>
> - Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
> - Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
> relies on std::memmove rather than accessing individual eleements.
> - Fixes the case where copyWithin is invoked on a TypedArray with a
> detached buffer.
> - Add tests to ensure that +/-Infinity (for all 3 parameters) is handled correctly by the
> algorithm
>
> The C++ version gets through the benchmark more than 25000 times as
> quickly as the JS implementation.
>
> BUG=v8:5925, v8:5929, v8:4648
> R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
>
> Review-Url: https://codereview.chromium.org/2671233002
> Cr-Commit-Position: refs/heads/master@{#42975}
> Committed: 0f1c626d55TBR=cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org,cwhan.tunz@gmail.com,caitp@igalia.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5925, v8:5929, v8:4648
Review-Url: https://codereview.chromium.org/2693753002
Cr-Commit-Position: refs/heads/master@{#43132}
This CL includes runtime and IC parts of the tracking. It is controlled by
compile-time flag FLAG_constant_field_tracking and currently disabled.
Transition from kConst to kMutable still involves map deprecation.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2598543003
Cr-Commit-Position: refs/heads/master@{#43081}
- Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
- Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
relies on std::memmove rather than accessing individual eleements.
- Fixes the case where copyWithin is invoked on a TypedArray with a
detached buffer.
- Add tests to ensure that +/-Infinity (for all 3 parameters) is handled correctly by the
algorithm
The C++ version gets through the benchmark more than 25000 times as
quickly as the JS implementation.
BUG=v8:5925, v8:5929, v8:4648
R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
Review-Url: https://codereview.chromium.org/2671233002
Cr-Commit-Position: refs/heads/master@{#42975}
Using .caller, one can get access to the internal function that invokes the
handler passed to Promise.prototype.then. This internal function is a TF
builtin that was set up as non-native and without an argument adaptor. As a
consequence of this, when accessing .arguments on it, the frame-walking logic in
the .arguments accessor thinks the number of arguments is -1 and we try to
allocate an array of size -1.
This CL marks the builtin function as native (making its .arguments be null),
along with a few others that may have been incorrect in the same way.
BUG=chromium:682349
Review-Url: https://codereview.chromium.org/2672453002
Cr-Commit-Position: refs/heads/master@{#42855}
Move set_native(true) from InstallFunction into CreateFunction in order to
emphasize the places where we create non-native functions.
No change in semantics overall.
BUG=
Review-Url: https://codereview.chromium.org/2667993005
Cr-Commit-Position: refs/heads/master@{#42854}
The String.prototype was altered after snapshot time (during
experimental natives setup), invalidating the stored map used for
fast-path checks.
BUG=
Review-Url: https://codereview.chromium.org/2663303003
Cr-Commit-Position: refs/heads/master@{#42842}
Rewrites import expression into a runtime call. Uses peekahead to
determine if parsing an import declaration or import expression.
The runtime call doesn't actually do the import yet, will be added in
follow on patch.
Adds a new --harmony-dynamic-import flag.
Adds a ignore_error_msg parameter to the test runner to ignore the
discrepancy in the error messages while parsing import expression with
parser and pre parser. This discrepancy will actually never happen in
real code.
BUG=v8:5785
Review-Url: https://codereview.chromium.org/2661933003
Cr-Commit-Position: refs/heads/master@{#42820}
This moves AsyncFunctionAwait{Caught,Uncaught} to CSA, and removes
async-await.js.
BUG=v8:5639
Review-Url: https://codereview.chromium.org/2643023002
Cr-Commit-Position: refs/heads/master@{#42579}
Reason for revert:
Flag is being removed for 5.8.
Original issue's description:
> [debugger] temporarily re-implement --expose-debug-as.
>
> This is done out of courtesy for Node.js and will be
> removed as soon as we branch for version 5.8.
>
> R=jgruber@chromium.org
>
> Review-Url: https://codereview.chromium.org/2636423002
> Cr-Commit-Position: refs/heads/master@{#42437}
> Committed: cbb7145221TBR=jgruber@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review-Url: https://codereview.chromium.org/2641283002
Cr-Commit-Position: refs/heads/master@{#42546}
Since the script origin is part of the key used in the compilation
cache, this ensures that the cache never confuses a module with a
non-module script.
BUG=v8:1569,v8:5685
Review-Url: https://codereview.chromium.org/2611643002
Cr-Commit-Position: refs/heads/master@{#42490}
This rewrites the rest property into a runtime call which sets up the
correct properties in the newly created object.
- Changes flag to --harmony-object-rest-spread
- Changes pattern rewriter to desugar rest property
- Adds new runtime function CopyDataPropertiesWithExcludedProperties
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2620943002
Cr-Commit-Position: refs/heads/master@{#42430}
Instead, it is supposed to just return an empty context if it failed.
Also don't invoke interceptors (we don't for the parts that deserialize
from the snapshot anyways).
BUG=v8:5830
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2636903002
Cr-Commit-Position: refs/heads/master@{#42404}
Before, in `var p1 = p.then(() => {}) we would trigger the
before/after callbacks with p as the associated promise, but we must
call it with p1.
Also removes promise from PromiseReactionJobInfo.
Review-Url: https://codereview.chromium.org/2633443002
Cr-Commit-Position: refs/heads/master@{#42295}
The constant field tracking implies data constants to be stored
in fields instead of descriptor arrays. This CL does necessary
modifications to the JSModuleNamespace map setup.
BUG=v8:1569, v8:5495
Review-Url: https://codereview.chromium.org/2625093005
Cr-Commit-Position: refs/heads/master@{#42294}
This function was only needed for extrasUtils. Since it was simply
calling a builtin function, just expose that builtin instead. This
requires an arguments adapter frame for the builtin. As a drive-by
fix, also added an arguments adapter for the extrasUtils.resolvePromise
(and a regression test).
Other cleanup: removed unused native context slot for PROMISE_SET_AND_CREATE.
R=gsathya@chromium.org
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2626793003
Cr-Commit-Position: refs/heads/master@{#42284}
With the new initialization semantics, the V8 ECMA 402 (Intl)
implementation does not need to indirect through a symbol to
get at the underlying object. This patch removes that indirection,
simplifying the implementation.
R=yangguo@chromium.org
BUG=v8:5751
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/2601833002
Cr-Commit-Position: refs/heads/master@{#42281}
This is a necessary cleanup before introducing PropertyConstness bit.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2624903003
Cr-Commit-Position: refs/heads/master@{#42277}
The pattern IsNull(isolate) || IsUndefined(isolate) is used in many places all
over the code base.
Review-Url: https://codereview.chromium.org/2601503002
Cr-Commit-Position: refs/heads/master@{#42138}
The attached chromium bug suggests that turning this on via a flag
regressed a perf test. Having previously run into slowdowns due
to experimental JS natives, my suspicion is that this regression
can be fixed by including the new builtins in the snapshot.
My intention is to land this patch to see if the regression
goes away on the bots.
Given the nature of this feature, it seems low-risk to remove
the runtime flag. If need be, it would be trivial to craft
a patch to remove these two methods from String.prototype
if we run into web compat issues during the release (note
that no release branch has yet picked up this feature).
BUG=v8:4954, chromium:677444
Review-Url: https://codereview.chromium.org/2610853010
Cr-Commit-Position: refs/heads/master@{#42111}
This patch adds parsing of spread object property.
-- Changes ParsePropertyName to parse Token::ELLIPSIS.
-- Throws if rest is encountered by setting a pattern error.
-- Adds a new PropertyKind enum (SPREAD)
-- Adds a new ObjectLiteralProperty::kind (SPREAD)
-- Adds a new harmony-object-spread flag and protects the parser code
with it.
-- Adds a new runtime function called CopyDataProperties
-- Does not add any support for this feature in fullcodegen.
-- Ignition calls out to a runtime function CopyDataProperties to
perform spread operation.
-- Move FastAssign from builtins-objects.cc to objects.cc
-- Refactor Builtin_ObjectAssign to use SetOrCopyDataProperties
Object rest will be implemented in a follow on patch.
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2606833002
Cr-Commit-Position: refs/heads/master@{#42102}
Add a more low level BranchIfFastPath to take the native_context and
promise_fun as args and change the existing one to use this.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2592933004
Cr-Commit-Position: refs/heads/master@{#42075}
These maps contain exactly the same information as the strict maps, so
this frees up a few pointers of native context space, gets rid of some
branches in FastNewClosure, and adds missing poisoned properties tests
for async functions.
BUG=v8:2355, v8:4483
R=adamk@chromium.org, bmeurer@chromium.org, littledan@chromium.org
Review-Url: https://codereview.chromium.org/2608333002
Cr-Commit-Position: refs/heads/master@{#42051}
Migrate Date.prototype.valueOf and Date.prototype[ @@toPrimitive ]
to use the CodeStubAssembler, to avoid going through C++ always
when comparing or subtracting two dates.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2608143003
Cr-Commit-Position: refs/heads/master@{#42030}
- Adds CodeAssembler::ConstructJS() to simplify calling JS functions as
constructors, used by NewPromiseCapability()
- Defines PromiseCapability as a special JSObject subclass, with a
non-exensible Map, and read-only non-configurable DataDescriptors which
point to its in-object fields. This allows its fields to be used by JS
builtins until there is no longer any need.
Currently, the performance benefit comes from
https://codereview.chromium.org/2567033003/, but does not appear to
regress performance in any significant way.
BUG=v8:5343
TBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2567333002
Cr-Commit-Position: refs/heads/master@{#42014}
This patch stores the promise, resolve, reject properties of the
deferred object created by CreateInternalPromiseCapability and
NewPromiseCapability directly on the promise (if the promise hasn't
been fulfilled), otherwise they are stored on the
PromiseReactionJobInfo.
This patch removes the currently unused
CreateInternalPromiseCapability and inlines the call to create the
deferred promise object.
NewPromiseCapability is the only function that works with a deferred.
This patch results in a 8.5% improvement in benchmarks over 5 runs.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2590563003
Cr-Commit-Position: refs/heads/master@{#41991}
This patch moves the creation of the Intl constructors from JavaScript
to C++ in bootstrapper.cc, to match all of the other builtins exposed
to the web.
BUG=v8:5751
Review-Url: https://codereview.chromium.org/2586763002
Cr-Commit-Position: refs/heads/master@{#41959}
This patch also refactors most of PromiseThen into InternalPromiseThen to
be reused with PromiseCatch and also changes InternalResolvePromise to
return and not branch.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2596553002
Cr-Commit-Position: refs/heads/master@{#41902}
This removes RegExpPrototypeSpeciesGetter and IteratorPrototypeIterator and
uses ReturnReceiver builtin instead.
This patch also ports the PromiseSpecies to TF by reusing this
builtin.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2590373002
Cr-Commit-Position: refs/heads/master@{#41879}
Previously, the Intl.DateTimeFormat constructor and other related paths had
a bug where the options bag passed in would be modified in place. This patch
makes V8's Intl implementation follow the specification's logic to avoid
such a modification.
BUG=v8:4219
Review-Url: https://codereview.chromium.org/2587703002
Cr-Commit-Position: refs/heads/master@{#41826}
This adds kInit, kResolve, kBefore and kAfter lifecycle hooks to promises.
This also exposes an API to set the PromiseHook.
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2575313002
Cr-Commit-Position: refs/heads/master@{#41775}
If a context snapshot includes the global proxy constructor function, we
expect the incoming global proxy to have the correct instance size so
that we can reinitialize it with said constructor. However, when the
bootstrapper allocates a new global proxy, we need to know the expected
size.
We solve this by storing the size on the to-be-serialized isolate.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2585693002
Cr-Commit-Position: refs/heads/master@{#41756}
Reason for revert:
LiveEdit is broken in some cases.
Original issue's description:
> Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
>
> Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
> we can use them as an index into an array, instead of using a
> WeakFixedArray where we have to do a linear scan.
>
> Hooking up liveedit is a bit more involved, see
> https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
> for an overview
>
> BUG=v8:5589
> R=verwaest@chromium.org,jgruber@chromium.org
>
> Committed: https://crrev.com/6595e7405769dc9d49e9568d61485efc6d468baf
> Cr-Commit-Position: refs/heads/master@{#41600}
TBR=jgruber@chromium.org,verwaest@chromium.org,yangguo@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5589,chromium:673950
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2578433002
Cr-Commit-Position: refs/heads/master@{#41684}
Splits PromiseHandle into two TF builtins to account for catch
prediction. An exception in PromiseHandleReject builtin results in a
"caught" prediction whereas an expception in PromiseHandle results in a
"promise rejection" prediction.
An extra is_exception_caught bit is added to Code to mark this catch
prediction behavior.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2572623002
Cr-Commit-Position: refs/heads/master@{#41683}
Aside from the default snapshot, there is no need for additional context
snapshots to have the ability to replace the global proxy and global object
after deserialization. Changes include:
- Changes to the API to better distinguish default context snapshot from
additional context snapshots.
- Disallow global handles when creating snapshots.
- Allow extensions when creating snapshots.
This solves the issue of not being able to having accessors and interceptors on
the global object of contexts to be serialized.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2557743003
Cr-Commit-Position: refs/heads/master@{#41588}
The patch was reverted due to a bug - we failed to evict OSR-optimized
code in the case where the SharedFunctionInfo OptimizedCodeMap was
empty/cleared.
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
Review-Url: https://codereview.chromium.org/2561083002
Cr-Commit-Position: refs/heads/master@{#41584}
-- Moves promiseHasHandlerSymbol to inobject property
-- Ports PromiseResolveClosure to TF
-- Fix a non spec async-await test which fails now because we do a map
check for native promise check (instead of IsPromise). Changing the
constructor (in the test) invalidates the map check.
This patch results in a 7.1% performance improvement in the bluebird
benchmark (over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2541283002
Cr-Commit-Position: refs/heads/master@{#41569}
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
BUG=
Review-Url: https://codereview.chromium.org/2549753002
Cr-Commit-Position: refs/heads/master@{#41554}
This allows to detect a static property also named 'name', and also makes sure 'name' is added last, to be standards-compliant.
BUG=v8:4199
Review-Url: https://codereview.chromium.org/2423053002
Cr-Commit-Position: refs/heads/master@{#41546}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11861
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> Object
> -- New JSObject for promises: JSPromise
>
> Builtins
> -- PromiseThen TFJ
> -- PromiseCreateAndSet TFJ for internal use
> -- PerformPromiseThen TFJ for internal use
> -- PromiseInit for initial promise setup
> -- SpeciesConstructor for use in PromiseThen
> -- ThrowIfNotJSReceiver for use in SpeciesConstructor
> -- AppendPromiseCallback to update FixedArray with new callback
> -- InternalPerformPromiseThen
>
> Promises.js
> -- Cleanup unused symbols
> -- Remove PerformPromiseThen
> -- Remove PromiseThen
> -- Remove PromiseSet
> -- Remove PromiseAttachCallbacks
>
> Runtime
> -- PromiseSet to set promise inobject values
> -- Refactor functions to use FixedArrays for callbacks instead of
> JSArray
> -- Runtime_PromiseStatus to return promise status
> -- Runtime_PromiseResult to return promise result
> -- Runtime_PromiseDeferred to return deferred attached to promise
> -- Runtime_PromiseRejectReactions to return reject reactions attached
> to promise
>
> This CL results in a 13.07% improvement in the promises benchmark
> (over 5 runs).
>
> BUG=v8:5343
>
> Committed: https://crrev.com/30b564c76f490f8f6b311a74b25b26cf0a96be2d
> Cr-Commit-Position: refs/heads/master@{#41503}
TBR=bmeurer@chromium.org,jgruber@chromium.org,caitp@igalia.com,gsathya@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2554013002
Cr-Commit-Position: refs/heads/master@{#41512}
-- New JSObject for promises: JSPromise
Builtins
-- PromiseThen TFJ
-- PromiseCreateAndSet TFJ for internal use
-- PerformPromiseThen TFJ for internal use
-- PromiseInit for initial promise setup
-- SpeciesConstructor for use in PromiseThen
-- ThrowIfNotJSReceiver for use in SpeciesConstructor
-- AppendPromiseCallback to update FixedArray with new callback
-- InternalPerformPromiseThen
Promises.js
-- Cleanup unused symbols
-- Remove PerformPromiseThen
-- Remove PromiseThen
-- Remove PromiseSet
-- Remove PromiseAttachCallbacks
Runtime
-- PromiseSet to set promise inobject values
-- Refactor functions to use FixedArrays for callbacks instead of
JSArray
-- Runtime_PromiseStatus to return promise status
-- Runtime_PromiseResult to return promise result
-- Runtime_PromiseDeferred to return deferred attached to promise
-- Runtime_PromiseRejectReactions to return reject reactions attached
to promise
This CL results in a 13.07% improvement in the promises benchmark
(over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2536463002
Cr-Commit-Position: refs/heads/master@{#41503}
During bootstrapping when installing the global object we copy over the
properties from the snapshotted global object to the one created from a
provided template. Originally Genesis::TransferNamedProperties just iterated
over the entries, making the final order hash and thus platform dependent.
This CL fixes this by sorting the keys by enumeration index before copying them
to the destination object and thus making the key enumaration on the global
object platform independent.
Drive-by-fix: avoid crash when printing the global object during bootstrapping.
BUG=chromium:669029
Review-Url: https://codereview.chromium.org/2533223002
Cr-Commit-Position: refs/heads/master@{#41502}
Microbenchmarks show 25% improvement over C++, 11% improvement over JS
for the constructor. We don't have a microbenchmark covering the compile
method.
Locally, octane/regexp improved by 2%.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2551443002
Cr-Commit-Position: refs/heads/master@{#41490}
This shows around a 2.2x speedup compared to the old JS implementation (and
3.5x compared to CPP) for the fast path.
Adds ToUint32 to CodeStubAssembler.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2532403002
Cr-Commit-Position: refs/heads/master@{#41408}
Microbenchmarks show a 4x improvement on the fast path and 2.5x improvement on
the slow path when compared to the CPP builtin implementation.
Compared to the old JS implementation, the fast path is 20% faster and the slow
path 35% slower.
BUG=v8:5339,v8:5562
Review-Url: https://codereview.chromium.org/2527963002
Cr-Commit-Position: refs/heads/master@{#41338}
If the prototype's map is not marked as fast, it is made fast after
setup, breaking current RegExp fast path checks.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2537483002
Cr-Commit-Position: refs/heads/master@{#41336}
This is the TurboFan counterpart of http://crrev.com/2504263004, but it
is a bit more involved, since in TurboFan we always inline the appropriate
call to the @@hasInstance handler, and by that we can optimize a lot more
patterns of instanceof than Crankshaft, and even yield fast instanceof
for custom @@hasInstance handlers (which we can now properly inline as
well).
Also we now properly optimize Function.prototype[@@hasInstance], even if
the right hand side of an instanceof doesn't have the Function.prototype
as its direct prototype.
For the baseline case, we still rely on the global protector cell, but
we can address that in a follow-up as well, and make it more robust in
general.
TEST=mjsunit/compiler/instanceof
BUG=v8:5640
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2511223003
Cr-Commit-Position: refs/heads/master@{#41092}
In Crankshaft we can actually do an abstract interpretation of the
@@hasInstance lookup when optimizing instanceof and then use the
normal machinery to protect the result instead of relying on the
global @@hasInstance protector cell for optimizations.
This recovers the 100x performance drop in Node.js v7 reported in
https://github.com/nodejs/node/issues/9634. This patch should be
easily back-mergable to Node.js v7.
BUG=v8:5640
R=yangguo@chromium.org,franzih@chromium.org
Review-Url: https://codereview.chromium.org/2504263004
Cr-Commit-Position: refs/heads/master@{#41059}
Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.
Only deals with the case where there is a single spread argument.
Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}
- A new runtime function (%create_resolving_functions) is installed to
call the CreateResolvingFunctions builtin from JS.
- Three new builtins are created - resolve and reject functions and a
third function that creates a new JSFunctions from these
resolve/reject builtins.
- The promise reject function is installed on the context temporarily
as internal_promise_reject. This should go away once we remove
PromiseSet.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2459283004
Cr-Commit-Position: refs/heads/master@{#40903}
line_ends is either undefined (if uninitialized) or a fixed array (after
Script::InitLineEnds). All accesses from JS have been removed, therefore
we can skip assigning a COW map and remove the accessor.
Review-Url: https://codereview.chromium.org/2490903002
Cr-Commit-Position: refs/heads/master@{#40876}
Previously we created a duplicate map because we couldn't set the
correct ElementsKind when we created the function. This patch updates
the ElementsKind field of the existing map directly instead of
creating a new one.
This patch also correctly sets the instance_size when we create the
map the first time.
Review-Url: https://codereview.chromium.org/2486193003
Cr-Commit-Position: refs/heads/master@{#40872}
This patch is a follow-up patch to enable gc statistics to use
TracingCategoryObserver.
Previously we need to pass --track_gc_object_stats to v8 if we want to enable
gc statistics in tracing. In this patch, we introducce an integer flag
FLAG_gc_stats, and FLAG_track_gc_object_stats and FLAG_trace_gc_object_stats
will set it to 0x01, tracing will set it to 0x10 when we start tracing and
reset the bit when we stop tracing.
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2459903003
Cr-Commit-Position: refs/heads/master@{#40817}
Reason for revert:
Speculative revert for blocking roll:
https://codereview.chromium.org/2473003006/
E.g.:
https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/331898
Original issue's description:
> [Tracing] Use TracingCategoryObserver in gc statistics
>
> This patch is a follow-up patch to enable gc statistics to use
> TracingCategoryObserver.
>
> Previously we need to pass --track_gc_object_stats to v8 if we want to enable
> gc statistics in tracing. In this patch, we introducce an integer flag
> FLAG_gc_stats, and FLAG_track_gc_object_stats and FLAG_trace_gc_object_stats
> will set it to 0x01, tracing will set it to 0x10 when we start tracing and
> reset the bit when we stop tracing.
>
> BUG=v8:5590
TBR=fmeawad@chromium.org,mlippautz@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2477143002
Cr-Commit-Position: refs/heads/master@{#40785}
This patch is a follow-up patch to enable gc statistics to use
TracingCategoryObserver.
Previously we need to pass --track_gc_object_stats to v8 if we want to enable
gc statistics in tracing. In this patch, we introducce an integer flag
FLAG_gc_stats, and FLAG_track_gc_object_stats and FLAG_trace_gc_object_stats
will set it to 0x01, tracing will set it to 0x10 when we start tracing and
reset the bit when we stop tracing.
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2459903003
Cr-Commit-Position: refs/heads/master@{#40777}
Both --harmony-object-values-entries and --harmony-object-own-property-descriptors
are on by default in v8 5.4, which has now shipped to
stable as Chrome 54.
R=caitp@igalia.com
Review-Url: https://codereview.chromium.org/2464733003
Cr-Commit-Position: refs/heads/master@{#40683}
This prepares the code-base so that Ignition can be enabled on a certain
subset of compilations without setting the {FLAG_ignition} flag (which
enables Ignition on all compilations). We should not check the flag in
question explicitly anywhere outside of the compiler heuristics.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2443573002
Cr-Commit-Position: refs/heads/master@{#40617}
Object.create(null) is most likely to be used for dictionary-like objects.
Hence it would be beneficial to directly create a slow-mode object and avoid
additional overhead later-on.
BUG=
Review-Url: https://codereview.chromium.org/2430273007
Cr-Commit-Position: refs/heads/master@{#40551}
Reason for revert:
Causes regressions: https://bugs.chromium.org/p/chromium/issues/detail?id=658711
Original issue's description:
> [compiler] Prepare for partially shipping Ignition.
>
> This prepares the code-base so that Ignition can be enabled on a certain
> subset of compilations without setting the {FLAG_ignition} flag (which
> enables Ignition on all compilations). We should not check the flag in
> question explicitly anywhere outside of the compiler heuristics.
>
> R=mvstanton@chromium.org
BUG=chromium:658711
TBR=mvstanton@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review-Url: https://codereview.chromium.org/2448443002
Cr-Commit-Position: refs/heads/master@{#40534}
This results in a speedup of around 2x. RegExpExec is also ported in
this CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2441993002
Cr-Commit-Position: refs/heads/master@{#40532}
This prepares the code-base so that Ignition can be enabled on a certain
subset of compilations without setting the {FLAG_ignition} flag (which
enables Ignition on all compilations). We should not check the flag in
question explicitly anywhere outside of the compiler heuristics.
R=mvstanton@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2443573002
Cr-Commit-Position: refs/heads/master@{#40507}
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.
R=mvstanton@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2427953002
Cr-Commit-Position: refs/heads/master@{#40462}
Implements the variations of CreateArrayIterator() in TFJ builtins
(ArrayPrototypeValues, ArrayPrototypeEntries and ArrayPrototypeKeys), and
provides two new Object types with numerous maps which identify certain
behaviours, which will be useful for inlining.
Removes src/js/array-iterator.js entirely
Also adds support for printing Symbol literals inserted by the Parser during
desugaring when FLAG_print_builtin_ast is set to true.
BUG=v8:5388
R=bmeurer@chromium.org, cbruni@chromium.orgTBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2405253006
Cr-Commit-Position: refs/heads/master@{#40373}
Now that all accesses to the last match info are in C++ and TF code, we can
finally turn the last match info into a FixedArray. Similar to the ArrayList,
it uses its first field to store its length and grows dynamically in amortized
O(1) time.
Unlike previously, this means that the last match info pointer stored on the
context can actually change (in case the FixedArray needs to grow).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415103002
Cr-Commit-Position: refs/heads/master@{#40308}
This ports RegExpInitialize, IsRegExp, InternalMatch and InternalReplace to C++
/ TurboFan. InternalMatch is in TurboFan because it calls RegExpExecStub and
needs to construct a RegExpResult (which are, respectively, a PlatformStub and
a CodeStubAssembler function).
Except for LastMatchInfo (and GetSubstitution, which could be moved to string.js
anytime), regexp.js is now completely empty.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2409513003
Cr-Commit-Position: refs/heads/master@{#40277}
This moves the implementation of @@replace from regexp.js to builtins-regexp.cc
(the TurboFan fast path) and runtime-regexp.cc (slow path). The fast path
handles all cases in which the regexp itself is an unmodified JSRegExp
instance, the given 'replace' argument is not callable and does not contain any
'$' characters (i.e. we are doing a string replacement).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398423002
Cr-Commit-Position: refs/heads/master@{#40253}
This CL ports RegExp.prototype[@@split] to C++. Performance
regressions are expected due to:
* Slow RegExpImpl::Exec implementation instead of RegExpExec
stub. We should be able to improve this by straight-lining
RegExpImpl::Exec.
* Slow Factory::NewSubString instead of SubStringStub.
* Slow elements access to lastMatchInfo.
These points will be addressed in a follow-up CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2401643002
Cr-Commit-Position: refs/heads/master@{#40161}
Also add a test for when the first argument is null or undefined, as there are no tests that cover this currently.
BUG=v8:5364
Review-Url: https://codereview.chromium.org/2399423003
Cr-Commit-Position: refs/heads/master@{#40127}
This CL ports RegExp.prototype.test, RegExp.prototype.match
and RegExp.prototype.search to C++.
Performance regressions are expected but should be improved
in an upcoming CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2394713003
Cr-Commit-Position: refs/heads/master@{#40122}
Again, fast paths could be added for unmodified JSRegExp instances.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2392463005
Cr-Commit-Position: refs/heads/master@{#40119}
Reason for revert:
String.includes crashes when called with null or undefined as the first param
Original issue's description:
> [builtins] Move StringIncludes to a builtin.
>
> BUG=v8:5364
>
> Committed: https://crrev.com/b374d719e79a5b32168c25c0cda30056f5e6e36c
> Cr-Commit-Position: refs/heads/master@{#40110}
TBR=franzih@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5364
Review-Url: https://codereview.chromium.org/2407793002
Cr-Commit-Position: refs/heads/master@{#40118}
This implements namespace imports (import * as foo from "bar"), except for the
@@iterator property on namespace objects (to be done later).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2388153003
Cr-Commit-Position: refs/heads/master@{#40096}
This reverts commit 7db0ecdec3.
Manual revert since automatic revert is too large for the web interface.
BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
This implicitly convers parseFloat on the global object as well, since
it's the same function. This is mostly straight-forward, but adds
another fast case for HeapNumbers as well.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2395373002
Cr-Commit-Position: refs/heads/master@{#40072}
Flag getters are implemented as TurboFan stubs while the rest are written as
C++. This distinction is somewhat arbitrary and more getters could be ported to
TurboFan in the future.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2389233002
Cr-Commit-Position: refs/heads/master@{#40036}
Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map, built ontop of the SimplifiedOperators StringCharCodeAt and the newly added StringFromCodePoint.
Also introduces a new StringFromCodePoint simplified op which may be useful for other String builtins, such as String.fromCodePoint()
BUG=v8:5388
R=bmeurer@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2373983004
Cr-Commit-Position: refs/heads/master@{#39994}
