This became temporarily a big issue, because spreads are desugared
into do-expressions. This patch fixes the problem with having
spreads as parameter initializers in arrow expressions, e.g., this
line would crash:
[], ((x = [...[42]]) => x)();
R=rossberg@chromium.org
BUG=chromium:578038
LOG=N
Review URL: https://codereview.chromium.org/1581403007
Cr-Commit-Position: refs/heads/master@{#33365}
Proxy.
If a constructable Proxy changes the target's prototype during the
prototype lookup the target's initial map stays uninitialized half-way
during object construction.
LOG=n
BUG=chromium:578039
Review URL: https://codereview.chromium.org/1586203003
Cr-Commit-Position: refs/heads/master@{#33359}
Make ForInPrepare take a kRegTriple8 operand and ForInNext take kRegPair8
operand for cache state. This is to ensure that the cache state output of
ForInPrepare is in consecutive registers to allow us to deopt the
ForInPrepare node from TF->Ignition (to be done in a followup CL).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1584813002
Cr-Commit-Position: refs/heads/master@{#33357}
Adds support for variable and function declarations in lookup slots to the
interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1583783003
Cr-Commit-Position: refs/heads/master@{#33355}
This includes anonymous Function, Generator, and Class declarations when
preceded by 'export default'. Parsing only at the moment, nothing useful is
done with the parsed Function/ClassLiteral.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/1589173002
Cr-Commit-Position: refs/heads/master@{#33344}
When derived constructors return a non-object (or not undefined) we
currently throw an exception directly in the callee context. This was
achieved by desugaring the return statement for derived classes. To
be spec compliamnt a separate ConstructStubForDerived is introduced.
Instead of trowing directly, the desugared return statement inside
a derived constructor only returns an integer to indicate an incompatible
result.
BUG=v8:4509
LOG=n
Review URL: https://codereview.chromium.org/1593553002
Cr-Commit-Position: refs/heads/master@{#33336}
We can return the creation context of the [[BoundTargetFunction]], and
don't need to remember the context in which the function was bound.
R=verwaest@chromium.org
BUG=chromium:535408
LOG=n
Review URL: https://codereview.chromium.org/1590273002
Cr-Commit-Position: refs/heads/master@{#33332}
That way, we don't have to implement the fast <-> slow migration logic,
and we don't allocate in-object properties anyways
BUG=chromium:571365
R=verwaest@chromium.org,neis@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1582773003
Cr-Commit-Position: refs/heads/master@{#33328}
Previous changes with subclassable builtins and @@species were a bit
aggressive in making TypedArray.prototype.subarray act like the
ES2016 specification in terms of returning an instance of the
subclass as a result. It turns out that Node.js, and extracted
libraries for the web, subclass TypedArrays but don't expect the
subclass constructor to be called by subarray. @@species will provide
an escape hatch, but it has not shipped yet, and will take some time
for uptake by libraries.
For now, this patch makes TypedArray.prototype.subarray fall back to
constructing an instance of the parent TypedArray class, such as
Uint8Array.
R=adamk
LOG=Y
BUG=v8:4665
Review URL: https://codereview.chromium.org/1583773005
Cr-Commit-Position: refs/heads/master@{#33312}
This avoids generating different scopes on the two compilation passes, which
results in various delirious side-effects.
There's some cleanup to be done in lazy arrow function parsing, but I'd
rather do that in a separate patch, with this one targeted at fixing the
particular crash.
BUG=chromium:572589
LOG=n
Review URL: https://codereview.chromium.org/1575333004
Cr-Commit-Position: refs/heads/master@{#33311}
Respective declarations will explicitly initialise slots
with the hole anyway, so this always was unnecessary.
With varblocks it even became wrong, because block contexts
may now host var bindings, which want undefined.
Fixes the hole leaking when accessing an unitialised,
block-context-allocated var.
R=neis@chromium.org
BUG=571149
LOG=N
Review URL: https://codereview.chromium.org/1584243002
Cr-Commit-Position: refs/heads/master@{#33309}
As luck would have it, there doesn't seem to be a way to trigger
observable misbehavior currently (only with special flags).
BUG=chromium:380671
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1588013002
Cr-Commit-Position: refs/heads/master@{#33305}
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1587033002
Cr-Commit-Position: refs/heads/master@{#33296}
CompatibleReceiverCheck used by the HandleFastApiCall builtin was terminating with failure upon encountering a hidden prototype.
It should actually stop iterating on the first non-hidden prototype.
BUG=
Review URL: https://codereview.chromium.org/1576423003
Cr-Commit-Position: refs/heads/master@{#33294}
This solves a bug discovered with fast accessors, where a pre-age prologue
was written into a stub. Since StaticMarkingVisitor<.>::IsFlushable will
only flush Code::FUNCTION [1], we'll restrict GeneratePreagedPrologue to
functions, too, instead of adding a Code::STUB restriction.
Also, generalize api accessor test cases to --optimize-for-size.
Also, fix CompilationCacheCachingBehavior for --optimize-for-size.
[1] https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/heap/objects-visiting-inl.h&l=629-632
R=epertoso
BUG=
Review URL: https://codereview.chromium.org/1580323003
Cr-Commit-Position: refs/heads/master@{#33291}
The bulk of these were marked simply '[PASS]', while one was marked
'[PASS, FAIL]' but seems to always pass.
BUG=v8:3305, v8:4405
LOG=n
Review URL: https://codereview.chromium.org/1584863003
Cr-Commit-Position: refs/heads/master@{#33277}
Removes assignment hazard scope. Reverts back to the naive scheme of
allocating a temporary for every variable load. It was decided to revert it
because the current implementation does not handle logical expressions,
ternary operators, visiting objects in named/keyed loads. Also, we wanted
to evaluate alternate approaches and choose one when we have a mechanism
to measure performance.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1576403004
Cr-Commit-Position: refs/heads/master@{#33269}
Once we use type feedback, we need to reflect the feedback in the types, propagate
the new narrower types forward and use them in the subsequent
representation inference. This CL propagates and uses the recomputed types
for Phi and Select nodes (rather than using the types from the typer).
Review URL: https://codereview.chromium.org/1580353003
Cr-Commit-Position: refs/heads/master@{#33268}
This bug improves performance of escape analysis.
* A allocation discovery phase (EscapeAnalysis::AssignAliases)
ensures compact representation of virtual state
* Node revisiting in EscapeStatusAnalysis has been improved
* Escape analysis no longer requires a trimmed graph
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1559123003
Cr-Commit-Position: refs/heads/master@{#33267}
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.
Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1573243009
Cr-Commit-Position: refs/heads/master@{#33265}
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1575973006
Cr-Commit-Position: refs/heads/master@{#33258}
There's no need to mark these as possibly-direct-eval, since all such an
eval-tagged string will ever get passed is the array of string parts, which
will be immediately returns (since it's not a string). It will
never do a lookup in the current scope, nor (in sloppy mode) introduce
new declarations.
This patch is not intended to change behavior, but I've added tests that
demonstrate the stuff explained in the preceding paragraph.
Review URL: https://codereview.chromium.org/1580463003
Cr-Commit-Position: refs/heads/master@{#33245}
This fixes a number of crashes where other code was assuming there would
be at least one deopt point in all optimized functions (i.e., the
StackCheck) but we weren't producing any.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1572333002
Cr-Commit-Position: refs/heads/master@{#33243}
Adds support for LOOKUP_SLOT_CALL calls to the interpreter. Also changes
VisitCall to keep callee and reciever consecutive to avoid register
shuffles when performing LOOKUP_SLOT_CALL calls. Adds tests for the
interpreter and bytecode graph generator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1568323002
Cr-Commit-Position: refs/heads/master@{#33237}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33231}
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711
Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574
Review URL: https://codereview.chromium.org/1574223002
Cr-Commit-Position: refs/heads/master@{#33230}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33228}
This patch makes Promise.prototype.then use @@species as specified
in ES2015. The fix is hoped for by certain users, such as legacy
core.js versions which encounter an unhandled Promise reject (complete
with an ugly console message) when Promise subclassing is supported
in a mostly correct way, and we do error checking on Promise
constructors, but @@species is not supported.
BUG=chromium:575314,v8:4633
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1577223002
Cr-Commit-Position: refs/heads/master@{#33225}
This patch improves ArrayBuffer and TypedArray subclassing by adding
support for @@species and constructing outputs to certain methods
by creating an instance of the constructor determined by the
SpeciesConstructor algorithm, rather than fixed to a superclass or
naively the constructor. The new behavior is enabled by the
--harmony-species flag. Care is taken to not significantly change the
observable behavior when the flag is off. Previously, TypedArrays
already supported subclassing by reading the constructor of the
receiver, but ArrayBuffers did not, and this old behavior is
preserved and tested for, to avoid a multi-stage upgrade path and keep
things simple for users.
R=adamk
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1574903004
Cr-Commit-Position: refs/heads/master@{#33223}
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.
R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1571873004
Cr-Commit-Position: refs/heads/master@{#33218}
As V8 becomes more and more spec-compliant, Promise polyfill libraries
like core.js expect fully correct. However, our Promises do not yet
support Symbol.species. Therefore, a case like
```
var test = new Promise(function(){});
test.constructor = function(){};
Promise.resolve(test)
```
would lead to an unhandled Promise rejection, whereas it should not
because test.constructor[Symbol.species] is undefined, so test.then
should end up constructing %Promise% as a fallback, rather than
calling test.constructor as if it were a constructor, which leads
this error checking code to throw.
For now, this patch removes the error checking code (which was not
present until recently). In an interactive test using core.js, the
error message on the console goes away with this patch. When @@species
support is in place, this patch can be reverted. A regression test
is added which checks for the same thing.
Partially reverted patch was originally out for review at
https://codereview.chromium.org/1531073004
BUG=v8:4633
LOG=Y
R=adamk,caitp88@gmail.com
Review URL: https://codereview.chromium.org/1578893002
Cr-Commit-Position: refs/heads/master@{#33217}
Does not remove the extra private state added, as doing so seems to break the
debugger.
Fixes new Test262 tests:
- built-ins/Promise/race/same-resolve-function
- built-ins/Promise/race/same-reject-function
BUG=v8:4632
LOG=N
R=littledan@chromium.org, cbruni@chromium.org
Review URL: https://codereview.chromium.org/1538853002
Cr-Commit-Position: refs/heads/master@{#33214}
Reason for revert:
Crash fixed by https://codereview.chromium.org/1564923007
Original issue's description:
> Revert of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #7 id:120001 of https://codereview.chromium.org/1551443002/ )
>
> Reason for revert:
> Causes frequent crashes in Canary: chromium:537816
>
> Original issue's description:
> > Ship ES2015 sloppy-mode function hoisting, let, class
> >
> > This patch doesn't ship all features of ES2015 variable/scoping
> > changes, notably omitting the removal of legacy const. I think
> > function hoisting, let and class in sloppy mode can stand to
> > themselves as a package, and the legacy const change is much
> > riskier and more likely to be reverted, so my intention is to
> > pursue those as a separate, follow-on patch.
> >
> > R=adamk@chromium.org
> > BUG=v8:4285,v8:3305
> > LOG=Y
> > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> >
> > Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> > Cr-Commit-Position: refs/heads/master@{#33133}
>
> TBR=adamk@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:4285,v8:3305,chromium:537816
> LOG=Y
>
> Committed: https://crrev.com/adac5956c6216056a211cfaa460a00ac1500d8f8
> Cr-Commit-Position: refs/heads/master@{#33162}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285,v8:3305,chromium:537816
Review URL: https://codereview.chromium.org/1571793002
Cr-Commit-Position: refs/heads/master@{#33189}
Fixed a bug in VisitForInAssignment. After visiting the object the value
to be stored was not loaded back to the accumulator. Also added two tests
to check this case.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1571753002
Cr-Commit-Position: refs/heads/master@{#33188}
Adds support for the CallRuntimeForPair bytecode to the Bytecode Graph
Builder. Modifies the FrameState support to allow updating of output
registers.
Also adds Eval tests to test-run-bytecode-graph-builder since these are
enabled by CallRuntimeForPair support.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1570623007
Cr-Commit-Position: refs/heads/master@{#33186}
The sloppy block-scoped function declaration placeholder statements
are held in parser_zone_-allocated hashtables. These hashtables are
not updated when local_zone_s are removed. Therefore, the
NewSloppyBlockFunctionStatement method should allocate
SloppyBlockScopeFunctionStatements in the parser_zone_ to avoid a
use-after-free. Scope fixup code may end up updating something which
is thrown away, but this is a small cost and much simpler than
removing dead hashtable entries later.
R=adamk
LOG=Y
BUG=chromium:537816
Review URL: https://codereview.chromium.org/1564923007
Cr-Commit-Position: refs/heads/master@{#33185}
Adds support for calling eval to the interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1508293003
Cr-Commit-Position: refs/heads/master@{#33184}
This patch introduces a mechanism for changing the scope of temporary
variables, which is necessary for rewriting arrow parameter
initializers.
It also fixes a potential bug in AstExpressionVisitor, which did not
visit the automatically generated members of ForEachStatement.
Fixes test/mjsunit/harmony/regress/regress-4658.js
R=rossberg@chromium.org
BUG=v8:4658
LOG=N
Review URL: https://codereview.chromium.org/1564343002
Cr-Commit-Position: refs/heads/master@{#33183}
Adds support for calling runtime functions which return a pair of
values. Adds the bytecode CallRuntimePair. Also adds support to TurboFan
for calling stubs which return multiple values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1568493002
Cr-Commit-Position: refs/heads/master@{#33181}
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1567353002
Cr-Commit-Position: refs/heads/master@{#33172}
Requesting reservation of a wasm section for experimentation with
storing source code meta information, such as source code comments,
and also extra inform on presentation of the AST such an `if-block`
pattern being presented as a `when` operation.
The wasm design already defines unrecognized sections to be ignored,
and this reserved section is ignored. This section is only intended to
hold source code meta information and to have no effect on code
execution.
With wasm going live (behind a flag) on v8, I would also like to be
able to give people something to play with in terms of the deployed
binary code being a useful source code. It's all experimental, but I
understand the entire binary format that V8 is currently using is
basically a throwaway, and that the working strategy is to get
something running and then revisit format decisions.
I would like a fixed reserved section number to avoid potential
clashes with other projects - although I am not aware of any other
calls for addition sections beyond the need for debug info. If a fixed
number is not acceptable, then could this patch alternatively ignore
all unrecognized sections and perhaps add the section size to them
all - something which is already noted todo in the design document?
BUG=
Review URL: https://codereview.chromium.org/1565693002
Cr-Commit-Position: refs/heads/master@{#33165}
Testing the promise status is not enough to ensure that resolve functions are
called only once.
This change adds a similar version of the [[AlreadyResolved]] slot to the
Promise.all resolve element function, and also ensures that [[AlreadyResolved]]
is respected in the Promise executor, and when resolving thenables. This means
replacing PromiseReject() shortcuts with promiseCapability.reject(), which has
an [[AlreadyResolved]] record in a context slot.
Also ensures that changes to the list accumulator in Promise.all() is not observable
via accessors installed in the Array prototype chain, using the same mechanism used
in several Array methods.
Fixes the following Test262 tests:
- built-ins/Promise/all/call-resolve-element-items.js
- built-ins/Promise/all/call-resolve-element.js
- built-ins/Promise/all/call-resolve-element-after-return.js
- built-ins/Promise/all/same-reject-function.js
- built-ins/Promise/all/resolve-from-same-thenable.js
- built-ins/Promise/all/resolve-before-loop-exit.js
- built-ins/Promise/all/resolve-before-loop-exit-from-same.js
- built-ins/Promise/exception-after-resolve-in-executor.js
- built-ins/Promise/exception-after-resolve-in-thenable-job.js
- built-ins/Promise/all/does-not-invoke-array-setters.js
BUG=v8:4633
LOG=N
R=littledan@chromium.org, cbruni@chromium.org
Review URL: https://codereview.chromium.org/1534813005
Cr-Commit-Position: refs/heads/master@{#33163}
Reason for revert:
Causes frequent crashes in Canary: chromium:537816
Original issue's description:
> Ship ES2015 sloppy-mode function hoisting, let, class
>
> This patch doesn't ship all features of ES2015 variable/scoping
> changes, notably omitting the removal of legacy const. I think
> function hoisting, let and class in sloppy mode can stand to
> themselves as a package, and the legacy const change is much
> riskier and more likely to be reverted, so my intention is to
> pursue those as a separate, follow-on patch.
>
> R=adamk@chromium.org
> BUG=v8:4285,v8:3305
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> Cr-Commit-Position: refs/heads/master@{#33133}
TBR=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4285,v8:3305,chromium:537816
LOG=Y
Review URL: https://codereview.chromium.org/1565263002
Cr-Commit-Position: refs/heads/master@{#33162}
Some tests passed a string as second argument to assertThrows, expecting it to
be matched against the exception. However, assertThrows simply ignored these.
(Some other tests actually seem to use that argument as a comment ...)
This CL
- changes assertThrows to fail if the second argument is not a function,
- adds assertThrowsEquals which compares the exception to a given value using
assertEquals
- fixes some bogus tests that got exposed by this.
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1544793002
Cr-Commit-Position: refs/heads/master@{#33159}
This patch implements @@species, guarded behind the --harmony-species
flag, on Arrays. Methods which return an Array will instead return
the appropriate instance based on the ArraySpeciesCreate algorithm.
The algorithm is implemented in C++ to get access to realm information
and to implement some Array methods in C++, but it is also accessed
from JavaScript through a new runtime function. A couple interactive
Octane runs show no performance regression with the flag turned off,
but turning --harmony-species on will surely have a significant
regression, as Array methods now heavily use ObjectDefineProperty.
BUG=v8:4093
LOG=Y
R=adamk,cbruni
Review URL: https://codereview.chromium.org/1560763002
Cr-Commit-Position: refs/heads/master@{#33144}
The reason is same as the CL #31808 (issue 1430943002, X87: Change the test case for X87 float operations), please refer: https://codereview.chromium.org/1430943002/
Here is the key comments from CL #31808
Some new test cases use CheckFloatEq(...) and CheckDoubleEq(...) function for result check. When GCC compiling the CheckFloatEq() and CheckDoubleEq() function, those inlined functions has different behavior comparing with GCC ia32 build and x87 build.
The major difference is sse float register still has single precision rounding semantic. While X87 register has no such rounding precsion semantic when directly use register value.
The V8 turbofan JITTed has exactly same result in both X87 and IA32 port.
So we add the following sentence to do type case to keep the same precision for Run_WasmCall_Float32Sub.
Such as: volatile float expect = *i +/- *j; // *i +/- *j, etc.
BUG=
Review URL: https://codereview.chromium.org/1561023002
Cr-Commit-Position: refs/heads/master@{#33143}
This required refactoring ParsePropertyDefinition to pass the parsed
string name as an out param, since ObjectLiteralProperty stores Smis
for Smi-representable property keys.
Computed properties are not yet handled in this patch.
BUG=v8:3699
LOG=n
Review URL: https://codereview.chromium.org/1563923002
Cr-Commit-Position: refs/heads/master@{#33141}
Addresses TODO by Dan --- simply by moving the check and exception
earlier in the function, before calling NewPromiseCapability() or
loading the constructor.
BUG=v8:4633
LOG=N
R=adamk@chromium.org, littledan@chromium.org, cbruni@chromium.org
Fixes 'test262/built-ins/Promise/prototype/then/context-check-on-entry'
Review URL: https://codereview.chromium.org/1561193002
Cr-Commit-Position: refs/heads/master@{#33137}
Several ports to enable r6 compact branch optimizations on MIPS64
Port 3573d3cb58
Original commit message:
MIPS: r6 compact branch optimization.
Port bddf8c9e08
Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()
Port 6993cd0de5
Original commit message:
MIPS: Fix 'MIPS:r6 compact branch optimization.'
Jic and jialc compact branch ops are fixed as they does
not have 'forbidden slot' restriction. Also COP1 branches
(CTI instructions) added to IsForbiddenAfterBranchInstr().
Port bb332195d3
Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()
Port c91bcf7192
Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()
for r6.
BUG=
Review URL: https://codereview.chromium.org/1534183002
Cr-Commit-Position: refs/heads/master@{#33136}
This patch doesn't ship all features of ES2015 variable/scoping
changes, notably omitting the removal of legacy const. I think
function hoisting, let and class in sloppy mode can stand to
themselves as a package, and the legacy const change is much
riskier and more likely to be reverted, so my intention is to
pursue those as a separate, follow-on patch.
R=adamk@chromium.org
BUG=v8:4285,v8:3305
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1551443002
Cr-Commit-Position: refs/heads/master@{#33133}
Correctly validate promise capabilities in NewPromiseCapabilities() and in
GetCapabilitiesExtractor(). Also explicitly follows Promise.race step 2 and
similar cases in the spec, rather than passing tests asserting these steps
are taken in NewPromiseCapability
Also changes Promise.reject to match specification.
Fixes the following test262 tests:
- built-ins/Promise/all/capability-executor-called-twice.js
- built-ins/Promise/all/capability-executor-not-callable.js
- built-ins/Promise/prototype/then/capability-executor-called-twice.js
- built-ins/Promise/prototype/then/capability-executor-not-callable.js
- built-ins/Promise/reject/capability-executor-called-twice.js
- built-ins/Promise/reject/capability-executor-not-callable.js
- built-ins/Promise/resolve/capability-executor-called-twice.js
- built-ins/Promise/resolve/capability-executor-not-callable.js
- built-ins/Promise/race/capability-executor-called-twice.js
- built-ins/Promise/race/capability-executor-not-callable.js
- built-ins/Promise/reject/S25.4.4.4_A3.1_T1.js
- built-ins/Promise/race/S25.4.4.3_A3.1_T2.js
Per v8:3641, mjsunit/es6/debug-promises/throw-with-undefined-reject.js becomes invalid. The exception is thrown before the chain handler is ever invoked, and is caught externally by d8's own handler --- thus evading the uncaught exception event.
BUG=v8:4633, v8:4631, v8:4243, v8:3641
LOG=N
R=littledan@chromium.org, cbruni@chromium.org
Review URL: https://codereview.chromium.org/1531073004
Cr-Commit-Position: refs/heads/master@{#33128}
Work around ppc assembler use of Mul, Div macros.
Disable several tests that fail for nosse4.
Disable several tests that fail for msan.
BUG=
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1562513002
Cr-Commit-Position: refs/heads/master@{#33126}
This increases the size of addressable constant pool entries for jumps
to match other bytecodes using operands indexing the constant pool.
This change also introduces reservations for constant pool entries.
Reservations are used for forward jumps to ensure a constant pool entry
will be available when the jump target (label) is bound and the jump is
patched up in the bytecode array.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1546683002
Cr-Commit-Position: refs/heads/master@{#33125}
Throws an error if rest parameters are used. This feature is not
yet supported in interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1561603002
Cr-Commit-Position: refs/heads/master@{#33120}
For a prototype chain foo -> global_proxy -> global_object, we used to
register a dependency from foo -> global_object. This is incorrect when
the global_proxy/global_object pairing is modified, e.g. when navigating
in iframes. With this patch, we properly register foo -> global_proxy and
global_proxy -> global_object dependencies.
Additionally, when a prototype's prototype changes from null to something
else, this new usage relation must be registered if there are other users
further down on the prototype chain that might expect a complete chain of
registrations to exist (which was the case before, and must be preserved).
BUG=chromium:571517
LOG=n
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1559323002
Cr-Commit-Position: refs/heads/master@{#33119}
Deopt support is added on two levels. On the IR level,
a new ObjectState node is added, which represenents an
object to be materialized. ObjectState nodes appear as
inputs of FrameState and StateValues nodes. On the
instruction select/code-generation level, the
FrameStateDescriptor class handles the nesting
introduced by ObjectState, and ensures that deopt code
with CAPTURED_OBJECT/DUPLICATED_OBJECT entries are
generated similarly to what crankshaft's escape
analysis does.
Two unittests test correctness of the IR level implementation.
Correctness for instruction selection / code generation
is tested by mjsunit tests.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1485183002
Cr-Commit-Position: refs/heads/master@{#33115}
Almost all of the Date builtins always call into C++ at least once
anyway, so parsing, compiling and executing the JavaScript wrappers
is just a waste of time. The most important part here is the Date
constructor itself, which is one of the blockers for new.target in
TurboFan, because compiling the Date constructor takes too much time
with TurboFan (for no reason since we end up in C++ anway).
R=cbruni@chromium.org
Review URL: https://codereview.chromium.org/1556333002
Cr-Commit-Position: refs/heads/master@{#33109}
In the Date constructor or Date.parse, other browsers will accept time
zones like GMT-8, but before this patch, Chrome would interpret 8 as
8 minutes. This patch interprets GMT-+ a one or two digit number as hours,
not minutes.
R=adamk,jshin@chromium.org
LOG=Y
BUG=chromium:422858
Review URL: https://codereview.chromium.org/1557053002
Cr-Commit-Position: refs/heads/master@{#33100}
1. Location names with more than one underscores (e.g. Ho_Chi_Minh)
didn't work because of the way capturing works with repeated patterns
in RE. It's now supported by changing the RE to capture the whole string
and splitting on '_' in the next step.
2. Adds support for location names with a hyphen
3. Adds support for timezone ids with three parts (e.g.
American/Argentina/Buenos_Aires)
4. Adds special handling of 'au', 'es' and 'of' in zone ids. They need to be kept in lowercase. (see the full list at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones )
5. Adds regression tests for all the above and make the existing tests
more robust against future ICU changes. ICU canonicalizes zone names to
deprecated names, but it may change. (
http://bugs.icu-project.org/trac/ticket/12044 )
BUG=364374
LOG=Y
Review URL: https://codereview.chromium.org/1529363005
Cr-Commit-Position: refs/heads/master@{#33097}
This patch adds the basis for subclassing TypedArrays, Arrays and
ArrayBuffers through the @@species hook, added in ES2015. This is
the first patch in a series. This patch simply defines the
@@species Symbol and installs it on the appropriate constructors.
The behavior is guarded behind the --harmony-species flag.
R=cbruni
BUG=v8:4093
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1558543002
Cr-Commit-Position: refs/heads/master@{#33095}
New bytecodes for making registers with indicies wider than 1-byte
accessible.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1555713002
Cr-Commit-Position: refs/heads/master@{#33091}
Adds --turbo to the set of flags run with ignition (making the
configuration pure Ignition+TurboFan except for fallbacks to
full-codegen for catch / eval). Also changes the default
--ignition-filter to allow everything, rather than omit everything.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1537433003
Cr-Commit-Position: refs/heads/master@{#33090}
Add control for the ignition test suites. This will be
followed by a change on the infra side that targets the
ignition set instead of the hardcoded mjsunit.
After that, cctest can be enabled in a separate CL. This CL
already includes the logic for running cctest for ignition
on swarming.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1559943002
Cr-Commit-Position: refs/heads/master@{#33089}
This restricts turbofan to turbofan-supported subset for the shipping
configuration ("use asm" and features unsupported by Crankshaft).
Without this, we compile with Turbofan even when there is
try-catch-finally as long as the function is "use asm" or
it contains a feature unsupported by crankshaft but supported
by turbofan (e.g., 'with' statement).
BUG=
Review URL: https://codereview.chromium.org/1552233002
Cr-Commit-Position: refs/heads/master@{#33085}
In addition to ThrowTypeError not being a constructor, it was invalidly set up by simply swapping the map. Swapping the map is insufficient since NewFunction* actually set up the function depending on the used map.
BUG=chromium:573858
LOG=n
Review URL: https://codereview.chromium.org/1552223002
Cr-Commit-Position: refs/heads/master@{#33082}
