This passes the new.target value in a register instead of through a
side-channel via the construct stub. The interpreter entry trampoline
stores this value in a bytecode register so that it can be accessed
directly by the interpreter. The size of the interpreter stack frame
hence grows by one slot.
R=oth@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1469313002
Cr-Commit-Position: refs/heads/master@{#32264}
The Float32RoundUp operator rounds float32 numbers towards infinity.
The operator is currently implemented on x64, ia32, arm, and arm64.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1474963002
Cr-Commit-Position: refs/heads/master@{#32262}
This is the initial step towards refactoring the regexp literation
creation code to make it less obscure and more similar to the mechanism
we use to create array and object literals. There's now a new runtime
entry %CreateRegExpLiteral with the same interface as the entries for
array and object literals, except that we still pass the flags as
string.
Instead of embedding the hand written native to clone JSRegExp instances
we now have a FastCloneRegExpStub, which behaves similar to the other
FastCloneShallowArrayStub and FastCloneShallowObjectStub that we already
had.
R=mlippautz@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/1475823003
Cr-Commit-Position: refs/heads/master@{#32255}
This change replaces the bitwise masking of uses by storing the most general truncation for all uses.
Review URL: https://codereview.chromium.org/1464763003
Cr-Commit-Position: refs/heads/master@{#32248}
The first bug was that there are two different "initialization positions"
passed into PatternRewriter::DeclareAndInitializeVariables, and we weren't
setting them all properly for this case.
After further code review, it became clear that we weren't even recording
the correct position (the end of the initializer expression).
The combination of those two bugs caused the hole check elimination code
in full-codegen to skip emitting a hole check.
This patch takes care of both of those things. A follow-up will try
to reduce the number of "initializer positions" we track in the
variable declaration code.
R=littledan@chromium.org
BUG=v8:4568
LOG=n
Review URL: https://codereview.chromium.org/1468143004
Cr-Commit-Position: refs/heads/master@{#32237}
For web compat reasons, we support an initializer in the declaration
part of a for-in loop. But we should disallow this for destructured
declarations (just as we do for lexical declarations). In fact, without
disallowing it, we crash.
Also fix up the PreParser to have the same restrictions here as the parser
(the lexical check was missing there), verified by running the message tests
with --min-preparse-length=0.
In fixing the logic I've also cleaned up the code a bit, removing the
only-called-once DeclarationParsingResult::SingleName method.
BUG=v8:811
LOG=n
Review URL: https://codereview.chromium.org/1471973003
Cr-Commit-Position: refs/heads/master@{#32236}
Don't replace `TruncateFloat64ToInt32(RoundInt64ToFloat64(value))` with
`value`. Generally, `value` may have a range bigger than the one that
could fit into Int32. Replace it with `TruncateInt64ToInt32(value)`
instead, and only if the `value` fits into Float64 without precision
loss.
Add missing mjsunit test for 52bit multiplication/division optimization
that has landed in refs/heads/master@{#31899}.
BUG=
R=titzer@google.com
Review URL: https://codereview.chromium.org/1433353006
Cr-Commit-Position: refs/heads/master@{#32227}
Reason for revert:
Fails on V8 Fuzzer: https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/6028
Original issue's description:
> Move --harmony-destructuring-bind to shipping
>
> Also fix CheckConflictingVarDeclarations() to properly handle
> legacy const bindings. Without that change enabling the flag
> causes code like:
>
> function f() { const x; var x; }
>
> to throw an early error, rather than wait to throw the error
> until f is invoked.
>
> BUG=v8:811
> LOG=y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/515093630a4a925a66d550561e38293d49633f10
> Cr-Commit-Position: refs/heads/master@{#32222}
TBR=rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811
Review URL: https://codereview.chromium.org/1470333002
Cr-Commit-Position: refs/heads/master@{#32226}
Adds code and tests to support CreateClosure bytecode when building
graphs.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1458603012
Cr-Commit-Position: refs/heads/master@{#32224}
Also fix CheckConflictingVarDeclarations() to properly handle
legacy const bindings. Without that change enabling the flag
causes code like:
function f() { const x; var x; }
to throw an early error, rather than wait to throw the error
until f is invoked.
BUG=v8:811
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1451843002
Cr-Commit-Position: refs/heads/master@{#32222}
Change the runtime entries and their associated code stubs for object
and array literal creation to take the closure instead of the raw
literals pointer. This is way easier to deal with (and cleaner) in
TurboFan.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1469833005
Cr-Commit-Position: refs/heads/master@{#32220}
Makes it possible for the the inline allocation observers to be sample the
actual object allocation on which the notification triggers.
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1460063006
Cr-Commit-Position: refs/heads/master@{#32209}
Put the constant parts of the CreateLiteralArray and CreateLiteralObject
operators into CreateLiteralParameters and properly use them everywhere.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1475613002
Cr-Commit-Position: refs/heads/master@{#32207}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1469543003
Cr-Commit-Position: refs/heads/master@{#32194}
In a function expression, 'yield' is allowed, even if the expression
occurs inside a generator. Similarly, even in a non-generator,
a generator expression's name must not be 'yield'.
BUG=v8:3983
LOG=n
Review URL: https://codereview.chromium.org/1460393003
Cr-Commit-Position: refs/heads/master@{#32188}
This simplifies the layout of dependent code array and optimizes it for sparse dependency groups.
BUG=chromium:554488
LOG=NO
Review URL: https://codereview.chromium.org/1435313002
Cr-Commit-Position: refs/heads/master@{#32170}
We should not be counting the bump pointer allocations done during scavenge as
the objects are copied. The inline allocation observers were getting unnecessary
notifications.
R=hpayer@chromium.org, ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1465633002
Cr-Commit-Position: refs/heads/master@{#32153}
