This is needed by Blink to implement the Custom Elements spec.
BUG=v8:4261
LOG=y
Review-Url: https://codereview.chromium.org/1910253005
Cr-Commit-Position: refs/heads/master@{#35833}
The Oddball::to_number_raw field contains the actual double value of the
Oddball converted to a number, and is located at the same offset as the
HeapNumber::value field, so for lowering changes we don't need to check
for undefined (or any other oddball explicitly).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1922443002
Cr-Commit-Position: refs/heads/master@{#35753}
As the code on the blink side sits down, we realize we don't need isolate arg
anymore. As the heap tracer is set per isolate, it can actually be confusing if
the isolate passed as argument is always the same as the isolate the heap tracer
was set for. Wdyt?
BUG=468240
LOG=no
Review URL: https://codereview.chromium.org/1900953003
Cr-Commit-Position: refs/heads/master@{#35620}
Reason for revert:
node.js is updated now
Original issue's description:
> Revert of [api] Restrict Template::Set to take templates or primitive values (patchset #1 id:1 of https://codereview.chromium.org/1839983002/ )
>
> Reason for revert:
> Breaks node.js
>
> Original issue's description:
> > [api] Restrict Template::Set to take templates or primitive values
> >
> > Embedders that passed in non-primitive values should either use
> > getters/setters (templates) or install a native data property,
> > otherwise, the values would all result in cross-context leaks
> >
> > BUG=none
> > R=verwaest@chromium.org
> > LOG=y
> >
> > Committed: https://crrev.com/eebdee8eafa97849cc70c25f3fecf1b075bac248
> > Cr-Commit-Position: refs/heads/master@{#35244}
>
> TBR=verwaest@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=none
>
> Committed: https://crrev.com/e1674a24ca3cb92bb4e58d368b25767bd61a0dfa
> Cr-Commit-Position: refs/heads/master@{#35264}
TBR=verwaest@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=none
Review URL: https://codereview.chromium.org/1894993002
Cr-Commit-Position: refs/heads/master@{#35572}
PersistentValueMap is used to hold per-world wrappers in the blink. Currently,
when we trace wrappers, we visit wrappers in all worlds via this PersistentValueMap. This cl introduces convenient (and faster) way of registering these external references.
BUG=468240
LOG=no
Review URL: https://codereview.chromium.org/1883043003
Cr-Commit-Position: refs/heads/master@{#35523}
To keep track of memory characteristics of a JS program use
GetHeapSpaceStatistics from a combination of
- a GC epilogue callback registered using AddGCEpilogueCallback
- an interrupt registered using RequestInterrupt
Rationale:
The feature is currently broken as those callbacks are (also) executed from
background threads, breaking our implicit contract for only performing callbacks
on the foreground thread. Furhtermore, it's not clear for the embedder whether
these allocations originate in JS, or are required for a GC.
Note:
- The already deprecated non-isolate versions are removed with this CL.
R=jochen@chromium.org
BUG=v8:4813
LOG=Y
Review URL: https://codereview.chromium.org/1886573006
Cr-Commit-Position: refs/heads/master@{#35474}
When the embedder sets the heap tracer, V8, during marking, will collect all reachable wrappers, and then ask embedder to trace its heap. The embedder is expected to call PersistentBase::RegisterExternalReference with all wrappers reachable from the given ones. This fixed point iteration happens in MarkCompact::ProcessEphemeralMarking.
For more efficient object visiting during marking, we need a special JS_API_OBJECT_TYPE (in tandem with already existing JS_SPECIAL_API_OBJECT_TYPE) and corresponding visitor (JSApiObjectVisitor).
BUG=chromium:468240
LOG=no
Review URL: https://codereview.chromium.org/1844413002
Cr-Commit-Position: refs/heads/master@{#35412}
This is a convenience API that an embedder can use to do final checks on
the return value. Note that this creates a new handle and thus defeats
the performance optimization done for ReturnValue - an embedder should
only use this in non-performance critical code paths.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1875263003
Cr-Commit-Position: refs/heads/master@{#35409}
The previous code cache system required stubs to be marked with a StubType, causing them to be inserted either into a fixed array or into a dictionary-mode code cache. This could cause names to be in both cases, and lookup would just find the "fast" one first. Given that we clear out the caches on each GC, the memory overhead shouldn't be too bad. Additionally, the dictionary itself should just stay linear for small arrays; that's faster anyway.
This CL additionally deletes some dead IC code.
BUG=
Review URL: https://codereview.chromium.org/1846963002
Cr-Commit-Position: refs/heads/master@{#35291}
Reason for revert:
Breaks node.js
Original issue's description:
> [api] Restrict Template::Set to take templates or primitive values
>
> Embedders that passed in non-primitive values should either use
> getters/setters (templates) or install a native data property,
> otherwise, the values would all result in cross-context leaks
>
> BUG=none
> R=verwaest@chromium.org
> LOG=y
>
> Committed: https://crrev.com/eebdee8eafa97849cc70c25f3fecf1b075bac248
> Cr-Commit-Position: refs/heads/master@{#35244}
TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=none
Review URL: https://codereview.chromium.org/1860003002
Cr-Commit-Position: refs/heads/master@{#35264}
Embedders that passed in non-primitive values should either use
getters/setters (templates) or install a native data property,
otherwise, the values would all result in cross-context leaks
BUG=none
R=verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1839983002
Cr-Commit-Position: refs/heads/master@{#35244}
We expect that the majority of malloc'd memory held by V8 is allocated
in Zone objects. Introduce an Allocator class that is used by Zones to
manage memory, and allows for querying the current usage.
BUG=none
R=titzer@chromium.org,bmeurer@chromium.org,jarin@chromium.org
LOG=n
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1847543002
Cr-Commit-Position: refs/heads/master@{#35196}
Change x64 to use the external references like all other platforms.
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1844283002
Cr-Commit-Position: refs/heads/master@{#35160}
Reason for revert:
Violates ES6 spec (crbug.com/4850), and implementation was over-eager. Will revert for now.
Original issue's description:
> Parser: Make skipping HTML comments optional.
>
> API change: This adds a new flag skip_html_comments to v8::ScriptOriginOptions. This flag controls whether V8 will attempt to honour HTML-style comments in JS sources.
>
> (That is: Gracefully ignore <!-- ... ---> in JS sources, which was a popular technique in the early days of JavaScript, to prevent non-JS-enabled browsers from displaying script sources to uses.)
>
> The flag defaults to 'true' when using v8::ScriptOrigin constructor, which preserves the existing behaviour. Embedders which are happy with the existing behaviour will thus not need any changes.
>
> BUG=chromium:573887
> LOG=Y
>
> Committed: https://crrev.com/91d344288aa51ed03eaaa1cb3e368ac1e82f0173
> Cr-Commit-Position: refs/heads/master@{#34904}
TBR=jochen@chromium.org,rossberg@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:573887, v8:4850
LOG=Y
Review URL: https://codereview.chromium.org/1817163003
Cr-Commit-Position: refs/heads/master@{#34958}
I first need to figure out what to do about window.document before we
can deprecate this: window.document is a regular accessor, however, once
the window navigated from about:blank, its value will never change.
Blink uses ForceSet to then replace the accessor with a data constant
which has way better performance than invoking the accessor all the
time.
Since the accessor, however, is installed as read only &
non-configurable, there is no spec compliant way to pull this off right
now
BUG=chromium:595601
R=verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1816033002
Cr-Commit-Position: refs/heads/master@{#34919}
API change: This adds a new flag skip_html_comments to v8::ScriptOriginOptions. This flag controls whether V8 will attempt to honour HTML-style comments in JS sources.
(That is: Gracefully ignore <!-- ... ---> in JS sources, which was a popular technique in the early days of JavaScript, to prevent non-JS-enabled browsers from displaying script sources to uses.)
The flag defaults to 'true' when using v8::ScriptOrigin constructor, which preserves the existing behaviour. Embedders which are happy with the existing behaviour will thus not need any changes.
BUG=chromium:573887
LOG=Y
Review URL: https://codereview.chromium.org/1801203002
Cr-Commit-Position: refs/heads/master@{#34904}
A startup snapshot is considered cold when it does not contain any
function code. We can now create a warm startup snapshot from a cold one
by running a warm-up script. Functions exercised by the warm-up script
are compiled and its code included in the warm startup snapshot. Side
effects caused by the warm-up script does not persist.
R=vogelheim@chromium.org
BUG=v8:4836
LOG=Y
Review URL: https://codereview.chromium.org/1805903002
Cr-Commit-Position: refs/heads/master@{#34849}
We have compatibility workarounds to return 'undefined' on accessors
to RegExp.prototype. This patch adds two UseCounters for two categories
of this non-spec-compliant path:
- source
- ignorecase, multiline, global
R=yangguo
BUG=chromium:581577
LOG=Y
Review URL: https://codereview.chromium.org/1762423002
Cr-Commit-Position: refs/heads/master@{#34597}
This scope is used to control microtasks execution when MicrotasksPolicy::kScoped is engaged.
Attempt #2. First one was reverted due to chromium breakage: SetAutorunMicrotasks(false) was broken.
BUG=chromium:585949
LOG=Y
TEST=ScopedMicrotasks
Review URL: https://codereview.chromium.org/1741893003
Cr-Commit-Position: refs/heads/master@{#34504}
Blink wants to distinguish GCs triggered by CollectAllAvailableGarbage
from GCs forced by testing. This CL introduces a new flag to differentiate
the two GC types.
BUG=591463
LOG=Y
Review URL: https://codereview.chromium.org/1757263003
Cr-Commit-Position: refs/heads/master@{#34494}
Reason for revert:
[Sheriff] Speculative. Seems to break a bunch of webkit tests and causes timeouts:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/5103
Please rebase upstream if intended.
Original issue's description:
> Introduce v8::MicrotasksScope.
>
> This scope is used to control microtasks execution when MicrotasksPolicy::kScoped is engaged.
>
> BUG=chromium:585949
> LOG=Y
> TEST=ScopedMicrotasks
>
> Committed: https://crrev.com/db77cec242dbdf8ee26da8232fa930270429f253
> Cr-Commit-Position: refs/heads/master@{#34472}
TBR=jochen@chromium.org,adamk@chromium.org,dgozman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:585949
Review URL: https://codereview.chromium.org/1762943002
Cr-Commit-Position: refs/heads/master@{#34480}
This scope is used to control microtasks execution when MicrotasksPolicy::kScoped is engaged.
BUG=chromium:585949
LOG=Y
TEST=ScopedMicrotasks
Review URL: https://codereview.chromium.org/1741893003
Cr-Commit-Position: refs/heads/master@{#34472}
ES2015 generally bans FunctionDeclarations in positions which expect a Statement,
as opposed to a StatementListItem, such as a FunctionDeclaration which constitutes
the body of a for loop. However, Annex B 3.2 and 3.4 make exceptions for labeled
function declarations and function declarations as the body of an if statement in
sloppy mode, in the latter case specifying that the semantics are as if the
function declaration occurred in a block. Chrome has historically permitted
further extensions, for the body of any flow control construct.
This patch addresses both the syntactic and semantic mismatches between V8 and
the spec. For the semantic mismatch, function declarations as the body of if
statements change from unconditionally hoisting in certain cases to acquiring
the sloppy mode function in block semantics (based on Annex B 3.3). For the
extra syntax permitted, this patch adds a flag,
--harmony-restrictive-declarations, which excludes disallowed function declaration
cases. A new UseCounter, LegacyFunctionDeclaration, is added to count how often
function declarations occur as the body of other constructs in sloppy mode. With
this patch, the code generally follows the form of the specification with respect
to parsing FunctionDeclarations, rather than allowing them in arbitrary Statement
positions, and makes it more clear where our extensions occur.
BUG=v8:4647
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1757543003
Cr-Commit-Position: refs/heads/master@{#34470}
This introduces a new instance type and reorders the JSObject types so any type requiring special LookupIterator support can be identified with a single range check.
In addition, it restructures the Next for better performance, avoiding unnecessary calls.
BUG=
Review URL: https://codereview.chromium.org/1751043002
Cr-Commit-Position: refs/heads/master@{#34429}
Rename the existing (patching) ToBooleanStub to ToBooleanICStub to match
our naming convention, and add a new TurboFan-powered ToBooleanStub,
which just does the ToBoolean conversion without any runtime call or
code patching, so we can use it for Ignition (and TurboFan).
Drive-by-fix: Add an Oddball::to_boolean field similar to the ones we
already have for to_string and to_number, so we don't need to actually
dispatch on the concrete Oddball at all.
R=epertoso@chromium.org, rmcilroy@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/1744163002
Cr-Commit-Position: refs/heads/master@{#34361}
This calback is run after an attempt to run microtasks.
BUG=chromium:585949
LOG=Y
Review URL: https://codereview.chromium.org/1731773005
Cr-Commit-Position: refs/heads/master@{#34305}
This patch makes ArraySpeciesCreate fast in V8 by avoiding two property reads
when the following conditions are met:
- No Array instance has had its __proto__ reset
- No Array instance has had a constructor property defined
- Array.prototype has not had its constructor changed
- Array[Symbol.species] has not been reset
For subclasses of Array, or for conditions where one of these assumptions is
violated, the full lookup of species is done according to the ArraySpeciesCreate
algorithm. Although this is a "performance cliff", it does not come up in the
expected typical use case of @@species (Array subclassing), so it is hoped that
this can form a good start. Array subclasses will incur the slowness of looking
up @@species, but their use won't slow down invocations of, for example,
Array.prototype.slice on Array base class instances.
Possible future optimizations:
- For the fallback case where the assumptions don't hold, optimize the two
property lookups.
- For Array.prototype.slice and Array.prototype.splice, even if the full lookup
of @@species needs to take place, we still could take the rest of the C++
fastpath. However, to do this correctly requires changing the calling convention
from C++ to JS to pass the @@species out, so it is not attempted in this patch.
With this patch, microbenchmarks of Array.prototype.slice do not suffer a
noticeable performance regression, unlike their previous 2.5x penalty.
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1689733002
Cr-Commit-Position: refs/heads/master@{#34199}
This new callback is similar to CallCompletedCallback, but is executed before the call has been made.
Added Isolate* parameter to CallCompletedCallback, marking previous one as deprecated.
BUG=chromium:585949
LOG=Y
Review URL: https://codereview.chromium.org/1689863002
Cr-Commit-Position: refs/heads/master@{#34167}
This patch adds a UseCounter for each of the following:
- Allowing duplicate sloppy-mode block-scoped function declarations
in the exact same scope
- for-in loops with an initializer
The patch also refactors some of the declaration code to clean it up and
enable the first counter, and adds additional unit tests to nail down
the semantics of edge cases of sloppy-mode block-scoped function declarations.
BUG=v8:4693,chromium:579395
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1633743003
Cr-Commit-Position: refs/heads/master@{#33650}
Without this change, the v8::Local<> constructor will be picked up by the
compiler as an option for an implicit cast for any pointer type. This leads
to bad error messages when accidentally passing an erroneous pointer type to
a function wanting a Local<> (complains about a pointer assignment in Local<>'s
constructor as opposed to a bad type for the parameter of the function being
called) and also causes ambiguity errors where none should exist when calling
overloaded functions (for example a function taking either a std::string or a
v8::Local<v8::Script> cannot be called with a const char * because the compiler
sees both types as being constructable with a const char *).
R=jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1647833005
Cr-Commit-Position: refs/heads/master@{#33602}
When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.
Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.
This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.
BUG=v8:4267
LOG=Y
Committed: https://crrev.com/1d3e837fcbbd9d9fd5e72dfe85dfd47c025f3c9f
Cr-Commit-Position: refs/heads/master@{#33438}
Review URL: https://codereview.chromium.org/1587073003
Cr-Commit-Position: refs/heads/master@{#33461}
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream.
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/4077
Original issue's description:
> Array length reduction should throw in strict mode if it can't delete an element.
>
> When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.
>
> Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.
>
> This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.
>
> BUG=v8:4267
> LOG=Y
>
> Committed: https://crrev.com/1d3e837fcbbd9d9fd5e72dfe85dfd47c025f3c9f
> Cr-Commit-Position: refs/heads/master@{#33438}
TBR=verwaest@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4267
Review URL: https://codereview.chromium.org/1611313003
Cr-Commit-Position: refs/heads/master@{#33444}
When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.
Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.
This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.
BUG=v8:4267
LOG=Y
Review URL: https://codereview.chromium.org/1587073003
Cr-Commit-Position: refs/heads/master@{#33438}