We cannot yet detect use-before-declaration in general, because for that we'd
need to analyze the context when compiling. But we can detect an error case
where we first see a use, then a declaration.
For this, I also added end position tracking (needed for error messages) to
VariableProxy.
Note: the position naming is completely inconsistent: start_position &
end_position, position & end_position, pos & end_pos, beg_pos & end_pos, to name
a few. This doesn't fix all of it, but tries to unify towards start_position &
end_position whenever possible w/ minimal changes.
BUG=
Review URL: https://codereview.chromium.org/943543002
Cr-Commit-Position: refs/heads/master@{#26880}
This implements a special case of block cloning to recognize constructs like
if (a ? b : c) { ... }
that happen to be generated by Emscripten quite often.
Review URL: https://codereview.chromium.org/947963002
Cr-Commit-Position: refs/heads/master@{#26808}
This is done using desugaring. Before this we had:
result = iterator.next()
with this we instead do:
!%_IsSpecObject(result = iterator.next()) &&
%ThrowIteratorResultNotAnObject(result)
BUG=v8:3916
LOG=N
Review URL: https://codereview.chromium.org/929733003
Cr-Commit-Position: refs/heads/master@{#26805}
The adder should be gotten before the iterator.
Motivation: Once this is done we should be able to use a for-of loop
instead which leads to cleaner code and correct behavior once the
for-of loop correctly supports abrupt completion.
BUG=None
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/949933002
Cr-Commit-Position: refs/heads/master@{#26803}
Because we generated a different hash code for 0 and -0 we ended up
not even getting to the SameValueZero check.
BUG=v8:3906
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/947443005
Cr-Commit-Position: refs/heads/master@{#26787}
After further spec reading it turns out that we should not do ToObject
on the iterable.
BUG=None
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/941313003
Cr-Commit-Position: refs/heads/master@{#26786}
When the property is not found on the [[HomeObject]] prototype chain
then we should do a [[DefineOwnProperty]] on the instance.
BUG=v8:3330
LOG=N
Review URL: https://codereview.chromium.org/934463003
Cr-Commit-Position: refs/heads/master@{#26754}
It would force us to make mjsunit.js strong-compatible, and that's too much for
now (for the upcoming features) and would have a ripple effect on other
tests. Especially debug-script.js which unships harmony features would break.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/930293002
Cr-Commit-Position: refs/heads/master@{#26694}
This adds a new ControlFlowOptimizer that - for now - recognizes chains
of Branches generated by the SwitchBuilder for a subset of javascript
switches into Switch nodes. Those Switch nodes are then lowered to
either table or lookup switches.
Also rename Case to IfValue (and introduce IfDefault) for consistency.
BUG=v8:3872
LOG=n
Review URL: https://codereview.chromium.org/931623002
Cr-Commit-Position: refs/heads/master@{#26691}
1) Mutually recursive functions
2) Strong code using non-strong var before declaration.
These test cases ensure that we don't accidentally kill these wanted behaviors
when adding restrictions to strong mode.
BUG=
Review URL: https://codereview.chromium.org/927143002
Cr-Commit-Position: refs/heads/master@{#26671}
The preparser needs to log the usage of super properties and then update
the scope when we create the function later.
BUG=v8:3888
LOG=N
R=dslomov@chromium.org, marja
Review URL: https://codereview.chromium.org/923683002
Cr-Commit-Position: refs/heads/master@{#26642}
This CL fixes tests that no longer valid and also fixes two issues:
1. 'super()' in non derived constructors.
2. Failure to step into derived constructors.
R=arv@chromium.org, yurys@chromium.org
BUG=v8:3834
LOG=Y
Review URL: https://codereview.chromium.org/923443003
Cr-Commit-Position: refs/heads/master@{#26628}
Function.prototype.toMethod was removed from ES6.
This removes the function and updates the tests to either
use %ToMethod or a dedicated syntax (using concise method
or a class).
BUG=v8:3330
LOG=N
R=dslomov@chromium.org, adamk
Review URL: https://codereview.chromium.org/914713002
Cr-Commit-Position: refs/heads/master@{#26559}
super() is only allowed in a class constructor.
super.p is allowed in methods, accessors and constructors.
The parser now checks the FunctionState to see what kind of function
we are currently inside.
BUG=v8:3330
LOG=N
R=dslomov@chromium.org, marja@chromium.org
Review URL: https://codereview.chromium.org/915563003
Cr-Commit-Position: refs/heads/master@{#26557}
Adding the line "// MODULE" to an mjsunit file will now cause
run-tests.py to prefix the test case with "--module" in the
d8 commandline.
d8 has itself been updated to treat files preceded with "--module" as
modules (that is, it compiles them with ScriptCompiler::CompileModule,
and turns on --harmony-modules).
Review URL: https://codereview.chromium.org/902263002
Cr-Commit-Position: refs/heads/master@{#26555}
We incorrectly disallowed eval and arguments in accessor and method
names. This was because we checked the name inside the
ParseFunctionLiteral. We now flag accessors so that lazy parsing of
these functions are treated correctly.
BUG=v8:1984
R=adamk, dslomov@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/899363002
Cr-Commit-Position: refs/heads/master@{#26497}
This way we can ship \u{..} escapes in strings / identifiers before shipping /u
regexps.
BUG=
Review URL: https://codereview.chromium.org/903703002
Cr-Commit-Position: refs/heads/master@{#26461}
It must always populate int32_value_, even if that's lossy, because other code (specifically, constant folding for truncating operations) relies on it.
BUG=v8:3865
LOG=y
Review URL: https://codereview.chromium.org/897263002
Cr-Commit-Position: refs/heads/master@{#26453}
We used to have a parse error for conflicting property keys. This check
was removed to match ES6 (SpiderMonkey & Chakra already made this change).
Since this check was removed we ended up with a few new cases when
generating code. For example, accessors always generated code even if
those should have been shadowed by a data property.
BUG=v8:3856
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/895693002
Cr-Commit-Position: refs/heads/master@{#26441}
Applies to API implementation of O.p.toString
- Removes special handling of non-string @@toStringTag values (use builtinTag)
- Removes special handling of @@toStringTags which match [[Class]] names (remove ~ prefix)
- Add tests for non-string @@toStringTag values in test-api.cc
BUG=v8:3502
R=arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/892393003
Cr-Commit-Position: refs/heads/master@{#26415}
If a (pure) node has two or more uses, but there exists a path from the
common dominator of these uses to end, which does not contain a use,
then we split the node such that no unnecessary computation takes place.
Note however, that this only applies if the node cannot be hoisted out
of a loop.
BUG=v8:3864
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/899433005
Cr-Commit-Position: refs/heads/master@{#26404}
Both SameValue and SameValueZero consider different NaNs equal, so we
better assign the same hash value to all NaNs.
BUG=v8:3859
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/897593002
Cr-Commit-Position: refs/heads/master@{#26391}
Contribution of PowerPC port (continuation of 422063005 and 817143002). This patch covers
the key changes needed to the common files needed to support AIX. Subsequent
patches will cover:
- changes to update the ppc directories so they are current with the changes
in the rest of the project.
- remaining AIX changes not resolved by 4.8 compiler
- individual optimizations for PPC
This is based off of the GitHub repository
https://github.com/andrewlow/v8ppcR=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/866843003
Cr-Commit-Position: refs/heads/master@{#26343}
This removes the duplicate property check from object literals.
Instead we repurpose the ObjectLiteralChecker into two cases, implemented
by two subclasses to ObjectLiteralCheckerBase called ObjectLiteralChecker
and ClassLiteralChecker.
The object literal checker now only checks for duplicate __proto__ fields in
object literals.
The class literal checker checks for duplicate constructors, non constructor
fields named constructor as well as static properties named prototype.
BUG=v8:3819
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/873823003
Cr-Commit-Position: refs/heads/master@{#26336}
Arrow function parameter lists are parsed as expressions. When an identifier
is found a VariableProxy is created and added to the list of unresolved
variables for the scope. When parsing a function lazily, the scope has been
already resolved, so with this patch only the VariableProxy is created,
without adding it as an unresolved variable in the scope.
BUG=v8:3501
LOG=Y
Review URL: https://codereview.chromium.org/880253004
Cr-Commit-Position: refs/heads/master@{#26328}
The approach taken in this CL is to incrementally move toward the
currently-specced version of modules in ES6. The biggest change in this
patch is separating the parsing of modules from the parsing of scripts,
getting rid of the 'module' keyword and thus disallowing modules-in-scripts
as well as modules-in-modules.
The syntax supported by import/export declarations has not yet been significantly
changed, with the major exception being that import declarations require a string
as the 'from' part.
Most of the existing tests have been disabled, with a first new test added
in cctest/test-parsing.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/881623002
Cr-Commit-Position: refs/heads/master@{#26299}
The whole logic in DoMul makes me cry, so I made only the minimal
change to fix the issue...
BUG=v8:451322
LOG=y
Review URL: https://codereview.chromium.org/873703002
Cr-Commit-Position: refs/heads/master@{#26261}
Also fix mjsunit/regress/regress-undefined-nan to ensure that we are
testing transfer via xmm registers by forcing the transfer to be in an
optimized function.
BUG=v8:3839
LOG=n
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/863153002
Cr-Commit-Position: refs/heads/master@{#26213}
It should be possible to create a concise method with the name
__proto__ without setting the [[Prototype]]. Similarly, property
name shorthands with the name __proto__ should define an own
property.
BUG=v8:3818
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/858673002
Cr-Commit-Position: refs/heads/master@{#26172}
(1) --prof-cpp: Collects ticks like --prof, but ignores code creation events to reduce distortion (so all JS ticks will be "unaccounted"). Useful for profiling C++ code.
(2) --timed-range flag for tick processor: Ignores ticks before the first and after the last call to Date.now(). Useful for focusing on the timed section of a test.
Review URL: https://codereview.chromium.org/802333002
Cr-Commit-Position: refs/heads/master@{#26168}
This time we simply undo the change introduced by the PPC port for
this test. No idea why it should be necessary, and Windows XP
obviously doesn't give us that much stack, anyway.
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/826833003
Cr-Commit-Position: refs/heads/master@{#26093}
The test fails on XP only, so let's tentatively raise the stack limit more. We probably need to investigate what a tighter limit might be and (more importantly) what the underlying reason for the failure is.
Hopefully 1800kB is enough, we can't test this via try jobs, because we don't have XP try bots. :-/
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/791693005
Cr-Commit-Position: refs/heads/master@{#26092}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, 7d48fd9dc2.
BUG=v8:3754
LOG=Y
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/798243004
Cr-Commit-Position: refs/heads/master@{#26084}
This prevents eliminating effectful statements before the loop.
BUG=
Review URL: https://codereview.chromium.org/830923002
Cr-Commit-Position: refs/heads/master@{#25953}
We cannot just clear the result register optimistically, because the
register allocator might assign the same register to result and buffer.
TEST=mjsunit/compiler/regress-445858
BUG=chromium:445858
LOG=y
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/828303002
Cr-Commit-Position: refs/heads/master@{#25950}
Set a valid reason for disabling optimization when using
%NeverOptimizeFunction.
TEST=mjsunit/compiler/regress-445732
BUG=chromium:445732
LOG=y
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/832003002
Cr-Commit-Position: refs/heads/master@{#25949}
Change InstructionOperand to use a 64-bit field for encoding the operand
information instead of the 32-bit field that was used before. Ideally we
wouldn't use the Zone-allocated bit field at all, and use an integer
instead of the pointer; but that requires fixing the register allocator
first, which will take some time.
TEST=mjsunit/compiler/regress-3786
BUG=v8:3786
LOG=y
Review URL: https://codereview.chromium.org/826673002
Cr-Commit-Position: refs/heads/master@{#25941}
This avoids touching the Array prototype, which may have been tampered with.
BUG=chromium:443982
LOG=n
Review URL: https://codereview.chromium.org/820503005
Cr-Commit-Position: refs/heads/master@{#25908}
Reason for revert:
[sheriff] Still crashes on win32 (XP):
http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%201/builds/1380
Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> This is a revert of the revert, a76419f0f4.
>
> This changes to do an early bailout in
> HOptimizedGraphBuilder::VisitObjectLiteral instead of doing that in the later
> loop.
>
> BUG=v8:3754
> LOG=Y
> TBR=dslomov@chromium.orgTBR=dslomov@chromium.org,arv@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754
Review URL: https://codereview.chromium.org/811593004
Cr-Commit-Position: refs/heads/master@{#25872}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, a76419f0f4.
This changes to do an early bailout in
HOptimizedGraphBuilder::VisitObjectLiteral instead of doing that in the later
loop.
BUG=v8:3754
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/792233008
Cr-Commit-Position: refs/heads/master@{#25868}
The spec ended up using Get(unscopables, propertyName) and
comparing the result to undefined instead of using Has.
BUG=v8:3632
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/807893002
Cr-Commit-Position: refs/heads/master@{#25854}
Reason for revert:
Crashes Win32. It was not flake.
Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> This is a revert of the revert, a76419f0f4 with
> no changes. I cannot reproduce the issue on Win8.1 or WinXP. Letting the bots
> try again.
>
> BUG=v8:3754
> LOG=Y
> TBR=dslomov@chromium.orgTBR=dslomov@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754
Review URL: https://codereview.chromium.org/807033003
Cr-Commit-Position: refs/heads/master@{#25853}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, a76419f0f4 with
no changes. I cannot reproduce the issue on Win8.1 or WinXP. Letting the bots
try again.
BUG=v8:3754
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/807173002
Cr-Commit-Position: refs/heads/master@{#25851}
The bug would occur when we try to Reset() to a position already at the end.
This happens e.g., when the regexp ends with \u. What used to happen in that
case: 1) Advance past \ and u (to the end) (which wouldn't increase next_pos_
enough) 2) Try to parse 4 hex digits 3) When that failed, Reset() to the
position which should've been at the end but wasn't.
To be able to properly Reset() to a position at the end, we need to allow
next_pos_ to move beyond the end (since position() is next_pos_ - 1).
Minimal repro case:
var r = /foo\u/
r.test("foou") // should be true, was false.
(Note that \u not followed by 4 hex didits should be interpreted as an identity
escape. It already worked unless \u was at the end of the regexp.)
BUG=v8:3756
LOG=NO
Review URL: https://codereview.chromium.org/802313003
Cr-Commit-Position: refs/heads/master@{#25838}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
BUG=v8:3754
LOG=Y
Review URL: https://codereview.chromium.org/795573005
Cr-Commit-Position: refs/heads/master@{#25821}
Keyed loads should not unconditionally be compiled to element loads. Update KeyedLoadICs to keep track of the key type, so that Hydrogen can emit ICs for string-keyed loads it doesn't have inline support for.
BUG=v8:3167
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/755513003
Cr-Commit-Position: refs/heads/master@{#25817}
Add support for Symbol.isConcatSpreadable in Array.prototype.concat. This enables spreading non-Array objects with the symbol.
LOG=N
R=dslomov@chromium.org
BUG=
Review URL: https://codereview.chromium.org/771483002
Cr-Commit-Position: refs/heads/master@{#25808}
V8 didn't report compile events on pause before this patch. These events can be important for listener. For example, DevTools allows user to execute some JS code on pause and needs to show correct stack trace in message from it.
BUG=396013
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/781623004
Cr-Commit-Position: refs/heads/master@{#25767}
They both now run fast (due to utilizing transitions instead of always
creating new maps) and sealed or non-extensible objects can stay in
fast mode after transitioning.
This almost entirely reuses the code for transitioning objects
frozen by Object.freeze(), with the added benefit of freeing
up a bit on the map (we no longer keep track of frozen-ness,
as that bit wasn't used for anything interesting).
BUG=v8:3662,chromium:115960
LOG=y
Review URL: https://codereview.chromium.org/776143005
Cr-Commit-Position: refs/heads/master@{#25759}
When compiling with the macro DCHECK_ALWAYS_ON defined, DCHECKs and
supporting code gets compiled and enabled.
This increases test coverage for chromium release buildbots
BUG=v8:3731
R=jkummerow@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/760213005
Cr-Commit-Position: refs/heads/master@{#25701}
If we hade }` the right brace was always treated as part of the
template literal. We should only treat the right brace as part of
the literal when we continue to parse the template literal after a
placeholder.
BUG=v8:3734
LOG=Y
Review URL: https://codereview.chromium.org/778813003
Cr-Commit-Position: refs/heads/master@{#25661}
This relands macroassembler instructions and weak cell caching and
does not include parts that caused "Linux ASan LSan" test failures.
BUG=v8:3663
LOG=N
Review URL: https://codereview.chromium.org/764003003
Cr-Commit-Position: refs/heads/master@{#25615}
The %OptimizeFunctionOnNextCall sledgehammer can cause a function to be
marked for optimization before it's ever been compiled by fullcode.
This can lead to the situation where a function doesn't have optimization
disabled until we try to compile it optimized.
Basically, the assert should just handle this case more gracefully.
R=yangguo@chromium.org
BUG=436893
LOG=Y
Review URL: https://codereview.chromium.org/760063002
Cr-Commit-Position: refs/heads/master@{#25528}
Per TC39 Nov 2014 decision.
This patch also changes behavior for "legacy const": assignments to sloppy const in strict mode is now also a type error. This fixes v8:2243 and also brings us in compliance with other engines re assignment to function names (see updated webkit test), but might have bigger implications.
That change can easily be reverted by changing Variable::IsSignallingAssignmentToConst.
BUG=v8:3713,v8:2243
LOG=N
Review URL: https://codereview.chromium.org/749633002
Cr-Commit-Position: refs/heads/master@{#25516}
Resets the scaled exponent to 0 when the scaling match fails.
BUG=
Review URL: https://codereview.chromium.org/756643002
Cr-Commit-Position: refs/heads/master@{#25491}
The bug was an error when copying arrays in crankshaft. If it's a holey smi
array, the copy must be done as FAST_HOLEY_ELEMENTS to prevent representation
changes from being inserted that deopt on encountering the hole.
Also, prevent inlining array pop() and shift() if the length is read-only.
BUG=435073
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/737383002
Cr-Commit-Position: refs/heads/master@{#25455}
if there is not enough type-feedback to detect that f is Function.prototype.apply.
BUG=v8:3709
LOG=N
TEST=mjsunit/regress/regress-3709
Review URL: https://codereview.chromium.org/736043002
Cr-Commit-Position: refs/heads/master@{#25447}
JavaScript shifts perform an implicit '& 0x1F' on their right operand, this
patch removes it when the underlying architecture already does it.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/732103002
Cr-Commit-Position: refs/heads/master@{#25438}
