1. 07 Jan, 2016 1 commit
    • littledan's avatar
      Add Array support for @@species and subclassing · 6e962237
      littledan authored
      This patch implements @@species, guarded behind the --harmony-species
      flag, on Arrays. Methods which return an Array will instead return
      the appropriate instance based on the ArraySpeciesCreate algorithm.
      The algorithm is implemented in C++ to get access to realm information
      and to implement some Array methods in C++, but it is also accessed
      from JavaScript through a new runtime function. A couple interactive
      Octane runs show no performance regression with the flag turned off,
      but turning --harmony-species on will surely have a significant
      regression, as Array methods now heavily use ObjectDefineProperty.
      
      BUG=v8:4093
      LOG=Y
      R=adamk,cbruni
      
      Review URL: https://codereview.chromium.org/1560763002
      
      Cr-Commit-Position: refs/heads/master@{#33144}
      6e962237
  2. 04 Jan, 2016 1 commit
  3. 17 Dec, 2015 1 commit
  4. 12 Dec, 2015 1 commit
  5. 11 Dec, 2015 1 commit
    • adamk's avatar
      Rewrite Object.prototype.toString in C++ · ed698f3d
      adamk authored
      The main impetus is to improve performance when --harmony-tostring
      is enabled, thanks to using a generic property load instead of a
      megamorphic IC.
      
      This also reduces duplication, as the API function
      v8::Object::ObjectProtoToString can share the runtime implementation.
      
      The only functional change in this patch is to drop an accidental difference
      between the JS and API implementations: the arguments object should toString
      as "[object Arguments]". The JS side was corrected in
      https://code.google.com/p/v8/source/detail?r=3279, but the API version was
      missed in that patch.
      
      BUG=chromium:555127, v8:3502
      LOG=n
      CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
      
      Review URL: https://codereview.chromium.org/1509533003
      
      Cr-Commit-Position: refs/heads/master@{#32777}
      ed698f3d
  6. 08 Dec, 2015 1 commit
  7. 07 Dec, 2015 1 commit
  8. 03 Dec, 2015 1 commit
  9. 26 Nov, 2015 1 commit
  10. 25 Nov, 2015 2 commits
  11. 20 Nov, 2015 1 commit
  12. 05 Nov, 2015 1 commit
  13. 04 Nov, 2015 1 commit
  14. 28 Oct, 2015 1 commit
    • littledan's avatar
      Avoid calling %AddElement with a number out of array index range · 700bbdc6
      littledan authored
      This patch wraps callsites to %AddElement to fall back to adding a
      named property in case it is given an argument of 2**32 or greater.
      The change is needed because %AddElement is called by Array functions
      in various places, and ES2015 changes these Array functions to use
      ToLength rather than ToUint32, so several callsites of %AddElement
      which used to be reliable array indices may be larger numbers. While
      the proper long-term solution may be to call out to
      Object.defineProperty, this fix should allow the ToLength semantics
      to be shipped while preserving correctness and not requiring a
      rewrite.
      
      BUG=v8:4516
      LOG=Y
      R=adamk
      TEST=Interactively ran Array.prototype.slice on an Array-like which
      exceeded array bounds, and found that this did not check-fail at
      runtime as it did before.
      Microbenchmarked this technique against the previous version on a
      simple reverse implementation and found at most a 1% slowdown, as
      opposed to other techniques, like calling %DefineDataPropertyUnchecked,
      which had a 20% slowdown or Object.defineProperty with a 80% slowdown.
      
      Review URL: https://codereview.chromium.org/1420663003
      
      Cr-Commit-Position: refs/heads/master@{#31640}
      700bbdc6
  15. 27 Oct, 2015 3 commits
  16. 22 Oct, 2015 1 commit
  17. 20 Oct, 2015 2 commits
  18. 16 Oct, 2015 1 commit
  19. 15 Oct, 2015 2 commits
  20. 14 Oct, 2015 1 commit
  21. 13 Oct, 2015 1 commit
    • mstarzinger's avatar
      Move builtin JavaScript sources into own directory. · e5320d8a
      mstarzinger authored
      This moves JavaScript source files that are bundled with V8 into a
      separate directory. The goal is to improve code readability and also
      being able to formalize ideal reviewers by subsequently adding the
      OWNERS file. These files almost exclusively contain implementations
      of methods fully specified by ES6.
      
      Note that files in the "debug" directory as well as the "d8.js" file
      aren't affected by this change.
      
      R=rossberg@chromium.org
      
      Review URL: https://codereview.chromium.org/1398733002
      
      Cr-Commit-Position: refs/heads/master@{#31230}
      e5320d8a
  22. 08 Oct, 2015 1 commit
  23. 07 Oct, 2015 2 commits
  24. 01 Oct, 2015 1 commit
    • bmeurer's avatar
      [es6] Fix missing bits for full @@toPrimitive support. · 2a0759d3
      bmeurer authored
      Introduce %_ToNumber intrinsic, which just calls to the existing
      ToNumberStub, and remove all uses of our custom JavaScript plus
      intrinsics based ToNumber and friends.
      
      Also replace the TO_NUMBER_INLINE macro with TO_NUMBER,
      which is currently a wrapper for %_ToNumber. Newly written JS
      code should use TO_NUMBER (similar to TO_STRING, TO_INT32,
      and friends).
      
      Also finally remove the DefaultString/DefaultNumber builtins, which
      are basically the ES5 version of ToPrimitive. Now all code uses the
      ES6 version, which is implemented in Object::ToPrimitive and
      JSReceiver::ToPrimitive in C++.
      
      CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
      R=jarin@chromium.org
      BUG=v8:4307
      LOG=n
      
      Review URL: https://codereview.chromium.org/1384443002
      
      Cr-Commit-Position: refs/heads/master@{#31054}
      2a0759d3
  25. 28 Sep, 2015 1 commit
  26. 23 Sep, 2015 1 commit
    • bmeurer's avatar
      [runtime] Replace %to_string_fun with %_ToString. · 7a7b692b
      bmeurer authored
      Introduce a new macro TO_STRING that maps to %_ToString and use that
      instead of calling into any of the ToString/NonStringToString JavaScript
      builtins. Also remove the TO_STRING_INLINE macro, which is basically
      obsolete with %_ToString. We still have a few uses of ToString left (via
      the utils export mechanism), where we need to investigate whether we
      will tank badly if we replace them with TO_STRING as well.
      
      CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
      R=yangguo@chromium.org
      BUG=v8:4307
      LOG=n
      
      Review URL: https://codereview.chromium.org/1323543002
      
      Cr-Commit-Position: refs/heads/master@{#30895}
      7a7b692b
  27. 16 Sep, 2015 1 commit
    • aperez's avatar
      ES6: Array.prototype.slice and friends should use ToLength instead of ToUint32 · d4e1299f
      aperez authored
      Defines a new --harmony-tolength flag, and a ToLengthFlagged() runtime function,
      that is used where ES6 requires ToLength(), but a pre-ES6 conversion existed
      before. When the flag is disabled, the function uses TO_UINT32(), which is
      the pre-ES6 behaviour. When the flag enabled, the ES6-compliant ToLength()
      conversion is used.
      
      Based on a patch initially from Diego Pino <dpino@igalia.com>
      
      BUG=v8:3087
      LOG=Y
      
      Review URL: https://codereview.chromium.org/1309243003
      
      Cr-Commit-Position: refs/heads/master@{#30772}
      d4e1299f
  28. 08 Sep, 2015 2 commits
  29. 07 Sep, 2015 2 commits
  30. 03 Sep, 2015 1 commit
    • bmeurer's avatar
      [es6] Initial steps towards a correct implementation of IsCallable. · 8a378f46
      bmeurer authored
      This turns the has_instance_call_handler bit on Map into an is_callable
      bit, that matches the spec definition of IsCallable (i.e. instances have
      [[Call]] internal methods).
      
      Also fix the typeof operator to properly say "function" for everything
      that is callable.
      
      Also remove the (unused) premature %_GetPrototype optimization from
      Crankshaft, which just complicated the Map bit swap.
      
      R=mstarzinger@chromium.org, rossberg@chromium.org, yangguo@chromium.org
      CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
      
      Review URL: https://codereview.chromium.org/1316933002
      
      Cr-Commit-Position: refs/heads/master@{#30552}
      8a378f46
  31. 31 Aug, 2015 1 commit
  32. 28 Aug, 2015 1 commit