- 07 Jan, 2016 1 commit
-
-
littledan authored
This patch implements @@species, guarded behind the --harmony-species flag, on Arrays. Methods which return an Array will instead return the appropriate instance based on the ArraySpeciesCreate algorithm. The algorithm is implemented in C++ to get access to realm information and to implement some Array methods in C++, but it is also accessed from JavaScript through a new runtime function. A couple interactive Octane runs show no performance regression with the flag turned off, but turning --harmony-species on will surely have a significant regression, as Array methods now heavily use ObjectDefineProperty. BUG=v8:4093 LOG=Y R=adamk,cbruni Review URL: https://codereview.chromium.org/1560763002 Cr-Commit-Position: refs/heads/master@{#33144}
-
- 04 Jan, 2016 1 commit
-
-
bmeurer authored
The Object.freeze, Object.isExtensible, Object.isFrozen, Object.isSealed, Object.preventExtensions and Object.seal builtins were already implemented in C++, but they still had some funny JavaScript wrappers that just called into the C++ implementation on every (interesting) execution path. Review URL: https://codereview.chromium.org/1553043002 Cr-Commit-Position: refs/heads/master@{#33074}
-
- 17 Dec, 2015 1 commit
-
-
neis authored
And remove confusing comment. R=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/1531843003 Cr-Commit-Position: refs/heads/master@{#32935}
-
- 12 Dec, 2015 1 commit
-
-
adamk authored
Array.prototype.includes shipped in Chrome 47. Review URL: https://codereview.chromium.org/1513843006 Cr-Commit-Position: refs/heads/master@{#32818}
-
- 11 Dec, 2015 1 commit
-
-
adamk authored
The main impetus is to improve performance when --harmony-tostring is enabled, thanks to using a generic property load instead of a megamorphic IC. This also reduces duplication, as the API function v8::Object::ObjectProtoToString can share the runtime implementation. The only functional change in this patch is to drop an accidental difference between the JS and API implementations: the arguments object should toString as "[object Arguments]". The JS side was corrected in https://code.google.com/p/v8/source/detail?r=3279, but the API version was missed in that patch. BUG=chromium:555127, v8:3502 LOG=n CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel Review URL: https://codereview.chromium.org/1509533003 Cr-Commit-Position: refs/heads/master@{#32777}
-
- 08 Dec, 2015 1 commit
-
-
jkummerow authored
Use %DeleteProperty_Strict instead. Review URL: https://codereview.chromium.org/1508743002 Cr-Commit-Position: refs/heads/master@{#32673}
-
- 07 Dec, 2015 1 commit
-
-
jkummerow authored
Also delete a bunch of dead code from src/js/. Review URL: https://codereview.chromium.org/1502593002 Cr-Commit-Position: refs/heads/master@{#32650}
-
- 03 Dec, 2015 1 commit
-
-
neis authored
An array is either a JSArray or a proxy whose target is an array. R=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/1497483004 Cr-Commit-Position: refs/heads/master@{#32558}
-
- 26 Nov, 2015 1 commit
-
-
yangguo authored
R=verwaest@chromium.org Committed: https://crrev.com/93eb633214e0f97bf70ae30d2a07b7fbbaa78266 Cr-Commit-Position: refs/heads/master@{#32285} Review URL: https://codereview.chromium.org/1463803002 Cr-Commit-Position: refs/heads/master@{#32339}
-
- 25 Nov, 2015 2 commits
-
-
machenbach authored
Revert of [debugger] flood function for stepping before calling it. (patchset #7 id:120001 of https://codereview.chromium.org/1463803002/ ) Reason for revert: [Sheriff] Breaks layout tests: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3074 Original issue's description: > [debugger] flood function for stepping before calling it. > > R=verwaest@chromium.org > > Committed: https://crrev.com/93eb633214e0f97bf70ae30d2a07b7fbbaa78266 > Cr-Commit-Position: refs/heads/master@{#32285} TBR=verwaest@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1474943005 Cr-Commit-Position: refs/heads/master@{#32299}
-
yangguo authored
R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1463803002 Cr-Commit-Position: refs/heads/master@{#32285}
-
- 20 Nov, 2015 1 commit
-
-
verwaest authored
BUG= Review URL: https://codereview.chromium.org/1463083004 Cr-Commit-Position: refs/heads/master@{#32143}
-
- 05 Nov, 2015 1 commit
-
-
bmeurer authored
The %_CallFunction doesn't implement the call sequence properly, it doesn't do the receiver wrapping, nor does it check for classConstructor. Also the eager deoptimization for %_CallFunction was seriously b0rked (we must have been lucky with TurboFan so far). R=yangguo@chromium.org BUG=v8:4413 LOG=n Review URL: https://codereview.chromium.org/1419813010 Cr-Commit-Position: refs/heads/master@{#31821}
-
- 04 Nov, 2015 1 commit
-
-
adamk authored
The "harmony"-prefixed files have been included in the snapshot for several releases now, and were only separate originally to enable loading them via a runtime flag. This patch simply merges them into the main implementation files for Arrays and TypedArrays, respectively. Review URL: https://codereview.chromium.org/1416243007 Cr-Commit-Position: refs/heads/master@{#31767}
-
- 28 Oct, 2015 1 commit
-
-
littledan authored
This patch wraps callsites to %AddElement to fall back to adding a named property in case it is given an argument of 2**32 or greater. The change is needed because %AddElement is called by Array functions in various places, and ES2015 changes these Array functions to use ToLength rather than ToUint32, so several callsites of %AddElement which used to be reliable array indices may be larger numbers. While the proper long-term solution may be to call out to Object.defineProperty, this fix should allow the ToLength semantics to be shipped while preserving correctness and not requiring a rewrite. BUG=v8:4516 LOG=Y R=adamk TEST=Interactively ran Array.prototype.slice on an Array-like which exceeded array bounds, and found that this did not check-fail at runtime as it did before. Microbenchmarked this technique against the previous version on a simple reverse implementation and found at most a 1% slowdown, as opposed to other techniques, like calling %DefineDataPropertyUnchecked, which had a 20% slowdown or Object.defineProperty with a 80% slowdown. Review URL: https://codereview.chromium.org/1420663003 Cr-Commit-Position: refs/heads/master@{#31640}
-
- 27 Oct, 2015 3 commits
-
-
littledan authored
Reland of Check that array length stays a safe integer in Array.prototype.push (patchset #1 id:1 of https://codereview.chromium.org/1418093007/ ) Reason for revert: The test failure was unrelated; relanding. Original issue's description: > Revert of Check that array length stays a safe integer in Array.prototype.push (patchset #7 id:120001 of https://codereview.chromium.org/1428483002/ ) > > Reason for revert: > Caused for-in-opt test to fail > > Original issue's description: > > Check that array length stays a safe integer in Array.prototype.push > > > > This patch adds a check in Array.prototype.push to assert that the new > > length does not become greater than 2**53-1. Such a length would be > > dangerous because integer arithmetic becomes imprecise after the > > boundary. The check is also required by a test262 test. > > > > R=adamk > > LOG=Y > > BUG=v8:3087 > > > > Committed: https://crrev.com/e68adf4548dd101dc08fcbff14444152fb1b7fe7 > > Cr-Commit-Position: refs/heads/master@{#31588} > > TBR=adamk@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=v8:3087 > > Committed: https://crrev.com/78abedb94431a233842fcb2f7a910805a05bed09 > Cr-Commit-Position: refs/heads/master@{#31590} TBR=adamk@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:3087 Review URL: https://codereview.chromium.org/1424823005 Cr-Commit-Position: refs/heads/master@{#31610}
-
littledan authored
Revert of Check that array length stays a safe integer in Array.prototype.push (patchset #7 id:120001 of https://codereview.chromium.org/1428483002/ ) Reason for revert: Caused for-in-opt test to fail Original issue's description: > Check that array length stays a safe integer in Array.prototype.push > > This patch adds a check in Array.prototype.push to assert that the new > length does not become greater than 2**53-1. Such a length would be > dangerous because integer arithmetic becomes imprecise after the > boundary. The check is also required by a test262 test. > > R=adamk > LOG=Y > BUG=v8:3087 > > Committed: https://crrev.com/e68adf4548dd101dc08fcbff14444152fb1b7fe7 > Cr-Commit-Position: refs/heads/master@{#31588} TBR=adamk@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:3087 Review URL: https://codereview.chromium.org/1418093007 Cr-Commit-Position: refs/heads/master@{#31590}
-
littledan authored
This patch adds a check in Array.prototype.push to assert that the new length does not become greater than 2**53-1. Such a length would be dangerous because integer arithmetic becomes imprecise after the boundary. The check is also required by a test262 test. R=adamk LOG=Y BUG=v8:3087 Review URL: https://codereview.chromium.org/1428483002 Cr-Commit-Position: refs/heads/master@{#31588}
-
- 22 Oct, 2015 1 commit
-
-
yangguo authored
R=cbruni@chromium.org Review URL: https://codereview.chromium.org/1413173003 Cr-Commit-Position: refs/heads/master@{#31467}
-
- 20 Oct, 2015 2 commits
-
-
karl authored
Use the simple inline function version of {Min, Max} where possible to improve performance Now uses an forced inline js function instead of a python macro to avoid expressions be evaluated twice Follow-up to CR: https://codereview.chromium.org/1331993004 Review URL: https://codereview.chromium.org/1410473002 Cr-Commit-Position: refs/heads/master@{#31411}
-
littledan authored
This patch refactors array methods to have the InnerArray{Map,Filter} methods convert to a GlobalArray rather than the callers. BUG=chromium:544991 R=yangguo,adamk CC=mstarzinger,jochen LOG=Y Review URL: https://codereview.chromium.org/1408213004 Cr-Commit-Position: refs/heads/master@{#31403}
-
- 16 Oct, 2015 1 commit
-
-
yangguo authored
R=cbruni@chromium.org, hpayer@chromium.org Review URL: https://codereview.chromium.org/1411653002 Cr-Commit-Position: refs/heads/master@{#31331}
-
- 15 Oct, 2015 2 commits
-
-
yangguo authored
R=rossberg@chromium.org BUG=chromium:451967 LOG=N Review URL: https://codereview.chromium.org/1404783002 Cr-Commit-Position: refs/heads/master@{#31296}
-
yangguo authored
R=adamk@chromium.org Review URL: https://codereview.chromium.org/1396323011 Cr-Commit-Position: refs/heads/master@{#31279}
-
- 14 Oct, 2015 1 commit
-
-
domenic authored
https://codereview.chromium.org/1343113003 introduced a separate InternalPackedArray constructor to the extras utils object, distinct from the one used by natives. However, it omitted the code to set up the methods for that InternalPackedArray. This makes all the basic manipulation methods available. BUG=v8:4276 LOG=Y R=jochen@chromium.org,yangguo@chromium.org Review URL: https://codereview.chromium.org/1401243003 Cr-Commit-Position: refs/heads/master@{#31272}
-
- 13 Oct, 2015 1 commit
-
-
mstarzinger authored
This moves JavaScript source files that are bundled with V8 into a separate directory. The goal is to improve code readability and also being able to formalize ideal reviewers by subsequently adding the OWNERS file. These files almost exclusively contain implementations of methods fully specified by ES6. Note that files in the "debug" directory as well as the "d8.js" file aren't affected by this change. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/1398733002 Cr-Commit-Position: refs/heads/master@{#31230}
-
- 08 Oct, 2015 1 commit
-
-
littledan authored
Revert of Use simple/fast macro version of MinMax in JS (patchset #2 id:20001 of https://codereview.chromium.org/1390023003/ ) Reason for revert: This contains bugs, as found by mstarzinger. Reverting until we can find a clean fix (maybe it should be an inline function instead of a macro). Original issue's description: > Use simple/fast macro version of MinMax in JS > > Use the simple macro version of {Min, Max} where possible to > improve performance > > Follow-up to CR: https://codereview.chromium.org/1331993004 > > BUG= > > Committed: https://crrev.com/27c96c26212a10bb7f19f7bf3ff793b31bbad354 > Cr-Commit-Position: refs/heads/master@{#31162} TBR=jkummerow@chromium.org,mstarzinger@chromium.org,karl@skomski.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1394303003 Cr-Commit-Position: refs/heads/master@{#31187}
-
- 07 Oct, 2015 2 commits
-
-
karl authored
Use the simple macro version of {Min, Max} where possible to improve performance Follow-up to CR: https://codereview.chromium.org/1331993004 BUG= Review URL: https://codereview.chromium.org/1390023003 Cr-Commit-Position: refs/heads/master@{#31162}
-
littledan authored
In ES5, ToObject was called on elements before invoking the .toLocaleString() method on them. ES2015 specifies that ToObject is not called. A test262 test verifies this change. This patch implements the new ES2015 behavior. It is verified by the test262 test built-ins/Array/prototype/toLocaleString/primitive_this_value_getter R=adamk Review URL: https://codereview.chromium.org/1390893003 Cr-Commit-Position: refs/heads/master@{#31160}
-
- 01 Oct, 2015 1 commit
-
-
bmeurer authored
Introduce %_ToNumber intrinsic, which just calls to the existing ToNumberStub, and remove all uses of our custom JavaScript plus intrinsics based ToNumber and friends. Also replace the TO_NUMBER_INLINE macro with TO_NUMBER, which is currently a wrapper for %_ToNumber. Newly written JS code should use TO_NUMBER (similar to TO_STRING, TO_INT32, and friends). Also finally remove the DefaultString/DefaultNumber builtins, which are basically the ES5 version of ToPrimitive. Now all code uses the ES6 version, which is implemented in Object::ToPrimitive and JSReceiver::ToPrimitive in C++. CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg R=jarin@chromium.org BUG=v8:4307 LOG=n Review URL: https://codereview.chromium.org/1384443002 Cr-Commit-Position: refs/heads/master@{#31054}
-
- 28 Sep, 2015 1 commit
-
-
bmeurer authored
The internal ConvertToString helper was using the wrong ToPrimitive, actually the old ES5 like DefaultString, and it also prematurely optimized for no real benefit. BUG=v8:4307 LOG=n Review URL: https://codereview.chromium.org/1370943002 Cr-Commit-Position: refs/heads/master@{#30956}
-
- 23 Sep, 2015 1 commit
-
-
bmeurer authored
Introduce a new macro TO_STRING that maps to %_ToString and use that instead of calling into any of the ToString/NonStringToString JavaScript builtins. Also remove the TO_STRING_INLINE macro, which is basically obsolete with %_ToString. We still have a few uses of ToString left (via the utils export mechanism), where we need to investigate whether we will tank badly if we replace them with TO_STRING as well. CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg R=yangguo@chromium.org BUG=v8:4307 LOG=n Review URL: https://codereview.chromium.org/1323543002 Cr-Commit-Position: refs/heads/master@{#30895}
-
- 16 Sep, 2015 1 commit
-
-
aperez authored
Defines a new --harmony-tolength flag, and a ToLengthFlagged() runtime function, that is used where ES6 requires ToLength(), but a pre-ES6 conversion existed before. When the flag is disabled, the function uses TO_UINT32(), which is the pre-ES6 behaviour. When the flag enabled, the ES6-compliant ToLength() conversion is used. Based on a patch initially from Diego Pino <dpino@igalia.com> BUG=v8:3087 LOG=Y Review URL: https://codereview.chromium.org/1309243003 Cr-Commit-Position: refs/heads/master@{#30772}
-
- 08 Sep, 2015 2 commits
-
-
cbruni authored
By using an InternArray for the pivot calculation we can get rid of yet another %_CallFunction. Review URL: https://codereview.chromium.org/1316673008 Cr-Commit-Position: refs/heads/master@{#30636}
-
bmeurer authored
The semantics of the %_CallFunction intrinsic seem to be very unclear, which resulted in a lot of bugs. Especially the combination with %IsSloppyModeFunction is always a bug, because the receiver would be wrapped in the wrong context. So the %IsSloppyModeFunction helper is gone now, and many of the buggy uses of %_CallFunction are also eliminated. If you ever need to call something with a different receiver, then %_Call is your friend now. It does what you want and implements the call sequence fully (and correct). BUG=v8:4413 LOG=n Review URL: https://codereview.chromium.org/1325573004 Cr-Commit-Position: refs/heads/master@{#30634}
-
- 07 Sep, 2015 2 commits
-
-
cbruni authored
- Moving parts of ArrayConcat from builtins.cc to the ElementsAccessor - Removing ArrayConcat Runtime Function BUG=v8:4317 LOG=N Review URL: https://codereview.chromium.org/1330483003 Cr-Commit-Position: refs/heads/master@{#30619}
-
cbruni authored
Review URL: https://codereview.chromium.org/1326263002 Cr-Commit-Position: refs/heads/master@{#30618}
-
- 03 Sep, 2015 1 commit
-
-
bmeurer authored
This turns the has_instance_call_handler bit on Map into an is_callable bit, that matches the spec definition of IsCallable (i.e. instances have [[Call]] internal methods). Also fix the typeof operator to properly say "function" for everything that is callable. Also remove the (unused) premature %_GetPrototype optimization from Crankshaft, which just complicated the Map bit swap. R=mstarzinger@chromium.org, rossberg@chromium.org, yangguo@chromium.org CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg Review URL: https://codereview.chromium.org/1316933002 Cr-Commit-Position: refs/heads/master@{#30552}
-
- 31 Aug, 2015 1 commit
-
-
machenbach authored
Revert of Native context: install array methods via runtime import. (patchset #1 id:1 of https://codereview.chromium.org/1324483002/ ) Reason for revert: This breaks builds without i18n support. Bisected locally. See builder: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/4285 http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/4285/steps/Check/logs/Threading1 # Fatal error in .././src/objects-inl.h, line 1381 # Check failed: READ_FIELD(this, offset)->IsSmi(). Original issue's description: > Native context: install array methods via runtime import. > > R=cbruni@chromium.org > > Committed: https://crrev.com/08ee2132a818a0178038afa521ca06c297195cc9 > Cr-Commit-Position: refs/heads/master@{#30446} TBR=cbruni@chromium.org,yangguo@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1314193003 Cr-Commit-Position: refs/heads/master@{#30462}
-
- 28 Aug, 2015 1 commit
-
-
yangguo authored
R=cbruni@chromium.org Review URL: https://codereview.chromium.org/1324483002 Cr-Commit-Position: refs/heads/master@{#30446}
-