- 05 Oct, 2020 1 commit
-
-
Philip Pfaffe authored
When debugging WebAssembly, calls to evaluateOnCallFrame always return undefined. This CL enables evaluateOnCallFrame for WebAssembly and creates a proxy object that is injected into the evaluation context. Bug: chromium:1127914 Change-Id: I3f5cff3be2c9de45c7b1f3f7ed4fc2e1cc545ac6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429265 Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70315}
-
- 01 Oct, 2020 1 commit
-
-
Yang Guo authored
R=szuend@chromium.org Fixed: v8:10910 Change-Id: I8706026db5dfa815ae5c1580a6ebbeb11adeb23e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442615 Commit-Queue: Yang Guo <yangguo@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Yang Guo <yangguo@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70254}
-
- 29 Sep, 2020 1 commit
-
-
Philip Pfaffe authored
This is the first step to support debug evaluate on wasm call frames. This CL enables calling evaluateOnCallFrame when a wasm frame is selected, which before always returned undefined. The CL mirrors global evaluation, and actually enabling inspecting the wasm frame will be part of a second change. Bug: chromium:1127914 Change-Id: If0ad0be7c402d85ab2a8e95376398f4f4ef94948 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436338 Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70198}
-
- 25 Sep, 2020 1 commit
-
-
Bill Budge authored
Bug: v8:10933 Change-Id: I4db540cf47ce5cfa25757d776a2bf988ce3ed554 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432072Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#70147}
-
- 31 Aug, 2020 1 commit
-
-
bcoe authored
Incrementing coverage counter was triggering EvalError for evaluateOnCallFrame when throwOnSideEffect is true. R=jgruber@chromium.org, sigurds@chromium.org, yangguo@chromium.org Bug: v8:10856 Change-Id: I0552e19a3a14ff61a9cb626494fb4a21979d535e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384011 Commit-Queue: Benjamin Coe <bencoe@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#69628}
-
- 22 Jun, 2020 1 commit
-
-
Dan Elphick authored
This changes black/white list to block/allow list. Bug: v8:10619 Change-Id: Id55d72f90891670ca57b62dfeb6b3251025927dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257228Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#68464}
-
- 20 May, 2020 1 commit
-
-
Gus Caplan authored
Math.random, while technically not having any effects which modify the surrounding JS state, does observably change between a no-side-effects evaluation and an actual evaluation, and can cause confusion. Change-Id: I4a41ac6fd3153a14245d5940fe52ada43ca05e0b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207805Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Gus Caplan <me@gus.host> Cr-Commit-Position: refs/heads/master@{#67927}
-
- 13 May, 2020 1 commit
-
-
Camillo Bruni authored
This CL locally improves Number.toString by 5% for the slow case where the number is not found in the cache. - Introduce NumberCacheMode to avoid needless querying of the cache - Allow for some more inlining Bug: v8:10477 Change-Id: I4163e85db587ab3a6e89c126f81f6095fdb02b2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172793Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#67768}
-
- 24 Apr, 2020 2 commits
-
-
Timothy Gu authored
This is a reland of 29c1eab9 Original change's description: > [builtins] Clean up the use of class_name / ES5 [[Class]] > > Before ES2015, the ES spec had a [[Class]] internal slot for all > objects, which Object.prototype.toString() would use to figure the > returned string. Post-ES2015, the [[Class]] slot was removed in spec for > all objects, with the @@toStringTag well-known symbol the proper way to > change Object.prototype.toString() output. > > At the time, spec-identical handling without the use of [[Class]] was > implemented in V8 for all objects other than API objects, where issues > with the Web IDL spec [1] prevented Blink, and hence V8, to totally > migrate to @@toStringTag. However, since 2016 [2] Blink has been setting > @@toStringTag on API class prototypes to manage the > Object.prototype.toString() output, so the legacy [[Class]] handling in > V8 has not been necessary for the past couple of years. > > This CL removes the remaining legacy [[Class]] handling in > Object.prototype.toString(), JSReceiver::class_name(), and > GetConstructorName(). However, it does not remove the class_name field > in FunctionTemplateInfo, as it is still used for the `name` property of > created functions. > > This CL also cleans up other places in the codebase that still reference > [[Class]]. > > This change should have minimal impact on web-compatibility. For the > change to be observable, a script must do one of the following: > > 1. delete APIConstructor.prototype[Symbol.toStringTag]; > 2. Object.setPrototypeOf(apiObject, somethingElse); > > Before this CL, these changes will not change the apiObject.toString() > output. But after this CL, they will make apiObject.toString() show > "[object Object]" (in the first case) or the @@toStringTag of the other > prototype (in the latter case). > > However, both are deemed unlikely. @@toStringTag is not well-known > feature of JavaScript, nor does it get tampered much on API > constructors. In the second case, setting the prototype of an API object > would effectly render the object useless, as all its methods (including > property getters/setters) would no longer be accessible. > > Currently, @@toStringTag-based API object branding is not yet > implemented by other browsers. This V8 bug in particular has been an > impediment to standardizing toString behavior. Fixing this bug will > unblock [3] and lead to a better Web IDL spec, and better toString() > compatibility for all. > > [1]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=28244 > [2]: https://crrev.com/909c0d7d5a53c8526ded351683c65ea7d17531d4 > [3]: https://github.com/heycam/webidl/pull/357 > > Bug: chromium:793406 > Cq-Include-Trybots: luci.chromium.try:linux-rel > Change-Id: Iceded24e37afa2646ec385d5018909f55b177f93 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2146996 > Commit-Queue: Timothy Gu <timothygu@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67327} Bug: chromium:793406 Change-Id: Ia5d97bd4e1c44cadc6f18a17ffc9d06b038cf8f1 Cq-Include-Trybots: luci.chromium.try:linux-rel Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163881 Auto-Submit: Timothy Gu <timothygu@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#67361}
-
Bill Budge authored
This reverts commit 29c1eab9. Reason for revert: Causes Blink test failures: https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/4222 Original change's description: > [builtins] Clean up the use of class_name / ES5 [[Class]] > > Before ES2015, the ES spec had a [[Class]] internal slot for all > objects, which Object.prototype.toString() would use to figure the > returned string. Post-ES2015, the [[Class]] slot was removed in spec for > all objects, with the @@toStringTag well-known symbol the proper way to > change Object.prototype.toString() output. > > At the time, spec-identical handling without the use of [[Class]] was > implemented in V8 for all objects other than API objects, where issues > with the Web IDL spec [1] prevented Blink, and hence V8, to totally > migrate to @@toStringTag. However, since 2016 [2] Blink has been setting > @@toStringTag on API class prototypes to manage the > Object.prototype.toString() output, so the legacy [[Class]] handling in > V8 has not been necessary for the past couple of years. > > This CL removes the remaining legacy [[Class]] handling in > Object.prototype.toString(), JSReceiver::class_name(), and > GetConstructorName(). However, it does not remove the class_name field > in FunctionTemplateInfo, as it is still used for the `name` property of > created functions. > > This CL also cleans up other places in the codebase that still reference > [[Class]]. > > This change should have minimal impact on web-compatibility. For the > change to be observable, a script must do one of the following: > > 1. delete APIConstructor.prototype[Symbol.toStringTag]; > 2. Object.setPrototypeOf(apiObject, somethingElse); > > Before this CL, these changes will not change the apiObject.toString() > output. But after this CL, they will make apiObject.toString() show > "[object Object]" (in the first case) or the @@toStringTag of the other > prototype (in the latter case). > > However, both are deemed unlikely. @@toStringTag is not well-known > feature of JavaScript, nor does it get tampered much on API > constructors. In the second case, setting the prototype of an API object > would effectly render the object useless, as all its methods (including > property getters/setters) would no longer be accessible. > > Currently, @@toStringTag-based API object branding is not yet > implemented by other browsers. This V8 bug in particular has been an > impediment to standardizing toString behavior. Fixing this bug will > unblock [3] and lead to a better Web IDL spec, and better toString() > compatibility for all. > > [1]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=28244 > [2]: https://crrev.com/909c0d7d5a53c8526ded351683c65ea7d17531d4 > [3]: https://github.com/heycam/webidl/pull/357 > > Bug: chromium:793406 > Cq-Include-Trybots: luci.chromium.try:linux-rel > Change-Id: Iceded24e37afa2646ec385d5018909f55b177f93 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2146996 > Commit-Queue: Timothy Gu <timothygu@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67327} TBR=verwaest@chromium.org,timothygu@chromium.org Change-Id: I678d2ffc1064b1d1ddb62024cc23c6c41b216ef4 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:793406 Cq-Include-Trybots: luci.chromium.try:linux-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163956Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#67349}
-
- 23 Apr, 2020 1 commit
-
-
Timothy Gu authored
Before ES2015, the ES spec had a [[Class]] internal slot for all objects, which Object.prototype.toString() would use to figure the returned string. Post-ES2015, the [[Class]] slot was removed in spec for all objects, with the @@toStringTag well-known symbol the proper way to change Object.prototype.toString() output. At the time, spec-identical handling without the use of [[Class]] was implemented in V8 for all objects other than API objects, where issues with the Web IDL spec [1] prevented Blink, and hence V8, to totally migrate to @@toStringTag. However, since 2016 [2] Blink has been setting @@toStringTag on API class prototypes to manage the Object.prototype.toString() output, so the legacy [[Class]] handling in V8 has not been necessary for the past couple of years. This CL removes the remaining legacy [[Class]] handling in Object.prototype.toString(), JSReceiver::class_name(), and GetConstructorName(). However, it does not remove the class_name field in FunctionTemplateInfo, as it is still used for the `name` property of created functions. This CL also cleans up other places in the codebase that still reference [[Class]]. This change should have minimal impact on web-compatibility. For the change to be observable, a script must do one of the following: 1. delete APIConstructor.prototype[Symbol.toStringTag]; 2. Object.setPrototypeOf(apiObject, somethingElse); Before this CL, these changes will not change the apiObject.toString() output. But after this CL, they will make apiObject.toString() show "[object Object]" (in the first case) or the @@toStringTag of the other prototype (in the latter case). However, both are deemed unlikely. @@toStringTag is not well-known feature of JavaScript, nor does it get tampered much on API constructors. In the second case, setting the prototype of an API object would effectly render the object useless, as all its methods (including property getters/setters) would no longer be accessible. Currently, @@toStringTag-based API object branding is not yet implemented by other browsers. This V8 bug in particular has been an impediment to standardizing toString behavior. Fixing this bug will unblock [3] and lead to a better Web IDL spec, and better toString() compatibility for all. [1]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=28244 [2]: https://crrev.com/909c0d7d5a53c8526ded351683c65ea7d17531d4 [3]: https://github.com/heycam/webidl/pull/357 Bug: chromium:793406 Cq-Include-Trybots: luci.chromium.try:linux-rel Change-Id: Iceded24e37afa2646ec385d5018909f55b177f93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2146996 Commit-Queue: Timothy Gu <timothygu@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#67327}
-
- 16 Apr, 2020 1 commit
-
-
Marja Hölttä authored
They were installed as builtins for historical reasons (see https://codereview.chromium.org/2222893002 ). But they're pretty much unnecessary, as they were mostly dead code, except MakeTypeError - but that work can be delegated to Runtime_NewTypeError. Change-Id: I0c3b361accf9a96da5cd00cc62b7f018186dad17 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2150597Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#67164}
-
- 20 Mar, 2020 2 commits
-
-
Santiago Aboy Solanes authored
Now that it is implicit in function entry and loop iteration, there is no need for an explicit bytecode. Also updated tests that used explicit bytecodes. Bug: v8:10149, v8:9960 Change-Id: I3ca582f276829bd54feb35e6d4ea656a32efbd54 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093507Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66811}
-
Santiago Aboy Solanes authored
Since now the IterationBody StackChecks are implicit within JumpLoops, we are able to eagerly deopt in them. If we do that, whenever we advance to the next bytecode we don't have to advance to the next literal bytecode, but instead "advance" in the sense of doing the JumpLoop. Adding tests that test this advancing for wide and extra wide JumpLoops. Also, marking JumpLoop as needing source positions since now it has the ability of causing an interrupt. Bug: v8:10149, v8:9960 Fixes: v8:10149 Change-Id: Ib0d9efdfb379e0dfbba7a7f67cba9262668813b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064226Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66809}
-
- 02 Mar, 2020 2 commits
-
-
Shu-yu Guo authored
The spec was changed in February TC39 to make ToInteger always normalize -0 to +0. This only observably affects Atomics.store. Bug: v8:10271 Change-Id: I0e8f6c35cef982eae242cf6619f6f24fa75b1759 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2076509Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66543}
-
Toon Verwaest authored
This reverts commit 90b39673. Reason for revert: These functions are in use by d8-js.cc Original change's description: > [cleanup] Remove three unused proxy runtime functions > > R=jgruber@chromium.org > > Bug: v8:9183 > Change-Id: I789295e5bbea682b2e46ccf5a55c69dc74f0ed72 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617669 > Auto-Submit: Simon Zünd <szuend@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61632} TBR=jgruber@chromium.org,szuend@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9183, v8:10289 Change-Id: Ibd8566151f036efe73c869dcfd2cfee2a559489b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083299Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66536}
-
- 21 Feb, 2020 1 commit
-
-
Wouter Vermeiren authored
After support for ARCH_PPC was dropped, it became a subset of ARCH_PPC64. If you compile for ppc64, then you set the ARCH_PPC64 define which also sets the ARCH_PPC define. To be able to again support ppc (32 bit) those defines should be split up again. This commit only splits up the defines but does not introduce a working ARCH_PPC variant. Bug: v8:10102 Change-Id: I64e0749f8e5a7dc078ee7890d92e57b82706a849 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989826 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#66390}
-
- 19 Feb, 2020 1 commit
-
-
Georg Neis authored
.. to improve code readability. Change-Id: I130542600bcad2a016f3dbbedab594a71cddcb9d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2061549Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66338}
-
- 24 Jan, 2020 1 commit
-
-
Toon Verwaest authored
Otherwise the side effect is already applied before we throw the exception, already breaking the environment. Bug: chromium:1043151 Change-Id: I6d6b4706481bd8eaead6de3503aabc4bad9fb6de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016597 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65982}
-
- 22 Jan, 2020 1 commit
-
-
Toon Verwaest authored
Changing script context handling from bytecode based to metadata on the function. This fixes the debugger to explicitly check the code rather than implicitly relying on a NewScriptContext bytecode causing side effects. Bug: chromium:1043151 Tbr: ulan@chromium.org Change-Id: I38c5c04d7c76155e0a055ae6efd57f25986bdb7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013117Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65920}
-
- 21 Jan, 2020 1 commit
-
-
Simon Zünd authored
This fixes the DevTools console preview when using REPL mode. AsyncFunction* intriniscs are side-effect free and marking them as such is correct. Bug: chromium:1043151 Change-Id: Ie0c36507b98b0c12f3d627c34102c04c27358ff2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010106Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65876}
-
- 04 Dec, 2019 1 commit
-
-
Simon Zünd authored
The ScopeIterator only requires accurate information for the whole script during local debug-evaluate, when the accurate scope information is used to build stack local blacklists. Otherwise it is enough to only reparse the closure. This should recover some performance during stepping, especially with large stacks and scripts. Drive-by: Remove unused COLLECT_NON_LOCALS enum option. Bug: chromium:1028093, v8:9938 Change-Id: I6b3a34e9015e564d683e76b88388daabc426e1cb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948715 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#65318}
-
- 06 Nov, 2019 2 commits
-
-
Simon Zünd authored
There already exists a optional boolean flag 'replMode' for the 'Runtime.evaluate' command. This CL ferries the flag from the inspector to DebugEvaluate::Global. The existing DebugEvaluate::GlobalREPL is removed in favor of a the REPLMOde enum to reduce code duplication. Bug: chromium:1018158 Change-Id: Iafb43a3015b6876a02ac0db6cdfcac2cfa388862 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881149 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#64801}
-
Simon Zünd authored
Design doc: bit.ly/v8-repl-mode This CL adds a new REPL mode that can be used via DebugEvaluate::GlobalREPL. REPL mode only implements re-declaration of 'let' bindings at the moment. Example: REPL Input 1: let x = 21; REPL Input 2: let x = 42; This would normally throw a SyntaxError, but works in REPL mode. The implementation is done by: - Setting a 'repl mode' bit on {Script}, {ScopeInfo}, {ParseInfo} and script {Scope}. - Each global let declaration still gets a slot reserved in the respective {ScriptContext}. - When a new REPL mode {ScriptContext} is created, name clashes for let bindings are not reported as errors. - Declarations, loads and stores for global let in REPL mode are now "load/store global" instead of accessing their respective context slot directly. This causes a lookup in the ScriptContextTable where the found slot for each name is guaranteed to be the same (the first one). Bug: chromium:1004193, chromium:1018158 Change-Id: Ia6ab526b9f696400dbb8bfb611a4d43606119a47 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876061 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64793}
-
- 27 Sep, 2019 1 commit
-
-
Benedikt Meurer authored
This new optional parameter controls whether "Runtime.evaluate" ignores break points and previous "Debugger.pause" calls while evaluating the expression. This will be used for live expressions, which should never interfere with debugging. Bug: chromium:1001216 Change-Id: Ie37f6616a4a1cae40399b79255ab92fb254d91b5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826664 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#64018}
-
- 11 Sep, 2019 1 commit
-
-
Simon Zünd authored
This CL changes how variables are resolved during debug evaluate. We now re-parse the whole script when creating a ScopeIterator. This gives us accurate scope information for all parent scopes of the closure in which we stopped. Using this information, we build blacklists of stack-allocated variables. Each context on the chain in between the closure context up to the original native context is wrapped in a debug-evaluate context with such a blacklist attached. Variable lookup for debug-evalute contexts then works as follows: 1) Look up in the materialized stack variables (stayed the same). 2) Check the blacklist to find out whether to abort further lookup. 3) Look up in the original context. Steps 1-3 is repeated for each debug-evaluate context, since they mirror the original context chain. R=ulan@chromium.org, yangguo@chromium.org Change-Id: Ied8e5786772c70566da9627ee3b7eff066fba2b4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795354Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#63666}
-
- 09 Aug, 2019 2 commits
-
-
Yang Guo authored
R=szuend@chromium.org Bug: chromium:991217 Change-Id: Icf4d5522fe2a1d2400e6dd33744d6a60ab4e634c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1745469 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#63144}
-
Swapnil Gaikwad authored
This is the first in a series of changes to reduce the number of bytecodes generated for the iteration protocol based operations. The GetIterator bytecode introduced in this change currently loads the @@iterator symbol from an object that was previously done using the LdaNamedProperty bytecode. This change uses builtin-based mechanism that would be extended to perform additional operations in the future on absorbing the bytecodes associated with the GetIterator operation from the iteration protocol. Bug: v8:9489 Change-Id: I83b8b55c27bae8260bf227f355eeca1ba80cd8f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701852 Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63139}
-
- 18 Jul, 2019 1 commit
-
-
Zhang, Shiyu authored
.. by moving the element check forward. So that we skip try_fast path when we have elements on the receiver. Bug: chromium:977870,chromium:983982 Change-Id: Ib26fb3df215ffc5e0ac0c7e344a4239b845fe129 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697042 Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62796}
-
- 12 Jul, 2019 1 commit
-
-
Peter Marshall authored
Everyone was getting a copy of this through debug.h. Bug: v8:9396 Change-Id: I5189cb4bf27a3381768b0be479d7b3d60dec20bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695472 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62670}
-
- 11 Jul, 2019 3 commits
-
-
Mythri A authored
GetOwnPropertyNameTryFast uses ENUMERABLE_STRINGS filter to trigger fast path in KeyAccumulator::GetKeys conditionally when all properties on the receiver are enumerable. It is not easy to verify if all properties are enumerable and the current check is incorrect in some cases. For ex: when we have non-enumerable properties when we have elements on the receiver. This cl removes this try_fast path from the builtin. This could impact performance. The long term fix for this would be to fix KeyAccumulator::GetKeys to use fast path for more cases. Bug: chromium:977870 Change-Id: Iecde730739c2c452ffa0d893d0d1b3612a45d1b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679499Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#62649}
-
Clemens Hammacher authored
This removes the last remaining use of the AbortJS opcode. We now use AbortCSAAssert instead, which is not influenced by the --disable-abortjs flag. The AbortJS runtime function should only be called from JS now. R=mstarzinger@chromium.org Bug: v8:9396 Change-Id: I791da99594f9e1e99991ac8b03e943297d7d41e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695476 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62633}
-
Clemens Hammacher authored
The existing AbortJS runtime function can be disabled via --disable-abortjs (which the fuzzers use), but we never want to disable CSA assertions. Hence use a separate runtime function for those. This will also reduce the size of generated strings, since the "CSA_ASSERT failed: " prefix is not part of those strings any more. As a drive-by, this renames all occurences of "DebugAbort" to "AbortJS" to be consistent in that name. R=mstarzinger@chromium.org, tebbi@chromium.org Bug: v8:9453 Change-Id: I52e48032a1d58f296f0364fe8d917e45a2603a2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692921 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62622}
-
- 09 Jul, 2019 1 commit
-
-
Tobias Tebbi authored
The slow-path emitted by the memory optimizer now checks if large object allocations were allowed before going ahead and allocating a large object. This is important because manual allocation folding in CSA must not be performed on a large object. Bug: v8:9388 Change-Id: I74b840c9c9276bd17611842e0eae7b0e58b142d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675960 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62605}
-
- 18 Jun, 2019 1 commit
-
-
Z Nguyen-Huu authored
ObjectGetPrototypeOf and ReflectGetPrototypeOf are now Torque builtins (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously). Perf improvement in micro-benchmark JSTests/Proxies Before: GetPrototypeOfWithoutTrap-Proxies(Score): 1876 GetPrototypeOfWithTrap-Proxies(Score): 857 After: GetPrototypeOfWithoutTrap-Proxies(Score): 2810 GetPrototypeOfWithTrap-Proxies(Score): 3197 Bug: v8:6664 Change-Id: If60dda67d6e90c2d6f0ec743f6cb7c0fff54d607 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658717 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62256}
-
- 05 Jun, 2019 1 commit
-
-
Z Nguyen-Huu authored
ObjectIsExtensible is now a Torque builtin (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously). Improvement in micro-benchmark Before: IsExtensibleWithoutTrap-Proxies(Score): 2228 IsExtensibleWithTrap-Proxies(Score): 917 After: IsExtensibleWithoutTrap-Proxies(Score): 3683 IsExtensibleWithTrap-Proxies(Score): 3310 Bug: v8:6664 Change-Id: I1fbe1c51cb724a23d7a59fc8231bb3d1461a6add Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637444 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62006}
-
- 24 May, 2019 4 commits
-
-
Yang Guo authored
TBR=mvstanton@chromium.org,neis@chromium.org,ahaas@chromium.org Bug: v8:9247 Change-Id: I5433c863a54f3412d73df0d38aba3fdbcfac7ebe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627973 Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61830}
-
Simon Zünd authored
This is a reland of 2b0ac2fb The layout test that caused this revert was fixed with: https://crrev.com/c/1627386 Original change's description: > [array] Move Array#sort pre-processing to Torque > > This CL removes the "PrepareElementsForSort" runtime function, and > replaces it with a simpler version in Torque. The biggest difference > is that certain sparse configurations no longer have a fast-path. > > The Torque pre-processing step replaces the existing Torque mechanism that > copied already pre-processed elements into the "work" FixedArray. The Torque > compacting works as follows: > - Iterate all elements from 0 to {length} > - If the element is the hole: Do nothing. > - If the element is "undefined": Increment undefined counter. > - In all other cases, push the element into the "work" FixedArray. > > Then the "work" FixedArray is sorted as before. Writing the elements from > the "work" array back into the receiver, after sorting, has three steps: > 1. Copy the sorted elements from the "work" FixedArray to the receiver. > 2. Add previously counted number of "undefined" to the receiver. > 3. Depending on the backing store either delete properties or > set them to the Hole up to {length}. > > Bug: v8:8714 > Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61812} TBR: jgruber@chromium.org Bug: v8:8714 Change-Id: If7613f6e5f37c5e0d649e8192195594bc6c32100 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627977 Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#61827}
-
Simon Zünd authored
This reverts commit 2b0ac2fb. Reason for revert: Breaks scrollingcoordinator/non-fast-scrollable-region-nested.html layout test on https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/32241 Original change's description: > [array] Move Array#sort pre-processing to Torque > > This CL removes the "PrepareElementsForSort" runtime function, and > replaces it with a simpler version in Torque. The biggest difference > is that certain sparse configurations no longer have a fast-path. > > The Torque pre-processing step replaces the existing Torque mechanism that > copied already pre-processed elements into the "work" FixedArray. The Torque > compacting works as follows: > - Iterate all elements from 0 to {length} > - If the element is the hole: Do nothing. > - If the element is "undefined": Increment undefined counter. > - In all other cases, push the element into the "work" FixedArray. > > Then the "work" FixedArray is sorted as before. Writing the elements from > the "work" array back into the receiver, after sorting, has three steps: > 1. Copy the sorted elements from the "work" FixedArray to the receiver. > 2. Add previously counted number of "undefined" to the receiver. > 3. Depending on the backing store either delete properties or > set them to the Hole up to {length}. > > Bug: v8:8714 > Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61812} TBR=peter.wm.wong@gmail.com,jgruber@chromium.org,tebbi@chromium.org,szuend@chromium.org Change-Id: If1c1bc07f38dfbd4bf6b6ce8f9d70714e7526877 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8714 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627976Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61814}
-
Simon Zünd authored
This CL removes the "PrepareElementsForSort" runtime function, and replaces it with a simpler version in Torque. The biggest difference is that certain sparse configurations no longer have a fast-path. The Torque pre-processing step replaces the existing Torque mechanism that copied already pre-processed elements into the "work" FixedArray. The Torque compacting works as follows: - Iterate all elements from 0 to {length} - If the element is the hole: Do nothing. - If the element is "undefined": Increment undefined counter. - In all other cases, push the element into the "work" FixedArray. Then the "work" FixedArray is sorted as before. Writing the elements from the "work" array back into the receiver, after sorting, has three steps: 1. Copy the sorted elements from the "work" FixedArray to the receiver. 2. Add previously counted number of "undefined" to the receiver. 3. Depending on the backing store either delete properties or set them to the Hole up to {length}. Bug: v8:8714 Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61812}
-