1. 14 May, 2019 1 commit
  2. 30 Apr, 2019 1 commit
  3. 18 Dec, 2018 1 commit
    • Mythri's avatar
      Fix ObjectToString builtin to work for subclasses · 2ea00908
      Mythri authored
      When we call ObjectToString on JSValues we only looked at string tags
      on the prototype map of the JSValue's value type and do not check the
      tags on the JSValue's prototype chain which may be non-trivial if
      subclassing is involved. For ex: if we have a class Test extend Number,
      we only looked for tags on the Number prototype and not on the Test
      prototype. This cl fixes the builtin to also check for these cases.
      
      
      Bug: v8:7706
      Change-Id: I9f0e3bb6499646bf27b92bf4fb4e9014f6efa56b
      Reviewed-on: https://chromium-review.googlesource.com/c/1378176Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Commit-Queue: Mythri Alle <mythria@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58338}
      2ea00908
  4. 11 Dec, 2018 1 commit
  5. 18 Oct, 2018 1 commit
  6. 02 May, 2018 1 commit
  7. 30 Apr, 2018 1 commit
  8. 29 Apr, 2018 1 commit
  9. 14 Mar, 2018 1 commit
    • Caitlin Potter's avatar
      Reland "[esnext] re-implement template strings" · b8229612
      Caitlin Potter authored
      - Add a new bytecode for the ToString operation, replacing the old
      intrinsic call (currently does not collect type feedback).
      - Add a new AST node to represent TemplateLiterals, and avoid
      generating unnecessary ToString operations in some simple cases.
      - Use a single feedback slot for each string addition, because the
      type feedback should always be the same for each addition
      
      This seems to produce a very slight improvement on JSTests benchmarks
      and bench-ruben.js from v8:7415, and it's possible that type feedback
      for the ToString bytecode could provide more opportunities to eliminate
      the runtime call in TurboFan.
      
      Doesn't touch tagged templates
      
      [esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral
      
      Fixes an error where TemplateLiteral printing in --print-ast
      would try to read an element beyond the length of a vector.
      
      BUG=v8:7415, chromium:820596
      R=adamk@chromium.org, gsathya@chromum.org, rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org
      
      Change-Id: Ie56894f73a6445550a5f95f42160c4e29ab1da42
      Reviewed-on: https://chromium-review.googlesource.com/958408Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Commit-Queue: Caitlin Potter <caitp@igalia.com>
      Cr-Commit-Position: refs/heads/master@{#51933}
      b8229612
  10. 10 Mar, 2018 2 commits
  11. 23 Oct, 2017 1 commit
  12. 23 Jun, 2017 1 commit
  13. 24 May, 2017 1 commit
  14. 04 May, 2017 1 commit
    • Caitlin Potter's avatar
      [es6] don't use do-expressions to desugar ES6 classes · c6540ab1
      Caitlin Potter authored
      Removes the do-expression wrapping, modifies BytecodeGenerator change
      to enter a class literal's block scope if needed.
      
      This does not solve the actual bug in v8:6322, but helps mitigate it in
      simple cases. The bug is caused by BytecodeGenerator not allocating a
      large enough array of context registers to hold its entire stack,
      allowing non-context registers to be overwritten during PushContext and
      PopContext bytecodes.
      
      Nevertheless, I like the idea of not depending on do-expressions when
      possible, so I think it's worth doing anyways.
      
      BUG=v8:6322
      R=rmcilroy@chromium.org, marja@chromium.org, littledan@chromium.org
      
      Change-Id: I82b7569db2a0eead1694bd04765fc4456c2f1a0a
      Reviewed-on: https://chromium-review.googlesource.com/491074
      Commit-Queue: Caitlin Potter <caitp@igalia.com>
      Reviewed-by: 's avatarMarja Hölttä <marja@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarDaniel Ehrenberg <littledan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45110}
      c6540ab1
  15. 22 Mar, 2017 1 commit
  16. 15 Feb, 2017 1 commit
    • caitp's avatar
      Reland [typedarrays] move %TypedArray%.prototype.copyWithin to C++ · dc302c74
      caitp authored
      - Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
      - Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
      relies on std::memmove rather than accessing individual eleements.
      - Fixes the case where copyWithin is invoked on a TypedArray with a
      detached buffer.
      - Add tests to ensure that +/-Infinity (for all 3 parameters) is handled
        correctly by the
      algorithm
      
      The C++ version gets through the benchmark more than 25000 times as
      quickly as the JS implementation.
      
      BUG=v8:5925, v8:5929, v8:4648
      R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
      
      Review-Url: https://codereview.chromium.org/2697593002
      Cr-Commit-Position: refs/heads/master@{#43213}
      dc302c74
  17. 18 Nov, 2016 2 commits
  18. 16 Nov, 2016 1 commit
    • jgruber's avatar
      [debug-wrapper] Further extend the debug wrapper · b06c4ce5
      jgruber authored
      This CL further extends the debug wrapper, migrates around 60 tests, and
      removes a few tests that use functionality we will not support anymore.
      
      In more detail:
      
      * Removed tests that use:
        * enable/disable individual breakpoints
        * invocationText()
        * the ScriptCollected event
        * showBreakPoints
        * evalFromScript (and similar)
        * mirror.constructedBy and mirror.referencedBy
        * event_data.promise()
      * Some frame.evaluate uses were adapted since due to differences between
        remote objects (inspector) and mirrors. For instance, exceptions are
        currently not recreated exactly, since the inspector protocol does not
        give us the stack and message separately. Other objects (such as
        'this' in debug-evaluate-receiver-before-super) need to be explicitly
        converted to a string before the test works correctly.
      * Ensure that inspector stores the script before sending ScriptParsed and
        ScriptFailedToParse events in order to be able to use the script from
        within those events.
      * Better remote object reconstruction (e.g. for undefined and arrays).
      * New functionality in wrapper:
        * debuggerFlags().breakPointsActive.setValue()
        * scripts()
        * execState.setVariableValue()
        * execState.scopeObject().value()
        * execState.scopeObject().property()
        * execState.frame().allScopes()
        * eventData.exception()
        * eventData.script()
        * setBreakPointsActive()
      
      BUG=v8:5530
      
      Review-Url: https://codereview.chromium.org/2497973002
      Cr-Commit-Position: refs/heads/master@{#41019}
      b06c4ce5
  19. 14 Nov, 2016 1 commit
  20. 08 Nov, 2016 1 commit
  21. 04 Nov, 2016 1 commit
  22. 27 Sep, 2016 1 commit
  23. 02 Sep, 2016 1 commit
  24. 22 Aug, 2016 1 commit
  25. 11 May, 2016 1 commit
  26. 22 Apr, 2016 2 commits
  27. 08 Apr, 2016 1 commit
  28. 05 Apr, 2016 2 commits
    • caitpotter88's avatar
      [destructuring] don't attempt to visit contents of FunctionLiterals · f60048c5
      caitpotter88 authored
      The parser eagerly rewrites destructuring assignments occuring
      in formal parameter initializers, because not doing so would
      cause the BindingPattern rewriting to be confused and do the
      wrong thing.
      
      This change prevents this rewriting from descending into the
      bodies of lazily parsed functions.
      
      In general, it's a mistake to descend into the bodies of function
      literals anyways, since they are rewritten separately on their
      own time, so there is no distinction made between lazily
      "throw away" eagerly parsed functions in the temporary parser
      arena, or "real" eagerly parsed functions that will be compiled.
      
      BUG=chromium:594084, v8:811
      LOG=N
      R=adamk@chromium.org, littledan@chromium.org
      
      Review URL: https://codereview.chromium.org/1864553002
      
      Cr-Commit-Position: refs/heads/master@{#35277}
      f60048c5
    • neis's avatar
      Fix treatment of rest pattern in array destructuring. · 4edf16dd
      neis authored
      When seeing a rest pattern, we used to get the remaining elements from the
      iterator by calling %concat_iterable_to_array on it.  This was wrong because it
      caused an observable [[Get]] for @@iterator (which the iterator may not even
      provide).
      
      This CL gets rid of the call to %concat_iterable_to_array and does the iteration
      manually in a simple while-loop.  It also gets rid of %concat_iterable_to_array
      itself because there aren't any other uses of it.
      
      BUG=v8:4759
      LOG=n
      R=adamk@chromium.org
      
      Review URL: https://codereview.chromium.org/1852703002
      
      Cr-Commit-Position: refs/heads/master@{#35251}
      4edf16dd
  29. 21 Mar, 2016 1 commit
  30. 18 Mar, 2016 1 commit
  31. 10 Mar, 2016 1 commit
  32. 16 Dec, 2015 1 commit
  33. 12 Dec, 2015 1 commit
  34. 11 Dec, 2015 1 commit
  35. 10 Dec, 2015 1 commit
    • littledan's avatar
      Unstage non-standard Promise functions · 88c8361b
      littledan authored
      This patch removes Promise functions and methods which are absent
      from the ES2015 specification when the --es-staging flag is on.
      The patch is being relanded after being reverted due to an
      unrelated bug. This version is slightly different as promise_chain
      is installed on the context regardless of the flag value, so that
      the Promise::Chain API continues to work until it is deprecated.
      
      BUG=v8:3237
      R=rossberg
      LOG=Y
      
      Review URL: https://codereview.chromium.org/1513873002
      
      Cr-Commit-Position: refs/heads/master@{#32772}
      88c8361b
  36. 03 Dec, 2015 1 commit
    • mstarzinger's avatar
      [fullcode] Switch passing of new.target to register. · 440a42b7
      mstarzinger authored
      This passes the new.target value in a register instead of through a
      side-channel via the construct stub. Note that this marks the last
      consumer of said side-channel and the special slot in the construct
      stub frame can be removed as a follow-up.
      
      R=bmeurer@chromium.org,yangguo@chromium.org
      TEST=mjsunit/es6/regress/regress-new-target-context
      
      Review URL: https://codereview.chromium.org/1492793002
      
      Cr-Commit-Position: refs/heads/master@{#32548}
      440a42b7