1. 18 Oct, 2021 9 commits
  2. 14 Oct, 2021 2 commits
  3. 13 Oct, 2021 2 commits
    • Mike Stanton's avatar
      [ic] KeyedLoadIC error on strings with negative indexes · 84cfc9ca
      Mike Stanton authored
      We need to check if the index is less than zero and miss to the runtime
      if this is so.
      
      Bug: chromium:1257519
      Change-Id: I7d22f2765232815120b8baf7b8b83d5b00024375
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218975Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77380}
      84cfc9ca
    • Joyee Cheung's avatar
      [class] Add IC support for defining class fields to replace runtime call · 713ebae3
      Joyee Cheung authored
      Introduces several new runtime mechanics for defining private fields,
      including:
        - Bytecode StaKeyedPropertyAsDefine
        - Builtins StoreOwnIC{Trampoline|Baseline|_NoFeedback}
        - Builtins KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic}
        - TurboFan IR opcode JSDefineProperty
      
      These new operations can reduce a runtime call per class field into a
      more traditional Store equivalent. In the microbenchmarks, this
      results in a substantial win over the status quo (~8x benchmark score
      for single fields with the changes, ~20x with multiple fields).
      
      The TurboFan JSDefineProperty op is lowered in
      JSNativeContextSpecialization, however this required some hacks.
      Because private fields are defined as DONT_ENUM when added to the
      object, we can't find a suitable transition using the typical data
      property (NONE) flags. I've added a mechanism to specify the required
      PropertyAttributes for the transition we want to look up.
      
      Details:
      
      New bytecodes:
        - StaKeyedPropertyAsDefine, which is essentially StaKeyedProperty
          but with a different IC builtin (KeyedDefineOwnIC). This is a
          bytecode rather than a flag for the existing StaKeyedProperty in
          order to avoid impacting typical keyed stores in any way due to
          additional branching and testing.
      
      New builtins:
        - StoreOwnIC{TTrampoline|Baseline|_NoFeedback} is now used for
          StaNamedOwnProperty. Unlike the regular StoreIC, this variant will
          no longer look up the property name in the prototype.
          In adddition, this CL changes an assumption that
          StoreNamedOwnProperty can't result in a map transition, as we
          can't rely on the property already being present in the Map due
          to an object literal boilerplate.
      
          In the context of class features, this replaces the runtime
          function %CreateDataProperty().
      
        - KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} is used by the
          new StaKeyedPropertyAsDefine bytecode. This is similar to an
          ordinary KeyedStoreIC, but will not check the prototype for
          setters, and for private fields, will take the slow path if the
          field already exists.
      
          In the context of class features, this replaces the runtime
          function %AddPrivateField().
      
      TurboFan IR:
        - JSDefineProperty is introduced to represent a situation where we
          need to use "Define" semantics, in particular, it codifies that we
          do not consult the prototype chain, and the semantics relating to
          private fields are implied as well.
      
      R=leszeks@chromium.org, syg@chromium.org, rmcilroy@chromium.org
      
      Bug: v8:9888
      Change-Id: Idcc947585c0e612f9e8533aa4e2e0f8f0df8875d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795831Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
      Commit-Queue: Joyee Cheung <joyee@igalia.com>
      Cr-Commit-Position: refs/heads/main@{#77377}
      713ebae3
  4. 12 Oct, 2021 1 commit
  5. 11 Oct, 2021 1 commit
  6. 08 Oct, 2021 1 commit
  7. 06 Oct, 2021 3 commits
  8. 05 Oct, 2021 3 commits
  9. 04 Oct, 2021 3 commits
  10. 01 Oct, 2021 1 commit
  11. 30 Sep, 2021 5 commits
  12. 29 Sep, 2021 2 commits
    • Clemens Backes's avatar
      [asm] Fix importing monkey-patched objects · 4b6ee115
      Clemens Backes authored
      This fixes a long-standing TODO to disallow importing receivers that
      have "toString" or "valueOf" patched. Calling those methods could have
      observable side effects, so allowing that would require bigger
      refactorings to ensure that we only call each such function exactly once
      per import, and in the right order.
      Since this use case is rare, we just forbid importing such receivers.
      
      R=jkummerow@chromium.org
      
      Bug: chromium:1248677
      Change-Id: I99bbd7db950ec3c7ac9cc1f59e8c476688e7d7b6
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190475Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77149}
      4b6ee115
    • Jakob Gruber's avatar
      Reland "[regexp] Reorganize and deduplicate in the regexp parser" · 8965d903
      Jakob Gruber authored
      This is a reland of 7d849870
      
      Original change's description:
      > [regexp] Reorganize and deduplicate in the regexp parser
      >
      > The parser is organized in a somewhat tricky way s.t. it can be
      > hard to map the implementation back to the specified grammar.
      >
      > In particular, the logic for CharacterClassEscape, ClassEscape,
      > and CharacterEscape was implemented twice - once inside a character
      > class, once outside.
      >
      > This CL refactors related logic to have only a single implementation.
      >
      > As a drive-by, fix one related inconsistency related to \k inside
      > a character class.
      >
      > Fixed: v8:10602
      > Change-Id: I5858840159694fa6f8d1aa857027db80754e3dfd
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178966
      > Reviewed-by: Mathias Bynens <mathias@chromium.org>
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#77114}
      
      Fixed: v8:10602,chromium:1253976
      Change-Id: I9e7cc6a34d3be06e1a68895775aa50b0eee78c57
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193531Reviewed-by: 's avatarMathias Bynens <mathias@chromium.org>
      Commit-Queue: Mathias Bynens <mathias@chromium.org>
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77135}
      8965d903
  13. 28 Sep, 2021 3 commits
  14. 27 Sep, 2021 3 commits
  15. 26 Sep, 2021 1 commit