Skip to content

V
V8
Switch branch/tag
  1. 25 Nov, 2015 2 commits
    • bmeurer's avatar
      [es6] Correct parsing of regular expression literal flags. · 2732a6ad
      bmeurer authored 
      ES6 section 12.2.8.1 states that flags for regular expression literals
must be checked during parsing and invalid flags are early errors. This
change adapts the Scanner and (Pre)Parser to act according to the spec.

This is also a prerequisite to unify the handling of literal creation
(for Objects, Arrays, Regexps, and at some point Classes).

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1472323002

Cr-Commit-Position: refs/heads/master@{#32273}
      2732a6ad
    • bmeurer's avatar
      [runtime] First step to sanitize regexp literal creation. · 09b44428
      bmeurer authored 
      This is the initial step towards refactoring the regexp literation
creation code to make it less obscure and more similar to the mechanism
we use to create array and object literals.  There's now a new runtime
entry %CreateRegExpLiteral with the same interface as the entries for
array and object literals, except that we still pass the flags as
string.

Instead of embedding the hand written native to clone JSRegExp instances
we now have a FastCloneRegExpStub, which behaves similar to the other
FastCloneShallowArrayStub and FastCloneShallowObjectStub that we already
had.

R=mlippautz@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/1475823003

Cr-Commit-Position: refs/heads/master@{#32255}
      09b44428
  3. 24 Nov, 2015 2 commits
  5. 23 Nov, 2015 1 commit
    • mbrandy's avatar
      PPC: [builtins] Sanitize the machinery around Construct calls. · fe14ba45
      mbrandy authored 
      Port 374b6ea2

Original commit message:
    There's no point in collecting feedback for super constructor calls,
    because in all (interesting) cases we can gather (better) feedback from
    other sources (i.e. via inlining or via using a LOAD_IC to get to the
    [[Prototype]] of the target).  So CallConstructStub is now only used
    for new Foo(...args) sites where we want to collect feedback in the
    baseline compiler.  The optimizing compilers, Reflect.construct and
    super constructor calls use the Construct builtin directly, which allows
    us to remove some weird code from the CallConstructStub (and opens the
    possibility for more code sharing with the CallICStub, maybe even going
    for a ConstructICStub).

    Also remove the 100% redundant HCallNew instruction, which is just a
    wrapper for the Construct builtin anyway (indirectly via the
    CallConstructStub).

    Drive-by-fix: Drop unused has_function_cache bit on Code objects.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4413, v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1471623005

Cr-Commit-Position: refs/heads/master@{#32186}
      fe14ba45
  7. 17 Nov, 2015 3 commits
  9. 16 Nov, 2015 1 commit
  11. 13 Nov, 2015 1 commit
  13. 09 Nov, 2015 3 commits
  15. 05 Nov, 2015 2 commits
  17. 02 Nov, 2015 1 commit
  19. 30 Oct, 2015 2 commits
    • mstarzinger's avatar
      Simplify dispatch in FullCodeGenerator::VisitCall a bit. · 0b293d87
      mstarzinger authored 
      This makes FullCodeGenerator::VisitCall be independent of the target
architecture. Only the EmitPossiblyEvalCall case was dependent and is
hoisted into an emitter method.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1428953002

Cr-Commit-Position: refs/heads/master@{#31693}
      0b293d87
    • bmeurer's avatar
      [turbofan] Fix missing bailout point before calls. · 6040d5c0
      bmeurer authored 
      In order to properly (lazy) bailout when converting the receiver for
sloppy mode functions (using the newly added JSConvertReceiver
operator), we need to have a bailout location right before every call
(also right before every %_Call and %_CallFunction), otherwise if the
JSConvertReceiver just reuses the lazy bailout frame state from the
JSCallFunction node, it will skip the whole function in case of lazy
bailout.

Note it should be impossible to trigger this currently because we do not
yet support AllocationSite code dependencies in TurboFan, which can
trigger this kind of lazy bailout; therefore it's not possible to write
a regression test (yet).

R=yangguo@chromium.org
BUG=v8:4493
LOG=n

Review URL: https://codereview.chromium.org/1425883004

Cr-Commit-Position: refs/heads/master@{#31668}
      6040d5c0
  21. 29 Oct, 2015 1 commit
  23. 27 Oct, 2015 2 commits
  25. 26 Oct, 2015 1 commit
  27. 22 Oct, 2015 1 commit
  29. 20 Oct, 2015 1 commit
    • mstarzinger's avatar
      [turbofan] Fix bailout for script context creation. · 62e04d33
      mstarzinger authored 
      This fixes the bailout point used by JSCreateScriptContext nodes for
top-level code. The bailout point differs from the Crankshaft one as
parameter slots have not been copied and the context chain was not
extended yet in TurboFan. Hence a new bailout id is required.

R=ishell@chromium.org
TEST=cctest/test-decls/CrossScript --turbo-inlining

Review URL: https://codereview.chromium.org/1413933005

Cr-Commit-Position: refs/heads/master@{#31399}
      62e04d33
  31. 19 Oct, 2015 1 commit
  33. 14 Oct, 2015 2 commits
  35. 12 Oct, 2015 2 commits
  37. 01 Oct, 2015 3 commits
    • alph's avatar
      Eliminate no_frame_range data · 8d55da38
      alph authored 
      It was supposed to be used by the CPU profiler. But as long as
these ranges are not built when profiler is not running, once
the profiler is started there're no ranges for already compiled
functions. So basically this code never worked.

As long as now CPU profiler uses another approach this code is no
longer needed.

Review URL: https://codereview.chromium.org/1376333003

Cr-Commit-Position: refs/heads/master@{#31056}
      8d55da38
    • bmeurer's avatar
      [es6] Fix missing bits for full @@toPrimitive support. · 2a0759d3
      bmeurer authored 
      Introduce %_ToNumber intrinsic, which just calls to the existing
ToNumberStub, and remove all uses of our custom JavaScript plus
intrinsics based ToNumber and friends.

Also replace the TO_NUMBER_INLINE macro with TO_NUMBER,
which is currently a wrapper for %_ToNumber. Newly written JS
code should use TO_NUMBER (similar to TO_STRING, TO_INT32,
and friends).

Also finally remove the DefaultString/DefaultNumber builtins, which
are basically the ES5 version of ToPrimitive. Now all code uses the
ES6 version, which is implemented in Object::ToPrimitive and
JSReceiver::ToPrimitive in C++.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1384443002

Cr-Commit-Position: refs/heads/master@{#31054}
      2a0759d3
    • ishell's avatar
      Distinction between FeedbackVectorICSlot and FeedbackVectorSlot eliminated. · 90998947
      ishell authored 
      This CL also allows to use arbitrary number of feedback vector elements for particular slot kind.

Review URL: https://codereview.chromium.org/1370303004

Cr-Commit-Position: refs/heads/master@{#31050}
      90998947
  39. 30 Sep, 2015 4 commits
  41. 29 Sep, 2015 1 commit
    • bmeurer's avatar
      [es6] Introduce %ToInteger and %ToLength. · 93b2b262
      bmeurer authored 
      This adds ES6 compliant Object::ToInteger, Object::ToInt32,
Object::ToUint32 and Object::ToLength, and replaces the old
Execution wrappers of those abstract operations (which were
not using the correct ToPrimitive).

This also introduces proper %ToInteger and %ToLength runtime
entries, with a fast path %_ToInteger supported in fullcodegen
and Crankshaft (for now). Internal JavaScript code should use
TO_INTEGER and TO_LENGTH respectively.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1378533002

Cr-Commit-Position: refs/heads/master@{#30993}
      93b2b262
  43. 22 Sep, 2015 1 commit
    • mbrandy's avatar
      PPC: [builtins] Add support for NewTarget to Execution::New. · 0ad9b9e5
      mbrandy authored 
      Port 1dfac69f

Original commit message:
    Introduce new builtins Construct and ConstructFunction (in line
    with the Call and CallFunction builtins that we already have) as
    proper bottleneck for Construct and [[Construct]] on JSFunctions.
    Use these builtins to support passing NewTarget from C++ to
    JavaScript land.

    Long-term we want the CallConstructStub to be used for
    gathering feedback on entry to construction chain (i.e. the
    initial new Foo), and use the Construct builtins to do the
    actual work inside the construction chain (i.e. calling into
    super and stuff).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1358203002

Cr-Commit-Position: refs/heads/master@{#30872}
      0ad9b9e5
  45. 17 Sep, 2015 1 commit
  47. 14 Sep, 2015 1 commit
    • bmeurer's avatar
      [builtins] Remove STRING_ADD_LEFT and STRING_ADD_RIGHT builtins. · d90a4047
      bmeurer authored 
      These builtins present an optimization for the general addition case,
where one side is already known to be a string. Unfortunately this
optimization is wrong in the presence of @@toPrimitive (there are some
ideas how to implement a similar optimization using the prototype
backpointer mechanism that jkummerow@ introduced earlier). So this
also removes the broken %_IsStringWrapperSafeForDefaultValueOf, which is
the key part of the optimization mentioned above.

R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1336273002

Cr-Commit-Position: refs/heads/master@{#30707}
      d90a4047