- 24 Aug, 2016 2 commits
-
-
littledan authored
This patch fixes up one last case of redundant ExceptionEvents being triggered in the debugger for Promises--it makes the default reject handler for Promises (e.g., if the second argument for Promise.prototype.then is missing) appear to the debugger as a rethrow. R=adamk@chromium.org,jgruber@chromium.org BUG=v8:5167 Review-Url: https://codereview.chromium.org/2278643002 Cr-Commit-Position: refs/heads/master@{#38876}
-
littledan authored
To make async/await catch prediction work well, this patch regularizes the exception events sent to DevTools from various places in the Promise lifecycle. The core is that there should be an exception event when the rejection first starts, rather than when it is propagated. - Several cases within Promise code which propagate errors are modified to not trigger a new ExceptionEvent in that case, such as .then on a rejected Promise and returning a rejected Promise from .then, as well as Promise.race and Promise.all. - Make Promise.reject() create an ExceptionEvent, subject to catch prediction based on the Promise stack. This is important so that, e.g., if "await Promise.reject()" will trigger a new throw (rather than a silent rethrow of something that never triggered an event in the first place). BUG=v8:5167 Review-Url: https://codereview.chromium.org/2244003003 Cr-Commit-Position: refs/heads/master@{#38847}
-
- 22 Aug, 2016 1 commit
-
-
littledan authored
This flag was shipped on in 52, so it's due for removal. The patch includes removing the deprecated and unused-in-Blink API Promise::Chain, and many test updates. R=adamk@chromium.org BUG=v8:4633 Review-Url: https://codereview.chromium.org/2267033002 Cr-Commit-Position: refs/heads/master@{#38804}
-
- 17 Aug, 2016 1 commit
-
-
bakkot authored
Reland of Amends the TypedArray constructor to use the path for primitives for all (patchset #1 id:1 of https://codereview.chromium.org/2120763002/ ) Reason for revert: WebGL tests have been updated and rolled (at https://codereview.chromium.org/2227023002), so this should no longer fail outdated tests. Original issue's description: > Revert of Amends the TypedArray constructor to use the path for primitives for all (patchset #4 id:60001 of https://codereview.chromium.org/2096873002/ ) > > Reason for revert: > Speculative revert to unblock roll https://codereview.chromium.org/2114113002/ > > Original issue's description: > > Amends the TypedArray constructor to use the path for primitives for all > > types of primitives, not just undefined, booleans, numbers, and strings. > > (The missing cases were null and Symbol.) This is required by the > > specification, and there are test262 tests which we were failing due to > > this bug. > > > > BUG=v8:5124 > > > > Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208 > > Committed: https://crrev.com/f772c22cd1c492aa0235a8e6012d0386146d2eb2 > > Cr-Original-Commit-Position: refs/heads/master@{#37234} > > Cr-Commit-Position: refs/heads/master@{#37407} > > TBR=littledan@chromium.org,bakkot@google.com > NOTREECHECKS=true > BUG=v8:5124 > > Committed: https://crrev.com/9c0aef52fa672db856ebfac7f4bdcd7d7b103663 > Cr-Commit-Position: refs/heads/master@{#37487} TBR=littledan@chromium.org,hablich@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=v8:5124 Review-Url: https://codereview.chromium.org/2255543002 Cr-Commit-Position: refs/heads/master@{#38691}
-
- 10 Aug, 2016 1 commit
-
-
littledan authored
This patch adds additional tests for async functions and generators, in how they interact with destructuring, default arguments and shadow parameter copying. BUG=v8:5167 Review-Url: https://codereview.chromium.org/2229243002 Cr-Commit-Position: refs/heads/master@{#38560}
-
- 02 Aug, 2016 2 commits
-
-
adamk authored
This was being allowed due to the use of BindingFlags instead of VariableMode to determine whether a looked-up binding was lexical. Because function declarations are hoisted, they never need hole checks, and so were being miscategorized as non-lexical. This patch augments Context::Lookup with a VariableMode out param, which allows this check to determine precisely whether the binding is lexical. BUG=v8:4454, v8:5256 Review-Url: https://codereview.chromium.org/2206483004 Cr-Commit-Position: refs/heads/master@{#38260}
-
yangguo authored
R=mstarzinger@chromium.org Review-Url: https://codereview.chromium.org/2197183002 Cr-Commit-Position: refs/heads/master@{#38247}
-
- 01 Aug, 2016 1 commit
-
-
cbruni authored
This CL fixes a long-standing bug with Object.keys where the enumerability check was omitted if the [ownKeys] trap is not present. The only distinction the KeyAccumulator needs is whether it collects keys for for-in (is_for_in_) or not. ForInFilter performs a separate step to filter out non-enumerable keys later-on while in all the other use-cases we have to filter keys. BUG=v8:1543, v8:5250 Review-Url: https://codereview.chromium.org/2176113009 Cr-Commit-Position: refs/heads/master@{#38199}
-
- 28 Jul, 2016 1 commit
-
-
neis authored
R=adamk@chromium.org BUG=v8:5237 Review-Url: https://codereview.chromium.org/2188753002 Cr-Commit-Position: refs/heads/master@{#38116}
-
- 25 Jul, 2016 2 commits
-
-
caitp authored
The tests array-concat-revoked-proxy-*.js are copied out from array-concat.js, in order to verify that they work correctly with a valid ArrayProtector cell. These tests pass with https://crrev.com/122a9b7af02606dae558336082ab139a87eba39d applied, but fail without it. BUG=v8:5134 R=neis@chromium.org, cbruni@chromium.org, littledan@chromium.org Review-Url: https://codereview.chromium.org/2177903002 Cr-Commit-Position: refs/heads/master@{#38026}
-
neis authored
This flag has been enabled by default for over a month now. R=mstarzinger@chromium.org, rmcilroy@chromium.org BUG= Review-Url: https://codereview.chromium.org/2176143002 Cr-Commit-Position: refs/heads/master@{#38020}
-
- 22 Jul, 2016 3 commits
-
-
caitp authored
BUG=v8:5134 R=cbruni@chromium.org, littledan@chromium.org, neis@chromium.org Review-Url: https://codereview.chromium.org/2131383002 Cr-Commit-Position: refs/heads/master@{#37987}
-
yangguo authored
This is in preparation to implementing exception prediction for async functions. Each handler table entry can now predict "caught", "uncaught", or "promise". The latter indicates that the exception will lead to a promise rejection. To mark the relevant try-catch blocks, we add a new native syntax. try { } %catch (e) { } indicates a TryCatchStatement with the "promise" prediction. The previous implementation of using the function to tell the relevant try-catch apart from inner try-catch blocks will not work for async functions since these can have inner try-catch blocks inside the same function. BUG=v8:5167 Review-Url: https://codereview.chromium.org/2161263003 Cr-Commit-Position: refs/heads/master@{#37966}
-
jwolfe authored
See discussion in https://codereview.chromium.org/2156303002/#msg8 With the new --harmony-function-tostring behavior, these tests would fail without this change. This change makes the tests pass regardless of whether or not --harmony-function-tostring is used. All of these changes are simply inserting a space after the "function" keyword to match the current function toString behavior. When --harmony-function-tostring is enabled, the toString behavior matches the spacing used in the function declaration. With the declaration matching the current formatting, the toString behavior becomes unaffected by --harmony-function-tostring. BUG=v8:4958 LOG=n Review-Url: https://codereview.chromium.org/2161413002 Cr-Commit-Position: refs/heads/master@{#37959}
-
- 20 Jul, 2016 1 commit
-
-
neis authored
As required by the spec. This is a variant of what I reverted in f47e7224. It will probably still cause a regression but now it's easier to migrate (parts of) the current implementation to C++, which is expected to make things faster again. BUG=chromium:627729,v8:5113 Review-Url: https://codereview.chromium.org/2164923002 Cr-Commit-Position: refs/heads/master@{#37897}
-
- 18 Jul, 2016 1 commit
-
-
jochen authored
Original issue's description: > Don't compile functions in a context the caller doesn't have access to > > Instead just return undefined > > A side effect of this is that it's no longer possible to compile > functions in a detached context. > > BUG=chromium:541703 > R=verwaest@chromium.org,bmeurer@chromium.org BUG=chromium:541703 R=verwaest@chromium.org CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng Review-Url: https://codereview.chromium.org/2155503004 Cr-Commit-Position: refs/heads/master@{#37842}
-
- 15 Jul, 2016 1 commit
-
-
neis authored
This reverts commit 457c0257 because it caused a regression in SunSpider/string-fasta and possibly AreWeFastYet/Life. Need to implement this in a smarter way. TBR=littledan@chromium.org BUG=chromium:627729,v8:5113 Review-Url: https://codereview.chromium.org/2149303003 Cr-Commit-Position: refs/heads/master@{#37793}
-
- 14 Jul, 2016 4 commits
-
-
bakkot authored
Annex B.3.3 of the spec requires that sloppy-mode block-scoped functions declared by "eval" are hoisted unless doing so would cause an early error (which is to say, conflict with a lexical declaration). This patch amends the check for conflicting declarations to include those outside of the eval itself. BUG=v8:4468, v8:4479 Review-Url: https://codereview.chromium.org/2112163002 Cr-Commit-Position: refs/heads/master@{#37783}
-
jochen authored
Revert of Reland "Don't compile functions in a context the caller doesn't have access to" (patchset #4 id:60001 of https://codereview.chromium.org/2143893005/ ) Reason for revert: blink is unhappy about the microtask change Original issue's description: > Reland "Don't compile functions in a context the caller doesn't have access to" > > Original issue's description: > > Don't compile functions in a context the caller doesn't have access to > > > > Instead just return undefined > > > > A side effect of this is that it's no longer possible to compile > > functions in a detached context. > > > > BUG=chromium:541703 > > R=verwaest@chromium.org,bmeurer@chromium.org > > BUG=chromium:541703 > R=verwaest@chromium.org > > Committed: https://crrev.com/6bceabac5b705b2ce1f52d34650cea1ae3b8c617 > Cr-Commit-Position: refs/heads/master@{#37756} TBR=verwaest@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:541703 Review-Url: https://codereview.chromium.org/2151843002 Cr-Commit-Position: refs/heads/master@{#37760}
-
jochen authored
Original issue's description: > Don't compile functions in a context the caller doesn't have access to > > Instead just return undefined > > A side effect of this is that it's no longer possible to compile > functions in a detached context. > > BUG=chromium:541703 > R=verwaest@chromium.org,bmeurer@chromium.org BUG=chromium:541703 R=verwaest@chromium.org Review-Url: https://codereview.chromium.org/2143893005 Cr-Commit-Position: refs/heads/master@{#37756}
-
adamk authored
Revert of Don't compile functions in a context the caller doesn't have access to (patchset #9 id:160001 of https://codereview.chromium.org/2034083002/ ) Reason for revert: Causes crashes on Canary Original issue's description: > Don't compile functions in a context the caller doesn't have access to > > Instead just return undefined > > A side effect of this is that it's no longer possible to compile > functions in a detached context. > > BUG=chromium:541703 > R=verwaest@chromium.org,bmeurer@chromium.org > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng > > Committed: https://crrev.com/992e34c21635b179a993b82ac1d81753e7a6a57a > Cr-Commit-Position: refs/heads/master@{#37657} TBR=bmeurer@chromium.org,verwaest@chromium.org,jochen@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=chromium:541703, chromium:628053 Review-Url: https://codereview.chromium.org/2148163002 Cr-Commit-Position: refs/heads/master@{#37736}
-
- 13 Jul, 2016 2 commits
-
-
bakkot authored
Reland of Add errors for declarations which conflict with catch parameters. (patchset #1 id:1 of https://codereview.chromium.org/2112223002/ ) Reason for revert: Correcting issue. Original issue's description: > Revert of Add errors for declarations which conflict with catch parameters. (patchset #6 id:100001 of https://codereview.chromium.org/2109733003/ ) > > Reason for revert: > Fuzzer claims `try { \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash. > > Original issue's description: > > Add errors for declarations which conflict with catch parameters. > > > > Catch parameters are largely treated as lexical declarations in the > > block which contains their body for the purposes of early syntax errors, > > with some exceptions outlined in B.3.5. This patch introduces most of > > those errors, except those from `eval('for (var e of ...);')` inside of > > a catch with a simple parameter named 'e'. > > > > Note that annex B.3.5 allows var declarations to conflict with simple > > catch parameters, except when the variable declaration is the init of a > > for-of statement. > > > > BUG=v8:5112,v8:4231 > > > > Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406 > > Cr-Commit-Position: refs/heads/master@{#37462} > > TBR=littledan@chromium.org > # Skipping CQ checks because original CL landed less than 1 days ago. > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=v8:5112,v8:4231 > > Committed: https://crrev.com/8834d5ecb559001c87c42322969471da60574a8c > Cr-Commit-Position: refs/heads/master@{#37464} R=littledan@chromium.org BUG=v8:5112,v8:4231 Review-Url: https://codereview.chromium.org/2119933002 Cr-Commit-Position: refs/heads/master@{#37728}
-
mstarzinger authored
This fully deprecates all uses of the RUNTIME_ASSERT macro and removes the macro and underlying logging function in question. All uses have been replaces with CHECK macros which crash safely even in production. It makes sure we discover abuse of runtime functions in the wild early and also abort the process safely. Breaking assumptions in any runtime function can no longer accidentally be caught by JavaScript. R=yangguo@chromium.org BUG=v8:5066 Review-Url: https://codereview.chromium.org/2132493002 Cr-Commit-Position: refs/heads/master@{#37704}
-
- 12 Jul, 2016 1 commit
-
-
neis authored
As required by the spec. BUG=v8:5113 Review-Url: https://codereview.chromium.org/2141603002 Cr-Commit-Position: refs/heads/master@{#37689}
-
- 11 Jul, 2016 2 commits
-
-
jochen authored
Instead just return undefined A side effect of this is that it's no longer possible to compile functions in a detached context. BUG=chromium:541703 R=verwaest@chromium.org,bmeurer@chromium.org CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng Review-Url: https://codereview.chromium.org/2034083002 Cr-Commit-Position: refs/heads/master@{#37657}
-
caitp authored
BUG=v8:5174, v8:1543 R=cbruni@chromium.org, littledan@chromium.org Review-Url: https://codereview.chromium.org/2129193003 Cr-Commit-Position: refs/heads/master@{#37634}
-
- 07 Jul, 2016 1 commit
-
-
neis authored
When reading the value property of an iterator result fails, we must not close the iterator. This was not discovered earlier because the tests had a subtle bug. This CL fixes both the desugaring and the tests. BUG= Review-Url: https://codereview.chromium.org/2119353002 Cr-Commit-Position: refs/heads/master@{#37571}
-
- 05 Jul, 2016 1 commit
-
-
yangguo authored
R=neis@chromium.org Review-Url: https://codereview.chromium.org/2117303003 Cr-Commit-Position: refs/heads/master@{#37520}
-
- 02 Jul, 2016 1 commit
-
-
hablich authored
Revert of Amends the TypedArray constructor to use the path for primitives for all (patchset #4 id:60001 of https://codereview.chromium.org/2096873002/ ) Reason for revert: Speculative revert to unblock roll https://codereview.chromium.org/2114113002/ Original issue's description: > Amends the TypedArray constructor to use the path for primitives for all > types of primitives, not just undefined, booleans, numbers, and strings. > (The missing cases were null and Symbol.) This is required by the > specification, and there are test262 tests which we were failing due to > this bug. > > BUG=v8:5124 > > Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208 > Committed: https://crrev.com/f772c22cd1c492aa0235a8e6012d0386146d2eb2 > Cr-Original-Commit-Position: refs/heads/master@{#37234} > Cr-Commit-Position: refs/heads/master@{#37407} TBR=littledan@chromium.org,bakkot@google.com NOTREECHECKS=true BUG=v8:5124 Review-Url: https://codereview.chromium.org/2120763002 Cr-Commit-Position: refs/heads/master@{#37487}
-
- 01 Jul, 2016 3 commits
-
-
littledan authored
This patch implements "immutable prototype exotic objects" from the ECMAScript spec, which are objects whose __proto__ cannot be changed, but are not otherwise frozen. They are introduced in order to prevent a Proxy from being introduced to the prototype chain of the global object. The API is extended by a SetImmutablePrototype() call in ObjectTemplate, which can be used to vend new immutable prototype objects. Additionally, Object.prototype is an immutable prototype object. In the implementation, a new bit is added to Maps to say whether the prototype is immutable, which is read by SetPrototype. Map transitions to the immutable prototype state are not saved in the transition tree because the main use case is just for the prototype chain of the global object, which there will be only one of per Context, so no need to take up the extra word for a pointer in each full transition tree. BUG=v8:5149 Review-Url: https://codereview.chromium.org/2108203002 Cr-Commit-Position: refs/heads/master@{#37482}
-
bakkot authored
Revert of Add errors for declarations which conflict with catch parameters. (patchset #6 id:100001 of https://codereview.chromium.org/2109733003/ ) Reason for revert: Fuzzer claims `try { \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash. Original issue's description: > Add errors for declarations which conflict with catch parameters. > > Catch parameters are largely treated as lexical declarations in the > block which contains their body for the purposes of early syntax errors, > with some exceptions outlined in B.3.5. This patch introduces most of > those errors, except those from `eval('for (var e of ...);')` inside of > a catch with a simple parameter named 'e'. > > Note that annex B.3.5 allows var declarations to conflict with simple > catch parameters, except when the variable declaration is the init of a > for-of statement. > > BUG=v8:5112,v8:4231 > > Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406 > Cr-Commit-Position: refs/heads/master@{#37462} TBR=littledan@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5112,v8:4231 Review-Url: https://codereview.chromium.org/2112223002 Cr-Commit-Position: refs/heads/master@{#37464}
-
bakkot authored
Catch parameters are largely treated as lexical declarations in the block which contains their body for the purposes of early syntax errors, with some exceptions outlined in B.3.5. This patch introduces most of those errors, except those from `eval('for (var e of ...);')` inside of a catch with a simple parameter named 'e'. Note that annex B.3.5 allows var declarations to conflict with simple catch parameters, except when the variable declaration is the init of a for-of statement. BUG=v8:5112,v8:4231 Review-Url: https://codereview.chromium.org/2109733003 Cr-Commit-Position: refs/heads/master@{#37462}
-
- 29 Jun, 2016 2 commits
-
-
bakkot authored
types of primitives, not just undefined, booleans, numbers, and strings. (The missing cases were null and Symbol.) This is required by the specification, and there are test262 tests which we were failing due to this bug. BUG=v8:5124 Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208 Review-Url: https://codereview.chromium.org/2096873002 Cr-Original-Commit-Position: refs/heads/master@{#37234} Cr-Commit-Position: refs/heads/master@{#37407}
-
bakkot authored
In ES2016, function declarations nested in blocks are formally allowed. This was never a part of ECMAScript, but was a common extension. Unfortunately implementations differed in the exact semantics. Annex B.3.3 in the spec tries to standardize the parts which are common to different implementations, but does so with some fairly complicated semantics. This CL addresses three issues related to annex B.3.3: * When the outer function had a complex parameter list, no hoisting whatsoever was being performed. * Hoisting was not blocked by parameters of the same name. * Hoisting was not blocked by nested lexical declarations of the same name. We had tests which checked for the second, but they were incorrectly passing due to the first. This CL adds more complete tests. BUG=v8:5151, v8:5111 Review-Url: https://codereview.chromium.org/2099623003 Cr-Commit-Position: refs/heads/master@{#37405}
-
- 27 Jun, 2016 1 commit
-
-
franzih authored
Proxy objects need special treatment in toString(). Usually, we use the @@toStringTag, if it is set, otherwise we determine the result of toString() by checking IsArray() and other internal slots. According to ES2017 19.1.3.6, IsArray() and the internal slots must be checked first, then get(@@toStringTag). The result of IsArray() and internal slots is discarded if @@toStringTag is set. For proxy objects, we must obey this order, because get() can have side-effects, i.e., revoke the proxy. For all other objects, we can skip the check of the internal slots, if @@toStringTag is set. BUG= CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel Review-Url: https://codereview.chromium.org/2090773006 Cr-Commit-Position: refs/heads/master@{#37289}
-
- 24 Jun, 2016 3 commits
-
-
machenbach authored
Revert of Amends the TypedArray constructor to use the path for primitives for all (patchset #3 id:40001 of https://codereview.chromium.org/2096873002/ ) Reason for revert: [Sheriff] Breaks layout tests. Please rebase upstream if intended: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7691 Original issue's description: > Amends the TypedArray constructor to use the path for primitives for all > types of primitives, not just undefined, booleans, numbers, and strings. > (The missing cases were null and Symbol.) This is required by the > specification, and there are test262 tests which we were failing due to > this bug. > > BUG=v8:5124 > > Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208 > Cr-Commit-Position: refs/heads/master@{#37234} TBR=littledan@chromium.org,bakkot@google.com # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5124 Review-Url: https://codereview.chromium.org/2091693004 Cr-Commit-Position: refs/heads/master@{#37236}
-
adamk authored
Flags removed (all begin with "harmony-"): function-name instanceof iterator-close unicode-regexps regexp-exec regexp-subclass species BUG=v8:3566, v8:3648, v8:3699, v8:4093, v8:4447, v8:4602 Review-Url: https://codereview.chromium.org/2096933002 Cr-Commit-Position: refs/heads/master@{#37235}
-
bakkot authored
types of primitives, not just undefined, booleans, numbers, and strings. (The missing cases were null and Symbol.) This is required by the specification, and there are test262 tests which we were failing due to this bug. BUG=v8:5124 Review-Url: https://codereview.chromium.org/2096873002 Cr-Commit-Position: refs/heads/master@{#37234}
-
- 23 Jun, 2016 2 commits
-
-
bakkot authored
TypedArrays store their true length in an internal slot. This is normally reflected in the .length property, but that property is configurable. Algorithms which need the length of a typed array are to use the internal slot, not the property; TypedArray.prototype.set was not doing this. BUG=v8:5133 Review-Url: https://codereview.chromium.org/2091153002 Cr-Commit-Position: refs/heads/master@{#37232}
-
franzih authored
ES2017 draft 19.1.3.6: If @@toStringTag is not a string, Object.prototype.toString() returns [object Object], except in the following cases: - Array - String - Arguments - Function - Error - Boolean - Number - Date - RegExp. For anything else, e.g., Maps, Sets, TypedArrays, or the global object, toString() returns [object Object] if @@toStringTag is absent or not a string. In order to be able to easily identify the global object in d8, we set @@toStringTag to "global" for d8. CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel BUG= Review-Url: https://codereview.chromium.org/2071343002 Cr-Commit-Position: refs/heads/master@{#37218}
-