Skip to content

V
V8
Switch branch/tag
  1. 07 Mar, 2019 1 commit
  3. 01 Mar, 2019 1 commit
    • Matt Gardner's avatar
      Reland "Optimize `in` operator" · 803ad324
      Matt Gardner authored 
      The original was reverted for breaking webkit layout tests:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/30270

It also caused the following clusterfuzz failures:

chromium:935832
This was a correctness bug due to not properly handling the case of arrays with prototypes other
than Array.prototype. Accesses that were TheHole were not being handled property, both in bounds
holes in holey arrays and out of bounds on either holey or packed arrays. Handling was incorrect
both in access-assembler and in Turbofan.

chromium:935932
This bug was that there was no handling for Has checks on the global object. Turbofan was emitting
code for a store (the 'else' condition on 'access_mode == AccessMode::kLoad'). It hit a DCHECK in
debug builds but in release could show up in different places. This is the bug that caused the
webkit layout test failure that led to the revert.

Both bugs are fixed by in CL, and tests are added for those cases.

Bug: v8:8733, chromium:935932, chromium:935832
Change-Id: Iba0dfcfce6e15d2c0815a7670ece67bc13ba1925
Reviewed-on: https://chromium-review.googlesource.com/c/1493132Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59958}
      803ad324
  5. 26 Feb, 2019 1 commit
  7. 25 Feb, 2019 1 commit
  9. 21 Feb, 2019 5 commits
  11. 19 Feb, 2019 1 commit
  13. 15 Feb, 2019 3 commits
  15. 14 Feb, 2019 1 commit
  17. 13 Feb, 2019 5 commits
  19. 12 Feb, 2019 3 commits
  21. 09 Feb, 2019 5 commits
    • Mike Stanton's avatar
      Reland "Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC"" · ba1d0f25
      Mike Stanton authored 
      This is a reland of 7179cdb1

The node integration build failure appears to be constant.

Original change's description:
> Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC"
>
> (Fixed test failure in lite-mode)
>
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
>
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
>
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
>
> TBR=ishell@chromium.org
>
> Bug: v8:8712
> Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
> Reviewed-on: https://chromium-review.googlesource.com/c/1460955
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59483}

TBR=ishell@chromium.org

Bug: v8:8712
Change-Id: I31aa4c066ff46cb39187eed392313d2e524f4445
Reviewed-on: https://chromium-review.googlesource.com/c/1461998Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59485}
      ba1d0f25
    • Michael Stanton's avatar
      Revert "Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC"" · e986f440
      Michael Stanton authored 
      This reverts commit 7179cdb1.

Reason for revert: Breaks node integration build.

Original change's description:
> Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC"
> 
> (Fixed test failure in lite-mode)
> 
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
> 
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
> 
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
> 
> TBR=ishell@chromium.org
> 
> Bug: v8:8712
> Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
> Reviewed-on: https://chromium-review.googlesource.com/c/1460955
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59483}

TBR=mvstanton@chromium.org,ishell@chromium.org

Change-Id: Ifd45908ee66760ef9199d9722b7e558c31f77830
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8712
Reviewed-on: https://chromium-review.googlesource.com/c/1461997Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59484}
      e986f440
    • Mike Stanton's avatar
      Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC" · 7179cdb1
      Mike Stanton authored 
      (Fixed test failure in lite-mode)

Introduce a PREMONOMORPHIC state to StoreGlobalIC

It's used rather narrowly for now -- only when we run into an
interceptor during the lookup. After the call to SetProperty, we know
more. That is, the interceptor was only there because it's a new
property, and the call to SetProperty ends up creating it.

By delaying the initialization of the IC, we recognize the (now)
created property, and can provide good feedback downstream to
TurboFan.

TBR=ishell@chromium.org

Bug: v8:8712
Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
Reviewed-on: https://chromium-review.googlesource.com/c/1460955Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59483}
      7179cdb1
    • Michael Stanton's avatar
      Revert "Introduce a PREMONOMORPHIC state to StoreGlobalIC" · b5003d26
      Michael Stanton authored 
      This reverts commit ec06b5c4.

Reason for revert: Breaks "lite" builder.

Original change's description:
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
> 
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
> 
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
> 
> Bug: v8:8712
> Change-Id: I4e10ba220c8363b393c6de84ce35fe5ef0e9c427
> Reviewed-on: https://chromium-review.googlesource.com/c/1456090
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59481}

TBR=mvstanton@chromium.org,ishell@google.com,ishell@chromium.org

Change-Id: I072a55275d64315924090a68247bb430f5c4f03d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8712
Reviewed-on: https://chromium-review.googlesource.com/c/1460954Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59482}
      b5003d26
    • Mike Stanton's avatar
      Introduce a PREMONOMORPHIC state to StoreGlobalIC · ec06b5c4
      Mike Stanton authored 
      It's used rather narrowly for now -- only when we run into an
interceptor during the lookup. After the call to SetProperty, we know
more. That is, the interceptor was only there because it's a new
property, and the call to SetProperty ends up creating it.

By delaying the initialization of the IC, we recognize the (now)
created property, and can provide good feedback downstream to
TurboFan.

Bug: v8:8712
Change-Id: I4e10ba220c8363b393c6de84ce35fe5ef0e9c427
Reviewed-on: https://chromium-review.googlesource.com/c/1456090
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59481}
      ec06b5c4
  23. 08 Feb, 2019 1 commit
  25. 06 Feb, 2019 1 commit
  27. 31 Jan, 2019 2 commits
    • Z Duong Nguyen-Huu's avatar
      Maintain order of keys for object.assign as spec · 1db56cb5
      Z Duong Nguyen-Huu authored 
      According to spec https://tc39.github.io/ecma262/#sec-object.assign,
https://tc39.github.io/ecma262/#sec-ordinaryownpropertykeys, object.assign should copy symbols last. The current implementation ignores that order.
The idea of the fix here is to do iteration twice, one to skip symbol first then one to skip string.

Bug: v8:6705
Change-Id: I27a353e0c44a8f7adcf55d7143dd3ce26bea2724
Reviewed-on: https://chromium-review.googlesource.com/c/1432597
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59258}
      1db56cb5
    • Benedikt Meurer's avatar
      [ic] Don't unroll the loop in AccessorAssembler::HandlePolymorphicCase(). · e004fe75
      Benedikt Meurer authored 
      Previously AccessorAssembler::HandlePolymorphicCase() had 4 versions of
the inner loop unrolled, but we always had to check against the length
after 1 (POLYMORPHIC with name) or 2 (regular POLYMORPHIC) unrolled
iterations anyways, so there's not a lot of benefit to unrolling besides
the potentially better branch prediction in some cases. But that doesn't
seem to be beneficial even in extreme cases (in fact on ARM cores we
might get some benefit from having less code instead), and probably
doesn't justify the additional C++ / generated code.

I used the following extreme micro-benchmark to check the worst case
performance impact:

```js
function test(o, n) {
  var result;
  for (var i = 0; i < n; ++i) {
    result = o.x;
  }
  return result;
}

const N = 1e8;
const objs = [{x: 0}, {x:1,a:1}, {x:2,b:2}, {x:3,c:3}];
for (var j = 0; j < objs.length; ++j) test(objs[j], N);

console.time('Time');
for (var j = 0; j < objs.length; ++j) test(objs[j], N);
console.timeEnd('Time');
```

Running this with --noopt shows a ~1% performance regression with this
patch on a beefy z840 gLinux workstation, which gives me some confidence
that overall this patch is going to be neutral and maybe beneficial in
case of less powerful ARM cores.

Note to performance sheriffs: This could potentially tank some
performance tests. In that case we may need to revisit the unrolling.

Bug: v8:8562
Change-Id: I731599a7778da1992d981d36022c407ef5c735eb
Reviewed-on: https://chromium-review.googlesource.com/c/1448275Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59252}
      e004fe75
  29. 30 Jan, 2019 1 commit
  31. 29 Jan, 2019 1 commit
  33. 28 Jan, 2019 3 commits
  35. 25 Jan, 2019 2 commits
  37. 24 Jan, 2019 1 commit
    • Mythri's avatar
      Reland "Change SetProperty/SetSuperProperty to infer language mode when possible" · e2846ea6
      Mythri authored 
      This is a reland of 0896599f with a fix for
failing layout test.

Original change's description:
> Change SetProperty/SetSuperProperty to infer language mode when possible
>
> In most cases, the language mode can be inferred from the closure and
> the context. Computing the language mode instead of passing it around
> simplifies the ICs and will make it possible to go towards lazily
> allocating feedback vectors. Currently ICs obtain the language mode from
> the feedback vectors and with lazy feedback allocation we may not always
> have feedback vectors. Since computing language mode is a bit expensive
> we want to defer it as far as possible.
>
> In Array builtins and other builtins like Reflect.Set we need to force a
> language mode when setting the properties. To support these cases the
> SetProperty methods allow the language mode to be overridden when needed.
>
> This is a first cl in a series of cls, that will defer the language mode
> computation further and remove language mode where it is not needed.
>
> BUG: v8:8580
> Change-Id: I9c2396e3bcfe77c3c9d6760c46d86954d54744b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1409426
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58893}

TBR: ahaas@chromium.org
Change-Id: Id5d81eae91b55638dbc72168f0e5203e684869fb
Reviewed-on: https://chromium-review.googlesource.com/c/1421077
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59075}
      e2846ea6
  39. 18 Jan, 2019 1 commit