- 02 Dec, 2016 1 commit
-
-
ishell authored
[ic] Use validity cells to protect keyed element stores against object's prototype chain modifications. ... instead of clearing of all the KeyedStoreICs which didn't always work. BUG=chromium:662907, chromium:669411, v8:5561 TBR=verwaest@chromium.org, bmeurer@chromium.org Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf Review-Url: https://codereview.chromium.org/2534613002 Cr-Original-Commit-Position: refs/heads/master@{#41332} Cr-Commit-Position: refs/heads/master@{#41449}
-
- 29 Nov, 2016 1 commit
-
-
machenbach authored
Revert of [ic] Use validity cells to protect keyed element stores against object's prototype chain modificati… (patchset #2 id:40001 of https://codereview.chromium.org/2534613002/ ) Reason for revert: Layout test crashes: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11691 Original issue's description: > [ic] Use validity cells to protect keyed element stores against object's prototype chain modifications. > > ... instead of clearing of all the KeyedStoreICs which didn't always work. > > BUG=chromium:662907, v8:5561 > TBR=verwaest@chromium.org, bmeurer@chromium.org > > Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf > Cr-Commit-Position: refs/heads/master@{#41332} TBR=jkummerow@chromium.org,ishell@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:662907, v8:5561 Review-Url: https://codereview.chromium.org/2538693002 Cr-Commit-Position: refs/heads/master@{#41337}
-
- 28 Nov, 2016 1 commit
-
-
ishell authored
[ic] Use validity cells to protect keyed element stores against object's prototype chain modifications. ... instead of clearing of all the KeyedStoreICs which didn't always work. BUG=chromium:662907, v8:5561 TBR=verwaest@chromium.org, bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2534613002 Cr-Commit-Position: refs/heads/master@{#41332}
-
- 04 Nov, 2016 1 commit
-
-
neis authored
It always has the same number of slots. R=adamk@chromium.org TBR=bmeurer@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2460353002 Cr-Commit-Position: refs/heads/master@{#40754}
-
- 18 Oct, 2016 1 commit
-
-
caitp authored
Implements the variations of CreateArrayIterator() in TFJ builtins (ArrayPrototypeValues, ArrayPrototypeEntries and ArrayPrototypeKeys), and provides two new Object types with numerous maps which identify certain behaviours, which will be useful for inlining. Removes src/js/array-iterator.js entirely Also adds support for printing Symbol literals inserted by the Parser during desugaring when FLAG_print_builtin_ast is set to true. BUG=v8:5388 R=bmeurer@chromium.org, cbruni@chromium.org TBR=ulan@chromium.org Review-Url: https://codereview.chromium.org/2405253006 Cr-Commit-Position: refs/heads/master@{#40373}
-
- 13 Oct, 2016 2 commits
-
-
ishell authored
This CL also adds separate runtime call stats buckets for data handlers. BUG= Review-Url: https://codereview.chromium.org/2419513002 Cr-Commit-Position: refs/heads/master@{#40281}
-
neis authored
As part of this, introduce a new JSObject for iterating over the elements of a FixedArray. R=adamk@chromium.org,bmeurer@chromium.org TBR=ulan@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2407423002 Cr-Commit-Position: refs/heads/master@{#40265}
-
- 12 Oct, 2016 2 commits
-
-
gsathya authored
This is a much more descriptive name. BUG=v8:5343 TBR=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2412263002 Cr-Commit-Position: refs/heads/master@{#40240}
-
gsathya authored
This patch results in a 11% improvement over 5 runs in the bluebird benchmark. BUG=v8:5343,v8:5046 TBR=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2406343002 Cr-Commit-Position: refs/heads/master@{#40239}
-
- 07 Oct, 2016 1 commit
-
-
neis authored
This implements namespace imports (import * as foo from "bar"), except for the @@iterator property on namespace objects (to be done later). R=adamk@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2388153003 Cr-Commit-Position: refs/heads/master@{#40096}
-
- 21 Sep, 2016 2 commits
-
-
caitp authored
BUG=v8:5388 R=bmeurer@chromium.org, adamk@chromium.org TBR=hpayer@chromium.org Review-Url: https://codereview.chromium.org/2348493003 Cr-Commit-Position: refs/heads/master@{#39598}
-
gsathya authored
- Add a new container object to store the data required for PromiseResolveThenableJob. - Create a new runtime function to enqueue the microtask event with the required data. This patches causes a 4% regression in the bluebird benchmark. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2314903004 Cr-Commit-Position: refs/heads/master@{#39571}
-
- 16 Sep, 2016 1 commit
-
-
neis authored
Rename JSModule to Module and make it a Struct rather than a JSObject. We will later add a separate JSModuleNamespace object to implement the 'import * as foo' syntax. BUG=v8:1569 Review-Url: https://codereview.chromium.org/2345823002 Cr-Commit-Position: refs/heads/master@{#39477}
-
- 02 Sep, 2016 1 commit
-
-
mvstanton authored
Our Type class has a semantic and representational dimension. Much code in src/ast, Crankshaft and Turbofan is based on it. Going forward in Turbofan we'd like to remove representational information entirely. To that end, new type AstType has been created to preserve existing behavior for the benefit of Crankshaft and the AST. BUG= Review-Url: https://codereview.chromium.org/2302283002 Cr-Commit-Position: refs/heads/master@{#39135}
-
- 01 Sep, 2016 1 commit
-
-
jochen authored
The plan is to also use it for With and Catch scopes, so all kinds of contexts have a pointer back to their ScopeInfo R=neis@chromium.org,marja@chromium.org BUG=v8:5215 Review-Url: https://codereview.chromium.org/2301913002 Cr-Commit-Position: refs/heads/master@{#39092}
-
- 18 Aug, 2016 1 commit
-
-
jgruber authored
Revert of Use a custom Struct for stack trace storage (patchset #4 id:60001 of https://codereview.chromium.org/2230953002/ ) Reason for revert: Performance regressions in Gameboy, Life, CodeLoad and others. See crbug.com/638210. Original issue's description: > Refactor data structures for simple stack traces > > Simple stack traces are captured through Isolate::CaptureSimpleStackTrace. > Captured frames are stored in a FixedArray, which in turn is stored as a > property (using a private symbol) on the error object itself. Actual formatting > of the textual stack trace is done lazily when the user reads the stack > property of the error object. > > This would involve many conversions back and forth between index-encoded raw > data (receiver, function, offset and code), JS CallSite objects, and C++ > CallSite objects. > > This commit refactors the C++ CallSite class into a Struct class called > StackTraceFrame, which is the new single point of truth frame information. > Isolate::CaptureSimpleStackTrace stores an array of StackTraceFrames, and JS > CallSite objects (now created only when the user specifies custom stack trace > formatting through Error.prepareStackTrace) internally only store a reference > to a StackTraceFrame. > > BUG= > > Committed: https://crrev.com/b4c1aefb9c369f1a33a6ca94a5de9b06ea4bf5c4 > Cr-Commit-Position: refs/heads/master@{#38645} TBR=yangguo@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG= Review-Url: https://codereview.chromium.org/2252783007 Cr-Commit-Position: refs/heads/master@{#38700}
-
- 16 Aug, 2016 1 commit
-
-
jgruber authored
Simple stack traces are captured through Isolate::CaptureSimpleStackTrace. Captured frames are stored in a FixedArray, which in turn is stored as a property (using a private symbol) on the error object itself. Actual formatting of the textual stack trace is done lazily when the user reads the stack property of the error object. This would involve many conversions back and forth between index-encoded raw data (receiver, function, offset and code), JS CallSite objects, and C++ CallSite objects. This commit refactors the C++ CallSite class into a Struct class called StackTraceFrame, which is the new single point of truth frame information. Isolate::CaptureSimpleStackTrace stores an array of StackTraceFrames, and JS CallSite objects (now created only when the user specifies custom stack trace formatting through Error.prepareStackTrace) internally only store a reference to a StackTraceFrame. BUG= Review-Url: https://codereview.chromium.org/2230953002 Cr-Commit-Position: refs/heads/master@{#38645}
-
- 10 Aug, 2016 1 commit
-
-
bmeurer authored
Separate ConvertTaggedHoleToUndefined and CheckTaggedHole into two separate operators, where the former is pure and just turns into trivial control flow in the EffectControlLinearizer. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2236443004 Cr-Commit-Position: refs/heads/master@{#38559}
-
- 23 Jun, 2016 1 commit
-
-
franzih authored
Now we can turn it into a turbofan stub. Create new instance types JS_ARGUMENTS_TYPE and JS_ERROR_TYPE. Review-Url: https://codereview.chromium.org/2080243003 Cr-Commit-Position: refs/heads/master@{#37219}
-
- 10 May, 2016 1 commit
-
-
neis authored
In the bytecode graphbuilder, translate the two generator-specific bytecodes as a couple of runtime calls for now. BUG=v8:4907 LOG=n Review-Url: https://codereview.chromium.org/1957393004 Cr-Commit-Position: refs/heads/master@{#36134}
-
- 12 Apr, 2016 1 commit
-
-
hlopko authored
When the embedder sets the heap tracer, V8, during marking, will collect all reachable wrappers, and then ask embedder to trace its heap. The embedder is expected to call PersistentBase::RegisterExternalReference with all wrappers reachable from the given ones. This fixed point iteration happens in MarkCompact::ProcessEphemeralMarking. For more efficient object visiting during marking, we need a special JS_API_OBJECT_TYPE (in tandem with already existing JS_SPECIAL_API_OBJECT_TYPE) and corresponding visitor (JSApiObjectVisitor). BUG=chromium:468240 LOG=no Review URL: https://codereview.chromium.org/1844413002 Cr-Commit-Position: refs/heads/master@{#35412}
-
- 06 Apr, 2016 1 commit
-
-
verwaest authored
The previous code cache system required stubs to be marked with a StubType, causing them to be inserted either into a fixed array or into a dictionary-mode code cache. This could cause names to be in both cases, and lookup would just find the "fast" one first. Given that we clear out the caches on each GC, the memory overhead shouldn't be too bad. Additionally, the dictionary itself should just stay linear for small arrays; that's faster anyway. This CL additionally deletes some dead IC code. BUG= Review URL: https://codereview.chromium.org/1846963002 Cr-Commit-Position: refs/heads/master@{#35291}
-
- 16 Mar, 2016 1 commit
-
-
mstarzinger authored
This introduces {optimized_out} as another Oddball kind to be used by optimizing compilers when values are being optimized away. The aim is providing visibility when this value leaks into the application domain. Currently this will lead to {undefined} values appearing which then silently propagate through the application. The special oddball can be identified easily as a bug and also the debugger can treat it specially when needed. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1810483002 Cr-Commit-Position: refs/heads/master@{#34817}
-
- 04 Mar, 2016 1 commit
-
-
verwaest authored
BUG= Review URL: https://codereview.chromium.org/1765713003 Cr-Commit-Position: refs/heads/master@{#34492}
-
- 03 Mar, 2016 1 commit
-
-
machenbach authored
This reverts commit 2608ecc7. Revert "Specialize helper methods in the LookupIterator by is_element." This reverts commit 6eb483f8. Revert "Avoid SetPropertyInternal if the LookupIterator is NotFound" This reverts commit ca5bd8d4. Revert "Inline fast-bailout-checks for LookupIterator::UpdateProtector" This reverts commit d98570a1. This breaks layout tests with timeouts: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/5060 It also seems to break jsfunfuzz: https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/7930 The other three CLs are reverted to be able to revert the first. BUG=v8:4798 LOG=n TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/1761593003 Cr-Commit-Position: refs/heads/master@{#34457}
-
- 02 Mar, 2016 1 commit
-
-
verwaest authored
This introduces a new instance type and reorders the JSObject types so any type requiring special LookupIterator support can be identified with a single range check. In addition, it restructures the Next for better performance, avoiding unnecessary calls. BUG= Review URL: https://codereview.chromium.org/1751043002 Cr-Commit-Position: refs/heads/master@{#34429}
-
- 27 Feb, 2016 1 commit
-
-
bmeurer authored
Since both null and undefined are also marked as undetectable now, we can just test that bit instead of having the CompareNilIC try to collect feedback to speed up the general case (without the undetectable bit being used). Drive-by-fix: Update the type system to match the new handling of undetectable in the runtime. R=danno@chromium.org Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba Cr-Commit-Position: refs/heads/master@{#34237} Review URL: https://codereview.chromium.org/1722193002 Cr-Commit-Position: refs/heads/master@{#34344}
-
- 26 Feb, 2016 1 commit
-
-
adamk authored
Revert of [compiler] Drop the CompareNilIC. (patchset #4 id:60001 of https://codereview.chromium.org/1722193002/ ) Reason for revert: Speculative revert in attempt to fix #2 crasher on canary. Original issue's description: > [compiler] Drop the CompareNilIC. > > Since both null and undefined are also marked as undetectable now, we > can just test that bit instead of having the CompareNilIC try to collect > feedback to speed up the general case (without the undetectable bit > being used). > > Drive-by-fix: Update the type system to match the new handling of > undetectable in the runtime. > > R=danno@chromium.org > > Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba > Cr-Commit-Position: refs/heads/master@{#34237} TBR=danno@chromium.org,verwaest@chromium.org,bmeurer@chromium.org LOG=y BUG=chromium:589897 NOTRY=true Review URL: https://codereview.chromium.org/1743433002 Cr-Commit-Position: refs/heads/master@{#34308}
-
- 24 Feb, 2016 1 commit
-
-
bmeurer authored
Since both null and undefined are also marked as undetectable now, we can just test that bit instead of having the CompareNilIC try to collect feedback to speed up the general case (without the undetectable bit being used). Drive-by-fix: Update the type system to match the new handling of undetectable in the runtime. R=danno@chromium.org Review URL: https://codereview.chromium.org/1722193002 Cr-Commit-Position: refs/heads/master@{#34237}
-
- 16 Feb, 2016 1 commit
-
-
jarin authored
Review URL: https://codereview.chromium.org/1700923002 Cr-Commit-Position: refs/heads/master@{#34026}
-
- 08 Feb, 2016 1 commit
-
-
bmeurer authored
It's fine to use JS_OBJECT_TYPE for JSIteratorResult and only have a preallocated initial map for them to avoid unnecessary polymorphism from generators / builtin iterators. The instance type doesn't provide any advantage, since we always have to treat JSIteratorResult objects as regular JSObjects later. R=yangguo@chromium.org TBR=hpayer@chromium.org Review URL: https://codereview.chromium.org/1680513002 Cr-Commit-Position: refs/heads/master@{#33800}
-
- 02 Feb, 2016 1 commit
-
-
jarin authored
This CL removes the Config templatization from the types. It is not necessary anymore, after the HeapTypes have been removed. The CL also changes the type hierarchy - the specific type kinds are not inner classes of the Type class and they do not inherit from Type. This is partly because it seems impossible to make this work without templates. Instead, a new TypeBase class is introduced and all the structural (i.e., non-bitset) types inherit from it. The bitset type still requires the bit-munging hack and some nasty reinterpret-casts to pretend bitsets are of type Type*. Additionally, there is now the same hack for TypeBase - all pointers to the sub-types of TypeBase are reinterpret-casted to Type*. This is to keep the type constructors in inline method definitions (although it is unclear how much that actually buys us). In future, we would like to move to a model where we encapsulate Type* into a class (or possibly use Type where we used to use Type*). This would loosen the coupling between bitset size and pointer size, and eventually we would be able to have more bits. TBR=bradnelson@chromium.org Review URL: https://codereview.chromium.org/1655833002 Cr-Commit-Position: refs/heads/master@{#33656}
-
- 27 Jan, 2016 1 commit
-
-
jarin authored
Field types can contain at most one map, so we can just use IsClass(). Review URL: https://codereview.chromium.org/1633213003 Cr-Commit-Position: refs/heads/master@{#33533}
-
- 26 Jan, 2016 1 commit
-
-
jarin authored
This replace HeapType with a dedicated class that implements just what we need for field type tracking. In the next CL, I plan to remove FieldType::Iterator because FieldType can iterate over at most one map. The ultimate plan is to get rid of templates in types.(h|cc) and remove type-inl.h. TBR=rossberg@chromium.org Review URL: https://codereview.chromium.org/1636013002 Cr-Commit-Position: refs/heads/master@{#33521}
-
- 25 Jan, 2016 1 commit
-
-
bmeurer authored
Cleanup %ForInPrepare runtime entry, and unify common logic with %ForInEnumerate (renamed from %GetPropertyNamesFast). Also introduce a TupleType to properly type JSForInPrepare and its projections w/o special hacks in the Typer. And fix %ForInNext and JSForInNext to be consistent with fullcodegen again (after the proxy refactorings last quarter). R=jarin@chromium.org BUG=v8:3650 LOG=n Review URL: https://codereview.chromium.org/1631583002 Cr-Commit-Position: refs/heads/master@{#33487}
-
- 18 Jan, 2016 1 commit
-
-
verwaest authored
Review URL: https://codereview.chromium.org/1600353003 Cr-Commit-Position: refs/heads/master@{#33364}
-
- 27 Dec, 2015 2 commits
-
-
bmeurer authored
According to the ES2015 specification, bound functions are exotic objects, and thus don't need to be implemented as JSFunctions. So we introduce a new JSBoundFunction type to represent bound functions and make them optimizable. This already improves the performance of calling or constructing bound functions by 10-100x depending on the use case because we avoid the crazy dance between JavaScript and C++ that was implemented in v8natives.js previously. There's still room for improvement in the performance of actually creating bound functions, which is also relevant in practice, but we already have a plan how to accomplish that later. The mips/mips64 ports were contributed by akos.palfi@imgtec.com. CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel BUG=chromium:535408, chromium:571299, v8:4629 LOG=n Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2 Cr-Commit-Position: refs/heads/master@{#33042} Review URL: https://codereview.chromium.org/1542963002 Cr-Commit-Position: refs/heads/master@{#33044}
-
bmeurer authored
Revert of [runtime] Introduce dedicated JSBoundFunction to represent bound functions. (patchset #14 id:260001 of https://codereview.chromium.org/1542963002/ ) Reason for revert: Breaks arm64 sim nosnap: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/805/steps/Check/logs/function-bind Original issue's description: > [runtime] Introduce dedicated JSBoundFunction to represent bound functions. > > According to the ES2015 specification, bound functions are exotic > objects, and thus don't need to be implemented as JSFunctions. So > we introduce a new JSBoundFunction type to represent bound functions > and make them optimizable. This already improves the performance of > calling or constructing bound functions by 10-100x depending on the > use case because we avoid the crazy dance between JavaScript and C++ > that was implemented in v8natives.js previously. > > There's still room for improvement in the performance of actually > creating bound functions, which is also relevant in practice, but > we already have a plan how to accomplish that later. > > The mips/mips64 ports were contributed by akos.palfi@imgtec.com. > > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel > BUG=chromium:535408, chromium:571299, v8:4629 > LOG=n > > Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2 > Cr-Commit-Position: refs/heads/master@{#33042} TBR=cbruni@chromium.org,hpayer@chromium.org,yangguo@chromium.org,akos.palfi@imgtec.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:535408, chromium:571299, v8:4629 Review URL: https://codereview.chromium.org/1552473002 Cr-Commit-Position: refs/heads/master@{#33043}
-
- 26 Dec, 2015 1 commit
-
-
bmeurer authored
According to the ES2015 specification, bound functions are exotic objects, and thus don't need to be implemented as JSFunctions. So we introduce a new JSBoundFunction type to represent bound functions and make them optimizable. This already improves the performance of calling or constructing bound functions by 10-100x depending on the use case because we avoid the crazy dance between JavaScript and C++ that was implemented in v8natives.js previously. There's still room for improvement in the performance of actually creating bound functions, which is also relevant in practice, but we already have a plan how to accomplish that later. The mips/mips64 ports were contributed by akos.palfi@imgtec.com. CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel BUG=chromium:535408, chromium:571299, v8:4629 LOG=n Review URL: https://codereview.chromium.org/1542963002 Cr-Commit-Position: refs/heads/master@{#33042}
-
- 04 Dec, 2015 1 commit
-
-
cbruni authored
BUG=v8:1543 LOG=N Review URL: https://codereview.chromium.org/1496503002 Cr-Commit-Position: refs/heads/master@{#32616}
-