1. 29 Jan, 2019 1 commit
  2. 11 Dec, 2018 1 commit
  3. 24 Oct, 2018 1 commit
    • peterwmwong's avatar
      Reland "[builtins] Fix Array.p.join length overflow and invalid string length handling" · 4e12baa6
      peterwmwong authored
      This is a reland of ec969ea3
      
      Temporarily removes high memory usage test.
      
      Original change's description:
      > [builtins] Fix Array.p.join length overflow and invalid string length handling
      >
      > - Fixes and simplify allocating the temporary fixed array for ToString-ed elements.
      >   - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail.
      >   - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback.
      >
      > - Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack.
      >
      > Bug: chromium:897404
      > Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591
      > Reviewed-on: https://chromium-review.googlesource.com/c/1293070
      > Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#56907}
      
      Bug: chromium:897404
      Change-Id: I4995893f6f9724b26c231d05619ad65dbccc7223
      Reviewed-on: https://chromium-review.googlesource.com/c/1297675Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
      Cr-Commit-Position: refs/heads/master@{#56946}
      4e12baa6
  4. 23 Oct, 2018 2 commits
    • Jakob Kummerow's avatar
      Revert "[builtins] Fix Array.p.join length overflow and invalid string length handling" · 7a975d11
      Jakob Kummerow authored
      This reverts commit ec969ea3.
      
      Reason for revert: test fails consistently on arm bots.
      I can't repro the failure locally, but it does consume ~512MB of memory (for a single string, I think?), so my guess is that the bots don't have enough contiguous address space.
      
      Original change's description:
      > [builtins] Fix Array.p.join length overflow and invalid string length handling
      > 
      > - Fixes and simplify allocating the temporary fixed array for ToString-ed elements.
      >   - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail.
      >   - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback.
      > 
      > - Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack.
      > 
      > Bug: chromium:897404
      > Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591
      > Reviewed-on: https://chromium-review.googlesource.com/c/1293070
      > Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#56907}
      
      TBR=danno@chromium.org,peter.wm.wong@gmail.com,jgruber@chromium.org,tebbi@chromium.org
      
      Change-Id: I8ca80bd75833aacc94ccb25ceb82bbc8880991db
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:897404
      Reviewed-on: https://chromium-review.googlesource.com/c/1297471Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#56915}
      7a975d11
    • peterwmwong's avatar
      [builtins] Fix Array.p.join length overflow and invalid string length handling · ec969ea3
      peterwmwong authored
      - Fixes and simplify allocating the temporary fixed array for ToString-ed elements.
        - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail.
        - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback.
      
      - Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack.
      
      Bug: chromium:897404
      Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591
      Reviewed-on: https://chromium-review.googlesource.com/c/1293070
      Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#56907}
      ec969ea3
  5. 02 May, 2018 1 commit
  6. 23 Apr, 2018 1 commit
  7. 29 Nov, 2017 2 commits
  8. 14 Nov, 2017 1 commit
  9. 02 Nov, 2017 1 commit
  10. 30 Oct, 2017 1 commit
    • peterwmwong's avatar
      [builtins] Port WeakMap.p.set and WeakSet.p.add to CSA from JS · 7ae0a2f9
      peterwmwong authored
      - Add WeakMapPrototypeSet and WeakSetPrototypeAdd TFJ builtins
        - Fast paths for...
          1) existing key
          2) new key when ObjectHashTable has a "sufficient capacity"
      - Create WeakCollectionsBuiltinsAssembler to consolidate common WeakMap/WeakSet code generation
      - Convert existing WeakMapLookupHashIndex to use WeakCollectionsBuiltinsAssembler
      
      Some quick benchmarks shows performance gains of...
      - 1.56x - 1.98x for WeakMap constructor
      - 1.66x - 2.06x for WeakSet constructor
      - 1.50x - 2.11x for WeakMap.p.set
      - 1.54x - 2.26x for WeakSet.p.add
      
      https: //github.com/peterwmwong/v8-perf/blob/master/weakcollection-set/README.md
      Bug: v8:5049, v8:6604
      Change-Id: I3499d46be6b2b3b1d8d46720ebe86cc5142ee542
      Reviewed-on: https://chromium-review.googlesource.com/737935
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49036}
      7ae0a2f9
  11. 20 Oct, 2017 1 commit
    • Mathias Bynens's avatar
      [js] Remove CHECK_OBJECT_COERCIBLE for Array methods · 35b6aa38
      Mathias Bynens authored
      The spec got rid of `CheckObjectCoercible` a while back, and so should
      we. This change is not observable in most of the affected cases since
      `ToObject` is up near the top of most Array method algorithms. An
      example of an observable effect of this change occurs for the following
      input:
      
          Array.prototype.sort.call(null, 1);
      
      Behavior before applying the patch (incorrect message):
      
          TypeError: Array.prototype.sort called on null or undefined
      
      Expected behavior:
      
          TypeError: The comparison function must be either a function or
                     undefined
      
      This patch removes `CheckObjectCoercible` and adds tests to ensure the
      few observable cases are addressed correctly.
      
      The patch also adds a missing `ToObject(this)` to
      `Array.prototype.lastIndexOf` which would otherwise become observable
      as a result of `CheckObjectCoercible` being removed.
      
      BUG=v8:3577,v8:6921
      
      Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: Ia086095076c4bf4d8d58dab26bc28df02994ed01
      Reviewed-on: https://chromium-review.googlesource.com/718577Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Mathias Bynens <mathias@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48800}
      35b6aa38
  12. 16 Oct, 2017 1 commit
    • peterwmwong's avatar
      [builtins] Port String.prototype.{padStart, padEnd} to CSA · 33b23529
      peterwmwong authored
      - Extract core StringPrototypeRepeat code into a TFS builtin (StringRepeat)
        - Assumes arguments are a string and smi (no range checks)
      - Add StringPrototypePadStart and StringPrototypePadEnd TFJ builtins
        - Added StringPadAssembler to ensure common behavior
      - Removed functionality from string.js
      
      A quick benchmark shows significant performance gains for unoptimized
      code (2.1x to 2.46x) and optimized code (1.03x - 1.56x).
      
      https: //github.com/peterwmwong/v8-perf/blob/master/string-pad/README.md
      Bug: v8:5049
      Change-Id: I6e4fe99fb62a3edb3d6906fd4f78b3576b5b0d13
      Reviewed-on: https://chromium-review.googlesource.com/720067
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48595}
      33b23529
  13. 11 Oct, 2017 1 commit
  14. 15 Sep, 2017 1 commit
  15. 06 Sep, 2017 1 commit
  16. 23 Aug, 2017 1 commit
  17. 20 Jul, 2017 1 commit
  18. 20 Jun, 2017 1 commit
    • bmeurer's avatar
      [turbofan] Introduce new JSCallWithArrayLike operator. · 767ce788
      bmeurer authored
      Add a new JSCallWithArrayLike operator that is backed by the
      CallWithArrayLike builtin, and use that operator for both
      Function.prototype.apply and Reflect.apply inlining. Also unify
      the handling of JSCallWithArrayLike and JSCallWithSpread in
      the JSCallReducer to reduce the copy&paste overhead.
      
      Drive-by-fix: Add a lot of test coverage for Reflect.apply and
      Function.prototype.apply in optimized code, especially for some
      corner cases, which was missing so far.
      
      BUG=v8:4587,v8:5269
      R=petermarshall@chromium.org
      
      Review-Url: https://codereview.chromium.org/2950773002
      Cr-Commit-Position: refs/heads/master@{#46041}
      767ce788
  19. 19 Apr, 2017 1 commit
  20. 18 Apr, 2017 2 commits
  21. 06 Apr, 2017 1 commit
  22. 03 Apr, 2017 2 commits
  23. 30 Mar, 2017 1 commit
  24. 14 Feb, 2017 1 commit
  25. 13 Feb, 2017 6 commits
  26. 05 Sep, 2016 1 commit
  27. 01 Sep, 2016 3 commits
  28. 24 Jun, 2016 1 commit
  29. 17 May, 2016 1 commit
    • bmeurer's avatar
      [es6] Reintroduce the instanceof operator in the backends. · 551e0aa1
      bmeurer authored
      This adds back the instanceof operator support in the backends and
      introduces a @@hasInstance protector cell on the isolate that guards the
      fast path for the InstanceOfStub. This way we recover the ~10%
      regression on Octane EarleyBoyer in Crankshaft and greatly improve
      TurboFan and Ignition performance of instanceof.
      
      R=ishell@chromium.org
      TBR=hpayer@chromium.org,rossberg@chromium.org
      BUG=chromium:597249, v8:4447
      LOG=n
      
      Review-Url: https://codereview.chromium.org/1980483003
      Cr-Commit-Position: refs/heads/master@{#36275}
      551e0aa1