- 12 Aug, 2021 1 commit
-
-
Jakob Gruber authored
The concurrent version was added recently in crrev.com/c/3085262. - UnusedPropertyFields requires the MapUpdater lock. - instance_descriptors must be read atomically on the bg thread. Finally, there appears to be a false positive report for the pattern: x = is_concurrent ? foo(kAcquireLoad) : foo(); Here, clang emits code that executes both the atomic and nonatomic reads when is_concurrent is true. Needs more investigation. Bug: v8:7790, chromium:1239009 Change-Id: I07d442e72cf0278f79f202a267e8d246f8abca1b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090341 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76261}
-
- 11 Aug, 2021 1 commit
-
-
Jakob Gruber authored
.. to attempt to update deprecated maps. Used in JSHeapBroker::ReadFeedbackForPropertyAccess. Drive-by: Move Map::TryUpdate to MapUpdater to address an old TODO. Bug: v8:7790 Change-Id: Iaa791e204dd133f067014c0abdb23ef3b807a315 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085274 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#76224}
-
- 17 May, 2021 1 commit
-
-
Santiago Aboy Solanes authored
The instance_size of a live map can change via ShrinkInstanceSize. This change was outside of the scope of the MapUpdater. In order to have a consistent view of the data, the concurrent reader will access the map updater lock if needed. Also refactor MapUpdaterMutexDepthScope (now named `MapUpdaterGuardIfNeeded`) so that A) it's not possible to forget to lock it, and B) add V8_NODISCARD to the class. As a second refactor use std::function in TraverseCallback. Bug: v8:7790 Change-Id: I57dd00699ccb1c9f132a950db93704b07ca115ac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862765Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74592}
-
- 03 May, 2021 1 commit
-
-
Igor Sheludko authored
When fast deleting properties generalize all outgoing transitions to mutable instead of generalizing when property is reconfigured. Bug: chromium:1201938 Change-Id: I080f2f43de1691a742be2a2bec5cd20d02d78dbc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859960 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#74334}
-
- 08 Apr, 2021 1 commit
-
-
Jakob Gruber authored
This is part of moving towards MapUpdater as the bottleneck for map updates. Drive-by: Move helpers. Drive-by: Use a plain std::queue instead of a ZoneQueue in UpdateFieldType. Bug: v8:7790 Change-Id: Iff80a6e9bf3390a010305f7998d6f6dad2bce09f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807602 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73851}
-
- 06 Apr, 2021 1 commit
-
-
Igor Sheludko authored
... when reconfiguring property attributes. Bug: chromium:1195331 Change-Id: I65a29f0ad303a603207376a283e943480c4b18d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807608Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73810}
-
- 01 Apr, 2021 1 commit
-
-
Jakob Gruber authored
It's locked exclusively in the MapUpdater API methods, and locked shared in ComputePropertyAccessInfo (CPAI). This lock is a step towards running CPAI on background threads. The simple lock portion is landed separately in this CL to get an early signal on potential lock overhead perf impact. The lock is implemented and used very conservatively at the moment: - it's a single global lock (and not e.g. per-map). - it's locked for the entire method call duration (instead of only in relevant parts). Both points can potentially be improved in the future. Bug: v8:7790 Change-Id: I073423497e01b4901101973387a19962f953a576 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797286Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#73773}
-
- 08 Mar, 2021 2 commits
-
-
Igor Sheludko authored
Bug: chromium:1185463, v8:9233 Change-Id: I87ad8e1ddbbf106ae5221264b53d53aded2c4c51 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739633Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73259}
-
Santiago Aboy Solanes authored
If a method happens on the main thread and only on the main thread (i.e. it will never be run on the background), it is safer to use non-atomic accessors as TSAN will give warnings if we use them improperly. As a drive-by, pass the isolate as a parameter where it was readily available as it saves us from getting the isolate from the object later on. Bug: v8:7790 Change-Id: Id9bdd69254edc60b0331a32fccf1479a95b7d286 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732669Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#73251}
-
- 05 Mar, 2021 1 commit
-
-
Igor Sheludko authored
... to different attributes or different property kind. Bug: chromium:1161847, v8:9233 Change-Id: I5a6e1e012c6afcf09ed9da6bbf9f33c1007c3d99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727272Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73220}
-
- 23 Feb, 2021 1 commit
-
-
Marja Hölttä authored
Also fixes existing tests which were asserting the wrong behavior (that setting writable=false won't have an effect). The bug was introduced by https://chromium-review.googlesource.com/c/v8/v8/+/1442640 . Bug: chromium:1158138 Change-Id: I2d85721848eb4e7d530a980a9ecef7f8693bb9a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691050 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#72948}
-
- 11 Feb, 2021 1 commit
-
-
Santiago Aboy Solanes authored
Reasons: * We disabled it more than a year ago for all configs * Not easy to re-enable * Not compatible with pointer compression as-is * Not compatible with concurrent TP/TF as-is * No concrete plans to re-enable it Also remove Map's layout_descriptor since it was only used for double field unboxing. Bug: v8:11422 Change-Id: I9260906eac199213b3210712e9903f1ecf1d7979 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676637Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#72671}
-
- 20 Nov, 2020 1 commit
-
-
Leszek Swirski authored
Because of LocalHeap safepoints, our existing assert scopes don't necessarily maintain the same guarantees as desired. In particular, DisallowHeapAllocation no longer guarantees that objects don't move. This patch transitions DisallowHeapAllocation to DisallowGarbageCollection, to ensure that code using this scope is also protected against safepoints. Change-Id: I0411425884f6849982611205fb17bb072881c722 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2540547 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#71319}
-
- 12 Nov, 2020 1 commit
-
-
Igor Sheludko authored
which was enabled a long ago and is not supposed to be disabled. In addition this CL adds Representation::MightCauseMapDeprecation() predicate and ensures it's consistent with the existing MostGenericInPlaceChange() and CanBeInPlaceChangedTo(). Bug: v8:11104, v8:8865 Change-Id: Ia8046b76822c9b20fe3ce85de6b98570334aad21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527088 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#71151}
-
- 30 Oct, 2020 1 commit
-
-
Leszek Swirski authored
GeneralizeField already calculates the field owner. Change-Id: I0730471479d4289d3d027ea63178ddae659ee2b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507717 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#70891}
-
- 29 Oct, 2020 1 commit
-
-
Leszek Swirski authored
When searching for a target map during map update, attempt to update field representations in-place to the more general representation, where possible. Bug: chromium:1143772 Change-Id: I6a43c94910a1d2d8f8b0ad89048f94b51461f76c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507715 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70887}
-
- 05 Oct, 2020 1 commit
-
-
Santiago Aboy Solanes authored
We can use tag dispatching to distinguish between the synchronized and non-synchronized accessors. Also eliminated the need of adding explicit "synchronized" in the name when using the macros. As a note, we currently have one case of using both relaxed and synchronized accessors (Map::instance_descriptors). Cleaned up: * BytecodeArray::source_position_table * Code::code_data_container * Code::source_position_table * FunctionTemplateInfo::call_code * Map::instance_descriptors * Map::layout_descriptor * SharedFunctionInfo::function_data Bug: v8:7790 Change-Id: I5a502f4b2df6addb6c45056e77061271012c7d90 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424130 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70306}
-
- 19 Jun, 2020 1 commit
-
-
Maya Lekova authored
Avoid possible use-after-free. Fixed: v8:10210 Change-Id: Id8bdf70804448b5b793d9d593374f4b588fe3e87 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253841 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#68436}
-
- 11 Oct, 2019 1 commit
-
-
Jakob Kummerow authored
This is for consistency and compiler-enforced type safety. No change in behavior intended. Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#64244}
-
- 28 Aug, 2019 1 commit
-
-
Z Nguyen-Huu authored
Currently the backing store and elements kind might not aligned aka backing store can be dictionary where elements kind is frozen/sealed element kinds or the other way around. The reason is that Object.preventExtensions change elements kind to DICTIONARY while Object.seal/freeze change elements kind to SEALED/FROZEN element kind. Apply both these operations can lead to that problem as in chromium:992914 To solve this issue, we avoid Object.preventExtensions to change backing store to dictionary by introducing new nonextensible elements kind. These new nonextensible elements kind are handled similar to frozen, sealed element kinds. This change not only fixes the problem but also optimize the performance of nonextensible objects. Change-Id: Iffc7f14eb48223c11abf3c577f305d2d072eb65b Bug: chromium:992914, v8:6831 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760976 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63432}
-
- 19 Jun, 2019 1 commit
-
-
Leszek Swirski authored
Rather than starting a new, orphaned transition tree in various bailout cases, simply drop down into dictionary mode. Aside from potential memory benefits, this allows us to remove CopyGeneralizeAllFields, which was the only path along which fields could end up in a different order than their descriptors. Change-Id: I5577e8a1ca51f0ffdadd7504e7895f367605aa27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662298 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62279}
-
- 28 May, 2019 1 commit
-
-
Georg Schmid authored
R=bmeurer@chromium.org Change-Id: I88f3300d34b185e88f8b6f391346630a7c22ecb4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631422Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Schmid <gsps@google.com> Cr-Commit-Position: refs/heads/master@{#61869}
-
- 27 May, 2019 3 commits
-
-
Benedikt Meurer authored
This is a reland of 4b86fea5 with copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed (bug led to holes in new space, which was crashing reproducibly on the ia32 bot). Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} Tbr: petermarshall@chromium.org Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61864}
-
Clemens Hammacher authored
This reverts commit 4b86fea5. Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045 Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61856}
-
Benedikt Meurer authored
As the next step in supporting huge typed arrays in V8, this moves the external/data pointer from the FixedTypedArrayBase backing store to the JSTypedArray instance itself, and replaces the special backing stores with a plain ByteArray (removing all the code for the FixedTypedArrayBase class hierarchy). By doing so, we can drastically simplify the system around typed arrays. Note: Several places in the code base used to check the instance type of the elements backing store of a JSTypedArray instead of checking the elements kind on the JSTypedArray map directly. Those had to be fixed, since the backing store is now always a ByteArray. Drive-by-fix: Move all the typed elements access related code into the elements.cc file to properly encapsulate the accesses. Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61855}
-
- 23 May, 2019 3 commits
-
-
Yang Guo authored
TBR=bmeurer@chromium.org,leszeks@chromium.org Bug: v8:9247 Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61769}
-
Clemens Hammacher authored
This CL was generated by an automatic clang AST rewriter using this matcher expression: callExpr( callee( cxxMethodDecl( hasName("operator->"), ofClass(isSameOrDerivedFrom("v8::internal::Object")) ) ), argumentCountIs(1) ) The "->" at the expression location was then rewritten to ".". R=jkummerow@chromium.org TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org Bug: v8:9183, v8:3770 No-Try: true No-Tree-Checks: true Change-Id: I0a7ecabdeafe51d0cf427f5280af0c7cab96869e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624209Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61764}
-
Yang Guo authored
Bug: v8:9247 Change-Id: I0023200c54fa6499ae4e2cf5e4c89407cc35f187 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624218Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61762}
-
- 22 May, 2019 1 commit
-
-
Yang Guo authored
Bug: v8:9247 Change-Id: I79e0553e8a0d6dac2aa16b94a6c0e05b6ccde4a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621934 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61725}
-
- 21 May, 2019 1 commit
-
-
Toon Verwaest authored
This was already unsupported by the map updated because the condition was manually checked before CanBeInPlaceChangedTo. Since the latter function missed the check, however, new code using the function (json parser) missed the relevant check. Simply move the condition to the function. Bug: chromium:964869 Change-Id: I9424a5706c5f6d637acbf532707da3f1e7d9b55e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622114 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61703}
-
- 20 May, 2019 2 commits
-
-
Z Duong Nguyen-Huu authored
When reconfigure data field (e.g. change representation), it was allowed to transition from dictionary elements kind to sealed elements kind. With this change, this transition is forbidden. Bug: chromium:963346 Change-Id: I6c9a5f6f269bc5ee4cd6176ff5e8d803f08dba1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613840 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61670}
-
Yang Guo authored
Code that is being moved primarily deal with layout of a JSObject, accessing properties and elements, and map transitions. NOTREECHECKS=true NOTRY=true Bug: v8:9247 Change-Id: Ibce5d5926ac4021c8d40c4dd109948775ce1da58 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613994 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61638}
-
- 07 May, 2019 2 commits
-
-
Z Duong Nguyen-Huu authored
This is the follow-up for frozen, sealed packed elements kind. Design docs: bit.ly/fast-frozen-sealed-elements-in-v8 This change is only support the transition from holey elements to holey sealed elements (via object.seal) or to holey frozen elements (via object.freeze). Added tests for non-extensible, sealed, frozen holey elements in https://chromium-review.googlesource.com/c/v8/v8/+/1574503 and https://chromium-review.googlesource.com/c/v8/v8/+/1582481 Bug: v8:6831 Change-Id: Ia4373648f79f2ebebb390982a503145844a0c123 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574777 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#61307}
-
Benedikt Meurer authored
Generalize the existing work-around in the method `Map::GeneralizeIfCanHaveTransitionableFastElementsKind()` to also go to the most general field representation (in addition to going to the most field type) for objects with transitionable fast elements kinds. That means that we essentially disable field representation tracking for arrays, arguments objects and value wrappers (for which the field type tracking is already disabled). Drive-by-fix: Remove the `constness` parameter to the above mentioned helper method. And fix the printing of the descriptor expectations to properly print the field type. Change-Id: I1bba9415f4bdd2c916f9d105d9120c7071d2c498 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Doc: http://bit.ly/v8-in-place-field-representation-changes Bug: v8:8749, v8:8865, v8:9114, chromium:959645, chromium:952682 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598756 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61284}
-
- 27 Apr, 2019 1 commit
-
-
Jaroslav Sevcik authored
This enables constant field tracking unconditionally. TBR=jgruber@chromium.org Bug: v8:8361 Change-Id: I02f35827d860c3e0f18a3d55cb156c088d48bc94 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585730 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61055}
-
- 16 Apr, 2019 1 commit
-
-
Z Duong Nguyen-Huu authored
Just update merge conflict. The reverted CL is https://chromium-review.googlesource.com/c/v8/v8/+/1565470. Treat packed sealed, frozen element as packed element. Also rename to IsPackedFrozenOrSealedElementsKind. Bug: chromium:951988 Change-Id: I4e7cc0a0d43e1e1c109fa08231dd5396901f9614 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566235 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#60881}
-
- 12 Apr, 2019 4 commits
-
-
Sathya Gunasekaran authored
This reverts commit 68ba8574. Reason for revert: breaks windows builds https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20builder/27839 Original change's description: > Fix array.concat with double for sealed, frozen object > > Treat packed sealed, frozen element as packed element. > Also rename to IsPackedFrozenOrSealedElementsKind. > > Bug: chromium:951988 > Change-Id: Ia636f0a14a229e4c44772627728927db1b877f27 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565470 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#60831} TBR=jarin@chromium.org,ishell@chromium.org,verwaest@chromium.org,duongn@microsoft.com Change-Id: I84caf106dbdd2209aef0a994173e1c3982e9f7b1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:951988 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565542Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#60832}
-
Z Duong Nguyen-Huu authored
Treat packed sealed, frozen element as packed element. Also rename to IsPackedFrozenOrSealedElementsKind. Bug: chromium:951988 Change-Id: Ia636f0a14a229e4c44772627728927db1b877f27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565470Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#60831}
-
Benedikt Meurer authored
This adds a new flag --modify-field-representation-inplace (enabled by default), which lets the runtime perform field representation changes for Smi to Tagged or for HeapObject to Tagged in-place instead of creating new maps and marking the previous map tree as deprecated. That means we create (a lot) fewer Maps and DescriptorArrays in the beginning and also need to self-heal fewer objects later (migrating off the deprecated maps). In TurboFan we just take the "field owner dependency" whenever we use the field representation, which is very similar to what we already do for the field types. That means if we change the representation of a field that we used in optimized code, we will simply deoptimize that code and have TurboFan potentially later optimize it again with the new field representation. On the Speedometer2/ElmJS-TodoMVC test, this reduces the total execution time from around 415ms to around 352ms, which corresponds to a **15%** improvement. The overall Speedometer2 score improves from around 74.1 to around 78.3 (on local runs with content_shell), corresponding to a **5.6%** improvement here.
On the CNN desktop browsing story, it seems that we reduce map space utilization/fragmentation by about 4-5%. But since we allocate a lot less (fewer Maps and DescriptorArrays) we also significantly change the GC timing, which heavily influences the results here. So take this with a grain of salt. Note: For Double fields, this doesn't change anything, meaning they still create new maps and deprecate the previous map trees. Bug: v8:8749, v8:8865, v8:9114 Change-Id: Ibd70efcb59be982863905663dbfaa89aa5b31e14 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Doc: http://bit.ly/v8-in-place-field-representation-changes Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565891 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#60822} -
Michael Hablich authored
This reverts commit 1416d5a5. Reason for revert: blocks roll https://chromium-review.googlesource.com/c/chromium/src/+/1564550 Original change's description: > [map] Support in-place field representation changes. > > This adds a new flag --modify-field-representation-inplace (enabled by > default), which lets the runtime perform field representation changes > for Smi to Tagged or for HeapObject to Tagged in-place instead of > creating new maps and marking the previous map tree as deprecated. > > That means we create (a lot) fewer Maps and DescriptorArrays in the > beginning and also need to self-heal fewer objects later (migrating > off the deprecated maps). In TurboFan we just take the "field owner > dependency" whenever we use the field representation, which is very > similar to what we already do for the field types. That means if we > change the representation of a field that we used in optimized code, > we will simply deoptimize that code and have TurboFan potentially > later optimize it again with the new field representation. > > On the Speedometer2/ElmJS-TodoMVC test, this reduces the total execution > time from around 415ms to around 352ms, which corresponds to a **15%** > improvement. The overall Speedometer2 score improves from around 74.1 > to around 78.3 (on local runs with content_shell), corresponding to a > **5.6%** improvement here.
> > On the CNN desktop browsing story, it seems that we reduce map space > utilization/fragmentation by about 4-5%. But since we allocate a lot > less (fewer Maps and DescriptorArrays) we also significantly change > the GC timing, which heavily influences the results here. So take this > with a grain of salt. ♂️ > > Note: For Double fields, this doesn't change anything, meaning they > still create new maps and deprecate the previous map trees. > > Bug: v8:8749, v8:8865, v8:9114 > Change-Id: I694a53f87ae5caeb868fd98a21809b66d4297d35 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://bit.ly/v8-in-place-field-representation-changes > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561132 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60764} TBR=jarin@chromium.org,neis@chromium.org,ishell@chromium.org,bmeurer@chromium.org,verwaest@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:8749, v8:8865, v8:9114 Change-Id: I666975d08d51bbe7ab4faec9428b9a1f88e9b322 Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564208Reviewed-by: Michael Hablich <hablich@chromium.org> Commit-Queue: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#60807}
-