- 05 Feb, 2018 1 commit
-
-
jing.bao authored
Change-Id: If796c837c621053a61008793c0a51f3138047ebb Reviewed-on: https://chromium-review.googlesource.com/898568Reviewed-by:
Bill Budge <bbudge@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jing Bao <jing.bao@intel.com> Cr-Commit-Position: refs/heads/master@{#51087}
-
- 04 Feb, 2018 1 commit
-
-
Benedikt Meurer authored
This adds a new isolate wide Promise#then protector, which guards the "then" lookup for all JSPromise instances whose [[Prototype]] is the initial %PromisePrototype%. Thus arbitrary mutations to the Promise.prototype (i.e. monkey-patching other methods or installing new functions) no longer sent you down the slow-path. Use this protector in Promise.prototype.catch and in Promise.resolve. Drive-by-fix: Restructure the resolve logic a bit and avoid the expensive and large SameValue check, which can be turned into a simple reference equal, as the promise in there is known to be a JSPromise anyways. Bug: v8:7253 Change-Id: If68b12c6bc6ca9c4d10552ae84854ebc3b5774f9 Reviewed-on: https://chromium-review.googlesource.com/899302 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51085}
-
- 02 Feb, 2018 6 commits
-
-
Pierre Langlois authored
Remove hard-coded scratch registers (r9 and ip) from the code generator in favor of using the `UseScratchRegisterScope` utility. And as a result, we can free the r9 register for the allocator to use. Note that the code generator now has to cope with a single scratch register (ip) instead of two (ip + r9). Therefore the code sequences emitted by moves aren't as optimized as they used to be. For instance, we now use a scratch S register in places where we could use r9. We can optimize them further if we want but running benchmarks showed no impact so keeping the code simpler was deemed better for the time being. Bug: v8:6553 Change-Id: I7fcf244cb1b6578564b503619a041006eaf74626 Reviewed-on: https://chromium-review.googlesource.com/895461 Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
-
jgruber authored
This check verifies that all .h files in the src/ directory have an include guard of the form #ifndef V8_PATH_TO_FILE_H_ #define V8_PATH_TO_FILE_H_ // ... #endif // V8_PATH_TO_FILE_H_ The check can be skipped with a magic comment: // PRESUBMIT_INTENTIONALLY_MISSING_INCLUDE_GUARD Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: I0a7b96abec289ad60f64ba8418f1892a6969596d Reviewed-on: https://chromium-review.googlesource.com/897487Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51079}
-
Benedikt Meurer authored
This creates a uniform PerformPromiseThen builtin, which performs the operation with the same name from the spec, except that it expects the handlers to be either undefined or callable already, since this is only relevant for a single callsite (namely Promise.prototype.then). Introduce a matching operator JSPerformPromiseThen into TurboFan, which represents this operation and removes the additional checks in case of Promise.prototype.then based on the information we can derived from the receiver maps. This yields a nice 20-25% improvement on Promise.prototype.then, as illustrated by the following micro-benchmark ```js const N = 1e7; function inc(x) { return x + 1; } function chain(promise) { return promise.then(inc).then(value => { if (value < N) chain(Promise.resolve(value)); }); } console.time('total'); chain(Promise.resolve(0)); setTimeout(console.timeEnd.bind(console, 'total')); ``` which goes from around 1230ms to 930ms with this patch. Bug: v8:7253 Change-Id: I5712a863acdbe7da3bb8e621887c7b952148c51a Reviewed-on: https://chromium-review.googlesource.com/899064Reviewed-by:Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Michael Starzinger authored
This makes sure that {JSFunction} invocations always load the code start address into the fixed {kJavaScriptCallCodeStartRegister} register. This allows us to perform PC-relative operations more effective. For now this only applies to code with {kCallJSFunction} linkage. R=jarin@chromium.org Change-Id: I16a32184c07f5e90b05114dff7530acf46c175f1 Reviewed-on: https://chromium-review.googlesource.com/888700 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#51063}
-
Tobias Tebbi authored
Bug: chromium:798964 Change-Id: Ia34e901ed04daae62e6ec82c972225fb5de68419 Reviewed-on: https://chromium-review.googlesource.com/892443 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
-
Pierre Langlois authored
Replace hard-coded uses of `kScratchDoubleReg`, `kScratchDoubleReg2` and `kScratchQuadReg` with the safer `UseScratchRegisterScope`. The reason for doing this is to be able to safely use these scratch registers inside the assembler without having to worry about the code generator using them too. For instance, using this scope showed us that `TryInlineTruncateDoubleToI` is using a FP scratch register while the caller, the `DoubleToI` stub, is using it too. We are safe only because the stub passes the scratch register to `TryInlineTruncateDoubleToI` as an input. Using the scope forces us to explicitely use the input register instead of acquiring a new scratch. Bug: v8:6553 Change-Id: I84c53cd851d31ea33b0e3ef398d7a858b7e3e3c4 Reviewed-on: https://chromium-review.googlesource.com/895460Reviewed-by:
-
- 01 Feb, 2018 9 commits
-
-
Sigurd Schneider authored
Bug: v8:7270 Change-Id: Ia7fcd230adbf0f81a99a7f34b554c00c07649bfa Reviewed-on: https://chromium-review.googlesource.com/888742Reviewed-by:
-
Tobias Tebbi authored
Change-Id: I963215506a87945ae863427c572989c857bca2ff Reviewed-on: https://chromium-review.googlesource.com/897608Reviewed-by:
-
Daniel Clifford authored
Bug: chromium:802060 Change-Id: I032930af26f7eab8d5d3469ad273bdcdff85b045 Reviewed-on: https://chromium-review.googlesource.com/897723Reviewed-by:
-
Peter Marshall authored
Where the value we are switching on is a constant, we can just look through each IfValue case and replace the switch and go straight to the appropriate case. If no case matches, expect and go to the IfDefault. For the (unrealistic) example in the linked bug, this improves performance ~1.5x. Bug: v8:7389 Change-Id: I7ffe209bda9ed22571ea106396b18e0bcf9a1e22 Reviewed-on: https://chromium-review.googlesource.com/893141 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
Use the base::bits::SignedAddOverflow32() function instead, which performs an addition and checks for overflow. Bug: v8:5267, v8:7109 Change-Id: I20a5316957a3f72131d318282e8b8e8bb500b4a7 Reviewed-on: https://chromium-review.googlesource.com/797451Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
-
Tobias Tebbi authored
Change-Id: I2e9a6e706d75a579033a3bdaf275a5af4512c8d1 Reviewed-on: https://chromium-review.googlesource.com/897492Reviewed-by:
-
Tobias Tebbi authored
This is a reland of 957ac364. To avoid a race condition TSAN found when accessing FLAG_turbo_disable_switch_jump_table in the InstructionSelector, this now threads the flag through the CompilationInfo. Original change's description: > [turbofan] disable indirect jumps in Turbofan generated switches > > Bug: > Change-Id: I326bf518f895e7c030376210e7797f3dd4a9ae1f > Reviewed-on: https://chromium-review.googlesource.com/873643 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50984} Change-Id: I76c2804f140cc116e30881bfd05365a09240e605 Reviewed-on: https://chromium-review.googlesource.com/895643Reviewed-by:
-
jing.bao authored
Change-Id: I46a46bacda356b838f3b7a7a9c7fb79f703dbae3 Reviewed-on: https://chromium-review.googlesource.com/892497Reviewed-by:
Aseem Garg <aseemgarg@chromium.org> Reviewed-by:
-
Kanghua Yu authored
--- Optimized code --- optimization_id = 26 kind = OPTIMIZED_FUNCTION compiler = turbofan ... leaq rcx,[rip+0x0] => TO BE REDUCED movq rcx,[rcx-0x37] => movq rcx,[rip-0x37] testb [rcx+0xf],0x1 jnz CompileLazyDeoptimizedCode Change-Id: I06c10ebd33af6524c4ad9ce466fd0880268f4a83 Reviewed-on: https://chromium-review.googlesource.com/880642Reviewed-by:
-
- 31 Jan, 2018 9 commits
-
-
Benedikt Meurer authored
We still avoid the "then" lookup using the current fast-path mega-guard in the baseline case, but in TurboFan we simply constant-fold the "then" lookup in the JSCallReducer. So all further optimizations on Promise#then in TurboFan will automatically apply to Promise#catch as well. Bug: v8:7253 Change-Id: Idf7252157375a0ae3a91c7a3b42c30c5f367c0a8 Reviewed-on: https://chromium-review.googlesource.com/895446 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#51008}
-
Benedikt Meurer authored
A given JSPromise can either be in pending state, and accumulates reactions, or in settled state, where all reactions are scheduled as microtasks, and it carries a result. So we can use a single field on the JSPromise instance to hold both the result and the reactions and that field is interpreted differently depending on the status of the JSPromise. Bug: v8:7253 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I19a7d499c88f452f0d35979ab95deb110021cde9 Reviewed-on: https://chromium-review.googlesource.com/895528Reviewed-by:
-
Karl Schimpf authored
Implements the saturating opcode i64.trunc_s:sat/f32. Also does some refactoring of the i32 saturating opcodes use a simplier solution (calling a single method to handle all i32 values). Also refactors code so that the remaining i64 saturating conversions should be easy to add to the wasm compiler. Bug: v8:7226 Change-Id: I031aca1e059b4baa989a56ecbc16941f591ff9b3 Reviewed-on: https://chromium-review.googlesource.com/887333 Commit-Queue: Karl Schimpf <kschimpf@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51001}
-
Mike Stanton authored
The FeedbackNexus classes initially were one-to-one with IC classes, but over time this got out of date. We also found Nexus' useful, so we made more classes even for cases that weren't ICs. The inheritence and polymorphism became confusing and led to duplication. Better, to just talk about a (single) FeedbackNexus. Bug: v8:7344 Change-Id: I509dc9657895d56c3859de6e6589695cdff9e73e Reviewed-on: https://chromium-review.googlesource.com/890452 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Franziska Hinkelmann <franzih@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#50997}
-
Jaroslav Sevcik authored
This reverts commit 957ac364. Reason for revert: Breaks roll (crbug.com/v8/7388) Original change's description: > [turbofan] disable indirect jumps in Turbofan generated switches > > Bug: > Change-Id: I326bf518f895e7c030376210e7797f3dd4a9ae1f > Reviewed-on: https://chromium-review.googlesource.com/873643 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50984} TBR=jarin@chromium.org,tebbi@chromium.org Change-Id: Id2546e722179e6d8f2f102ce02fb18d696a79764 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/894385Reviewed-by:
-
Tobias Tebbi authored
Bug: Change-Id: I326bf518f895e7c030376210e7797f3dd4a9ae1f Reviewed-on: https://chromium-review.googlesource.com/873643Reviewed-by:
-
Tobias Tebbi authored
Bug: Change-Id: Ibd91a61a9fd4b673db1afe13936d68a2b4a096cd Reviewed-on: https://chromium-review.googlesource.com/892058 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
This implements the ideas outlined in the section "Microtask queue" of the exploration document "Promise and async/await performance" (at https://goo.gl/WHRar2), except that the microtask queue stays a linear FixedArray for now, to avoid running into trouble with the parallel scavenger. This way we can already save a significant amount of allocations, thereby reducing the GC frequency quite a bit. All items on the microtask queue are now proper structs that subclass Microtask, i.e. we also wrap JSFunction and MicrotaskCallback jobs into structs. We also consistently remember the context for every microtask (except for MicrotaskCallback where we don't have a context), and execute it later in exactly that context (as required by the spec anyways for the Promise related jobs). Particularly interesting is the PromiseReactionJobTask and its subclasses, since they are designed to have the same size as the PromiseReaction. When we resolve a JSPromise we just take the existing PromiseReaction instances and morph them into PromiseFulfillReactionJobTask or PromiseRejectReactionJobTask (depending whether you "Fulfill" or "Reject"). That way the JSPromise class is now only 6 words instead of 10 words. Also the PromiseReaction and the reaction tasks can either carry a JSPromise (for the fast native case) or a PromiseCapability (for the generic case), which means we don't always pay the overhead of having to also remember the "deferred resolve" and "deferred reject" handlers that are only relevant for the generic case anyways. It also fixes a spec violation where we called "then" before we actually enqueued the PromiseResolveThenableJob, which is observably wrong. Calling it later has the advantage that it should be fairly straight-forward now to completely avoid it for native Promise instances. This seems to save around 10-20% on the various Promise benchmarks and micro-benchmarks. We expect to gain even more as we're now able to inline various operations into TurboFan optimized code easily. Bug: v8:7253 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I893d24ca5bb046974b4f5826a8f6dd22f1210b6a Reviewed-on: https://chromium-review.googlesource.com/892819 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Georg Neis authored
Async generators didn't correctly handle the situation where one calls .return on a suspended-at-start async generator and passes a promise-like object whose awaiting causes a new request to the generator. Bug: chromium:805729 Change-Id: I4da13ab5bd97f8c2a2c5373242a2d5e2ab0f7f10 Reviewed-on: https://chromium-review.googlesource.com/891231Reviewed-by:
Caitlin Potter <caitp@igalia.com> Reviewed-by:
-
- 30 Jan, 2018 3 commits
-
-
Junliang Yan authored
Port 1abeb5a3 Original Commit Message: - Shift opcode numbers for asmjs-compat opcodes - Add --experimental-wasm-se flag to gate sign extension opccodes - Fix codegen for ia32 movsx instructions R=gdeepti@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I3af97112b40d159f9ffc4f465768fc7832485f20 Reviewed-on: https://chromium-review.googlesource.com/893703Reviewed-by:
Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#50969}
-
Pierre Langlois authored
The way the code generator's AssembleMove and AssembleSwap methods are written makes it easy to forget which sort of move is being implemented when looking at a sequence of instructions. This patch is an attempt to address this by rewriting those methods using switch/case instead of a string of if/else. To do this, introduce new utility functions to detect what type of move to perform given a pair of InstructionOperands. Bug: Change-Id: I32b146c86409e595b7b59a66bf43220899024fdd Reviewed-on: https://chromium-review.googlesource.com/749201 Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#50966}
-
Kanghua Yu authored
I8x16Shl/I8x16ShrS/I8x16ShrU,I8x16Mul R=bbudge@chromium.org, bmeurer@chromium.org Bug: Change-Id: I97d7f077c26fe6f8be6464582f20d4e3c8fd4667 Reviewed-on: https://chromium-review.googlesource.com/853772 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
- 29 Jan, 2018 3 commits
-
-
Michael Starzinger authored
R=tebbi@chromium.org Change-Id: Iae9a3774eb7913388350ce3cd0a96d6a6cca25e8 Reviewed-on: https://chromium-review.googlesource.com/885845Reviewed-by:
-
Ross McIlroy authored
BUG=chromium:798964 Change-Id: I63c373ef3f27a3295fc79f5c82d78b5fd89a83da Reviewed-on: https://chromium-review.googlesource.com/888752 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
-
Jaroslav Sevcik authored
Bug: v8:5267 Change-Id: I649554733fdbd00c8e82b09aca35b0ff1f823560 Reviewed-on: https://chromium-review.googlesource.com/890262Reviewed-by:
-
- 26 Jan, 2018 7 commits
-
-
Sigurd Schneider authored
This CL uses UTF16 encoding internally in the string iterator, thereby saving a few shifts, ors, and ands. Bug: v8:7270 Change-Id: I3ac9e0e8c4b64eb1d6c796597eb0b3413c5f516b Reviewed-on: https://chromium-review.googlesource.com/887085Reviewed-by:
-
Ivica Bogosavljevic authored
Port 1abeb5a3 Change-Id: Ib31abb7e5e920b319d0e485bf5bcc29fdc018bbc Bug: chromium:806078 Reviewed-on: https://chromium-review.googlesource.com/888744Reviewed-by:
Miran Karić <miran.karic@mips.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#50902}
-
Ross McIlroy authored
Refactors bytecode register access to avoid having to deal with register indexes directly. - Changes Load/StoreRegister to Load/StoreRegisterAtOperandIndex - Adds RegisterList abstraction for dealin with lists of registers - Adds helpers for Loading / Storing register pairs / triples. Change-Id: I34427e4bd7314dce0230572212580d6a93ccc2d4 Reviewed-on: https://chromium-review.googlesource.com/887062Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#50899}
-
Sigurd Schneider authored
With the new builtin optimization guard we can just speculatively assume that the index passed to String#charAt and String#charCodeAt (in optimized code) is going to be within the valid range for the receiver. This is what Crankshaft used to do, and it avoids Smi checks on the result for String#charCodeAt, since it can no longer return NaN. This gives rise to further optimizations of these builtins (i.e. to completely avoid the tagging of char codes), and by itself already improves the regression test originally reported from 650ms to 610ms. Bug: v8:7127, v8:7326 Change-Id: I6c160540a1e002a37e44fa7f920e5e8f8c2c4210 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/873382 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Sigurd Schneider authored
This fixes %StringIteratorPrototype%.next to not mixup UTF16 and UTF32, and consistently use UTF32 for now. Bug: chromium:805855 Change-Id: If58e2fe0d9bebd894e12abf8af82881c74388294 Reviewed-on: https://chromium-review.googlesource.com/888741 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Georg Neis authored
This is a reland of 181ac2b0 that fixes the issue with load elimination. Original change's description: > [ic] Improve performance of KeyedStoreIC on literal-based arrays. > > In mode STORE_AND_GROW_NO_TRANSITION, the handler for elements stores > used to bail out when seeing a COW array, even if the store that > installed the handler had been operating on the very same array. > > This CL adds support for COW arrays to the mode (and renames it to > STORE_AND_GROW_NO_TRANSITION_HANDLE_COW). > > Bug: v8:7334 > Change-Id: I6a15e8c1ff8d4ad4d5b8fc447745dce5d146c67c > Reviewed-on: https://chromium-review.googlesource.com/876014 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50840} TBR=bmeurer@chromium.org Bug: v8:7334, chromium:805768 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I3d9c1b08583e08d68a1d30242a25e4a2190c8c55 Reviewed-on: https://chromium-review.googlesource.com/886261 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
-
jing.bao authored
Change-Id: I7dd81c104da3296cb78688c066b24e12b8ffc6c2 Reviewed-on: https://chromium-review.googlesource.com/882952 Commit-Queue: Jing Bao <jing.bao@intel.com> Reviewed-by:
-
- 25 Jan, 2018 1 commit
-
-
Deepti Gandluri authored
- Shift opcode numbers for asmjs-compat opcodes - Add --experimental-wasm-se flag to gate sign extension opccodes - Fix codegen for ia32 movsx instructions Bug: v8:6532 Change-Id: If7c9eff5ac76d24496effb2314ae2601bb8bba85 Reviewed-on: https://chromium-review.googlesource.com/838403 Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by:
Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50875}
-
