- 24 Aug, 2018 6 commits
-
-
Benedikt Meurer authored
In LoadElimination leverage the fact that initializing stores (i.e. stores to freshly allocated objects) cannot touch existing objects, since the object can only escape once it's fully initialized and then all accesses will happen on the FinishRegion node instead of the naked Allocate node. This helps to eliminate the redundant map checks and "length" accesses to arrays, since TurboFan now knows that the iterated array cannot alias with neither the freshly allocated ArrayIterator nor the freshly allocated IterResultObject instances. This improves the times on the benchmark in the tracking bug from console.timeEnd: forOf, 188.111000 console.timeEnd: traditional, 116.380000 console.timeEnd: forOf, 170.721000 console.timeEnd: traditional, 108.209000 console.timeEnd: forOf, 168.491000 console.timeEnd: traditional, 108.839000 to console.timeEnd: forOf, 192.501000 console.timeEnd: traditional, 106.909000 console.timeEnd: forOf, 138.364000 console.timeEnd: traditional, 103.232000 console.timeEnd: forOf, 138.755000 console.timeEnd: traditional, 102.928000 when running with untrusted code mitigations turned off, and thus corresponds to a ~18% performance improvement, roughly cutting the performance difference between the traditional for loop and the for..of loop in half. Besides for..of loops this will also help with array destructuring patterns where TurboFan also emitted redundant map checks on the array and didn't eliminate the redundant "length" accesses. Bug: v8:8070 Change-Id: Iab283247f6d304d1e3c7c147f32ab957577aad21 Reviewed-on: https://chromium-review.googlesource.com/1188124Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55373}
-
Kanghua Yu authored
This also refactors CodeAssembler::Branch(condition,true_label,false_label) to support constant folding, and adds Branch(condition,true_label,false_body) variants for special cases. Change-Id: Ifc04442657295124a95c60f76efde5c46de6f1b5 Reviewed-on: https://chromium-review.googlesource.com/1186136 Commit-Queue: Kanghua Yu <kanghua.yu@intel.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#55372}
-
Simon Zünd authored
This CL fixes the "sort-lengths" benchmark so the ElementsKind of the array to sort is PACKED_SMI again. This was somehow broken. R=jgruber@chromium.org Change-Id: I129e001eae4c88e9f99174b3494193232d933c3f Reviewed-on: https://chromium-review.googlesource.com/1188122Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#55371}
-
Maya Lekova authored
This reverts commit 8093b4f3. Reason for revert: Breaks the following layout & non-layout bots in "fast/js/date-proto-generic-invocation.html" test https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Win/14570 https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25795 https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064%20(dbg)/13317 https://ci.chromium.org/p/v8/builders/luci.v8.ci/Linux%20Tests%20(dbg)(1)/6565 Original change's description: > Reland "[Intl] move Date.prototype.toLocale{,Date,Time}String to C++" > > This is a reland of 8e57cd51 > > Original change's description: > > [Intl] move Date.prototype.toLocale{,Date,Time}String to C++ > > > > Bug: v8:7961 > > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > > Change-Id: Ie75eb443fc0907a4e1e4cafd4f5c06c23794f5a9 > > Reviewed-on: https://chromium-review.googlesource.com/1156123 > > Commit-Queue: Frank Tang <ftang@chromium.org> > > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#55239} > > Bug: v8:7961 > Change-Id: Ib7dd3b7b3d363b7b8cb2dcd89a5d591fab592c81 > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Reviewed-on: https://chromium-review.googlesource.com/1185763 > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55368} TBR=jshin@chromium.org,gsathya@chromium.org,ftang@chromium.org Change-Id: I9ba94daecaca38e86a1f07b649931079ca88b28d No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7961 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1188143Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#55370}
-
Simon Zünd authored
This CL adds a baseline implementation for Array.p.reverse in Torque, as well as fastpaths for PACKED elements kinds. Support for sparse JSArrays was removed. R=jgruber@chromium.org, petermarshall@chromium.org Bug: v8:7624 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I12900fbbb44746f1c5d36b78be826e14b88b4f69 Reviewed-on: https://chromium-review.googlesource.com/1185600 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#55369}
-
Frank Tang authored
This is a reland of 8e57cd51 Original change's description: > [Intl] move Date.prototype.toLocale{,Date,Time}String to C++ > > Bug: v8:7961 > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Change-Id: Ie75eb443fc0907a4e1e4cafd4f5c06c23794f5a9 > Reviewed-on: https://chromium-review.googlesource.com/1156123 > Commit-Queue: Frank Tang <ftang@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55239} Bug: v8:7961 Change-Id: Ib7dd3b7b3d363b7b8cb2dcd89a5d591fab592c81 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1185763Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#55368}
-
- 23 Aug, 2018 34 commits
-
-
Michael Achenbach authored
This reverts commit adea021b. Reason for revert: https://crbug.com/v8/8087 Original change's description: > [heap] Reuse object evacuation information for slot recording in Scavenger. > > Bug: chromium:852420 > Change-Id: If092b5c8b093b313807687a27bc29bebd1c4ee5f > Reviewed-on: https://chromium-review.googlesource.com/1187143 > Commit-Queue: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55364} TBR=ulan@chromium.org,hpayer@chromium.org Change-Id: I480328e852c09f460a38e141eb7d2960c5001d35 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:852420 Reviewed-on: https://chromium-review.googlesource.com/1187301Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#55367}
-
Michael Achenbach authored
This reverts commit 524215be. Reason for revert: Breaks cfi: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20-%20cfi/16422 Original change's description: > Use new arraybuffer deleter interface in d8 > > With this cl we start using the custom deleter to free externalized > array buffers. This also allows us to keep wasm memories registered > with the wasm memory tracker and thereby to propagate that a memory > is wasm allocated over postMessage calls. > > Bug: v8:8073, chromium:836800 > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng > Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64 > Reviewed-on: https://chromium-review.googlesource.com/1186681 > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Commit-Queue: Stephan Herhut <herhut@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55361} TBR=mstarzinger@chromium.org,herhut@chromium.org Change-Id: I64c4e76d8d68bad8df4ba3297c099b9b44eabc7c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8073, chromium:836800 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1187241Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#55366}
-
Bruce Dawson authored
PAGE_TARGETS_INVALID tells CFG (Control Flow Guard) to mark all addresses as invalid indirect branch targets. This makes exploits more difficult. The benefit is minor because most of the code in the Chrome process doesn't use the CFG checks, but this will close off a few weaknesses and is the direction we will want to go in eventually anyway (with specific targets or call sites opted-in to allowing calls, using SetProcessValidCallTargets). PAGE_TARGETS_INVALID may ultimately cause CFG to not allocate memory - that is implied by Windows Internals 7th Edition - and if that is implemented then this change will save some modest amount of memory. PAGE_TARGETS_INVALID was introduced in Windows 10 - according to Windows Internals Part 1 7th Edition - prior to that it will cause VirtualAlloc to fail. Bug: chromium:870054 Change-Id: Ib1784fba37cc0ecb5fe5df595f1519531b3b3a20 Reviewed-on: https://chromium-review.googlesource.com/1186025 Commit-Queue: Bruce Dawson <brucedawson@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55365}
-
Hannes Payer authored
Bug: chromium:852420 Change-Id: If092b5c8b093b313807687a27bc29bebd1c4ee5f Reviewed-on: https://chromium-review.googlesource.com/1187143 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#55364}
-
Ben L. Titzer authored
This is a reland of b10a967f Original change's description: > [wasm] Add feature counter for threads and shared memory > > This adds a feature counter for WASM shared memory (i.e. the presence > of the "shared" bit in a WASM module's memory section) and the usage > of WASM threads opcodes (i.e. wake/wait and atomics). > > This CL also plumbs the WasmFeatures through the compilation pipeline > to detect features as functions are being compiled. > > R=ahaas@chromium.org, ulan@chromium.org > BUG=chromium:868844 > > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng > Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856 > Reviewed-on: https://chromium-review.googlesource.com/1186329 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Ben Titzer <titzer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55337} Bug: chromium:868844 Change-Id: Iac3a38d80fa71aadd7147704669a8fd671ecfae8 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1186343 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#55363}
-
Michael Starzinger authored
R=herhut@chromium.org Change-Id: I572a240f0d8f4598e3b4357d50329bcdafd7c60c Reviewed-on: https://chromium-review.googlesource.com/1186585Reviewed-by: Stephan Herhut <herhut@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#55362}
-
Stephan Herhut authored
With this cl we start using the custom deleter to free externalized array buffers. This also allows us to keep wasm memories registered with the wasm memory tracker and thereby to propagate that a memory is wasm allocated over postMessage calls. Bug: v8:8073, chromium:836800 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64 Reviewed-on: https://chromium-review.googlesource.com/1186681Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Stephan Herhut <herhut@chromium.org> Cr-Commit-Position: refs/heads/master@{#55361}
-
Simon Zünd authored
This is a reland of 9e48a24f Original change's description: > Reland "[array] Move Array.p.sort to Torque and use TimSort instead of QuickSort" > > The CL was reverted because it broke some tests in ChromeOS. > > > [array] Move Array.p.sort to Torque and use TimSort instead of QuickSort > > > > This CL changes the sorting algorithm used in Array.p.sort from > > QuickSort to TimSort (implemented in Torque). > > > > Detailed performance results can be found here: https://goo.gl/4E733J > > > > To save on code space, fast-paths are implemented as sets of > > function pointers instead of specializing generics. > > > > R=cbruni@chromium.org, jgruber@chromium.org > > > > Bug: v8:7382, v8:7624 > > Change-Id: I7cd4287e4562d84ab7c79c58ae30780630f976de > > Reviewed-on: https://chromium-review.googlesource.com/1151199 > > Commit-Queue: Simon Zünd <szuend@google.com> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#55003} > > Bug: v8:7382, v8:7624 > Change-Id: Ic7a3230f3708177774b0760f08b7659d83ec5505 > Reviewed-on: https://chromium-review.googlesource.com/1184901 > Commit-Queue: Simon Zünd <szuend@google.com> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55325} Bug: v8:7382, v8:7624 Change-Id: I297611f45c09967e0f6961156b0c9ebdebc7053f Reviewed-on: https://chromium-review.googlesource.com/1186801 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#55360}
-
Bill Budge authored
Change-Id: I0870a13fd257e014a3b6dca8ee7ccb3aa5485066 Reviewed-on: https://chromium-review.googlesource.com/1183525Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#55359}
-
Ben L. Titzer authored
The WasmCompilationData was a struct that served as an input/output mechanism for communicating with the code generator. In particular, it contained a flag for enabling runtime exception for WASM in the code generator and it also gathered the protected instruction info from the code generator to be communicated to the WasmCodeManager. This CL inlines the exception support flag into OptimizedCompilationInfo and the protected instruction information into the code generator, along the lines of other flags and data structures created by the code generator. R=mstarzinger@chromium.org Change-Id: If436636067f1a829a095310a73045fe3301cb694 Reviewed-on: https://chromium-review.googlesource.com/1186409 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#55358}
-
Ben L. Titzer authored
Note that this splits off counters added in https://chromium-review.googlesource.com/c/v8/v8/+/1186343 R=ahaas@chromium.org Bug: chromium:868844 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I263c63a51d8ce3418eacabb6beb11fa1b3dfaa96 Reviewed-on: https://chromium-review.googlesource.com/1186721Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55357}
-
Sigurd Schneider authored
This CL removed padding from Abort on ARM, which is no longer needed. Bug: v8:8054 Change-Id: I7ff0b88ba90e10d15b67b5ae8ca80f2cf7460498 Reviewed-on: https://chromium-review.googlesource.com/1183664 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#55356}
-
Maya Lekova authored
This reverts commit 9e48a24f. Reason for revert: Possibly breaking the V8-Blink Mac bot - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Mac/15097 Original change's description: > Reland "[array] Move Array.p.sort to Torque and use TimSort instead of QuickSort" > > The CL was reverted because it broke some tests in ChromeOS. > > > [array] Move Array.p.sort to Torque and use TimSort instead of QuickSort > > > > This CL changes the sorting algorithm used in Array.p.sort from > > QuickSort to TimSort (implemented in Torque). > > > > Detailed performance results can be found here: https://goo.gl/4E733J > > > > To save on code space, fast-paths are implemented as sets of > > function pointers instead of specializing generics. > > > > R=cbruni@chromium.org, jgruber@chromium.org > > > > Bug: v8:7382, v8:7624 > > Change-Id: I7cd4287e4562d84ab7c79c58ae30780630f976de > > Reviewed-on: https://chromium-review.googlesource.com/1151199 > > Commit-Queue: Simon Zünd <szuend@google.com> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#55003} > > Bug: v8:7382, v8:7624 > Change-Id: Ic7a3230f3708177774b0760f08b7659d83ec5505 > Reviewed-on: https://chromium-review.googlesource.com/1184901 > Commit-Queue: Simon Zünd <szuend@google.com> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55325} TBR=jgruber@chromium.org,szuend@google.com Change-Id: Ie7e2af57a6480aa0504ba21ec98ee825d7ac74fe No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7382, v8:7624 Reviewed-on: https://chromium-review.googlesource.com/1186601Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#55355}
-
Maya Lekova authored
The test is timing out on the Arm simulator when TimSort is disabled. NOTRY=true TBR=sigurds@chromium.org Bug: v8:7783 Change-Id: I51e159822d0010253a458f0c380c52f27f7fe972 Reviewed-on: https://chromium-review.googlesource.com/1186583 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#55354}
-
Sigurd Schneider authored
This change writes a magic number into the root register, and checks that we have the number still in at StackChecks. Change-Id: Ib00d2a7ede651997ae9459cf4bdcc6be3952353b Bug: v8:6666 Reviewed-on: https://chromium-review.googlesource.com/1186402 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#55353}
-
Florian Sattler authored
Removing bitfields because they regressed code-load performance on arm. Bug: v8:7926 Change-Id: Id7f8b26b76203c6a45ba408945abb1a2d1ad9d5b Reviewed-on: https://chromium-review.googlesource.com/1186419Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#55352}
-
Michael Starzinger authored
R=sigurds@chromium.org Change-Id: Ib024d099946d4351bfce9de8eb61be1dba5e1ce5 Reviewed-on: https://chromium-review.googlesource.com/1186415 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#55351}
-
Michael Starzinger authored
R=titzer@chromium.org BUG=v8:6408 Change-Id: I277beafaace334883ddbe63b9615e3f18085ce5e Reviewed-on: https://chromium-review.googlesource.com/1186411 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55350}
-
Creddy authored
No need to create allocation site for array literals in oneshot code since they are executed only once. The interpreter emits a runtime call to CreateArrayLiteralWithoutAllocationSite for creating literals in oneshot code instead. Change-Id: I285879c84759ff9e2ce281e9548112f52ce5e7d1 Reviewed-on: https://chromium-review.googlesource.com/1167843Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Chandan Reddy <chandanreddy@google.com> Cr-Commit-Position: refs/heads/master@{#55349}
-
Peter Marshall authored
The constructor that accepts a size for vector default initializes the elements. Using reserve() instead avoids this but still ensures the capacity. Change-Id: I8effb62ba1f9598a0081c2c959b2f7a5d6c587e6 Reviewed-on: https://chromium-review.googlesource.com/1186407Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#55348}
-
Stephan Herhut authored
Currently, we use an AllocationKind to signal to the embedder how v8 has allocated the backingstore of an array buffer. The embedder then has to implement matching logic to free an exernalized buffer. By Using custom deleters v8 can communicate how to free an externalized array buffer without requiring all embedders to implement corresponding freeing logic. Bug: v8:8073 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I553dec31ba167d6a7b342ded50d685be7dffd1c5 Reviewed-on: https://chromium-review.googlesource.com/1183484 Commit-Queue: Stephan Herhut <herhut@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#55347}
-
Benedikt Meurer authored
Use CheckBounds and reduce the number of checks required to sanitize the indices for DataView accesses in optimized code. Also constant-fold the [[ByteLength]] if the DataView is a known compile-time constant (similar to what we do for TypedArrays already). This further improves performance of DataViews by 2-7% depending on the exact test case. With this change DataView and TypedArray accesses themselves are mostly on par performance wise. Since this CL introduces proper CheckBounds for the DataViews, instead of the hand-craftet bounds checks, it is expected to regress performance when untrusted code mitigations are on, since DataViews are also guarded in optimized now. Without untrusted code mitigations, there's no negative performance impact. Tbr: sigurds@chromium.org Bug: chromium:225811, chromium:876005 Change-Id: I4a69f81124635c9ba2c7e4c2dc912e2fd601061a Reviewed-on: https://chromium-review.googlesource.com/1186408Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55346}
-
Simon Zünd authored
This reverts commit f4ca3fc5. Reason for revert: Since TF (js-call-reducer) calls into the C++ builtin, it is easier (cleaner for now) to implement the baseline version in C++ instead of Torque. Original change's description: > [array] Prepare Array.p.shift for removal of the JavaScript fall-back > > This CL changes the ArrayPrototypeShift builtin to a CSA macro which > is used in a newly created Torque builtin. > > This is in preparation for removing the JavaScript fall-back, which > will be replaced by a baseline Torque implementation. > > R=cbruni@chromium.org, jgruber@chromium.org > > Bug: v8:7624 > Change-Id: I9b7898beea2802cc02d394e040a1e500387cf108 > Reviewed-on: https://chromium-review.googlesource.com/1169172 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Simon Zünd <szuend@google.com> > Cr-Commit-Position: refs/heads/master@{#55036} TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7624 Change-Id: I4929eefaa90ff8681bc8ae20e3ea3fe84ee7f1e8 Reviewed-on: https://chromium-review.googlesource.com/1186342Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#55345}
-
Florian Sattler authored
Changes the alignment so we don't have to pad after the first int. Bug: v8:7926 Change-Id: I8fba9b415ef85118c6abf19902fb857584535a6e Reviewed-on: https://chromium-review.googlesource.com/1186321Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#55344}
-
Sigurd Schneider authored
This reverts commit d16bce9d. Reason for revert: Investigating what caused the redness here: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Mac/15097 Original change's description: > [parser] Removed unnecessary copies > > Bug: v8:8015 > Change-Id: I2ee074559484b9865dc1a27e6ea697ca311ee7ee > Reviewed-on: https://chromium-review.googlesource.com/1185198 > Reviewed-by: Marja Hölttä <marja@chromium.org> > Commit-Queue: Florian Sattler <sattlerf@google.com> > Cr-Commit-Position: refs/heads/master@{#55327} TBR=marja@chromium.org,sattlerf@google.com Change-Id: I0344b11c2538a2755315dae7dd1f1ab62b8e069c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8015 Reviewed-on: https://chromium-review.googlesource.com/1186441Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#55343}
-
Ross McIlroy authored
Removes some unused functions in ParseInfo and makes the associated fields unique_ptr instead of shared_ptr. Also removes an unused zone in Compiler. Change-Id: Idf1fbfb523cfc2b9a265d2855b1167770203cfd5 Reviewed-on: https://chromium-review.googlesource.com/1185193 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#55342}
-
Benedikt Meurer authored
With the previous changes the builtin would take the slow path for JSArray's when the iterator was already exhausted (i.e. the internal [[ArrayIteratorNextIndex]] field contains 2^32-1 as HeapNumber), even though that could also be handled in the fast path. This changes the handling such that the three distinct cases (if_array, if_other and if_typedarray) are really distinct, and all JSArray's are always handled by the if_array case. Bug: v8:7510, v8:7514, v8:8070, chromium:876654 Change-Id: I1636b0616645f9e99f34f851df410992653cb380 Reviewed-on: https://chromium-review.googlesource.com/1186403Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55341}
-
Maya Lekova authored
This reverts commit b10a967f. Reason for revert: Breaks a TSAN bot - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/22122 Original change's description: > [wasm] Add feature counter for threads and shared memory > > This adds a feature counter for WASM shared memory (i.e. the presence > of the "shared" bit in a WASM module's memory section) and the usage > of WASM threads opcodes (i.e. wake/wait and atomics). > > This CL also plumbs the WasmFeatures through the compilation pipeline > to detect features as functions are being compiled. > > R=ahaas@chromium.org, ulan@chromium.org > BUG=chromium:868844 > > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng > Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856 > Reviewed-on: https://chromium-review.googlesource.com/1186329 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Ben Titzer <titzer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55337} TBR=ulan@chromium.org,titzer@chromium.org,ahaas@chromium.org Change-Id: Id011b6707b3359598621b315b87171644132b0ab No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:868844 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1186421Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#55340}
-
Bret Sepulveda authored
When switching log files, if a function was selected the timeline would attempt to draw its ticks and would usually crash. It would also preserve the selected section of the timeline. This patch wipes out the current state when loading a new log file, with the exception of the current mode (Summary, Bottom up, etc). As a consequence, the timeline size is now calculated in TimelineView.render so it will always be drawn at the right size. Bug: v8:6240 Change-Id: Ie15dd9b225901c8f4df614444458ae2aeaf74ccc Reviewed-on: https://chromium-review.googlesource.com/1186340Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Bret Sepulveda <bsep@chromium.org> Cr-Commit-Position: refs/heads/master@{#55339}
-
jgruber authored
This is another step towards a kRootRegister on ia32 and removes kRootRegister from generic interface descriptors. Drive-by: Better error message for type mismatches in machine graph verification. Drive-by: Use PreserveRootIA32 register config for all builtins. Bug: v8:6666 Change-Id: I920d4d6f3085da9734f6aa3bd3ee020abbc289fc Reviewed-on: https://chromium-review.googlesource.com/1186330Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#55338}
-
Ben L. Titzer authored
This adds a feature counter for WASM shared memory (i.e. the presence of the "shared" bit in a WASM module's memory section) and the usage of WASM threads opcodes (i.e. wake/wait and atomics). This CL also plumbs the WasmFeatures through the compilation pipeline to detect features as functions are being compiled. R=ahaas@chromium.org, ulan@chromium.org BUG=chromium:868844 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856 Reviewed-on: https://chromium-review.googlesource.com/1186329Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55337}
-
Simon Zünd authored
This CL fixes wrong parentheses that caused the sort-length benchmark to generate "random" arrays that only contained zeroes. R=ishell@chromium.org Change-Id: Ie2a564da037425a4ef9c2417597cdc13b497e32b Reviewed-on: https://chromium-review.googlesource.com/1186332Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#55336}
-
Peter Marshall authored
Changing reported_errors_ from a ZoneList to a ZoneVector caused regressions in Octane/CodeLoad and some other parsing benchmarks. This could be because we don't give the vector an initial size. Change-Id: I42c6ae063681dc3490dbab260085e801e24ac569 Reviewed-on: https://chromium-review.googlesource.com/1186328Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#55335}
-
Florian Sattler authored
This patch inlines some functions that improve parse time on code-load an jquery. Bug: v8:7926 Change-Id: Ida98b5d63fae9205282c23037aebb4ab2d38a7e2 Reviewed-on: https://chromium-review.googlesource.com/1184917Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#55334}
-