- 05 Sep, 2017 1 commit
-
-
Adam Klein authored
Change-Id: I891ff57b7a3a47e3371269b123705cdf6391499b Reviewed-on: https://chromium-review.googlesource.com/648513Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47830}
-
- 01 Sep, 2017 1 commit
-
-
Benedikt Meurer authored
This CL adds support to optimize for..in in fast enum-cache mode to the same degree that it was optimized in Crankshaft, without adding the same deoptimization loop that Crankshaft had with missing enum cache indices. That means code like for (var k in o) { var v = o[k]; // ... } and code like for (var k in o) { if (Object.prototype.hasOwnProperty.call(o, k)) { var v = o[k]; // ... } } which follows the https://eslint.org/docs/rules/guard-for-in linter rule, can now utilize the enum cache indices if o has only fast properties on the receiver, which speeds up the access o[k] significantly and reduces the pollution of the global megamorphic stub cache. For example the micro-benchmark in the tracking bug v8:6702 now runs faster than ever before: forIn: 1516 ms. forInHasOwnProperty: 1674 ms. forInHasOwnPropertySafe: 1595 ms. forInSum: 2051 ms. forInSumSafe: 2215 ms. Compared to numbers from V8 5.8 which is the last version running with Crankshaft forIn: 1641 ms. forInHasOwnProperty: 1719 ms. forInHasOwnPropertySafe: 1802 ms. forInSum: 2226 ms. forInSumSafe: 2409 ms. and V8 6.0 which is the current stable version with TurboFan: forIn: 1713 ms. forInHasOwnProperty: 5417 ms. forInHasOwnPropertySafe: 5324 ms. forInSum: 7556 ms. forInSumSafe: 11067 ms. It also improves the throughput on the string-fasta benchmark by around 7-10%, and there seems to be a ~5% improvement on the Speedometer/React benchmark locally. For this to work, the ForInPrepare bytecode was split into ForInEnumerate and ForInPrepare, which is very similar to how it was handled in Fullcodegen initially. In TurboFan we introduce a new operator LoadFieldByIndex that does the dynamic property load. This also removes the CheckMapValue operator again in favor of just using LoadField, ReferenceEqual and CheckIf, which work automatically with the EscapeAnalysis and the BranchConditionElimination. Bug: v8:6702 Change-Id: I91235413eea478ba77ace7bd14bb2f62e155dd9a Reviewed-on: https://chromium-review.googlesource.com/645949 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#47768}
-
- 28 Aug, 2017 1 commit
-
-
Georg Neis authored
This reverts commit 1169f55b. Reason for revert: http://crbug.com/758994 Original change's description: > Remove obsolete kNumber binop feedback. > > With the removal of Crankshaft, kNumber has become obsolete as > BinaryOperationFeedback. Turbofan uses kNumberOrOddball. > > Bug: > Change-Id: If577f5efcc81d7c08f43908f2764ff0ec6f8747c > Reviewed-on: https://chromium-review.googlesource.com/628376 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Mythri Alle <mythria@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47555} TBR=jkummerow@chromium.org,jarin@chromium.org,neis@chromium.org,mythria@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Change-Id: I1b33f572f3e6865e00d2468bffcce2ea466814b3 Reviewed-on: https://chromium-review.googlesource.com/637711Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#47642}
-
- 23 Aug, 2017 1 commit
-
-
Georg Neis authored
With the removal of Crankshaft, kNumber has become obsolete as BinaryOperationFeedback. Turbofan uses kNumberOrOddball. Bug: Change-Id: If577f5efcc81d7c08f43908f2764ff0ec6f8747c Reviewed-on: https://chromium-review.googlesource.com/628376Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#47555}
-
- 11 Aug, 2017 1 commit
-
-
Benedikt Meurer authored
For Divide operations like r = a / b where r has only truncated uses (i.e. only used in bitwise operations), we used to generate a Float64Div unless we statically knew something about a and b, even if a and b have always been integers so far. Crankshaft was able to generate an integer division here, because Fullcodegen collected feedback independently for inputs and outputs of binary operations. This adds new BinaryOperationFeedback::kSignedSmallInputs, which is used specifically for Divide to state that we have seen only SignedSmall inputs thus far, but the outputs weren't always in the SignedSmall range. The issue was discovered in a WebGL Triangulation library and reported via https://twitter.com/mourner/status/895708603117518848 after Node 8.3.0 was released with I+TF. R=jarin@chromium.org Bug: v8:6698 Change-Id: I830e421a3bf91fc8fa3665cbb706bc13675a6d2b Reviewed-on: https://chromium-review.googlesource.com/612063 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47302}
-
- 03 Aug, 2017 2 commits
-
-
Ulan Degenbaev authored
This is a reland of 35c923cc Original change's description: > [heap] Add support for atomic access to page flags. > > This patch renames AsAtomicWord to AsAtomicPointer and > adds new AsAtomicWord that works with intptr_t. > > Slot recording uses atomic page flag accessors. > > BUG=chromium:694255 > > Change-Id: I1c692813244b41320182e9eea50462d1802fcd98 > Reviewed-on: https://chromium-review.googlesource.com/597688 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47086} Bug: chromium:694255 Change-Id: I36780ff4001e068815d4be1e16cd06f1a4f98d13 Reviewed-on: https://chromium-review.googlesource.com/599909Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47131}
-
jgruber authored
This begins splitting up the Deserializer class into {Object,Partial,Startup}Deserializer. For now, all functionality remains in the Deserializer base clase, to be refactored in future CLs. Empty .cc files are added here to avoid having to touch build files again. Bug: v8:6624 Change-Id: If563e03492991bd55c91cd2e09312c0a26aaab2c Reviewed-on: https://chromium-review.googlesource.com/598067Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47107}
-
- 02 Aug, 2017 3 commits
-
-
Ulan Degenbaev authored
This reverts commit 35c923cc. Reason for revert: speculative revert for GC stress failure Original change's description: > [heap] Add support for atomic access to page flags. > > This patch renames AsAtomicWord to AsAtomicPointer and > adds new AsAtomicWord that works with intptr_t. > > Slot recording uses atomic page flag accessors. > > BUG=chromium:694255 > > Change-Id: I1c692813244b41320182e9eea50462d1802fcd98 > Reviewed-on: https://chromium-review.googlesource.com/597688 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47086} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: Id77ce7970c54a55646c072787e88311f6f3e6e91 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:694255 Reviewed-on: https://chromium-review.googlesource.com/598967Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47094}
-
Ulan Degenbaev authored
This patch renames AsAtomicWord to AsAtomicPointer and adds new AsAtomicWord that works with intptr_t. Slot recording uses atomic page flag accessors. BUG=chromium:694255 Change-Id: I1c692813244b41320182e9eea50462d1802fcd98 Reviewed-on: https://chromium-review.googlesource.com/597688 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47086}
-
Juliana Franco authored
Replacing pc with trampoline on stack This CL is the follow up of https://chromium-review.googlesource.com/c/586707/ which used to crash when running the gc-stress bots. It seems to be working now. We now keep the trampoline PC in the Safepoint table and use that information to find SafepointEntries. There's some refactoring that can be done, such as changing the code for exceptions in a similar way and removing the trampoline from the DeoptimizationInputData. Will take care of this in the next CL. Bug: v8:6563 Change-Id: I8c0a2489de19e6d5fb4ebf1de7da1933726265b4 Reviewed-on: https://chromium-review.googlesource.com/596027 Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47066}
-
- 01 Aug, 2017 3 commits
-
-
Michael Achenbach authored
This reverts commit a01ac7cb. Reason for revert: Causes flakes on gc stress: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/14218 Original change's description: > Replacing pc with trampoline on stack > > This CL is the follow up of https://chromium-review.googlesource.com/c/586707/ > which used to crash when running the gc-stress bots. > It seems to be working now. We now keep the trampoline PC in the Safepoint > table and use that information to find SafepointEntries. > > There's some refactoring that can be done, such as changing the code for > exceptions in a similar way and removing the trampoline from the > DeoptimizationInputData. Will take care of this in the next CL. > > Bug: v8:6563 > Change-Id: I02565297093620023a1155b55d76a4dafcb54794 > Reviewed-on: https://chromium-review.googlesource.com/593622 > Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47030} TBR=jarin@chromium.org,bmeurer@chromium.org,jupvfranco@google.com Change-Id: Ie9929c9acae321a91014b76b9008f8835313e67d No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6563 Reviewed-on: https://chromium-review.googlesource.com/595927Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#47038}
-
Juliana Franco authored
This CL is the follow up of https://chromium-review.googlesource.com/c/586707/ which used to crash when running the gc-stress bots. It seems to be working now. We now keep the trampoline PC in the Safepoint table and use that information to find SafepointEntries. There's some refactoring that can be done, such as changing the code for exceptions in a similar way and removing the trampoline from the DeoptimizationInputData. Will take care of this in the next CL. Bug: v8:6563 Change-Id: I02565297093620023a1155b55d76a4dafcb54794 Reviewed-on: https://chromium-review.googlesource.com/593622 Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47030}
-
Bill Budge authored
This is a reland of 3f90d9f9 Original change's description: > [Memory] Add an OnCriticalMemoryPressure method to V8::Platform. > > Adds virtual V8::Platform::OnCriticalMemoryPressure method, default > implementation does nothing. > > Calls this method on first allocation failures in NewArray, Malloced, > and zone AccountingAllocator and adds retry logic. > > Adds utility functions for allocating base::VirtualMemory to functions > in allocation.h, which call this method and add retry logic. > > Calls these utility functions in heap CodeRange, Spaces, StoreBuffer > and SequentialMarkingDeque. > > Bug: v8:6635 > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng > Change-Id: I38afd394f3be556aca037d16675e9884658158cb > Reviewed-on: https://chromium-review.googlesource.com/583543 > Commit-Queue: Bill Budge <bbudge@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46988} Bug: v8:6635 Change-Id: I0d70c5796f407f0ed42cfddf581d26f533f9bea8 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/593090Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47027}
-
- 29 Jul, 2017 2 commits
-
-
Georg Neis authored
This reverts commit 3f90d9f9. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/16510 Original change's description: > [Memory] Add an OnCriticalMemoryPressure method to V8::Platform. > > Adds virtual V8::Platform::OnCriticalMemoryPressure method, default > implementation does nothing. > > Calls this method on first allocation failures in NewArray, Malloced, > and zone AccountingAllocator and adds retry logic. > > Adds utility functions for allocating base::VirtualMemory to functions > in allocation.h, which call this method and add retry logic. > > Calls these utility functions in heap CodeRange, Spaces, StoreBuffer > and SequentialMarkingDeque. > > Bug: v8:6635 > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng > Change-Id: I38afd394f3be556aca037d16675e9884658158cb > Reviewed-on: https://chromium-review.googlesource.com/583543 > Commit-Queue: Bill Budge <bbudge@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46988} TBR=bbudge@chromium.org,ulan@chromium.org,mlippautz@chromium.org Change-Id: I79afea5982e62db1462cc5a5585a226f0ddbe752 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6635 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/592887Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#46989}
-
Bill Budge authored
Adds virtual V8::Platform::OnCriticalMemoryPressure method, default implementation does nothing. Calls this method on first allocation failures in NewArray, Malloced, and zone AccountingAllocator and adds retry logic. Adds utility functions for allocating base::VirtualMemory to functions in allocation.h, which call this method and add retry logic. Calls these utility functions in heap CodeRange, Spaces, StoreBuffer and SequentialMarkingDeque. Bug: v8:6635 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I38afd394f3be556aca037d16675e9884658158cb Reviewed-on: https://chromium-review.googlesource.com/583543 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#46988}
-
- 28 Jul, 2017 2 commits
-
-
Juliana Patricia Vicente Franco authored
This reverts commit e15f5544. Reason for revert: it breaks the GC stress. Original change's description: > Changing the return address on the stack. > > Rather than patching code, the deoptimizer now replaces the > return address in the frames with respective trampolines. > This change required to change the way we search for Safepoint > entries and for Exception Handlers. > It's working in architectures: x64, ia32, arm, arm64 and mips. > > Bug: V8:6563 > Change-Id: I3cbd4d192c3513f307b3a6a2ac99e60d03c753d3 > Reviewed-on: https://chromium-review.googlesource.com/586707 > Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46967} TBR=jarin@chromium.org,bmeurer@chromium.org,jupvfranco@google.com Change-Id: I430fa9123beef2e0723b38cdef9537181203f7e7 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: V8:6563 Reviewed-on: https://chromium-review.googlesource.com/591371 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#46969}
-
Juliana Franco authored
Rather than patching code, the deoptimizer now replaces the return address in the frames with respective trampolines. This change required to change the way we search for Safepoint entries and for Exception Handlers. It's working in architectures: x64, ia32, arm, arm64 and mips. Bug: V8:6563 Change-Id: I3cbd4d192c3513f307b3a6a2ac99e60d03c753d3 Reviewed-on: https://chromium-review.googlesource.com/586707 Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#46967}
-
- 19 Jul, 2017 1 commit
-
-
Ross McIlroy authored
There remained a few of regressions and we didn't see any significant improvement in the real world with this turned on. This CL reverts all the StringConcat bytecode work which landed. BUG=v8:6243 Change-Id: I832eb72e880ad41411dbec8fe29f71ef0f2025c8 Reviewed-on: https://chromium-review.googlesource.com/575130 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#46769}
-
- 18 Jul, 2017 1 commit
-
-
Jakob Kummerow authored
Bug: v8:6550 Change-Id: I888f91db1fd842d1fef8a5fb749da229dfb6ab97 Reviewed-on: https://chromium-review.googlesource.com/575756Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Daniel Clifford <danno@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#46746}
-
- 14 Jul, 2017 2 commits
-
-
Caitlin Potter authored
SuspendFlags was originally used by the suspend operation to determine which field to record the bytecode offset of a suspended generator, and the value the generator was resumed with. For async generators, await operations would use a separate field, in order to preserve the previous yield input value. This was important to ensure `function.sent` continued to function correctly. As function.sent is being retired, this allows the removal of support for that. Given that this was the only real need for SuspendFlags in the first place (with other uses tacked on as a hack), this involves several other changes as well: - Modification of MacroAssembler AssertGeneratorObject. No longer accepts a SuspendFlags parameter to determine which type of check to perform. - Removal of `flags` operand from SuspendGenerator bytecode, and the GeneratorStore js-operator. - Removal of `flags` parameter from ResumeGeneratorTrampoline builtins. - Removal of Runtime functions, interpreter intrinsics and AccessBuilders associated with the [[await_input_or_debug_pos]] field in JSAsyncGeneratorObject, as this field no longer exists. - Addition of a new `Yield` AST node (subclass of Suspend) in order to prevent the need for the other SuspendFlag values. BUG=v8:5855 TBR=bmeurer@chromium.org Change-Id: Iff2881e4742497fe5b774915e988c3d9d8fbe487 Reviewed-on: https://chromium-review.googlesource.com/570485 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#46683}
-
Caitlin Potter authored
This includes several changes. From most to least interesting: - No longer implement AwaitExpressions using a do-expression. - Reduces frame-size of async generators by not allocating temporary variables to hold results of Await epxressions. - Streamline and reduce generated bytecodes for Await. - Debugger no longer emits a debug::kCallBreakLocation breakpoint for the JS-builtin call performed for Await, and instead only emits such a breakpoint if the operand of Await is actually a call. - Push fewer parameters to Await* builtins, using the receiver for the first parameter (possible now that the CallRuntime invocation not part of the AST). - Adds a new Await AST node. No new members or anything, but it seemed palatable to avoid having `if (is_await())` in a number of VisitSuspend functions. BUG=v8:5855, v8:5099, v8:4483 R=rmcilroy@chromium.org, kozyatinskiy@chromium.org, yangguo@chromium.org TBR=bmeurer@chromium.org Change-Id: I9cd3fda99cd40295c04fdf1aea01b5d83fac6caf Reviewed-on: https://chromium-review.googlesource.com/558806 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46666}
-
- 13 Jul, 2017 1 commit
-
-
Adam Klein authored
The tail call implementation is hidden behind the --harmony-tailcalls flag, which is off-by-default (and has been unstaged since February). It is known to be broken in a variety of cases, including clusterfuzz security issues (see sample Chromium issues below). To avoid letting the implementation bitrot further on trunk, this patch removes it. Bug: v8:4698, chromium:636914, chromium:724746 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I9cb547101456a582374fdf7b1a3f044a9ef33e5c Reviewed-on: https://chromium-review.googlesource.com/569069 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46651}
-
- 12 Jul, 2017 2 commits
-
-
Adam Klein authored
Change-Id: I0f4756efdaa9468bcbd88949ddb2e2d7cae3ce06 Reviewed-on: https://chromium-review.googlesource.com/568917Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#46610}
-
Adam Klein authored
Change-Id: Id46a9007021c8f1508a9a737b1e35d12bffd872b Reviewed-on: https://chromium-review.googlesource.com/568254Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#46609}
-
- 23 Jun, 2017 1 commit
-
-
Marja Hölttä authored
This removes the include from: assembler.h (moved Isolate::AddressId to globals.h / IsolateAddressId) counters.h (ditto) elements.h (trivial) keys.h (trivial + iwyu fixes) property.h (trivial) transitions.h (trivial) vm-state.h (trivial) heap/code-stats.h (trivial + drive-by iwyuing) BUG=v8:5294 Change-Id: I36b8c07d4edf4177f1a987a393569f5191167ed3 Reviewed-on: https://chromium-review.googlesource.com/532879Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#46176}
-
- 22 Jun, 2017 1 commit
-
-
Daniel Ehrenberg authored
In edge cases such as the following, sloppy-mode block-scoped function hoisting is expected to occur: eval(` with({a: 1}) { function a() {} } `) In this case, there should be the equivalent of a var declaration outside of the eval, which gets set to the value of the local function a when the body of the with is executed. Previously, the way that var declarations are hoisted out of eval meant that the assignment to that var was an ordinary DYNAMIC_GLOBAL assignment. However, such a lookup mode meant that the object in the with scope received the assignment! This patch fixes that error by marking the assignments produced by the sloppy mode block scoped function hoisting desugaring so as to generate a different runtime call which skips with scopes. Bug: chromium:720247, v8:5135 Change-Id: Ie36322ddc9ca848bf680163e8c016f50d4597748 Reviewed-on: https://chromium-review.googlesource.com/529230 Commit-Queue: Daniel Ehrenberg <littledan@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#46116}
-
- 19 Jun, 2017 1 commit
-
-
Leszek Swirski authored
For interpreted functions, use the optimized code slot in the feedback vector to store an optimization marker (optimize/in optimization queue) rather than changing the JSFunction's code object. Then, adapt the self-healing mechanism to also dispatch based on this optimization marker. Similarly, replace SFI marking with optimization marker checks in CompileLazy. This allows JSFunctions to share optimization information (replacing shared function marking) without leaking this information across native contexts. Non I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which generalises the old CompileOptimized/InOptimizationQueue builtins and also checks the same optimization marker as CompileLazy and InterpreterEntryTrampoline. This is a reland of https://chromium-review.googlesource.com/c/509716 Change-Id: I02b790544596562373da4c9c9f6afde5fb3bcffe Reviewed-on: https://chromium-review.googlesource.com/535460Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#45997}
-
- 16 Jun, 2017 1 commit
-
-
Leszek Swirski authored
When iterating over stack frames in the cpu profiler, don't perform any object casts that have heap-testing DCHECKs. Instead, access values on the frame by offsets directly, and only check their tags for validity. Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ia54b18f8ab947c1827f17483806104f0d1d34136 Reviewed-on: https://chromium-review.googlesource.com/536973 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45985}
-
- 13 Jun, 2017 3 commits
-
-
Michael Lippautz authored
Bug: Change-Id: I5ea0e072c3ac100a6f3bed62a9a4d2c11d2b7c9a Reviewed-on: https://chromium-review.googlesource.com/533414 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45920}
-
Leszek Swirski authored
This reverts commit e39c9e02. Reason for revert: Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/15561 Original change's description: > [compiler] Drive optimizations with feedback vector > > For interpreted functions, use the optimized code slot in the feedback vector > to store an optimization marker (optimize/in optimization queue) rather than > changing the JSFunction's code object. Then, adapt the self-healing mechanism > to also dispatch based on this optimization marker. Similarly, replace SFI > marking with optimization marker checks in CompileLazy. > > This allows JSFunctions to share optimization information (replacing shared > function marking) without leaking this information across native contexts. Non > I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which > generalises the old CompileOptimized/InOptimizationQueue builtins and also > checks the same optimization marker as CompileLazy and > InterpreterEntryTrampoline. > > Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae > Reviewed-on: https://chromium-review.googlesource.com/509716 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#45901} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: Ib6c2b4d90fc5f659a6dcaf3fd30321507ca9cb94 Reviewed-on: https://chromium-review.googlesource.com/532916Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#45903}
-
Leszek Swirski authored
For interpreted functions, use the optimized code slot in the feedback vector to store an optimization marker (optimize/in optimization queue) rather than changing the JSFunction's code object. Then, adapt the self-healing mechanism to also dispatch based on this optimization marker. Similarly, replace SFI marking with optimization marker checks in CompileLazy. This allows JSFunctions to share optimization information (replacing shared function marking) without leaking this information across native contexts. Non I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which generalises the old CompileOptimized/InOptimizationQueue builtins and also checks the same optimization marker as CompileLazy and InterpreterEntryTrampoline. Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae Reviewed-on: https://chromium-review.googlesource.com/509716 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45901}
-
- 08 Jun, 2017 1 commit
-
-
Ross McIlroy authored
Add the ability for the typer to track whether a string could be the empty string. This is needed for typed lowering of JSStringConcat since we can't create cons string chain with the empty string in arbitrary positions. The ToPrimitiveToString bytecode handler is modified to collect feedback on whether it has ever seen the empty string, which is used by SpeculativeToPrimitiveToString to ensure that the output is non-empty (or depot) which will subsiquently be used to enable inline cons-string creation for the JSStringConcat operator in typed lowering in a subsiquent CL. BUG=v8:6243 Change-Id: I41b99b59798993f756aada8cff90fb137d65ea52 Reviewed-on: https://chromium-review.googlesource.com/522122 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45786}
-
- 07 Jun, 2017 1 commit
-
-
Ross McIlroy authored
Adds support for Speculatively lower ToPrimitiveToString to CheckString where the type hint shows the value has always been a string. BUG=v8:6243 Change-Id: I7f36deb8c2bc309e6d0546e099c76ac518c6be09 Reviewed-on: https://chromium-review.googlesource.com/521123 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45760}
-
- 31 May, 2017 2 commits
-
-
Ulan Degenbaev authored
BUG=v8:6277 Change-Id: I80314e6c5146e1f5021d07081b9eda3da5da6834 Reviewed-on: https://chromium-review.googlesource.com/518047 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#45632}
-
Igor Sheludko authored
... to properly handle stack overflows near the hard stack limit. Bug: chromium:716522 Change-Id: I6acdb29f039b9835bdf45b087d6561a05ed837bb Reviewed-on: https://chromium-review.googlesource.com/517799 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#45619}
-
- 22 May, 2017 4 commits
-
-
Michael Lippautz authored
For the Scavenger we require a first pass over global handles for identifying unmodified nodes because the Scavenger might have already written forwarding pointers during scanning, making it hard to perform the proper checks. The minor MC does not mutate the object graph during marking and can thus merge this phase into the regular phase executed during marking roots. Furthermore, moves processing into the parallel marking phase of the minor MC collector. Bug: chromium:720477, chromium:651354 Change-Id: Id33552124264e3ab0bdf34d22ac30c19c1522707 Reviewed-on: https://chromium-review.googlesource.com/509550 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45461}
-
Wiktor Garbacz authored
Change-Id: I20ed35a7fb5104a9cc66bb54fa8966589c43d7f9 Reviewed-on: https://chromium-review.googlesource.com/507287Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Daniel Clifford <danno@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Jochen Eisinger <jochen@chromium.org> Commit-Queue: Wiktor Garbacz <wiktorg@google.com> Cr-Commit-Position: refs/heads/master@{#45458}
-
bmeurer authored
Introduce a new Symbol comparison feedback bit in the lattice and collect that feedback on Equal/StrictEqual in Ignition. Utilize this feedback in TurboFan by adding a dedicated CheckSymbol operator to check for symbol inputs. This way we can optimize Symbol comparison where TurboFan doesn't know anything statically about either side, or abstract equality comparisons where TurboFan doesn't statically know anything about one side. BUG=v8:6278,v8:6344,v8:6423 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2893263002 Cr-Commit-Position: refs/heads/master@{#45455}
-
Ross McIlroy authored
Special cases addition expressions where one of the sides is known to be a string to enable chains of string additions to be transformed into a series of ToPrimitiveToString operations followed by a single string concatenation at the end of the chain of additions. This should avoid creating temporary strings for each of the string additions (in essence this is an automated string builder). BUG=v8:6243 Change-Id: I44977d6dad00ee906f251c4bd9cab27e160c09d1 Reviewed-on: https://chromium-review.googlesource.com/493966 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#45453}
-
- 17 May, 2017 1 commit
-
-
ulan authored
BUG=chromium:723600 Review-Url: https://codereview.chromium.org/2888093003 Cr-Commit-Position: refs/heads/master@{#45379}
-