- 20 Jan, 2016 1 commit
-
-
yangguo authored
R=mstarzinger@chromium.org BUG=v8:4690 LOG=N Review URL: https://codereview.chromium.org/1601813009 Cr-Commit-Position: refs/heads/master@{#33409}
-
- 18 Jan, 2016 3 commits
-
-
mstarzinger authored
This adds a handler table field to the header of our BytecodeArray objects. The field will eventually hold a range-based handler table similar to full-codegen code, to support exception handlong within interpreted code. R=oth@chromium.org BUG=v8:4674 LOG=n Review URL: https://codereview.chromium.org/1606493002 Cr-Commit-Position: refs/heads/master@{#33373}
-
verwaest authored
Review URL: https://codereview.chromium.org/1600353003 Cr-Commit-Position: refs/heads/master@{#33364}
-
neis authored
BUG=v8:4163,v8:4630 LOG=y R=rossberg Review URL: https://codereview.chromium.org/1590873002 Cr-Commit-Position: refs/heads/master@{#33360}
-
- 15 Jan, 2016 2 commits
-
-
bmeurer authored
We can return the creation context of the [[BoundTargetFunction]], and don't need to remember the context in which the function was bound. R=verwaest@chromium.org BUG=chromium:535408 LOG=n Review URL: https://codereview.chromium.org/1590273002 Cr-Commit-Position: refs/heads/master@{#33332}
-
jochen authored
That way, we don't have to implement the fast <-> slow migration logic, and we don't allocate in-object properties anyways BUG=chromium:571365 R=verwaest@chromium.org,neis@chromium.org LOG=n Review URL: https://codereview.chromium.org/1582773003 Cr-Commit-Position: refs/heads/master@{#33328}
-
- 12 Jan, 2016 3 commits
-
-
ishell authored
The hash calculation was dependent on upper part of |inner_pointer| and caused non-deterministic cache miss events which in turn caused non-deterministic progress of pages sweeping (see GcSafeFindCodeForInnerPointer()). Review URL: https://codereview.chromium.org/1582573002 Cr-Commit-Position: refs/heads/master@{#33246}
-
jochen authored
That will allow for adding private symbols to JSProxies in a follow-up change BUG=chromium:571365 R=neis@chromium.org,verwaest@chromium.org,rossberg@chromium.org LOG=n Review URL: https://codereview.chromium.org/1575423002 Cr-Commit-Position: refs/heads/master@{#33241}
-
mlippautz authored
We use a scratchpad to remember visited allocation sites for post processing (making tenure decisions). The previous implementation used a rooted FixedArray with constant length (256) to remember all sites. Updating the scratchpad is a bottleneck in any parallel/concurrent implementation of newspace evacuation. The new implementation uses a HashMap with allocation sites as keys and temporary counts as values. During evacuation we collect a local hashmap of visited allocation sites. Upon merging the local hashmap back into a global one we update potential forward pointers of compacted allocation sites. The scavenger can directly enter its entries into the global hashmap. Note that the actual memento found count is still kept on the AllocationSite as it needs to survive scavenges and full GCs. BUG=chromium:524425 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/1535723002 Cr-Commit-Position: refs/heads/master@{#33233}
-
- 07 Jan, 2016 1 commit
-
-
bmeurer authored
Previously only references to function contexts embedded in optimized were treated weakly, but TurboFan (and to some extend Crankshaft) can embed any kind of context into optimized code. R=hpayer@chromium.org Review URL: https://codereview.chromium.org/1562083003 Cr-Commit-Position: refs/heads/master@{#33155}
-
- 04 Jan, 2016 1 commit
-
-
bmeurer authored
Use the same mechanism that is already available for Crankshaft to not leak all kinds of things in TurboFan generated code. Long-term we will support weakness in a better way, but for now, just use the infrastructure that is already in place to avoid memory leaks via TurboFan generated code. R=jarin@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/1555743003 Cr-Commit-Position: refs/heads/master@{#33073}
-
- 27 Dec, 2015 2 commits
-
-
bmeurer authored
According to the ES2015 specification, bound functions are exotic objects, and thus don't need to be implemented as JSFunctions. So we introduce a new JSBoundFunction type to represent bound functions and make them optimizable. This already improves the performance of calling or constructing bound functions by 10-100x depending on the use case because we avoid the crazy dance between JavaScript and C++ that was implemented in v8natives.js previously. There's still room for improvement in the performance of actually creating bound functions, which is also relevant in practice, but we already have a plan how to accomplish that later. The mips/mips64 ports were contributed by akos.palfi@imgtec.com. CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel BUG=chromium:535408, chromium:571299, v8:4629 LOG=n Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2 Cr-Commit-Position: refs/heads/master@{#33042} Review URL: https://codereview.chromium.org/1542963002 Cr-Commit-Position: refs/heads/master@{#33044}
-
bmeurer authored
Revert of [runtime] Introduce dedicated JSBoundFunction to represent bound functions. (patchset #14 id:260001 of https://codereview.chromium.org/1542963002/ ) Reason for revert: Breaks arm64 sim nosnap: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/805/steps/Check/logs/function-bind Original issue's description: > [runtime] Introduce dedicated JSBoundFunction to represent bound functions. > > According to the ES2015 specification, bound functions are exotic > objects, and thus don't need to be implemented as JSFunctions. So > we introduce a new JSBoundFunction type to represent bound functions > and make them optimizable. This already improves the performance of > calling or constructing bound functions by 10-100x depending on the > use case because we avoid the crazy dance between JavaScript and C++ > that was implemented in v8natives.js previously. > > There's still room for improvement in the performance of actually > creating bound functions, which is also relevant in practice, but > we already have a plan how to accomplish that later. > > The mips/mips64 ports were contributed by akos.palfi@imgtec.com. > > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel > BUG=chromium:535408, chromium:571299, v8:4629 > LOG=n > > Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2 > Cr-Commit-Position: refs/heads/master@{#33042} TBR=cbruni@chromium.org,hpayer@chromium.org,yangguo@chromium.org,akos.palfi@imgtec.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:535408, chromium:571299, v8:4629 Review URL: https://codereview.chromium.org/1552473002 Cr-Commit-Position: refs/heads/master@{#33043}
-
- 26 Dec, 2015 1 commit
-
-
bmeurer authored
According to the ES2015 specification, bound functions are exotic objects, and thus don't need to be implemented as JSFunctions. So we introduce a new JSBoundFunction type to represent bound functions and make them optimizable. This already improves the performance of calling or constructing bound functions by 10-100x depending on the use case because we avoid the crazy dance between JavaScript and C++ that was implemented in v8natives.js previously. There's still room for improvement in the performance of actually creating bound functions, which is also relevant in practice, but we already have a plan how to accomplish that later. The mips/mips64 ports were contributed by akos.palfi@imgtec.com. CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel BUG=chromium:535408, chromium:571299, v8:4629 LOG=n Review URL: https://codereview.chromium.org/1542963002 Cr-Commit-Position: refs/heads/master@{#33042}
-
- 22 Dec, 2015 1 commit
-
-
cbruni authored
Add API-accessors for [[ProxyTarget]], [[ProxyHandler]]. Additionally create new proxies and revoke proxies via the API. BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1542943002 Cr-Commit-Position: refs/heads/master@{#33013}
-
- 17 Dec, 2015 2 commits
-
-
neis authored
It must call the 'getOwnPropertyDescriptor' trap, not the 'has' trap. R=cbruni@chromium.org, jkummerow@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1532723005 Cr-Commit-Position: refs/heads/master@{#32944}
-
Benedikt Meurer authored
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used in field type tracking, where we should check for JSReceiver instead (there's no need to exclude JSProxy or JSFunction from tracking). And the use in %_ClassOf was actually wrong and didn't match the C++ implementation in JSReceiver::class_name() anymore. Now it's consistent again. R=yangguo@chromium.org BUG=chromium:535408 LOG=n Review URL: https://codereview.chromium.org/1535523003 . Cr-Commit-Position: refs/heads/master@{#32926}
-
- 16 Dec, 2015 1 commit
-
-
cbruni authored
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). Review URL: https://codereview.chromium.org/1521953002 Cr-Commit-Position: refs/heads/master@{#32903}
-
- 11 Dec, 2015 1 commit
-
-
ishell authored
During property reconfiguring ensure that the first map that gets new descriptors is the one that owns the whole descriptor array. This is necessary to guarantee that the whole descriptor would be marked, otherwise DescriptorArray pretenuring would cause crashes. Review URL: https://codereview.chromium.org/1520613006 Cr-Commit-Position: refs/heads/master@{#32812}
-
- 10 Dec, 2015 1 commit
-
-
mvstanton authored
We either want to add code+literals to the map, or just literals. A recent change in the structure of the map (it now uses WeakCells) meant that we have to be more clear about what we want to do the right thing. BUG= Review URL: https://codereview.chromium.org/1516833002 Cr-Commit-Position: refs/heads/master@{#32761}
-
- 09 Dec, 2015 3 commits
-
-
jkummerow authored
JSProxy::HasProperty was missing an early "return Nothing<bool>". KeyAccumulator's FilterProxyKeys() didn't handle SKIP_STRINGS correctly. BUG=v8:1543 LOG=n R=cbruni@chromium.org Review URL: https://codereview.chromium.org/1505253002 Cr-Commit-Position: refs/heads/master@{#32699}
-
ishell authored
Review URL: https://codereview.chromium.org/1506683004 Cr-Commit-Position: refs/heads/master@{#32698}
-
mvstanton authored
It's expensive to walk all shared function infos during the gc atomic pause. Instead, use WeakCells to implement this structure without manual clearing. Reland due to a bug when reusing entries in the optimized code map. BUG= Review URL: https://codereview.chromium.org/1508703002 Cr-Commit-Position: refs/heads/master@{#32696}
-
- 08 Dec, 2015 1 commit
-
-
ulan authored
Instead of iterating the whole map space to find dead transitions, look in weak cell list and transition array list. Simple transitions are in the weak cell list. Full transitions are in the transitions array list. BUG=chromium:554488 LOG=NO Review URL: https://codereview.chromium.org/1488593003 Cr-Commit-Position: refs/heads/master@{#32684}
-
- 04 Dec, 2015 5 commits
-
-
cbruni authored
BUG=v8:1543 LOG=N Review URL: https://codereview.chromium.org/1496503002 Cr-Commit-Position: refs/heads/master@{#32616}
-
neis authored
For now, we revoke a proxy by setting its handler to null (as in the spec). Change the "target" field from Object to JSReceiver as there's no point in allowing more. R=jkummerow@chromium.org, rossberg BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1496243003 Cr-Commit-Position: refs/heads/master@{#32608}
-
neis authored
R=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/1496263002 Cr-Commit-Position: refs/heads/master@{#32604}
-
bmeurer authored
Revert of Provide call counts for constructor calls, surface them as a vector IC. (patchset #4 id:60001 of https://codereview.chromium.org/1476413003/ ) Reason for revert: Seems to be (mostly) responsible for the most recent Speedometer regression, not 100% sure. Let's see what the bots have to say. Original issue's description: > Provide call counts for constructor calls, surface them as a vector IC. > > CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub. > > BUG= > > Committed: https://crrev.com/66d5a9df62da458a51e8c7ed1811dc9660f4f418 > Cr-Commit-Position: refs/heads/master@{#32452} TBR=mvstanton@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1489413006 Cr-Commit-Position: refs/heads/master@{#32599}
-
machenbach authored
Reland of [proxies] Make Object.prototype.isPrototypeOf work with proxies. (patchset #1 id:1 of https://codereview.chromium.org/1494283002/ ) Reason for revert: Did not help... Original issue's description: > Revert of [proxies] Make Object.prototype.isPrototypeOf work with proxies. (patchset #2 id:20001 of https://codereview.chromium.org/1492863002/ ) > > Reason for revert: > [Sheriff] Speculative revert for: > https://uberchromegw.corp.google.com/i/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225 > > Can just be relanded if it doesn't get green. > > Original issue's description: > > [proxies] Make Object.prototype.isPrototypeOf step into proxies. > > > > R=rossberg, verwaest@chromium.org > > BUG=v8:1543 > > LOG=n > > > > Committed: https://crrev.com/4ca1180d2e7c409312ae0761cb12843989466573 > > Cr-Commit-Position: refs/heads/master@{#32569} > > TBR=rossberg@chromium.org,verwaest@chromium.org,neis@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=v8:1543 > > Committed: https://crrev.com/48fba9439f291edd5929e19951262dc7e8a09609 > Cr-Commit-Position: refs/heads/master@{#32588} TBR=rossberg@chromium.org,verwaest@chromium.org,neis@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:1543 Review URL: https://codereview.chromium.org/1491743010 Cr-Commit-Position: refs/heads/master@{#32598}
-
- 03 Dec, 2015 7 commits
-
-
machenbach authored
Revert of [proxies] Make Object.prototype.isPrototypeOf work with proxies. (patchset #2 id:20001 of https://codereview.chromium.org/1492863002/ ) Reason for revert: [Sheriff] Speculative revert for: https://uberchromegw.corp.google.com/i/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225 Can just be relanded if it doesn't get green. Original issue's description: > [proxies] Make Object.prototype.isPrototypeOf step into proxies. > > R=rossberg, verwaest@chromium.org > BUG=v8:1543 > LOG=n > > Committed: https://crrev.com/4ca1180d2e7c409312ae0761cb12843989466573 > Cr-Commit-Position: refs/heads/master@{#32569} TBR=rossberg@chromium.org,verwaest@chromium.org,neis@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:1543 Review URL: https://codereview.chromium.org/1494283002 Cr-Commit-Position: refs/heads/master@{#32588}
-
neis authored
Reason for revert: Probably causes GC stress test failures. TBR=mvstanton@chromium.org BUG= NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1493393002 Cr-Commit-Position: refs/heads/master@{#32574}
-
neis authored
R=rossberg, verwaest@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1492863002 Cr-Commit-Position: refs/heads/master@{#32569}
-
mvstanton authored
It's expensive to walk all shared function infos during the gc atomic pause. Instead, use WeakCells to implement this structure without manual clearing. BUG= Review URL: https://codereview.chromium.org/1478943003 Cr-Commit-Position: refs/heads/master@{#32567}
-
hpayer authored
Reland of Introduce instance type for transition arrays. (patchset #1 id:1 of https://codereview.chromium.org/1483003002/ ) Reason for revert: Suspect for crashing found, relanding for canary coverage. Original issue's description: > Revert of Introduce instance type for transition arrays. (patchset #6 id:100001 of https://codereview.chromium.org/1480873003/ ) > > Reason for revert: > Broken canary. Trying to find out root cause. > > Original issue's description: > > Introduce instance type for transition arrays. > > > > The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences. > > > > BUG=chromium:554488 > > LOG=NO > > > > Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601 > > Cr-Commit-Position: refs/heads/master@{#32396} > > TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:554488 > > Committed: https://crrev.com/38bf70b9cd2a07b99ac0c0b7eda111849e79c146 > Cr-Commit-Position: refs/heads/master@{#32404} TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:554488 Review URL: https://codereview.chromium.org/1500623002 Cr-Commit-Position: refs/heads/master@{#32561}
-
verwaest authored
For non-prototype objects constructed using base==new.target, use the cached constructor to render the name. BUG=chromium:563791 LOG=y Review URL: https://codereview.chromium.org/1494673004 Cr-Commit-Position: refs/heads/master@{#32556}
-
ishell authored
It didn't support subclassing case at all and in non-subclassing case the runtime allocation didn't do the slack tracking step. BUG=chromium:563339 LOG=Y Review URL: https://codereview.chromium.org/1488023002 Cr-Commit-Position: refs/heads/master@{#32547}
-
- 02 Dec, 2015 1 commit
-
-
jkummerow authored
Split out of PropertyAttributes, and used for all filtering purposes. Also moved PropertyAttributes into the v8::internal:: namespace. No change in behavior intended. Review URL: https://codereview.chromium.org/1492653004 Cr-Commit-Position: refs/heads/master@{#32525}
-
- 01 Dec, 2015 1 commit
-
-
mvstanton authored
CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub. BUG= Review URL: https://codereview.chromium.org/1476413003 Cr-Commit-Position: refs/heads/master@{#32452}
-
- 30 Nov, 2015 2 commits
-
-
hpayer authored
Revert of Introduce instance type for transition arrays. (patchset #6 id:100001 of https://codereview.chromium.org/1480873003/ ) Reason for revert: Broken canary. Trying to find out root cause. Original issue's description: > Introduce instance type for transition arrays. > > The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences. > > BUG=chromium:554488 > LOG=NO > > Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601 > Cr-Commit-Position: refs/heads/master@{#32396} TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:554488 Review URL: https://codereview.chromium.org/1483003002 Cr-Commit-Position: refs/heads/master@{#32404}
-
neis authored
R=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/1476403004 Cr-Commit-Position: refs/heads/master@{#32398}
-