- 22 Feb, 2019 1 commit
-
-
Igor Sheludko authored
This is a reland of 6f763280 Original change's description: > [cleanup] Cleanup handling of padding field in Map > > Bug: v8:8834 > Change-Id: Iae9cbcccb8747298c5680ac1e865efebee85acec > Reviewed-on: https://chromium-review.googlesource.com/c/1480385 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59774} Bug: v8:8834 Change-Id: I6a3b436984a7a412f07bb66647864472a134d264 Reviewed-on: https://chromium-review.googlesource.com/c/1482914Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#59793}
-
- 20 Feb, 2019 1 commit
-
-
Jaroslav Sevcik authored
This is a reland of 1a3a2bc3, fixed an infinite loop in Map::TryUpdateSlow and added a relevant test. Original change's description: > Fix accessor update of non-extensible maps. > > When installing getter/setter of non-extensible map with existing > setter/getter of the same name, we introduce a new transition > (so we have two transitions with the same name!). This triggers > an assertion in map updater. > > This fix carefully checks that on the back-pointer path from > non-extensible map to the extensible map there are only > integrity level transitions. Otherwise, we just bail out. > > Bug: chromium:932953 > Change-Id: I02e91c3b652428a84a9f5c58b6691ea9b1fc44d6 > Reviewed-on: https://chromium-review.googlesource.com/c/1477067 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59667} Bug: chromium:932953 Change-Id: I015ee3795f816c8eabb5b5c5cb0ee30f365cc972 Reviewed-on: https://chromium-review.googlesource.com/c/1477675Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#59715}
-
- 19 Feb, 2019 2 commits
-
-
Leszek Swirski authored
This reverts commit 1a3a2bc3. Reason for revert: Only CL in a reverted roll (https://chromium-review.googlesource.com/c/chromium/src/+/1477147) Original change's description: > Fix accessor update of non-extensible maps. > > When installing getter/setter of non-extensible map with existing > setter/getter of the same name, we introduce a new transition > (so we have two transitions with the same name!). This triggers > an assertion in map updater. > > This fix carefully checks that on the back-pointer path from > non-extensible map to the extensible map there are only > integrity level transitions. Otherwise, we just bail out. > > Bug: chromium:932953 > Change-Id: I02e91c3b652428a84a9f5c58b6691ea9b1fc44d6 > Reviewed-on: https://chromium-review.googlesource.com/c/1477067 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59667} TBR=jarin@chromium.org,ishell@chromium.org Change-Id: I9264423c605cebef87beb6c0f066e90b59faae48 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:932953 Reviewed-on: https://chromium-review.googlesource.com/c/1477219Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#59680}
-
Jaroslav Sevcik authored
When installing getter/setter of non-extensible map with existing setter/getter of the same name, we introduce a new transition (so we have two transitions with the same name!). This triggers an assertion in map updater. This fix carefully checks that on the back-pointer path from non-extensible map to the extensible map there are only integrity level transitions. Otherwise, we just bail out. Bug: chromium:932953 Change-Id: I02e91c3b652428a84a9f5c58b6691ea9b1fc44d6 Reviewed-on: https://chromium-review.googlesource.com/c/1477067Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#59667}
-
- 11 Feb, 2019 2 commits
-
-
Jaroslav Sevcik authored
Given a map, its HasNonInstancePrototype bit in bit_field can differ from the same bit in that map's root map. If that is the case just return false from the equivalence check. (Currently, we just assert that bit_field is the same for a map and its root map.) Bug: chromium:930486 Change-Id: Ic0eb83f80725fb1224e0f97927127e1cb8ad92e6 Reviewed-on: https://chromium-review.googlesource.com/c/1462004Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#59508}
-
Georg Neis authored
For unknown reasons, we didn't try to update deprecated maps when taking the shortcut for compatible element kinds. Change-Id: I78f70f1d98acd40cfc6687f0b087182849a0188e Reviewed-on: https://chromium-review.googlesource.com/c/1454722Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#59491}
-
- 09 Feb, 2019 2 commits
-
-
Jaroslav Sevcik authored
Bailout from map update if there are private symbol transitions on non-extensible maps. Bug: chromium:930045 Change-Id: I02fbea0ec0afde07cded688c06122d8f2bb25921 Reviewed-on: https://chromium-review.googlesource.com/c/1460949Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#59480}
-
Jakob Kummerow authored
HeapObject::SizeFromMap() was too large to get inlined anyway. HeapObject::IsFoo() predicates should be implemented in foo-inl.h, because that's what they depend on. This patch also fixes up includes: dropping unnecessary ones from object-inl.h, and adding them in other places that previously relied on getting them transitively. Bug: v8:8562 Change-Id: Id062bed67257d9dc1899f2d71f44cf69a1368c83 Reviewed-on: https://chromium-review.googlesource.com/c/1450778Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#59478}
-
- 06 Feb, 2019 1 commit
-
-
Jaroslav Sevcik authored
This adds constant field tracking for arrays. To prevent changing the field in some other elements-kind-branch of transition tree, we only use the const information in the optimizing compiler if the map is not an array map or if the map is stable (since stable maps cannot transition to a different elements-kind-branch without deopt). Some more details: https://docs.google.com/document/d/1r2GAvdi_wudDS6iRUfdPw0gxWMfV-IX1PqKgwW47FyE Bug: chromium:912162, v8:8361 Change-Id: Iea1b2f03ddee16205c2141ac5e813a973dd23cf4 Reviewed-on: https://chromium-review.googlesource.com/c/1454606 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#59409}
-
- 01 Feb, 2019 2 commits
-
-
Jaroslav Sevcik authored
This adds support for integrity level transitions (preventExtensions, seal and freeze) to MapUpdater and Map::TryUpdate. In both cases, we first try to detect whether there were integrity level transitions in the transition tree to the old map and make note of the most restrictive integrity transition and the map just before the transition (integrity-source-map). Then we find an appropriate root (based on integrity-source-map's elements kind) and replay the transitions based on the integrity-source-map's descriptor array. Finally, if we saw an integrity level transition in the beginning, we will find-or-create that transition (on the updated version of integrity-source-map). For the following micro-benchmark, we get about 10x speedup. ``` function C() { this.x = 1; Object.seal(this); this.x = 0.1; } const start = Date.now(); for (let i = 0; i < 1e7; i++) { new C(); } console.log("Reconfigure sealed: " + (Date.now() - start)); ``` Before: > Reconfigure sealed: 5202 After: > Reconfigure sealed: 479 Bug: v8:8538 Change-Id: If695be7469d8b6ccd44ac4528be8aa34b65b3e4d Reviewed-on: https://chromium-review.googlesource.com/c/1442640 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#59295}
-
Takuto Ikuta authored
I extracted following class member functions to map.cc * Map * NormalizedMapCache Declaration of all above class are in map.h. This patch makes compile time of objects.cc from 18.9s to 17.6s on Z840 Linux. And map.cc takes 6.14s for compile. Bug: v8:7629 Change-Id: Id1e45dff243ab3f5449c0a7e2a861fba0bc7abf6 Reviewed-on: https://chromium-review.googlesource.com/c/1447914 Commit-Queue: Takuto Ikuta <tikuta@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#59270}
-