1. 23 Feb, 2018 1 commit
  2. 22 Feb, 2018 2 commits
  3. 21 Feb, 2018 1 commit
  4. 20 Feb, 2018 3 commits
    • Peter Marshall's avatar
      [turbofan] Inline promise constructor in turbofan. · 46c199a5
      Peter Marshall authored
      Inline the promise constructor when we have one argument and target
      matches new_target.
      
      This is not complete, and is sitting behind an experimental flag for
      now. We need to fix deoptimization by providing proper frame states.
      
      Create a unittest class for JSCallReducer - just assert whether there
      was a change or not, rather than specify the exact graph that should be
      produced.
      
      Bug: v8:7253
      Change-Id: Ib6886a8feb2799f47cd647853cabcf12a189bc25
      Reviewed-on: https://chromium-review.googlesource.com/919282
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51389}
      46c199a5
    • Benedikt Meurer's avatar
      [turbofan] Optimize promise resolution. · be6d1292
      Benedikt Meurer authored
      This CL introduces new operators JSFulfillPromise and JSPromiseResolve,
      corresponding to the specification operations with the same name, and
      uses that to lower calls to Promise.resolve() builtin to JSPromiseResolve.
      
      We also optimize JSPromiseResolve and JSResolvePromise further based on
      information found about the value/resolution in the graph. This applies
      to both Promise.resolve() builtin calls and implicit resolve operations
      in async functions and async generators.
      
      On a very simple microbenchmark like
      
        console.time('resolve');
        for (let i = 0; i < 1e8; ++i) Promise.resolve({i});
        console.timeEnd('resolve');
      
      this CL reduces the execution time from around 3049ms to around 947ms,
      which is a pretty significant 3x improvement. On the wikipedia benchmark
      we observe an improvement around 2% with this CL.
      
      Bug: v8:7253
      Change-Id: Ic69086cdc1b724f35dbe83305795539c562ab817
      Reviewed-on: https://chromium-review.googlesource.com/913488Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51387}
      be6d1292
    • Benedikt Meurer's avatar
      [async-await] Turn await closures into intrinsics. · d97bb317
      Benedikt Meurer authored
      There's no need to have the AsyncFunctionAwait/AsyncGeneratorAwait
      operations as separate closures that are called via JavaScript calling
      convention, but instead we can just have them as intrinsics (with the
      goal to eventually turn them into IC stubs).
      
      Drive-by-fix: Tail call to the ResumeGenerator builtin when resuming
      an async function. The earlier restrictions no only apply with the new
      machinery.
      
      Bug: v8:7253
      Change-Id: I0c4d04dae15b4211158fc07151adafda69d4faec
      Reviewed-on: https://chromium-review.googlesource.com/924703Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51382}
      d97bb317
  5. 19 Feb, 2018 3 commits
  6. 17 Feb, 2018 2 commits
  7. 16 Feb, 2018 2 commits
    • Benedikt Meurer's avatar
      [async-await] Eliminate throwaway promise in async functions. · a840f1f8
      Benedikt Meurer authored
      The ES2017 specification contains a so-called "throwaway" promise that
      is used to specify the behavior of await in terms of PerformPromiseThen,
      but it's actually not necessary and never exposed to user code. In
      addition to that, hooking up the promise in await required a context (to
      refer to the generator object) and two closures for the reject/fulfill
      handling, which would resume the generator corresponding to the async
      function. That meant, we had to allocate 4 additional objects for every
      await.
      
      Instead of using a JSPromise plus the callbacks, this CL adds logic to
      allow PromiseReaction and PromiseReactionJobTask to carry arbitrary
      payloads and Code handlers. We use this for await to avoid the
      additional 4 objects mentioned above, and instead just have simple Code
      handlers that resume the generator (for the async function), either by
      throwing (in case of a rejection) or by resuming normally (in case of
      fulfillment).
      
      For this to work properly the JSGeneratorObject has to have a link to
      the outer promise returned by the async function, so that the catch
      prediction can still figure out what to do in case of promise rejection.
      This is done by adding a new generator_outer_promise_symbol when the
      debugger is active, which refers from the generator to the outer
      promise.
      
      With this change the doxbee-async-es2017-native test goes from around
      100.54ms to around 82.45ms, which corresponds to a ~18% reduction in
      execution time.
      
      Bug: v8:7253
      Change-Id: Iae25b3300bac351c3417be5ae687eff469b0e61f
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/924069Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51334}
      a840f1f8
    • Benedikt Meurer's avatar
      [turbofan] Properly optimize calls to promise extras. · 13ca9a0f
      Benedikt Meurer authored
      Add TurboFan inlining support for the following V8 Extras:
      
       - v8.createPromise
       - v8.rejectPromise
       - v8.resolvePromise
      
      These are used by the streams implementation in Chrome currently, and
      were previously not inlined into TurboFan, although TurboFan already
      had all the necessary functionality (namely the JSCreatePromise,
      JSRejectPromise and JSResolvePromise operators). We might eventually
      want to use these functions in Node core as well (at least short-term
      for Node 10), to replace the C++ internal API functions with the same
      name that are currently being used by parts of Node core.
      
      For this to work, the rejectPromise and resolvePromise builtins had
      to be moved back to CSA, as for JavaScript builtins we still have the
      policy that the optimizing compiler must not inline them. But that's
      straight-forward since the CSA has all the necessary functionality
      available anyways.
      
      Bug: v8:7253
      Change-Id: I39ab015c379956cd58ace866e17f8ec23b2257b2
      Reviewed-on: https://chromium-review.googlesource.com/924146Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51332}
      13ca9a0f
  8. 15 Feb, 2018 2 commits
  9. 14 Feb, 2018 1 commit
  10. 13 Feb, 2018 2 commits
    • Peter Marshall's avatar
      [promise] Construct promises through API in C++, rather than CSA. · 5bc39360
      Peter Marshall authored
      We don't need to pay the cost of going to JS to simply stamp out a
      new object.
      
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Change-Id: I8942771ff9c19dff1908243fd6d3bd701d3fb5a3
      Reviewed-on: https://chromium-review.googlesource.com/897803
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51267}
      5bc39360
    • Benedikt Meurer's avatar
      [builtins] Refactor the promise resolution and rejection logic. · c0412961
      Benedikt Meurer authored
      This introduces dedicated builtins
      
        - FulfillPromise,
        - RejectPromise, and
        - ResolvePromise,
      
      which perform the corresponding operations from the language
      specification, and removes the redundant entry points and the
      excessive inlining of these operations into other builtins. We
      also add the same logic on the C++ side, so that we don't need
      to go into JavaScript land when resolving/rejecting from the
      API.
      
      The C++ side has a complete implementation, including full support
      for the debugger and the current PromiseHook machinery. This is to
      avoid constantly crossing the boundary for those cases, and to also
      simplify the CSA side (and soon the TurboFan side), where we only
      do the fast-path and bail out to the runtime for the general handling.
      
      On top of this we introduce %_RejectPromise and %_ResolvePromise,
      which are entry points used by the bytecode and parser desugarings
      for async functions, and also used by the V8 Extras API. Thanks to
      this we can uniformly optimize these in TurboFan, where we have
      corresponding operators JSRejectPromise and JSResolvePromise, which
      currently just call into the builtins, but middle-term can be further
      optimized, i.e. to skip the "then" lookup for JSResolvePromise when
      we know something about the resolution.
      
      In TurboFan we can also already inline the default PromiseCapability
      [[Reject]] and [[Resolve]] functions, although this is not as effective
      as it can be right now, until we have inlining support for the Promise
      constructor (being worked on by petermarshall@ right now) and/or SFI
      based CALL_IC feedback.
      
      Overall this change is meant as a refactoring without significant
      performance impact anywhere; it seems to improve performance of
      simple async functions a bit, but otherwise is neutral.
      
      Bug: v8:7253
      Change-Id: Id0b979f9b2843560e38cd8df4b02627dad4b6d8c
      Reviewed-on: https://chromium-review.googlesource.com/911632Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51260}
      c0412961
  11. 09 Feb, 2018 1 commit
  12. 08 Feb, 2018 2 commits
    • Adam Klein's avatar
      Revert "[builtins] Mega-revert to address the Dev blocker in crbug.com/808911." · 3916401e
      Adam Klein authored
      This reverts commit 14108f4c.
      
      Reason for revert: Not the culprit for Canary microtask crashes
      
      Original change's description:
      > [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
      > 
      > - Revert "[builtins] Save one word in contexts for Promise.all."
      >   This reverts commit 7632da06.
      > - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
      >   This reverts commit d4f072ce.
      > - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
      >   This reverts commit 6703dacd.
      > - Revert "[debugger] Properly deal with settled promises in catch prediction."
      >   This reverts commit 40dd0658.
      > - Revert "[builtins] Widen the fast-path for Promise builtins."
      >   This reverts commit db0556b7.
      > - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
      >   This reverts commit a582199c.
      > - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
      >   This reverts commit 6bf88852.
      > - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
      >   This reverts commit 313b490d.
      > - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
      >   This reverts commit f7bd6a2f.
      > - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
      >   This reverts commit b23b098f.
      > - Revert "[promise] Remove incorrect fast path"
      >   This reverts commit 0f6eafe8.
      > - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
      >   This reverts commit 8a677a28.
      > - Revert "[builtins] Refactor promises to reduce GC overhead."
      >   This reverts commit 8e7737cb.
      > 
      > Tbr: hpayer@chromium.org
      > Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      > Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
      > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      > Reviewed-on: https://chromium-review.googlesource.com/906991
      > Commit-Queue: Yang Guo <yangguo@chromium.org>
      > Commit-Queue: Adam Klein <adamk@chromium.org>
      > Reviewed-by: Adam Klein <adamk@chromium.org>
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#51158}
      
      Change-Id: I09d958cbebd635a325809072a290f2f53df8c5d4
      Tbr: adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
      Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/908988Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51181}
      3916401e
    • Taketoshi Aono's avatar
      Reland: Reimplement Object.entries/values as CSA to optimize performance. · 4455377f
      Taketoshi Aono authored
      Original CL is https://chromium-review.googlesource.com/c/v8/v8/+/810504
      Reverted issue is https://bugs.chromium.org/p/chromium/issues/detail?id=804159
      
      Fix Object.entries descriptor array value index.
      
      This reverts commit e5ecb248.
      
      Bug: v8:6804, chromium:804159
      Change-Id: I73a5a5f670c5b36e0c5cc7984d5979ecec43d969
      Reviewed-on: https://chromium-review.googlesource.com/892684
      Commit-Queue: Camillo Bruni <cbruni@chromium.org>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51170}
      4455377f
  13. 07 Feb, 2018 2 commits
    • Benedikt Meurer's avatar
      [builtins] Mega-revert to address the Dev blocker in crbug.com/808911. · 14108f4c
      Benedikt Meurer authored
      - Revert "[builtins] Save one word in contexts for Promise.all."
        This reverts commit 7632da06.
      - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
        This reverts commit d4f072ce.
      - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
        This reverts commit 6703dacd.
      - Revert "[debugger] Properly deal with settled promises in catch prediction."
        This reverts commit 40dd0658.
      - Revert "[builtins] Widen the fast-path for Promise builtins."
        This reverts commit db0556b7.
      - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
        This reverts commit a582199c.
      - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
        This reverts commit 6bf88852.
      - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
        This reverts commit 313b490d.
      - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
        This reverts commit f7bd6a2f.
      - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
        This reverts commit b23b098f.
      - Revert "[promise] Remove incorrect fast path"
        This reverts commit 0f6eafe8.
      - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
        This reverts commit 8a677a28.
      - Revert "[builtins] Refactor promises to reduce GC overhead."
        This reverts commit 8e7737cb.
      
      Tbr: hpayer@chromium.org
      Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/906991
      Commit-Queue: Yang Guo <yangguo@chromium.org>
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51158}
      14108f4c
    • Choongwoo Han's avatar
      [typedarray] Migrate %TypedArray%.of to CSA · 756c8c4e
      Choongwoo Han authored
      - Remove %TypedArray%.of in js/typedarray.js
      - Implement %TypedArray%.of in builtins/builtins-typedarray-gen.cc
      - This CL makes TA.of 1.5x faster
      
      Bug: v8:5929
      Change-Id: Ie165114a0ab9b4ec9ed70840c4c6a42d1eeed101
      Reviewed-on: https://chromium-review.googlesource.com/897227
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51141}
      756c8c4e
  14. 06 Feb, 2018 2 commits
  15. 04 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Widen the fast-path for Promise builtins. · db0556b7
      Benedikt Meurer authored
      This adds a new isolate wide Promise#then protector, which guards the
      "then" lookup for all JSPromise instances whose [[Prototype]] is the
      initial %PromisePrototype%. Thus arbitrary mutations to the
      Promise.prototype (i.e. monkey-patching other methods or installing
      new functions) no longer sent you down the slow-path. Use this protector
      in Promise.prototype.catch and in Promise.resolve.
      
      Drive-by-fix: Restructure the resolve logic a bit and avoid the
      expensive and large SameValue check, which can be turned into a simple
      reference equal, as the promise in there is known to be a JSPromise
      anyways.
      
      Bug: v8:7253
      Change-Id: If68b12c6bc6ca9c4d10552ae84854ebc3b5774f9
      Reviewed-on: https://chromium-review.googlesource.com/899302
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51085}
      db0556b7
  16. 01 Feb, 2018 1 commit
  17. 29 Jan, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Refactor the Microtask pumping to CSA-only. · c8da060b
      Benedikt Meurer authored
      This adjusts the RunMicrotask logic to invoke CallHandlerInfo microtasks
      from CSA land directly (via a runtime function call), instead of bailing
      out to C++ for the rest of the microtask queue entries. Even in simple
      micro-benchmarks there doesn't seem to be a huge performance difference.
      In fact performance get's better when CallHandlerInfo and promises are
      mixed, which makes sense, since calling from C++ to JS land is more
      expensive than the other way around.
      
      But just in case the runtime function call overhead ever becomes the
      bottleneck we can introduce a direct C++ call and setup a handle scope
      around it, much like a very simple version of CallApiFunctionStub.
      
      This greatly simplifies the microtask handling and paves the way for
      refactoring the queue to significant reduce the GC overhead associated
      with promises currently.
      
      Bug: v8:7253
      Change-Id: I33adb62a6bada138674d324f36d4be894e27f3c9
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/890441Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50934}
      c8da060b
  18. 26 Jan, 2018 1 commit
  19. 25 Jan, 2018 2 commits
    • Yang Guo's avatar
      Introduce SimpleNumberDictionary. · 3857b44e
      Yang Guo authored
      This is somewhat of a revival of what used to be
      UnseededNumberDictionary. The difference to NumberDictionary is that
      each entry only has two fields (no field for property details) and there
      is no header field for a bitfield.
      
      The reason for this change is memory regression introduced when we
      removed UnseededNumberDictionary (6e1c57ea). We now use
      SimpleNumberDictionary for
      - slow template instantiation cache
      - code stubs table
      - value serializer map
      - stack frame cache
      - type profile source positions
      
      R=ishell@chromium.org, ulan@chromium.org
      
      Bug: chromium:783695
      Change-Id: I3cd32e485060bb379fb2279eeefbbbded7455f0e
      Reviewed-on: https://chromium-review.googlesource.com/885811Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Yang Guo <yangguo@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50869}
      3857b44e
    • peterwmwong's avatar
      [builtins] Fix Collection constructor when entries have custom iteration. · 55efb6cc
      peterwmwong authored
      - Introduce new helper IsFastJSArrayWithNoCustomIteration.
        - Consolidates all entry array checks...
          - Is a fast array (defers to BranchIfFastJSArray)
          - No possibility that the Array's iteration protocol has been tampered with
      - Introduce new BoolT constant helpers Int32TrueConstant and Int32FalseConstant.
      
      Bug: chromium:804176, chromium:804188
      Change-Id: I6b08396484682dc680b431ea564a7a28eeab8108
      Reviewed-on: https://chromium-review.googlesource.com/883065
      Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50867}
      55efb6cc
  20. 24 Jan, 2018 1 commit
  21. 23 Jan, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Extend the @@species protector to guard Promises. · 79e91f0c
      Benedikt Meurer authored
      Use this in the PromiseThen operation to skip the (expensive) lookup in
      the SpeciesConstructor operation. This yields in a nice 3-5% improvement
      on the bluebird and wikipedia benchmarks, and paves the way for inlining
      certain Promise operations into TurboFan optimized code later.
      
      On the micro-benchmark mentioned in the bug (from the findings doc), we
      reduce the overall execution time by 25%, which makes sense given that
      Promise.prototype.then spends a significant portion of it's time just
      figuring out the appropriate constructor.
      
      Bug: v8:7253, v8:7349
      Change-Id: Ia1577b59d1b7e4b8dbda83e2186583edab76695a
      Reviewed-on: https://chromium-review.googlesource.com/880681Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50794}
      79e91f0c
  22. 22 Jan, 2018 2 commits
  23. 19 Jan, 2018 2 commits
  24. 18 Jan, 2018 2 commits