- 06 Dec, 2021 1 commit
-
-
Tobias Tebbi authored
This aligns the Torque semantics of catch with the JavaScript behavior: When we catch an exception, we also reset the pending exception. This also fixes a long-standing bug that we didn't restore the original pending message after executing arbitrary JS in IteratorCloseOnException Bug: v8:12439 Change-Id: I268d9d639d09023a424f352547cdce03428f983a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303805 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/main@{#78259}
-
- 02 Nov, 2021 1 commit
-
-
Joyee Cheung authored
This improves the performance of initializing instances with private methods by 5-6x and makes it on par with initializing instances with only public methods. Drive-by: remove the obsolete AddPrivateField runtime function along with the AddPrivateBrand function. Bug: v8:10793, v8:12355 Change-Id: Ic0896adb2102db7790f955fecbdd22f61ab2e7ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256999 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#77664}
-
- 28 Oct, 2021 1 commit
-
-
Tobias Tebbi authored
This is a reland of 45227ffd Differences: - Handle one more flags conflict in variants.py. - Disallow %VerifyType without --concurrent-recompilation. Original change's description: > [turbofan] extend type asserts to cover all JS types > > Extend type assertions to all types covering JavaScript values. > This is achieved by allocating type representations on the heap using > newly defined HeapObject subclasses. To allocate these in the compiler, > we disable concurrent compilation for the --assert-types flag for now. > > Fix two type errors that came up with the existing tests: > 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of > OtherObject. > 2. OperationTyper::NumberToString(Type) can type the result as the > HeapConstant Factory::zero_string(). However, NumberToString does > not always produce this string. To avoid regressions, the CL keeps > the HeapConstant type and changes the runtime and builtin code to > always produce the canonical "0" string. > > A few tests were failing because they check for truncations to work > and prevent deoptimization. However, AssertType nodes destroy all > truncations (which is by design), so these tests are incompatible > and now disabled for the assert_types variant. > > Drive-by fix: a few minor Torque issues that came up. > > Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77565} Change-Id: I5b3c6745c6ad349ff8c2b199d9afdf0a9b5a7392 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247035 Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#77596}
-
- 30 Aug, 2021 1 commit
-
-
Patrick Thier authored
Allow %CompileBaseline on architectures that support Sparkplug independent of runtime flags. The deicsion based on --sparkplug runtime flag lead to spurious errors on correctness fuzzers. Bug: chromium:1244474 Change-Id: I764bd80cd7dff7e72729145c165dc039c594753c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3127719Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#76572}
-
- 17 Aug, 2021 1 commit
-
-
Georg Neis authored
Namely: %kDisableOptimizationFinalization %WaitForBackgroundOptimization %kFinalizeOptimization Bug: v8:12091 Change-Id: Iea6c5e1d0c88b62fd02b240b20b0fca0fb79451f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097878Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76334}
-
- 10 Jun, 2021 1 commit
-
-
John Xu authored
For Cobalt's purpose in the past, we introduced base::Memcpy to intercept memcpy calls and replace it with SbMemoryCopy on Starboard/Cobalt. Recently Cobalt removed SbMemoryCopy because we found out that memcpy implementation is universal. To reduce the cost to maintain base::Memcpy, let us remove it and revert back to raw memcpy. Bug: v8:10927 Change-Id: I060f191f8f1aed8b78ffe4558a3743f3a2da008b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951462Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: John Xu <johnx@google.com> Cr-Commit-Position: refs/heads/master@{#75070}
-
- 10 May, 2021 1 commit
-
-
Patrick Thier authored
Make %PretenureAllocationSite more resilient to fuzzer inputs/configs and allow it for fuzzing. Bug: chromium:1200724 Change-Id: I541b1410ab1719b478c4ad9516dc350fec02fbba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883783Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#74479}
-
- 05 May, 2021 1 commit
-
-
Nico Hartmann authored
This CL adds a new %VerifyType compiler intrinsic that can be used by tests and fuzzers to generate a runtime type check of the given input value. Internally, %VerifyType is lowered to %AssertType which is why checks are currently limited to range types. tests to be const-correct. Drive-by: Add a few consts to NodeProperties accessors to allow Bug: v8:11724 Change-Id: I06842062d0e8278a5ba011d5a09947fe05b6e85e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859959 Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74377}
-
- 13 Apr, 2021 1 commit
-
-
Patrick Thier authored
- Add %BaselineOsr to manually trigger OSR to Baseline. - Add flags to %GetOptimizationStatus to check if the topmost frame is an Interpreter/Baseline frame. - Add mjsunit test. Bug: v8:11420 Change-Id: Id80421ad97ee719a67ef299cc700da9c44f23bae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814567 Auto-Submit: Patrick Thier <pthier@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#73937}
-
- 11 Mar, 2021 3 commits
-
-
Clemens Backes authored
This is a reland of 80f5dfda. A condition in pipeline.cc was inverted, which lead to a CSA verifier error. Original change's description: > [no-wasm] Exclude src/wasm from compilation > > This is the biggest chunk, including > - all of src/wasm, > - torque file for wasm objects, > - torque file for wasm builtins, > - wasm builtins, > - wasm runtime functions, > - int64 lowering, > - simd scala lowering, > - WasmGraphBuilder (TF graph construction for wasm), > - wasm frame types, > - wasm interrupts, > - the JSWasmCall opcode, > - wasm backing store allocation. > > Those components are all recursively entangled, so I found no way to > split this change up further. > > Some includes that were recursively included by wasm headers needed to > be added explicitly now. > > backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc > because it only tests wasm backing stores. This file is excluded from > no-wasm builds then. > > R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org > > Bug: v8:11238 > Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b > Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73344} TBR=jgruber@chromium.org Bug: v8:11238 Change-Id: I20bd2847a59c68738b5a336cd42582b7b1499585 Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Cq-Include-Trybots: luci.v8.try:v8_linux_verify_csa_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_verify_csa_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752867Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73348}
-
Clemens Backes authored
This reverts commit 80f5dfda. Reason for revert: Fails CSA verification: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20verify%20csa/21766/overview Original change's description: > [no-wasm] Exclude src/wasm from compilation > > This is the biggest chunk, including > - all of src/wasm, > - torque file for wasm objects, > - torque file for wasm builtins, > - wasm builtins, > - wasm runtime functions, > - int64 lowering, > - simd scala lowering, > - WasmGraphBuilder (TF graph construction for wasm), > - wasm frame types, > - wasm interrupts, > - the JSWasmCall opcode, > - wasm backing store allocation. > > Those components are all recursively entangled, so I found no way to > split this change up further. > > Some includes that were recursively included by wasm headers needed to > be added explicitly now. > > backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc > because it only tests wasm backing stores. This file is excluded from > no-wasm builds then. > > R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org > > Bug: v8:11238 > Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b > Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73344} Bug: v8:11238 Change-Id: I93672002c1faa36bb0bb5b4a9cc2032ee2ccd814 Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752866 Auto-Submit: Clemens Backes <clemensb@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#73346}
-
Clemens Backes authored
This is the biggest chunk, including - all of src/wasm, - torque file for wasm objects, - torque file for wasm builtins, - wasm builtins, - wasm runtime functions, - int64 lowering, - simd scala lowering, - WasmGraphBuilder (TF graph construction for wasm), - wasm frame types, - wasm interrupts, - the JSWasmCall opcode, - wasm backing store allocation. Those components are all recursively entangled, so I found no way to split this change up further. Some includes that were recursively included by wasm headers needed to be added explicitly now. backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc because it only tests wasm backing stores. This file is excluded from no-wasm builds then. R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org Bug: v8:11238 Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#73344}
-
- 10 Mar, 2021 1 commit
-
-
Leszek Swirski authored
Robustify %CompileBaseline against fuzzing, and allowlist it in the fuzzer. Bug: v8:11420 Change-Id: I44947014c8c9362d80ea98636dbbaa5d07d6a177 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739643 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#73325}
-
- 24 Nov, 2020 1 commit
-
-
Leszek Swirski authored
Add a CompareCharsEqual to complement CompareChars, where we only care about equality and not ordering. For such cases, we can memcmp for two- byte as well as one-byte strings (we can't for CompareChars because the ordering would be incorrect on little-endian systems). Replace uses of CompareChars that only compare the result against zero, with CompareCharsEqual. Additionally, use some template magic to simplify the "make unsigned" operation in these methods. Change-Id: I0d65bee81b98d3938d15daa4af331c90558ea84f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557980 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#71385}
-
- 17 Nov, 2020 1 commit
-
-
John Xu authored
Bug: v8:10927 Change-Id: Icbdc0d7329ddd466e7d67a954246a35795b4dece Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507310 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71220}
-
- 22 Jun, 2020 1 commit
-
-
Dan Elphick authored
This changes black/white list to block/allow list. Bug: v8:10619 Change-Id: Id55d72f90891670ca57b62dfeb6b3251025927dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257228Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#68464}
-
- 18 Jun, 2020 1 commit
-
-
Michael Achenbach authored
This subsumes the old behavior of --allow-natives-for-fuzzing under --fuzzing as well. Both flags are used in a redundant way in fuzz configs. Only --allow-natives-for-fuzzing wasn't specified as a required argument, leading to the bug below. We still need the flag --allow-natives-for-differential-fuzzing to allow different functions when using differential fuzzing. Bug: chromium:1094866 Change-Id: I398791779e58ed4d80e896c1cfea343848159212 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246568 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68401}
-
- 20 Apr, 2020 1 commit
-
-
Michael Achenbach authored
This keeps it whitelisted for normal fuzzing. TBR=neis@chromium.org Bug: chromium:1070890, v8:10249 Change-Id: I9011db08741e1eef98672847809e7beb2abfe93b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154789Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#67238}
-
- 15 Apr, 2020 1 commit
-
-
Georg Neis authored
Bug: chromium:1070890 Change-Id: I62ad81b8d5bcb9934c7eda4eae595d41339adfdf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2149425Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#67147}
-
- 10 Feb, 2020 1 commit
-
-
Michael Achenbach authored
We should not allow runtime functions that perform extra checks in differential fuzzing, as there we ignore crashes and dchecks entirely. Furthermore, this change whitelists some runtime functions for getting more coverage. Bug: chromium:1044942 Change-Id: Ie5d90bb53bc2d2bacc6635b1dcbe466605b33e12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2041444 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66205}
-
- 31 Jan, 2020 1 commit
-
-
Michael Achenbach authored
This adds two flags for whitelisting natives on fuzzers: --allow-natives-for-fuzzing: Enables a small subset of runtime functions and replaces others with undefined. --allow-natives-for-differential-fuzzing Restricts the allowed runtime functions even further, excluding the ones that break differential fuzzing. Bug: chromium:1044942 Change-Id: I890bd4a6ff7c2e483dd74155290a7ace06f85239 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020773Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66068}
-
- 11 Nov, 2019 1 commit
-
-
Joyee Cheung authored
This patch excludes brand symbols from the result of JSReceiver::GetPrivateEntries so that the brands do not show up when the instances are inspected from the DevTools (e.g. via `Runtime.getProperties()`). To implement this, we use a bit in the Symbols to denote whether it's a brand symbol. A brand symbol is also a private name symbol so that we can just reuse the IC for accessing private names and do not need to jump through extra ORs. Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit Bug: v8:8671, v8:9839, v8:8330 Change-Id: I24346aeedce3602395289052d1e1350ae9390354 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1909757Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/master@{#64899}
-
- 20 Aug, 2019 1 commit
-
-
Joyee Cheung authored
This patch implements the declaration of private accessors. When iterating over the class properties, we track private accessors associated with the same name in a ZoneHashMap. Once we get to all the necessary components for a private name (we know statically whether we should expect only a setter, only a getter, or both), we emit a call to a runtime function `CreatePrivateAccessors` that creates an AccessorPair, and store the components in it. The AccessorPair is then associated with the private name variable and stored in the context for later retrieval when the private accessors are accessed. Design doc: https://docs.google.com/document/d/10W4begYfs7lmldSqBoQBBt_BKamgT8igqxF9u50RGrI/edit Bug: v8:8330 Change-Id: Ie6d3882507d143b1f645d7ae82b21b7358656e89 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725670 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63284}
-
- 23 May, 2019 2 commits
-
-
Yang Guo authored
TBR=bmeurer@chromium.org,leszeks@chromium.org Bug: v8:9247 Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61769}
-
Yang Guo authored
Bug: v8:9247 Change-Id: I0023200c54fa6499ae4e2cf5e4c89407cc35f187 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624218Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61762}
-
- 22 May, 2019 1 commit
-
-
Yang Guo authored
Bug: v8:9247 Change-Id: I79e0553e8a0d6dac2aa16b94a6c0e05b6ccde4a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621934 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61725}
-
- 21 May, 2019 1 commit
-
-
Yang Guo authored
Bug: v8:9247 TBR=bmeurer@chromium.org,neis@chromium.org NOPRESUBMIT=true Change-Id: Ia1e49d1aac09c4ff9e05d58fab9d08dd71198878 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621931Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61682}
-
- 15 May, 2019 1 commit
-
-
Tobias Tebbi authored
With very few exceptions, this verifies all skipped write-barriers in CSA and Torque, showing that the MemoryOptimizer together with some type information on the stored value are enough to avoid unsafe skipped write-barriers. Changes to CSA: SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the MemoryOptimizer by default. Type information about the stored values (TNode<Smi>) is exploited to safely skip write barriers for stored Smi values. In some cases, the code is re-structured to make it easier to consume for the MemoryOptimizer (manual branch and load elimination). Changes to the MemoryOptimizer: Improve the MemoryOptimizer to remove write barriers: - When the store happens to a CSA-generated InnerAllocate, by ignoring Bitcasts and additions. - When the stored value is the HeapConstant of an immortal immovable root. - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned). - Fast C-calls are treated as non-allocating. - Runtime calls can be white-listed as non-allocating. Remaining missing cases: - C++-style iterator loops with inner pointers. - Inner allocates that are reloaded from a field where they were just stored (for example an elements backing store). Load elimination would fix that. - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole). We could handle that in Torque. - Double-aligned allocations, which are not lowered in the MemoryOptimizer but in CSA. Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this can be handled by overload resolution (in Torque and C++). Reland Change: Support pointer compression operands. R=jarin@chromium.org TBR=mvstanton@chromium.org Bug: v8:7793 Change-Id: I84e1831eb6bf9be14f36db3f8b485ee4fab6b22e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612904 Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#61522}
-
- 13 May, 2019 1 commit
-
-
Joyee Cheung authored
Added null check when printing the brand with --print-ast. Bug: chromium:961507, chromium:961508 Original change's description: > [class] implement private method declarations > > This patch implements the declarations of private methods, the access > of private methods would be left to a future patch. > When a private methods declaration is encountered, we now: > > - Create a brand symbol during class evaluation and store it in the > context. > - Create the closures for the private methods > - Load the brand from the context and store it in the instance in the > constructor. > > Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit# > > Bug: v8:8330 > Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708 > Commit-Queue: Joyee Cheung <joyee@igalia.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61387} Change-Id: I3bf465f70c27914c9ec19f3f59ae018b28c9a866 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605521 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by:
Adam Klein <adamk@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#61459}
-
- 10 May, 2019 1 commit
-
-
Ross McIlroy authored
This reverts commit b9191bd3. Reason for revert: Clusterfuzz bugs BUG=chromium:961507,chromium:961508 Original change's description: > [class] implement private method declarations > > This patch implements the declarations of private methods, the access > of private methods would be left to a future patch. > When a private methods declaration is encountered, we now: > > - Create a brand symbol during class evaluation and store it in the > context. > - Create the closures for the private methods > - Load the brand from the context and store it in the instance in the > constructor. > > Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit# > > Bug: v8:8330 > Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708 > Commit-Queue: Joyee Cheung <joyee@igalia.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61387} TBR=rmcilroy@chromium.org,gsathya@chromium.org,verwaest@chromium.org,joyee@igalia.com Change-Id: I429bbe8af9f94598de132814aa2c3ab9fa69b986 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8330 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605730 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#61406}
-
- 09 May, 2019 1 commit
-
-
Joyee Cheung authored
This patch implements the declarations of private methods, the access of private methods would be left to a future patch. When a private methods declaration is encountered, we now: - Create a brand symbol during class evaluation and store it in the context. - Create the closures for the private methods - Load the brand from the context and store it in the instance in the constructor. Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit# Bug: v8:8330 Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#61387}
-
- 26 Apr, 2019 1 commit
-
-
Ross McIlroy authored
This reverts commit da7322c0. Reason for revert: Breaking the pointer compression bots, e.g.: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20pointer%20compression/3047 Original change's description: > [csa] verify skipped write-barriers in MemoryOptimizer > > With very few exceptions, this verifies all skipped write-barriers in > CSA and Torque, showing that the MemoryOptimizer together with some > type information on the stored value are enough to avoid unsafe skipped > write-barriers. > > Changes to CSA: > SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the > MemoryOptimizer by default. > Type information about the stored values (TNode<Smi>) is exploited to > safely skip write barriers for stored Smi values. > In some cases, the code is re-structured to make it easier to consume > for the MemoryOptimizer (manual branch and load elimination). > > Changes to the MemoryOptimizer: > Improve the MemoryOptimizer to remove write barriers: > - When the store happens to a CSA-generated InnerAllocate, by ignoring > Bitcasts and additions. > - When the stored value is the HeapConstant of an immortal immovable root. > - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned). > - Fast C-calls are treated as non-allocating. > - Runtime calls can be white-listed as non-allocating. > > Remaining missing cases: > - C++-style iterator loops with inner pointers. > - Inner allocates that are reloaded from a field where they were just stored > (for example an elements backing store). Load elimination would fix that. > - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole). > We could handle that in Torque. > - Double-aligned allocations, which are not lowered in the MemoryOptimizer > but in CSA. > > Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this > can be handled by overload resolution (in Torque and C++). > > R=jarin@chromium.org > TBR=mvstanton@chromium.org > > Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61016} TBR=mvstanton@chromium.org,jarin@chromium.org,tebbi@chromium.org Change-Id: I36877cd6d08761726ef8dce8a3e3f2ce3eebe6cf No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585732Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#61038}
-
- 25 Apr, 2019 1 commit
-
-
Tobias Tebbi authored
With very few exceptions, this verifies all skipped write-barriers in CSA and Torque, showing that the MemoryOptimizer together with some type information on the stored value are enough to avoid unsafe skipped write-barriers. Changes to CSA: SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the MemoryOptimizer by default. Type information about the stored values (TNode<Smi>) is exploited to safely skip write barriers for stored Smi values. In some cases, the code is re-structured to make it easier to consume for the MemoryOptimizer (manual branch and load elimination). Changes to the MemoryOptimizer: Improve the MemoryOptimizer to remove write barriers: - When the store happens to a CSA-generated InnerAllocate, by ignoring Bitcasts and additions. - When the stored value is the HeapConstant of an immortal immovable root. - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned). - Fast C-calls are treated as non-allocating. - Runtime calls can be white-listed as non-allocating. Remaining missing cases: - C++-style iterator loops with inner pointers. - Inner allocates that are reloaded from a field where they were just stored (for example an elements backing store). Load elimination would fix that. - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole). We could handle that in Torque. - Double-aligned allocations, which are not lowered in the MemoryOptimizer but in CSA. Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this can be handled by overload resolution (in Torque and C++). R=jarin@chromium.org TBR=mvstanton@chromium.org Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61016}
-
- 02 Feb, 2019 1 commit
-
-
Suraj Sharma authored
The program: foo; let foo = 5; …now produces: ReferenceError: Cannot access 'foo' before initialization …instead of: ReferenceError: foo is not defined Bug: v8:6513, v8:6951 Change-Id: I6c372626734570d5abeb1d0196b814dde02b9e3e Reviewed-on: https://chromium-review.googlesource.com/c/1441151Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Mathias Bynens <mathias@chromium.org> Commit-Queue: Suraj Sharma <surshar@microsoft.com> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#59307}
-
- 18 Dec, 2018 1 commit
-
-
Jakob Kummerow authored
instead of Object* (which is deprecated) or ObjectPtr (which is unsuitable for cases where we need to control the ABI exactly). Callers in generated code expect a plain tagged value, so return precisely that. Same for C++ Builtins. Bug: v8:3770 Change-Id: Id12f0d9830f7caf2a16aa973b8297f70d65241f5 Reviewed-on: https://chromium-review.googlesource.com/c/1382466Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#58334}
-
- 07 Nov, 2018 1 commit
-
-
Jakob Kummerow authored
as part of the ongoing quest to get rid of Object*/Object** entirely. Design overview: https://goo.gl/Ph4CGz Bug: v8:3770 Change-Id: Ie79a461a61203ea5a6efcd7b2a31bff1834169dd Reviewed-on: https://chromium-review.googlesource.com/c/1316607 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#57306}
-
- 06 Nov, 2018 1 commit
-
-
Joyee Cheung authored
Rename variables and flag names so that the classes can be reused by private methods implementation. In particular: Rename "fields" to "members" in the initializer so that we can initialize both fields and private methods/accessors there, for example: instance_fields_initializer -> instance_members_initializer InitializeClassFieldsStatement -> InitializeClassMembersStatement Rename "private field" to "private name" for the private symbols used to implement private fields so that we can use them to store private methods/accessors later as well, for example: private_field_name_var -> private_name_var NewPrivateFieldSymbol -> NewPrivateNameSymbol The follow-on is in https://chromium-review.googlesource.com/c/v8/v8/+/1301018 The design doc is in https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit?usp=sharing Bug: v8:8330 Change-Id: I1cdca8def711da879b6e4d67c5ff0a5a4a36abbe Reviewed-on: https://chromium-review.googlesource.com/c/1312597Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/master@{#57289}
-
- 10 Oct, 2018 1 commit
-
-
Benedikt Meurer authored
This change introduces new intrinsics used to desugar async functions in the Parser and the BytecodeGenerator, namely we introduce a new %_AsyncFunctionEnter intrinsic that constructs the generator object for the async function (and in the future will also create the outer promise for the async function). This generator object is internal and never escapes to user code, plus since async functions don't have a "prototype" property, we can just a single map here instead of tracking the prototype/initial_map on every async function. This saves one word per async function plus one initial_map per async function that was invoked at least once. We also introduce two new intrinsics %_AsyncFunctionReject, which rejects the outer promise with the caught exception, and another %_AsyncFunctionResolve, which resolves the outer promise with the right hand side of the `return` statement. These functions also perform the DevTools part of the job (aka popping from the promise stack and sending the debug event). This allows us to get rid of the implicit try-finally from async functions completely; because the finally block only called to the %AsyncFunctionPromiseRelease builtin, which was used to inform DevTools. In essence we now turn an async function like ```js async function f(x) { return await bar(x); } ``` into something like this (in Parser and BytecodeGenerator respectively): ``` function f(x) { .generator_object = %_AsyncFunctionEnter(.closure, this); .promise = %AsyncFunctionCreatePromise(); try { .tmp = await bar(x); return %_AsyncFunctionResolve(.promise, .tmp); } catch (e) { return %_AsyncFunctionReject(.promise, e); } } ``` Overall the bytecode for async functions gets significantly shorter already (and will get even shorter once we put the outer promise into the async function generator object). For example the bytecode for a simple async function ```js async function f(x) { return await x; } ``` goes from 175 bytes to 110 bytes (a ~38% reduction in size), which is in particular due to the simplification around the try-finally removal. Overall this seems to improve the doxbee-async-es2017-native test by around 2-3%. On the test case mentioned in v8:8276 we go from 1124ms to 441ms, which corresponds to a 60% reduction in total execution time! Tbr: marja@chromium.org Bug: v8:7253, v8:7522, v8:8276 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Id29dc92de7490b387ff697860c900cee44c9a7a4 Reviewed-on: https://chromium-review.googlesource.com/c/1269041 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#56502}
-
- 08 Oct, 2018 1 commit
-
-
Benedikt Meurer authored
This change adds predicates to check whether a given JavaScript operator needs the "current context" or if any surrounding context (including the "native context") does it. For example JSAdd doesn't ever need the current context, but actually only the native context. In the BytecodeGraphBuilder we use this predicate to check whether a given operator needs the current context, and if not, we just pass in the native context. Doing so we improve the performance on the benchmarks given in the tracking bug significantly, and go from something around arrayMap: 476 ms. arrayFilter: 312 ms. arrayEvery: 241 ms. arraySome: 152 ms. to arrayMap: 377 ms. arrayFilter: 296 ms. arrayEvery: 191 ms. arraySome: 91 ms. which is an up to 40% improvement. So for idiomatic modern JavaScript which uses higher order functions quite a lot, not just the builtins provided by the JSVM, this is going to improve peak performance noticably. This also makes it possible to completely eliminate all the allocations in the aliased sloppy arguments example ```js function foo(a) { return arguments.length; } ``` concretely we don't allocate the function context anymore and we also don't allocate the arguments object anymore (the JSStackCheck was the reason why we did this in the past, because it was holding on to the current context, which also kept the allocation for the arguments alive). Bug: v8:6200, v8:8060 Change-Id: I1db56d00d6b510ce6337608c0fff16af96e95eef Design-Document: bit.ly/v8-turbofan-context-sensitive-js-operators Reviewed-on: https://chromium-review.googlesource.com/c/1267176Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56441}
-
- 05 Oct, 2018 1 commit
-
-
Peter Marshall authored
For each intrinsic/runtime function we define in runtime.h, an inline version is automatically declared. We only ever use 24 of the inline functions. Even though we don't call the other ones, macro magic means they still take up space by existing in various arrays and tables like kIntrinsicFunctions. They also create code in switch statements. Some drive-by cleanups: - Remove the switch in NameForRuntimeId() and just use the table of runtime functions to lookup the name directly. - Remove tests for IsFunction, ClassOf and StringAdd intrinsics as they are the last users of the inline versions of these. - Remove the MaxSmi inline version as it is only used in tests. Saves 64 KiB binary size. Change-Id: I4c870ddacd2655ffcffa97d93200ed8f853752f5 Reviewed-on: https://chromium-review.googlesource.com/c/1261939 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#56412}
-