- 17 Aug, 2021 1 commit
-
-
Samuel Groß authored
ArrayBuffer backing stores will instead use the virtual memory cage and be referenced through offsets rather than pointers when the sandbox is enabled. This will be implemented in an independent CL. Bug: v8:10391 Change-Id: Icc9781003e53c76dbbf4c84ee165151e4182da4b Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086458Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/master@{#76348}
-
- 12 Aug, 2021 1 commit
-
-
Ross McIlroy authored
These are no longer enabled, so remove the code mitigation logic from the codebase. BUG=chromium:1003890 Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76256}
-
- 29 Jul, 2021 1 commit
-
-
Marja Hölttä authored
This CL assumes https://github.com/tc39/proposal-resizablearraybuffer/issues/68 is indeed a spec bug. Bug: v8:11111 Change-Id: I8d24f0d07f7ab40ba01b8c422868ad189d6f7e5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060478 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#76001}
-
- 15 Jul, 2021 1 commit
-
-
Victor Gomes authored
- Initial implementation of Array.concat on Torque. - Adds fast paths for `[].concat()` and `x.concat()`, these are now as fast as `[...x]` and `x.slice()` for non-optimised code. Bug: v8:7152 Change-Id: I86ca15e4e1e67f53424ef0c8bb7eea12d7e660b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026716Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75737}
-
- 28 Jun, 2021 1 commit
-
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: Ieb9e8d1440b57f3840857c34debfece337bf4f51 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979598 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#75409}
-
- 24 Jun, 2021 1 commit
-
-
Jakob Kummerow authored
Instead, make the array-allocating builtin initialize the object. This speeds up later stages of Turbofan graph processing, in particular live range computation. Bug: v8:7748 Change-Id: Iba0d682922b444b1d6151eeaee8d939821ebc980 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983457 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#75367}
-
- 23 Jun, 2021 1 commit
-
-
Mihir Shah authored
The change is made since for switch statements with lots of cases, where each case is a constant integer, the emitted bytecode is still a series of jumps, when we can instead use a jump table. If there are 6 or more cases (similar to GCC) of Smi literals, and if the max Smi case minus the min Smi case is not more than 3 times the number of cases, we use a jump table up front to handle Smi's, and then use traditional if-else logic for the rest of the cases. We then use the jump table in interpreter/bytecode-jump-table to do the optimization. This tries to go off issue 9738 in v8's issue tracker. It is not exactly the same, since that recommends doing the work at JIT-time, but has similar ideas. It also partially goes off issue 10764. Bug: v8:9738 Change-Id: Ic805682ee3abf9ce464bb733b427fa0c83a6e10c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904926Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#75323}
-
- 18 Jun, 2021 1 commit
-
-
Dan Elphick authored
The adding of base:: was mostly prepared using git grep and sed: git grep -l <pattern> | grep -v base/vector.h | \ xargs sed -i 's/\b<pattern>\b/base::<pattern>/ with lots of manual clean-ups due to the resulting v8::internal::base::Vectors. #includes were fixed using: git grep -l "src/utils/vector.h" | \ axargs sed -i 's!src/utils/vector.h!src/base/vector.h!' Bug: v8:11879 Change-Id: I3e6d622987fee4478089c40539724c19735bd625 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968412Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#75243}
-
- 17 Jun, 2021 1 commit
-
-
Igor Sheludko authored
This CL adds - CodeT type - an alias for CodeDataContainer or Code depending on whether the v8_enable_external_code_space is enabled or not, - a set of conversion functions from CodeT to Code or CodeDataContainer and back (both in C++ and CodeStubAssembler), - masm support for calling/tailcalling via CallDataContainer which contain the code entry point address, - masm support for calling/tailcalling via CodeT. Bug: v8:11880 Change-Id: Ib36f4c6db69ec49aaea29412647e59ada95da19b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2967463 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75207}
-
- 14 Jun, 2021 1 commit
-
-
Peter Kasting authored
TNode has a templated constructor from TNode<U>, but this doesn't take precedence over the auto-generated copy constructor, which results in a warning being fired. Fix by adding an explicit copy constructor that does what the templated constructor does, which in turn requires fixing some missing #includes that slipped by due to the lack of LazyTemplateChecks() in the autogenerated copy constructor. Bug: chromium:1213098 Change-Id: Iad40950261af8f88396be9227355e4e013837341 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953503Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Peter Kasting <pkasting@chromium.org> Cr-Commit-Position: refs/heads/master@{#75133}
-
- 08 Jun, 2021 1 commit
-
-
Wenyu Zhao authored
The initial CL is suspected to break the --predictable CI. But looks like the CI is still crashing and also flaky after the revert. So reland it again. This is a reland of 59d58d72 Original change's description: > [csa] Remove InnerAllocate and replace with non-folded allocations > > This CL removes all uses of InnerAllocate (except memento allocations) > and replace with non-folded allocations. The change is based on the > fact that 1. Those InnerAllocates are not guarded by --allocation-folding > flag. 2. Hopefully the MemoryOptimizer can handle the folding and no > performance regression will happen. > > Two special versions of InnerAllocate is still kept: > * One for memento allocations (renamed to InnerAllocateMemento). > * One for AllocateUninitializedJSArrayWithElements (renamed to InnerAllocateElements). > > Change-Id: Ie77da6b2fba31b048241f7b7d927065305a01c27 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873767 > Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74899} Change-Id: I540c3a6b6e3f7c70c048f8ad1e5f702287fb086b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2946667 Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75015}
-
- 07 Jun, 2021 1 commit
-
-
Camillo Bruni authored
- Add new Builtin enum - Move Builtins::Name:kXXX to Builtin::kXXX - Update existing code Follow CLs will unify the mix of using int builtin-ids and Builtins::Name to only use the new Builtin enum and changing it to an enum class. Change-Id: Ib39aa45a25696acdf147f46392901b1e051deaa4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905592 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#74995}
-
- 02 Jun, 2021 2 commits
-
-
Wenyu Zhao authored
This reverts commit 59d58d72. Reason for revert: This CL breaks --predictable Original change's description: > [csa] Remove InnerAllocate and replace with non-folded allocations > > This CL removes all uses of InnerAllocate (except memento allocations) > and replace with non-folded allocations. The change is based on the > fact that 1. Those InnerAllocates are not guarded by --allocation-folding > flag. 2. Hopefully the MemoryOptimizer can handle the folding and no > performance regression will happen. > > Two special versions of InnerAllocate is still kept: > * One for memento allocations (renamed to InnerAllocateMemento). > * One for AllocateUninitializedJSArrayWithElements (renamed to InnerAllocateElements). > > Change-Id: Ie77da6b2fba31b048241f7b7d927065305a01c27 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873767 > Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74899} Change-Id: If6a1836634670eff3342f6df1d2a5b76afbdc0ac No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2932796 Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74903}
-
Wenyu Zhao authored
This CL removes all uses of InnerAllocate (except memento allocations) and replace with non-folded allocations. The change is based on the fact that 1. Those InnerAllocates are not guarded by --allocation-folding flag. 2. Hopefully the MemoryOptimizer can handle the folding and no performance regression will happen. Two special versions of InnerAllocate is still kept: * One for memento allocations (renamed to InnerAllocateMemento). * One for AllocateUninitializedJSArrayWithElements (renamed to InnerAllocateElements). Change-Id: Ie77da6b2fba31b048241f7b7d927065305a01c27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873767 Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74899}
-
- 17 May, 2021 1 commit
-
-
Philip Pfaffe authored
This is a reland of 0ce36e7d The reland includes two fixes: - Move the EvaluateGlobalForTesting into libv8 to avoid linkage issues and to avoid having to export ThreadLocalTop symbols. - Give the ExecutionMode enum a uint8_t backing type to avoid endianess issues. Original change's description: > [ic] Fix handling of API properties with side effects > > DebugEvaluate can evaluate expressions in side-effect-free mode, where > any operation that would cause observable side effects throws an > exception. Currently, when accessors are backed by callbacks, it's > possible that ICs call those accessors directly, bypassing the > side-effect checks. This CL introduces a bailouts to runtime in those > cases. > > Fixed: chromium:1201781 > Also-By: ishell@chromium.org, pfaffe@chromium.org > Change-Id: Ie53bfb2bff7b3420f2b27091e8df6723382cf53c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857634 > Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74507} Fixes: v8:11761 Change-Id: I58cde8bd11ba0fc9d83adc19fa87733628ab6c13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891829Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Cr-Commit-Position: refs/heads/master@{#74602}
-
- 14 May, 2021 1 commit
-
-
Camillo Bruni authored
Make sure we have no pending promises if correctness fuzzing is active. Due to fast-paths we might not create all intermediate promises that aren't spec visible. However, promise hooks might expose them and cause different output which in turn breaks correctness fuzzing. Drive-by-fix: - Replace IsAnyPromiseHookEnabledOrDebugIsActiveOrHasAsyncEventDelegate with NeedsAnyPromiseHooks Bug: v8:1207791 Change-Id: I5b956336c43348e029c3e283993d4140a8897439 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886862Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74565}
-
- 12 May, 2021 1 commit
-
-
Maya Lekova authored
This reverts commit 0ce36e7d. Reason for revert: Speculative revert for a Chromium build breakage causing a blocked roll - https://bugs.chromium.org/p/v8/issues/detail?id=11761 Original change's description: > [ic] Fix handling of API properties with side effects > > DebugEvaluate can evaluate expressions in side-effect-free mode, where > any operation that would cause observable side effects throws an > exception. Currently, when accessors are backed by callbacks, it's > possible that ICs call those accessors directly, bypassing the > side-effect checks. This CL introduces a bailouts to runtime in those > cases. > > Fixed: chromium:1201781 > Also-By: ishell@chromium.org, pfaffe@chromium.org > Change-Id: Ie53bfb2bff7b3420f2b27091e8df6723382cf53c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857634 > Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74507} Change-Id: Ifb5c24682af29572591d436ab92b0304058e99af No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891650 Auto-Submit: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74515}
-
- 11 May, 2021 1 commit
-
-
Philip Pfaffe authored
DebugEvaluate can evaluate expressions in side-effect-free mode, where any operation that would cause observable side effects throws an exception. Currently, when accessors are backed by callbacks, it's possible that ICs call those accessors directly, bypassing the side-effect checks. This CL introduces a bailouts to runtime in those cases. Fixed: chromium:1201781 Also-By: ishell@chromium.org, pfaffe@chromium.org Change-Id: Ie53bfb2bff7b3420f2b27091e8df6723382cf53c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857634 Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#74507}
-
- 10 May, 2021 1 commit
-
-
Marja Hölttä authored
Detailed list of changes: https://docs.google.com/document/d/15i4-SZDzFDW7FfclIYuZEhFn-q-KpobCBy23x9zZZLc/edit?usp=sharing Bug: v8:11111 Change-Id: I931003bd4552cf91d57de95af04a427a9e6d6ac9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814259Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#74459}
-
- 06 May, 2021 1 commit
-
-
Fanchen Kong authored
When a function is invoked by prototype.apply, it may undergo following transformation in the JSCallReducer: receiver.apply(this, args) -> this.receiver(...args) Since the new target (also the receiver of apply()) is not collected to the feedback slot, further speculative optimization on the new target is not available if the new target is not a heapconstant. With this CL, the receiver will be collected to the feedback instead of the target if the target is a prototype.apply. It may improve the performance of the following usecase by ~80%. function reduceArray(func, arr, r) { for (var i = 0, len = arr.length; i < len; i++) { r = func.apply(null, r, arr[i]); } return r; } var a = 0; for (var i = 0; i < 10000000; i++) { a += reduceArray(Math.imul, [5,6,2,3,7,6,8,3,7,9,2,5,], 1); } console.log(a); This CL also improves the runTime score of JetStream2/richards-wasm by ~45% in default, ~60% with --turbo-inline-js-wasm-calls. Change-Id: I542eb8d3fcb592f4e0993af93ba1af70e89c3982 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639813 Commit-Queue: Fanchen Kong <fanchen.kong@intel.com> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74413}
-
- 29 Apr, 2021 1 commit
-
-
Camillo Bruni authored
Bug: chromium:1201936 Change-Id: I1ee545e33587ddf4a5c7e1cbd64b53d36c75a146 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850936Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74267}
-
- 20 Apr, 2021 2 commits
-
-
Stephen Belanger authored
This is a reland of d5457f5f after a speculative revert. Additionally it fixes an issue with throwing promise hooks. Original change's description: > [api] JSFunction PromiseHook for v8::Context > > This will enable Node.js to get much better performance from async_hooks > as currently PromiseHook delegates to C++ for the hook function and then > Node.js delegates it right back to JavaScript, introducing several > unnecessary barrier hops in code that gets called very, very frequently > in modern, promise-heavy applications. > > This API mirrors the form of the original C++ function based PromiseHook > API, however it is intentionally separate to allow it to use JSFunctions > triggered within generated code to, as much as possible, avoid entering > runtime functions entirely. > > Because PromiseHook has internal use also, beyond just the Node.js use, > I have opted to leave the existing API intact and keep this separate to > avoid conflicting with any possible behaviour expectations of other API > users. > > The design ideas for this new API stemmed from discussion with some V8 > team members at a previous Node.js Diagnostics Summit hosted by Google > in Munich, and the relevant documentation of the discussion can be found > here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e > > A summary of the reasons for why this new design is important can be > found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing > > Bug: v8:11025 > Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188 > Reviewed-by: Marja Hölttä <marja@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73858} Bug: v8:11025 Bug: chromium:1197475 Change-Id: I73a71e97d9c3dff89a2b092c3fe4adff81ede8ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2823917Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74071}
-
Sathya Gunasekaran authored
This is a reland of c83c9590 Changes since revert: nothing, issue was crbug.com/v8/11666 Original change's description: > [ic] Add a new MegaDOM IC > > This patch implements the MegaDOM IC setup and access. A new MegaDOM > IC state indicates that we've seen only DOM accessors at this access > site. > > This CL only adds support for DOM getters in LoadIC, other kinds of > access will be added in follow on CLs. > > Still remaining TODO before shipping: > 1. Have a mechanism to invalidate the protector > 2. Have a mechanism to find the accessors that aren't overloaded > 3. Use a new builtin to miss to runtime on access check failure > > Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2 > Bug: v8:11321 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239 > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Reviewed-by: Mythri Alle <mythria@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73733} Bug: v8:11321 Change-Id: I2bec54465542b5b40c42adb6eb12b6ce72cce5bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794439Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#74056}
-
- 12 Apr, 2021 1 commit
-
-
Wenyu Zhao authored
This CL adds features to pack/unpack map words. Currently V8 cannot store extra metadata in object headers -- because V8 objects do not have a proper header, but only a map pointer at the start of the object. To store per-object metadata like marking data, a side table is required as the per-object metadata storage. This CL enables V8 to use higher unused bits in a 64-bit map word as per-object metadata storage. Map pointer stores come with an extra step to encode the metadata into the pointer (we call it "map packing"). Map pointer loads will also remove the metadata bits as well (we call it "map packing"). Since the map word is no longer a valid pointer after packing, we also change the tag of the packed map word to make it looks like a Smi. This helps various GC and barrier code to correctly skip them instead of blindly dereferencing this invalid pointer. A ninja flag `v8_enable_map_packing` is provided to turn this map-packing feature on and off. It is disabled by default. * Only works on x64 platform, with `v8_enable_pointer_compression` set to `false` Bug: v8:11624 Change-Id: Ia2bdf79553945e5fc0b0874c87803d2cc733e073 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247561Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#73915}
-
- 08 Apr, 2021 2 commits
-
-
Michael Achenbach authored
This reverts commit d5457f5f. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/32999 Original change's description: > [api] JSFunction PromiseHook for v8::Context > > This will enable Node.js to get much better performance from async_hooks > as currently PromiseHook delegates to C++ for the hook function and then > Node.js delegates it right back to JavaScript, introducing several > unnecessary barrier hops in code that gets called very, very frequently > in modern, promise-heavy applications. > > This API mirrors the form of the original C++ function based PromiseHook > API, however it is intentionally separate to allow it to use JSFunctions > triggered within generated code to, as much as possible, avoid entering > runtime functions entirely. > > Because PromiseHook has internal use also, beyond just the Node.js use, > I have opted to leave the existing API intact and keep this separate to > avoid conflicting with any possible behaviour expectations of other API > users. > > The design ideas for this new API stemmed from discussion with some V8 > team members at a previous Node.js Diagnostics Summit hosted by Google > in Munich, and the relevant documentation of the discussion can be found > here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e > > A summary of the reasons for why this new design is important can be > found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing > > Bug: v8:11025 > Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188 > Reviewed-by: Marja Hölttä <marja@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73858} Bug: v8:11025 Change-Id: Ie7345c4505f39c973f9f0dbca745b591cff63f3f No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814740 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#73862}
-
Stephen Belanger authored
This will enable Node.js to get much better performance from async_hooks as currently PromiseHook delegates to C++ for the hook function and then Node.js delegates it right back to JavaScript, introducing several unnecessary barrier hops in code that gets called very, very frequently in modern, promise-heavy applications. This API mirrors the form of the original C++ function based PromiseHook API, however it is intentionally separate to allow it to use JSFunctions triggered within generated code to, as much as possible, avoid entering runtime functions entirely. Because PromiseHook has internal use also, beyond just the Node.js use, I have opted to leave the existing API intact and keep this separate to avoid conflicting with any possible behaviour expectations of other API users. The design ideas for this new API stemmed from discussion with some V8 team members at a previous Node.js Diagnostics Summit hosted by Google in Munich, and the relevant documentation of the discussion can be found here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e A summary of the reasons for why this new design is important can be found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing Bug: v8:11025 Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#73858}
-
- 31 Mar, 2021 3 commits
-
-
Igor Sheludko authored
This is a reland of 856e8577 The diff compared to the first attempt is that the tests that require SSSE3/AVX are not run when these CPU features are not available. Original change's description: > [dict-proto] SIMD support for SwissNameDictionary in Torque > > This CL adds a Torque-counterpart for swiss_table::GroupSse2Impl in > Torque. This allows the Torque version of SwissNameDictionary to use > SSE for lookups, rather than needing to bailout to the runtime on > x64/ia32. > > Bug: v8:11330 > Change-Id: I74e3f97c460a8b89031016967ec0e545265016a9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787485 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Zhi An Ng <zhin@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73727} Bug: v8:11330 Cq-Include-Trybots: luci.v8.try:v8_linux_optional_rel_ng Change-Id: Ibfa5ae5a39333778ea0d0406d5ea4ad683ad0dbe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794431Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73740}
-
Maya Lekova authored
This reverts commit c83c9590. Reason for revert: Speculatively reverting for a failure on Arm GC stress bot - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm%20GC%20Stress/b8851256837192083520/overview Original change's description: > [ic] Add a new MegaDOM IC > > This patch implements the MegaDOM IC setup and access. A new MegaDOM > IC state indicates that we've seen only DOM accessors at this access > site. > > This CL only adds support for DOM getters in LoadIC, other kinds of > access will be added in follow on CLs. > > Still remaining TODO before shipping: > 1. Have a mechanism to invalidate the protector > 2. Have a mechanism to find the accessors that aren't overloaded > 3. Use a new builtin to miss to runtime on access check failure > > Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2 > Bug: v8:11321 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239 > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Reviewed-by: Mythri Alle <mythria@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73733} Bug: v8:11321 Change-Id: Ib6a55796f2a3c345d4923f9eaa215a6ff55ed15b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794437 Auto-Submit: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#73734}
-
Sathya Gunasekaran authored
This patch implements the MegaDOM IC setup and access. A new MegaDOM IC state indicates that we've seen only DOM accessors at this access site. This CL only adds support for DOM getters in LoadIC, other kinds of access will be added in follow on CLs. Still remaining TODO before shipping: 1. Have a mechanism to invalidate the protector 2. Have a mechanism to find the accessors that aren't overloaded 3. Use a new builtin to miss to runtime on access check failure Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2 Bug: v8:11321 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#73733}
-
- 30 Mar, 2021 2 commits
-
-
Zhi An Ng authored
This reverts commit 856e8577. Reason for revert: Broke https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/34562/overview Original change's description: > [dict-proto] SIMD support for SwissNameDictionary in Torque > > This CL adds a Torque-counterpart for swiss_table::GroupSse2Impl in > Torque. This allows the Torque version of SwissNameDictionary to use > SSE for lookups, rather than needing to bailout to the runtime on > x64/ia32. > > Bug: v8:11330 > Change-Id: I74e3f97c460a8b89031016967ec0e545265016a9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787485 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Zhi An Ng <zhin@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73727} Bug: v8:11330 Change-Id: I453b299455ac088f7e6ecde1e8003ef58d958b51 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795270 Auto-Submit: Zhi An Ng <zhin@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#73728}
-
Igor Sheludko authored
This CL adds a Torque-counterpart for swiss_table::GroupSse2Impl in Torque. This allows the Torque version of SwissNameDictionary to use SSE for lookups, rather than needing to bailout to the runtime on x64/ia32. Bug: v8:11330 Change-Id: I74e3f97c460a8b89031016967ec0e545265016a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787485Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73727}
-
- 25 Mar, 2021 4 commits
-
-
Frank Emrich authored
This CL evokes that when v8_dict_mode_prototypes is enabled, SwissNameDictionary is used in CSA as the dictionary backing store for all objects (instead of NameDictionary). Bug: v8:11330 Change-Id: I2bda0ec60040981f07e0e51aaf772ac1bb8bbc06 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786856Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73690}
-
Frank Emrich authored
This CL enables proper testing for the CSA/Torque implementation of SwissNameDictionary. This is done by changing the implementation of test_swiss_hash_table::CSATestRunner. This is the last CL of this series and concludes the CSA/Torque implementation of SwissNameDictionary. Bug: v8:11330 Change-Id: Ib46ef3a2c9ec9746591c2af94346be7d0382122b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786843 Commit-Queue: Frank Emrich <emrich@google.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73685}
-
Frank Emrich authored
This CL adapts some existing dictionary-related operations in CSA to support SwissNameDictionary, too. This is needed to make the CSA version of the SwissNameDictionary test suite working. Bug: v8:11330 Change-Id: Ieb315a0806d8910e50f3643abb9a68200485e4fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2784689 Commit-Queue: Frank Emrich <emrich@google.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73681}
-
Frank Emrich authored
This CL adds: a) FindEntry, Add, and Delete operations on SwissNameDictionary in Torque b) Helpers needed for that on both the CSA and Torque side Bug: v8:11330 Change-Id: I549b9039108217a34ec1e95af84eb28af7dfc9d3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778175Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Frank Emrich <emrich@google.com> Cr-Commit-Position: refs/heads/master@{#73674}
-
- 24 Mar, 2021 2 commits
-
-
Frank Emrich authored
This CL adds: a) Allocation and Copy operations on the CSA side b) Helpers needed for that on both the CSA and Torque side Bug: v8:11330 Change-Id: I322c84e1762d2d3503a0d4809c6e1c0bc9d442e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2775563Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73651}
-
Camillo Bruni authored
Change-Id: Ia163acfd04d287d33570374254b661becaf1cc67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782160Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#73646}
-
- 23 Mar, 2021 1 commit
-
-
Frank Emrich authored
This CL adds: a) Helper macros that access the meta table, used in follow-up CLs b) Infrastructure for building efficient accesses to the meta table Bug: v8:11330 Change-Id: I5494c3048a4f82f21871437dfe367d6a456c8257 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773004 Commit-Queue: Frank Emrich <emrich@google.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73602}
-
- 22 Mar, 2021 1 commit
-
-
Frank Emrich authored
This CL adds a) swiss-hash-table-helpers.tq, which contains Torque counterparts for the C++ code in swiss-hash-table-helpers.h. b) various helpers required for that, including adding several CSA integer operations to base.tq. Bug: v8:11330 Change-Id: I6f6faf742334b5d107e84364ed793ad856d1cda1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2757427Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Frank Emrich <emrich@google.com> Cr-Commit-Position: refs/heads/master@{#73580}
-
- 19 Mar, 2021 1 commit
-
-
Frank Emrich authored
This CL makes CTZ (count trailing zeros) and POPCOUNT (count set bits), which are optional ops in the raw machine assembler, available in CSA. A fallback exists for the case that they are not available. This CL also adds the 64 bit version of the mandatory CLZ (count leading zeros) op available. Change-Id: I53cd6738b8ede8bd5842a83bb1161299824d39c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742207Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Frank Emrich <emrich@google.com> Cr-Commit-Position: refs/heads/master@{#73541}
-