- 13 Oct, 2021 1 commit
-
-
Joyee Cheung authored
Introduces several new runtime mechanics for defining private fields, including: - Bytecode StaKeyedPropertyAsDefine - Builtins StoreOwnIC{Trampoline|Baseline|_NoFeedback} - Builtins KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} - TurboFan IR opcode JSDefineProperty These new operations can reduce a runtime call per class field into a more traditional Store equivalent. In the microbenchmarks, this results in a substantial win over the status quo (~8x benchmark score for single fields with the changes, ~20x with multiple fields). The TurboFan JSDefineProperty op is lowered in JSNativeContextSpecialization, however this required some hacks. Because private fields are defined as DONT_ENUM when added to the object, we can't find a suitable transition using the typical data property (NONE) flags. I've added a mechanism to specify the required PropertyAttributes for the transition we want to look up. Details: New bytecodes: - StaKeyedPropertyAsDefine, which is essentially StaKeyedProperty but with a different IC builtin (KeyedDefineOwnIC). This is a bytecode rather than a flag for the existing StaKeyedProperty in order to avoid impacting typical keyed stores in any way due to additional branching and testing. New builtins: - StoreOwnIC{TTrampoline|Baseline|_NoFeedback} is now used for StaNamedOwnProperty. Unlike the regular StoreIC, this variant will no longer look up the property name in the prototype. In adddition, this CL changes an assumption that StoreNamedOwnProperty can't result in a map transition, as we can't rely on the property already being present in the Map due to an object literal boilerplate. In the context of class features, this replaces the runtime function %CreateDataProperty(). - KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} is used by the new StaKeyedPropertyAsDefine bytecode. This is similar to an ordinary KeyedStoreIC, but will not check the prototype for setters, and for private fields, will take the slow path if the field already exists. In the context of class features, this replaces the runtime function %AddPrivateField(). TurboFan IR: - JSDefineProperty is introduced to represent a situation where we need to use "Define" semantics, in particular, it codifies that we do not consult the prototype chain, and the semantics relating to private fields are implied as well. R=leszeks@chromium.org, syg@chromium.org, rmcilroy@chromium.org Bug: v8:9888 Change-Id: Idcc947585c0e612f9e8533aa4e2e0f8f0df8875d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795831Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#77377}
-
- 04 Aug, 2021 1 commit
-
-
Jakob Gruber authored
Convert more raw Handle<Map> uses to MapRef. Bug: v8:7790 Change-Id: Id638b70607aa5a73404ee37dfda5e038018be525 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067337 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76089}
-
- 03 Aug, 2021 1 commit
-
-
Jakob Gruber authored
Based on a CL by mvstanton@. Bug: v8:7790,v8:12030,v8:12031,v8:12041 Change-Id: I58b75bd96c724a99133bec7d3bd6cf4e0c9be6d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059683Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#76055}
-
- 20 Jul, 2021 1 commit
-
-
Jakob Gruber authored
.. instead of handles and update all uses. Likewise with ElementAccessInfo. Essentially, this creates the needed refs up-front and removes useless MakeRef calls from PAI users. Bug: v8:7790, v8:11671 Change-Id: I175e77dcca27760101606587de615e3497e68c68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030701 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#75805}
-
- 30 Jun, 2021 1 commit
-
-
Jakob Gruber authored
Call it NativeContextRef::GlobalIsDetached and implement it on top of Refs such that it can benefit from direct reads. Drive-by: inline a JSNativeContextSpecialization::ReduceGlobalAccess overload into its only callsite. Bug: v8:7790 Change-Id: I1c6891e0fc65a476b0c4587f3fde2c6461b302a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959614Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75454}
-
- 18 Jun, 2021 1 commit
-
-
Santiago Aboy Solanes authored
Replace GetOwnDictionaryPropertyFromHeap with TryGetOwnDictionaryPropertyFromHeap which will return {} if we are trying to read out of bounds of the heap or the object. This is done so that we can concurrently use the method. We introduce a new compilation dependency (DependOnPropertyValueSame) which checks that the background thread indeed read the correct value. Bug: v8:7790 Change-Id: Ia5e308faf1f65add638cd271995f4f33416fbd15 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930480 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75248}
-
- 24 Feb, 2021 1 commit
-
-
Sathya Gunasekaran authored
Bug: v8:11321 Change-Id: Ica350e9a613d6dddb17569ce5b2df072ceb2c050 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717156 Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#73002}
-
- 08 Jan, 2021 1 commit
-
-
Santiago Aboy Solanes authored
We are planning on moving String to kNeverSerialized. For this, we are modifying its methods to bail out if they encounter a NeverSerialized non-internalized String. Bug: v8:7790 Change-Id: Ia83c1385e53707ddec374e1730963c29b928a08c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2615420Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#71975}
-
- 03 Dec, 2020 1 commit
-
-
Leszek Swirski authored
TurboFan creates DisallowHeapAccess scopes, to prevent heap access in the concurrent parts of the compiler. Then, for parts of the compiler that do want to access the heap, it either creates Allow* scopes (which should be avoided since they "punch a hole" in the Disallow* scopes), or relies on a weakening of Handle::IsDereferenceAllowed which allows handles owned by a LocalHeap to be dereferenced even if there is a DisallowHeapDereference scope. This patch: a) Strengthens the implicit requirements around handle dereferencing to require a running heap on this thread (either main-thread heap or an un-parked, un-safepointed LocalHeap). b) Removes the overly strict Disallow scopes in TurboFan, relying instead on implicit requirements for allocation/handle dereferencing in off-thread code. c) Cleans up the "should_disallow_heap_access" predicate to be more explicit about what should be disallowed (e.g. property accesses can't be computed concurrently) Change-Id: Icb56b7764913ac17e2db197a70bb189af88a6978 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554617 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#71600}
-
- 19 Nov, 2020 1 commit
-
-
Marja Hölttä authored
When accessing a super property which is a getter, the receiver is not restricted the same way as when doing normal property access. In particular, the receiver can be null / undefined. Bug: v8:9237, chromium:1148758, v8:11161 Change-Id: Ic6bc2053e5d046d4b19e868312aa9b50025256a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549941 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71281}
-
- 10 Nov, 2020 1 commit
-
-
Marja Hölttä authored
This is the second reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 , this time without RuntimeCallStats in the tests. Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: I782df6e032ff8191082b425e68d68b69cef0a560 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527092 Auto-Submit: Marja Hölttä <marja@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71077}
-
- 09 Nov, 2020 2 commits
-
-
Shu-yu Guo authored
This reverts commit 30ca51ec. Reason for revert: TSAN failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34104 Original change's description: > [super] Optimize super property access in JSNativeContextSpecialization > > This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 > > Generalize the existing property lookup machinery > (JSNCS::ReduceNamedAccess) to handle the case where the > lookup_start_object and the receiver are different objects. > > Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l > > Bug: v8:9237 > Change-Id: Ia8e79b00f7720f4e3e90801e49a0106e03b4767d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523197 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71052} TBR=marja@chromium.org,neis@chromium.org Change-Id: I2b10963a9a99f7b482f1014472a6a281fcf9b8c1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9237 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527184Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#71058}
-
Marja Hölttä authored
This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: Ia8e79b00f7720f4e3e90801e49a0106e03b4767d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523197 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71052}
-
- 06 Nov, 2020 1 commit
-
-
Nico Hartmann authored
Bug: v8:11074 Change-Id: I6d58d523254915a6b0d6542d8f80ddc6cee71dee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520907Reviewed-by:
Zhi An Ng <zhin@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71003}
-
- 05 Nov, 2020 2 commits
-
-
Clemens Backes authored
This reverts commit 0147db5a. Reason for revert: Data races: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34056 Original change's description: > [super] Optimize super property access in JSNativeContextSpecialization > > Generalize the existing property lookup machinery > (JSNCS::ReduceNamedAccess) to handle the case where the > lookup_start_object and the receiver are different objects. > > Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l > > Bug: v8:9237 > Change-Id: I28b6d87ce6537acd8cf972bbe7dc6d63d581aadc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487122 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70988} TBR=marja@chromium.org,mvstanton@chromium.org,neis@chromium.org Change-Id: Ib5ddb919ae569fe5ddf266d986f1c8bc0fe9621a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9237 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520908Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70992}
-
Marja Hölttä authored
Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: I28b6d87ce6537acd8cf972bbe7dc6d63d581aadc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487122 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#70988}
-
- 27 Oct, 2020 1 commit
-
-
Mike Stanton authored
This CL provides synchronized get/set to feedback vector slots. The FeedbackNexus is set up to use order preserving reads when used on the background thread, and a lock to ensure coherent read of information for ICKinds with two slots. The main thread takes the lock on sets. This test provides patterns to be followed by concurrent TurboFan. We don't yet access the FeedbackVector on the background thread. This CL only makes it safe to do so. The next step will come when the optimizing compiler begins to query the the vector from the background thread. Currently, with --concurrent-inlining turned on this is done in bytecode serialization on the main thread. Without concurrent inlining, it's also done on the main thread, in both cases using the FeedbackNexus. Bug: v8:7790 Change-Id: I49d8b8031190f91a0da1c24f375b6b6d8a9fe038 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2276210 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#70797}
-
- 28 Jul, 2020 1 commit
-
-
Mythri A authored
1. Adds a flag to specify if minimorphic accesses should be optimized using dynamic map checks operators. This flag is disabled by default. 2. Builds the PropertyAccessInfo from handlers instead of reading it from maps for minimorphic accesses 3. Uses DynamicMapChecks operator to lower the minimorphic accesses. Bug: v8:10582, v8:9684 Change-Id: I0b7b26b876f9ad12d6fc38788137b66ee6455aeb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241524Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69112}
-
- 22 Jan, 2020 1 commit
-
-
Georg Neis authored
... and consult it there from the various reducers. The flag makes no sense without the broker and the reducers already have access to the broker, so we can avoid an additional flag per reducer. Bug: v8:7790 Change-Id: I448050a55951b94d5313c1a79a502be906b98b25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013108 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#65918}
-
- 09 Jan, 2020 1 commit
-
-
Maya Lekova authored
Bug: v8:7790 Change-Id: Idf066adcd5c3dca3004e2eaa0d8fa389755720af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991490Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#65671}
-
- 20 Dec, 2019 1 commit
-
-
Tobias Tebbi authored
This reverts commit 91e3243d. Reason for revert: This deopts to the wrong point. Original change's description: > Extend GetIterator bytecode to perform JSReceiver check on object[Symbol.iterator]() > > Current GetIterator bytecode loads and calls @@iterator property on a > given object. This change extends the bytecode functionality to check > whether the value returned after calling @@iterator property is a valid > JSReceiver. The bytecode throws SymbolIteratorInvalid exception if the > returned value is not a valid JSReceiver. This change absorbs the > functionality of additional two bytecodes - JumpIfJSReceiver and > CallRuntime, that are part of the iterator protocol in the GetIterator > bytecode. > > Bug: v8:9489 > Change-Id: I9e84cfe85eeb9a1b8a97ca0595375ac26ba1bbfd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792905 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com> > Cr-Commit-Position: refs/heads/master@{#63704} TBR=rmcilroy@chromium.org,leszeks@chromium.org,tebbi@chromium.org,swapnilgaikwad@google.com # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9489 Change-Id: I9324b5b01ead29912ad793a1e7b4d009643d7901 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1960288Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65541}
-
- 26 Nov, 2019 1 commit
-
-
Georg Neis authored
This flag has had no effect since mid 2017 when its use-site was accidentally removed (in https://codereview.chromium.org/2902533003). Change-Id: I81436b064c2664deff781ad6d75ad47937e3fdc0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934333 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#65172}
-
- 17 Oct, 2019 1 commit
-
-
Toon Verwaest authored
This is a reland of c7c47c68. This makes TSAN happy in addition to: Previously I presumed that the context read from a frame in the profiler was a valid context. Turns out that on non-intel we're not guaranteed that the frame is properly set up. In the case we looked at, the profiler took a sample right before writing the frame marker indicating a builtin frame, causing the "context" pointer from that frame to be a bytecode array. Since we'll read random garbage on the stack as a possible context pointer, I made the code reading the native context from it a little more defensive. Bug: v8:9860 Tbr: ulan@chromium.org, neis@chromium.org, ishell@chromium.org Original change's description: > [runtime] Move Context::native_context to the map > > Remove the native context slot from contexts by making context maps > native-context-specific. Now we require 2 loads to go from a context to the > native context, but we have 1 field fewer to store when creating contexts. > > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64296} Change-Id: I4d0ab4cbbb23a9ae616407f17ef8f35a0b68ddb4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864654 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#64360}
-
- 16 Oct, 2019 2 commits
-
-
Sathya Gunasekaran authored
This reverts commit c7c47c68. Reason for revert: breaks TSAN https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738 Original change's description: > Reland "[runtime] Move Context::native_context to the map" > > This is a reland of f05bae1e > > Previously I presumed that the context read from a frame in the profiler was > a valid context. Turns out that on non-intel we're not guaranteed that the > frame is properly set up. In the case we looked at, the profiler took a > sample right before writing the frame marker indicating a builtin frame, > causing the "context" pointer from that frame to be a bytecode array. Since > we'll read random garbage on the stack as a possible context pointer, I made > the code reading the native context from it a little more defensive. > > Bug: v8:9860 > > Original change's description: > > [runtime] Move Context::native_context to the map > > > > Remove the native context slot from contexts by making context maps > > native-context-specific. Now we require 2 loads to go from a context to the > > native context, but we have 1 field fewer to store when creating contexts. > > > > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629 > > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > > Reviewed-by: Maya Lekova <mslekova@chromium.org> > > Reviewed-by: Georg Neis <neis@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#64296} > > Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Auto-Submit: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64314} TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9860 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64316}
-
Toon Verwaest authored
This is a reland of f05bae1e Previously I presumed that the context read from a frame in the profiler was a valid context. Turns out that on non-intel we're not guaranteed that the frame is properly set up. In the case we looked at, the profiler took a sample right before writing the frame marker indicating a builtin frame, causing the "context" pointer from that frame to be a bytecode array. Since we'll read random garbage on the stack as a possible context pointer, I made the code reading the native context from it a little more defensive. Bug: v8:9860 Original change's description: > [runtime] Move Context::native_context to the map > > Remove the native context slot from contexts by making context maps > native-context-specific. Now we require 2 loads to go from a context to the > native context, but we have 1 field fewer to store when creating contexts. > > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64296} Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64314}
-
- 15 Oct, 2019 2 commits
-
-
Sathya Gunasekaran authored
This reverts commit f05bae1e. Reason for revert: broke arm sim debug https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/17714 https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8899519852984476944/+/steps/Check_-_trusted/0/logs/FunctionDetailsInlining/0 Original change's description: > [runtime] Move Context::native_context to the map > > Remove the native context slot from contexts by making context maps > native-context-specific. Now we require 2 loads to go from a context to the > native context, but we have 1 field fewer to store when creating contexts. > > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64296} TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com Change-Id: Ie7b4086c3a9ab2627ecac599da36b20cf8d1f948 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863200Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64299}
-
Toon Verwaest authored
Remove the native context slot from contexts by making context maps native-context-specific. Now we require 2 loads to go from a context to the native context, but we have 1 field fewer to store when creating contexts. Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64296}
-
- 16 Sep, 2019 1 commit
-
-
Georg Neis authored
We used to have two special cases for named accesses on the global proxy, one based on seeing the global proxy constant in the graph and on based on seeing the global proxy map either in the feedback or in the graph. A change I made a while ago accidentally disabled the second one. This CL restores that. Moreover, given how things are set up now (this might have been different before), the first optimization is subsumed by the second one, so this CL also removes the first one. Finally, this CL records an accumulator hint in the case of a load, which improves precision of the serializer for concurrent inlining. Tbr: tebbi@chromium.org Bug: v8:7790 Change-Id: I255afc6c79e5c5c900b3ccfcd8459d836d21e42b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801954 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#63806}
-
- 12 Sep, 2019 1 commit
-
-
Swapnil Gaikwad authored
Current GetIterator bytecode loads and calls @@iterator property on a given object. This change extends the bytecode functionality to check whether the value returned after calling @@iterator property is a valid JSReceiver. The bytecode throws SymbolIteratorInvalid exception if the returned value is not a valid JSReceiver. This change absorbs the functionality of additional two bytecodes - JumpIfJSReceiver and CallRuntime, that are part of the iterator protocol in the GetIterator bytecode. Bug: v8:9489 Change-Id: I9e84cfe85eeb9a1b8a97ca0595375ac26ba1bbfd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792905Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com> Cr-Commit-Position: refs/heads/master@{#63704}
-
- 30 Aug, 2019 1 commit
-
-
Maya Lekova authored
Introduce JSGlobalObjectRef to the heap broker. Bug: v8:7790 Change-Id: I055a0545b582d6ff4c4e0dd639ce532311a76fec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773267Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63472}
-
- 20 Aug, 2019 1 commit
-
-
Maya Lekova authored
Bug: v8:7790 Change-Id: I6f493d994f49d84020966322d60061567b54c854 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760808 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63265}
-
- 19 Aug, 2019 3 commits
-
-
Georg Neis authored
This is a reland of 29585a06 after removing an incorrect DCHECK. Original change's description: > [turbofan] Various serializer/broker improvements > > They are all somewhat entangled, sorry for the big CL. > > - Brokerize remaining feedback vector slots. > - Introduce Hints::SingleConstant helper. > - Introduce SerializationPolicy enum. > - Eliminate use of nullptr for megamorphic load/store ic feedback. > Instead use the corresponding ProcessedFeedback with an empty list > of maps or the like. new class MegamorphicFeedback. > - Separate processing of feedback from serialization. This eliminates > code duplication. > - Be very careful when clearing hints not to overwrite hints that are > being processed. > - Move AccessInfos out of NamedAccessFeedback. Always store them in > property_access_infos_ map on broker. (This was actually unused > before, somewhat by mistake.) > - Support map inference in concurrent inlining. Rewrite > ElementAccessFeedback such that we can refine it with the set of > inferred maps. > > TBR: mvstanton@chromium.org > Change-Id: I05e9eb250bdffc6dff29db01742550a86a41cb31 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752853 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63232} TBR: mvstanton@chromium.org Bug: v8:7790 Change-Id: Ia4acd31b339a941ee065e1ae4835bb7b85d5685e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758319Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63241}
-
Maya Lekova authored
This reverts commit 29585a06. Reason for revert: Breaks GC stress bots - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24009 https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/27281 Original change's description: > [turbofan] Various serializer/broker improvements > > They are all somewhat entangled, sorry for the big CL. > > - Brokerize remaining feedback vector slots. > - Introduce Hints::SingleConstant helper. > - Introduce SerializationPolicy enum. > - Eliminate use of nullptr for megamorphic load/store ic feedback. > Instead use the corresponding ProcessedFeedback with an empty list > of maps or the like. new class MegamorphicFeedback. > - Separate processing of feedback from serialization. This eliminates > code duplication. > - Be very careful when clearing hints not to overwrite hints that are > being processed. > - Move AccessInfos out of NamedAccessFeedback. Always store them in > property_access_infos_ map on broker. (This was actually unused > before, somewhat by mistake.) > - Support map inference in concurrent inlining. Rewrite > ElementAccessFeedback such that we can refine it with the set of > inferred maps. > > TBR: mvstanton@chromium.org > Change-Id: I05e9eb250bdffc6dff29db01742550a86a41cb31 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752853 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63232} TBR=mvstanton@chromium.org,neis@chromium.org Change-Id: I88625d92fddf993db63661666c59af05a47b2b58 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758314Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63237}
-
Georg Neis authored
They are all somewhat entangled, sorry for the big CL. - Brokerize remaining feedback vector slots. - Introduce Hints::SingleConstant helper. - Introduce SerializationPolicy enum. - Eliminate use of nullptr for megamorphic load/store ic feedback. Instead use the corresponding ProcessedFeedback with an empty list of maps or the like. new class MegamorphicFeedback. - Separate processing of feedback from serialization. This eliminates code duplication. - Be very careful when clearing hints not to overwrite hints that are being processed. - Move AccessInfos out of NamedAccessFeedback. Always store them in property_access_infos_ map on broker. (This was actually unused before, somewhat by mistake.) - Support map inference in concurrent inlining. Rewrite ElementAccessFeedback such that we can refine it with the set of inferred maps. TBR: mvstanton@chromium.org Change-Id: I05e9eb250bdffc6dff29db01742550a86a41cb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752853 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63232}
-
- 09 Aug, 2019 1 commit
-
-
Swapnil Gaikwad authored
This is the first in a series of changes to reduce the number of bytecodes generated for the iteration protocol based operations. The GetIterator bytecode introduced in this change currently loads the @@iterator symbol from an object that was previously done using the LdaNamedProperty bytecode. This change uses builtin-based mechanism that would be extended to perform additional operations in the future on absorbing the bytecodes associated with the GetIterator operation from the iteration protocol. Bug: v8:9489 Change-Id: I83b8b55c27bae8260bf227f355eeca1ba80cd8f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701852 Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63139}
-
- 01 Aug, 2019 1 commit
-
-
Georg Neis authored
From JSNativeContextSpecialization::ReduceKeyedLoadFromHeapConstant to JSNativeContextSpecialization::ReduceElementLoadFromHeapConstant. Change-Id: Ib07a6a4bd599dc71a9a100b2f1f6baef68acbe0b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728618Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63027}
-
- 25 Jul, 2019 1 commit
-
-
Georg Neis authored
- Move SerializePrototype out of DependOnStablePrototypes into ComputePropertyAccessInfo. - Brokerize JSNativeContextSpecialization::InferHasInPrototypeChain. - Brokerize JSNativeContextSpecialization::ReduceJSOrdinaryHasInstance (modulo the call to ReduceJSInstanceOf). - Brokerize JSNativeContextSpecialization::ReduceJSHasInPrototypeChain. - Serialize for JSCallReducer::ReduceObjectPrototypeIsPrototypeOf. - Serialize for JSNativeContextSpecialization::ReduceJSInstanceOf. This is still incomplete. Bug: v8:7790 Change-Id: Ic56eab5ddd8d725a13d2980e5b55db53ae82e822 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709408 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62920}
-
- 05 Jul, 2019 1 commit
-
-
Maya Lekova authored
Got rid of the following circular header dependency chains: compilation-dependencies <-> js-heap-broker <-> access-info types <-> js-heap-broker <-> access-info Extracted former CompilationDependencies::Dependency class into its own header. Extracted *Ref classes into their own header. This should enable building on older GCC versions, e.g. 5.4.0. Bug: v8:9440 Change-Id: Ia345bc227d8f7806d0b8622b706346a7ce6d01ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687415 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#62541}
-
- 24 Jun, 2019 1 commit
-
-
Georg Neis authored
We tried to pass the load mode even for stores. Bug: chromium:977670 Change-Id: I2527a5ca755dba343b75f54383d17e22be0a20a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672940 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#62333}
-
- 21 Jun, 2019 1 commit
-
-
Georg Neis authored
A few are still left and made explicit with Allow* scopes. Bug: v8:7790 Change-Id: I85e78949730d046d3449e0cee70997e60a043825 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622108 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62310}
-