- 19 Mar, 2018 1 commit
-
-
Alexey Kozyatinskiy authored
This is a reland of 14824520 Original change's description: > [inspector] added Runtime.terminateExecution > > Runtime.terminateExecution terminates current or next JavaScript > call. Termination flag is automatically reset as soon as v8 call > or microtasks are completed. > > R=pfeldman@chromium.org > > Bug: chromium:820640 > Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel > Change-Id: Ie21c123be3a61fe25cf6e04c38a8b6c664622ed7 > Reviewed-on: https://chromium-review.googlesource.com/957386 > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Reviewed-by: Dmitry Gozman <dgozman@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51912} Bug: chromium:820640 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: I6dd30f65c06c2b7eefd1e7beb9a3cf50ea5bf8cd Reviewed-on: https://chromium-review.googlesource.com/967323 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#52004}
-
- 17 Mar, 2018 2 commits
-
-
Michael Achenbach authored
This reverts commit 14824520. Reason for revert: Breaks chromium tsan in roll: https://chromium-review.googlesource.com/c/chromium/src/+/967682 Original change's description: > Reland "[inspector] added Runtime.terminateExecution" > > This is a reland of 98dec8f2 > > Original change's description: > > [inspector] added Runtime.terminateExecution > > > > Runtime.terminateExecution terminates current or next JavaScript > > call. Termination flag is automatically reset as soon as v8 call > > or microtasks are completed. > > > > R=pfeldman@chromium.org > > > > Bug: chromium:820640 > > Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel > > Change-Id: Ie21c123be3a61fe25cf6e04c38a8b6c664622ed7 > > Reviewed-on: https://chromium-review.googlesource.com/957386 > > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > > Reviewed-by: Dmitry Gozman <dgozman@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#51912} > > Bug: chromium:820640 > Change-Id: I8f270c2fdbe732f0c40bfb149d26a6e73d988253 > Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel > Reviewed-on: https://chromium-review.googlesource.com/966681 > Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52002} TBR=dgozman@chromium.org,pfeldman@chromium.org,kozyatinskiy@chromium.org Change-Id: I2f3d24b238f479082bfed349363240887b5ba751 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:820640 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Reviewed-on: https://chromium-review.googlesource.com/967781Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52003}
-
Alexey Kozyatinskiy authored
This is a reland of 98dec8f2 Original change's description: > [inspector] added Runtime.terminateExecution > > Runtime.terminateExecution terminates current or next JavaScript > call. Termination flag is automatically reset as soon as v8 call > or microtasks are completed. > > R=pfeldman@chromium.org > > Bug: chromium:820640 > Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel > Change-Id: Ie21c123be3a61fe25cf6e04c38a8b6c664622ed7 > Reviewed-on: https://chromium-review.googlesource.com/957386 > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Reviewed-by: Dmitry Gozman <dgozman@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51912} Bug: chromium:820640 Change-Id: I8f270c2fdbe732f0c40bfb149d26a6e73d988253 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Reviewed-on: https://chromium-review.googlesource.com/966681Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#52002}
-
- 05 Mar, 2018 1 commit
-
-
Benedikt Meurer authored
This changes the JSArrayIterator to always have only a single instance type, instead of the zoo of instance types that we had before, and which became less useful with the specification update to when "next" is loaded from the iterator now. This greatly simplifies the baseline implementation of the array iterator, which now only looks at the iterated object during %ArrayIteratorPrototype%.next invocations. In TurboFan we introduce a new JSCreateArrayIterator operator, that holds the IterationKind and get's the iterated object as input. When optimizing %ArrayIteratorPrototype%.next in the JSCallReducer, we check whether the receiver is a JSCreateArrayIterator, and if so, we try to infer maps for the iterated object from there. If we find any, we speculatively assume that these won't have changed during iteration (as we did before with the previous approach), and generate fast code for both JSArray and JSTypedArray iteration. Drive-by-fix: Drop the fast_array_iteration protector, it's not necessary anymore since we have the deoptimization guard bit in the JSCallReducer now. This addresses the performance cliff noticed in webpack 4. The minimal repro on the tracking bug goes from console.timeEnd: mono, 124.773000 console.timeEnd: poly, 670.353000 to console.timeEnd: mono, 118.709000 console.timeEnd: poly, 141.393000 so that's a 4.7x improvement. Also make presubmit happy by adding the missing #undef's. Bug: v8:7510, v7:7514 Change-Id: I79a46bfa2cd0f0710e09365ef72519b1bbb667b5 Reviewed-on: https://chromium-review.googlesource.com/946098Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51725}
-
- 23 Jan, 2018 1 commit
-
-
Benedikt Meurer authored
Use this in the PromiseThen operation to skip the (expensive) lookup in the SpeciesConstructor operation. This yields in a nice 3-5% improvement on the bluebird and wikipedia benchmarks, and paves the way for inlining certain Promise operations into TurboFan optimized code later. On the micro-benchmark mentioned in the bug (from the findings doc), we reduce the overall execution time by 25%, which makes sense given that Promise.prototype.then spends a significant portion of it's time just figuring out the appropriate constructor. Bug: v8:7253, v8:7349 Change-Id: Ia1577b59d1b7e4b8dbda83e2186583edab76695a Reviewed-on: https://chromium-review.googlesource.com/880681Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50794}
-
- 13 Oct, 2017 1 commit
-
-
Mathias Bynens authored
New code should use nullptr instead of NULL. This patch updates existing use of NULL to nullptr where applicable, making the code base more consistent. BUG=v8:6928,v8:6921 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I4687f5b96fcfd88b41fa970a2b937b4f6538777c Reviewed-on: https://chromium-review.googlesource.com/718338 Commit-Queue: Mathias Bynens <mathias@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48557}
-
- 06 Oct, 2017 1 commit
-
-
Benedikt Meurer authored
Make calls like new Array(n) new A(n) (where A is a subclass of Array) inlinable into TurboFan. We do this by speculatively checking that n is an unsigned integer that is not greater than JSArray::kInitialMaxFastElementArray, and then lowering the backing store allocation to a builtin call. The speculative optimization is either protected by the AllocationSite for the Array constructor invocation (if we have one), or by a newly introduced global protector cell that is used for Array constructor invocations that don't have an AllocationSite, i.e. the ones from Array#map, Array#filter, or from subclasses of Array. Next step will be to implement the backing store allocations inline in TurboFan, but that requires Loop support in the GraphAssembler, so it's done as a separate CL. This should further boost the performance. This boosts the ARES6 ML benchmark by up to 8% on the steady state, and also improves monomorphic Array#map calls by around 20-25% on the initial setup. Bug: v8:6399 Tbr: ulan@chromium.org Change-Id: I7c8bdecf7c814ce52db6ee3051c3206a4f7d4bb6 Reviewed-on: https://chromium-review.googlesource.com/704639 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#48348}
-
- 25 Sep, 2017 1 commit
-
-
Karl Schimpf authored
This is a second attempt at landing CL 644866 which was reverted by CL 667019. Extends the current implementation of WASM exceptions to be able to throw exceptions with values (not just tags). A JS typed (uint_16) array is used to hold the thrown values. This allows all WASM types to be stored (i32, i64, f32, and f64) as well as be inspected in JS. The previous CL was reverted because the WASM compiler made calls to run time functions with tagged objects, which must not be done. To fix this, all run time calls use the thread-level isolate to hold the exception being processed. Bug: v8:6577 Change-Id: I4b1ef7e2847b71a2fab8e9934a0531057db9de63 Reviewed-on: https://chromium-review.googlesource.com/677056 Commit-Queue: Karl Schimpf <kschimpf@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48148}
-
- 15 Sep, 2017 1 commit
-
-
Camillo Bruni authored
This reverts commit 7b5a4022. Reason for revert: GC stress-test failures exposed by 7742e534 https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/15110/steps/Mjsunit/logs/exceptions Original change's description: > Add capability of throwing values in WASM > > Extends the current implementation of WASM exceptions to be able to > throw exceptions with values (not just tags). > > An JS typed array (uint_16) is used to hold thrown values, so that the > thrown values can be inspected in JS. > > Bug: v8:6577 > Change-Id: I1007e79ceaffd64386b62562919cfbb920fc10c5 > Reviewed-on: https://chromium-review.googlesource.com/633866 > Commit-Queue: Karl Schimpf <kschimpf@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Eric Holk <eholk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#48001} TBR=bbudge@chromium.org,mtrofin@chromium.org,eholk@chromium.org,clemensh@chromium.org,kschimpf@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:6577 Change-Id: I8f545183c2d2abb1bf4a0b3ee23379f3754ffd55 Reviewed-on: https://chromium-review.googlesource.com/667019Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#48050}
-
- 13 Sep, 2017 1 commit
-
-
Karl Schimpf authored
Extends the current implementation of WASM exceptions to be able to throw exceptions with values (not just tags). An JS typed array (uint_16) is used to hold thrown values, so that the thrown values can be inspected in JS. Bug: v8:6577 Change-Id: I1007e79ceaffd64386b62562919cfbb920fc10c5 Reviewed-on: https://chromium-review.googlesource.com/633866 Commit-Queue: Karl Schimpf <kschimpf@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48001}
-
- 07 Sep, 2017 1 commit
-
-
Peter Marshall authored
This is a reland of 9b35364c Original change's description: > [cleanup] Replace more instances of List with std::vector. > > Bug: v8:6333 > Change-Id: Ic1956d3dcfc0309fe2b65344e5af7235d5b804a2 > Reviewed-on: https://chromium-review.googlesource.com/651413 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Peter Marshall <petermarshall@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47854} Bug: v8:6333 Change-Id: I5d9482b061f26b57550a421ea4099372dc80767f Reviewed-on: https://chromium-review.googlesource.com/654898Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#47884}
-
- 06 Sep, 2017 2 commits
-
-
Peter Marshall authored
This reverts commit 9b35364c. Reason for revert: Failing tests on Win64 Debug Original change's description: > [cleanup] Replace more instances of List with std::vector. > > Bug: v8:6333 > Change-Id: Ic1956d3dcfc0309fe2b65344e5af7235d5b804a2 > Reviewed-on: https://chromium-review.googlesource.com/651413 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Peter Marshall <petermarshall@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47854} TBR=neis@chromium.org,jgruber@chromium.org,petermarshall@chromium.org Change-Id: Ifa2cd98edd9ec5e1d67c81501f0d9e8aae69536c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6333 Reviewed-on: https://chromium-review.googlesource.com/653117Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#47855}
-
Peter Marshall authored
Bug: v8:6333 Change-Id: Ic1956d3dcfc0309fe2b65344e5af7235d5b804a2 Reviewed-on: https://chromium-review.googlesource.com/651413Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#47854}
-
- 28 Aug, 2017 1 commit
-
-
Benedikt Meurer authored
There's no need to have the StringLengthProtector as a PropertyCell, since it's only used to guard against deoptimization loops. This also allows us to remove the use of the CompilationDependencies from the JSTypedLowering. R=jarin@chromium.org Bug: v8:6759 Change-Id: I54a37be6b8064ca3475e3b321f928b6a9903f209 Tbr: mstarzinger@chromium.org Reviewed-on: https://chromium-review.googlesource.com/637303 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47633}
-
- 14 Aug, 2017 1 commit
-
-
Karl Schimpf authored
Fixes the implementation of wasm exceptions to use a WasmRuntimeError object, and set the exception tag value as a property of the object. This guarantees that an uncaught wasm exception is treated like all other runtime errors. Bug: v8:6577 Change-Id: I0ab0130444e745178e86c23b3bc9fc9f385c8d05 Reviewed-on: https://chromium-review.googlesource.com/611124Reviewed-by:
Bill Budge <bbudge@chromium.org> Reviewed-by:
Eric Holk <eholk@chromium.org> Commit-Queue: Karl Schimpf <kschimpf@chromium.org> Cr-Commit-Position: refs/heads/master@{#47346}
-
- 02 Aug, 2017 3 commits
-
-
Karl Schimpf authored
This is a reland of 470a1001 Original change's description: > Start migration of try/throw/catch to match proposal. > > This CL does the first baby steps on moving the current (experimental) > exception handling to match that of the WebAssembly proposal. > > It does the following: > > 1) Use exception tags instead of integers. > > 2) Only handle empty exception signatures (i.e. no values associated > with the exception tag. > > 3) Only handle one catch clause. > > 4) Be sure to rethrow the exception if the exception tag does not match. > > Note: There are many things that need to be fixed, and are too > numerous to list here. However, the code should have TODO's on each > missing parts of the implementation. > > Also note that the code currently doesn't handle nested catch blocks, > nor does it change the throw value being an integer. Rather, the > integer value is still being thrown, and currently is the exception > tag. Therefore, we don't build an exception object. This is the reason > why this CL doesn't handle exceptions that pass values. > > Also, the current implementation still can't handle multiple modules > because tag resolution (between) modules has not be implemented yet. > > Bug: v8:6577 > Change-Id: Id6d08b641b3c42d1eec7d4db582f2dab35406114 > Reviewed-on: https://chromium-review.googlesource.com/591910 > Reviewed-by: Brad Nelson <bradnelson@chromium.org> > Commit-Queue: Karl Schimpf <kschimpf@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47087} Bug: v8:6577 Change-Id: I41c3309827c292cb787681a95aaef7cf9b931835 Reviewed-on: https://chromium-review.googlesource.com/598968Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Brad Nelson <bradnelson@chromium.org> Commit-Queue: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#47100}
-
Ulan Degenbaev authored
This reverts commit 470a1001. Reason for revert: GC stress bot failures. https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Mac%20GC%20Stress/builds/14522 Original change's description: > Start migration of try/throw/catch to match proposal. > > This CL does the first baby steps on moving the current (experimental) > exception handling to match that of the WebAssembly proposal. > > It does the following: > > 1) Use exception tags instead of integers. > > 2) Only handle empty exception signatures (i.e. no values associated > with the exception tag. > > 3) Only handle one catch clause. > > 4) Be sure to rethrow the exception if the exception tag does not match. > > Note: There are many things that need to be fixed, and are too > numerous to list here. However, the code should have TODO's on each > missing parts of the implementation. > > Also note that the code currently doesn't handle nested catch blocks, > nor does it change the throw value being an integer. Rather, the > integer value is still being thrown, and currently is the exception > tag. Therefore, we don't build an exception object. This is the reason > why this CL doesn't handle exceptions that pass values. > > Also, the current implementation still can't handle multiple modules > because tag resolution (between) modules has not be implemented yet. > > Bug: v8:6577 > Change-Id: Id6d08b641b3c42d1eec7d4db582f2dab35406114 > Reviewed-on: https://chromium-review.googlesource.com/591910 > Reviewed-by: Brad Nelson <bradnelson@chromium.org> > Commit-Queue: Karl Schimpf <kschimpf@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47087} TBR=bradnelson@chromium.org,eholk@chromium.org,kschimpf@chromium.org Change-Id: I01dc8c40cc1057333a988c1d275ce5f457b0cb64 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6577 Reviewed-on: https://chromium-review.googlesource.com/598847Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47090}
-
Karl Schimpf authored
This CL does the first baby steps on moving the current (experimental) exception handling to match that of the WebAssembly proposal. It does the following: 1) Use exception tags instead of integers. 2) Only handle empty exception signatures (i.e. no values associated with the exception tag. 3) Only handle one catch clause. 4) Be sure to rethrow the exception if the exception tag does not match. Note: There are many things that need to be fixed, and are too numerous to list here. However, the code should have TODO's on each missing parts of the implementation. Also note that the code currently doesn't handle nested catch blocks, nor does it change the throw value being an integer. Rather, the integer value is still being thrown, and currently is the exception tag. Therefore, we don't build an exception object. This is the reason why this CL doesn't handle exceptions that pass values. Also, the current implementation still can't handle multiple modules because tag resolution (between) modules has not be implemented yet. Bug: v8:6577 Change-Id: Id6d08b641b3c42d1eec7d4db582f2dab35406114 Reviewed-on: https://chromium-review.googlesource.com/591910Reviewed-by:
Brad Nelson <bradnelson@chromium.org> Commit-Queue: Karl Schimpf <kschimpf@chromium.org> Cr-Commit-Position: refs/heads/master@{#47087}
-
- 10 Jul, 2017 1 commit
-
-
jgruber authored
This adds a convenience method for the common Smi to int conversion pattern. Bug: Change-Id: I7d7b171c36cfec5f6d10c60f1d9c3e06e3aed0fa Reviewed-on: https://chromium-review.googlesource.com/563205 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Andreas Rossberg <rossberg@chromium.org> Cr-Commit-Position: refs/heads/master@{#46516}
-
- 28 Jun, 2017 1 commit
-
-
Mike Stanton authored
To be able to use this in optimized code dependency relationships. Bug: Change-Id: Ia099a68994b1252de3c72c8d688862ca17ca76d9 Reviewed-on: https://chromium-review.googlesource.com/548716 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46277}
-
- 08 Jun, 2017 1 commit
-
-
Mythri authored
ThrowIfHole bytecodes were handled by introducing deopt points to check for a hole. To avoid deopt loops a hole check protector was used to generate control flow if there was a deopt due to a hole. However, the normal control flow version should be as fast as the deopt version in general. The deopt version could potentially consume less compile time but it may not be worth the complexity added. Hence simplifying it to only construct the control flow. Bug: v8:6383 Change-Id: Icace11f7a6e21e64e1cebd104496e3f559bc85f7 Reviewed-on: https://chromium-review.googlesource.com/525573Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#45783}
-
- 06 Jun, 2017 1 commit
-
-
Mythri authored
Introduces ThrowReferenceErrorIfHole / ThrowSuperNotCalledIfHole / ThrowSuperAlreadyCalledIfNotHole bytecodes to handle hole checks. In the bytecode-graph builder they are handled by introducing a deopt point instead of adding explicit control flow. JumpIfNotHole / JumpIfNotHoleConstant bytecodes are removed since they are no longer required. Bug: v8:4280, v8:6383 Change-Id: I58b70c556b0ffa30e41a0cd44016874c3e9c5fe1 Reviewed-on: https://chromium-review.googlesource.com/509613 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45720}
-
- 24 May, 2017 2 commits
-
-
machenbach authored
Revert of [turbofan] Speculatively optimize string character access. (patchset #1 id:1 of https://codereview.chromium.org/2905623003/ ) Reason for revert: Changes layout tests: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/15867 See: https://github.com/v8/v8/wiki/Blink-layout-tests Original issue's description: > [turbofan] Speculatively optimize string character access. > > Add a protector cell for string bounds checks that is being used to > protect speculative bounds for String.prototype.charCodeAt and > String.prototype.charAt in TurboFan (and Crankshaft). This way we don't > have the diamond in optimized code, which stands in the way of other > optimizations for charCodeAt that are currently being worked on by > petermarshall@. > > BUG=v8:6391 > TBR=mlippautz@chromium.org > R=petermarshall@chromium.org > > Review-Url: https://codereview.chromium.org/2905623003 > Cr-Commit-Position: refs/heads/master@{#45514} > Committed: https://chromium.googlesource.com/v8/v8/+/9d8bd0551657d60c66b2f96544eecedfba1cba8a TBR=petermarshall@chromium.org,mlippautz@chromium.org,bmeurer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6391 Review-Url: https://codereview.chromium.org/2900333002 Cr-Commit-Position: refs/heads/master@{#45521}
-
bmeurer authored
Add a protector cell for string bounds checks that is being used to protect speculative bounds for String.prototype.charCodeAt and String.prototype.charAt in TurboFan (and Crankshaft). This way we don't have the diamond in optimized code, which stands in the way of other optimizations for charCodeAt that are currently being worked on by petermarshall@. BUG=v8:6391 TBR=mlippautz@chromium.org R=petermarshall@chromium.org Review-Url: https://codereview.chromium.org/2905623003 Cr-Commit-Position: refs/heads/master@{#45514}
-
- 13 Feb, 2017 1 commit
-
-
bmeurer authored
We cannot skip the @@hasInstance lookup in instanceof depending on a global protector cell, as the lookup of the property is observable via proxies or accessors. So remove the global protector and properly implement CSA::InstanceOf via GetPropertyStub, with an appropriate fast-path for Function.prototype[@@hasInstance] where we call the builtin code object directly if the function matches, skipping all the checks from the call sequence, and also avoid the redundant ToBoolean conversion on the result. R=yangguo@chromium.org TBR=ulan@chromium.org BUG=v8:5958 Review-Url: https://codereview.chromium.org/2684033012 Cr-Commit-Position: refs/heads/master@{#43137}
-
- 30 Jan, 2017 1 commit
-
-
petermarshall authored
We need it to be a PropertyCell so that we can list it as a dependency for optimised code. Also drive-by clean up some variable names in src/isolate-inl.h. BUG=v8:5895 Review-Url: https://codereview.chromium.org/2658573008 Cr-Commit-Position: refs/heads/master@{#42764}
-
- 16 Nov, 2016 1 commit
-
-
bmeurer authored
We don't need to check for neutered array buffers unless at least one JSArrayBuffer has been neutered (i.e. detached in TC39 speak). For this we introduce a protector cell that get's invalidated on first call to the JSArrayBuffer::Neuter() method. R=jarin@chromium.org,ulan@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2504163002 Cr-Commit-Position: refs/heads/master@{#41021}
-
- 15 Nov, 2016 1 commit
-
-
petermarshall authored
Avoid using the iterator for arrays with fast elements where the iterator has not been modified. Only deals with the case where there is a single spread argument. Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously. BUG=v8:5511 Review-Url: https://codereview.chromium.org/2465253011 Cr-Commit-Position: refs/heads/master@{#40998}
-
- 14 Nov, 2016 1 commit
-
-
caitp authored
Adds a protector cell to prevent inlining (which will likely lead to deopt loops) when a JSArrayIterator's array transitions from a fast JSArray to a slow JSArray (such as, when the array is touched during iteration in a way which triggers a map transition). Also adds TODO comments relating to the spec update proposed by Dan at https://github.com/tc39/ecma262/pull/724 BUG=v8:5388 R=bmeurer@chromium.org, mstarzinger@chromium.org TBR=hpayer@chromium.org, ulan@chromium.org Review-Url: https://codereview.chromium.org/2484003002 Cr-Commit-Position: refs/heads/master@{#40970}
-
- 30 Sep, 2016 1 commit
-
-
jpp authored
This is essentially CL/2275293002, with the difference that the effect dependencies are now updated correctly. BUG= Review-Url: https://codereview.chromium.org/2378773013 Cr-Commit-Position: refs/heads/master@{#39919}
-
- 29 Sep, 2016 2 commits
-
-
machenbach authored
Revert of [WASM] Implements catch for the wasm low level exception mechanism. (patchset #16 id:300001 of https://codereview.chromium.org/2275293002/ ) Reason for revert: nosse4 errors: https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/13524 https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/11215 Original issue's description: > [WASM] Implements catch for the wasm low level exception mechanism. > > BUG= > > Committed: https://crrev.com/93e5425c46453764779bd557628d61fae670027a > Cr-Commit-Position: refs/heads/master@{#39881} TBR=titzer@chromium.org,bradnelson@chromium.org,jpp@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2383613002 Cr-Commit-Position: refs/heads/master@{#39884}
-
jpp authored
BUG= Review-Url: https://codereview.chromium.org/2275293002 Cr-Commit-Position: refs/heads/master@{#39881}
-
- 23 Sep, 2016 1 commit
-
-
cbruni authored
Revert of [api] Clean up scopes and precheck instantiations cache (patchset #3 id:40001 of https://codereview.chromium.org/2206773003/ ) Reason for revert: Regresses API see go/v8-startup-api Original issue's description: > [api] Clean up scopes and precheck instantiations cache > > Make sure all the scopes used in api-natives.cc have inlineable constructors > and destructors. Additionally directly precheck the instantiations cache before > trying to enter the InvokeScope which sets the save_context. > > BUG=chromium:630217 > > Committed: https://crrev.com/a2496b942cad524f0f3144b107936eaa9a7c9fd5 > Cr-Commit-Position: refs/heads/master@{#38346} TBR=yangguo@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=chromium:630217, chromium:635912 Review-Url: https://codereview.chromium.org/2366903003 Cr-Commit-Position: refs/heads/master@{#39680}
-
- 20 Sep, 2016 1 commit
-
-
bmeurer authored
Crankshaft just unconditionally deoptimizes the code when the length of a string addition result would overflow. In order to protect against deopt loops we insert a global protector cell. We will use the same mechanism for inlining certain string additions into TurboFan as well, and protecting against overflow (we will also extend this to deal with String.prototype.concat and friends once we get there). BUG=v8:5404 R=jarin@chromium.org,hpayer@chromium.org CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_msan_rel Committed: https://crrev.com/cb19257a926a55209a6d6858ce26d51a0447ba71 Review-Url: https://codereview.chromium.org/2348293002 Cr-Original-Commit-Position: refs/heads/master@{#39511} Cr-Commit-Position: refs/heads/master@{#39525}
-
- 19 Sep, 2016 2 commits
-
-
machenbach authored
Revert of [crankshaft] Protect against deopt loops from string length overflows. (patchset #1 id:1 of https://codereview.chromium.org/2348293002/ ) Reason for revert: Mean https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/10910 Original issue's description: > [crankshaft] Protect against deopt loops from string length overflows. > > Crankshaft just unconditionally deoptimizes the code when the length of > a string addition result would overflow. In order to protect against > deopt loops we insert a global protector cell. > > We will use the same mechanism for inlining certain string additions > into TurboFan as well, and protecting against overflow (we will also > extend this to deal with String.prototype.concat and friends once we > get there). > > BUG=v8:5404 > R=jarin@chromium.org,hpayer@chromium.org > > Committed: https://crrev.com/cb19257a926a55209a6d6858ce26d51a0447ba71 > Cr-Commit-Position: refs/heads/master@{#39511} TBR=hpayer@chromium.org,jarin@chromium.org,bmeurer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5404 Review-Url: https://codereview.chromium.org/2357433002 Cr-Commit-Position: refs/heads/master@{#39518}
-
bmeurer authored
Crankshaft just unconditionally deoptimizes the code when the length of a string addition result would overflow. In order to protect against deopt loops we insert a global protector cell. We will use the same mechanism for inlining certain string additions into TurboFan as well, and protecting against overflow (we will also extend this to deal with String.prototype.concat and friends once we get there). BUG=v8:5404 R=jarin@chromium.org,hpayer@chromium.org Review-Url: https://codereview.chromium.org/2348293002 Cr-Commit-Position: refs/heads/master@{#39511}
-
- 05 Aug, 2016 2 commits
-
-
cbruni authored
Reland of [api] Clean up scopes and precheck instantiations cache (patchset #1 id:1 of https://codereview.chromium.org/2216903003/ ) Reason for revert: asan failures are caused by a flaky stack-verflow (see https://codereview.chromium.org/2218033002 for a fix). Original issue's description: > Revert of [api] Clean up scopes and precheck instantiations cache (patchset #3 id:40001 of https://codereview.chromium.org/2206773003/ ) > > Reason for revert: > [Sheriff] Leads to mac asan failures: > https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7835 > > Original issue's description: > > [api] Clean up scopes and precheck instantiations cache > > > > Make sure all the scopes used in api-natives.cc have inlineable constructors > > and destructors. Additionally directly precheck the instantiations cache before > > trying to enter the InvokeScope which sets the save_context. > > > > BUG=chromium:630217 > > > > Committed: https://crrev.com/a2496b942cad524f0f3144b107936eaa9a7c9fd5 > > Cr-Commit-Position: refs/heads/master@{#38346} > > TBR=yangguo@chromium.org,cbruni@chromium.org > # Skipping CQ checks because original CL landed less than 1 days ago. > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:630217 > > Committed: https://crrev.com/e1b5cb43a9b90546ff5d6cea89ba17c485e842fb > Cr-Commit-Position: refs/heads/master@{#38356} TBR=yangguo@chromium.org,machenbach@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:630217 Review-Url: https://codereview.chromium.org/2217353002 Cr-Commit-Position: refs/heads/master@{#38401}
-
machenbach authored
Revert of [api] Clean up scopes and precheck instantiations cache (patchset #3 id:40001 of https://codereview.chromium.org/2206773003/ ) Reason for revert: [Sheriff] Leads to mac asan failures: https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7835 Original issue's description: > [api] Clean up scopes and precheck instantiations cache > > Make sure all the scopes used in api-natives.cc have inlineable constructors > and destructors. Additionally directly precheck the instantiations cache before > trying to enter the InvokeScope which sets the save_context. > > BUG=chromium:630217 > > Committed: https://crrev.com/a2496b942cad524f0f3144b107936eaa9a7c9fd5 > Cr-Commit-Position: refs/heads/master@{#38346} TBR=yangguo@chromium.org,cbruni@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:630217 Review-Url: https://codereview.chromium.org/2216903003 Cr-Commit-Position: refs/heads/master@{#38356}
-
- 04 Aug, 2016 1 commit
-
-
cbruni authored
Make sure all the scopes used in api-natives.cc have inlineable constructors and destructors. Additionally directly precheck the instantiations cache before trying to enter the InvokeScope which sets the save_context. BUG=chromium:630217 Review-Url: https://codereview.chromium.org/2206773003 Cr-Commit-Position: refs/heads/master@{#38346}
-
- 26 Jul, 2016 1 commit
-
-
cbruni authored
The showed up unnaturally high while profiling DOM node creation. BUG=chromium:630217 Review-Url: https://codereview.chromium.org/2181323002 Cr-Commit-Position: refs/heads/master@{#38068}
-