- 28 Aug, 2017 9 commits
-
-
jgruber authored
When the range of all non-bmp characters is passed to AddUnicodeCaseEquivalents, icu::UnicodeSet::closeOver dutifully tries to case-fold every single character in that range. Since we already know this to be a nop, we can simply return instead. This improves compilation time of /ui regexps by around 100x. Bug: v8:6727 Change-Id: I79d73c77d6a54cbb5ad2cad0355214ed712b59b9 Reviewed-on: https://chromium-review.googlesource.com/635303 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#47636}
-
Benedikt Meurer authored
Instead of introducing a lot of explicit branching in the JSNativeContextSpecialization for polymorphic property accesses that cannot be folded into a single LoadField/StoreField, and which are mostly invisible and not optimizable for later passes, we now have a single CompareMaps operator that takes a set of maps (like the CheckMaps operator) and produces a boolean indicating the result of the comparison. R=jarin@chromium.org Bug: v8:6761 Change-Id: Iee8788e915b762d542acb54feb9931346e442dc0 Reviewed-on: https://chromium-review.googlesource.com/636365Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#47635}
-
jgruber authored
TryCatch only clears the pending exception if it has been propagated through OptionalRescheduleException. This is another tentative fix for https://crbug.com/754422. Bug: chromium:754422 Change-Id: Ifbbeed8ef44131a0a010ac6bde3adbbf9fb4c4af Reviewed-on: https://chromium-review.googlesource.com/637305Reviewed-by:
-
Benedikt Meurer authored
There's no need to have the StringLengthProtector as a PropertyCell, since it's only used to guard against deoptimization loops. This also allows us to remove the use of the CompilationDependencies from the JSTypedLowering. R=jarin@chromium.org Bug: v8:6759 Change-Id: I54a37be6b8064ca3475e3b321f928b6a9903f209 Tbr: mstarzinger@chromium.org Reviewed-on: https://chromium-review.googlesource.com/637303 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
Optimize the common pattern for (var i in o) { if (Object.prototype.hasOwnProperty.call(o, i)) { // do something } } which is part of the guard-for-in style in ESLint (see the documentation at https://eslint.org/docs/rules/guard-for-in for details). This pattern also shows up in React and Ember applications quite a lot (and is tested by the appropriate Speedometer benchmarks, although not dominating those benchmarks, since they spent a lot of time in non-TurboFan'ed code). This improves the forInHasOwnProperty and forInHasOwnPropertySafe micro- benchmarks in v8:6702, which look like this function forInHasOwnProperty(o) { var result = 0; for (var i in o) { if (o.hasOwnProperty(i)) { result += 1; } } return result; } function forInHasOwnPropertySafe(o) { var result = 0; for (var i in o) { if (Object.prototype.hasOwnProperty.call(o, i)) { result += 1; } } return result; } by around 4x and allows for additional optimizations in the future, by also elimiating the megamorphic load when accessing the enumerated properties. This changes the interpreter ForInNext bytecode to collect more precise feedback about the for-in state, which now consists of three individual states: UNINITIALIZED, MEGAMORPHIC and GENERIC. The MEGAMORPHIC state means that the ForInNext has only seen objects with a usable enum cache thus far, whereas GENERIC means that we have seen some slow-mode for..in objects as well. R=jarin@chromium.org Bug: v8:6702 Change-Id: Ibcd75ea9b58c3b4f9219f11bc37eb04a2b985604 Reviewed-on: https://chromium-review.googlesource.com/636964 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: -
Alexei Filippov authored
This reverts commit 9b157602. Reason for revert: Seems to be the cause of 100% crashes of runtime-call-stats layout_test on Windows. https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Win7/builds/54947 Original change's description: > [runtime-call-stats] Fix a long standing crash in RuntimeCallStats::Leave > > There must be a matching Leave for each Enter. Otherwise it ends up > with a dead stack-allocated object in the timer chain. > > Drive-by: There was also a bug in > RuntimeCallTimerScope::RuntimeCallTimerScope(HeapObject* ...) did create a > local object instead of calling an overloaded constructor. > > BUG=chromium:669329 > > Change-Id: I9aa1c574a854af8beab3d8097efab3a726ad1c8d > Reviewed-on: https://chromium-review.googlesource.com/634511 > Commit-Queue: Alexei Filippov <alph@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47613} TBR=rmcilroy@chromium.org,alph@chromium.org,cbruni@chromium.org,rmcilroy@google.com # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:669329 Change-Id: I57b4fcd2e7bf92a68824d2ac5f40cc74deee0b25 Reviewed-on: https://chromium-review.googlesource.com/636762Reviewed-by:
Alexei Filippov <alph@chromium.org> Commit-Queue: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#47631}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/8e7ce53..2887ee5 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/123b9d8..68a8df6 TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: I4cf915cd7b117abab676e263f8f4e69857ca3b55 Reviewed-on: https://chromium-review.googlesource.com/636279Reviewed-by:
v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#47630}
-
Yang Guo authored
This is so that precise coverage starts with a clean slate. The old behavior can be emulated by calling getBestEffortCoverage before starting precise coverage. R=jgruber@chromium.org Bug: chromium:757998 Change-Id: Ib3ee2316966f676456198159bdcf8ba8b9d3896f Reviewed-on: https://chromium-review.googlesource.com/635084 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47629}
-
Sathya Gunasekaran authored
Instead of using a word to store the status of the promise, this patch uses 2 bit on flags. Bug: v8:5046 Change-Id: Ic651338230dbe1704c68de8652676f236a3298f0 Reviewed-on: https://chromium-review.googlesource.com/634623 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
-
- 26 Aug, 2017 3 commits
-
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a2b7113..8e7ce53 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/e37aa9d..123b9d8 TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: Ie53cd86e6b8aed971b8a67bb1ee2f4cb881c8623 Reviewed-on: https://chromium-review.googlesource.com/636266Reviewed-by:
-
Alexey Kozyatinskiy authored
R=dgozman@chromium.org Bug: chromium:752019 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I1a64a26e5e5d44757edd5b887d140b6b855cecab Reviewed-on: https://chromium-review.googlesource.com/636300Reviewed-by:
Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47626}
-
Jakob Kummerow authored
By adding LoadIC support for JSModuleNamespace objects. The index of the corresponding slot in the Module's "exports" dictionary is cached in the feedback vector, so the value can be loaded directly, without having to call the C++ accessor. This speeds up the "foo" property access in code like the following snippet by about 10x: import * as m from "module.js" m.foo; Bug: v8:1569 Change-Id: I152abedcbdc6f90b5bedd203cfdf97ed88d1137c Reviewed-on: https://chromium-review.googlesource.com/631136 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47625}
-
- 25 Aug, 2017 28 commits
-
-
Andrey Lushnikov authored
This patch adds objects support for Runtime.callFunctionOn arguments. R=kozy Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I9e9ad000482aa556f10a632b89c2f91fdc21ff1e Reviewed-on: https://chromium-review.googlesource.com/636353Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
Pavel Feldman <pfeldman@chromium.org> Commit-Queue: Andrey Lushnikov <lushnikov@chromium.org> Cr-Commit-Position: refs/heads/master@{#47624}
-
Alexey Kozyatinskiy authored
setupInjectedScriptEnvironment should check array getters/setters as well. R=dgozman@chromium.org Bug: none Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I72b03f62980e339d83bcfda55f1d35135b23da3b Reviewed-on: https://chromium-review.googlesource.com/636469Reviewed-by:
-
Erik Luo authored
Currently, injected script source adds natural object properties before internal properties. This can result in important ones such as "[[PrimitiveValue]]" being left out. This CL - makes sure internal properties are always added to preview - removes unused "[[Iterator*]]" properties from preview - boxed strings (e.g. new String("foo")) will not send unnecessary properties 0:"f", 1:"o", 2:"o" if the [[PrimitiveValue]] is sent. Bug: chromium:567265 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Icd5c7410351f371055277ce471226cc6fb5a861f Reviewed-on: https://chromium-review.googlesource.com/634584Reviewed-by: -
Andrey Lushnikov authored
This patch re-writes the call-function-on-async.js test according to the new style. R=kozy Change-Id: I0541d336fe2bba3197170b0cc22c70e96d8543aa Reviewed-on: https://chromium-review.googlesource.com/636691Reviewed-by:
-
Deepti Gandluri authored
BUG=v8:6532 R=binji@chromium.org, bradnelson@chromium.org Change-Id: I376dd8e4d27cac657d5a7c05a50a0477963da7b7 Reviewed-on: https://chromium-review.googlesource.com/627476 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by:
Brad Nelson <bradnelson@chromium.org> Reviewed-by:
Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#47620}
-
Mircea Trofin authored
We're moving the code table off the heap, while the export wrappers are instance-specific, and, thus, won't move off the heap. Bug: Change-Id: I392fb537c7708a0a06f3468f714335df29bc401b Reviewed-on: https://chromium-review.googlesource.com/636309Reviewed-by:
-
Adam Klein authored
All microbenchmarks now add 20 variables together per iteration, rather than just a single variable. Also re-add a sanity check after the loop, and fix a missing variable add (a15) from the loop. Bug: v8:1569 Change-Id: Ie54357b5cedaafd85f01c699c08b24a5ee6468c9 Reviewed-on: https://chromium-review.googlesource.com/636284Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47618}
-
Ross McIlroy authored
This change adapts the Call bytecode handlers such that they don't require a stack frame. It does this by modifying the call bytecode handler to tail-call the Call or InterpreterPushArgsAndCall builtins. As a result, the callee function will return to the InterpreterEntryTrampoline when it returns (since this is the return address on the interpreter frame), which is adapted to dispatch to the next bytecode handler. The return bytecode handler is modified to tail-call a new InterpreterExitTramoline instead of returning to the InterpreterEntryTrampoline. Overall this significanlty reduces the amount of stack space required for interpreter frames, increasing the maximum depth of recursive calls from around 6000 to around 12,500 on x64. BUG=chromium:753705 Change-Id: I23328e4cef878df3aca4db763b47d72a2cce664c Reviewed-on: https://chromium-review.googlesource.com/634364 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#47617}
-
Jaideep Bajwa authored
WasmGraphBuilder::StoreMem is called with the last argument as default with machine rep = kNode, which causes BuildChangeEndiannessStore(val, memtype, type) to fail. R=gdeepti@google.com, binji@chromium.org, jyan@ca.ibm.com BUG=v8:6752 LOG=N Change-Id: I0633982ff4b5a93551b4765ca8df50073010f3ca Reviewed-on: https://chromium-review.googlesource.com/633755Reviewed-by:
Junliang Yan <jyan@ca.ibm.com> Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47616}
-
Caitlin Potter authored
Keep parsing the rest of the MemberExpression after `new.target` BUG=v8:6745 R=marja@chromium.org, adamk@chromium.org Change-Id: I53cc370766e72ed9e36c5c7aa150a3ad9a6062f8 Reviewed-on: https://chromium-review.googlesource.com/627756Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#47615}
-
Adam Klein authored
Change-Id: Ic3812d16a4e8449ac9619981719e997c90300ee7 Reviewed-on: https://chromium-review.googlesource.com/634254Reviewed-by:
-
Alexei Filippov authored
There must be a matching Leave for each Enter. Otherwise it ends up with a dead stack-allocated object in the timer chain. Drive-by: There was also a bug in RuntimeCallTimerScope::RuntimeCallTimerScope(HeapObject* ...) did create a local object instead of calling an overloaded constructor. BUG=chromium:669329 Change-Id: I9aa1c574a854af8beab3d8097efab3a726ad1c8d Reviewed-on: https://chromium-review.googlesource.com/634511 Commit-Queue: Alexei Filippov <alph@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47613}
-
Leszek Swirski authored
For deferred commands (such as in try-finally), some deferred commands save and restore the accumulator using a result register (e.g. return, throw, rethrow), while others don't (e.g. break, continue, fall-through). However, conditionally reading this result register that may not ever be written caused it to be considered live from the start of the function, as far as the liveness analysis could statically tell. Now, we write the result register for all deferred commands, including the fall-through. As a micro-optimization, we re-use the Smi command tokeen to clobber the result, rather than emitting an LdaUndefined. Bug: chromium:758472 Change-Id: I2ea65e2249b40ee6403216e654a8bb88d50bec3b Reviewed-on: https://chromium-review.googlesource.com/635592 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Jakob Gruber authored
We cannot assume that the receiver is a JSObject, nor can we assume ToObject() completes successfully. TBR=yangguo@chromium.org Bug: chromium:739954 Change-Id: Id55571131ef8755e86f15cd2acb918ff0f1b7788 Reviewed-on: https://chromium-review.googlesource.com/632376Reviewed-by:
-
Michael Lippautz authored
The deadlock can happen when two scavenging tasks process two different pages for their old->new sets and at the same time try to allocate in old space which triggers sweeping of the other task's page. Bug: v8:6754 Change-Id: I6087553631e198d5ecfb8ab37925ac41cd6995bd Reviewed-on: https://chromium-review.googlesource.com/635843 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47610}
-
Jakob Gruber authored
The Uint32(limit) conversion can end up transitioning the regexp instance to slow mode. In this case we need to bail out to runtime while ensuring that ToUint32 is not observably called a second time. We do this by passing the already-converted value to runtime. This particular path was broken and we ended up passing the original maybe_limit value to runtime instead. TBR=yangguo@chromium.org Bug: chromium:758763 Change-Id: If7f23b452d2e134ad9be3d4ef1d78d1c946fcef0 Reviewed-on: https://chromium-review.googlesource.com/635588Reviewed-by:
-
Albert Mingkun Yang authored
Change the signature of `Construct` so that no casting is required on calling it. The casting would fire control flow integrity check if the class contains virtual members. Bug: chromium:758925 Change-Id: Iefc711c634b36efd051e245e2df13b28d5563f45 Reviewed-on: https://chromium-review.googlesource.com/635563Reviewed-by:
-
Michael Lippautz authored
Bug: v8:6333 Change-Id: I0f5a21a66bbad6c56b3dd84d301b85e64f05cbc1 Reviewed-on: https://chromium-review.googlesource.com/635683Reviewed-by:
-
Michael Lippautz authored
Bug: Change-Id: I81132af45d8fb649d4239fa0e0ef75b95e148208 Reviewed-on: https://chromium-review.googlesource.com/633604 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
-
Mythri authored
Do not allow recursive inlining when function calls itself. i.e.f() -> f() This is because we only get some static information for the first level of inlining and it may not be very beneficial to just duplicate the entire function. However, we still allow indirect recursion f() -> g() -> f() -> g1(). This helps in cases where f() is a small dispatch function. For example, in rayTrace class.create -> obj.initialize -> class.create -> obj1.initialize. Bug: chromium:757798 Change-Id: I0a5d9e62eabd7681849f900997b4df061b5f8ed5 Reviewed-on: https://chromium-review.googlesource.com/632622Reviewed-by:
-
Georg Neis authored
R=ishell@chromium.org Bug: Change-Id: I7175176900c95fb676f633b405fffd5a55ffa4b5 Reviewed-on: https://chromium-review.googlesource.com/635323Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#47604}
-
Camillo Bruni authored
Bug: chromium:757199, chromium:758773, chromium:758821 Change-Id: I70644853770501b13992bd7bf78d168ca2308d64 Reviewed-on: https://chromium-review.googlesource.com/635223Reviewed-by:
-
Clemens Hammacher authored
The allocator for determining the location (reg/stack) for parameters and return values can be constexpr. This avoids lazy initialization, saving code size and execution time, and simplifying the implementation significantly. R=ahaas@chromium.org CC=titzer@chromium.org Change-Id: I295623cb1dad0f1537f7292dcf044f3d509588bb Reviewed-on: https://chromium-review.googlesource.com/635163Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47602}
-
Michael Lippautz authored
Bug: v8:6333 Change-Id: I4434c6cc59f886f1e37dfd315a3ad5fee28d3f63 Reviewed-on: https://chromium-review.googlesource.com/634907Reviewed-by:
-
Andreas Haas authored
Compile the module created in trap-location.js with both synchronous and asynchronous compilation. Thereby I can reuse the test for streaming compilation later. R=clemensh@chromium.org Change-Id: Id2e0c70886ddd1b11d51f614d02757099541aedd Reviewed-on: https://chromium-review.googlesource.com/635165 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47600}
-
Ross McIlroy authored
For wide bytecodes, save the bytecode offset as the offset of the prefix bytecode, rather than the bytecode itself. This means that any code that reads the bytecode can explicitly know the width of the bytecode at the offset without having to iterate through the complete bytecode array. Also simplifies some code in the bytecode analysis that had to work around the previous approach. BUG=chromium:753705 Change-Id: I8a42e7cfff27791e39f3452e2b9e52c0608d28cb Reviewed-on: https://chromium-review.googlesource.com/634003 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
-
Michael Starzinger authored
This makes sure instantiate of asm.js modules fails gracefully on heap buffers exceeding the uint32_t range supported by WebAssembly. R=clemensh@chromium.org TEST=mjsunit/regress/regress-crbug-754175 BUG=chromium:754175 Change-Id: I4a9c6791beaab6da826b5b6b5a495f97e9d3b4e9 Reviewed-on: https://chromium-review.googlesource.com/632618Reviewed-by:
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I5bdb91d2e82105bb301c2b97abfb1b074b710a64 Reviewed-on: https://chromium-review.googlesource.com/632680Reviewed-by:
-
