Skip to content

V
V8
Switch branch/tag
  1. 09 Nov, 2015 1 commit
    • bmeurer's avatar
      [builtins] Introduce specialized Call/CallFunction builtins. · 7c3396d0
      bmeurer authored 
      Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).

This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.

R=yangguo@chromium.org
BUG=chromium:552244
LOG=n

Review URL: https://codereview.chromium.org/1436493002

Cr-Commit-Position: refs/heads/master@{#31871}
      7c3396d0
  3. 06 Nov, 2015 1 commit
  5. 05 Nov, 2015 1 commit
  7. 04 Nov, 2015 2 commits
  9. 03 Nov, 2015 2 commits
  11. 02 Nov, 2015 2 commits
  13. 30 Oct, 2015 1 commit
    • neis's avatar
      Refactor Object::SetSuperProperty and others. · 12736611
      neis authored 
      This is in preparation of implementing Reflect.set.

Besides making SetSuperProperty and others return Maybe<bool>, this CL
also fixes some parts of my previous refactoring of SetProperty and
others: It doesn't make sense to take both a language_mode and a
should_throw argument.  A strict language_mode should imply
THROW_ON_ERROR.

R=rossberg, verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1431443003

Cr-Commit-Position: refs/heads/master@{#31678}
      12736611
  15. 29 Oct, 2015 1 commit
    • mvstanton's avatar
      Vector ICs: Allow for more IC kinds. · 25d48ec3
      mvstanton authored 
      We have plans to create more ICs, and we are out of bits to represent the Kind
in the flags field of the code object. The InlineCacheState can lose a bit
because it no longer needs the DEFAULT state. That state existed as a way to
detect errors where code incorrectly looked at a vector IC stub's
InlineCacheState instead of correctly determining said state from a glance at
the vector. This really isn't a danger anymore.

So, with the horse trading, we could now represent up to 32 code kinds.

BUG=

Review URL: https://codereview.chromium.org/1427803003

Cr-Commit-Position: refs/heads/master@{#31666}
      25d48ec3
  17. 27 Oct, 2015 1 commit
  19. 26 Oct, 2015 1 commit
  21. 23 Oct, 2015 1 commit
  23. 19 Oct, 2015 1 commit
  25. 12 Oct, 2015 2 commits
  27. 01 Oct, 2015 1 commit
  29. 30 Sep, 2015 1 commit
  31. 29 Sep, 2015 1 commit
  33. 28 Sep, 2015 2 commits
  35. 24 Sep, 2015 3 commits
    • bmeurer's avatar
      [es6] Introduce spec compliant IsConstructor. · 8fe3ac07
      bmeurer authored 
      There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).

This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.

Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org, rossberg@chromium.org
BUG=v8:4413, v8:4430
LOG=n

Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
Cr-Commit-Position: refs/heads/master@{#30900}

Review URL: https://codereview.chromium.org/1358423002

Cr-Commit-Position: refs/heads/master@{#30902}
      8fe3ac07
    • bmeurer's avatar
      Revert of [es6] Introduce spec compliant IsConstructor. (patchset #2 id:20001... · 656ebdce
      bmeurer authored 
      Revert of [es6] Introduce spec compliant IsConstructor. (patchset #2 id:20001 of https://codereview.chromium.org/1358423002/ )

Reason for revert:
Failed on Fuzzer and MIPS bot.

Original issue's description:
> [es6] Introduce spec compliant IsConstructor.
>
> There was already a bit on the Map named "function with prototype",
> which basically meant that the Map was a map for a JSFunction that could
> be used as a constructor. Now this CL generalizes that bit to
> IsConstructor, which says that whatever (Heap)Object you are looking at
> can be used as a constructor (i.e. the bit is also set for bound
> functions that can be used as constructors and proxies that have a
> [[Construct]] internal method).
>
> This way we have a single chokepoint for IsConstructor checking, which
> allows us to get rid of the various ways in which we tried to guess
> whether something could be used as a constructor or not.
>
> Drive-by-fix: Renamed IsConstructor on FunctionKind to
> IsClassConstructor to resolve the weird name clash, and the
> IsClassConstructor name also matches the spec.
>
> R=jarin@chromium.org, rossberg@chromium.org
> BUG=v8:4430
> LOG=n
>
> Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
> Cr-Commit-Position: refs/heads/master@{#30900}

TBR=jarin@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4430

Review URL: https://codereview.chromium.org/1360403002

Cr-Commit-Position: refs/heads/master@{#30901}
      656ebdce
    • bmeurer's avatar
      [es6] Introduce spec compliant IsConstructor. · 8de4d935
      bmeurer authored 
      There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).

This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.

Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.

R=jarin@chromium.org, rossberg@chromium.org
BUG=v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1358423002

Cr-Commit-Position: refs/heads/master@{#30900}
      8de4d935
  37. 23 Sep, 2015 1 commit
  39. 22 Sep, 2015 1 commit
    • bmeurer's avatar
      [ic] Introduce BOOLEAN state for CompareIC. · 10c5f2e8
      bmeurer authored 
      Slow path for relational comparison of boolean primitive values
now goes through the runtime, which made the slow path even
slower than it already was. So in order to repair the regression,
we just track boolean feedback for comparisons and use that
to generate decent code in Crankshaft (not the best possible
code, but good enough for Crankshaft; TurboFan will be able
to do better on that).

R=jarin@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1347063004

Cr-Commit-Position: refs/heads/master@{#30860}
      10c5f2e8
  41. 21 Sep, 2015 1 commit
    • bmeurer's avatar
      [ic] Also collect known map for relational comparison. · e56f265f
      bmeurer authored 
      Previously we only collected the known map for equality comparisons. But
if we also collect it for relational comparisons, we can inline a fast
path of ToPrimitive on the objects, which is especially interesting
since both sides have the same map.

For now we only inline a very limited subset of ToPrimitive in
Crankshaft, which is when the receiver map (and its prototype chain)
doesn't have @@toPrimitive, and both valueOf and toString are the
default versions on the %ObjectPrototype%. In this case the relational
comparison would reduce to a string comparison of "[object CLASS]" with
itself and so we can reduce that to a boolean constant plus map checks
on both left and right hand side, plus code dependencies on the
prototype chain. This repairs the regression on box2d.

R=jkummerow@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1355113002

Cr-Commit-Position: refs/heads/master@{#30852}
      e56f265f
  43. 18 Sep, 2015 1 commit
  45. 17 Sep, 2015 1 commit
    • chunyang.dai's avatar
      X87: Reland VectorICs: ia32 store ics need a virtual register. · ecc6e6c5
      chunyang.dai authored 
      port 1e00bb57 (r30737).

original commit message:

    (reason for revert/reland: patch incorrectly left --vector-stores flag
     on, helpfully revealing some gcstress issues to look at, but they
     don't need to block this CL).

    Some pretty hacky code was used to carry out the tail-call
    handler dispatch on ia32 vector stores due to a lack
    of free registers. It really tanks performance. A better
    approach is to use a virtual register on the isolate.

BUG=

Review URL: https://codereview.chromium.org/1344383002

Cr-Commit-Position: refs/heads/master@{#30781}
      ecc6e6c5
  47. 16 Sep, 2015 1 commit
  49. 15 Sep, 2015 1 commit
    • mvstanton's avatar
      Reland VectorICs: ia32 store ics need a virtual register. · 1e00bb57
      mvstanton authored 
      (reason for revert/reland: patch incorrectly left --vector-stores flag
 on, helpfully revealing some gcstress issues to look at, but they
 don't need to block this CL).

Some pretty hacky code was used to carry out the tail-call
handler dispatch on ia32 vector stores due to a lack
of free registers. It really tanks performance. A better
approach is to use a virtual register on the isolate.

BUG=
TBR=jkummerow@chromium.org, vogelheim@chromium.org

Review URL: https://codereview.chromium.org/1346573002

Cr-Commit-Position: refs/heads/master@{#30737}
      1e00bb57
  51. 14 Sep, 2015 2 commits
  53. 10 Sep, 2015 3 commits
  55. 09 Sep, 2015 2 commits
  57. 07 Sep, 2015 1 commit