Skip to content

V
V8
Switch branch/tag
  1. 19 May, 2022 1 commit
  3. 16 May, 2022 1 commit
  5. 27 Apr, 2022 1 commit
  7. 26 Aug, 2021 1 commit
    • Jakob Gruber's avatar
      [regexp] Early errors 🤯 · a56874d3
      Jakob Gruber authored 
      This CL implements early SyntaxErrors for regular expressions. Early
errors are thrown when a malformed pattern is parsed, rather than when
the code first runs.

We do this by having the JS parser call into the regexp parser when
a regexp pattern is found. Regexps are expected to be relatively
rare, small, and cheap to parse - that's why we currently accept that
the regexp parser does unnecessary work (e.g. creating the AST
structures).

If needed, we can optimize in the future. Ideas:

- Split up the regexp parser to avoid useless work for syntax validation.
- Preserve parser results to avoid reparsing later.

Bug: v8:896
Change-Id: I3d1ec18c980ba94439576ac3764138552418b85d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106647
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarPatrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76502}
      a56874d3
  9. 12 Sep, 2019 1 commit
  11. 29 Jan, 2019 1 commit
  13. 11 Dec, 2018 1 commit
  15. 24 Oct, 2018 1 commit
    • peterwmwong's avatar
      Reland "[builtins] Fix Array.p.join length overflow and invalid string length handling" · 4e12baa6
      peterwmwong authored 
      This is a reland of ec969ea3

Temporarily removes high memory usage test.

Original change's description:
> [builtins] Fix Array.p.join length overflow and invalid string length handling
>
> - Fixes and simplify allocating the temporary fixed array for ToString-ed elements.
>   - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail.
>   - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback.
>
> - Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack.
>
> Bug: chromium:897404
> Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591
> Reviewed-on: https://chromium-review.googlesource.com/c/1293070
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56907}

Bug: chromium:897404
Change-Id: I4995893f6f9724b26c231d05619ad65dbccc7223
Reviewed-on: https://chromium-review.googlesource.com/c/1297675Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#56946}
      4e12baa6
  17. 23 Oct, 2018 2 commits
    • Jakob Kummerow's avatar
      Revert "[builtins] Fix Array.p.join length overflow and invalid string length handling" · 7a975d11
      Jakob Kummerow authored 
      This reverts commit ec969ea3.

Reason for revert: test fails consistently on arm bots.
I can't repro the failure locally, but it does consume ~512MB of memory (for a single string, I think?), so my guess is that the bots don't have enough contiguous address space.

Original change's description:
> [builtins] Fix Array.p.join length overflow and invalid string length handling
> 
> - Fixes and simplify allocating the temporary fixed array for ToString-ed elements.
>   - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail.
>   - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback.
> 
> - Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack.
> 
> Bug: chromium:897404
> Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591
> Reviewed-on: https://chromium-review.googlesource.com/c/1293070
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56907}

TBR=danno@chromium.org,peter.wm.wong@gmail.com,jgruber@chromium.org,tebbi@chromium.org

Change-Id: I8ca80bd75833aacc94ccb25ceb82bbc8880991db
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:897404
Reviewed-on: https://chromium-review.googlesource.com/c/1297471Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56915}
      7a975d11
    • peterwmwong's avatar
      [builtins] Fix Array.p.join length overflow and invalid string length handling · ec969ea3
      peterwmwong authored 
      - Fixes and simplify allocating the temporary fixed array for ToString-ed elements.
  - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail.
  - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback.

- Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack.

Bug: chromium:897404
Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591
Reviewed-on: https://chromium-review.googlesource.com/c/1293070
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56907}
      ec969ea3
  19. 02 May, 2018 1 commit
  21. 23 Apr, 2018 1 commit
  23. 29 Nov, 2017 2 commits
  25. 14 Nov, 2017 1 commit
  27. 02 Nov, 2017 1 commit
  29. 30 Oct, 2017 1 commit
    • peterwmwong's avatar
      [builtins] Port WeakMap.p.set and WeakSet.p.add to CSA from JS · 7ae0a2f9
      peterwmwong authored 
      - Add WeakMapPrototypeSet and WeakSetPrototypeAdd TFJ builtins
  - Fast paths for...
    1) existing key
    2) new key when ObjectHashTable has a "sufficient capacity"
- Create WeakCollectionsBuiltinsAssembler to consolidate common WeakMap/WeakSet code generation
- Convert existing WeakMapLookupHashIndex to use WeakCollectionsBuiltinsAssembler

Some quick benchmarks shows performance gains of...
- 1.56x - 1.98x for WeakMap constructor
- 1.66x - 2.06x for WeakSet constructor
- 1.50x - 2.11x for WeakMap.p.set
- 1.54x - 2.26x for WeakSet.p.add

https: //github.com/peterwmwong/v8-perf/blob/master/weakcollection-set/README.md
Bug: v8:5049, v8:6604
Change-Id: I3499d46be6b2b3b1d8d46720ebe86cc5142ee542
Reviewed-on: https://chromium-review.googlesource.com/737935
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49036}
      7ae0a2f9
  31. 20 Oct, 2017 1 commit
    • Mathias Bynens's avatar
      [js] Remove CHECK_OBJECT_COERCIBLE for Array methods · 35b6aa38
      Mathias Bynens authored 
      The spec got rid of `CheckObjectCoercible` a while back, and so should
we. This change is not observable in most of the affected cases since
`ToObject` is up near the top of most Array method algorithms. An
example of an observable effect of this change occurs for the following
input:

    Array.prototype.sort.call(null, 1);

Behavior before applying the patch (incorrect message):

    TypeError: Array.prototype.sort called on null or undefined

Expected behavior:

    TypeError: The comparison function must be either a function or
               undefined

This patch removes `CheckObjectCoercible` and adds tests to ensure the
few observable cases are addressed correctly.

The patch also adds a missing `ToObject(this)` to
`Array.prototype.lastIndexOf` which would otherwise become observable
as a result of `CheckObjectCoercible` being removed.

BUG=v8:3577,v8:6921

Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia086095076c4bf4d8d58dab26bc28df02994ed01
Reviewed-on: https://chromium-review.googlesource.com/718577Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48800}
      35b6aa38
  33. 16 Oct, 2017 1 commit
    • peterwmwong's avatar
      [builtins] Port String.prototype.{padStart, padEnd} to CSA · 33b23529
      peterwmwong authored 
      - Extract core StringPrototypeRepeat code into a TFS builtin (StringRepeat)
  - Assumes arguments are a string and smi (no range checks)
- Add StringPrototypePadStart and StringPrototypePadEnd TFJ builtins
  - Added StringPadAssembler to ensure common behavior
- Removed functionality from string.js

A quick benchmark shows significant performance gains for unoptimized
code (2.1x to 2.46x) and optimized code (1.03x - 1.56x).

https: //github.com/peterwmwong/v8-perf/blob/master/string-pad/README.md
Bug: v8:5049
Change-Id: I6e4fe99fb62a3edb3d6906fd4f78b3576b5b0d13
Reviewed-on: https://chromium-review.googlesource.com/720067
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48595}
      33b23529
  35. 11 Oct, 2017 1 commit
  37. 15 Sep, 2017 1 commit
  39. 06 Sep, 2017 1 commit
  41. 23 Aug, 2017 1 commit
  43. 20 Jul, 2017 1 commit
  45. 20 Jun, 2017 1 commit
    • bmeurer's avatar
      [turbofan] Introduce new JSCallWithArrayLike operator. · 767ce788
      bmeurer authored 
      Add a new JSCallWithArrayLike operator that is backed by the
CallWithArrayLike builtin, and use that operator for both
Function.prototype.apply and Reflect.apply inlining. Also unify
the handling of JSCallWithArrayLike and JSCallWithSpread in
the JSCallReducer to reduce the copy&paste overhead.

Drive-by-fix: Add a lot of test coverage for Reflect.apply and
Function.prototype.apply in optimized code, especially for some
corner cases, which was missing so far.

BUG=v8:4587,v8:5269
R=petermarshall@chromium.org

Review-Url: https://codereview.chromium.org/2950773002
Cr-Commit-Position: refs/heads/master@{#46041}
      767ce788
  47. 19 Apr, 2017 1 commit
  49. 18 Apr, 2017 2 commits
  51. 06 Apr, 2017 1 commit
  53. 03 Apr, 2017 2 commits
  55. 30 Mar, 2017 1 commit
  57. 14 Feb, 2017 1 commit
  59. 13 Feb, 2017 6 commits
  61. 05 Sep, 2016 1 commit