- 30 Mar, 2022 1 commit
-
-
Jakob Gruber authored
.. with readability and simplicity in mind. - Rename OptimizationMarker to the (shorter) TieringState. 'Tiering' also matches 'TieringManager' terminology. - Rename the values: kNone -> kNone kInOptimizationQueue -> kInProgress kCompileFoo_NotConcurrent -> kRequestFoo_Synchronous kCompileFoo_Concurrent -> kRequestFoo_Concurrent - Likewise rename ConcurrencyMode::kNotConcurrent to kSynchronous. - Add predicates to test enum values. - Consistent lower case names for accessors on JSFunction and FeedbackVector. - Instead of having to call HasOptimizationMarker() before using any other accessor, simply have optimization_marker() return kNone if no feedback vector exists. - Drive-by: Enable the Unreachable() in MaybeOptimizeCode() unconditionally - this should never happen, there's no reason not to protect against this in release builds as well. Bug: v8:12161 Change-Id: I67c03e2b7bd0a6b86d0c64f504ad8cb47e9e26ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555774Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Auto-Submit: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#79669}
-
- 14 Feb, 2022 1 commit
-
-
Victor Gomes authored
This is a reland of c927ada7 Fix: Recalculate encoding after an allocation (that can potentially trigger GC) in EnsureHasFullTransitionArray. Original change's description: > [runtime] Refactor TransitionsAccessor > > Problems: > - The class uses a bare Map field, but some methods can trigger GC > causing it to have a potential dangling pointer in case of map > compaction. > - Some methods invalidate the object state and should not be used again. > - Complicate logic with a no_gc and a gc aware constructors. Some > methods can only be called if the object is constructed with a > particular constructor (e.g, Insert and PutPrototypeTransition). > > Note: Most usages of this class is done by constructing an object and > calling a single method: > `TransitionAccessor(...).Method(...)` > So we can easily change them to a static method. > > This CL: > 1. Adds DISALLOW_GARBAGE_COLLECTION to the class. > 2. Makes methods that can trigger GC static. > 3. Creates static helper functions that wrap the class in a different > scope, since TransitionsAccessor now forces the scope to disallow gc. > 4. Removes now unnecessary "Reload" logic. > > Bug: chromium:1295133, v8:12578 > Change-Id: I85484e7235fbd5e69894e26f5e1c491c6f69635e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450416 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Victor Gomes <victorgomes@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79051} Bug: chromium:1295133, v8:12578 Change-Id: If3880c2480433b78567870c8d14508d6ad9eccbd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460405Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#79069}
-
- 11 Feb, 2022 2 commits
-
-
Deepti Gandluri authored
This reverts commit c927ada7. Reason for revert: GC stress failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/37276/overview Original change's description: > [runtime] Refactor TransitionsAccessor > > Problems: > - The class uses a bare Map field, but some methods can trigger GC > causing it to have a potential dangling pointer in case of map > compaction. > - Some methods invalidate the object state and should not be used again. > - Complicate logic with a no_gc and a gc aware constructors. Some > methods can only be called if the object is constructed with a > particular constructor (e.g, Insert and PutPrototypeTransition). > > Note: Most usages of this class is done by constructing an object and > calling a single method: > `TransitionAccessor(...).Method(...)` > So we can easily change them to a static method. > > This CL: > 1. Adds DISALLOW_GARBAGE_COLLECTION to the class. > 2. Makes methods that can trigger GC static. > 3. Creates static helper functions that wrap the class in a different > scope, since TransitionsAccessor now forces the scope to disallow gc. > 4. Removes now unnecessary "Reload" logic. > > Bug: chromium:1295133, v8:12578 > Change-Id: I85484e7235fbd5e69894e26f5e1c491c6f69635e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450416 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Victor Gomes <victorgomes@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79051} Bug: chromium:1295133, v8:12578 Change-Id: Ia567cdcae73bc7fdfaf08b62eeeb899d6a933e21 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3456682 Auto-Submit: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#79052}
-
Victor Gomes authored
Problems: - The class uses a bare Map field, but some methods can trigger GC causing it to have a potential dangling pointer in case of map compaction. - Some methods invalidate the object state and should not be used again. - Complicate logic with a no_gc and a gc aware constructors. Some methods can only be called if the object is constructed with a particular constructor (e.g, Insert and PutPrototypeTransition). Note: Most usages of this class is done by constructing an object and calling a single method: `TransitionAccessor(...).Method(...)` So we can easily change them to a static method. This CL: 1. Adds DISALLOW_GARBAGE_COLLECTION to the class. 2. Makes methods that can trigger GC static. 3. Creates static helper functions that wrap the class in a different scope, since TransitionsAccessor now forces the scope to disallow gc. 4. Removes now unnecessary "Reload" logic. Bug: chromium:1295133, v8:12578 Change-Id: I85484e7235fbd5e69894e26f5e1c491c6f69635e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450416Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#79051}
-
- 13 Jan, 2022 1 commit
-
-
Jakob Gruber authored
CompleteInobjectSlackTracking potentially shrinks multiple maps, and the relation between these maps should be preserved in a concurrent environment. Thus it is not enough to make each modification atomically, but all related map modifications must be within a critical section. We do this by locking the map_updater_access mutex CompleteInobjectSlackTracking, and hence moving the function to the MapUpdater class. Bug: chromium:1274445,v8:7990 Change-Id: If99bb8b55e03180128ee397d845fa4c269c4241e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379819Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#78597}
-
- 18 Nov, 2021 1 commit
-
-
Jakob Gruber authored
Prior to this CL we regularly generated high counts of code dependencies, and installation was not the most efficient. This CL 1) implements early dependency deduplication and 2) simplifies the way dependencies are persisted on the heap through DependentCode. Re 1): we dedupe twice, once based on the CompilationDependency contents, and again once we know the final target object. Re 2): Instead of a linked list of weak fixed arrays per dependency group, store deps in a flat array together with a bitset of their dependency groups. See also: https://docs.google.com/document/d/1B34S1s3Iv6hbquZ93RugD0b-ZKfHEptJ8Fk_YyOvjDk/edit Bug: v8:12195,v8:12397 Change-Id: I9ab47f6d87b10558194b5de30a36b1122f7e362a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283074Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77969}
-
- 15 Nov, 2021 1 commit
-
-
Ng Zhi An authored
Bug: v8:12244,v8:12245 Change-Id: I3029cfb8e9afdcb5e53aa406359aa7246c23ea40 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3274021Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/main@{#77906}
-
- 09 Nov, 2021 1 commit
-
-
Ng Zhi An authored
Bug: v8:12244,v8:12245 Change-Id: I1ec0d96b645afa9bbda670918ce57be3698f50ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3265684 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#77804}
-
- 28 Sep, 2021 1 commit
-
-
Ng Zhi An authored
Bug: v8:12244 Change-Id: I7ea68dd74a376221631d7f56b4a012207f68a1ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182899Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/main@{#77129}
-
- 12 Aug, 2021 1 commit
-
-
Jakob Gruber authored
The concurrent version was added recently in crrev.com/c/3085262. - UnusedPropertyFields requires the MapUpdater lock. - instance_descriptors must be read atomically on the bg thread. Finally, there appears to be a false positive report for the pattern: x = is_concurrent ? foo(kAcquireLoad) : foo(); Here, clang emits code that executes both the atomic and nonatomic reads when is_concurrent is true. Needs more investigation. Bug: v8:7790, chromium:1239009 Change-Id: I07d442e72cf0278f79f202a267e8d246f8abca1b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090341 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76261}
-
- 11 Aug, 2021 1 commit
-
-
Jakob Gruber authored
.. to attempt to update deprecated maps. Used in JSHeapBroker::ReadFeedbackForPropertyAccess. Drive-by: Move Map::TryUpdate to MapUpdater to address an old TODO. Bug: v8:7790 Change-Id: Iaa791e204dd133f067014c0abdb23ef3b807a315 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085274 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#76224}
-
- 17 May, 2021 1 commit
-
-
Santiago Aboy Solanes authored
The instance_size of a live map can change via ShrinkInstanceSize. This change was outside of the scope of the MapUpdater. In order to have a consistent view of the data, the concurrent reader will access the map updater lock if needed. Also refactor MapUpdaterMutexDepthScope (now named `MapUpdaterGuardIfNeeded`) so that A) it's not possible to forget to lock it, and B) add V8_NODISCARD to the class. As a second refactor use std::function in TraverseCallback. Bug: v8:7790 Change-Id: I57dd00699ccb1c9f132a950db93704b07ca115ac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862765Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74592}
-
- 03 May, 2021 1 commit
-
-
Igor Sheludko authored
When fast deleting properties generalize all outgoing transitions to mutable instead of generalizing when property is reconfigured. Bug: chromium:1201938 Change-Id: I080f2f43de1691a742be2a2bec5cd20d02d78dbc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859960 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#74334}
-
- 08 Apr, 2021 1 commit
-
-
Jakob Gruber authored
This is part of moving towards MapUpdater as the bottleneck for map updates. Drive-by: Move helpers. Drive-by: Use a plain std::queue instead of a ZoneQueue in UpdateFieldType. Bug: v8:7790 Change-Id: Iff80a6e9bf3390a010305f7998d6f6dad2bce09f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807602 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73851}
-
- 06 Apr, 2021 1 commit
-
-
Igor Sheludko authored
... when reconfiguring property attributes. Bug: chromium:1195331 Change-Id: I65a29f0ad303a603207376a283e943480c4b18d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807608Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73810}
-
- 01 Apr, 2021 1 commit
-
-
Jakob Gruber authored
It's locked exclusively in the MapUpdater API methods, and locked shared in ComputePropertyAccessInfo (CPAI). This lock is a step towards running CPAI on background threads. The simple lock portion is landed separately in this CL to get an early signal on potential lock overhead perf impact. The lock is implemented and used very conservatively at the moment: - it's a single global lock (and not e.g. per-map). - it's locked for the entire method call duration (instead of only in relevant parts). Both points can potentially be improved in the future. Bug: v8:7790 Change-Id: I073423497e01b4901101973387a19962f953a576 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797286Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#73773}
-
- 08 Mar, 2021 2 commits
-
-
Igor Sheludko authored
Bug: chromium:1185463, v8:9233 Change-Id: I87ad8e1ddbbf106ae5221264b53d53aded2c4c51 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739633Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73259}
-
Santiago Aboy Solanes authored
If a method happens on the main thread and only on the main thread (i.e. it will never be run on the background), it is safer to use non-atomic accessors as TSAN will give warnings if we use them improperly. As a drive-by, pass the isolate as a parameter where it was readily available as it saves us from getting the isolate from the object later on. Bug: v8:7790 Change-Id: Id9bdd69254edc60b0331a32fccf1479a95b7d286 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732669Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#73251}
-
- 05 Mar, 2021 1 commit
-
-
Igor Sheludko authored
... to different attributes or different property kind. Bug: chromium:1161847, v8:9233 Change-Id: I5a6e1e012c6afcf09ed9da6bbf9f33c1007c3d99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727272Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73220}
-
- 23 Feb, 2021 1 commit
-
-
Marja Hölttä authored
Also fixes existing tests which were asserting the wrong behavior (that setting writable=false won't have an effect). The bug was introduced by https://chromium-review.googlesource.com/c/v8/v8/+/1442640 . Bug: chromium:1158138 Change-Id: I2d85721848eb4e7d530a980a9ecef7f8693bb9a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691050 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#72948}
-
- 11 Feb, 2021 1 commit
-
-
Santiago Aboy Solanes authored
Reasons: * We disabled it more than a year ago for all configs * Not easy to re-enable * Not compatible with pointer compression as-is * Not compatible with concurrent TP/TF as-is * No concrete plans to re-enable it Also remove Map's layout_descriptor since it was only used for double field unboxing. Bug: v8:11422 Change-Id: I9260906eac199213b3210712e9903f1ecf1d7979 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676637Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#72671}
-
- 20 Nov, 2020 1 commit
-
-
Leszek Swirski authored
Because of LocalHeap safepoints, our existing assert scopes don't necessarily maintain the same guarantees as desired. In particular, DisallowHeapAllocation no longer guarantees that objects don't move. This patch transitions DisallowHeapAllocation to DisallowGarbageCollection, to ensure that code using this scope is also protected against safepoints. Change-Id: I0411425884f6849982611205fb17bb072881c722 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2540547 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#71319}
-
- 12 Nov, 2020 1 commit
-
-
Igor Sheludko authored
which was enabled a long ago and is not supposed to be disabled. In addition this CL adds Representation::MightCauseMapDeprecation() predicate and ensures it's consistent with the existing MostGenericInPlaceChange() and CanBeInPlaceChangedTo(). Bug: v8:11104, v8:8865 Change-Id: Ia8046b76822c9b20fe3ce85de6b98570334aad21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527088 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#71151}
-
- 30 Oct, 2020 1 commit
-
-
Leszek Swirski authored
GeneralizeField already calculates the field owner. Change-Id: I0730471479d4289d3d027ea63178ddae659ee2b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507717 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#70891}
-
- 29 Oct, 2020 1 commit
-
-
Leszek Swirski authored
When searching for a target map during map update, attempt to update field representations in-place to the more general representation, where possible. Bug: chromium:1143772 Change-Id: I6a43c94910a1d2d8f8b0ad89048f94b51461f76c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507715 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70887}
-
- 05 Oct, 2020 1 commit
-
-
Santiago Aboy Solanes authored
We can use tag dispatching to distinguish between the synchronized and non-synchronized accessors. Also eliminated the need of adding explicit "synchronized" in the name when using the macros. As a note, we currently have one case of using both relaxed and synchronized accessors (Map::instance_descriptors). Cleaned up: * BytecodeArray::source_position_table * Code::code_data_container * Code::source_position_table * FunctionTemplateInfo::call_code * Map::instance_descriptors * Map::layout_descriptor * SharedFunctionInfo::function_data Bug: v8:7790 Change-Id: I5a502f4b2df6addb6c45056e77061271012c7d90 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424130 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70306}
-
- 19 Jun, 2020 1 commit
-
-
Maya Lekova authored
Avoid possible use-after-free. Fixed: v8:10210 Change-Id: Id8bdf70804448b5b793d9d593374f4b588fe3e87 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253841 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#68436}
-
- 11 Oct, 2019 1 commit
-
-
Jakob Kummerow authored
This is for consistency and compiler-enforced type safety. No change in behavior intended. Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#64244}
-
- 28 Aug, 2019 1 commit
-
-
Z Nguyen-Huu authored
Currently the backing store and elements kind might not aligned aka backing store can be dictionary where elements kind is frozen/sealed element kinds or the other way around. The reason is that Object.preventExtensions change elements kind to DICTIONARY while Object.seal/freeze change elements kind to SEALED/FROZEN element kind. Apply both these operations can lead to that problem as in chromium:992914 To solve this issue, we avoid Object.preventExtensions to change backing store to dictionary by introducing new nonextensible elements kind. These new nonextensible elements kind are handled similar to frozen, sealed element kinds. This change not only fixes the problem but also optimize the performance of nonextensible objects. Change-Id: Iffc7f14eb48223c11abf3c577f305d2d072eb65b Bug: chromium:992914, v8:6831 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760976 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63432}
-
- 19 Jun, 2019 1 commit
-
-
Leszek Swirski authored
Rather than starting a new, orphaned transition tree in various bailout cases, simply drop down into dictionary mode. Aside from potential memory benefits, this allows us to remove CopyGeneralizeAllFields, which was the only path along which fields could end up in a different order than their descriptors. Change-Id: I5577e8a1ca51f0ffdadd7504e7895f367605aa27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662298 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62279}
-
- 28 May, 2019 1 commit
-
-
Georg Schmid authored
R=bmeurer@chromium.org Change-Id: I88f3300d34b185e88f8b6f391346630a7c22ecb4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631422Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Schmid <gsps@google.com> Cr-Commit-Position: refs/heads/master@{#61869}
-
- 27 May, 2019 3 commits
-
-
Benedikt Meurer authored
This is a reland of 4b86fea5 with copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed (bug led to holes in new space, which was crashing reproducibly on the ia32 bot). Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} Tbr: petermarshall@chromium.org Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61864}
-
Clemens Hammacher authored
This reverts commit 4b86fea5. Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045 Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61856}
-
Benedikt Meurer authored
As the next step in supporting huge typed arrays in V8, this moves the external/data pointer from the FixedTypedArrayBase backing store to the JSTypedArray instance itself, and replaces the special backing stores with a plain ByteArray (removing all the code for the FixedTypedArrayBase class hierarchy). By doing so, we can drastically simplify the system around typed arrays. Note: Several places in the code base used to check the instance type of the elements backing store of a JSTypedArray instead of checking the elements kind on the JSTypedArray map directly. Those had to be fixed, since the backing store is now always a ByteArray. Drive-by-fix: Move all the typed elements access related code into the elements.cc file to properly encapsulate the accesses. Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61855}
-
- 23 May, 2019 3 commits
-
-
Yang Guo authored
TBR=bmeurer@chromium.org,leszeks@chromium.org Bug: v8:9247 Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61769}
-
Clemens Hammacher authored
This CL was generated by an automatic clang AST rewriter using this matcher expression: callExpr( callee( cxxMethodDecl( hasName("operator->"), ofClass(isSameOrDerivedFrom("v8::internal::Object")) ) ), argumentCountIs(1) ) The "->" at the expression location was then rewritten to ".". R=jkummerow@chromium.org TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org Bug: v8:9183, v8:3770 No-Try: true No-Tree-Checks: true Change-Id: I0a7ecabdeafe51d0cf427f5280af0c7cab96869e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624209Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61764}
-
Yang Guo authored
Bug: v8:9247 Change-Id: I0023200c54fa6499ae4e2cf5e4c89407cc35f187 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624218Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61762}
-
- 22 May, 2019 1 commit
-
-
Yang Guo authored
Bug: v8:9247 Change-Id: I79e0553e8a0d6dac2aa16b94a6c0e05b6ccde4a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621934 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61725}
-
- 21 May, 2019 1 commit
-
-
Toon Verwaest authored
This was already unsupported by the map updated because the condition was manually checked before CanBeInPlaceChangedTo. Since the latter function missed the check, however, new code using the function (json parser) missed the relevant check. Simply move the condition to the function. Bug: chromium:964869 Change-Id: I9424a5706c5f6d637acbf532707da3f1e7d9b55e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622114 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61703}
-
- 20 May, 2019 1 commit
-
-
Z Duong Nguyen-Huu authored
When reconfigure data field (e.g. change representation), it was allowed to transition from dictionary elements kind to sealed elements kind. With this change, this transition is forbidden. Bug: chromium:963346 Change-Id: I6c9a5f6f269bc5ee4cd6176ff5e8d803f08dba1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613840 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61670}
-