Skip to content

V
V8
Switch branch/tag
  1. 23 Jun, 2021 1 commit
    • Mihir Shah's avatar
      A jump-table implementation for constant case switch statements · 9711289d
      Mihir Shah authored 
      The change is made since for switch statements with lots of cases,
where each case is a constant integer, the emitted bytecode is still
a series of jumps, when we can instead use a jump table.

If there are 6 or more cases (similar to GCC) of Smi literals, and
if the max Smi case minus the min Smi case is not more than 3 times
the number of cases, we use a jump table up front to handle Smi's,
and then use traditional if-else logic for the rest of the cases.

We then use the jump table in interpreter/bytecode-jump-table to
do the optimization.

This tries to go off issue 9738 in v8's issue tracker. It is not
exactly the same, since that recommends doing the work at JIT-time,
but has similar ideas. It also partially goes off issue 10764.

Bug: v8:9738
Change-Id: Ic805682ee3abf9ce464bb733b427fa0c83a6e10c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904926Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75323}
      9711289d
  3. 09 Jun, 2021 1 commit
  5. 02 Jun, 2021 1 commit
  7. 31 May, 2021 1 commit
  9. 14 May, 2021 1 commit
  11. 27 Apr, 2021 1 commit
  13. 20 Apr, 2021 1 commit
  15. 12 Apr, 2021 2 commits
    • Wenyu Zhao's avatar
      Allowing map word to be used for other state in GC header. · 5e0b94c4
      Wenyu Zhao authored 
      This CL adds features to pack/unpack map words.

Currently V8 cannot store extra metadata in object headers -- because V8
objects do not have a proper header, but only a map pointer at the start
of the object. To store per-object metadata like marking data, a side
table is required as the per-object metadata storage.

This CL enables V8 to use higher unused bits in a 64-bit map word as
per-object metadata storage. Map pointer stores come with an extra step
to encode the metadata into the pointer (we call it "map packing").
Map pointer loads will also remove the metadata bits as well (we call it
"map packing").

Since the map word is no longer a valid pointer after packing, we also
change the tag of the packed map word to make it looks like a Smi. This
helps various GC and barrier code to correctly skip them instead of
blindly dereferencing this invalid pointer.

A ninja flag `v8_enable_map_packing` is provided to turn this
map-packing feature on and off. It is disabled by default.

* Only works on x64 platform, with `v8_enable_pointer_compression`
  set to `false`

Bug: v8:11624
Change-Id: Ia2bdf79553945e5fc0b0874c87803d2cc733e073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247561Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73915}
      5e0b94c4
    • Brendon Tiszka's avatar
      [builtins] Harden Array.prototype.concat. · 8284359e
      Brendon Tiszka authored 
      Defence in depth patch to prevent JavaScript from executing
from within IterateElements.

R=ishell@chromium.org
R=cbruni@chromium.org

Bug: chromium:1195977
Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819941Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73898}
      8284359e
  17. 08 Apr, 2021 2 commits
  19. 29 Mar, 2021 1 commit
  21. 24 Mar, 2021 1 commit
  23. 22 Feb, 2021 1 commit
  25. 09 Feb, 2021 1 commit
  27. 08 Dec, 2020 1 commit
  29. 07 Dec, 2020 1 commit
  31. 09 Nov, 2020 1 commit
  33. 27 Oct, 2020 1 commit
  35. 13 Oct, 2020 2 commits
  37. 16 Sep, 2020 1 commit
  39. 07 Sep, 2020 1 commit
  41. 03 Sep, 2020 1 commit
    • Jakob Kummerow's avatar
      Revert "Check interrupts in runtime BigInt parser" · ec49e377
      Jakob Kummerow authored 
      This reverts commit 825c61d8.

Reason for revert: Processing interrupts triggers a DisallowHeapAllocation scope failure.

Original change's description:
> Check interrupts in runtime BigInt parser
> 
> The BigInt constructor has quadratic complexity while parsing strings,
> and the input is unbounded. Interrupts should be checked during this
> operation to ensure the host has control over runaway execution.
> 
> Change-Id: I15db9adeeafadc7b866a395dd8263aa8c2109ce8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384166
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69679}

TBR=jkummerow@chromium.org,leszeks@chromium.org,marcel@laverdet.com

Bug: chromium:1124477
# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I1ba8c1de1f809f71a1c4fae9b56a8bd40f9f7e7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2392815Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69703}
      ec49e377
  43. 02 Sep, 2020 3 commits
  45. 31 Aug, 2020 2 commits
    • Brendan Shanks's avatar
      Use NtCurrentTeb() in GetStackStart() to fix 64-bit Wine on macOS · c40c8f7d
      Brendan Shanks authored 
      When running 64-bit Windows binaries on macOS using Wine, there is a
conflict between macOS's use of GS to point to pthread thread-specific
data, and Windows' use of GS to point to the TEB.

Apple has reserved some TSD slots for use by Wine to store commonly-used
TEB members (such as 0x30, the 'Self' pointer to the TEB).
But, other direct GS accesses by Windows programs (such as to
'StackBase') will return macOS pthread data rather than the TEB member.
This was causing a V8 unit test to crash on macOS under Wine.

Using NtCurrentTeb() gets the 'Self' pointer first, then dereferences
it to access the correct 'StackBase', fixing the crash.
This turns GetStackStart() from one instruction into two.

Chrome (http://crrev.com/c/2380425) and Crashpad also use
NtCurrentTeb().

The 32-bit change isn't needed, but is just for consistency.

Bug: chromium:1121842
Change-Id: I824f893aa451d8570142226be91840c964426f38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381941Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69627}
      c40c8f7d
    • Tianping Yang's avatar
      [test] Add a test case to the snaphot with all function code · a96715b0
      Tianping Yang authored 
      By eager compile all functions in the startup snapshot, the startup
snapshot can contain all function codes without warm-up.

BUG=v8:4836
R=yangguo@chromium.org

Change-Id: I07e86b6940c2fe75816df8ae429d110272216d0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379535Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69624}
      a96715b0
  47. 05 Aug, 2020 1 commit
  49. 07 Jul, 2020 1 commit
  51. 18 Jun, 2020 1 commit
  53. 25 May, 2020 1 commit
  55. 14 May, 2020 1 commit
  57. 27 Apr, 2020 1 commit
  59. 17 Apr, 2020 1 commit
    • Jiaxun Yang's avatar
      [builtins][MIPS]: Workaround gas auto-align issue · 72a6e594
      Jiaxun Yang authored 
      GAS have a auto-align function which will align all the directive
data into it's nature boundary. And we're using .octa to present
data in embedded.S, which will be auto-aligned into 128-bit boundary.
It can break relatve offset in generated binary.
So we workaround it by forcing generate .long DataDirective on MIPS.

Also I rewoked WriteByteChunk so it can accept any kind of directive
now. Further more, implementation of HexLiteral is indentical on
generic, aix and mac so I merged them into base.

Bug: v8:10420
Change-Id: I0ff791412360769510735659f909524c5f96d3e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2153187Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67198}
      72a6e594
  61. 01 Apr, 2020 1 commit
  63. 23 Mar, 2020 1 commit
    • Eric Rannaud's avatar
      [cpu-profile] Timestamps in tracing events args stay in monotonic time · 668aafb5
      Eric Rannaud authored 
      On Linux, Perfetto translates the builtin "ts" timestamp in trace event
from CLOCK_MONOTONIC to CLOCK_BOOTTIME, before passing them to devtools.
Devtools therefore implicitly operates on timestamps that are in
CLOCK_BOOTTIME.

However, additional timestamps sent in trace event payload arguments
will not be converted to CLOCK_BOOTTIME by Perfetto, raising the
possibility of devtools using timestamps from multiple clock domains
incorrectly.

Since trace events sent by CpuProfile also include the builtin "ts"
trace timestamp (sampled from CLOCK_MONOTONIC nearly at the same time by
the tracing framework), sending "data.startTime" and "data.endTime" is
essentially redundant. devtools-frontend:2113957 stops the use of the
value of these timestamps in the payload of Profile and ProfileChunk
events. Devtools continue to use the presence of these arguments to
indentify start and end profile events.

ProfileChunk events also include "timeDeltas" which are relative
timestamps. They are also in CLOCK_MONOTONIC and are not translated by
Perfetto. devtools-frontend:2113957 computes absolute CLOCK_BOOTTIME
timestamps from timeDeltas by adding them to "ts" in the "Profile" event
(previously, "data.startTime" was used). This is only valid if the
system is not suspended/resumed during profiling. Providing support for
suspend/resume in the middle of profiling will likely involve having
Perfetto convert "timeDeltas" directly to CLOCK_BOOTTIME.

This CL introduces no code changes and only adds comments to explain
the above.

BUG=chromium:1055871

Change-Id: I649dfcce8ea1a100c0ecfe03f843c7cb1fdd6f33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2114001
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66820}
      668aafb5
  65. 19 Mar, 2020 1 commit
  67. 10 Mar, 2020 1 commit
    • Janusz Majnert's avatar
      Make torque emit structs in classes in order · 5a04c5ce
      Janusz Majnert authored 
      Torque compiler emits a C++ class definition header
class-definitions-tq.h. Unfortunately it does so in a manner that
introduces randomness into the ordering of some structs. This means that
every full build of V8 may yield a different header.
Since this header is included in a lot of files in V8, it causes a lot
of ccache misses (over a 1000).

This commit makes sure that the structs are emitted in lexical order.

Bug: v8:10310
Change-Id: Ie39066d36e41583ff990bc639f7f241462351585
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093500
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66645}
      5a04c5ce