1. 02 Mar, 2018 2 commits
  2. 01 Mar, 2018 2 commits
  3. 27 Feb, 2018 1 commit
  4. 26 Feb, 2018 1 commit
  5. 22 Feb, 2018 2 commits
    • Benedikt Meurer's avatar
      [cleanup] Introduce a dedicated FeedbackCell. · aff1f378
      Benedikt Meurer authored
      This is preparatory cleanup work for eventually tracking the functions
      (rather than concrete closures) in the CALL_IC, also for builtins like
      the default PromiseCapability [[Resolve]] and [[Reject]] functions. It
      adds a new FeedbackCell type, which is used by JSFunctions consistently
      now to reference the feedback vector (or undefined if not the function
      is not compiled yet or is a native/asm.js function).
      
      This also changes the calling convention for FastNewClosure builtin and
      the JSCreateClosure operator in TurboFan to carry the FeedbackCell here
      instead of the parent FeedbackVector and the slot index. In addition we
      eliminate the now unused %InterpreterNewClosure runtime function.
      
      Bug: v8:2206, v8:7253, v8:7310
      Change-Id: Ib4ce456e276e0273e57c163dcdd0b33abf863656
      Reviewed-on: https://chromium-review.googlesource.com/928403
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51474}
      aff1f378
    • Sathya Gunasekaran's avatar
      [class] Throw on private field access miss · f3cfe095
      Sathya Gunasekaran authored
      Private fields should not return undefined on access miss, but instead
      should throw a TypeError.
      
      This patch uses a bit on v8::Symbol to mark if this symbol is a
      private field or not.
      
      This patch also changes the LookupIterator code path that deals with
      LookupIterator::State::DATA to deal with JSReceiver instead of
      JSObject.
      
      Note: the error message doesn't output the field name, but that's a
      WIP.
      
      Bug: v8:5368
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Change-Id: I8ae960b478eb6ae1ebf9bc90658ce3654d687977
      Reviewed-on: https://chromium-review.googlesource.com/905627
      Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51452}
      f3cfe095
  6. 16 Feb, 2018 2 commits
    • Benedikt Meurer's avatar
      [async-await] Eliminate throwaway promise in async functions. · a840f1f8
      Benedikt Meurer authored
      The ES2017 specification contains a so-called "throwaway" promise that
      is used to specify the behavior of await in terms of PerformPromiseThen,
      but it's actually not necessary and never exposed to user code. In
      addition to that, hooking up the promise in await required a context (to
      refer to the generator object) and two closures for the reject/fulfill
      handling, which would resume the generator corresponding to the async
      function. That meant, we had to allocate 4 additional objects for every
      await.
      
      Instead of using a JSPromise plus the callbacks, this CL adds logic to
      allow PromiseReaction and PromiseReactionJobTask to carry arbitrary
      payloads and Code handlers. We use this for await to avoid the
      additional 4 objects mentioned above, and instead just have simple Code
      handlers that resume the generator (for the async function), either by
      throwing (in case of a rejection) or by resuming normally (in case of
      fulfillment).
      
      For this to work properly the JSGeneratorObject has to have a link to
      the outer promise returned by the async function, so that the catch
      prediction can still figure out what to do in case of promise rejection.
      This is done by adding a new generator_outer_promise_symbol when the
      debugger is active, which refers from the generator to the outer
      promise.
      
      With this change the doxbee-async-es2017-native test goes from around
      100.54ms to around 82.45ms, which corresponds to a ~18% reduction in
      execution time.
      
      Bug: v8:7253
      Change-Id: Iae25b3300bac351c3417be5ae687eff469b0e61f
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/924069Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51334}
      a840f1f8
    • Camillo Bruni's avatar
      [runtime] Add SCOPE_INFO_TYPE InstanceType · 8255eeb9
      Camillo Bruni authored
      Bug: v8:7310
      Change-Id: I82e7ada4c0f7e415887a859719eb01bb45fd3012
      Reviewed-on: https://chromium-review.googlesource.com/921742Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Commit-Queue: Camillo Bruni <cbruni@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51324}
      8255eeb9
  7. 15 Feb, 2018 1 commit
  8. 12 Feb, 2018 1 commit
  9. 08 Feb, 2018 1 commit
    • Adam Klein's avatar
      Revert "[builtins] Mega-revert to address the Dev blocker in crbug.com/808911." · 3916401e
      Adam Klein authored
      This reverts commit 14108f4c.
      
      Reason for revert: Not the culprit for Canary microtask crashes
      
      Original change's description:
      > [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
      > 
      > - Revert "[builtins] Save one word in contexts for Promise.all."
      >   This reverts commit 7632da06.
      > - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
      >   This reverts commit d4f072ce.
      > - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
      >   This reverts commit 6703dacd.
      > - Revert "[debugger] Properly deal with settled promises in catch prediction."
      >   This reverts commit 40dd0658.
      > - Revert "[builtins] Widen the fast-path for Promise builtins."
      >   This reverts commit db0556b7.
      > - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
      >   This reverts commit a582199c.
      > - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
      >   This reverts commit 6bf88852.
      > - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
      >   This reverts commit 313b490d.
      > - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
      >   This reverts commit f7bd6a2f.
      > - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
      >   This reverts commit b23b098f.
      > - Revert "[promise] Remove incorrect fast path"
      >   This reverts commit 0f6eafe8.
      > - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
      >   This reverts commit 8a677a28.
      > - Revert "[builtins] Refactor promises to reduce GC overhead."
      >   This reverts commit 8e7737cb.
      > 
      > Tbr: hpayer@chromium.org
      > Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      > Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
      > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      > Reviewed-on: https://chromium-review.googlesource.com/906991
      > Commit-Queue: Yang Guo <yangguo@chromium.org>
      > Commit-Queue: Adam Klein <adamk@chromium.org>
      > Reviewed-by: Adam Klein <adamk@chromium.org>
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#51158}
      
      Change-Id: I09d958cbebd635a325809072a290f2f53df8c5d4
      Tbr: adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
      Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/908988Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51181}
      3916401e
  10. 07 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Mega-revert to address the Dev blocker in crbug.com/808911. · 14108f4c
      Benedikt Meurer authored
      - Revert "[builtins] Save one word in contexts for Promise.all."
        This reverts commit 7632da06.
      - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
        This reverts commit d4f072ce.
      - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
        This reverts commit 6703dacd.
      - Revert "[debugger] Properly deal with settled promises in catch prediction."
        This reverts commit 40dd0658.
      - Revert "[builtins] Widen the fast-path for Promise builtins."
        This reverts commit db0556b7.
      - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
        This reverts commit a582199c.
      - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
        This reverts commit 6bf88852.
      - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
        This reverts commit 313b490d.
      - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
        This reverts commit f7bd6a2f.
      - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
        This reverts commit b23b098f.
      - Revert "[promise] Remove incorrect fast path"
        This reverts commit 0f6eafe8.
      - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
        This reverts commit 8a677a28.
      - Revert "[builtins] Refactor promises to reduce GC overhead."
        This reverts commit 8e7737cb.
      
      Tbr: hpayer@chromium.org
      Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/906991
      Commit-Queue: Yang Guo <yangguo@chromium.org>
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51158}
      14108f4c
  11. 31 Jan, 2018 2 commits
    • Benedikt Meurer's avatar
      [builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field. · 8a677a28
      Benedikt Meurer authored
      A given JSPromise can either be in pending state, and accumulates
      reactions, or in settled state, where all reactions are scheduled
      as microtasks, and it carries a result. So we can use a single field
      on the JSPromise instance to hold both the result and the reactions
      and that field is interpreted differently depending on the status of
      the JSPromise.
      
      Bug: v8:7253
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Change-Id: I19a7d499c88f452f0d35979ab95deb110021cde9
      Reviewed-on: https://chromium-review.googlesource.com/895528Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51004}
      8a677a28
    • Benedikt Meurer's avatar
      [builtins] Refactor promises to reduce GC overhead. · 8e7737cb
      Benedikt Meurer authored
      This implements the ideas outlined in the section "Microtask queue"
      of the exploration document "Promise and async/await performance" (at
      https://goo.gl/WHRar2), except that the microtask queue stays a linear
      FixedArray for now, to avoid running into trouble with the parallel
      scavenger. This way we can already save a significant amount of
      allocations, thereby reducing the GC frequency quite a bit.
      
      All items on the microtask queue are now proper structs that subclass
      Microtask, i.e. we also wrap JSFunction and MicrotaskCallback jobs
      into structs. We also consistently remember the context for every
      microtask (except for MicrotaskCallback where we don't have a
      context), and execute it later in exactly that context (as required
      by the spec anyways for the Promise related jobs). Particularly
      interesting is the PromiseReactionJobTask and its subclasses, since
      they are designed to have the same size as the PromiseReaction. When
      we resolve a JSPromise we just take the existing PromiseReaction
      instances and morph them into PromiseFulfillReactionJobTask or
      PromiseRejectReactionJobTask (depending whether you "Fulfill" or
      "Reject"). That way the JSPromise class is now only 6 words instead
      of 10 words.
      
      Also the PromiseReaction and the reaction tasks can either carry a
      JSPromise (for the fast native case) or a PromiseCapability (for the
      generic case), which means we don't always pay the overhead of having
      to also remember the "deferred resolve" and "deferred reject" handlers
      that are only relevant for the generic case anyways.
      
      It also fixes a spec violation where we called "then" before we actually
      enqueued the PromiseResolveThenableJob, which is observably wrong.
      Calling it later has the advantage that it should be fairly
      straight-forward now to completely avoid it for native Promise
      instances.
      
      This seems to save around 10-20% on the various Promise benchmarks and
      micro-benchmarks. We expect to gain even more as we're now able to
      inline various operations into TurboFan optimized code easily.
      
      Bug: v8:7253
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Change-Id: I893d24ca5bb046974b4f5826a8f6dd22f1210b6a
      Reviewed-on: https://chromium-review.googlesource.com/892819
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50980}
      8e7737cb
  12. 25 Jan, 2018 1 commit
  13. 24 Jan, 2018 1 commit
  14. 10 Jan, 2018 1 commit
    • Timothy Gu's avatar
      [proxy] Set [[ProxyTarget]] to null during revocation · 5b9adade
      Timothy Gu authored
      Before this, only the [[ProxyHandler]] was set to null during revocation
      of the Proxy through either the v8::Proxy::Revoke() or the
      Proxy.revocable() API. To be consistent with the spec, the Proxy's
      target is set to null as well. This change should not be observable
      through JS, since the check for if the Proxy is revoked should always
      use the handler. But the changed value is exposed through the public
      v8::Proxy::GetTarget() API, which is used by the inspector API and
      Node.js.
      
      Also included is a much more comprehensive test for Inspector's support
      for Proxy, which prior to this commit did not work as intended.
      
      Bug: 
      Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
      Change-Id: I727607ec2b3cea8642cd636573932c1e6bb5cc07
      Reviewed-on: https://chromium-review.googlesource.com/854676
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50476}
      5b9adade
  15. 18 Dec, 2017 1 commit
  16. 14 Dec, 2017 2 commits
  17. 08 Dec, 2017 1 commit
  18. 06 Dec, 2017 1 commit
  19. 02 Dec, 2017 1 commit
    • Mathias Bynens's avatar
      Normalize casing of hexadecimal digits · 822be9b2
      Mathias Bynens authored
      This patch normalizes the casing of hexadecimal digits in escape
      sequences of the form `\xNN` and integer literals of the form
      `0xNNNN`.
      
      Previously, the V8 code base used an inconsistent mixture of uppercase
      and lowercase.
      
      Google’s C++ style guide uses uppercase in its examples:
      https://google.github.io/styleguide/cppguide.html#Non-ASCII_Characters
      
      Moreover, uppercase letters more clearly stand out from the lowercase
      `x` (or `u`) characters at the start, as well as lowercase letters
      elsewhere in strings.
      
      BUG=v8:7109
      TBR=marja@chromium.org,titzer@chromium.org,mtrofin@chromium.org,mstarzinger@chromium.org,rossberg@chromium.org,yangguo@chromium.org,mlippautz@chromium.org
      NOPRESUBMIT=true
      
      Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
      Change-Id: I790e21c25d96ad5d95c8229724eb45d2aa9e22d6
      Reviewed-on: https://chromium-review.googlesource.com/804294
      Commit-Queue: Mathias Bynens <mathias@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49810}
      822be9b2
  20. 01 Dec, 2017 1 commit
  21. 23 Nov, 2017 1 commit
  22. 22 Nov, 2017 1 commit
  23. 19 Nov, 2017 1 commit
  24. 17 Nov, 2017 2 commits
    • Jakob Kummerow's avatar
      [bigint] Encapsulate internals in MutableBigInt · 977da550
      Jakob Kummerow authored
      This CL creates the invariant that the BigInt class treats
      BigInt objects as immutable. Writing to new BigInt objects
      as part of their construction is done by the MutableBigInt
      helper class, which in turn is hidden as an implementation
      detail in bigint.cc.
      As a side effect, this refactoring enforces right-trimming
      checks for all newly created BigInts, and ensures that all
      BigInt allocations possibly exceeding kMaxLength check for
      this case and throw a RangeError instead of crashing.
      
      Bug: v8:6791
      Tbr: mlippautz@chromium.org
      Change-Id: Id239746108e6b076b47a03ba37462001eb501507
      Reviewed-on: https://chromium-review.googlesource.com/742329
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49462}
      977da550
    • Leszek Swirski's avatar
      [cleanup] Move preparsed data into function data in SFI · 5aa6f589
      Leszek Swirski authored
      Since we only ever have preparsed scope info data for functions that
      haven't been parsed yet, it never overlaps with there being other
      function data (such as a bytecode array). So, we can merge the two
      fields.
      
      This drops the SharedFunctionInfo size by one pointer.
      
      Bug: chromium:783853
      Change-Id: I7166010271cf661b04d3d118ac87c65c79555f96
      Reviewed-on: https://chromium-review.googlesource.com/774863Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarMarja Hölttä <marja@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49445}
      5aa6f589
  25. 13 Nov, 2017 1 commit
  26. 07 Nov, 2017 1 commit
  27. 26 Oct, 2017 1 commit
  28. 25 Oct, 2017 4 commits
  29. 24 Oct, 2017 1 commit
  30. 23 Oct, 2017 1 commit