- 21 Aug, 2018 1 commit
-
-
Benedikt Meurer authored
Refactor the ArrayIteratorPrototypeNext CSA builtin to handle the JSArray element access in a dedicated helper macro, very similar to how it's done for JSTypedArray's. Also add support for dictionary elements to this helper macro using the existing dictionary access logic in the CodeStubAssembler. This improves the readability of the builtin significantly and the performance of iterating arrays with dictionary elements goes up by a factor of ~3.5x. Bug: v8:8015, v8:8070 Change-Id: Ibfee760ea1e4bc0fffb42b232fb1d097b706bd1f Reviewed-on: https://chromium-review.googlesource.com/1183305Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55283}
-
- 20 Aug, 2018 1 commit
-
-
Ross McIlroy authored
BUG=v8:8074 Change-Id: I012666ff1a06d0a53f893031a3caf38ed0d40229 Reviewed-on: https://chromium-review.googlesource.com/1181421Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#55237}
-
- 01 Aug, 2018 1 commit
-
-
Andreas Haas authored
The original implementation of 'testAsync' in mjsunit.js required to put the call to '%AbortJS' into an 'eval' statement. The reason is that this call requires the flag --allow-natives-syntax to be set, but the flag is not set in all mjsunit tests. With the use of 'eval' compilation errors can be avoided. The problem with this approach was that the fuzzer started to produce test cases which include the line 'eval("%AbortJS(message)");', and this line crashes intentionally. Different to the line '%Abort(message)', however, the 'eval' statement cannot be filtered so easily in the fuzzer. Therefore I pulled the implementation of 'testAsync' into a separate file to avoid the 'eval'. Additional changes: I use '===' now instead of 'deepEquals' in AsyncAssertion.equals because 'deepEquals' is not available outside mjsunit.js. Using '===' seems more appropriate anyways because for all tests but one it is sufficient, and it is more precise than deepEquals. R=gsathya@chromium.org Bug: chromium:774841 Change-Id: I47270aa63ff5a1d6aa76a771f9276eaaf579c5ac Reviewed-on: https://chromium-review.googlesource.com/1156598Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#54833}
-
- 27 Jul, 2018 1 commit
-
-
Creddy authored
The CSA fast path returned null for Proxy.prototype whereas runtime GetProperty returned undefined. The CL fixes this discrepancy by returning undefined for both cases and this makes it complaint with the spec. Change-Id: I35b75c09dc99e8fd629671e30eacd2cabea8c1d4 Reviewed-on: https://chromium-review.googlesource.com/1145438Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Chandan Reddy <chandanreddy@google.com> Cr-Commit-Position: refs/heads/master@{#54745}
-
- 19 Jul, 2018 1 commit
-
-
Simon Zünd authored
This CL fixes a bug where a fast-path was used on non-extensible objects. R=jgruber@chromium.org Bug: chromium:865264,chromium:865285 Change-Id: Ie14c95b383a65576799c71576a5c0f9f8e1c29ca Reviewed-on: https://chromium-review.googlesource.com/1142766Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#54539}
-
- 18 Jul, 2018 1 commit
-
-
Simon Zünd authored
This CL moves Array.p.fill from JavaScript to a C++ builtin. It has a generic slow-path and fast-paths implemented via ElementsAccessor in elements.cc. R=cbruni@chromium.org Bug: v8:7624 Change-Id: I8820e1195d2cd9b41c254058923ad9875aab067c Reviewed-on: https://chromium-review.googlesource.com/1131130 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#54522}
-
- 28 Jun, 2018 1 commit
-
-
Caitlin Potter authored
When storing an indexed property in a typed array, it's necessary to convert the value to a Number (or to a Bigint) before performing the bounds check, per https://tc39.github.io/ecma262/#sec-integerindexedelementset. This CL adds appropriate type conversions in Object::SetPropertyInternal (which technically is reached after the bounds check has already occurred, but this isn't observable yet --- In the future, once OOB accesses on TypedArrays actually throw, this will need to be refactored again), and in StoreFastElementStub, and ElementsTransitionAndStoreStub (via CSA::EmitElementStore). The change was not necessary in TurboFan, as JSNativeContextSpecialization already performs the value conversion before the boundscheck. The result is some fixed test262 tests, and some new test coverage for this behaviour in mjsunit. BUG=v8:7896, v8:5327 R=neis@chromium.org, jkummerow@chromium.org, gsathya@chromium.org Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ibe6bec24c72ef6a4fd3e77d5bcafa03737f4c5e3 Reviewed-on: https://chromium-review.googlesource.com/1117372 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#54096}
-
- 12 Jun, 2018 2 commits
-
-
Joyee Cheung authored
This is a reland of a229e121 The original commit broke a layout test in Blink. The test in Blink has been marked to be skipped and will be updated once this patch lands. See https://chromium-review.googlesource.com/c/chromium/src/+/1097455 Original change's description: > [builtins] set DataView.length to 1 > > Refs: https://github.com/tc39/ecma262/pull/1131 > Test: test262/built-ins/DataView/length > Bug: v8:7816 > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Change-Id: I66a06734bd32cd2043a8d04728b2185f6093bd69 > Reviewed-on: https://chromium-review.googlesource.com/1094980 > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53649} Bug: v8:7816 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: If63be80523a68d3a2b515fe1d55a243d2dd2a9b2 Reviewed-on: https://chromium-review.googlesource.com/1097568Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#53682}
-
Michael Achenbach authored
This reverts commit a229e121. Reason for revert: Breaks a layout test: https://ci.chromium.org/buildbot/client.v8.fyi/V8-Blink%20Linux%2064/24021 fast/js/constructor-length.html See also: https://github.com/v8/v8/wiki/Blink-layout-tests Original change's description: > [builtins] set DataView.length to 1 > > Refs: https://github.com/tc39/ecma262/pull/1131 > Test: test262/built-ins/DataView/length > Bug: v8:7816 > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Change-Id: I66a06734bd32cd2043a8d04728b2185f6093bd69 > Reviewed-on: https://chromium-review.googlesource.com/1094980 > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53649} TBR=gsathya@chromium.org,joyee@igalia.com Change-Id: Iaa602a40bd09dec6884f5f56b1f010b59c19b32a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7816 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1097275Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#53669}
-
- 11 Jun, 2018 1 commit
-
-
Joyee Cheung authored
Refs: https://github.com/tc39/ecma262/pull/1131 Test: test262/built-ins/DataView/length Bug: v8:7816 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I66a06734bd32cd2043a8d04728b2185f6093bd69 Reviewed-on: https://chromium-review.googlesource.com/1094980Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#53649}
-
- 24 May, 2018 1 commit
-
-
Simon Zünd authored
This CL uses the new function pointers and generic features of Torque to improve the performance of TypedArray.p.sort. Instead of one Load/Store builtin that dispatches at runtime based on the element kind, there are now many small builtins (one for each element kind). The sorting algorithm then uses function pointers to those small builtins, which get set once. Changes in the relevant benchmarks: Benchmark Original (JS) Current This CL IntTypes 83.9 202.3 240.7 BigIntTypes 32.1 47.2 53.3 FloatTypes 99.3 109.3 129.3 Bug: v8:7382 Change-Id: I8684410524d546615b19f6edcbfdc615068196aa Reviewed-on: https://chromium-review.googlesource.com/1070069 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#53322}
-
- 07 May, 2018 1 commit
-
-
Peter Marshall authored
Bug: chromium:840106 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I0090cdecaf9194f3ed2d716c6f5f698e33cbdf0d Reviewed-on: https://chromium-review.googlesource.com/1046827 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#53029}
-
- 02 May, 2018 1 commit
-
-
Choongwoo Han authored
Bug: chromium:837939 Change-Id: Iaca2bc5b52f47d8add13ed9b82497a53cb522933 Reviewed-on: https://chromium-review.googlesource.com/1034043Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52913}
-
- 30 Apr, 2018 1 commit
-
-
Caitlin Potter authored
The originally checked in regression test (https://chromium-review.googlesource.com/c/v8/v8/+/1034210/3/test/mjsunit/es6/regress/regress-7706.js) didn't actually reproduce the bug. BUG=v8:7706 R=gsathya@chromium.org, bmeurer@chromium.org Change-Id: I991c91d5a7f15419e388cb5133a281cf7f51736a Reviewed-on: https://chromium-review.googlesource.com/1036108Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#52894}
-
- 29 Apr, 2018 1 commit
-
-
Caitlin Potter authored
Without this change, we could disable slow paths required when symbols such as toStringTag are present on a receiver, but accessors or interceptors are not (added in 31800120) This change modifies this behaviour to not unset the previously set bit if these forced slow path conditions are not met. BUG=v8:7706 R=bmeurer@chromium.org Change-Id: Id7bceb0e749da52e2dbcde0a310a865a89f24066 Reviewed-on: https://chromium-review.googlesource.com/1034210Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#52874}
-
- 27 Apr, 2018 1 commit
-
-
Georg Neis authored
R=sigurds@chromium.org Bug: v8:7570 Change-Id: I3f077940117467be98fbb3c2a30684af8eaaf801 Reviewed-on: https://chromium-review.googlesource.com/1032432 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52837}
-
- 23 Apr, 2018 3 commits
-
-
Sigurd Schneider authored
This is a reland of 5728b3fb Original change's description: > [builtins] Separate species protectors for Array, TypedArray, Promise > > Previously, there was one species protector for Array, TypedArray and > Promise. This CL splits the protector in three separate ones. This means > that invalidating one of them does not have negative performance > implications for the other ones. > > Bug: chromium:835347, v8:7340 > Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f > Reviewed-on: https://chromium-review.googlesource.com/1023408 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52733} Bug: chromium:835347, v8:7340 Change-Id: I0c0188a0723e206ddb362834bcf872b23cd7666d Reviewed-on: https://chromium-review.googlesource.com/1023811 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52742}
-
Sigurd Schneider authored
This reverts commit 5728b3fb. Reason for revert: Breaks noi18n build Original change's description: > [builtins] Separate species protectors for Array, TypedArray, Promise > > Previously, there was one species protector for Array, TypedArray and > Promise. This CL splits the protector in three separate ones. This means > that invalidating one of them does not have negative performance > implications for the other ones. > > Bug: chromium:835347, v8:7340 > Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f > Reviewed-on: https://chromium-review.googlesource.com/1023408 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52733} TBR=sigurds@chromium.org,bmeurer@chromium.org Change-Id: Ied8b436e7991c759eb3b98702c142aa127a7e63c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:835347, v8:7340 Reviewed-on: https://chromium-review.googlesource.com/1024151Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52736}
-
Sigurd Schneider authored
Previously, there was one species protector for Array, TypedArray and Promise. This CL splits the protector in three separate ones. This means that invalidating one of them does not have negative performance implications for the other ones. Bug: chromium:835347, v8:7340 Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f Reviewed-on: https://chromium-review.googlesource.com/1023408 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52733}
-
- 20 Apr, 2018 1 commit
-
-
Simon Zünd authored
This CL adds a test for each typed element kind where the array to sort consists of some max/min/zero elements. When providing a custom compare function, the upcoming torque version of TypedArray.p.sort needs to convert array elements to Number/BigInt and back. The tests check the edge cases for that conversion. R=jgruber@chromium.org Bug: v8:7382 Change-Id: Ia85ca343f62ece208acdeb1595e94f17ce12b713 Reviewed-on: https://chromium-review.googlesource.com/1021080 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52710}
-
- 26 Mar, 2018 1 commit
-
-
Sigurd Schneider authored
R=neis@chromium.org Bug: v8:7599 Change-Id: I8a1e4864800dbf76530ebbe2a9ce09dac55a1f65 Reviewed-on: https://chromium-review.googlesource.com/980055 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#52217}
-
- 23 Mar, 2018 1 commit
-
-
Sigurd Schneider authored
Also add a new fast-path for String.fromCodePoint. R=neis@chromium.org Bug: v8:7570, v8:7340 Change-Id: I6cd6e6fc98943588ecd646f24fcda043d4033ab0 Reviewed-on: https://chromium-review.googlesource.com/978244Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52183}
-
- 22 Mar, 2018 1 commit
-
-
Benedikt Meurer authored
In Promise.all we used to allocate a fresh closure plus a fresh context for each individual element, which is quite a lot of overhead, especially since this could be shared in a single context for all elements. The only bit of information that is needed for each resolve element closure is the index under which to store the resulting value. With this change we move this index to the "identity hash" field of the JSFunction, which doesn't care about the concrete value anyways, as long as it's not zero (the "no hash" sentinel), and share the rest of the fields in a single outer context for all resolve element closures. This limits the maximum number of elements for Promise.all to 2^21 for now, but that should be fine. Shall we ever see the need for more than this, we can add machinery to overflow to separate context for indices larger than 2^21. This significantly reduces the overhead due to Promise.all on the parallel-async-es2017-native test, with execution time dropping from around 148ms to 133ms, so overall a steady 10% improvement on this benchmark. Bug: v8:7253 Change-Id: I1092da771c4919f3db7129d2b0a244fc26a7b144 Reviewed-on: https://chromium-review.googlesource.com/973283Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52134}
-
- 14 Mar, 2018 1 commit
-
-
Caitlin Potter authored
- Add a new bytecode for the ToString operation, replacing the old intrinsic call (currently does not collect type feedback). - Add a new AST node to represent TemplateLiterals, and avoid generating unnecessary ToString operations in some simple cases. - Use a single feedback slot for each string addition, because the type feedback should always be the same for each addition This seems to produce a very slight improvement on JSTests benchmarks and bench-ruben.js from v8:7415, and it's possible that type feedback for the ToString bytecode could provide more opportunities to eliminate the runtime call in TurboFan. Doesn't touch tagged templates [esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral Fixes an error where TemplateLiteral printing in --print-ast would try to read an element beyond the length of a vector. BUG=v8:7415, chromium:820596 R=adamk@chromium.org, gsathya@chromum.org, rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org Change-Id: Ie56894f73a6445550a5f95f42160c4e29ab1da42 Reviewed-on: https://chromium-review.googlesource.com/958408Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#51933}
-
- 13 Mar, 2018 1 commit
-
-
Kevin Gibbons authored
When Promise.all is called with something which violates the iterable contract, the resulting error should be provided by returning a rejected promise, not by throwing. Bug: v8:7553 Change-Id: I2769b09b49c9b80ef380419489416fc0fabff51b Reviewed-on: https://chromium-review.googlesource.com/959599 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51902}
-
- 10 Mar, 2018 2 commits
-
-
Michael Achenbach authored
This reverts commit 0802e2b2. Reason for revert: For reverting https://crrev.com/c/945408 Original change's description: > [esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral > > Fixes an error where TemplateLiteral printing in --print-ast > would try to read an element beyond the length of a vector. > > BUG=v8:7415, chromium:820596 > R=adamk@chromium.org, gsathya@chromium.org > > Change-Id: Idf9e0da8c165ee62bc1a348a91c2ed5ed798404a > Reviewed-on: https://chromium-review.googlesource.com/957883 > Reviewed-by: Adam Klein <adamk@chromium.org> > Commit-Queue: Caitlin Potter <caitp@igalia.com> > Cr-Commit-Position: refs/heads/master@{#51857} TBR=adamk@chromium.org,gsathya@chromium.org,caitp@igalia.com Change-Id: I5fe950cd823ae350b5f6c09227a62aef9dc2a008 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7415, chromium:820596 Reviewed-on: https://chromium-review.googlesource.com/957724Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51861}
-
Caitlin Potter authored
Fixes an error where TemplateLiteral printing in --print-ast would try to read an element beyond the length of a vector. BUG=v8:7415, chromium:820596 R=adamk@chromium.org, gsathya@chromium.org Change-Id: Idf9e0da8c165ee62bc1a348a91c2ed5ed798404a Reviewed-on: https://chromium-review.googlesource.com/957883Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#51857}
-
- 02 Mar, 2018 1 commit
-
-
Georg Neis authored
... and use it in the implementation of array literal spreads, replacing calls to %AppendElement. Array spreads in destructuring will be taken care of in a separate CL. Bug: v8:5940, v8:7446 Change-Id: Idec52398902a7fd3c1244852cf73246f142404f0 Reviewed-on: https://chromium-review.googlesource.com/915364 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#51709}
-
- 22 Feb, 2018 2 commits
-
-
Adam Klein authored
Without --harmony-function-tostring, anything other than a JSFunction or JSBoundFunction throw when Function.prototype.toString is called on them. But with the toString revision, anything callable allows toString (and for non-Functions returns the good old "function () { [native code] }" string). Bug: v8:7484 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I3540e213a40992151761b59666fe36e0510da908 Reviewed-on: https://chromium-review.googlesource.com/932825 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51489}
-
Peter Marshall authored
IterableToListCanBeElided checked that the input was always a HeapObject but this is not true when an iterator symbol is defined on the Number prototype, meaning Smi and HeapNumber can also be passed in. Added a regression test for the crash and some correctness tests for smi and double input to TA.from. Also factored out the tests in typedarray-from.js that modify global state e.g. protector cells, so that one iteration of the top level loop does not interfere with the next. Bug: chromium:814643 Change-Id: I364d11f011faf8370446f905a35a945d47e4477f Reviewed-on: https://chromium-review.googlesource.com/930962Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51461}
-
- 20 Feb, 2018 1 commit
-
-
Yang Guo authored
Until now lookbehind assertions have been quantifiable in non-unicode regexps. This seems to be an oversight in the spec. R=jgruber@chromium.org Bug: v8:7462 Change-Id: Iad0db441089c7510dd2c42a861db92c05545ce1e Reviewed-on: https://chromium-review.googlesource.com/926102 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51392}
-
- 19 Feb, 2018 2 commits
-
-
Peter Marshall authored
Factor out IterableToList into a helper stub to save space. There are two callers now, TypedArrayFrom and ConstructByIterable, and it is ~2.5kb so we save space by doing this. Increase test coverage to cover more of the branching in CSA. This is doesn't follow the control flow in the spec exactly - see the big code comment for an explanation. Change-Id: Ief39e93c4202cb7bf0e28a39dc6aa81b8b9c59d2 Reviewed-on: https://chromium-review.googlesource.com/908755 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51377}
-
Caitlin Potter authored
Previously, eval caching was only disabled if the root eval body code contained a tagged template. Per discussion on https://github.com/tc39/ecma262/pull/890, this is incorrect. This change tracks if eval caching is allowed during parsing, and uses this information to decide to insert new entries into the cache, or not. This change also removes the TemplateObject feedback kind, as it's no longer needed (behaves the same as Literal feedback). BUG=v8:3230, v8:2891 R=littledan@chromium.org, yangguo@chromium.org, bmeurer@chromium.org, rmcilroy@chromium.org Change-Id: Ib75abe9159baf4d8ad10f8de99d2152714bd0094 Reviewed-on: https://chromium-review.googlesource.com/916945 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51373}
-
- 15 Feb, 2018 1 commit
-
-
Toon Verwaest authored
instance_class_name takes up space unnecessarily, and %_ClassOf and class_name implement [[Class]] which isn't part of ES2015+ anymore. Bug: Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I3a73f732ad83a616817fde9992f4e4d584638fa8 Reviewed-on: https://chromium-review.googlesource.com/776683Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#51309}
-
- 14 Feb, 2018 1 commit
-
-
Choongwoo Han authored
- Remove JS implementation of TA.p.filter - Reimplement TA.p.filter as CSA - This CL makes TA.p.filter 3x faster in microbenchmark - Fix a spec bug: throw if buffer is detached while executing callback Bug: v8:5929 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I2e14b6001d354ca6659cf65fff4ead2942ddc9ff Reviewed-on: https://chromium-review.googlesource.com/912989Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51288}
-
- 13 Feb, 2018 1 commit
-
-
Benedikt Meurer authored
The idea here is that in case the `thenable` is a JSPromise and `then` is the initial `Promise.prototype.then` method, and the @@species lookup chain is intact, we can skip creating the temporary promise and the closures (with the shared context), and instead directly call into our PerformPromiseThen. This is sound since - given above mentioned conditions - our short-cut PerformPromiseThen(thenable, undefined, undefined, promise_to_resolve) is not observably different from the actual resolve, reject = CreateResolvingFunctions(promise_to_resolve) result_capability = NewPromiseCapability(%Promise%) PerformPromiseThen(thenable, resolve, reject, result_capability) except through PromiseHooks (and potentially via the async stack traces). So we disable the fast-path if either promise hooks are enabled or the debugger is active for now. This improves the performance on the wikipedia benchmark by 20-25% and the bluebird-doxbee benchmark by around 20%. Bug: v8:7253 Change-Id: I23c92ad365c2b71d65057573f2d8febe2afe00b0 Reviewed-on: https://chromium-review.googlesource.com/911800 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51261}
-
- 12 Feb, 2018 2 commits
-
-
Camillo Bruni authored
Bug: chromium:808192 Change-Id: I80136d291d5c21c311903bffc96d86d109f5cdc9 Reviewed-on: https://chromium-review.googlesource.com/902103 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#51255}
-
Caitlin Potter authored
Implements the change outlined in https://github.com/tc39/ecma262/pull/890, which has been ratified and pulled into the specification. In particular, template callsite objects are no longer kept in a global, eternal Map, but are instead associated with their callsite, which can be collected. This prevents a memory leak incurred by TaggedTemplate calls. Changes, summarized: - Remove the TemplateMap and TemplateMapShape objects, instead caching template objects in the feedback vector. - Remove the `hash` member of TemplateObjectDescriptor, and the Equals method (used by TemplateMap) - Add a new FeedbackSlotKind (kTemplateObject), which behaves similarly to FeedbackSlotKind::kLiteral, but prevents eval caching. This ensures that a new feedback vector is always created for eval() containing tagged templates, even when the CompilationCache is used. - GetTemplateObject bytecode now takes a feedback index, and only calls into the runtime if the feedback is Smi::kZero (uninitialized). BUG=v8:3230, v8:2891 R=littledan@chromium.org, yangguo@chromium.org, bmeurer@chromium.org, rmcilroy@chromium.org Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I7827bc148d3d93e2b056ebf63dd624da196ad423 Reviewed-on: https://chromium-review.googlesource.com/624564 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#51248}
-
- 09 Feb, 2018 1 commit
-
-
Dan Elphick authored
This removes the Javascript version of Array.from in js/array.js and adds a CodeStubAssembler version in src/builtins/builtins-array-gen.cc. Also modify IteratorBuiltinsAssembler to allow querying the existence of the iterator method without calling it so we can fall back to the array-like behavior. BUG=v8:1956 Change-Id: Ibfb3cef002d72d70bd30b4de676fd22becde006c Reviewed-on: https://chromium-review.googlesource.com/887066Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#51208}
-
- 07 Feb, 2018 1 commit
-
-
Choongwoo Han authored
- Remove %TypedArray%.of in js/typedarray.js - Implement %TypedArray%.of in builtins/builtins-typedarray-gen.cc - This CL makes TA.of 1.5x faster Bug: v8:5929 Change-Id: Ie165114a0ab9b4ec9ed70840c4c6a42d1eeed101 Reviewed-on: https://chromium-review.googlesource.com/897227 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51141}
-