- 19 Jun, 2017 20 commits
-
-
jgruber authored
Track execution counts of the continuations of block structures (e.g. IfStatements) to capture cases in which execution does not continue after a block. For example: for (;;) { return; } // Never reached, tracked by continuation counter. A continuation counter only has a start position; it's range is implicitly until the next sibling range or the end of the parent range. Bug: v8:6000 Change-Id: I8e8f1f5b140b64c86754b916e626eb50f0707d70 Reviewed-on: https://chromium-review.googlesource.com/530846 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#46006}
-
Toon Verwaest authored
If we pass in thin-string into a keyed load, the underlying internalized string is used to find the handler. However, the thin string itself was used to interpret the handler. Since the thin string itself isn't unique, this caused existing properties on the prototype chain to not be found in case of dictionary-mode prototypes. Bug: chromium:731193 Change-Id: Ic98d3789ecf9175e17d9c898ab13231aad59efcc Reviewed-on: https://chromium-review.googlesource.com/539596Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#46005}
-
Loo Rong Jie authored
Bug: v8:6494 Change-Id: Ie6f91c3bad38e467dd047f4d2848473cc4085c2a Reviewed-on: https://chromium-review.googlesource.com/536397 Commit-Queue: Loo Rong Jie <loorongjie@gmail.com> Reviewed-by:
Jochen Eisinger <jochen@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46004}
-
Camillo Bruni authored
It might happen that we deprecate the map of previous sub-literals if we create literals with the same map several times. This is usually the case for configuration arrays. Bug: chromium:734051 Change-Id: I82284e5aae632286135b2092816d776d229c65af Reviewed-on: https://chromium-review.googlesource.com/538665Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#46003}
-
jgruber authored
Bug: v8:6474 Change-Id: Ia20250d74c94bf2568ad044795188db583b7f36c Reviewed-on: https://chromium-review.googlesource.com/539555Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#46002}
-
Miran.Karic authored
Here we optimize Dsubu by instead of loading imm and subtracting, we load -imm and perform addition when loading -imm takes less instructions than loading imm. Similarily li is optimized by loading -imm and performing addition or loading ~imm and inverting bits using nor when one of these loads takes two instructions less than loading imm, saving at least one instruction. Tests are adjusted to cover these optimizations. BUG= TEST=cctest/test-assembler-mips/li_macro cctest/test-assembler-mips/Dsubu Review-Url: https://codereview.chromium.org/2909913002 Cr-Commit-Position: refs/heads/master@{#46001} -
jgruber authored
Mechanical change to remove argument adaption (should be a tad faster this way). Especially next is called without arguments in the common case. Bug: v8:6354, v8:6369 Change-Id: I4180caabfc4c1bbf1a10a881dcbcd41e03614b27 Reviewed-on: https://chromium-review.googlesource.com/535453 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Caitlin Potter <caitp@igalia.com> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#46000}
-
Peter Marshall authored
Large allocations would fail due to the flag not being set. Bug: chromium:732836 Change-Id: I31686e382386a2d08582c86b29dc8f89841040d1 Reviewed-on: https://chromium-review.googlesource.com/535563Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#45999}
-
jgruber authored
Minor differences in how we dispatch on the regexp type (IRREGEXP,ATOM,NOT_COMPILED) make significant differences in benchmark performance. A simple switch turns out to be the best alternative. BUG=chromium:734035, v8:6462 Change-Id: I09c613658e828b9fd1e3082624ef692b8b4a0c5f Reviewed-on: https://chromium-review.googlesource.com/539295Reviewed-by:
-
Leszek Swirski authored
For interpreted functions, use the optimized code slot in the feedback vector to store an optimization marker (optimize/in optimization queue) rather than changing the JSFunction's code object. Then, adapt the self-healing mechanism to also dispatch based on this optimization marker. Similarly, replace SFI marking with optimization marker checks in CompileLazy. This allows JSFunctions to share optimization information (replacing shared function marking) without leaking this information across native contexts. Non I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which generalises the old CompileOptimized/InOptimizationQueue builtins and also checks the same optimization marker as CompileLazy and InterpreterEntryTrampoline. This is a reland of https://chromium-review.googlesource.com/c/509716 Change-Id: I02b790544596562373da4c9c9f6afde5fb3bcffe Reviewed-on: https://chromium-review.googlesource.com/535460Reviewed-by:
-
Michael Starzinger authored
R=neis@chromium.org Change-Id: I23298e2c0adcfdc4e6e963e98cde641bef9cdb5b Reviewed-on: https://chromium-review.googlesource.com/539296Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45996}
-
Michael Starzinger authored
R=mvstanton@chromium.org BUG=v8:6408 Change-Id: I228d276670a3540cdc593442ae79084b84a915d3 Reviewed-on: https://chromium-review.googlesource.com/538617Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45995}
-
Wiktor Garbacz authored
Unify, simplify logic, reduce UTF8 specific handling. Intend of this is also to have stream views. Stream views can be used concurrently by multiple threads, but only one thread may fetch new data from the underlying source. This together with unified stream view creation is intended to be used for parse tasks. BUG=v8:6093 Change-Id: I83c6f1e6ad280c28da690da41c466dfcbb7915e6 Reviewed-on: https://chromium-review.googlesource.com/535474Reviewed-by:
Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by:
-
jarin authored
Toon suggested this as a mitigation to the problem of prototype fast mode switching invalidating prototype chain validity cell, and thus sending keyed store ICs to megamorphic state. BUG=chromium:723479 Review-Url: https://codereview.chromium.org/2943313002 Cr-Commit-Position: refs/heads/master@{#45993}
-
hpayer authored
This CL also reduces the minimum semi-space size to 512K. BUG=chromium:716032 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng Review-Url: https://codereview.chromium.org/2942543002 Cr-Commit-Position: refs/heads/master@{#45992}
-
Michael Starzinger authored
This removes both {BailoutId} as well as {TypeFeedbackId} numbers from almost all AST nodes. The only exception are {IterationStatement} nodes which still require an ID for on-stack replacement support. R=verwaest@chromium.org BUG=v8:6409 Change-Id: I5f7b7673ae5797b9cbc9741144d304f0d31d4446 Reviewed-on: https://chromium-review.googlesource.com/538792 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: -
Georg Neis authored
... in order to avoid creating an OsrHelper during code assembly, because its constructor accesses the heap. Bug: v8:6048 Change-Id: I3bf592a5a0f91752a9f5ec35982f962445512bb7 Reviewed-on: https://chromium-review.googlesource.com/530370 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45990}
-
bmeurer authored
We need to constant-fold JSHasInPrototypeChain nodes early during inlining, otherwise we already miss a couple of optimization opportunities if we wait until after typing. This moves the constant-folding part of the JSHasInPrototypeChain lowering back to JSNativeContextSpecialization, where it was before the changes in https://codereview.chromium.org/2934893002 (part of JSOrdinaryHasInstance lowering back then). BUG=v8:5269,v8:5989,v8:6483,chromium:733158 R=jgruber@chromium.org Review-Url: https://codereview.chromium.org/2943293002 Cr-Commit-Position: refs/heads/master@{#45989}
-
bmeurer authored
The heap verifier does certain invariant checks on JSBoundFunction objects, i.e. it assumes that the bound_target_function is a proper JSReceiver. The Deoptimizer cannot maintain this invariant, because it first allocates the JSBoundFunction in an invalid state and only afterwards fix up the state. But the GC (and thus the heap verifier) can observe this invalid state why materializing field values, so we need to relax the verification slightly. BUG=chromium:729573,chromium:732176 R=mstarzinger@chromium.org Review-Url: https://codereview.chromium.org/2933283002 Cr-Commit-Position: refs/heads/master@{#45988}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c6f78e9..bf51d56 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/59a182b..57e600c Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/a248bd9..7659b77 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: Ifc9e2d8d7e1f2a1b223ffa3b20d55b1880eb88e7 Reviewed-on: https://chromium-review.googlesource.com/538261Reviewed-by:
v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#45987}
-
- 17 Jun, 2017 1 commit
-
-
Sathya Gunasekaran authored
Bug: v8:5717 Change-Id: I6bed5f36b7d32cd893c4d1cb1bcc9f21b7fac2f1 Reviewed-on: https://chromium-review.googlesource.com/527932 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
-
- 16 Jun, 2017 19 commits
-
-
Leszek Swirski authored
When iterating over stack frames in the cpu profiler, don't perform any object casts that have heap-testing DCHECKs. Instead, access values on the frame by offsets directly, and only check their tags for validity. Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ia54b18f8ab947c1827f17483806104f0d1d34136 Reviewed-on: https://chromium-review.googlesource.com/536973 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Toon Verwaest authored
Bug: Change-Id: I87b2c33dbf537aae949b25b2cd56fd20985e5980 Reviewed-on: https://chromium-review.googlesource.com/538659Reviewed-by:
-
Toon Verwaest authored
This class contained a by-now unnecessary optimization of FindEntry. Since we always deal with internalized names by now anyway, there's no need to micro-optimize locally (it's a nop). Bug: Change-Id: I5a0046bcd23e2cb77c5902e850bac6211bd5518f Reviewed-on: https://chromium-review.googlesource.com/538581 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Mythri authored
The Smi versions of arithmetic bytecodes (AddSmi, SubSmi, MulSmi, DivSmi, ModSmi) have a fast path for Smi case and call to a builtin on the slow path. However, this builtin is only used by these bytecode handlers. This cl removes the builtins and inlines them into bytecode handlers. This will also save few checks in the slow-path. Subtract, multiply, divide and modulus also share the same checks to collect type feedback on several cases. This cl also refactors them to share the same code. Also removed a couple of TODOs that are no longer relevant. Bug: v8:4280, v8:6474 Change-Id: Id23bd61c2074564a1beacb0632165f52370ff226 Reviewed-on: https://chromium-review.googlesource.com/530845 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#45982}
-
Camillo Bruni authored
With the introduction of the fast-cloning double fields in the CSA stub for literals we forgot to check for deprecated maps. As a result every subsequent IC-miss would have to migrate the objects from such boilerplates. This CL makes sure we don't use the deprecated map when copying boilerplates, thus restoring the original behavior. Bug: v8:6211 chromium:728682 Change-Id: If9ea1e0c5c6fb4236cb7a82ea33306a600925ac3 Reviewed-on: https://chromium-review.googlesource.com/538677Reviewed-by:
-
Camillo Bruni authored
Change-Id: I224ea998eccf8fa18766b71962d487bb02768c78 Reviewed-on: https://chromium-review.googlesource.com/518146Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#45980}
-
Camillo Bruni authored
Change-Id: If9debcecd714494e24adf895eb077d5ba51528d2 Reviewed-on: https://chromium-review.googlesource.com/535619 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
-
Michael Starzinger authored
R=jarin@chromium.org BUG=v8:6408 Change-Id: I1bc4f8f5ba37cf8a3632939356f56231ccc3226f Reviewed-on: https://chromium-review.googlesource.com/535458 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45978}
-
Tobias Tebbi authored
Bug: chromium:733181 Change-Id: If5b0bc8592ba71962237814ad521499afda22edf Reviewed-on: https://chromium-review.googlesource.com/538653Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
-
Michael Lippautz authored
Remove dead code on the way. Bug: v8:6474 Change-Id: I7edb4277bc53ee92edf9523b943492782ec6efac Reviewed-on: https://chromium-review.googlesource.com/538652Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#45976}
-
Camillo Bruni authored
Storing the boilerplate on the first run leads to memory ovehead for code that is run only once. Hence we directly return the creating literal on the first run and only start creating copies from the second run on. Bug: v8:6211 Change-Id: I69b96d124a5b594b991fdbcc76dbf935d973ffad Reviewed-on: https://chromium-review.googlesource.com/530688 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
-
Mythri authored
Profiler ticks are reset when the type feedback changes for Load / Store ICs. This cl extends this to other operations as well. This allows us to tier up functions when the feedback vectors are stable. This is the first step for a set of follow up cls that will change the heuristics used in runtime-profiler. Bug: Change-Id: I875209712c6161e425a03475c14890a49155c0e1 Reviewed-on: https://chromium-review.googlesource.com/529165Reviewed-by:
-
jarin authored
This is in preparation for lowering monomorphic loads during graph building. This essentially moves the parts that will be shared to a separate class/file (proparty-access-builder.(cc|h)). I should say that we will not want to do accessor inlining during graph building because that would require us to create frame states (which is the thing we would like to avoid doing). Review-Url: https://codereview.chromium.org/2936673005 Cr-Commit-Position: refs/heads/master@{#45973}
-
Michael Starzinger authored
This removes the heuristic from {JSStackFrame::IsConstructor} that tried to infer whether a frame was called as a constructor or not from the receiver value. We are now carrying along the appropriate bit derived from the frame type instead. R=jgruber@chromium.org TEST=message/regress/regress-5727 BUG=v8:5727 Change-Id: I0e2f1d0f95485c84c4ebcd3cbfe0123c6afd2e01 Reviewed-on: https://chromium-review.googlesource.com/500313 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: -
Ulan Degenbaev authored
This patch makes the SlotSet bucket type non-atomic by default and explicitly converts buckets to Atomic32/AtomicWord for each operation. Change-Id: Ifaa60a53eb68ca579185be23e379995aeeabe343 Reviewed-on: https://chromium-review.googlesource.com/535481 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#45971}
-
Michael Lippautz authored
Affects the Windows case where we over reserve for alignment reasons but actually already get aligned memory. Implemented on allocator level to potentially cover other platforms as well. Bug: Change-Id: I4859451f157e1e363db27413a43345fdd1990a06 Reviewed-on: https://chromium-review.googlesource.com/535454 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45970}
-
Camillo Bruni authored
Change-Id: Ia209def2faef1f765f74dc153fd8b4800c25be17 Reviewed-on: https://chromium-review.googlesource.com/521063 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3ab6155..c6f78e9 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/b53a03d..ee9c3a7 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/b7068ad..a248bd9 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I3b501ec3151ba17a417a6e0876437b49e6a8435a Reviewed-on: https://chromium-review.googlesource.com/538234Reviewed-by:
-
gdeepti authored
BUG=v8:6478, chromium:729768 R=bradnelson@chromium.org, eholk@chromium.org Review-Url: https://codereview.chromium.org/2903153002 Cr-Original-Commit-Position: refs/heads/master@{#45931} Committed: https://chromium.googlesource.com/v8/v8/+/7e6ed62071d2756688a23bd6dac096b0d4660b5d Review-Url: https://codereview.chromium.org/2903153002 Cr-Commit-Position: refs/heads/master@{#45967}
-
