1. 30 Apr, 2018 2 commits
    • Georgia Kouveli's avatar
      [arm64] Use direct calls where possible. · 0600afdd
      Georgia Kouveli authored
      This includes the following changes:
      - Limit code space to 128 MB.
      - Use direct branches wherever possible.
      - Where not possible, continue using load literal followed by an indirect
        branch.
      - Sort RelocInfo by target_address_address for the serializer, since mixing
        load literal instructions and branch instructions messes up that order.
      - Ensure we always wipe out targets in the serializer (not just for the
        snapshot) in order to be able to distinguish between constant pool entries
        and branch instructions.
      
      Change-Id: I1a1029ce2a5f72a3a94802daf267d14a42c7c790
      Reviewed-on: https://chromium-review.googlesource.com/939175Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
      Cr-Commit-Position: refs/heads/master@{#52885}
      0600afdd
    • Jaroslav Sevcik's avatar
      Replace array index masking with the poisoning approach. · f53dfd93
      Jaroslav Sevcik authored
      The idea is to mark all the branches and loads participating in array
      bounds checks, and let them contribute-to/use the poisoning register.
      In the code, the marks for array indexing operations now contain
      "Critical" in their name. By default (--untrusted-code-mitigations),
      we only instrument the "critical" operations with poisoning.
      
      With that in place, we also remove the array masking approach based
      on arithmetic.
      
      Since we do not propagate the poison through function calls,
      we introduce a node for poisoning an index that is passed through
      function call - the typical example is the bounds-checked index
      that is passed to the CharCodeAt builtin.
      
      Most of the code in this CL is threads through the three levels of
      protection (safe, critical, unsafe) for loads, branches and flags.
      
      Bug: chromium:798964
      
      Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
      Reviewed-on: https://chromium-review.googlesource.com/995413
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52883}
      f53dfd93
  2. 24 Apr, 2018 1 commit
  3. 19 Apr, 2018 1 commit
    • Dan Elphick's avatar
      Reland "Reland "[heap] Move initial objects into RO_SPACE"" · 9ab6621a
      Dan Elphick authored
      This is a reland of 6c68efac
      
      Updated Heap::CommittedMemory and related functions to iterate over all
      spaces rather than including them manually which can lead to a space
      being overlooked. Also adds a test to ensure this the case.
      
      Original change's description:
      > Revert "Reland "[heap] Move initial objects into RO_SPACE""
      >
      > This reverts commit 6c68efac.
      >
      > Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=7668
      >
      > Original change's description:
      > > Reland "[heap] Move initial objects into RO_SPACE"
      > >
      > > This is a reland of f8ae62fe
      > >
      > > Original change's description:
      > > > [heap] Move initial objects into RO_SPACE
      > > >
      > > > This moves:
      > > > * the main oddballs (null, undefined, hole, true, false) as well as
      > > > their supporting maps (also adds hole as an internalized string to make
      > > > this work).
      > > > * most of the internalized strings
      > > > * the struct maps
      > > > * empty array
      > > > * empty enum cache
      > > > * the contents of the initial string table
      > > > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
      > > > value avoid writing to it during run-time)
      > > >
      > > > The StartupSerializer stats change as follows:
      > > >
      > > >      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
      > > > old         0          0     270264       32608      12144         0
      > > > new     21776          0     253168       32608       8184         0
      > > > Overall memory usage has increased by 720 bytes due to the eager
      > > > initialization of the Map weak cell caches.
      > > >
      > > > Also extends --serialization-statistics to print out separate instance
      > > > type stats for objects in RO_SPACE as shown here:
      > > >
      > > >   Read Only Instance types (count and bytes):
      > > >        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
      > > >          2         32  HEAP_NUMBER_TYPE
      > > >          5        240  ODDBALL_TYPE
      > > >         45       3960  MAP_TYPE
      > > >          1         16  BYTE_ARRAY_TYPE
      > > >          1         24  TUPLE2_TYPE
      > > >          1         16  FIXED_ARRAY_TYPE
      > > >          1         32  DESCRIPTOR_ARRAY_TYPE
      > > >         45        720  WEAK_CELL_TYPE
      > > >
      > > > Bug: v8:7464
      > > > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
      > > > Reviewed-on: https://chromium-review.googlesource.com/973722
      > > > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > > > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > > Cr-Commit-Position: refs/heads/master@{#52435}
      > >
      > > Bug: v8:7464
      > > Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
      > > Reviewed-on: https://chromium-review.googlesource.com/999654
      > > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#52638}
      >
      > TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org
      >
      > # Not skipping CQ checks because original CL landed > 1 day ago.
      >
      > Bug: v8:7464,v8:7668
      > Change-Id: I10aa03623b51e997f95a3715ea9f0bf5d29d2cdb
      > Reviewed-on: https://chromium-review.googlesource.com/1016600
      > Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52667}
      
      Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
      Change-Id: If4b7490c8c4d31612de8ec132de334955a319b11
      Bug: v8:7464, v8:7668
      Reviewed-on: https://chromium-review.googlesource.com/1019020Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52689}
      9ab6621a
  4. 18 Apr, 2018 1 commit
    • Peter Marshall's avatar
      Revert "Reland "[heap] Move initial objects into RO_SPACE"" · c2280f9a
      Peter Marshall authored
      This reverts commit 6c68efac.
      
      Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=7668
      
      Original change's description:
      > Reland "[heap] Move initial objects into RO_SPACE"
      >
      > This is a reland of f8ae62fe
      >
      > Original change's description:
      > > [heap] Move initial objects into RO_SPACE
      > >
      > > This moves:
      > > * the main oddballs (null, undefined, hole, true, false) as well as
      > > their supporting maps (also adds hole as an internalized string to make
      > > this work).
      > > * most of the internalized strings
      > > * the struct maps
      > > * empty array
      > > * empty enum cache
      > > * the contents of the initial string table
      > > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
      > > value avoid writing to it during run-time)
      > >
      > > The StartupSerializer stats change as follows:
      > >
      > >      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
      > > old         0          0     270264       32608      12144         0
      > > new     21776          0     253168       32608       8184         0
      > > Overall memory usage has increased by 720 bytes due to the eager
      > > initialization of the Map weak cell caches.
      > >
      > > Also extends --serialization-statistics to print out separate instance
      > > type stats for objects in RO_SPACE as shown here:
      > >
      > >   Read Only Instance types (count and bytes):
      > >        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
      > >          2         32  HEAP_NUMBER_TYPE
      > >          5        240  ODDBALL_TYPE
      > >         45       3960  MAP_TYPE
      > >          1         16  BYTE_ARRAY_TYPE
      > >          1         24  TUPLE2_TYPE
      > >          1         16  FIXED_ARRAY_TYPE
      > >          1         32  DESCRIPTOR_ARRAY_TYPE
      > >         45        720  WEAK_CELL_TYPE
      > >
      > > Bug: v8:7464
      > > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
      > > Reviewed-on: https://chromium-review.googlesource.com/973722
      > > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#52435}
      >
      > Bug: v8:7464
      > Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
      > Reviewed-on: https://chromium-review.googlesource.com/999654
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52638}
      
      TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:7464,v8:7668
      Change-Id: I10aa03623b51e997f95a3715ea9f0bf5d29d2cdb
      Reviewed-on: https://chromium-review.googlesource.com/1016600
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52667}
      c2280f9a
  5. 17 Apr, 2018 1 commit
    • Dan Elphick's avatar
      Reland "[heap] Move initial objects into RO_SPACE" · 6c68efac
      Dan Elphick authored
      This is a reland of f8ae62fe
      
      Original change's description:
      > [heap] Move initial objects into RO_SPACE
      > 
      > This moves:
      > * the main oddballs (null, undefined, hole, true, false) as well as
      > their supporting maps (also adds hole as an internalized string to make
      > this work).
      > * most of the internalized strings
      > * the struct maps
      > * empty array
      > * empty enum cache
      > * the contents of the initial string table
      > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
      > value avoid writing to it during run-time)
      > 
      > The StartupSerializer stats change as follows:
      > 
      >      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
      > old         0          0     270264       32608      12144         0
      > new     21776          0     253168       32608       8184         0
      > Overall memory usage has increased by 720 bytes due to the eager
      > initialization of the Map weak cell caches.
      > 
      > Also extends --serialization-statistics to print out separate instance
      > type stats for objects in RO_SPACE as shown here:
      > 
      >   Read Only Instance types (count and bytes):
      >        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
      >          2         32  HEAP_NUMBER_TYPE
      >          5        240  ODDBALL_TYPE
      >         45       3960  MAP_TYPE
      >          1         16  BYTE_ARRAY_TYPE
      >          1         24  TUPLE2_TYPE
      >          1         16  FIXED_ARRAY_TYPE
      >          1         32  DESCRIPTOR_ARRAY_TYPE
      >         45        720  WEAK_CELL_TYPE
      > 
      > Bug: v8:7464
      > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
      > Reviewed-on: https://chromium-review.googlesource.com/973722
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52435}
      
      Bug: v8:7464
      Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
      Reviewed-on: https://chromium-review.googlesource.com/999654
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52638}
      6c68efac
  6. 14 Apr, 2018 1 commit
    • Jakob Kummerow's avatar
      [ubsan] Change Address typedef to uintptr_t · 2459046c
      Jakob Kummerow authored
      The "Address" type is V8's general-purpose type for manipulating memory
      addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
      are undefined behavior except within the same array; since we generally
      don't operate within a C++ array, our general-purpose type shouldn't be
      a pointer type.
      
      Bug: v8:3770
      Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
      Reviewed-on: https://chromium-review.googlesource.com/988657
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52601}
      2459046c
  7. 12 Apr, 2018 1 commit
  8. 10 Apr, 2018 2 commits
  9. 09 Apr, 2018 1 commit
  10. 06 Apr, 2018 2 commits
    • Michael Achenbach's avatar
      Revert "[heap] Move initial objects into RO_SPACE" · 223e0088
      Michael Achenbach authored
      This reverts commit f8ae62fe.
      
      Reason for revert:
      https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20internal%20snapshot/builds/14825
      
      Original change's description:
      > [heap] Move initial objects into RO_SPACE
      > 
      > This moves:
      > * the main oddballs (null, undefined, hole, true, false) as well as
      > their supporting maps (also adds hole as an internalized string to make
      > this work).
      > * most of the internalized strings
      > * the struct maps
      > * empty array
      > * empty enum cache
      > * the contents of the initial string table
      > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
      > value avoid writing to it during run-time)
      > 
      > The StartupSerializer stats change as follows:
      > 
      >      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
      > old         0          0     270264       32608      12144         0
      > new     21776          0     253168       32608       8184         0
      > Overall memory usage has increased by 720 bytes due to the eager
      > initialization of the Map weak cell caches.
      > 
      > Also extends --serialization-statistics to print out separate instance
      > type stats for objects in RO_SPACE as shown here:
      > 
      >   Read Only Instance types (count and bytes):
      >        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
      >          2         32  HEAP_NUMBER_TYPE
      >          5        240  ODDBALL_TYPE
      >         45       3960  MAP_TYPE
      >          1         16  BYTE_ARRAY_TYPE
      >          1         24  TUPLE2_TYPE
      >          1         16  FIXED_ARRAY_TYPE
      >          1         32  DESCRIPTOR_ARRAY_TYPE
      >         45        720  WEAK_CELL_TYPE
      > 
      > Bug: v8:7464
      > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
      > Reviewed-on: https://chromium-review.googlesource.com/973722
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52435}
      
      TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org
      
      Change-Id: Ie62a73a5be3b21a15bb46e342acb3e808fbaa4f3
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7464
      Reviewed-on: https://chromium-review.googlesource.com/999653Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52440}
      223e0088
    • Dan Elphick's avatar
      [heap] Move initial objects into RO_SPACE · f8ae62fe
      Dan Elphick authored
      This moves:
      * the main oddballs (null, undefined, hole, true, false) as well as
      their supporting maps (also adds hole as an internalized string to make
      this work).
      * most of the internalized strings
      * the struct maps
      * empty array
      * empty enum cache
      * the contents of the initial string table
      * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
      value avoid writing to it during run-time)
      
      The StartupSerializer stats change as follows:
      
           RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
      old         0          0     270264       32608      12144         0
      new     21776          0     253168       32608       8184         0
      Overall memory usage has increased by 720 bytes due to the eager
      initialization of the Map weak cell caches.
      
      Also extends --serialization-statistics to print out separate instance
      type stats for objects in RO_SPACE as shown here:
      
        Read Only Instance types (count and bytes):
             404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
               2         32  HEAP_NUMBER_TYPE
               5        240  ODDBALL_TYPE
              45       3960  MAP_TYPE
               1         16  BYTE_ARRAY_TYPE
               1         24  TUPLE2_TYPE
               1         16  FIXED_ARRAY_TYPE
               1         32  DESCRIPTOR_ARRAY_TYPE
              45        720  WEAK_CELL_TYPE
      
      Bug: v8:7464
      Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
      Reviewed-on: https://chromium-review.googlesource.com/973722
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52435}
      f8ae62fe
  11. 04 Apr, 2018 1 commit
  12. 27 Mar, 2018 1 commit
    • Tobias Tebbi's avatar
      [turbofan] unify interpreter and JIT speculation poisoning · 1ef6c437
      Tobias Tebbi authored
      This CL changes the poisoning in the interpreter to use the
      infrastructure used in the JIT.
      
      This does not change the original flag semantics:
      
      --branch-load-poisoning enables JIT mitigations as before.
      
      --untrusted-code-mitigation enables the interpreter mitigations
        (now realized using the compiler back-end), but does not enable
        the back-end based mitigations for the Javascript JIT. So in effect
        --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
        use the same mechanics (including changed register allocation) that
        --branch-load-poisoning enables for the JIT.
      
      Bug: chromium:798964
      Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
      Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52243}
      1ef6c437
  13. 23 Mar, 2018 1 commit
  14. 21 Mar, 2018 2 commits
  15. 20 Mar, 2018 1 commit
  16. 19 Mar, 2018 1 commit
  17. 13 Mar, 2018 2 commits
  18. 12 Mar, 2018 1 commit
  19. 06 Mar, 2018 1 commit
  20. 23 Feb, 2018 1 commit
    • Adam Klein's avatar
      Simplify FunctionKind, saving 4 bits in SharedFunctionInfo · 9f9550ef
      Adam Klein authored
      Since we only need to store 18 different function kinds,
      the bitfield approach was wasting space (requiring 11 bits).
      
      This patch replaces the bitfield with a regular enum, and
      updates all the FunctionKind predicates to use comparisons
      instead of bitwise ops.
      
      For the small amount of builtin code that depended upon being
      able to do masking to determine whether something is a class
      constructor, we still store two extra bits on FunctionKind,
      which are computed when the SFI is initialized.
      
      If this approach causes performance regressions (i.e., if it
      turns out that other code was implicitly depending on masking
      for fast checks), we can revert this or address it in
      other ways (e.g., by doing similar caching of repeated checks
      in the caller).
      
      This is a reland of 42667bab.
      
      Bug: v8:7310
      Change-Id: I2ec54289ea687399c61d75b7aff2d849861a64f2
      Reviewed-on: https://chromium-review.googlesource.com/934864Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51534}
      9f9550ef
  21. 20 Feb, 2018 2 commits
  22. 19 Feb, 2018 1 commit
  23. 17 Feb, 2018 2 commits
  24. 29 Jan, 2018 2 commits
    • Junliang Yan's avatar
      Fix GCC 5.4 error on ubuntu 16.04 · 7dccb798
      Junliang Yan authored
      The stock GCC on Ubuntu 16.04 complains these constants
      are unused (possibly gcc issue). This CL changes these
      to constexpr to workaround gcc errors.
      
      R=clemensh@chromium.org, joransiu@ca.ibm.com
      
      Change-Id: I8c1772e91744bc46ace6bee576b90d40c0cdf41f
      Reviewed-on: https://chromium-review.googlesource.com/881554Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
      Cr-Commit-Position: refs/heads/master@{#50936}
      7dccb798
    • Benedikt Meurer's avatar
      [builtins] Refactor the Microtask pumping to CSA-only. · c8da060b
      Benedikt Meurer authored
      This adjusts the RunMicrotask logic to invoke CallHandlerInfo microtasks
      from CSA land directly (via a runtime function call), instead of bailing
      out to C++ for the rest of the microtask queue entries. Even in simple
      micro-benchmarks there doesn't seem to be a huge performance difference.
      In fact performance get's better when CallHandlerInfo and promises are
      mixed, which makes sense, since calling from C++ to JS land is more
      expensive than the other way around.
      
      But just in case the runtime function call overhead ever becomes the
      bottleneck we can introduce a direct C++ call and setup a handle scope
      around it, much like a very simple version of CallApiFunctionStub.
      
      This greatly simplifies the microtask handling and paves the way for
      refactoring the queue to significant reduce the GC overhead associated
      with promises currently.
      
      Bug: v8:7253
      Change-Id: I33adb62a6bada138674d324f36d4be894e27f3c9
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/890441Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50934}
      c8da060b
  25. 25 Jan, 2018 1 commit
    • Yang Guo's avatar
      Introduce SimpleNumberDictionary. · 3857b44e
      Yang Guo authored
      This is somewhat of a revival of what used to be
      UnseededNumberDictionary. The difference to NumberDictionary is that
      each entry only has two fields (no field for property details) and there
      is no header field for a bitfield.
      
      The reason for this change is memory regression introduced when we
      removed UnseededNumberDictionary (6e1c57ea). We now use
      SimpleNumberDictionary for
      - slow template instantiation cache
      - code stubs table
      - value serializer map
      - stack frame cache
      - type profile source positions
      
      R=ishell@chromium.org, ulan@chromium.org
      
      Bug: chromium:783695
      Change-Id: I3cd32e485060bb379fb2279eeefbbbded7455f0e
      Reviewed-on: https://chromium-review.googlesource.com/885811Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Yang Guo <yangguo@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50869}
      3857b44e
  26. 18 Jan, 2018 1 commit
  27. 13 Jan, 2018 1 commit
    • Michael Achenbach's avatar
      Revert "Simplify FunctionKind, saving 4 bits in SharedFunctionInfo" · bb7138f6
      Michael Achenbach authored
      This reverts commit 42667bab.
      
      Reason for revert: Breaks msvc compile:
      https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/908
      
      Original change's description:
      > Simplify FunctionKind, saving 4 bits in SharedFunctionInfo
      > 
      > Since we only need to store 18 different function kinds,
      > the bitfield approach was wasting space (requiring 11 bits).
      > 
      > This patch replaces the bitfield with a regular enum, and
      > updates all the FunctionKind predicates to use comparisons
      > instead of bitwise ops.
      > 
      > For the small amount of builtin code that depended upon being
      > able to do masking to determine whether something is a class
      > constructor, we still store two extra bits on FunctionKind,
      > which are computed when the SFI is initialized.
      > 
      > If this approach causes performance regressions (i.e., if it
      > turns out that other code was implicitly depending on masking
      > for fast checks), we can revert this or address it in
      > other ways (e.g., by doing similar caching of repeated checks
      > in the caller).
      > 
      > Change-Id: Iebb3214f564ea8bd7b21e78fda33517d63247124
      > Reviewed-on: https://chromium-review.googlesource.com/860896
      > Commit-Queue: Adam Klein <adamk@chromium.org>
      > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#50559}
      
      TBR=adamk@chromium.org,gsathya@chromium.org
      
      Change-Id: I8e1faa0ca6213d1e70a00fcb417b1bfa35ebd643
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/866310Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50561}
      bb7138f6
  28. 12 Jan, 2018 2 commits
    • Adam Klein's avatar
      Simplify FunctionKind, saving 4 bits in SharedFunctionInfo · 42667bab
      Adam Klein authored
      Since we only need to store 18 different function kinds,
      the bitfield approach was wasting space (requiring 11 bits).
      
      This patch replaces the bitfield with a regular enum, and
      updates all the FunctionKind predicates to use comparisons
      instead of bitwise ops.
      
      For the small amount of builtin code that depended upon being
      able to do masking to determine whether something is a class
      constructor, we still store two extra bits on FunctionKind,
      which are computed when the SFI is initialized.
      
      If this approach causes performance regressions (i.e., if it
      turns out that other code was implicitly depending on masking
      for fast checks), we can revert this or address it in
      other ways (e.g., by doing similar caching of repeated checks
      in the caller).
      
      Change-Id: Iebb3214f564ea8bd7b21e78fda33517d63247124
      Reviewed-on: https://chromium-review.googlesource.com/860896
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50559}
      42667bab
    • Hannes Payer's avatar
      [heap] Remove page header tag from owner field. · 14eec667
      Hannes Payer authored
      This reverts commit 8d7522bc and fixes
      the TSAN issue.
      
      Bug: chromium:800251
      Change-Id: Ie88e5281f7543bb3420703e798416d4a6dbbd91a
      Reviewed-on: https://chromium-review.googlesource.com/864042Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Hannes Payer <hpayer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50535}
      14eec667
  29. 11 Jan, 2018 2 commits
  30. 04 Jan, 2018 1 commit