- 30 Apr, 2018 2 commits
-
-
Georgia Kouveli authored
This includes the following changes: - Limit code space to 128 MB. - Use direct branches wherever possible. - Where not possible, continue using load literal followed by an indirect branch. - Sort RelocInfo by target_address_address for the serializer, since mixing load literal instructions and branch instructions messes up that order. - Ensure we always wipe out targets in the serializer (not just for the snapshot) in order to be able to distinguish between constant pool entries and branch instructions. Change-Id: I1a1029ce2a5f72a3a94802daf267d14a42c7c790 Reviewed-on: https://chromium-review.googlesource.com/939175Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#52885}
-
Jaroslav Sevcik authored
The idea is to mark all the branches and loads participating in array bounds checks, and let them contribute-to/use the poisoning register. In the code, the marks for array indexing operations now contain "Critical" in their name. By default (--untrusted-code-mitigations), we only instrument the "critical" operations with poisoning. With that in place, we also remove the array masking approach based on arithmetic. Since we do not propagate the poison through function calls, we introduce a node for poisoning an index that is passed through function call - the typical example is the bounds-checked index that is passed to the CharCodeAt builtin. Most of the code in this CL is threads through the three levels of protection (safe, critical, unsafe) for loads, branches and flags. Bug: chromium:798964 Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b Reviewed-on: https://chromium-review.googlesource.com/995413 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52883}
-
- 24 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
Bug: v8:7679 Change-Id: If8b6d9ad4f93eb2b98878c916625b7a344e5900c Reviewed-on: https://chromium-review.googlesource.com/1021532Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52756}
-
- 19 Apr, 2018 1 commit
-
-
Dan Elphick authored
This is a reland of 6c68efac Updated Heap::CommittedMemory and related functions to iterate over all spaces rather than including them manually which can lead to a space being overlooked. Also adds a test to ensure this the case. Original change's description: > Revert "Reland "[heap] Move initial objects into RO_SPACE"" > > This reverts commit 6c68efac. > > Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=7668 > > Original change's description: > > Reland "[heap] Move initial objects into RO_SPACE" > > > > This is a reland of f8ae62fe > > > > Original change's description: > > > [heap] Move initial objects into RO_SPACE > > > > > > This moves: > > > * the main oddballs (null, undefined, hole, true, false) as well as > > > their supporting maps (also adds hole as an internalized string to make > > > this work). > > > * most of the internalized strings > > > * the struct maps > > > * empty array > > > * empty enum cache > > > * the contents of the initial string table > > > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the > > > value avoid writing to it during run-time) > > > > > > The StartupSerializer stats change as follows: > > > > > > RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE > > > old 0 0 270264 32608 12144 0 > > > new 21776 0 253168 32608 8184 0 > > > Overall memory usage has increased by 720 bytes due to the eager > > > initialization of the Map weak cell caches. > > > > > > Also extends --serialization-statistics to print out separate instance > > > type stats for objects in RO_SPACE as shown here: > > > > > > Read Only Instance types (count and bytes): > > > 404 16736 ONE_BYTE_INTERNALIZED_STRING_TYPE > > > 2 32 HEAP_NUMBER_TYPE > > > 5 240 ODDBALL_TYPE > > > 45 3960 MAP_TYPE > > > 1 16 BYTE_ARRAY_TYPE > > > 1 24 TUPLE2_TYPE > > > 1 16 FIXED_ARRAY_TYPE > > > 1 32 DESCRIPTOR_ARRAY_TYPE > > > 45 720 WEAK_CELL_TYPE > > > > > > Bug: v8:7464 > > > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6 > > > Reviewed-on: https://chromium-review.googlesource.com/973722 > > > Commit-Queue: Dan Elphick <delphick@chromium.org> > > > Reviewed-by: Hannes Payer <hpayer@chromium.org> > > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > > > Reviewed-by: Yang Guo <yangguo@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#52435} > > > > Bug: v8:7464 > > Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b > > Reviewed-on: https://chromium-review.googlesource.com/999654 > > Commit-Queue: Dan Elphick <delphick@chromium.org> > > Reviewed-by: Yang Guo <yangguo@chromium.org> > > Reviewed-by: Hannes Payer <hpayer@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#52638} > > TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org > > # Not skipping CQ checks because original CL landed > 1 day ago. > > Bug: v8:7464,v8:7668 > Change-Id: I10aa03623b51e997f95a3715ea9f0bf5d29d2cdb > Reviewed-on: https://chromium-review.googlesource.com/1016600 > Commit-Queue: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52667} Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: If4b7490c8c4d31612de8ec132de334955a319b11 Bug: v8:7464, v8:7668 Reviewed-on: https://chromium-review.googlesource.com/1019020Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#52689}
-
- 18 Apr, 2018 1 commit
-
-
Peter Marshall authored
This reverts commit 6c68efac. Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=7668 Original change's description: > Reland "[heap] Move initial objects into RO_SPACE" > > This is a reland of f8ae62fe > > Original change's description: > > [heap] Move initial objects into RO_SPACE > > > > This moves: > > * the main oddballs (null, undefined, hole, true, false) as well as > > their supporting maps (also adds hole as an internalized string to make > > this work). > > * most of the internalized strings > > * the struct maps > > * empty array > > * empty enum cache > > * the contents of the initial string table > > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the > > value avoid writing to it during run-time) > > > > The StartupSerializer stats change as follows: > > > > RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE > > old 0 0 270264 32608 12144 0 > > new 21776 0 253168 32608 8184 0 > > Overall memory usage has increased by 720 bytes due to the eager > > initialization of the Map weak cell caches. > > > > Also extends --serialization-statistics to print out separate instance > > type stats for objects in RO_SPACE as shown here: > > > > Read Only Instance types (count and bytes): > > 404 16736 ONE_BYTE_INTERNALIZED_STRING_TYPE > > 2 32 HEAP_NUMBER_TYPE > > 5 240 ODDBALL_TYPE > > 45 3960 MAP_TYPE > > 1 16 BYTE_ARRAY_TYPE > > 1 24 TUPLE2_TYPE > > 1 16 FIXED_ARRAY_TYPE > > 1 32 DESCRIPTOR_ARRAY_TYPE > > 45 720 WEAK_CELL_TYPE > > > > Bug: v8:7464 > > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6 > > Reviewed-on: https://chromium-review.googlesource.com/973722 > > Commit-Queue: Dan Elphick <delphick@chromium.org> > > Reviewed-by: Hannes Payer <hpayer@chromium.org> > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > > Reviewed-by: Yang Guo <yangguo@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#52435} > > Bug: v8:7464 > Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b > Reviewed-on: https://chromium-review.googlesource.com/999654 > Commit-Queue: Dan Elphick <delphick@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52638} TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7464,v8:7668 Change-Id: I10aa03623b51e997f95a3715ea9f0bf5d29d2cdb Reviewed-on: https://chromium-review.googlesource.com/1016600 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#52667}
-
- 17 Apr, 2018 1 commit
-
-
Dan Elphick authored
This is a reland of f8ae62fe Original change's description: > [heap] Move initial objects into RO_SPACE > > This moves: > * the main oddballs (null, undefined, hole, true, false) as well as > their supporting maps (also adds hole as an internalized string to make > this work). > * most of the internalized strings > * the struct maps > * empty array > * empty enum cache > * the contents of the initial string table > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the > value avoid writing to it during run-time) > > The StartupSerializer stats change as follows: > > RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE > old 0 0 270264 32608 12144 0 > new 21776 0 253168 32608 8184 0 > Overall memory usage has increased by 720 bytes due to the eager > initialization of the Map weak cell caches. > > Also extends --serialization-statistics to print out separate instance > type stats for objects in RO_SPACE as shown here: > > Read Only Instance types (count and bytes): > 404 16736 ONE_BYTE_INTERNALIZED_STRING_TYPE > 2 32 HEAP_NUMBER_TYPE > 5 240 ODDBALL_TYPE > 45 3960 MAP_TYPE > 1 16 BYTE_ARRAY_TYPE > 1 24 TUPLE2_TYPE > 1 16 FIXED_ARRAY_TYPE > 1 32 DESCRIPTOR_ARRAY_TYPE > 45 720 WEAK_CELL_TYPE > > Bug: v8:7464 > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6 > Reviewed-on: https://chromium-review.googlesource.com/973722 > Commit-Queue: Dan Elphick <delphick@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52435} Bug: v8:7464 Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b Reviewed-on: https://chromium-review.googlesource.com/999654 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52638}
-
- 14 Apr, 2018 1 commit
-
-
Jakob Kummerow authored
The "Address" type is V8's general-purpose type for manipulating memory addresses. Per the C++ spec, pointer arithmetic and pointer comparisons are undefined behavior except within the same array; since we generally don't operate within a C++ array, our general-purpose type shouldn't be a pointer type. Bug: v8:3770 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779 Reviewed-on: https://chromium-review.googlesource.com/988657 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#52601}
-
- 12 Apr, 2018 1 commit
-
-
Toon Verwaest authored
Bug: chromium:831981 Change-Id: Ie0e4bb6ca585f76829e0100202e01d02c521ac51 Reviewed-on: https://chromium-review.googlesource.com/1009902Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#52566}
-
- 10 Apr, 2018 2 commits
-
-
Clemens Hammacher authored
Replace all uses by the existing RoundUp function. R=ulan@chromium.org Bug: v8:7570 Change-Id: I7ff5e76ebea7b429ff4e4f3a8157ee831e7891ae Reviewed-on: https://chromium-review.googlesource.com/1004898Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52525}
-
Igor Sheludko authored
... to see if it improves things in real-world area. Change-Id: Icf6a1ff47f35eb3f7e25b549d736f7404148f6ab Reviewed-on: https://chromium-review.googlesource.com/1004587 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#52523}
-
- 09 Apr, 2018 1 commit
-
-
Hannes Payer authored
Bug: chromium:829771 Change-Id: Ia3b6221cdc54c5102760665076f1cb2541d16fb4 Reviewed-on: https://chromium-review.googlesource.com/999634Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52463}
-
- 06 Apr, 2018 2 commits
-
-
Michael Achenbach authored
This reverts commit f8ae62fe. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20internal%20snapshot/builds/14825 Original change's description: > [heap] Move initial objects into RO_SPACE > > This moves: > * the main oddballs (null, undefined, hole, true, false) as well as > their supporting maps (also adds hole as an internalized string to make > this work). > * most of the internalized strings > * the struct maps > * empty array > * empty enum cache > * the contents of the initial string table > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the > value avoid writing to it during run-time) > > The StartupSerializer stats change as follows: > > RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE > old 0 0 270264 32608 12144 0 > new 21776 0 253168 32608 8184 0 > Overall memory usage has increased by 720 bytes due to the eager > initialization of the Map weak cell caches. > > Also extends --serialization-statistics to print out separate instance > type stats for objects in RO_SPACE as shown here: > > Read Only Instance types (count and bytes): > 404 16736 ONE_BYTE_INTERNALIZED_STRING_TYPE > 2 32 HEAP_NUMBER_TYPE > 5 240 ODDBALL_TYPE > 45 3960 MAP_TYPE > 1 16 BYTE_ARRAY_TYPE > 1 24 TUPLE2_TYPE > 1 16 FIXED_ARRAY_TYPE > 1 32 DESCRIPTOR_ARRAY_TYPE > 45 720 WEAK_CELL_TYPE > > Bug: v8:7464 > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6 > Reviewed-on: https://chromium-review.googlesource.com/973722 > Commit-Queue: Dan Elphick <delphick@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52435} TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org Change-Id: Ie62a73a5be3b21a15bb46e342acb3e808fbaa4f3 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7464 Reviewed-on: https://chromium-review.googlesource.com/999653Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52440}
-
Dan Elphick authored
This moves: * the main oddballs (null, undefined, hole, true, false) as well as their supporting maps (also adds hole as an internalized string to make this work). * most of the internalized strings * the struct maps * empty array * empty enum cache * the contents of the initial string table * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the value avoid writing to it during run-time) The StartupSerializer stats change as follows: RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE old 0 0 270264 32608 12144 0 new 21776 0 253168 32608 8184 0 Overall memory usage has increased by 720 bytes due to the eager initialization of the Map weak cell caches. Also extends --serialization-statistics to print out separate instance type stats for objects in RO_SPACE as shown here: Read Only Instance types (count and bytes): 404 16736 ONE_BYTE_INTERNALIZED_STRING_TYPE 2 32 HEAP_NUMBER_TYPE 5 240 ODDBALL_TYPE 45 3960 MAP_TYPE 1 16 BYTE_ARRAY_TYPE 1 24 TUPLE2_TYPE 1 16 FIXED_ARRAY_TYPE 1 32 DESCRIPTOR_ARRAY_TYPE 45 720 WEAK_CELL_TYPE Bug: v8:7464 Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6 Reviewed-on: https://chromium-review.googlesource.com/973722 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52435}
-
- 04 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
Bug: v8:7340, v8:7250 Change-Id: I57f78fa5ad261f041b66986918c427821a57a6e1 Reviewed-on: https://chromium-review.googlesource.com/995472Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52356}
-
- 27 Mar, 2018 1 commit
-
-
Tobias Tebbi authored
This CL changes the poisoning in the interpreter to use the infrastructure used in the JIT. This does not change the original flag semantics: --branch-load-poisoning enables JIT mitigations as before. --untrusted-code-mitigation enables the interpreter mitigations (now realized using the compiler back-end), but does not enable the back-end based mitigations for the Javascript JIT. So in effect --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers use the same mechanics (including changed register allocation) that --branch-load-poisoning enables for the JIT. Bug: chromium:798964 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27 Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#52243}
-
- 23 Mar, 2018 1 commit
-
-
Dan Elphick authored
Moves RO_SPACE to the front of the AllocationSpace enum, so the space pre-allocation iterations don't miss it. Being at the start of the enum means that it continues to not be iterated over by any sweeper code, which iterates from FIRST_GROWABLE_PAGED_SPACE to LAST_GROWABLE_PAGED_SPACE (renamed from FIRST_PAGED_SPACE and LAST_PAGED_SPACE). Bug: v8:7464 Change-Id: I480ba784afbd878552d1cb7f9f5fa57c3b55e004 Reviewed-on: https://chromium-review.googlesource.com/973604 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52177}
-
- 21 Mar, 2018 2 commits
-
-
Peter Marshall authored
This CL renames InterpreterPushArgsMode::kJSFunction to kArrayFunction because we only ever use it for the array function. We never use PushArgsThenCall with kArrayFunction mode, so remove the unused helpers that provide the plumbing there. This is in preparation for changes to PushArgsThenConstruct, where we will no longer pass the allocation site as undefined for modes other than kArrayFunction. Bug: v8:7503 Change-Id: I86e3333e2ebd912fc8f9b0e4248282330af4b9e2 Reviewed-on: https://chromium-review.googlesource.com/972047 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Mythri Alle <mythria@google.com> Reviewed-by:
Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#52109}
-
Marja Hölttä authored
Exposing it inside Internals was a hack. The downside of this CL is that heap object tagging is in two places now (v8.h and globals.h). BUG=v8:7308 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Ic7115ab20d67109dd2b62c772d52eeb84fa7d9f7 Reviewed-on: https://chromium-review.googlesource.com/968423Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52093}
-
- 20 Mar, 2018 1 commit
-
-
Dan Elphick authored
Adds a new space RO_SPACE and modifies the serializer and other machinery to support it. Currently RO_SPACE has nothing in it, but will eventually contain all the immovable immutable objects, so the GC can ignore it. Bug: v8:7464 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Ib2ff474699196c138df8c24f7a2248471e30fbac Reviewed-on: https://chromium-review.googlesource.com/925703 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52053}
-
- 19 Mar, 2018 1 commit
-
-
Marja Hölttä authored
For serializer changes, see goo.gl/Kh2eop Previous version: https://chromium-review.googlesource.com/955593 BUG=v8:7308 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I14c92874d04545eb6d04590bedb21dc402326401 Reviewed-on: https://chromium-review.googlesource.com/968245Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52027}
-
- 13 Mar, 2018 2 commits
-
-
Michael Achenbach authored
This reverts commit bf9ab729. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/22169 Original change's description: > [in-place weak refs] Use WeakArray in Script::shared_function_infos. > > For serializer changes, see goo.gl/Kh2eop > > BUG=v8:7308 > > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng > Change-Id: I2b790413a4c0d8c8cc0c07ba7b901c965d64eb11 > Reviewed-on: https://chromium-review.googlesource.com/955593 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51895} TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,hpayer@chromium.org Change-Id: Ib9552d5c2c284ff27463e61a054c60cc20f2f8cc No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7308 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/960121Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51896}
-
Marja Hölttä authored
For serializer changes, see goo.gl/Kh2eop BUG=v8:7308 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I2b790413a4c0d8c8cc0c07ba7b901c965d64eb11 Reviewed-on: https://chromium-review.googlesource.com/955593 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51895}
-
- 12 Mar, 2018 1 commit
-
-
Camillo Bruni authored
Bug: v8:7066 Change-Id: I5aa7e976eee6b197586a656ee2e38b9d429ec07b Reviewed-on: https://chromium-review.googlesource.com/955587Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#51881}
-
- 06 Mar, 2018 1 commit
-
-
Dan Elphick authored
ObjectSpace was only referred to in static_asserts and was otherwise removed in http://codereview.chromium.org/7945009. AllocationActions's last usage was removed in https://codereview.chromium.org/1991293002. Bug: v8:7310 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I2ccbf3b674517bc698b4c92754cd0b251229d342 Reviewed-on: https://chromium-review.googlesource.com/931887Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#51763}
-
- 23 Feb, 2018 1 commit
-
-
Adam Klein authored
Since we only need to store 18 different function kinds, the bitfield approach was wasting space (requiring 11 bits). This patch replaces the bitfield with a regular enum, and updates all the FunctionKind predicates to use comparisons instead of bitwise ops. For the small amount of builtin code that depended upon being able to do masking to determine whether something is a class constructor, we still store two extra bits on FunctionKind, which are computed when the SFI is initialized. If this approach causes performance regressions (i.e., if it turns out that other code was implicitly depending on masking for fast checks), we can revert this or address it in other ways (e.g., by doing similar caching of repeated checks in the caller). This is a reland of 42667bab. Bug: v8:7310 Change-Id: I2ec54289ea687399c61d75b7aff2d849861a64f2 Reviewed-on: https://chromium-review.googlesource.com/934864Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51534}
-
- 20 Feb, 2018 2 commits
-
-
Adam Klein authored
Also delete a bit of dead code depending on dead types. Change-Id: I6cfc7e2f6c8fd006bd0de054bfc3e9f725996741 Reviewed-on: https://chromium-review.googlesource.com/923083Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51403}
-
Sigurd Schneider authored
This ensures that breaking on inlined builtins works, even when compiling concurrently. This CL also introduces the member Isolate::AbortConcurrentOptimization. R=sigurds@chromium.org Bug: v8:178 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ie6cbb48ebde18036888af2dd715862e7a14ddf9d Reviewed-on: https://chromium-review.googlesource.com/912468 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51384}
-
- 19 Feb, 2018 1 commit
-
-
Jakob Kummerow authored
This is a reland of dda0419e. Originally reviewed-on: https://chromium-review.googlesource.com/914513 and landed as refs/heads/master@{#51342}. Bug: v8:6791 Change-Id: I3b3a069da7a0e64c38a81b3110dc5ece4887cb19 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/924665Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51352}
-
- 17 Feb, 2018 2 commits
-
-
Michael Achenbach authored
This reverts commit dda0419e. Reason for revert: msvc unhappy: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/1434 Original change's description: > [bigint] Add BigInt64Array, BigUint64Array > > Bug: v8:6791 > Tbr: hpayer@chromium.org > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng > Change-Id: I637e9084d2fe4869ad0be2fb996149ab9940f346 > Reviewed-on: https://chromium-review.googlesource.com/914513 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51342} TBR=jkummerow@chromium.org,neis@chromium.org,hpayer@chromium.org Change-Id: I49237fa323f0d3ea70e744d92d5cbdd4d5c4b39f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6791 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/924663Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51344}
-
Jakob Kummerow authored
Bug: v8:6791 Tbr: hpayer@chromium.org Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I637e9084d2fe4869ad0be2fb996149ab9940f346 Reviewed-on: https://chromium-review.googlesource.com/914513 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51342}
-
- 29 Jan, 2018 2 commits
-
-
Junliang Yan authored
The stock GCC on Ubuntu 16.04 complains these constants are unused (possibly gcc issue). This CL changes these to constexpr to workaround gcc errors. R=clemensh@chromium.org, joransiu@ca.ibm.com Change-Id: I8c1772e91744bc46ace6bee576b90d40c0cdf41f Reviewed-on: https://chromium-review.googlesource.com/881554Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#50936}
-
Benedikt Meurer authored
This adjusts the RunMicrotask logic to invoke CallHandlerInfo microtasks from CSA land directly (via a runtime function call), instead of bailing out to C++ for the rest of the microtask queue entries. Even in simple micro-benchmarks there doesn't seem to be a huge performance difference. In fact performance get's better when CallHandlerInfo and promises are mixed, which makes sense, since calling from C++ to JS land is more expensive than the other way around. But just in case the runtime function call overhead ever becomes the bottleneck we can introduce a direct C++ call and setup a handle scope around it, much like a very simple version of CallApiFunctionStub. This greatly simplifies the microtask handling and paves the way for refactoring the queue to significant reduce the GC overhead associated with promises currently. Bug: v8:7253 Change-Id: I33adb62a6bada138674d324f36d4be894e27f3c9 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/890441Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50934}
-
- 25 Jan, 2018 1 commit
-
-
Yang Guo authored
This is somewhat of a revival of what used to be UnseededNumberDictionary. The difference to NumberDictionary is that each entry only has two fields (no field for property details) and there is no header field for a bitfield. The reason for this change is memory regression introduced when we removed UnseededNumberDictionary (6e1c57ea). We now use SimpleNumberDictionary for - slow template instantiation cache - code stubs table - value serializer map - stack frame cache - type profile source positions R=ishell@chromium.org, ulan@chromium.org Bug: chromium:783695 Change-Id: I3cd32e485060bb379fb2279eeefbbbded7455f0e Reviewed-on: https://chromium-review.googlesource.com/885811Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#50869}
-
- 18 Jan, 2018 1 commit
-
-
Martyn Capewell authored
Remove final csp instances, missed in the earlier patch due to being outside the arm64 tree. Bug: v8:6644 Change-Id: I2b5a2716568949740991c368b64c0a06105e4ff2 Reviewed-on: https://chromium-review.googlesource.com/874310Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#50698}
-
- 13 Jan, 2018 1 commit
-
-
Michael Achenbach authored
This reverts commit 42667bab. Reason for revert: Breaks msvc compile: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/908 Original change's description: > Simplify FunctionKind, saving 4 bits in SharedFunctionInfo > > Since we only need to store 18 different function kinds, > the bitfield approach was wasting space (requiring 11 bits). > > This patch replaces the bitfield with a regular enum, and > updates all the FunctionKind predicates to use comparisons > instead of bitwise ops. > > For the small amount of builtin code that depended upon being > able to do masking to determine whether something is a class > constructor, we still store two extra bits on FunctionKind, > which are computed when the SFI is initialized. > > If this approach causes performance regressions (i.e., if it > turns out that other code was implicitly depending on masking > for fast checks), we can revert this or address it in > other ways (e.g., by doing similar caching of repeated checks > in the caller). > > Change-Id: Iebb3214f564ea8bd7b21e78fda33517d63247124 > Reviewed-on: https://chromium-review.googlesource.com/860896 > Commit-Queue: Adam Klein <adamk@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50559} TBR=adamk@chromium.org,gsathya@chromium.org Change-Id: I8e1faa0ca6213d1e70a00fcb417b1bfa35ebd643 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/866310Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50561}
-
- 12 Jan, 2018 2 commits
-
-
Adam Klein authored
Since we only need to store 18 different function kinds, the bitfield approach was wasting space (requiring 11 bits). This patch replaces the bitfield with a regular enum, and updates all the FunctionKind predicates to use comparisons instead of bitwise ops. For the small amount of builtin code that depended upon being able to do masking to determine whether something is a class constructor, we still store two extra bits on FunctionKind, which are computed when the SFI is initialized. If this approach causes performance regressions (i.e., if it turns out that other code was implicitly depending on masking for fast checks), we can revert this or address it in other ways (e.g., by doing similar caching of repeated checks in the caller). Change-Id: Iebb3214f564ea8bd7b21e78fda33517d63247124 Reviewed-on: https://chromium-review.googlesource.com/860896 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#50559}
-
Hannes Payer authored
This reverts commit 8d7522bc and fixes the TSAN issue. Bug: chromium:800251 Change-Id: Ie88e5281f7543bb3420703e798416d4a6dbbd91a Reviewed-on: https://chromium-review.googlesource.com/864042Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50535}
-
- 11 Jan, 2018 2 commits
-
-
Adam Klein authored
This reverts commit 6af43874. Reason for revert: Linux TSAN failures: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/19028 Original change's description: > [heap] Remove page header tag from owner field. > > Bug: chromium:800251 > Change-Id: I101131b4651b0bb27a79e5107ee43caf1229ffc7 > Reviewed-on: https://chromium-review.googlesource.com/860010 > Commit-Queue: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50507} TBR=ulan@chromium.org,hpayer@chromium.org Change-Id: I29001423959f6d9faadbdba5228b28cfb1f5b341 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:800251 Reviewed-on: https://chromium-review.googlesource.com/861923Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50512}
-
Hannes Payer authored
Bug: chromium:800251 Change-Id: I101131b4651b0bb27a79e5107ee43caf1229ffc7 Reviewed-on: https://chromium-review.googlesource.com/860010 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#50507}
-
- 04 Jan, 2018 1 commit
-
-
Sathya Gunasekaran authored
Create a new function kind for initializer functions and ban arguments if used in such a function. Bug: v8:5367, v8:7183 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Id3089e587b3d6a25f27224045f250e032b831818 Reviewed-on: https://chromium-review.googlesource.com/850547 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50369}
-