Skip to content

V
V8
Switch branch/tag
  1. 04 Jun, 2018 1 commit
  3. 01 Jun, 2018 2 commits
  5. 30 May, 2018 1 commit
  7. 29 May, 2018 1 commit
  9. 25 May, 2018 1 commit
  11. 29 Apr, 2018 1 commit
  13. 27 Apr, 2018 1 commit
    • Dan Elphick's avatar
      [heap] Move all Maps into RO_SPACE · 4655c9d3
      Dan Elphick authored 
      Allocates almost all maps found in the start up snapshot into RO_SPACE.
There are 2 JSObject maps that are excluded as they contain a mutable cell.

Also updates VerifyReadOnlyPointers to check that RO_SPACE objects' maps are
also in RO_SPACE. Previously the invariant did not hold for Strings which still
had their maps in MAP_SPACE.

Also moves invalid_prototype_validity_cell to RO_SPACE.

    RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
old    22024          0     229184       32928       8184         0
new    31488          0     229184       32928        176         0

Bug: v8:7464
Change-Id: I870d22cc5234ba60b3ef8a2ada590ee6ae426c9f
Reviewed-on: https://chromium-review.googlesource.com/1013494Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52848}
      4655c9d3
  15. 16 Apr, 2018 1 commit
  17. 12 Apr, 2018 1 commit
  19. 09 Apr, 2018 1 commit
  21. 06 Apr, 2018 2 commits
  23. 05 Apr, 2018 1 commit
  25. 04 Apr, 2018 1 commit
  27. 28 Mar, 2018 2 commits
  29. 26 Mar, 2018 1 commit
  31. 23 Mar, 2018 1 commit
  33. 19 Mar, 2018 1 commit
  35. 14 Mar, 2018 1 commit
    • Ben L. Titzer's avatar
      [wasm] Add untagged context properties to WasmInstanceObject · 39bc48e2
      Ben L. Titzer authored 
      This CL is preparation for moving the contents of the WasmContext
directly into the WasmInstanceObject. The moved fields are all untagged
pointers to C++ memory or untagged sizes which will be used in
generated machine code for WASM. They are not currently used, but
they are all set to kHeapObjectTag to make sure they are not
interpreted as tagged by the GC, using a custom object descriptor.

R=mstarzinger@chromium.org
CC=clemensh@chromium.org

Bug: v8:7424
Change-Id: Ie5d5161df32564dcac74c6ff659f1a38ddca3cb0
Reviewed-on: https://chromium-review.googlesource.com/961065
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51932}
      39bc48e2
  37. 12 Mar, 2018 1 commit
  39. 01 Mar, 2018 1 commit
  41. 22 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [cleanup] Introduce a dedicated FeedbackCell. · aff1f378
      Benedikt Meurer authored 
      This is preparatory cleanup work for eventually tracking the functions
(rather than concrete closures) in the CALL_IC, also for builtins like
the default PromiseCapability [[Resolve]] and [[Reject]] functions. It
adds a new FeedbackCell type, which is used by JSFunctions consistently
now to reference the feedback vector (or undefined if not the function
is not compiled yet or is a native/asm.js function).

This also changes the calling convention for FastNewClosure builtin and
the JSCreateClosure operator in TurboFan to carry the FeedbackCell here
instead of the parent FeedbackVector and the slot index. In addition we
eliminate the now unused %InterpreterNewClosure runtime function.

Bug: v8:2206, v8:7253, v8:7310
Change-Id: Ib4ce456e276e0273e57c163dcdd0b33abf863656
Reviewed-on: https://chromium-review.googlesource.com/928403
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51474}
      aff1f378
  43. 08 Feb, 2018 1 commit
    • Adam Klein's avatar
      Revert "[builtins] Mega-revert to address the Dev blocker in crbug.com/808911." · 3916401e
      Adam Klein authored 
      This reverts commit 14108f4c.

Reason for revert: Not the culprit for Canary microtask crashes

Original change's description:
> [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
> 
> - Revert "[builtins] Save one word in contexts for Promise.all."
>   This reverts commit 7632da06.
> - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
>   This reverts commit d4f072ce.
> - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
>   This reverts commit 6703dacd.
> - Revert "[debugger] Properly deal with settled promises in catch prediction."
>   This reverts commit 40dd0658.
> - Revert "[builtins] Widen the fast-path for Promise builtins."
>   This reverts commit db0556b7.
> - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
>   This reverts commit a582199c.
> - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
>   This reverts commit 6bf88852.
> - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
>   This reverts commit 313b490d.
> - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
>   This reverts commit f7bd6a2f.
> - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
>   This reverts commit b23b098f.
> - Revert "[promise] Remove incorrect fast path"
>   This reverts commit 0f6eafe8.
> - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
>   This reverts commit 8a677a28.
> - Revert "[builtins] Refactor promises to reduce GC overhead."
>   This reverts commit 8e7737cb.
> 
> Tbr: hpayer@chromium.org
> Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
> Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/906991
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51158}

Change-Id: I09d958cbebd635a325809072a290f2f53df8c5d4
Tbr: adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/908988Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51181}
      3916401e
  45. 07 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Mega-revert to address the Dev blocker in crbug.com/808911. · 14108f4c
      Benedikt Meurer authored 
      - Revert "[builtins] Save one word in contexts for Promise.all."
  This reverts commit 7632da06.
- Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
  This reverts commit d4f072ce.
- Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
  This reverts commit 6703dacd.
- Revert "[debugger] Properly deal with settled promises in catch prediction."
  This reverts commit 40dd0658.
- Revert "[builtins] Widen the fast-path for Promise builtins."
  This reverts commit db0556b7.
- Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
  This reverts commit a582199c.
- Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
  This reverts commit 6bf88852.
- Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
  This reverts commit 313b490d.
- Revert "[builtins] Inline InternalPromiseThen into it's only caller"
  This reverts commit f7bd6a2f.
- Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
  This reverts commit b23b098f.
- Revert "[promise] Remove incorrect fast path"
  This reverts commit 0f6eafe8.
- Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
  This reverts commit 8a677a28.
- Revert "[builtins] Refactor promises to reduce GC overhead."
  This reverts commit 8e7737cb.

Tbr: hpayer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/906991
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51158}
      14108f4c
  47. 02 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Unify PerformPromiseThen and optimize it with TurboFan. · a582199c
      Benedikt Meurer authored 
      This creates a uniform PerformPromiseThen builtin, which performs the
operation with the same name from the spec, except that it expects the
handlers to be either undefined or callable already, since this is only
relevant for a single callsite (namely Promise.prototype.then).

Introduce a matching operator JSPerformPromiseThen into TurboFan, which
represents this operation and removes the additional checks in case of
Promise.prototype.then based on the information we can derived from the
receiver maps.

This yields a nice 20-25% improvement on Promise.prototype.then, as
illustrated by the following micro-benchmark

```js
const N = 1e7;
function inc(x) { return x + 1; }
function chain(promise) {
  return promise.then(inc).then(value => {
      if (value < N) chain(Promise.resolve(value));
    });
}
console.time('total');
chain(Promise.resolve(0));
setTimeout(console.timeEnd.bind(console, 'total'));
```

which goes from around 1230ms to 930ms with this patch.

Bug: v8:7253
Change-Id: I5712a863acdbe7da3bb8e621887c7b952148c51a
Reviewed-on: https://chromium-review.googlesource.com/899064Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51071}
      a582199c
  49. 15 Jan, 2018 1 commit
  51. 15 Dec, 2017 1 commit
  53. 07 Dec, 2017 1 commit
  55. 05 Dec, 2017 1 commit
  57. 28 Nov, 2017 1 commit
  59. 22 Nov, 2017 2 commits
  61. 21 Nov, 2017 1 commit
  63. 17 Nov, 2017 1 commit
    • Ulan Degenbaev's avatar
      [runtime] Make layout descriptor helper safe for concurrent marking. · 61bf2cc6
      Ulan Degenbaev authored 
      The layout descriptor helper computes the object header size using
map->instance_size() and map->GetInObjectProperties().

It races with finalization of slack tracking, which changes both
the instance size and the in-object properties count.

This patch replaces the in-object properties count byte in the map
with the byte that stores the start offset of in-object properties.

The new byte can be used in the layout descriptor to compute the
object header size and it is immutable.

This patch also renames InstanceSize to InstanceSizeInWords where
the instance size is represented in words.

Bug: chromium:786069, chromium:694255
Change-Id: I4b48c6944d3fe8a950bd7b0ba43d75216b177a78
Reviewed-on: https://chromium-review.googlesource.com/776720
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49461}
      61bf2cc6
  65. 14 Nov, 2017 2 commits
  67. 13 Nov, 2017 1 commit
  69. 06 Nov, 2017 1 commit