Skip to content

V
V8
Switch branch/tag
  1. 04 Mar, 2019 2 commits
    • Benedikt Meurer's avatar
      [cleanup] Remove obsolete "one byte data hint" for strings. · 683cf6f4
      Benedikt Meurer authored 
      In the early days of Chrome when we used WebKit there was no support for
ASCII strings on the C++ side, so we put a hint onto these two-byte
strings that said "string only contains one byte data", such that
internally in V8 when these were involved in string operations, we could
instead create the *cheaper* one byte strings.

Nowadays Blink properly supports one-byte string representations and
this additional hint only comes with overhead, since we check it in
quite a few places (i.e. on the hot path for string concatenation), plus
we end up consuming more memory due to the additional string maps.
Removing the hint also frees one bit in the InstanceType zoo for
strings.

This alone improves performance on the `bench-dom-serialize.js` test case
by around **3%**.

Tbr: mstarzinger@chromium.org
Bug: v8:6622, v8:8834, v8:8939
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: I0753f2859cee7b5a37b6f0da64d8ec39fcb044ff
Doc: https://bit.ly/fast-string-concatenation-in-javascript
Reviewed-on: https://chromium-review.googlesource.com/c/1498478
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60006}
      683cf6f4
    • Benedikt Meurer's avatar
      [cleanup] Refactor CodeStubAssembler::NewConsString(). · 8dd8bd56
      Benedikt Meurer authored 
      Remove the duplication of the allocation logic via the
AllocateOneByteConsString and AllocateTwoByteConsString helpers, and
instead just have a diamond to figure out the result map. This reduces
code size of the StringAdd_CheckNone builtin and even seems to be
beneficial performance wise. It seems to improve the performance on
the `bench-dom-serialize.js` test by around 1% just doing this.

Drive-by-fix: Remove the `flags` from CodeStubAssembler::StringAdd()
and its helpers, since we no longer support pretenuring of string
additions (for quite a while now).

Bug: v8:8834, v8:8939
Change-Id: Ia23e02c974b5f572930fcd45be0643094ab2fa98
Doc: https://bit.ly/fast-string-concatenation-in-javascript
Reviewed-on: https://chromium-review.googlesource.com/c/1498133
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59993}
      8dd8bd56
  3. 01 Mar, 2019 1 commit
    • Matt Gardner's avatar
      Reland "Optimize `in` operator" · 803ad324
      Matt Gardner authored 
      The original was reverted for breaking webkit layout tests:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/30270

It also caused the following clusterfuzz failures:

chromium:935832
This was a correctness bug due to not properly handling the case of arrays with prototypes other
than Array.prototype. Accesses that were TheHole were not being handled property, both in bounds
holes in holey arrays and out of bounds on either holey or packed arrays. Handling was incorrect
both in access-assembler and in Turbofan.

chromium:935932
This bug was that there was no handling for Has checks on the global object. Turbofan was emitting
code for a store (the 'else' condition on 'access_mode == AccessMode::kLoad'). It hit a DCHECK in
debug builds but in release could show up in different places. This is the bug that caused the
webkit layout test failure that led to the revert.

Both bugs are fixed by in CL, and tests are added for those cases.

Bug: v8:8733, chromium:935932, chromium:935832
Change-Id: Iba0dfcfce6e15d2c0815a7670ece67bc13ba1925
Reviewed-on: https://chromium-review.googlesource.com/c/1493132Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59958}
      803ad324
  5. 26 Feb, 2019 1 commit
  7. 25 Feb, 2019 1 commit
  9. 24 Feb, 2019 1 commit
  11. 21 Feb, 2019 3 commits
  13. 20 Feb, 2019 2 commits
    • Tobias Tebbi's avatar
      [torque] inherit generates declaration for abstract types · 838a4ca5
      Tobias Tebbi authored 
      Bug: v8:7793
Change-Id: I41382177f44b090e51b3a61f29dc9f54bdfad72e
Reviewed-on: https://chromium-review.googlesource.com/c/1475534
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarDaniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59733}
      838a4ca5
    • peterwmwong's avatar
      Reland "[builtins]: Optimize CreateTypedArray to use element size log 2 for calculations." · 02b9847f
      peterwmwong authored 
      This is a reland of c9ef0405

Original change's description:
> [builtins]: Optimize CreateTypedArray to use element size log 2 for calculations.
>
> TypedArrayElementsInfo now represents an element's size as a log 2 and typed as
> uintptr.  This simplifies and speeds up (avoids possible HeapNumber allocations) a
> number of calculations:
>
>   - Number of Elements (length) -> Byte Length - is now a WordShl
>   - Byte Length -> Number of Elements (length) - is now a WordShr
>   - Testing alignment (byte offset or length)  - is now a WordAnd
>
> These element/byte length related calculations are encapsulated in
> TypedArrayElementsInfo as struct methods.
>
> This reduces the size of CreateTypedArray by 2.125 KB (24%) on Mac x64.release:
>   - Before: 9,088
>   - After:  6,896
>
> This improves the performance of the following microbencmarks
>   - TypedArrays-ConstructWithBuffer: ~87%
>   - TypedArrays-SubarrayNoSpecies:   ~28%
>
> Bug: v8:7161
> Change-Id: I2239fd0e0af9d3ad55cd52318088d3c7c913ae44
> Reviewed-on: https://chromium-review.googlesource.com/c/1456299
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59531}

Bug: v8:7161, chromium:932034
Change-Id: I5c3dc34c549234417f95b404e7d49b2fd496fa69
Reviewed-on: https://chromium-review.googlesource.com/c/1476306
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59728}
      02b9847f
  15. 18 Feb, 2019 2 commits
    • Tobias Tebbi's avatar
      [csa] disable bounds checks for Set/Map accessors · 185ad97c
      Tobias Tebbi authored 
      This should recover the microbenchmark performance-regressions.

Bug: chromium:932919
Change-Id: I00e2345428c8730035dc1164278006d687364de7
Reviewed-on: https://chromium-review.googlesource.com/c/1477063Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59663}
      185ad97c
    • Jakob Gruber's avatar
      Revert "[builtins]: Optimize CreateTypedArray to use element size log 2 for calculations." · ced2e4ee
      Jakob Gruber authored 
      This reverts commit c9ef0405.

Reason for revert: https://crbug.com/932034

Original change's description:
> [builtins]: Optimize CreateTypedArray to use element size log 2 for calculations.
>
> TypedArrayElementsInfo now represents an element's size as a log 2 and typed as
> uintptr.  This simplifies and speeds up (avoids possible HeapNumber allocations) a
> number of calculations:
>
>   - Number of Elements (length) -> Byte Length - is now a WordShl
>   - Byte Length -> Number of Elements (length) - is now a WordShr
>   - Testing alignment (byte offset or length)  - is now a WordAnd
>
> These element/byte length related calculations are encapsulated in
> TypedArrayElementsInfo as struct methods.
>
> This reduces the size of CreateTypedArray by 2.125 KB (24%) on Mac x64.release:
>   - Before: 9,088
>   - After:  6,896
>
> This improves the performance of the following microbencmarks
>   - TypedArrays-ConstructWithBuffer: ~87%
>   - TypedArrays-SubarrayNoSpecies:   ~28%
>
> Bug: v8:7161
> Change-Id: I2239fd0e0af9d3ad55cd52318088d3c7c913ae44
> Reviewed-on: https://chromium-review.googlesource.com/c/1456299
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59531}

TBR=peter.wm.wong@gmail.com,jgruber@chromium.org,petermarshall@chromium.org,szuend@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7161, chromium:932034
Change-Id: I3da95447ce34f84d01629d2791868f3adcdfb387
Reviewed-on: https://chromium-review.googlesource.com/c/1475764
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59645}
      ced2e4ee
  17. 15 Feb, 2019 1 commit
  19. 13 Feb, 2019 2 commits
  21. 12 Feb, 2019 2 commits
  23. 08 Feb, 2019 1 commit
  25. 06 Feb, 2019 1 commit
  27. 05 Feb, 2019 2 commits
  29. 04 Feb, 2019 2 commits
  31. 31 Jan, 2019 1 commit
  33. 28 Jan, 2019 2 commits
  35. 26 Jan, 2019 1 commit
  37. 24 Jan, 2019 2 commits
  39. 23 Jan, 2019 1 commit
  41. 22 Jan, 2019 1 commit
  43. 21 Jan, 2019 1 commit
  45. 18 Jan, 2019 1 commit
  47. 17 Jan, 2019 1 commit
  49. 10 Jan, 2019 1 commit
    • Daniel Clifford's avatar
      [torque]: Class declarations · d0e95c7a
      Daniel Clifford authored 
      Class declarations support structured heap data that is a subtype of
HeapObject. Only fields of Object subtypes (both strong and weak)
are currently supported (no scalar fields yet).

With this CL, both the field list macro used with the C++
DEFINE_FIELD_OFFSET_CONSTANTS macro (to make field offset constants) as
well as the Torque "operator '.field'" macros are generated for the
classes declared in Torque. This is a first step to removing the
substantial amount of duplication and boilerplate code
needed to declare heap object classes.

As a proof of concept, and handful of class field definitions,
including those for non trivial classes like JSFunction, have been
moved to Torque.

Bug: v8:7793
Change-Id: I2fa0b53db65fa6f5fe078fb94e1db3418f908753
Reviewed-on: https://chromium-review.googlesource.com/c/1373971
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58704}
      d0e95c7a
  51. 09 Jan, 2019 1 commit
  53. 07 Jan, 2019 1 commit
  55. 27 Dec, 2018 2 commits