1. 03 Aug, 2017 2 commits
  2. 13 Jul, 2017 1 commit
  3. 11 Jul, 2017 1 commit
  4. 10 Jul, 2017 1 commit
  5. 14 Jun, 2017 1 commit
  6. 12 Jun, 2017 1 commit
  7. 25 Apr, 2017 1 commit
    • Peter Marshall's avatar
      [builtins] Cleanup TypedArray constructors and reduce code size. · c326e73d
      Peter Marshall authored
      This CL is purely refactoring, no behavior changes.
      
      Remove InitializeBasedOnLength and combine it with a new Stub-ified
      TypedArrayInitialize which now allocates the buffer in both the
      on-heap and off-heap cases.
      
      Add TypedArrayInitializeWithBuffer because this was essentially a
      special case that didn't share much logic with Initialize.
      Factor out the common pieces into SetupTypedArray and AttachBuffer.
      
      We can also always pass in the elementsSize, so there is no need
      to calculate this again. LoadMapAndElementsSize is changed to 
      LoadMapForType.
      
      This reduces code size by ~8k.
      
      Bug: chromium:711275,chromium:701768
      Change-Id: I6ad8701e9c72f53bfd9484725fb82055be568c25
      Reviewed-on: https://chromium-review.googlesource.com/483481
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#44850}
      c326e73d
  8. 19 Apr, 2017 1 commit
    • Peter Marshall's avatar
      [builtins] Use the ElementsAccessor to copy TypedArrays. · 356e9246
      Peter Marshall authored
      This includes a fastpath in the ElementsAccessor for the source
      array being a JSArray with FastSmi or FastDouble packed kinds. This
      is probably a pretty common usage, where an array is passed in as
      a way of initializing the TypedArray at creation (as there is not other
      syntax to do this). e.g. new Float64Array([1.0, 1.0, 1.0]) for some
      sort of vector application.
      
      BUG= v8:5977
      
      Change-Id: Ice4ad9fc29f56b1c4b0b30736a1330efdc289003
      Reviewed-on: https://chromium-review.googlesource.com/465126Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#44722}
      356e9246
  9. 08 Apr, 2017 1 commit
  10. 07 Apr, 2017 1 commit
  11. 06 Apr, 2017 3 commits
  12. 04 Apr, 2017 1 commit
  13. 03 Apr, 2017 2 commits
  14. 31 Mar, 2017 1 commit
    • Peter Marshall's avatar
      [builtins] Copy array contents using JS in ConstructByArrayLike. · a450c185
      Peter Marshall authored
      The last CL https://chromium-review.googlesource.com/c/456707/ caused
      some pretty heavy performance regressions. After experimenting, it
      seems the easiest and most straight-forward way to copy the elements
      into the new typed array is to do it in JS.
      
      Adds a fast path for typed arrays, where the source typed array has
      the same elements kind, in which case we can just copy the backing
      store using memcpy.
      
      This CL also removes regression test 319120 which is from a pwn2own
      vulnerability. The old code path enforced a maximum byte_length
      that was too low, which this change removes. The length property of
      the typed array must be a Smi, but the byte_length, which can be up
      to 8x larger than length for a Float64Array, can be a heap number.
      
      We can also re-use some of the logic from ConstructByLength when
      deciding whether to allocate the buffer on- or off-heap, so that
      is factored out into InitializeBasedOnLength. We can also re-use
      the DoInitialize helper instead of calling into the runtime,
      meaning we can remove InitializeFromArrayLike.
      
      BUG=v8:5977,chromium:705503,chromium:705394
      
      Change-Id: I63372652091d4bdf3a9491acef9b4e3ac793a755
      Reviewed-on: https://chromium-review.googlesource.com/459621Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#44301}
      a450c185
  15. 24 Mar, 2017 1 commit
  16. 21 Mar, 2017 1 commit
  17. 20 Mar, 2017 1 commit
  18. 17 Mar, 2017 1 commit
    • titzer's avatar
      [rename] Rename internal field to embedder field. · 72e53936
      titzer authored
      This CL renames all occurrences of "internal field" to "embedder field"
      to prevent confusion. As it turns out, these fields are not internal to
      V8, but are actually embedder provided fields that should not be mucked
      with by the internal implementation of V8.
      
      Note that WASM does use these fields, and it should not.
      
      BUG=v8:6058
      
      Review-Url: https://codereview.chromium.org/2741683004
      Cr-Commit-Position: refs/heads/master@{#43900}
      72e53936
  19. 16 Mar, 2017 1 commit
  20. 14 Mar, 2017 1 commit
  21. 13 Mar, 2017 2 commits
  22. 07 Mar, 2017 2 commits
  23. 02 Mar, 2017 1 commit
  24. 01 Mar, 2017 2 commits
    • Peter Marshall's avatar
      Revert "[builtins] Port TypedArrayInitialize to CodeStubAssembler." · a8e15e8f
      Peter Marshall authored
      This reverts commit b23b2c10.
      
      Reason for revert: Makes Linux debug bot sad
      
      Original change's description:
      > [builtins] Port TypedArrayInitialize to CodeStubAssembler.
      > 
      > Turbofan is a lot slower than Crankshaft at constructing TypedArrays,
      > because we always go to the C++ builtin. Port the builtin to CSA
      > to improve performance, and to clean up the implementation, which is
      > split across multiple files and pieces at the moment.
      > 
      > This CL increases the performance with --future to roughly the same
      > as with crankshaft.
      > 
      > BUG=v8:5977
      > 
      > Change-Id: I5a4c4b544a735a56290b85bf33c2f3718df7e2b8
      > Reviewed-on: https://chromium-review.googlesource.com/445717
      > Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#43518}
      
      TBR=cbruni@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,v8-reviews@googlegroups.com
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      BUG=v8:5977
      
      Change-Id: I5d5bc8b4677a405c716d78e688af80ae9c737b4a
      Reviewed-on: https://chromium-review.googlesource.com/448558Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#43520}
      a8e15e8f
    • Peter Marshall's avatar
      [builtins] Port TypedArrayInitialize to CodeStubAssembler. · b23b2c10
      Peter Marshall authored
      Turbofan is a lot slower than Crankshaft at constructing TypedArrays,
      because we always go to the C++ builtin. Port the builtin to CSA
      to improve performance, and to clean up the implementation, which is
      split across multiple files and pieces at the moment.
      
      This CL increases the performance with --future to roughly the same
      as with crankshaft.
      
      BUG=v8:5977
      
      Change-Id: I5a4c4b544a735a56290b85bf33c2f3718df7e2b8
      Reviewed-on: https://chromium-review.googlesource.com/445717
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#43518}
      b23b2c10
  25. 25 Feb, 2017 1 commit
  26. 23 Feb, 2017 1 commit
  27. 22 Feb, 2017 2 commits
  28. 17 Feb, 2017 1 commit
  29. 15 Feb, 2017 1 commit
    • caitp's avatar
      Reland [typedarrays] move %TypedArray%.prototype.copyWithin to C++ · dc302c74
      caitp authored
      - Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
      - Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
      relies on std::memmove rather than accessing individual eleements.
      - Fixes the case where copyWithin is invoked on a TypedArray with a
      detached buffer.
      - Add tests to ensure that +/-Infinity (for all 3 parameters) is handled
        correctly by the
      algorithm
      
      The C++ version gets through the benchmark more than 25000 times as
      quickly as the JS implementation.
      
      BUG=v8:5925, v8:5929, v8:4648
      R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
      
      Review-Url: https://codereview.chromium.org/2697593002
      Cr-Commit-Position: refs/heads/master@{#43213}
      dc302c74
  30. 12 Feb, 2017 1 commit
    • littledan's avatar
      Revert of [typedarrays] move %TypedArray%.prototype.copyWithin to C++... · 4530f0dc
      littledan authored
      Revert of [typedarrays] move %TypedArray%.prototype.copyWithin to C++ (patchset #6 id:100001 of https://codereview.chromium.org/2671233002/ )
      
      Reason for revert:
      Due to security issue described in review thread.
      
      Original issue's description:
      > [typedarrays] move %TypedArray%.prototype.copyWithin to C++
      >
      > - Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
      > - Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
      > relies on std::memmove rather than accessing individual eleements.
      > - Fixes the case where copyWithin is invoked on a TypedArray with a
      > detached buffer.
      > - Add tests to ensure that +/-Infinity (for all 3 parameters) is handled correctly by the
      > algorithm
      >
      > The C++ version gets through the benchmark more than 25000 times as
      > quickly as the JS implementation.
      >
      > BUG=v8:5925, v8:5929, v8:4648
      > R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
      >
      > Review-Url: https://codereview.chromium.org/2671233002
      > Cr-Commit-Position: refs/heads/master@{#42975}
      > Committed: https://chromium.googlesource.com/v8/v8/+/0f1c626d556cbf84b0e572635eb803729f88cbb3
      
      TBR=cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org,cwhan.tunz@gmail.com,caitp@igalia.com
      # Not skipping CQ checks because original CL landed more than 1 days ago.
      BUG=v8:5925, v8:5929, v8:4648
      
      Review-Url: https://codereview.chromium.org/2693753002
      Cr-Commit-Position: refs/heads/master@{#43132}
      4530f0dc
  31. 06 Feb, 2017 2 commits
    • caitp's avatar
      [typedarrays] move %TypedArray%.prototype.copyWithin to C++ · 0f1c626d
      caitp authored
      - Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
      - Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
      relies on std::memmove rather than accessing individual eleements.
      - Fixes the case where copyWithin is invoked on a TypedArray with a
      detached buffer.
      - Add tests to ensure that +/-Infinity (for all 3 parameters) is handled correctly by the
      algorithm
      
      The C++ version gets through the benchmark more than 25000 times as
      quickly as the JS implementation.
      
      BUG=v8:5925, v8:5929, v8:4648
      R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
      
      Review-Url: https://codereview.chromium.org/2671233002
      Cr-Commit-Position: refs/heads/master@{#42975}
      0f1c626d
    • caitp's avatar
      [cleanup] fix comment in builtins-typedarray.cc · ec922ef6
      caitp authored
      It's supposed to be a JSTypedArray, not a JSGeneratorObject
      
      BUG=
      R=littledan@chromium.org, adamk@chromium.org, jgruber@chromium.org
      
      Review-Url: https://codereview.chromium.org/2674133002
      Cr-Commit-Position: refs/heads/master@{#42967}
      ec922ef6