- 15 Nov, 2021 1 commit
-
-
Ng Zhi An authored
Bug: v8:12244,v8:12245 Change-Id: I3029cfb8e9afdcb5e53aa406359aa7246c23ea40 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3274021Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/main@{#77906}
-
- 09 Nov, 2021 1 commit
-
-
Ng Zhi An authored
Bug: v8:12244,v8:12245 Change-Id: I7f5067c9a329ac27bb4ec72d97a7509028ae648a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3269176Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/main@{#77803}
-
- 29 Oct, 2021 1 commit
-
-
Samuel Groß authored
A CagedPointer is guaranteed to point into the Virtual Memory Cage and will for example be used for ArrayBuffer backing stores when the heap sandbox is enabled. In the current implementation, CagedPointers are stored as offsets from the cage base, shifted to the left. Because the cage base address is usually available in a register, accessing a CagedPointer is very efficient, requiring only an additional shift and add operation. Bug: chromium:1218005 Change-Id: Ifc8c088e3862400672051a8c52840514dee2911f Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123417Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#77614}
-
- 13 Oct, 2021 1 commit
-
-
Joyee Cheung authored
Introduces several new runtime mechanics for defining private fields, including: - Bytecode StaKeyedPropertyAsDefine - Builtins StoreOwnIC{Trampoline|Baseline|_NoFeedback} - Builtins KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} - TurboFan IR opcode JSDefineProperty These new operations can reduce a runtime call per class field into a more traditional Store equivalent. In the microbenchmarks, this results in a substantial win over the status quo (~8x benchmark score for single fields with the changes, ~20x with multiple fields). The TurboFan JSDefineProperty op is lowered in JSNativeContextSpecialization, however this required some hacks. Because private fields are defined as DONT_ENUM when added to the object, we can't find a suitable transition using the typical data property (NONE) flags. I've added a mechanism to specify the required PropertyAttributes for the transition we want to look up. Details: New bytecodes: - StaKeyedPropertyAsDefine, which is essentially StaKeyedProperty but with a different IC builtin (KeyedDefineOwnIC). This is a bytecode rather than a flag for the existing StaKeyedProperty in order to avoid impacting typical keyed stores in any way due to additional branching and testing. New builtins: - StoreOwnIC{TTrampoline|Baseline|_NoFeedback} is now used for StaNamedOwnProperty. Unlike the regular StoreIC, this variant will no longer look up the property name in the prototype. In adddition, this CL changes an assumption that StoreNamedOwnProperty can't result in a map transition, as we can't rely on the property already being present in the Map due to an object literal boilerplate. In the context of class features, this replaces the runtime function %CreateDataProperty(). - KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} is used by the new StaKeyedPropertyAsDefine bytecode. This is similar to an ordinary KeyedStoreIC, but will not check the prototype for setters, and for private fields, will take the slow path if the field already exists. In the context of class features, this replaces the runtime function %AddPrivateField(). TurboFan IR: - JSDefineProperty is introduced to represent a situation where we need to use "Define" semantics, in particular, it codifies that we do not consult the prototype chain, and the semantics relating to private fields are implied as well. R=leszeks@chromium.org, syg@chromium.org, rmcilroy@chromium.org Bug: v8:9888 Change-Id: Idcc947585c0e612f9e8533aa4e2e0f8f0df8875d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795831Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#77377}
-
- 20 Sep, 2021 1 commit
-
-
Georg Neis authored
Bug: chromium:1250660, v8:7790 Change-Id: If96ab8879f54549b3b3d92ef2b1c13344dca17b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171154 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#76936}
-
- 10 Sep, 2021 1 commit
-
-
Marja Hölttä authored
Removing code left over by https://chromium-review.googlesource.com/c/v8/v8/+/3124806 . Bug: v8:7790 Change-Id: Id198df521ff58fe4f476f6f6a1fc624cb297be4a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3147591Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#76764}
-
- 09 Sep, 2021 1 commit
-
-
Georg Neis authored
Bug: chromium:1247763 Change-Id: I6f09d5113ef7e4774032ea586d5a1ada98aa4b1b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3149462Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/main@{#76752}
-
- 02 Sep, 2021 1 commit
-
-
Patrick Thier authored
- Replace CodeStubArguments::GetLength() with GetLengthWithReceiver() and GetLengthWithoutReceiver() - Introduce and use Torque macros to load the formal parameter count (with and without receiver). - Add actual_count to Torque arguments structure for cases where the argument count is not used, but just forwarded to other builtins. Bug: v8:11112 Change-Id: I32278efeffa2fb08361989c6df8de56c74add8b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124804Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#76637}
-
- 30 Aug, 2021 4 commits
-
-
Georg Neis authored
... by removing some obsolete code. Bug: v8:7790 Change-Id: Iad31b60de5905ba05e1c622e81c3234071752e9f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124806 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#76584}
-
Georg Neis authored
... by removing some obsolete code. Bug: v8:7790 Change-Id: Ie098055a1849de5d853c126e0c7275164f964ce8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124774 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#76575}
-
Georg Neis authored
We can now tighten the return type of FindRootMap and remove some related code. Bug: v8:7790 Change-Id: I08325e7e4f4c9261c45770f7674b6644cc5c2b80 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123411Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/main@{#76564}
-
Georg Neis authored
These methods are called only during the inlining phase, so even in the default configuration we follow the same branch as concurrent inlining and ignore the serialized data. We can thus tighten their return types and cut down JSBoundFunctionData. Bug: v8:7790 Change-Id: Ic48f8f2651d684440dc5f6a9934de2ae3a5b5132 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123410Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/main@{#76561}
-
- 12 Aug, 2021 1 commit
-
-
Ross McIlroy authored
These are no longer enabled, so remove the code mitigation logic from the codebase. BUG=chromium:1003890 Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76256}
-
- 05 Aug, 2021 1 commit
-
-
Jakob Gruber authored
Bug: v8:7790 Change-Id: Ia5903364a774bd49db1a646b3066b9972deac725 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074465 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76119}
-
- 04 Aug, 2021 1 commit
-
-
Jakob Gruber authored
Convert more raw Handle<Map> uses to MapRef. Bug: v8:7790 Change-Id: Id638b70607aa5a73404ee37dfda5e038018be525 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067337 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76089}
-
- 03 Aug, 2021 1 commit
-
-
Jakob Gruber authored
Based on a CL by mvstanton@. Bug: v8:7790,v8:12030,v8:12031,v8:12041 Change-Id: I58b75bd96c724a99133bec7d3bd6cf4e0c9be6d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059683Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#76055}
-
- 29 Jul, 2021 1 commit
-
-
Jakob Gruber authored
is_deprecated and is_stable are mutable and can be changed concurrently. We protect against changes through dependencies. CHECKs on such fields are invalid. Bug: v8:7790,chromium:1234206 Change-Id: I9bb7fab0342e0e2c33377c162b1912a8f93e760b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059682 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75973}
-
- 26 Jul, 2021 1 commit
-
-
Jakob Gruber authored
FindFrameStateBefore can return a FrameState or Dead. Bug: chromium:1232668 Change-Id: I2a21a1cd4dce9053250c1940177834ce6d2cb55b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053582 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75907}
-
- 22 Jul, 2021 1 commit
-
-
Jakob Gruber authored
A mix of readability refactors, additional DCHECKs, and addressed/updated TODOs. Bug: v8:7790 Change-Id: I87ff996abd40b0ed081586e2c0da1a4c0942fed4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041665 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75858}
-
- 20 Jul, 2021 3 commits
-
-
Jakob Gruber authored
All these methods are called in compiler/concurrent contexts and should therefore use refs where possible. This mostly just pushes code around, but does avoid a few completely unnecessary ref-handle-ref round-trips. Bug: v8:7790 Change-Id: I18e6f45ddcd16373b5349bdb7d2dccd205f5c9ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038522Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75814}
-
Jakob Gruber authored
.. instead of handles and update all uses. Likewise with ElementAccessInfo. Essentially, this creates the needed refs up-front and removes useless MakeRef calls from PAI users. Bug: v8:7790, v8:11671 Change-Id: I175e77dcca27760101606587de615e3497e68c68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030701 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#75805}
-
Jakob Gruber authored
.. and explicitly mark behavior through tags/naming conventions: // This method is never called when concurrent inlining is enabled. void SerializeFoo(NotConcurrentInliningTag); // This method is thread-safe and may be called at any time. void CacheBar(); It turns out that all our remaining SerializeFoo methods are already either of the former or latter category and thus do not block removal of the serialization phase for concurrent inlining. Bug: v8:7790 Change-Id: If8f3bc2e407bc2824f83bfcd1f520f3b14dc58ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026709 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75804}
-
- 19 Jul, 2021 1 commit
-
-
Jakob Gruber authored
This wraps up the transition away from kSerialized ref kinds. Since JSFunctionRef is a complex type, we don't attempt full consistency on the background thread. Instead, we serialize functions on the background in a partially-racy manner, in which consistency between different JSFunction fields is *not* guaranteed. Consistency is later verified through a new compilation dependency kind during finalization. Bug: v8:7790, v8:12004 Change-Id: Ic2b78af9c9fe183c8769d323132bb304b151dc75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968404 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#75789}
-
- 08 Jul, 2021 1 commit
-
-
Georg Neis authored
This is a reland of 036e5783. Key JSBoundFunctionRef methods have been changed to return an optional type, replacing the bogus always-true serialized() method. Original change's description: > [compiler] Make JSDataViewRef and JSBoundFunctionRef bg-serialized > > ... but keep/make subclass-specific methods do direct reads. > > Bug: v8:7790 > Change-Id: Ia4b9d207ce75cf28f6f0f33027ab05e27db49ce9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959621 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75457} Bug: v8:11960, v8:7790 Change-Id: I1f29283b2fb6e5fe3644e2f4e33341fce2641775 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013313 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75628}
-
- 01 Jul, 2021 1 commit
-
-
Peter Kasting authored
There are still a few cases remaining that seem more controversial; I'll upload those separately. Bug: chromium:1066980 Change-Id: Iabbaf23f9bbe97781857c0c589f2b3db685dfdc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994804 Commit-Queue: Peter Kasting <pkasting@chromium.org> Auto-Submit: Peter Kasting <pkasting@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#75494}
-
- 30 Jun, 2021 2 commits
-
-
Ross McIlroy authored
Adds support for a seperate dynamic map checks trampoline that takes the feedback vector as an argument rather than reading it from the stack frame, to enable it to work for inlined functions. Plumbs the logic through the compiler to select between these trampolines based on the framestate. BUG=v8:9684,chromium:1224367 Change-Id: Ibc7facdc78930aedec4a102693a926f64f6de7e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992724 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#75461}
-
Jakob Gruber authored
Call it NativeContextRef::GlobalIsDetached and implement it on top of Refs such that it can benefit from direct reads. Drive-by: inline a JSNativeContextSpecialization::ReduceGlobalAccess overload into its only callsite. Bug: v8:7790 Change-Id: I1c6891e0fc65a476b0c4587f3fde2c6461b302a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959614Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75454}
-
- 18 Jun, 2021 1 commit
-
-
Santiago Aboy Solanes authored
Replace GetOwnDictionaryPropertyFromHeap with TryGetOwnDictionaryPropertyFromHeap which will return {} if we are trying to read out of bounds of the heap or the object. This is done so that we can concurrently use the method. We introduce a new compilation dependency (DependOnPropertyValueSame) which checks that the background thread indeed read the correct value. Bug: v8:7790 Change-Id: Ia5e308faf1f65add638cd271995f4f33416fbd15 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930480 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75248}
-
- 16 Jun, 2021 1 commit
-
-
Mike Stanton authored
In heap-refs.cc, GetOwnFastDataPropertyFromHeap() bottlenecks reading a fast property. To make it safe to use from the background thread we need to verify the object didn't shrink, and risk an out of heap bounds read. Bug: v8:7790 Change-Id: Idebbe0ffea089bf2a70aa7d611618430169082fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928185Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#75186}
-
- 10 Jun, 2021 1 commit
-
-
Jakob Gruber authored
.. when concurrent inlining is on. SerializeBackPointer SerializeForElementLoad SerializeRootMap For SerializeRootMap: Due to changed root map access timing, it is now possible to see an abandoned prototype map - added logic for that in RemoveImpossibleMaps. Bug: v8:7790 Change-Id: Icdb3fff12536bfdc84923e7cd40bad9978a2a401 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948658 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75065}
-
- 07 Jun, 2021 2 commits
-
-
Camillo Bruni authored
- Add new Builtin enum - Move Builtins::Name:kXXX to Builtin::kXXX - Update existing code Follow CLs will unify the mix of using int builtin-ids and Builtins::Name to only use the new Builtin enum and changing it to an enum class. Change-Id: Ib39aa45a25696acdf147f46392901b1e051deaa4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905592 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#74995}
-
Jakob Gruber authored
.. and replace them by elements read directly from the heap object. With this change, consistency between `map` and `elements` is no longer guaranteed. Users were updated, when necessary, to deal with this, e.g. by being more careful not to read out of bounds, by inserting new `actual_elements == elements_constant` runtime checks, or through a new compilation dependency that verifies unchanged elements at finalization time. Drive-by: inline GetElementsKind into callsites. Bug: v8:7790 Change-Id: Ifba78182e185ff0d4e954e3be52f0eb24328c853 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909655Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74977}
-
- 25 May, 2021 1 commit
-
-
Georg Neis authored
This reland is a manual revert of the previous revert (commit 815bab9f). Manual due to merge conflicts. No other changes. Original change's description: > [compiler] Remove one ObjectRef constructor > > Remove the handle-taking ObjectRef constructor in favor of > (Try)MakeRef as bottleneck. > > Bug: v8:7790 > Change-Id: I3cc3a1dcef4bac53a91c573d1a532332b88c6eb4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883664 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74593} Bug: v8:7790 Tbr: jgruber@chromium.org Change-Id: Iafc68f68df06ca9f404427d272b663c218d6550a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917039Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74757}
-
- 18 May, 2021 1 commit
-
-
Sathya Gunasekaran authored
This reverts commit 59bb4325. Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this) https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview Original change's description: > [compiler] Remove one ObjectRef constructor > > Remove the handle-taking ObjectRef constructor in favor of > (Try)MakeRef as bottleneck. > > Bug: v8:7790 > Change-Id: I3cc3a1dcef4bac53a91c573d1a532332b88c6eb4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883664 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74593} Bug: v8:7790 Change-Id: Ifdecf93a3a8c09a3da7118a269fc66c2ae0f1a09 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901988Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#74618}
-
- 17 May, 2021 1 commit
-
-
Georg Neis authored
Remove the handle-taking ObjectRef constructor in favor of (Try)MakeRef as bottleneck. Bug: v8:7790 Change-Id: I3cc3a1dcef4bac53a91c573d1a532332b88c6eb4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883664 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74593}
-
- 06 May, 2021 2 commits
-
-
Fanchen Kong authored
When a function is invoked by prototype.apply, it may undergo following transformation in the JSCallReducer: receiver.apply(this, args) -> this.receiver(...args) Since the new target (also the receiver of apply()) is not collected to the feedback slot, further speculative optimization on the new target is not available if the new target is not a heapconstant. With this CL, the receiver will be collected to the feedback instead of the target if the target is a prototype.apply. It may improve the performance of the following usecase by ~80%. function reduceArray(func, arr, r) { for (var i = 0, len = arr.length; i < len; i++) { r = func.apply(null, r, arr[i]); } return r; } var a = 0; for (var i = 0; i < 10000000; i++) { a += reduceArray(Math.imul, [5,6,2,3,7,6,8,3,7,9,2,5,], 1); } console.log(a); This CL also improves the runTime score of JetStream2/richards-wasm by ~45% in default, ~60% with --turbo-inline-js-wasm-calls. Change-Id: I542eb8d3fcb592f4e0993af93ba1af70e89c3982 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639813 Commit-Queue: Fanchen Kong <fanchen.kong@intel.com> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74413}
-
Georg Neis authored
This is a simplification and cleanup. Bug: v8:7790 Change-Id: I93a3ed2c9ddce4e300f25032be2085aef915ed8d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874655 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74396}
-
- 05 May, 2021 3 commits
-
-
Georg Neis authored
... in favour of an optional return type for MapRef::prototype(). This also eliminates one kind of use of ShouldHaveBeenSerialized(), which I want to get rid of entirely. Bug: v8:7790 Change-Id: I031f067d644570e5c8aaeaf94c5ff69ff0515a99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874456 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74385}
-
Jakob Gruber authored
This is part of a CL series that establishes MakeRef/TryMakeRef as the bottleneck for Ref construction. We do this by converting direct constructor uses to (Try)MakeRef calls, and then marking the ctor as protected. Bug: v8:7790 Change-Id: I26faa6bc1934662c81ae127dee64bddffa428de9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874165Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74371}
-
Jakob Gruber authored
This is part of a CL series that establishes MakeRef/TryMakeRef as the bottleneck for Ref construction. We do this by converting direct constructor uses to (Try)MakeRef calls, and then marking the ctor as protected. Bug: v8:7790 Change-Id: I36c07f69378f3a630462c216ef5da284cfd3972f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871449 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74367}
-