- 11 Dec, 2017 17 commits
-
-
Jeremy Roman authored
The parser holds a single vector whose backing storage is reused in calls to ParseJsonObject, so that once we reach the peak number of unstored properties no more allocations are required. This improves performance of parsing inputs like those in Speedometer VanillaJS by about 2% in my local measurement, and would presumably do better on more pathological inputs. This should also have the side effect of reducing peak memory usage at this time slightly, since we do fewer zone allocations which cannot be freed until the parse finishes. Reland switches to use std::vector::data instead of operator[] to avoid an index check in debug MSVC. In such cases the out-of-bounds pointer cannot be dereferenced, so it is legal. Bug: chromium:771227 Change-Id: I21837196372c904bfc799cd14353a73d11dcff32 Reviewed-on: https://chromium-review.googlesource.com/804062Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Jeremy Roman <jbroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#49997}
-
Sigurd Schneider authored
Bug: v8:7127 Change-Id: I79be6acaa04623fe9a5d314de5cb10811724db5f Reviewed-on: https://chromium-review.googlesource.com/814401 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49996}
-
Tobias Tebbi authored
We have to ensure that replacements do not have replacements because otherwise a changed replacement (of the replacement) wouldn't trigger graph revisitations. However, this invariant can be temporarily violated when the information propagated along the effect chain is outdated for another reason. So we should only check this for the final fixed-point. Bug: chromium:787959 Change-Id: I4a6b2c4f6ff3205649c0f866654900d4ab126acf Reviewed-on: https://chromium-review.googlesource.com/817777Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#49995}
-
Andreas Haas authored
Add the ability to return (multiple) return values on the stack: - Extend stack frames with a new buffer region for return slots. This region is located at the end of a caller's frame such that its slots can be indexed as caller frame slots in a callee (located beyond its parameters) and assigned return values. - Adjust stack frame constructon and deconstruction accordingly. - Extend linkage computation to support register plus stack returns. - Reserve return slots in caller frame when respective calls occur. - Introduce and generate architecture instructions ('peek') for reading back results from return slots in the caller. - Aggressive tests. - Some minor clean-up. So far, only ia32 and x64 are implemented. Change-Id: I9532ad13aa307c1dec40548c5b84600fe2f762ce Reviewed-on: https://chromium-review.googlesource.com/766371 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49994}
-
sreten.kovacevic authored
Fixes problem with compilation in wasm-compiler.cc Bug: Change-Id: I2c38a4235b53467715d2199462d995b012e63bf9 Reviewed-on: https://chromium-review.googlesource.com/819270Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#49993}
-
Clemens Hammacher authored
Moving a register to itself is not only unnecessary overhead, it also breaks invariants in the StackTransferRecipe. R=ahaas@chromium.org Bug: v8:6600, chromium:793551 Change-Id: I659fd66b4f2d4564c437ed9fb048322af4299d97 Reviewed-on: https://chromium-review.googlesource.com/819231Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49992}
-
Benedikt Meurer authored
Explain why we still have kNumber in addition to kNumberOrOddball, although the original motivation, which was Crankshaft, is gone now. Bug: v8:7109 Change-Id: I33016fbfa96bb0db57473b6d0c720fa1389d11f1 Reviewed-on: https://chromium-review.googlesource.com/817439Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49991}
-
Benedikt Meurer authored
The CompareOperationFeedback documentation was outdated and there was an invalid TODO on it that suggested to unify this with the BinaryOperationFeedback which in retrospect doesn't make a lot of sense. Bug: v8:7109 Change-Id: Ibf748e242db55430f29d305f1ef1df6d44449481 Reviewed-on: https://chromium-review.googlesource.com/819090Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49990}
-
Clemens Hammacher authored
This helps to debug issues with maintaining the cache state, and also understanding errors in the generated code. Unfortunately, it requires buffering the trace output in the decoder, since the interface is called in between, and the output would be messed up otherwise. R=titzer@chromium.org Bug: v8:6600 Change-Id: Ie8af8f7f619f3909ea52268241b883a4d4de79fa Reviewed-on: https://chromium-review.googlesource.com/813972 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49989}
-
Ulan Degenbaev authored
Bug: Change-Id: I49a259b8911969aace193cc3d0b18e4b8bcac7b8 Reviewed-on: https://chromium-review.googlesource.com/818344Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49988}
-
peterwmwong authored
Support inlining Array.prototype.find in Turbofan. Quick benchmarks show >2x improvement for Smi and Double packed arrays: https://github.com/peterwmwong/v8-perf/blob/master/array-find-tf/README.md Bug: chromium:791045, v8:1956 Change-Id: I9a6882be9bc3e1e84df372a24bd0f85897cf92a0 Reviewed-on: https://chromium-review.googlesource.com/818193Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49987}
-
Jaroslav Sevcik authored
For the JS object allocation case, we materialize children_count - 1 objects. However, we already materialized the map and property array, so this could materialize one object beyond the JS object. If there is no such object, we would go out-of-bounds. Bug: chromium:792330 Change-Id: I5ed5e4ddde9de9789bb2531a48a0d87c80bd156c Reviewed-on: https://chromium-review.googlesource.com/817315 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49986}
-
Tobias Tebbi authored
This xor can never change the number of collisions, so it should be safe to remove. Bug: Change-Id: I253c0ece422f66e7cba15b13c041cfb6c8361674 Reviewed-on: https://chromium-review.googlesource.com/809113Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#49985}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I251ea6e2c0e96b546e6fb96679ef4fc51e4adaa2 Reviewed-on: https://chromium-review.googlesource.com/817414Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49984}
-
cjihrig authored
Change-Id: I12f67d79c11a209b02262c282a27cc7ef6afc14b Reviewed-on: https://chromium-review.googlesource.com/806774Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#49983}
-
Jaroslav Sevcik authored
This relands commit e71b8022. This can now back in as the fix for chromium:787301 had enough time to be tested in Canary. Original change's description: > [deoptimizer] Staged materialization of objects. > > The existing object materialization in the deoptimizer has the following problems: > > - Objects do not necessarily verify during materialization (because during the > depth first walk we might have inconsistent objects). > > - Stack can overflow (because we just materialize using recursive calls). > > - We generalize object fields. > > > This CL re-implements the materialization algorithm to solve this problem. The > new implementation creates the objects in two steps: > > 1. We allocate space for all the objects. In general, we allocate ByteArrays > of the right size. For leaf objects that cannot participate in cycles, > we build and initialize the materialized objects completely. > > For JS objects, we insert markers into the byte array at the positions > where unboxed doubles are expected. > > 2. We initialize all the objects with the proper field values and change the > map from the ByteArray map to the correct map. This requires some sync > with the concurrent marker (Heap::NotifyObjectLayoutChange). > > When initializing the JS object fields, we make sure that we respect > the unboxed double marker. > > Bug: chromium:770106, v8:3836 > Change-Id: I1ec466a9d19db9538df4ba915516d4c3ca825632 > Reviewed-on: https://chromium-review.googlesource.com/777559 > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49821} Bug: chromium:770106, v8:3836 Change-Id: Ied6c4e0fbae52713e55ae6dc13794a7521dbb8a5 Reviewed-on: https://chromium-review.googlesource.com/817745Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49982}
-
jing.bao authored
Implement IA32Movdqu Add vmovdqu and Movdqu macro Bug: Change-Id: Idc2b5c99adf38d6120ff451bde40d4ad8f2046de Reviewed-on: https://chromium-review.googlesource.com/815944Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Jing Bao <jing.bao@intel.com> Cr-Commit-Position: refs/heads/master@{#49981}
-
- 10 Dec, 2017 3 commits
-
-
Mikhail Gusarov authored
If the source checkout had 'debug' somewhere in the path name, then IsDebuggerFile() marked all modules as debug ones, which triggered an assertion during snapshot generation. Bug: Change-Id: I93537efca9152c5469bb760f32ca53b06351f7a4 Reviewed-on: https://chromium-review.googlesource.com/809205Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49980}
-
Bill Budge authored
- Remove unnecessary LSAN #include. - Use i:: instead of internal:: for consistency. Bug: Change-Id: I783b28402bf9c661e51b629167ec73b98a6b9fd7 Reviewed-on: https://chromium-review.googlesource.com/818198Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#49979}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d1735e8..ca599b0 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I76ab6088eecbfd6ae27c76ed0f39c51f6918f903 Reviewed-on: https://chromium-review.googlesource.com/817589Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#49978}
-
- 09 Dec, 2017 3 commits
-
-
Caitlin Potter authored
await expressions are an invalid destructuring target, and should result in a SyntaxError when used in a position where a destructuring target is expected. BUG=v8:7173 R=marja@chromium.org, adamk@chromium.org Change-Id: I1bdb4bc13cb2e3e904fc4389a6e0abca1e0ed17f Reviewed-on: https://chromium-review.googlesource.com/811946Reviewed-by: Sathya Gunasekaran (ooo until 12/12) <gsathya@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#49977}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/404c19d..d1735e8 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/16753e0..d624b3c Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/26f7d8a..e3b480d TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I2b61a541b5ff881d1d911f2b560661b8c1f0be7d Reviewed-on: https://chromium-review.googlesource.com/818157Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#49976}
-
https://crrev.com/c/802322Eric Holk authored
Bug: v8:7143 Change-Id: Ie8eee40ba1761a5790dc67a8ce03d2b2cb949722 Reviewed-on: https://chromium-review.googlesource.com/815677 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49975}
-
- 08 Dec, 2017 17 commits
-
-
Ali Ijaz Sheikh authored
NewSpace::UpdateInlineAllocationLimit was computing the limit slighly differently. Make old space and new space more consistent. The way new space does it makes more sense as, logically, the step starts from beyond the current object being allocated (size_in_bytes). This behaviour change in preperation for a subsequent CL that refactors a common SpaceWithLinearArea::ComputeLimit. NewSpace: :UpdateInlineAllocationLimit and PagedSpace::ComputeLimit into Change-Id: Ibe918d46dccf8e80ed35c770b3c365c3970d07ea Reviewed-on: https://chromium-review.googlesource.com/815277Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#49974}
-
Bill Budge authored
- Changes d8 ArrayBuffer::Allocators to restrict size to < 2GB on the Allocate/AllocateUninitialized paths. Reserve can still create larger ArrayBuffers. Bug: chromium:793196 Change-Id: I662f8c681f715457d630df31039a1ea4d17cfafc Reviewed-on: https://chromium-review.googlesource.com/817763 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49973}
-
Sergiy Byelozyorov authored
TBR=sergiyb@chromium.org Change-Id: I23875fb4d02321767df92b41957f7f915fae7ffc Reviewed-on: https://chromium-review.googlesource.com/817567 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#49972}
-
Sergiy Byelozyorov authored
This is a reland of 72e7b60b Original change's description: > [tools] Migrate v8_linux64_asan_rel_ng and v8_linux64_asan_rel_ng_triggered to LUCI > > No-Try: true > Bug: chromium:748008, chromium:748000 > Change-Id: I487b7e85ade29b9aeaa9aeb4c90fd220581899a0 > Reviewed-on: https://chromium-review.googlesource.com/806171 > Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49938} No-Try: true Bug: chromium:748008, chromium:748000 Change-Id: I406543c15285db81adcd0979fc25397229ddff64 Reviewed-on: https://chromium-review.googlesource.com/814715 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49971}
-
Ulan Degenbaev authored
If the fixed array is being concurrently left-trimmed then checked getter can assert because the length is not necessarily a Smi. This patch uses unchecked length getter to cache the length as Object*. Only if the marker manages to color the array black, we are guaranteed that the cached length is a Smi. This patch also uses unchecked cast for FixedArray in HeapVisitor for concurrent marker. Note that this patch only affects debug mode. Bug: chromium:694255 Change-Id: I5016a2234a9f5fb98b498e06f5d1428b3f1cc3c6 Reviewed-on: https://chromium-review.googlesource.com/817554 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49970}
-
Camillo Bruni authored
- Introduce explicit CallXXX helpers in PropertyCallbackArguments for all Callback functions exposed in the api. - Add bit on the Interceptors for checking whether they for names or indices. Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Id862e4e39ba75b4610156adfe83f3eecfb2c048f Reviewed-on: https://chromium-review.googlesource.com/799910 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#49969}
-
Andreas Haas authored
I also adjusted the update script because the output directory of the run.py script we call has changed. R=clemensh#chromium.org Change-Id: I432c81f1a2ffd3c96a294f771064672f7edad250 Reviewed-on: https://chromium-review.googlesource.com/817275Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#49968}
-
Sigurd Schneider authored
Bug: v8:7127 Change-Id: Ibdbf6c5627f3fe8a29ae44cc0c284896c344a0ae Reviewed-on: https://chromium-review.googlesource.com/817295 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49967}
-
Ali Ijaz Sheikh authored
This is a prepratory change to allow more refactoring of code between New and PagedSpace. Bug: Change-Id: Iabda8365cae0de2278d772e56728e900e688c9aa Reviewed-on: https://chromium-review.googlesource.com/815904Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#49966}
-
Sigurd Schneider authored
This patch adds a field for the speculation mode to Call nodes, and passes the speculation mode from the CallIC to the Call node in the byte code graph builder. Bug: v8:7127 Change-Id: I89fa10643b46143b36776de1d5ba6ebe3fa2c878 Reviewed-on: https://chromium-review.googlesource.com/814537 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49965}
-
Michael Achenbach authored
This moves the verify-predictable logic from the test runner into a python wrapper script. This revealed two more tests that don't print allocations, which are now skipped. Bug: v8:7166, v8:7177 Change-Id: Ie4a541cb2a20900414ffe1caf4b3fccc4a5edb52 Reviewed-on: https://chromium-review.googlesource.com/808971 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#49964}
-
jgruber authored
This reverts commit 10817205. While increasing the number of IRREGEXP regexp instances (vs. ATOM) gives us a 3% perf improvement, it also results in higher memory overhead. This CL is the suspected culprit for the recent 5x increase in OOM crashes from within regexp codegen. Bug: v8:6633, chromium:790833 Change-Id: Icca70b31fbda8cfb7a63dc895f6665dfe534359d Reviewed-on: https://chromium-review.googlesource.com/817294Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49963}
-
Ivica Bogosavljevic authored
Some buildbots were not compiling due to error `chosen constructor is explicit in copy-initialization` Bug: Change-Id: I24b8f1c4467e05e2832d8252a4cfe7352e1e91da Reviewed-on: https://chromium-review.googlesource.com/813758 Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#49962}
-
John Barboza authored
Port 2cbfa244 Original Commit Message: [Memory] Use madvise on POSIX to allow OS to reclaim memory. - Use madvise when setting no permissions on memory. - Move platform specific mmap flag calculations to a helper fn. Bug: chromium:756050,chromium:788341 Change-Id: I7d420a0abee9656a57fb0317301322da2fd7d7b5 Reviewed-on: https://chromium-review.googlesource.com/790932 Change-Id: I5f7957066d0be96bd429b3d55c9293ffb996750c Reviewed-on: https://chromium-review.googlesource.com/804554Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49961}
-
Michael Lippautz authored
Bug: Change-Id: I4e105a3a09fe3b58255189bb89fa38224078ae5c Reviewed-on: https://chromium-review.googlesource.com/817196Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49960}
-
Sigurd Schneider authored
This CL uses bits of the call count as flags according to CallCountField and SpeculationModeField defined in CallICNexus. Bug: v8:7127 Change-Id: I3f64c1807d61410f9029b46b9a59a1fcaa5a0a3b Reviewed-on: https://chromium-review.googlesource.com/808926 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49959}
-
Michael Starzinger authored
Change-Id: I8485e7f11a1e105da79ea9bc99392c77666249ce Reviewed-on: https://chromium-review.googlesource.com/816894Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49958}
-