Skip to content

V
V8
Switch branch/tag
  1. 02 Feb, 2018 1 commit
  3. 31 Jan, 2018 1 commit
  5. 13 Dec, 2017 1 commit
  7. 18 Nov, 2017 1 commit
  9. 07 Nov, 2017 1 commit
  11. 03 Nov, 2017 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Generalized OOB support for KeyedLoadIC. · b7168573
      Benedikt Meurer authored 
      This extends the support in TurboFan and the ICs for OOB loads to also
apply to typed arrays and receivers whose prototype chain is protected
by the "no elements" protector (aka the Array protector). TurboFan will
generate code to materialize undefined instead when it sees a load that
has the OOB bit set and add an appropriate code dependency on the global
protector. For typed arrays it doesn't even need to check the global
protector since elements are never looked up in the prototype chain
for typed arrays.

In the simple micro-benchmark from the bug we go from

  testInBounds: 103 ms.
  testOutOfBounds: 289 ms.

to

  testInBounds: 103 ms.
  testOutOfBounds: 102 ms.

which fixes the 3x slowdown and thus addresses the performance cliff. In
general it's still beneficial to make sure that you don't access out of
bounds, especially once we introduce a bounds check elimination pass to
TurboFan.

This also seems to improve the jQuery benchmark on the Speedometer test
suite by like 1-2% on average. And the SixSpeed rest benchmarks go from

  rest-es5: 25 ms.
  rest-es6: 23 ms.

to

  rest-es5: 6 ms.
  rest-es6: 4 ms.

so a solid 5.7x improvement there.

Bug: v8:6936, v8:7014, v8:7027
Change-Id: Ie99699c69cc40057512e72fd40ae28107216c423
Reviewed-on: https://chromium-review.googlesource.com/750089
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49095}
      b7168573
  13. 31 Oct, 2017 1 commit
    • Benedikt Meurer's avatar
      [ic] Add OOB support to KeyedLoadIC. · 6dc35ab4
      Benedikt Meurer authored 
      This adds support to the KeyedLoadIC to ignore out of bounds accesses
for Strings and return undefined instead. We add a dedicated bit to the
Smi handler to encode the OOB state and have TurboFan generate appropriate
code for that case as well. This is mostly useful when programs
accidentially access past the length of a string, which was observed and
fixed for example in Babel recently, see

  https://github.com/babel/babel/pull/6589

for details. The idea is to also extend this mechanism to Arrays and
maybe other receivers, as reading beyond the length is also often used
in jQuery and other popular libraries.

Note that this is considered a mitigation for a performance cliff and
not a general optimization of OOB accesses. These should still be
avoided and handled properly instead.

This seems to further improve the babel test on the web-tooling-benchmark
by around 1%, because the OOB access no longer turns the otherwise
MONOMORPHIC access into MEGAMORPHIC state.

Bug: v8:6936, v8:7014
Change-Id: I9df03304e056d7001a65da8e9621119f8e9bb55b
Reviewed-on: https://chromium-review.googlesource.com/744022
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49049}
      6dc35ab4
  15. 26 Oct, 2017 1 commit
  17. 24 Oct, 2017 1 commit
  19. 19 Oct, 2017 1 commit
  21. 13 Oct, 2017 1 commit
  23. 12 Oct, 2017 1 commit
  25. 28 Sep, 2017 2 commits
  27. 13 Sep, 2017 2 commits
  29. 01 Sep, 2017 3 commits
  31. 30 Aug, 2017 1 commit
  33. 23 Aug, 2017 1 commit
  35. 18 Aug, 2017 1 commit
    • Jakob Kummerow's avatar
      Cache fewer StoreIC-Transition handlers · a3ef2489
      Jakob Kummerow authored 
      Many handlers are not used again, so we can improve the cache hit rate
by caching fewer handlers. Specifically, in this CL, when a StoreIC
miss causes a new map transition to be created, then the handler is not
cached right away yet (it will be cached next time, when the transition
exists already).

Also, fix an embarrassing bug where growing a TransitionArray dropped
cached handlers. That further improves the cache hit rate. ;-)

Bug: chromium:752867, chromium:753819
Change-Id: Id8db5ca1e780a5fe8fc61db7f20996e61c65a90e
Reviewed-on: https://chromium-review.googlesource.com/619851Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47433}
      a3ef2489
  37. 11 Aug, 2017 1 commit
  39. 09 Aug, 2017 4 commits
  41. 07 Aug, 2017 1 commit
    • Maya Lekova's avatar
      Revert "Reland "[builtins] Port getting property from Proxy to CSA"" · ceb55494
      Maya Lekova authored 
      This reverts commit 15ef03cb.

Reason for revert: Found the following bugs

Bug: chromium:752846, chromium:752712, chromium:752850

Original change's description:
> Reland "[builtins] Port getting property from Proxy to CSA"
> 
> This reland is after fix in [heap] Delete wrong DCHECK.
> It includes moving ProxyGetProperty to its own stub to reduce
> binary size.
> 
> This is a reland of 47a97aa5
> Original change's description:
> > [builtins] Port getting property from Proxy to CSA
> > 
> > Bug: v8:6559, v8:6557
> > Change-Id: If6c51f5483adb73ddd2495cede5d85e887a3c298
> > Reviewed-on: https://chromium-review.googlesource.com/589212
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Maya Lekova <mslekova@google.com>
> > Cr-Commit-Position: refs/heads/master@{#47113}
> 
> Bug: v8:6559, v8:6557
> Change-Id: I76acd97ba1acb62b7e7983db1741441d997050f0
> Reviewed-on: https://chromium-review.googlesource.com/600215
> Commit-Queue: Maya Lekova <mslekova@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47159}

TBR=jkummerow@chromium.org,mstarzinger@chromium.org,franzih@chromium.org,jgruber@chromium.org,ishell@chromium.org,bmeurer@chromium.org,mslekova@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I51bef25a031b02cf4deab11282473acae57f1ed3
Reviewed-on: https://chromium-review.googlesource.com/603708
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47200}
      ceb55494
  43. 04 Aug, 2017 2 commits
  45. 03 Aug, 2017 2 commits
  47. 01 Aug, 2017 1 commit
    • jgruber's avatar
      Reland "[builtins] Remove Builtins::Name() accessors" · fcaa2c2e
      jgruber authored 
      This is a reland of 2f79e035
Original change's description:
> [builtins] Remove Builtins::Name() accessors
> 
> Instead of auto-generating the Name() convenience accessor, use a macro to
> avoid wasting code space.
> 
>   BUILTIN_CODE(isolate, Name)
> 
> expands to
> 
>   isolate->builtins()->builtin_handle(Builtins::kName);
> 
> This reduces the size of libv8.so by 134,752 bytes on a x64 release build.
> 
> Bug: v8:6624
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Idff7ee5c45e344e73412c0f47e92553c7c7ff75f
> Reviewed-on: https://chromium-review.googlesource.com/593607
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47010}

TBR=bmeurer@chromium.org,ahaas@chromium.org

Bug: v8:6624
Change-Id: I4733731e56dc8873ee06c2b36cac1918c0a658b2
Reviewed-on: https://chromium-review.googlesource.com/594087
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47037}
      fcaa2c2e
  49. 31 Jul, 2017 2 commits
    • Jakob Gruber's avatar
      Revert "[builtins] Remove Builtins::Name() accessors" · 17a26c0b
      Jakob Gruber authored 
      This reverts commit 2f79e035.

Reason for revert: Conflicts with successor CL.

Original change's description:
> [builtins] Remove Builtins::Name() accessors
> 
> Instead of auto-generating the Name() convenience accessor, use a macro to
> avoid wasting code space.
> 
>   BUILTIN_CODE(isolate, Name)
> 
> expands to
> 
>   isolate->builtins()->builtin_handle(Builtins::kName);
> 
> This reduces the size of libv8.so by 134,752 bytes on a x64 release build.
> 
> Bug: v8:6624
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Idff7ee5c45e344e73412c0f47e92553c7c7ff75f
> Reviewed-on: https://chromium-review.googlesource.com/593607
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47010}

TBR=yangguo@chromium.org,ahaas@chromium.org,jgruber@chromium.org,bmeurer@chromium.org

Change-Id: Ia9ef5c755b26c3f4e143d87a7c51033614ea435e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/594048Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47012}
      17a26c0b
    • jgruber's avatar
      [builtins] Remove Builtins::Name() accessors · 2f79e035
      jgruber authored 
      Instead of auto-generating the Name() convenience accessor, use a macro to
avoid wasting code space.

  BUILTIN_CODE(isolate, Name)

expands to

  isolate->builtins()->builtin_handle(Builtins::kName);

This reduces the size of libv8.so by 134,752 bytes on a x64 release build.

Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idff7ee5c45e344e73412c0f47e92553c7c7ff75f
Reviewed-on: https://chromium-review.googlesource.com/593607Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47010}
      2f79e035
  51. 25 Jul, 2017 1 commit
  53. 17 Jul, 2017 1 commit
    • Leszek Swirski's avatar
      Revert "[runtime] Move profiler ticks from SFI to feedback vector" · 14c5c4fd
      Leszek Swirski authored 
      This reverts commit a2fcdc7c.

Reason for revert: Large regressions in RCS (https://chromeperf.appspot.com/group_report?bug_id=740126)

Original change's description:
> [runtime] Move profiler ticks from SFI to feedback vector
> 
> Instead of counting profiler ticks on the shared function info (which is
> shared between native contexts), count them on the feedback vector
> (which is not). This allows us to continue pushing optimization
> decisions off the SFI, onto the feedback vector.
> 
> Note that a side-effect of this is that ICs don't have to walk the stack
> to reset profiler ticks, as they can access the feedback vector directly
> from their feedback nexus.
> 
> Change-Id: I232ae9e759fca75cd89d393148a4ff42caa2646f
> Reviewed-on: https://chromium-review.googlesource.com/544888
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46411}

TBR=rmcilroy@chromium.org,leszeks@chromium.org,ishell@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Id587e4172e300c420f93c49744a2a0e66696edf8
Reviewed-on: https://chromium-review.googlesource.com/574227
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46702}
      14c5c4fd
  55. 05 Jul, 2017 1 commit
  57. 22 Jun, 2017 1 commit
  59. 21 Jun, 2017 1 commit