- 05 Sep, 2018 1 commit
-
-
Hai Dang authored
This is a reland of 1c48d52b. It turned out that IterableToList doesn't always behave according to the ES operation with the same name. Specifically, it allows holey arrays to take its fast path, which produces an output array with holes where actually "undefined" elements should appear. This CL changes the version of IterableToList that is used for spreads (IterableToListWithSymbolLookup) such that holey arrays take the slow path. It also includes tests for such situations. Original change's description: > [interpreter] Add bytecode for leading array spreads. > > This CL improves the performance of creating [...a, b] or [...a]. > If the array literal has a leading spread, this CL emits the bytecode > [CreateArrayFromIterable] to create the literal. CreateArrayFromIterable > is implemented by [IterableToListDefault] builtin to create the initial > array for the leading spread. IterableToListDefault has a fast path to > clone efficiently if the spread is an actual array. > > The bytecode generated is now shorter. Bytecode generation is refactored > into to BuildCreateArrayLiteral, which allows VisitCallSuper to benefit > from this optimization also. > For now, turbofan also lowers the bytecode to the builtin. > > The idiomatic use of [...a] to clone the array a now performs better > than a simple for-loop, but still does not match the performance of slice. > > Bug: v8:7980 > > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Change-Id: Ibde659c82d3c7aa1b1777a3d2f6426ac8cc15e35 > Reviewed-on: https://chromium-review.googlesource.com/1181024 > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Commit-Queue: Hai Dang <dhai@google.com> > Cr-Commit-Position: refs/heads/master@{#55520} Bug: v8:7980 Change-Id: I0b5603a12d2b588327658bf0a9b214bd0f22e237 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1201882 Commit-Queue: Hai Dang <dhai@google.com> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#55639}
-
- 03 Sep, 2018 1 commit
-
-
Georg Neis authored
Bug: v8:7790 Change-Id: I93ecb8540a002b6bfca857c2938920ac52308df1 Reviewed-on: https://chromium-review.googlesource.com/1193874Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#55580}
-
- 31 Aug, 2018 1 commit
-
-
Georg Neis authored
This reverts commit 1c48d52b. Reason for revert: Clusterfuzz found something. Original change's description: > [interpreter] Add bytecode for leading array spreads. > > This CL improves the performance of creating [...a, b] or [...a]. > If the array literal has a leading spread, this CL emits the bytecode > [CreateArrayFromIterable] to create the literal. CreateArrayFromIterable > is implemented by [IterableToListDefault] builtin to create the initial > array for the leading spread. IterableToListDefault has a fast path to > clone efficiently if the spread is an actual array. > > The bytecode generated is now shorter. Bytecode generation is refactored > into to BuildCreateArrayLiteral, which allows VisitCallSuper to benefit > from this optimization also. > For now, turbofan also lowers the bytecode to the builtin. > > The idiomatic use of [...a] to clone the array a now performs better > than a simple for-loop, but still does not match the performance of slice. > > Bug: v8:7980 > > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Change-Id: Ibde659c82d3c7aa1b1777a3d2f6426ac8cc15e35 > Reviewed-on: https://chromium-review.googlesource.com/1181024 > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Commit-Queue: Hai Dang <dhai@google.com> > Cr-Commit-Position: refs/heads/master@{#55520} TBR=rmcilroy@chromium.org,neis@chromium.org,sigurds@chromium.org,gsathya@chromium.org,jgruber@chromium.org,dhai@google.com Change-Id: I1c86ddcc24274da9f5a8dd3d8bf8d869cbb55cb6 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7980 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1199303Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#55544}
-
- 30 Aug, 2018 1 commit
-
-
Hai Dang authored
This CL improves the performance of creating [...a, b] or [...a]. If the array literal has a leading spread, this CL emits the bytecode [CreateArrayFromIterable] to create the literal. CreateArrayFromIterable is implemented by [IterableToListDefault] builtin to create the initial array for the leading spread. IterableToListDefault has a fast path to clone efficiently if the spread is an actual array. The bytecode generated is now shorter. Bytecode generation is refactored into to BuildCreateArrayLiteral, which allows VisitCallSuper to benefit from this optimization also. For now, turbofan also lowers the bytecode to the builtin. The idiomatic use of [...a] to clone the array a now performs better than a simple for-loop, but still does not match the performance of slice. Bug: v8:7980 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ibde659c82d3c7aa1b1777a3d2f6426ac8cc15e35 Reviewed-on: https://chromium-review.googlesource.com/1181024Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Commit-Queue: Hai Dang <dhai@google.com> Cr-Commit-Position: refs/heads/master@{#55520}
-
- 29 Aug, 2018 1 commit
-
-
Maya Lekova authored
The new node is introduced for literal string addition and calling String.prototype.concat in the typed lowering phase. It later might get optimized away during redundancy elimination, keeping the performance of already existing benchmarks with string addition. In case the operation is about to throw (due to too long string being constructed) we just deoptimize, reusing the interpreter logic for creating the error. Modify relevant mjsunit and unit tests for string concatenation. Bug: v8:7902 Change-Id: Ie97d39534df4480fa8d4fe3ba276d02ed5e750e3 Reviewed-on: https://chromium-review.googlesource.com/1193342 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55482}
-
- 21 Aug, 2018 1 commit
-
-
Georg Neis authored
GetBytecodeArrayRegisterCount is still missing. Bug: v8:7790 Change-Id: I7255e60ef13e48a514cc09231cdb3cc42328d441 Reviewed-on: https://chromium-review.googlesource.com/1181568Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#55248}
-
- 13 Aug, 2018 1 commit
-
-
Jaroslav Sevcik authored
Bug: v8:7790 Change-Id: I7c55b81a21ef4bafd9ed9b1e6c68bd9110850b11 Reviewed-on: https://chromium-review.googlesource.com/1172135Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55081}
-
- 31 Jul, 2018 1 commit
-
-
Georg Neis authored
Use sizeof of the C type instead. Also fix a few #undef's that got reported after my changes. R=jarin@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I30a43b3d93e6df04fb9fb33050b52988edd7fdb1 Reviewed-on: https://chromium-review.googlesource.com/1155108Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54817}
-
- 23 Jul, 2018 2 commits
-
-
Georg Neis authored
We'll soon start collecting data from the JS heap prior to the typed lowering pass, and then refrain from reading the heap in that pass. This CL prepares the broker machinery by introducing a hash table that maps an object (handle) to the corresponding cached data. For the time being, that cached data is essentially just the handle itself. Bug: v8:7790 Change-Id: I830e9c72faafb7ae1d10e8a111636b3a3762bbc6 Reviewed-on: https://chromium-review.googlesource.com/1143405 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54618}
-
Sigurd Schneider authored
This is a reland of 9eca23e9 Adds a deopt continuation, which fixes JavaScript stack traces to contain the number constructor after inlining. Original change's description: > [turbofan] Inline Number constructor in certain cases > > This CL adds inlining for the Number constructor if new.target is not > present. The lowering is BigInt compatible, i.e. it converts BigInts to > numbers. > > Bug: v8:7904 > Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82 > Reviewed-on: https://chromium-review.googlesource.com/1118557 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54454} Bug: v8:7904 Change-Id: Ic416e5ba81fa3a0f59ae4afa80df83c46a759487 Reviewed-on: https://chromium-review.googlesource.com/1146581 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#54609}
-
- 20 Jul, 2018 1 commit
-
-
Caitlin Potter authored
As discussed in https://docs.google.com/document/d/1sBdGe8RHgeYP850cKSSgGABTyfMdvaEWLy-vertuTCo/edit?ts=5b3ba5cc#, this CL introduces a new bytecode (CloneObject), and a new IC type. In this prototype implementation, the type feedback looks like the following: Uninitialized case: { uninitialized_sentinel, uninitialized_sentinel } Monomorphic case: { weak 'source' map, strong 'result' map } Polymorphic case: { WeakFixedArray with { weak 'source' map, strong 'result' map }, cleared value } Megamorphic case: { megamorphic_sentinel, cleared_Value } In the fast case, Object cloning is done by allocating an object with the saved result map, and a shallow clone of the fast properties from the source object, as well as cloned fast elements from the source object. If at any point the fast case can't be taken, the IC transitions to the slow case and remains there. This prototype CL does not include any TurboFan optimization, and the CloneObject operation is merely reduced to a stub call. It may still be possible to get some further improvements by somehow incorporating compile-time boilerplate elements into the cloned object, or simplifying how the boilerplate elements are inserted into the object. In terms of performance, we improve the ObjectSpread score in JSTests/ObjectLiteralSpread/ by about 8x, with substantial improvements over the Babel and ObjectAssign scores. R=gsathya@chromium.org, mvstanton@chromium.org, rmcilroy@chromium.org, neis@chromium.org, bmeurer@chromium.org BUG=v8:7611 Change-Id: I79e1796eb77016fb4feba0e1d3bb9abb348c183e Reviewed-on: https://chromium-review.googlesource.com/1127472 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#54595}
-
- 19 Jul, 2018 2 commits
-
-
Sigurd Schneider authored
This reverts commit 9eca23e9. Reason for revert: Clusterfuzz correctness issue Original change's description: > [turbofan] Inline Number constructor in certain cases > > This CL adds inlining for the Number constructor if new.target is not > present. The lowering is BigInt compatible, i.e. it converts BigInts to > numbers. > > Bug: v8:7904 > Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82 > Reviewed-on: https://chromium-review.googlesource.com/1118557 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54454} TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7904 Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86 Reviewed-on: https://chromium-review.googlesource.com/1142777Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#54544}
-
Leszek Swirski authored
Remove the function identifier field from SharedFunctionInfo. This field would store one of a) the function's inferred name, b) the "builtin function id", or c) debug info. We remove these in turn: a) The function's inferred name is available on the ScopeInfo, so like the start/end position we read it off either the ScopeInfo (for compiled functions) or the UncompiledData (for uncompiled functions). As a side-effect, now both UncompiledData and its subclass, UncompiledDataWithPreparsedScope, contain a pointer field. To keep BodyDescriptors manageable, we introduce a SubclassBodyDescriptor which effectively appends two BodyDescriptors together. b) The builtin function id is < 255, so we can steal a byte from expected no. of properies (also <255) and store these together. Eventually we want to get rid of this field and use the builtin ID, but this is pending JS builtin removal. As a side-effect, BuiltinFunctionId becomes an enum class (for better storage size guarantees). c) The debug info can hang off anything (since it stores the field it replaces), so we can attach it to the script field instead. This saves a word on compiled function (uncompiled functions unfortunately still have to store it in UncompiledData). Bug: chromium:818642 Change-Id: I8b4b3a070f0fe328aafcaeac58842d144d12d996 Reviewed-on: https://chromium-review.googlesource.com/1138328Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#54543}
-
- 16 Jul, 2018 1 commit
-
-
Sigurd Schneider authored
This CL adds inlining for the Number constructor if new.target is not present. The lowering is BigInt compatible, i.e. it converts BigInts to numbers. Bug: v8:7904 Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82 Reviewed-on: https://chromium-review.googlesource.com/1118557 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54454}
-
- 10 Jul, 2018 1 commit
-
-
Georg Neis authored
R=jarin@chromium.org Bug: v8:7790 Change-Id: I79c6904a9969afc6aac7530c5d876da15018b3bc Reviewed-on: https://chromium-review.googlesource.com/1129142 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54344}
-
- 09 Jul, 2018 1 commit
-
-
Théotime Grohens authored
This CL completes the implementation of DataView prototype methods in TurboFan, by implementing the Uint8, Int8, Uint16, Int16, Uint32, Int32, Float32 and Float64 setters. DataView performance is now ahead of the equivalent TypedArray wrapper, and is now expected to at least match TypedArray performance in the general case as well. This CL also adds a test file in the compiler directory, to make sure that the setters actually behave correctly. Change-Id: I4ad4341c6b9b9d461348b62216f37a73abe321e8 Reviewed-on: https://chromium-review.googlesource.com/1128867Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Théotime Grohens <theotime@google.com> Cr-Commit-Position: refs/heads/master@{#54331}
-
- 04 Jul, 2018 1 commit
-
-
Théotime Grohens authored
This CL creates a new Operator called LoadDataViewElement, similar to LoadTypedArray, for DataView getters. This operator will be used as a wrapper around all the computations that DataViews need to do when loading values, due to the endianness parameter of DataView loads. Change-Id: Ie67d63c9669142e539a5c8d7ae82dc1018ce5858 Reviewed-on: https://chromium-review.googlesource.com/1125928 Commit-Queue: Théotime Grohens <theotime@google.com> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54217}
-
- 18 Jun, 2018 1 commit
-
-
Georg Neis authored
This adds an overload of JSGraph::Constant that takes an ObjectReference rather than a Handle<Object>. ObjectReference is a new superclass of HeapReference. Also several refactorings and renaming, e.g.: - Rename HeapReference to HeapObjectRef. - Rename ContextHeapReference to ContextRef. - ... - Rename HeapReferenceType to HeapObjectType. Bug: v8:7790 Change-Id: Id3e567cbaf7c326189b99b2fd4ced6bff02f9640 Reviewed-on: https://chromium-review.googlesource.com/1104337Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#53797}
-
- 14 Jun, 2018 3 commits
-
-
Georg Neis authored
Bug: v8:7790 Change-Id: I0508596370470068ee07bfd7e441a4e393266c11 Reviewed-on: https://chromium-review.googlesource.com/1099238Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#53735}
-
Clemens Hammacher authored
This is a reland of 0909dbe3. Added missing V8_EXPORT_PRIVATE to AndroidLogStream. TBR=mstarzinger@chromium.org Original change's description: > Introduce StdoutStream which prints to Android log or stdout > > The often used construct {OFStream(stdout)} does not work on Android. > This CL introduces an {StdoutStream} which behaves exactly like > {OFStream(stdout)} on non-android platforms, and redirects to the > Android log on appropriate systems and configurations. > > R=mstarzinger@chromium.org > > Bug: v8:7820 > Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b > Reviewed-on: https://chromium-review.googlesource.com/1088911 > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53692} Bug: v8:7820 Change-Id: I8164bad78a401dbe4246c9ffcacd050fe511ed58 Reviewed-on: https://chromium-review.googlesource.com/1100636Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#53733}
-
Michael Achenbach authored
This reverts commit 0909dbe3. Reason for revert: Blocks roll: https://chromium-review.googlesource.com/c/chromium/src/+/1099143 Original change's description: > Introduce StdoutStream which prints to Android log or stdout > > The often used construct {OFStream(stdout)} does not work on Android. > This CL introduces an {StdoutStream} which behaves exactly like > {OFStream(stdout)} on non-android platforms, and redirects to the > Android log on appropriate systems and configurations. > > R=mstarzinger@chromium.org > > Bug: v8:7820 > Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b > Reviewed-on: https://chromium-review.googlesource.com/1088911 > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53692} TBR=mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org,clemensh@chromium.org,bmeurer@chromium.org Change-Id: Iadadd9a0df10dca0fad647138a83db50148e864d No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7820 Reviewed-on: https://chromium-review.googlesource.com/1100635Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#53725}
-
- 13 Jun, 2018 1 commit
-
-
Clemens Hammacher authored
The often used construct {OFStream(stdout)} does not work on Android. This CL introduces an {StdoutStream} which behaves exactly like {OFStream(stdout)} on non-android platforms, and redirects to the Android log on appropriate systems and configurations. R=mstarzinger@chromium.org Bug: v8:7820 Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b Reviewed-on: https://chromium-review.googlesource.com/1088911Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#53692}
-
- 12 Jun, 2018 1 commit
-
-
Jaroslav Sevcik authored
This moves all accesses from Typer to the broker. This is policed by DisallowHandleDereferenceScope in Typer::Visitor::Reduce. Bug: v8:7790 Change-Id: Ic37d029261b3302eedb902a3b2249834a5dd0512 Reviewed-on: https://chromium-review.googlesource.com/1095305 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#53659}
-
- 11 Jun, 2018 1 commit
-
-
Sigurd Schneider authored
This CL adds a TFS stub for RegExp#test and moves several checks to the JSCallReducer. In particular, the JSCallReducer checks that - property {exec} on the regexp is still the original exec - property {lastIndex} on the regexp is a non-negative smi The stub does not repeat these checks in release mode. This effectively means that if the regexp is known, we can perform these checks at compile time, and get away with a map dependency. Bug: v8:7779, v8:7200 Change-Id: I0c6d711d4f1d2f6f325a1c02855b0e1b62e014c8 Reviewed-on: https://chromium-review.googlesource.com/1074654 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#53630}
-
- 07 Jun, 2018 2 commits
-
-
Jaroslav Sevcik authored
As a first step towards moving accesses to the broker, this moves heap accesses from BitsetType::Lub to the broker. Bug: v8:7790 Change-Id: Ie240b84b979717caae42cb8aa06ee8d9877a446d Reviewed-on: https://chromium-review.googlesource.com/1088695 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53571}
-
Jaroslav Sevcik authored
Remove unused methods, duplicate logic. Bug: v8:7790 Change-Id: Ic8e47158084df5239e3f4b4bf1df7d266c7d2585 Reviewed-on: https://chromium-review.googlesource.com/1090490Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#53568}
-
- 25 May, 2018 1 commit
-
-
Dan Elphick authored
Modifies several Type:: methods to take an Isolate to pass through to BitSetType::Lub as well as their call sites. Bug: v8:7786 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I9ac769c4c658995421fd28b9b1d77d6f84627116 Reviewed-on: https://chromium-review.googlesource.com/1071515 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#53362}
-
- 08 May, 2018 1 commit
-
-
Jaroslav Sevcik authored
This CL introduces type narrowing and constant folding reducers to constant fold code that comes out of inlined destructuring of arrays. In particular, array iterator introduces code that contains a phi of a temporary array that blocks escape analysis. The phi comes from conditional that can be evaluated statically (i.e., constant folded), so with better constant folding we allow escape analysis to get rid of the temporary array. On a quick micro-benchmark below, we see more than 6x improvement. This is close to the hand-optimized version - if we replace body of f with 'return b + a', we get 220ms (versus 218ms with destructuring). function f(a, b) { [b, a] = [a, b]; return a + b; } function sum(count) { let s = 0; for (let i = 0; i < count; i++) { s += f(1, 2); } return s; } // Warm up sum(1e5); sum(1e5); console.time("destructure array"); sum(1e8); console.timeEnd("destructure array"); console.timeEnd: destructure array, 213.526000 console.timeEnd: destructure array, 1503.537000 Bug: v8:7728 Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5 Reviewed-on: https://chromium-review.googlesource.com/1047672Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53048}
-
- 03 May, 2018 1 commit
-
-
Toon Verwaest authored
There are likely cleanups that can be done after this CL: - context-related functions in the interpreter and compiler take ScopeInfo as well as ScopeType and slot-count as input. The latter 2 should be directly derived from the former. We should be able to drop FunctionContextParameters. - ContextExtension is probably not needed anymore, since we now always have the correct scope_info directly in the SCOPE_INFO_INDEX slot. Bug: v8:7066 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67 Reviewed-on: https://chromium-review.googlesource.com/785151 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52952}
-
- 30 Apr, 2018 2 commits
-
-
Jaroslav Sevcik authored
The idea is to mark all the branches and loads participating in array bounds checks, and let them contribute-to/use the poisoning register. In the code, the marks for array indexing operations now contain "Critical" in their name. By default (--untrusted-code-mitigations), we only instrument the "critical" operations with poisoning. With that in place, we also remove the array masking approach based on arithmetic. Since we do not propagate the poison through function calls, we introduce a node for poisoning an index that is passed through function call - the typical example is the bounds-checked index that is passed to the CharCodeAt builtin. Most of the code in this CL is threads through the three levels of protection (safe, critical, unsafe) for loads, branches and flags. Bug: chromium:798964 Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b Reviewed-on: https://chromium-review.googlesource.com/995413 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52883}
-
Jaroslav Sevcik authored
This removes Type::operator-> which was used to split the change that removed undefined misuse of Type* to represent integers. Bug: v8:3770 Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99 Reviewed-on: https://chromium-review.googlesource.com/1033736Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#52878}
-
- 28 Apr, 2018 1 commit
-
-
Jaroslav Sevcik authored
This is part of the effort to decrease the amount of undefined behavior. that v8 relies on. The main change here is to represent types with class Type rather than with pointer Type*. To make the CL smaller, I used an operator overload hack to separate the change from `->` to `.`. I am working on a CL that will remove the operator and change all those arrows to dots. Bug: v8:3770 Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22 Reviewed-on: https://chromium-review.googlesource.com/1032551 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52872}
-
- 26 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
This CL also removes the JSBuiltinReducer, which is no longer needed. Bug: v8:7340, v8:7250 Change-Id: I28896f6ce0d352047ea1cb7ea6de490818840faf Reviewed-on: https://chromium-review.googlesource.com/1027853 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52799}
-
- 25 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
This CL also introduces an effect dependent simplified operator DateNow and associated lowerings. Bug: v8:7340, v8:7250 Change-Id: Icd4a8c3c45a8dbe7ef490fc3ee68c0c68bbed011 Reviewed-on: https://chromium-review.googlesource.com/1024836 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52782}
-
- 24 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
This CL introduces a JSOperator for Array.isArray and moves the corresponding lowering to JSCallReducer and JSTypedLowering. Bug: v8:7340, v8:7250 Change-Id: Iaa7ced2ad34bec8cccc9da1041007261168cf4b3 Reviewed-on: https://chromium-review.googlesource.com/1025092 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52757}
-
- 23 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
This CL also adds the simplified operator NumberIsNaN. Bug: v8:7340, v8:7250 Change-Id: Ifa44cf59b30ee700f7df61f8d58782a43fd0f3c5 Reviewed-on: https://chromium-review.googlesource.com/1023391Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52726}
-
- 19 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
This also adds a javascript operator JSCreateObject and an associated TFS stub that handles Object.create in cases where only a prototype, but no additional properties are provided. Bug: v8:7250 Change-Id: Ib1fd529a10a553c3718222356319bd6ccffbdf30 Reviewed-on: https://chromium-review.googlesource.com/1013576 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52680}
-
- 04 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
Bug: v8:7340, v8:7250 Change-Id: I57f78fa5ad261f041b66986918c427821a57a6e1 Reviewed-on: https://chromium-review.googlesource.com/995472Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52356}
-
- 23 Mar, 2018 2 commits
-
-
Sigurd Schneider authored
Also add a new fast-path for String.fromCodePoint. R=neis@chromium.org Bug: v8:7570, v8:7340 Change-Id: I6cd6e6fc98943588ecd646f24fcda043d4033ab0 Reviewed-on: https://chromium-review.googlesource.com/978244Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52183}
-
Sigurd Schneider authored
This CL also cleans up some related naming in typed-optimization. R=neis@chromium.org Bug: v8:7531, v8:7570 Change-Id: If80e0e9642aaf6c58b164db2e1e0632cd5b0d051 Reviewed-on: https://chromium-review.googlesource.com/978066 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#52182}
-