- 10 Oct, 2019 1 commit
-
-
Suraj Sharma authored
Bug: v8:9779 Change-Id: Id0d7a214766f91ed8e65f3e24c08e987ba27aff8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1838923Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Suraj Sharma <surshar@microsoft.com> Cr-Commit-Position: refs/heads/master@{#64205}
-
- 16 Sep, 2019 1 commit
-
-
Ross McIlroy authored
Also TNodify: - LoadJSPrimitiveWrapperValue - GetSuperConstructor - InstanceOf BUG=v8:6949,v8:9396 Change-Id: I4b39b418cdf01bd72e35441f037d16ede9c89ce9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803639 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63791}
-
- 10 Sep, 2019 1 commit
-
-
Suraj Sharma authored
based on dicussion at docs.google.com/document/d/1UzCOai9H07fYcSaSqvF_H7BS2-sF5q91A4r9O1mRnHc/ Bug: v8:9305 Change-Id: I7464d4267b6465cc02bc27dffb602c8871d846f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1696285 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#63640}
-
- 28 Aug, 2019 1 commit
-
-
Z Nguyen-Huu authored
Currently the backing store and elements kind might not aligned aka backing store can be dictionary where elements kind is frozen/sealed element kinds or the other way around. The reason is that Object.preventExtensions change elements kind to DICTIONARY while Object.seal/freeze change elements kind to SEALED/FROZEN element kind. Apply both these operations can lead to that problem as in chromium:992914 To solve this issue, we avoid Object.preventExtensions to change backing store to dictionary by introducing new nonextensible elements kind. These new nonextensible elements kind are handled similar to frozen, sealed element kinds. This change not only fixes the problem but also optimize the performance of nonextensible objects. Change-Id: Iffc7f14eb48223c11abf3c577f305d2d072eb65b Bug: chromium:992914, v8:6831 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760976 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63432}
-
- 26 Aug, 2019 1 commit
-
-
Leszek Swirski authored
Forbid using LoadRoot in CSA (with a bailout via CodeAssembler), so that users are forced to use helper macros for roots, which have statically known types. Convert all current uses of LoadRoot to use these macros, introducing new ones where necessary. Bug: v8:9396 Change-Id: I91214fca6e5ace7554d79605706a8a60117468fa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762526 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63398}
-
- 19 Aug, 2019 2 commits
-
-
Santiago Aboy Solanes authored
This is a reland of 82111e22 Relanding since we now have more shards: https://chromium-review.googlesource.com/c/v8/v8/+/1760810 Original change's description: > [CSA][cleanup] TNodify some methods related to prototype and property lookup > > This is a CL in a string of CLs that aims to TNodify CSA. In particular, > there were some loads that were done in AnyTagged instead of > TaggedPointer. TNode-ifying them brings improvement in pointer > compression since we are able to decompress using the Pointer > decompression. > > TNodified: > * LoadJSFunctionPrototype > * TryPrototypeChainLookup > * OrdinaryHasInstance > > Also TNodified loads regarding: > * FeedbackCell::kValueOffset > * HeapObject::kMapOffset > * JSFunction::kSharedFunctionInfoOffset > * JSFunction::kFeedbackCellOffset > * Map::kInstanceTypeOffset > * Map::kInstanceDescriptorsOffset > * Map::kPrototypeOffset > > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. > > Bug: v8:6949, v8:9396 > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63216} Bug: v8:6949, v8:9396 Change-Id: I040aefcf8af60611f7b3c24f3bd5c661e03b6ada Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760811Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63249}
-
Maya Lekova authored
This reverts commit 82111e22. Reason for revert: Speculative revert, could be causing timeouts - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/17567 Original change's description: > [CSA][cleanup] TNodify some methods related to prototype and property lookup > > This is a CL in a string of CLs that aims to TNodify CSA. In particular, > there were some loads that were done in AnyTagged instead of > TaggedPointer. TNode-ifying them brings improvement in pointer > compression since we are able to decompress using the Pointer > decompression. > > TNodified: > * LoadJSFunctionPrototype > * TryPrototypeChainLookup > * OrdinaryHasInstance > > Also TNodified loads regarding: > * FeedbackCell::kValueOffset > * HeapObject::kMapOffset > * JSFunction::kSharedFunctionInfoOffset > * JSFunction::kFeedbackCellOffset > * Map::kInstanceTypeOffset > * Map::kInstanceDescriptorsOffset > * Map::kPrototypeOffset > > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. > > Bug: v8:6949, v8:9396 > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63216} TBR=rmcilroy@chromium.org,solanes@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:6949, v8:9396 Change-Id: Ib6ae8fe86a598ed1066894595565e1162cf7dd1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758310Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63233}
-
- 15 Aug, 2019 1 commit
-
-
Santiago Aboy Solanes authored
This is a CL in a string of CLs that aims to TNodify CSA. In particular, there were some loads that were done in AnyTagged instead of TaggedPointer. TNode-ifying them brings improvement in pointer compression since we are able to decompress using the Pointer decompression. TNodified: * LoadJSFunctionPrototype * TryPrototypeChainLookup * OrdinaryHasInstance Also TNodified loads regarding: * FeedbackCell::kValueOffset * HeapObject::kMapOffset * JSFunction::kSharedFunctionInfoOffset * JSFunction::kFeedbackCellOffset * Map::kInstanceTypeOffset * Map::kInstanceDescriptorsOffset * Map::kPrototypeOffset Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. Bug: v8:6949, v8:9396 Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63216}
-
- 05 Aug, 2019 1 commit
-
-
Mythri A authored
This is a reland of 159df248 Original change's description: > [ic] Don't transition to premonomorphic state > > We used to use premonomorphic state to delay initializing the ICs. > This optimization was to avoid the cost of setting up handlers if the > code executed only once. With lazy feedback allocation we no longer > need this. > > This cl also renames LoadIC_Uninitialized to LoadIC_Nofeedback and > StoreIC_Uninitialized to StoreIC_Nofeedback since we now miss to > runtime in the uninitialized state and use the builtin when there > is no feedback. > > > Change-Id: I1633e61ea74664da51348e362c34c47a017a264a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683525 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63020} Change-Id: Ica7eb65649615c2f8410d5b815a98b55cb1cfc4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731000 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63082}
-
- 01 Aug, 2019 2 commits
-
-
Leszek Swirski authored
This reverts commit 159df248. Reason for revert: Breaks large-classes-properties test (https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8906338563361079200/+/steps/Bisect_159df248/0/steps/Retry_-_isolates/0/logs/large-classes-properties/0) Original change's description: > [ic] Don't transition to premonomorphic state > > We used to use premonomorphic state to delay initializing the ICs. > This optimization was to avoid the cost of setting up handlers if the > code executed only once. With lazy feedback allocation we no longer > need this. > > This cl also renames LoadIC_Uninitialized to LoadIC_Nofeedback and > StoreIC_Uninitialized to StoreIC_Nofeedback since we now miss to > runtime in the uninitialized state and use the builtin when there > is no feedback. > > > Change-Id: I1633e61ea74664da51348e362c34c47a017a264a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683525 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63020} TBR=mythria@chromium.org,verwaest@chromium.org Change-Id: I4fad4e8b881d4a3f8d12149e1797b217a317eaee No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730995Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63023}
-
Mythri A authored
We used to use premonomorphic state to delay initializing the ICs. This optimization was to avoid the cost of setting up handlers if the code executed only once. With lazy feedback allocation we no longer need this. This cl also renames LoadIC_Uninitialized to LoadIC_Nofeedback and StoreIC_Uninitialized to StoreIC_Nofeedback since we now miss to runtime in the uninitialized state and use the builtin when there is no feedback. Change-Id: I1633e61ea74664da51348e362c34c47a017a264a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683525 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#63020}
-
- 23 Jul, 2019 1 commit
-
-
Mythri A authored
Preparing the value for storing into a typed array is user visible operation in some cases (for ex: calling ToNumber). To avoid doing this conversion twice pass the converted to the runtime when bailing out from the handlers. Bug: chromium:981236 Change-Id: I3de23d317d22cd6c201fe8a4db30014f4cf76251 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692932 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62879}
-
- 24 Jun, 2019 1 commit
-
-
Mathias Bynens authored
We currently use the class name “JSValue” for JSObjects that wrap primitive values. This name is a common source of confusion. This patch switches to a name that’s more clear. In addition to manual tweaks, the patch applies the following mechanical global replacements: before | after --------------------------------|-------------------------------------- if_valueisnotvalue | if_valueisnotwrapper if_valueisvalue | if_valueiswrapper js_value | js_primitive_wrapper JS_VALUE_TYPE | JS_PRIMITIVE_WRAPPER_TYPE JSPrimitiveWrapperType | JSPrimitiveWrapper type jsvalue | js_primitive_wrapper JSValue | JSPrimitiveWrapper _GENERATED_JSVALUE_FIELDS | _GENERATED_JSPRIMITIVE_WRAPPER_FIELDS Change-Id: I9d9edea784eab6067b013e1f781e4db2070f807c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672942Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#62337}
-
- 19 Jun, 2019 1 commit
-
-
Igor Sheludko authored
Bug: chromium:972921 Change-Id: Ieb13c2f18714abc60aeb4a6a77c1e43b88681f43 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667005Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62280}
-
- 27 May, 2019 1 commit
-
-
Clemens Hammacher authored
This replaces all typedefs that define types and not functions by the equivalent "using" declaration. This was done mostly automatically using this command: ag -l '\btypedef\b' src test | xargs -L1 \ perl -i -p0e 's/typedef ([^*;{}]+) (\w+);/using \2 = \1;/sg' Patchset 2 then adds some manual changes for typedefs for pointer types, where the regular expression did not match. R=mstarzinger@chromium.org TBR=yangguo@chromium.org, jarin@chromium.org Bug: v8:9183 Change-Id: I6f6ee28d1793b7ac34a58f980b94babc21874b78 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631409 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61849}
-
- 23 May, 2019 1 commit
-
-
Yang Guo authored
TBR=bmeurer@chromium.org,leszeks@chromium.org Bug: v8:9247 Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61769}
-
- 22 May, 2019 1 commit
-
-
Mythri A authored
KeyedAccessStoreMode is used when creating store handlers to determine which cases to handle (ex: handle cow, grow) and hence choose an approriate builtin. It is also used to specify elements kind transitions which is used when computing ic transitions. The store mode and the transition mode are independent of each other and it would be cleaner to use different enums to represent them. This also reduces the total number of cases in each enum. Change-Id: I96aeff7a765b312b8088e831776743c67c533bd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619751Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#61729}
-
- 21 May, 2019 1 commit
-
-
Yang Guo authored
Bug: v8:9247 TBR=bmeurer@chromium.org,neis@chromium.org NOPRESUBMIT=true Change-Id: Ia1e49d1aac09c4ff9e05d58fab9d08dd71198878 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621931Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61682}
-
- 07 May, 2019 1 commit
-
-
Z Duong Nguyen-Huu authored
This is the follow-up for frozen, sealed packed elements kind. Design docs: bit.ly/fast-frozen-sealed-elements-in-v8 This change is only support the transition from holey elements to holey sealed elements (via object.seal) or to holey frozen elements (via object.freeze). Added tests for non-extensible, sealed, frozen holey elements in https://chromium-review.googlesource.com/c/v8/v8/+/1574503 and https://chromium-review.googlesource.com/c/v8/v8/+/1582481 Bug: v8:6831 Change-Id: Ia4373648f79f2ebebb390982a503145844a0c123 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574777 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#61307}
-
- 09 Apr, 2019 1 commit
-
-
Z Duong Nguyen-Huu authored
Design docs: bit.ly/fast-frozen-sealed-elements-in-v8 This change is only support the transition from packed elements to packed sealed elements (via object.seal) or to packed frozen elements (via object.freeze). Added tests for non-extensible, sealed, frozen packed elements in https://chromium-review.googlesource.com/c/v8/v8/+/1474559 Added tests for non-extensible array in optimized code in https://chromium-review.googlesource.com/c/v8/v8/+/1531030 and https://chromium-review.googlesource.com/c/v8/v8/+/1544274 Using JSTests/ObjectFreeze micro-benchmarks for release build Before: TaggedTemplate-Numbers(Score): 0.967 TaggedTemplateLoose-Numbers(Score): 8.82 After: TaggedTemplate-Numbers(Score): 1.51 TaggedTemplateLoose-Numbers(Score): 8.89 Bug: v8:6831 Change-Id: Ib1089f1bc02eafb8d76ffe617f8fa3e406abd5a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1474559Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#60723}
-
- 01 Mar, 2019 1 commit
-
-
Matt Gardner authored
The original was reverted for breaking webkit layout tests: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/30270 It also caused the following clusterfuzz failures: chromium:935832 This was a correctness bug due to not properly handling the case of arrays with prototypes other than Array.prototype. Accesses that were TheHole were not being handled property, both in bounds holes in holey arrays and out of bounds on either holey or packed arrays. Handling was incorrect both in access-assembler and in Turbofan. chromium:935932 This bug was that there was no handling for Has checks on the global object. Turbofan was emitting code for a store (the 'else' condition on 'access_mode == AccessMode::kLoad'). It hit a DCHECK in debug builds but in release could show up in different places. This is the bug that caused the webkit layout test failure that led to the revert. Both bugs are fixed by in CL, and tests are added for those cases. Bug: v8:8733, chromium:935932, chromium:935832 Change-Id: Iba0dfcfce6e15d2c0815a7670ece67bc13ba1925 Reviewed-on: https://chromium-review.googlesource.com/c/1493132Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Matt Gardner <magardn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#59958}
-
- 26 Feb, 2019 1 commit
-
-
Sigurd Schneider authored
This reverts commit 32fc0acf. Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/30270 layout test breakage: https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64/30270/webkit_layout_tests%20%28with%20patch%29/layout-test-results/results.html There is a dead node arriving in representation selection, which might indicate that the problem is not in this CL, but that this CL stirs up the node soup in such a way that dead code elimination gets confused. Original change's description: > Optimize `in` operator > > This change implements optimizations for the `in` operator for packed array > elements and object properties. It adds a new feedback slot kind and an IC > path similar to KeyedLoadIC for handling the lookups. TurboFan uses the > feedback to optimize based on the maps and keys. > > For more details see: > https://docs.google.com/document/d/1tIfzywY8AeNVcy_sen-5Xev21MeZwjcU8QhSdzHvXig > > This can provide 10x performance improvements of on loops of the form: > > for (let i = 0; i < ary.length; ++i) { > if (i in ary) { > ... > } > } > > > Bug: v8:8733 > Change-Id: I766bf865a547a059e5bce5399bb6112e5d9a85c8 > Reviewed-on: https://chromium-review.googlesource.com/c/1432598 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Matt Gardner <magardn@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#59843} TBR=ulan@chromium.org,rmcilroy@chromium.org,jkummerow@chromium.org,jarin@chromium.org,ishell@chromium.org,bmeurer@chromium.org,verwaest@chromium.org,magardn@microsoft.com Change-Id: Ib2db974e5bed4c4a2b6b450f796bdc4b0b8fd562 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8733 Reviewed-on: https://chromium-review.googlesource.com/c/1488761Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#59857}
-
- 25 Feb, 2019 1 commit
-
-
Matt Gardner authored
This change implements optimizations for the `in` operator for packed array elements and object properties. It adds a new feedback slot kind and an IC path similar to KeyedLoadIC for handling the lookups. TurboFan uses the feedback to optimize based on the maps and keys. For more details see: https://docs.google.com/document/d/1tIfzywY8AeNVcy_sen-5Xev21MeZwjcU8QhSdzHvXig This can provide 10x performance improvements of on loops of the form: for (let i = 0; i < ary.length; ++i) { if (i in ary) { ... } } Bug: v8:8733 Change-Id: I766bf865a547a059e5bce5399bb6112e5d9a85c8 Reviewed-on: https://chromium-review.googlesource.com/c/1432598Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Matt Gardner <magardn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#59843}
-
- 25 Jan, 2019 1 commit
-
-
Mythri authored
SetProperty now infers the language mode from the closure and the context So we no longer have to pass around the language mode. Cleanup by removing the parameter where it is no longer needed. Bug: v8:8580 Change-Id: I89452b5a762eb48a911f158d22c7bfa9e3bb1be4 Reviewed-on: https://chromium-review.googlesource.com/c/1421840 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#59089}
-
- 13 Dec, 2018 3 commits
-
-
Sigurd Schneider authored
This is a reland of 9c0a4858 Original change's description: > Reland "Reland "[code-comments] Put code comments into the code object"" > > This is a reland of ed3d6472 > > This reland fixes that padding at the end of Wasm instruction streams > triggered asserts in the code printer. > > Original change's description: > > Reland "[code-comments] Put code comments into the code object" > > > > This is a reland of e774cffe > > > > This reland disables a test as v8:8548 is blocking it, which was > > broken by a recent CL. CQ did not catch this because the merge-base > > CQ used did not yet contain the CL that caused v8:8548. > > > > Original change's description: > > > [code-comments] Put code comments into the code object > > > > > > Code comments in the snapshot can now be enabled with gn > > > arg 'v8_enable_snapshot_code_comments' > > > > > > Bug: v8:7989 > > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3 > > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173 > > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#58020} > > > > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org > > > > Bug: v8:7989, v8:8548 > > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9 > > Reviewed-on: https://chromium-review.googlesource.com/c/1361166 > > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#58028} > > Bug: v8:7989, v8:8548 > Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d > Reviewed-on: https://chromium-review.googlesource.com/c/1371784 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58221} TBR=jgruber@chromium.org,mstarzinger@chromium.org Bug: v8:7989, v8:8548, v8:8593 Change-Id: I4f7ffc98e0281c7b744eb4a04ba0763896c7b59b Reviewed-on: https://chromium-review.googlesource.com/c/1375919Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#58232}
-
Clemens Hammacher authored
This reverts commit 9c0a4858. Reason for revert: Seems to break nosnap debug: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22228 Original change's description: > Reland "Reland "[code-comments] Put code comments into the code object"" > > This is a reland of ed3d6472 > > This reland fixes that padding at the end of Wasm instruction streams > triggered asserts in the code printer. > > Original change's description: > > Reland "[code-comments] Put code comments into the code object" > > > > This is a reland of e774cffe > > > > This reland disables a test as v8:8548 is blocking it, which was > > broken by a recent CL. CQ did not catch this because the merge-base > > CQ used did not yet contain the CL that caused v8:8548. > > > > Original change's description: > > > [code-comments] Put code comments into the code object > > > > > > Code comments in the snapshot can now be enabled with gn > > > arg 'v8_enable_snapshot_code_comments' > > > > > > Bug: v8:7989 > > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3 > > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173 > > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#58020} > > > > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org > > > > Bug: v8:7989, v8:8548 > > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9 > > Reviewed-on: https://chromium-review.googlesource.com/c/1361166 > > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#58028} > > Bug: v8:7989, v8:8548 > Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d > Reviewed-on: https://chromium-review.googlesource.com/c/1371784 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58221} TBR=mvstanton@chromium.org,mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org Change-Id: I681a3c63120c6ab953bfe9cd2b07bcf560ebfdee No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7989, v8:8548 Reviewed-on: https://chromium-review.googlesource.com/c/1375916 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58228}
-
Sigurd Schneider authored
This is a reland of ed3d6472 This reland fixes that padding at the end of Wasm instruction streams triggered asserts in the code printer. Original change's description: > Reland "[code-comments] Put code comments into the code object" > > This is a reland of e774cffe > > This reland disables a test as v8:8548 is blocking it, which was > broken by a recent CL. CQ did not catch this because the merge-base > CQ used did not yet contain the CL that caused v8:8548. > > Original change's description: > > [code-comments] Put code comments into the code object > > > > Code comments in the snapshot can now be enabled with gn > > arg 'v8_enable_snapshot_code_comments' > > > > Bug: v8:7989 > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3 > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173 > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#58020} > > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org > > Bug: v8:7989, v8:8548 > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9 > Reviewed-on: https://chromium-review.googlesource.com/c/1361166 > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58028} Bug: v8:7989, v8:8548 Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d Reviewed-on: https://chromium-review.googlesource.com/c/1371784 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#58221}
-
- 04 Dec, 2018 4 commits
-
-
Sigurd Schneider authored
This reverts commit ed3d6472. Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20noi18n%20-%20debug/24178 Original change's description: > Reland "[code-comments] Put code comments into the code object" > > This is a reland of e774cffe > > This reland disables a test as v8:8548 is blocking it, which was > broken by a recent CL. CQ did not catch this because the merge-base > CQ used did not yet contain the CL that caused v8:8548. > > Original change's description: > > [code-comments] Put code comments into the code object > > > > Code comments in the snapshot can now be enabled with gn > > arg 'v8_enable_snapshot_code_comments' > > > > Bug: v8:7989 > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3 > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173 > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#58020} > > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org > > Bug: v8:7989, v8:8548 > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9 > Reviewed-on: https://chromium-review.googlesource.com/c/1361166 > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58028} TBR=mvstanton@chromium.org,mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org Change-Id: I1075bb09de7cb8dad71e31ff51a4e7bb6a200a8b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7989, v8:8548 Reviewed-on: https://chromium-review.googlesource.com/c/1362043Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#58029}
-
Sigurd Schneider authored
This is a reland of e774cffe This reland disables a test as v8:8548 is blocking it, which was broken by a recent CL. CQ did not catch this because the merge-base CQ used did not yet contain the CL that caused v8:8548. Original change's description: > [code-comments] Put code comments into the code object > > Code comments in the snapshot can now be enabled with gn > arg 'v8_enable_snapshot_code_comments' > > Bug: v8:7989 > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3 > Reviewed-on: https://chromium-review.googlesource.com/c/1329173 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58020} TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org Bug: v8:7989, v8:8548 Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9 Reviewed-on: https://chromium-review.googlesource.com/c/1361166Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#58028}
-
Leszek Swirski authored
This reverts commit e774cffe. Reason for revert: Breaks OptimizeForSize tests https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8928056438104852432/+/steps/OptimizeForSize/0/logs/TestCodeAssemblerCode../0 Original change's description: > [code-comments] Put code comments into the code object > > Code comments in the snapshot can now be enabled with gn > arg 'v8_enable_snapshot_code_comments' > > Bug: v8:7989 > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3 > Reviewed-on: https://chromium-review.googlesource.com/c/1329173 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58020} TBR=mvstanton@chromium.org,mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org Change-Id: Ie336a99218db4def848bd5c8c58dfb66f0e372b2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7989 Reviewed-on: https://chromium-review.googlesource.com/c/1361165Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#58021}
-
Sigurd Schneider authored
Code comments in the snapshot can now be enabled with gn arg 'v8_enable_snapshot_code_comments' Bug: v8:7989 Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3 Reviewed-on: https://chromium-review.googlesource.com/c/1329173 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#58020}
-
- 22 Nov, 2018 1 commit
-
-
Jakob Gruber authored
This CL moves the two remaining IC stubs to builtins, generating a dedicated builtin for each KeyedAccessStoreMode variant. Bug: v8:7777 Change-Id: I540b3c3437adb94094771a19713e71ec8a349553 Reviewed-on: https://chromium-review.googlesource.com/c/1346095Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#57719}
-
- 19 Nov, 2018 1 commit
-
-
Jakob Gruber authored
KeyedLoadSloppyArguments -> KeyedLoadIC_SloppyArguments KeyedStoreSloppyArguments -> KeyedStoreIC_SloppyArguments LoadIndexedIntercepter -> LoadIndexedInterceptorIC StoreInArrayLiteralSlowStub -> StoreInArrayLiteralIC_Slow StoreInterceptor -> StoreInterceptorIC StoreSlowElementStub -> KeyedStoreIC_Slow A few Store stubs were parameterized for the sole purpose of determining the KeyedAccessStoreMode later on. These are now implemented as a dedicated builtin for each store mode. Bug: v8:7777 Change-Id: I743474b0e6c5d6ec2513bb9f8f3a93c5c0535927 Reviewed-on: https://chromium-review.googlesource.com/c/1339859Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#57592}
-
- 31 Aug, 2018 1 commit
-
-
Benedikt Meurer authored
As noticed by jkummerow@ there's probably not really a point in keeping two separate runtime functions that perform the same operation, but one has a different fast-path (which is not available to the other). So %KeyedGetProperty is now effectively %GetProperty and used consistently as fallback from both the ICs as well as other callers like the GetProperty builtin. Bug: v8:8015 Change-Id: Ib46b13da739229e2eb820ecf87923ac99c6971d3 Reviewed-on: https://chromium-review.googlesource.com/1199105 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#55547}
-
- 02 Mar, 2018 1 commit
-
-
Georg Neis authored
... and use it in the implementation of array literal spreads, replacing calls to %AppendElement. Array spreads in destructuring will be taken care of in a separate CL. Bug: v8:5940, v8:7446 Change-Id: Idec52398902a7fd3c1244852cf73246f142404f0 Reviewed-on: https://chromium-review.googlesource.com/915364 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#51709}
-
- 15 Dec, 2017 1 commit
-
-
Igor Sheludko authored
Bug: v8:7206 Change-Id: I4942a4104972cdfe6d3e59be453479888a47d578 Reviewed-on: https://chromium-review.googlesource.com/827062Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#50126}
-
- 15 Nov, 2017 1 commit
-
-
Toon Verwaest authored
Bug: v8:7065 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I7882b719f72561cd22b874eae239000936fad35c Reviewed-on: https://chromium-review.googlesource.com/768874 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49381}
-
- 07 Nov, 2017 1 commit
-
-
Toon Verwaest authored
Thanks Igor and Jakob for the hard work to migrate ICs to data-driven handlers! This is done as of this CL. Bug: v8:5561 Change-Id: Icf1ddf0065e3aa85ac7efe4b99f74821ce3c0ac2 Reviewed-on: https://chromium-review.googlesource.com/756842 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#49203}
-
- 06 Nov, 2017 1 commit
-
-
Toon Verwaest authored
Previously StaNamedProperty and StaKeyedProperty were in a weird state where they claimed to not touch the accumulator, but actually did in case they were deopted in the middle. A frame was added in the middle to overwrite the accumulator again with the right value before returning from the setter, using a lot of complexity in the deoptimizer. This changes those instructions to be marked as writing to the accumulator (e.g., the result of the setter), and uses to manually store and reload into the accumulator the value being stored. If we want to avoid the additional bytecodes, we could make sure that bytecodes that claim to leave the accumulator alone don't deopt back to Advance/Dispatch but LoadAccumulatorWithValue/Advance/Dispatch. That's in a way similar to what happened before this CL, but I believe could be implemented much simpler. Bug: Change-Id: I4850a690ef5a30976701d0e050951faa46fd1c18 Reviewed-on: https://chromium-review.googlesource.com/753487Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#49159}
-
- 30 Oct, 2017 1 commit
-
-
Benedikt Meurer authored
This is preparation for supporting OOB loads from strings, which requires the KeyedLoadIC to track this information. Bug: v8:6936, v8:7014 Change-Id: Ide132244ee523397dd418d21fe3377976f6633fd Reviewed-on: https://chromium-review.googlesource.com/743481Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49026}
-