Skip to content

V
V8
Switch branch/tag
  1. 22 Aug, 2019 1 commit
  3. 19 Aug, 2019 2 commits
    • Santiago Aboy Solanes's avatar
      Reland "[CSA][cleanup] TNodify some methods related to prototype and property lookup" · 007cbd2c
      Santiago Aboy Solanes authored 
      This is a reland of 82111e22

Relanding since we now have more shards:
https://chromium-review.googlesource.com/c/v8/v8/+/1760810

Original change's description:
> [CSA][cleanup] TNodify some methods related to prototype and property lookup
>
> This is a CL in a string of CLs that aims to TNodify CSA. In particular,
> there were some loads that were done in AnyTagged instead of
> TaggedPointer. TNode-ifying them brings improvement in pointer
> compression since we are able to decompress using the Pointer
> decompression.
>
> TNodified:
>  * LoadJSFunctionPrototype
>  * TryPrototypeChainLookup
>  * OrdinaryHasInstance
>
> Also TNodified loads regarding:
>  * FeedbackCell::kValueOffset
>  * HeapObject::kMapOffset
>  * JSFunction::kSharedFunctionInfoOffset
>  * JSFunction::kFeedbackCellOffset
>  * Map::kInstanceTypeOffset
>  * Map::kInstanceDescriptorsOffset
>  * Map::kPrototypeOffset
>
> Drive-by cleanup: StoreJSArrayLength and StoreElements were unused.
>
> Bug: v8:6949, v8:9396
> Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63216}

Bug: v8:6949, v8:9396
Change-Id: I040aefcf8af60611f7b3c24f3bd5c661e03b6ada
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760811Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63249}
      007cbd2c
    • Maya Lekova's avatar
      Revert "[CSA][cleanup] TNodify some methods related to prototype and property lookup" · 3a7a4a2f
      Maya Lekova authored 
      This reverts commit 82111e22.

Reason for revert: Speculative revert, could be causing timeouts - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/17567

Original change's description:
> [CSA][cleanup] TNodify some methods related to prototype and property lookup
> 
> This is a CL in a string of CLs that aims to TNodify CSA. In particular,
> there were some loads that were done in AnyTagged instead of
> TaggedPointer. TNode-ifying them brings improvement in pointer
> compression since we are able to decompress using the Pointer
> decompression.
> 
> TNodified:
>  * LoadJSFunctionPrototype
>  * TryPrototypeChainLookup
>  * OrdinaryHasInstance
> 
> Also TNodified loads regarding:
>  * FeedbackCell::kValueOffset
>  * HeapObject::kMapOffset
>  * JSFunction::kSharedFunctionInfoOffset
>  * JSFunction::kFeedbackCellOffset
>  * Map::kInstanceTypeOffset
>  * Map::kInstanceDescriptorsOffset
>  * Map::kPrototypeOffset
> 
> Drive-by cleanup: StoreJSArrayLength and StoreElements were unused.
> 
> Bug: v8:6949, v8:9396
> Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63216}

TBR=rmcilroy@chromium.org,solanes@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6949, v8:9396
Change-Id: Ib6ae8fe86a598ed1066894595565e1162cf7dd1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758310Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63233}
      3a7a4a2f
  5. 15 Aug, 2019 1 commit
    • Santiago Aboy Solanes's avatar
      [CSA][cleanup] TNodify some methods related to prototype and property lookup · 82111e22
      Santiago Aboy Solanes authored 
      This is a CL in a string of CLs that aims to TNodify CSA. In particular,
there were some loads that were done in AnyTagged instead of
TaggedPointer. TNode-ifying them brings improvement in pointer
compression since we are able to decompress using the Pointer
decompression.

TNodified:
 * LoadJSFunctionPrototype
 * TryPrototypeChainLookup
 * OrdinaryHasInstance

Also TNodified loads regarding:
 * FeedbackCell::kValueOffset
 * HeapObject::kMapOffset
 * JSFunction::kSharedFunctionInfoOffset
 * JSFunction::kFeedbackCellOffset
 * Map::kInstanceTypeOffset
 * Map::kInstanceDescriptorsOffset
 * Map::kPrototypeOffset

Drive-by cleanup: StoreJSArrayLength and StoreElements were unused.

Bug: v8:6949, v8:9396
Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63216}
      82111e22
  7. 09 Aug, 2019 1 commit
  9. 08 Aug, 2019 1 commit
  11. 17 Jun, 2019 2 commits
  13. 14 Jun, 2019 2 commits
  15. 24 May, 2019 1 commit
  17. 23 May, 2019 4 commits
  19. 22 May, 2019 1 commit
  21. 21 May, 2019 1 commit
  23. 17 May, 2019 1 commit
  25. 16 May, 2019 2 commits
  27. 16 Apr, 2019 1 commit
  29. 12 Mar, 2019 2 commits
  31. 11 Mar, 2019 1 commit
  33. 01 Mar, 2019 1 commit
    • Matt Gardner's avatar
      Reland "Optimize `in` operator" · 803ad324
      Matt Gardner authored 
      The original was reverted for breaking webkit layout tests:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/30270

It also caused the following clusterfuzz failures:

chromium:935832
This was a correctness bug due to not properly handling the case of arrays with prototypes other
than Array.prototype. Accesses that were TheHole were not being handled property, both in bounds
holes in holey arrays and out of bounds on either holey or packed arrays. Handling was incorrect
both in access-assembler and in Turbofan.

chromium:935932
This bug was that there was no handling for Has checks on the global object. Turbofan was emitting
code for a store (the 'else' condition on 'access_mode == AccessMode::kLoad'). It hit a DCHECK in
debug builds but in release could show up in different places. This is the bug that caused the
webkit layout test failure that led to the revert.

Both bugs are fixed by in CL, and tests are added for those cases.

Bug: v8:8733, chromium:935932, chromium:935832
Change-Id: Iba0dfcfce6e15d2c0815a7670ece67bc13ba1925
Reviewed-on: https://chromium-review.googlesource.com/c/1493132Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59958}
      803ad324
  35. 28 Feb, 2019 3 commits
    • Leszek Swirski's avatar
      Reland "[ignition] Skip binding dead labels" · c7ebc581
      Leszek Swirski authored 
      This is a reland of 35269f77

Switches on an expression that unconditionally throws would have all their
case statements dead, causing a DCHECK error in the SwitchBuilder. This
fixes up the DCHECK to allow dead labels.

Original change's description:
> [ignition] Skip binding dead labels
>
> BytecodeLabels for forward jumps may create a dead basic block if their
> corresponding jump was elided (due to it dead code elimination). We can
> avoid generating such dead basic blocks by skipping the label bind when
> no corresponding jump has been observed. This works because all jumps
> except JumpLoop are forward jumps, so we only have to special case one
> Bind for loop headers to bind unconditionally.
>
> Since Binds are now conditional on a jump existing, we can no longer rely
> on using Bind to get the current offset (e.g. at the beginning of a try
> block). Instead, we now expose the current offset in the bytecode array
> writer. Conveniently, this means that we can be a bit smarter about basic
> blocks around these statements.
>
> As a drive-by, remove the unused Bind(target,label) function.
>
> Bug: chromium:934166
> Change-Id: I532aa452fb083560d07b90da99caca0b1d082aa3
> Reviewed-on: https://chromium-review.googlesource.com/c/1488763
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59942}

TBR=rmcilroy@chromium.org

Bug: chromium:934166
Change-Id: If6eab4162106717ce64a2dc477000c6a76354cb4
Reviewed-on: https://chromium-review.googlesource.com/c/1494535Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59948}
      c7ebc581
    • Sigurd Schneider's avatar
      Revert "[ignition] Skip binding dead labels" · 8ee20f5e
      Sigurd Schneider authored 
      This reverts commit 35269f77.

Reason for revert: Fuzzer unhappy: https://ci.chromium.org/p/v8/builders/ci/V8%20Fuzzer/29792

Original change's description:
> [ignition] Skip binding dead labels
> 
> BytecodeLabels for forward jumps may create a dead basic block if their
> corresponding jump was elided (due to it dead code elimination). We can
> avoid generating such dead basic blocks by skipping the label bind when
> no corresponding jump has been observed. This works because all jumps
> except JumpLoop are forward jumps, so we only have to special case one
> Bind for loop headers to bind unconditionally.
> 
> Since Binds are now conditional on a jump existing, we can no longer rely
> on using Bind to get the current offset (e.g. at the beginning of a try
> block). Instead, we now expose the current offset in the bytecode array
> writer. Conveniently, this means that we can be a bit smarter about basic
> blocks around these statements.
> 
> As a drive-by, remove the unused Bind(target,label) function.
> 
> Bug: chromium:934166
> Change-Id: I532aa452fb083560d07b90da99caca0b1d082aa3
> Reviewed-on: https://chromium-review.googlesource.com/c/1488763
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59942}

TBR=rmcilroy@chromium.org,leszeks@chromium.org

Change-Id: I8118e54e0afa5e08b0a0a874c952f8a01f1c3242
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:934166
Reviewed-on: https://chromium-review.googlesource.com/c/1494534Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59947}
      8ee20f5e
    • Leszek Swirski's avatar
      [ignition] Skip binding dead labels · 35269f77
      Leszek Swirski authored 
      BytecodeLabels for forward jumps may create a dead basic block if their
corresponding jump was elided (due to it dead code elimination). We can
avoid generating such dead basic blocks by skipping the label bind when
no corresponding jump has been observed. This works because all jumps
except JumpLoop are forward jumps, so we only have to special case one
Bind for loop headers to bind unconditionally.

Since Binds are now conditional on a jump existing, we can no longer rely
on using Bind to get the current offset (e.g. at the beginning of a try
block). Instead, we now expose the current offset in the bytecode array
writer. Conveniently, this means that we can be a bit smarter about basic
blocks around these statements.

As a drive-by, remove the unused Bind(target,label) function.

Bug: chromium:934166
Change-Id: I532aa452fb083560d07b90da99caca0b1d082aa3
Reviewed-on: https://chromium-review.googlesource.com/c/1488763
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59942}
      35269f77
  37. 27 Feb, 2019 1 commit
  39. 26 Feb, 2019 1 commit
  41. 25 Feb, 2019 1 commit
  43. 15 Feb, 2019 1 commit
  45. 14 Feb, 2019 1 commit
  47. 08 Feb, 2019 1 commit
  49. 28 Jan, 2019 1 commit
  51. 26 Dec, 2018 1 commit
  53. 08 Nov, 2018 1 commit
  55. 05 Nov, 2018 1 commit
  57. 27 Sep, 2018 1 commit
    • Creddy's avatar
      Reland "[interpreter] Separate bytecodes for one-shot property loads and stores" · 0714bd9f
      Creddy authored 
      This is a reland of eccf1867

Original change's description:
> [interpreter] Separate bytecodes for one-shot property loads and stores
> 
> Create LdaNamedPropertyNoFeedback and StaNamedPropertyNoFeedback
> for one-shot property loads and stores. This CL replaces the runtime
> calls with new bytecodes for named property load stores in one-shot code.
> the runtime calls needed extra set of consecutive registers and
> additional move instructions. This increased the size of
> bytecode-array and possibly extended the life time of objects.
> By replacing them with NoFeedback bytecodes we avoid these issues.
> 
> Bug: v8:8072
> Change-Id: I20a38a5ce9940026171d870d354787fe0b7c5a6f
> Reviewed-on: https://chromium-review.googlesource.com/1196725
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Cr-Commit-Position: refs/heads/master@{#56211}

Bug: v8:8072
Change-Id: Ie8e52b37daf35c7bc08bb910d7b15a9b783354e4
Reviewed-on: https://chromium-review.googlesource.com/1245742
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56266}
      0714bd9f
  59. 26 Sep, 2018 1 commit
    • Maya Lekova's avatar
      Revert "[interpreter] Separate bytecodes for one-shot property loads and stores" · 3c3330f6
      Maya Lekova authored 
      This reverts commit eccf1867.

Reason for revert: Speculative revert because it seems to introduce a pretty stable flake on gc stress tests, see https://bugs.chromium.org/p/v8/issues/detail?id=8229

Original change's description:
> [interpreter] Separate bytecodes for one-shot property loads and stores
> 
> Create LdaNamedPropertyNoFeedback and StaNamedPropertyNoFeedback
> for one-shot property loads and stores. This CL replaces the runtime
> calls with new bytecodes for named property load stores in one-shot code.
> the runtime calls needed extra set of consecutive registers and
> additional move instructions. This increased the size of
> bytecode-array and possibly extended the life time of objects.
> By replacing them with NoFeedback bytecodes we avoid these issues.
> 
> Bug: v8:8072
> Change-Id: I20a38a5ce9940026171d870d354787fe0b7c5a6f
> Reviewed-on: https://chromium-review.googlesource.com/1196725
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Cr-Commit-Position: refs/heads/master@{#56211}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,cbruni@chromium.org,chandanreddy@google.com

Change-Id: I445db58e6d4c275b434fabad5fad775bf259033f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8072
Reviewed-on: https://chromium-review.googlesource.com/1245421Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56232}
      3c3330f6