- 24 Aug, 2018 40 commits
-
-
Ali Ijaz Sheikh authored
ASAN complained about this on another commit: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20ASAN/26688 causing revert: https://chromium-review.googlesource.com/c/v8/v8/+/1162122 Change-Id: I3bb16177be9d49496db024ce92fd4354b12d8cc3 Reviewed-on: https://chromium-review.googlesource.com/1187832Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#55412}
-
Dan Elphick authored
This doubles the size of the snapshot since it creates all of the handlers twice (and it doesn't use any of these new ones). However it's all behind a flag. For now all bytecode handlers are marked as being not Isolate independent to prevent snapshot creation failures. Bug: v8:8068 Change-Id: Id49f521445643d9fc6b141353f0a29b585160e10 Reviewed-on: https://chromium-review.googlesource.com/1185100 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#55411}
-
Michael Starzinger authored
R=sigurds@chromium.org TEST=mjsunit/wasm/module-memory Change-Id: I30b52a09d8655340199dc449aaa91e6a351e2111 Reviewed-on: https://chromium-review.googlesource.com/1188567Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#55410}
-
Hai Dang authored
In the case where the array is a fast packed array, the CSA no longer needs to check whether the prototype has elements. This only needed when the array is holey. This is a follow-up of CL #1183671. Change-Id: I0087b827200995c741141f3183bf9a2c748d3b55 Reviewed-on: https://chromium-review.googlesource.com/1188315Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Hai Dang <dhai@google.com> Cr-Commit-Position: refs/heads/master@{#55409}
-
Benedikt Meurer authored
Thus far the LoadElimination didn't consider CheckHeapObject a renaming operation and would therefore miss opportunities to eliminate redundant loads or map checks where the input is not checked for sminess in all cases. This kind of pattern is very common with code that results from builtin inlining in JSCallReducer, as here we don't unconditionally insert CheckHeapObject nodes if we can tell from the graph that the receiver already has a certain map (by walking the effect chain upwards). Bug: v8:8070 Change-Id: I980f382205757a754f93a5741de1ee08b75ee070 Reviewed-on: https://chromium-review.googlesource.com/1188129Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55408}
-
Benedikt Meurer authored
This allows to replace redundant LoadField's whose type doesn't match the type of the replacement, by just turning those LoadField's into TypeGuard's. Bug: v8:8070 Change-Id: Ia329bb536f8829be27e070e90e9eaae0618dac7a Reviewed-on: https://chromium-review.googlesource.com/1188131Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55407}
-
jgruber authored
In preparation for kRootRegister support on ia32. Bug: v8:6666 Change-Id: I6bbc87734d189bb8cde5d057a54f8155606d142d Reviewed-on: https://chromium-review.googlesource.com/1188319 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#55406}
-
Maya Lekova authored
This reverts commit 177e0aa3. Reason for revert: Causes a flaky test on Windows - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20msvc/4373 Bug: v8:8087 Original change's description: > [heap] Reland: Reuse object evacuation information for slot recording in Scavenger. > > This reverts commit 5876d8f5. > > Bug: chromium:852420 > Change-Id: I318587f20409f98d05278fc0b4c14da09d259cd3 > Reviewed-on: https://chromium-review.googlesource.com/1188128 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55393} TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org Change-Id: If553b74f8443ad98822a2a3d147dc8963346043c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:852420 Reviewed-on: https://chromium-review.googlesource.com/1188542Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#55405}
-
Georg Neis authored
Now that we always instantiate the right ObjectData subclass, we can give precise types to members. R=jarin@chromium.org Bug: v8:7790 Change-Id: Ic2194de90f458ddccbeb9f101903e5865fb4eb41 Reviewed-on: https://chromium-review.googlesource.com/1187103Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#55404}
-
Florian Sattler authored
This halfs the test size but also halfs the baseline for the score to make it comparable. Bug: v8:7926 Change-Id: Id3769def6a555ef1bddf8dd5e54c04b8652e5b54 Reviewed-on: https://chromium-review.googlesource.com/1188465Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#55403}
-
Georg Neis authored
Also define classes NativeContext and InternalizedString. Those object kinds were already part of our Object hierarchy but didn't have their own class, which was inconvenient. R=jarin@chromium.org, mslekova@chromium.org Bug: v8:7790 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ic443a2b2e34afc89bc924e845d995e3f287a2535 Reviewed-on: https://chromium-review.googlesource.com/1185592Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#55402}
-
Bret Sepulveda authored
It appears that the fields are already being unescaped elsewhere, perhaps by the JSON writer. So if we unescape when adding the source filename and contents, unescaping will happen again later and plain backslashes will be interpreted as escape codes. Bug: v8:6240 Change-Id: Ic66b9017ae685d6dd12944ee8d254991e26fbd32 Reviewed-on: https://chromium-review.googlesource.com/1186625Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Bret Sepulveda <bsep@chromium.org> Cr-Commit-Position: refs/heads/master@{#55401}
-
Michael Starzinger authored
R=titzer@chromium.org TEST=mjsunit/wasm/module-memory Change-Id: If190f4f75feb0560bfb608b5ec01234c95e1f715 Reviewed-on: https://chromium-review.googlesource.com/1188464Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#55400}
-
Toon Verwaest authored
Change-Id: I228bbd81807fdfac9e760576f89aeb133e45cf61 Reviewed-on: https://chromium-review.googlesource.com/1186326 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#55399}
-
Michael Starzinger authored
R=ahaas@chromium.org BUG=v8:8091 Change-Id: I648e5a957e02d32e51c94175a6596801ca5ebd9e Reviewed-on: https://chromium-review.googlesource.com/1188310 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#55398}
-
jgruber authored
This fixes several issues related to off-heap trampoline handling on ia32. Unlike other architectures, ia32 uses a pc-relative call/jump for the off-heap trampoline. That means we cannot skip reloc info emission, and we need to relocate when the buffer grows during code generation. Finally, inlined trampolines must not clobber and thus also need to use a pc-relative call/jump. Drive-by: Use PreserveRootIA32 config only for whitelisted builtins to build successfully by default. Bug: v8:6666 Change-Id: I2b72147c6c70036cd13d8b22e2c80ade786c47b8 Reviewed-on: https://chromium-review.googlesource.com/1188316 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#55397}
-
Sreten Kovacevic authored
Original commit d67d91db Change-Id: I2787a090e8794b91a7f08635ce73f925e1021477 Reviewed-on: https://chromium-review.googlesource.com/1188317Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com> Cr-Commit-Position: refs/heads/master@{#55396}
-
Michael Starzinger authored
R=sigurds@chromium.org TEST=cctest/test-jump-table-assembler/JumpTablePatchingStress BUG=v8:8085 Change-Id: Iad786172541a2a72d2b774b60da87f40d70ca71d Reviewed-on: https://chromium-review.googlesource.com/1188135 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#55395}
-
Maya Lekova authored
Bug: v8:8090 Change-Id: I6f8a4d2bcfa25bcc83f29e5fd39f9e72ba18d4ac Reviewed-on: https://chromium-review.googlesource.com/1188132Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#55394}
-
Hannes Payer authored
This reverts commit 5876d8f5. Bug: chromium:852420 Change-Id: I318587f20409f98d05278fc0b4c14da09d259cd3 Reviewed-on: https://chromium-review.googlesource.com/1188128Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55393}
-
Michael Starzinger authored
This method introduces an inherent race because it allows changing global static flag variables from concurrently running Isolates (or Workers). Since there are not too many use-cases left, the method in question can be removed entirely. R=hpayer@chromium.org Change-Id: I9798730dd775b04f0bc83f18ed5982672e76e5d5 Reviewed-on: https://chromium-review.googlesource.com/1186731Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#55392}
-
Ross McIlroy authored
This reverts commit bca38dbf. Reason for revert: Makes ODROIDs flaky. BUG=v8:8086 Original change's description: > [Tests] Fix some OOM failures on Android by explicitly setting max_old_space_size. > > BUG=v8:8040 > > Change-Id: I8de22af3978f2a8eb844eabdb757bd635050f901 > Reviewed-on: https://chromium-review.googlesource.com/1181432 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55227} TBR=ulan@chromium.org,rmcilroy@chromium.org Bug: v8:8040 Change-Id: Ife980e8706ebbff4d86d87739c2f621d7a976039 Reviewed-on: https://chromium-review.googlesource.com/1188322 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#55391}
-
Benedikt Meurer authored
Place the LoadField for the backing store of the [[IteratedObject]] before the diamond to make it possible to eliminate this LoadField in LoadElimination later, when used in `for..of` or destructing. This further improves the performance of `for..of` in the micro benchmark on the tracking bug from console.timeEnd: forOf, 191.726000 console.timeEnd: traditional, 107.572000 console.timeEnd: forOf, 137.288000 console.timeEnd: traditional, 102.976000 console.timeEnd: forOf, 137.506000 console.timeEnd: traditional, 103.089000 to around console.timeEnd: forOf, 195.238000 console.timeEnd: traditional, 107.078000 console.timeEnd: forOf, 128.980000 console.timeEnd: traditional, 103.106000 console.timeEnd: forOf, 128.525000 console.timeEnd: traditional, 103.072000 so roughly another ~7% improvement (with untrusted code mitigations turned off). Bug: v8:8070 Change-Id: I34831c503384f0cc44b95317dd84403f2ed8ecd5 Reviewed-on: https://chromium-review.googlesource.com/1188138Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55390}
-
Stephan Herhut authored
This is a reland of 524215be Original change's description: > Use new arraybuffer deleter interface in d8 > > With this cl we start using the custom deleter to free externalized > array buffers. This also allows us to keep wasm memories registered > with the wasm memory tracker and thereby to propagate that a memory > is wasm allocated over postMessage calls. > > Bug: v8:8073, chromium:836800 > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng > Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64 > Reviewed-on: https://chromium-review.googlesource.com/1186681 > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Commit-Queue: Stephan Herhut <herhut@chromium.org> > Cr-Commit-Position: refs/heads/master@{#55361} Bug: v8:8073, chromium:836800 Change-Id: Ia3c057ced496363cfdd07eed16ed1d0c7a3f3084 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1188222Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Stephan Herhut <herhut@chromium.org> Cr-Commit-Position: refs/heads/master@{#55389}
-
Florian Sattler authored
Restricting the enum to uint8_t and reorder type for better alignment. Bug: v8:7926 Change-Id: Ib37d600a189d12bac3c6aa8cf4b88970f8547548 Reviewed-on: https://chromium-review.googlesource.com/1188125 Commit-Queue: Florian Sattler <sattlerf@google.com> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#55388}
-
Dominik Inführ authored
Add location information in heap snapshot for objects where the constructor can be determined. Bug: chromium:854097 Change-Id: Ieb2ab70a65809ecc9dfa0d73a33fa57add430465 Reviewed-on: https://chromium-review.googlesource.com/1179156 Commit-Queue: Dominik Inführ <dinfuehr@google.com> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#55387}
-
Tobias Tebbi authored
[turbofan] escape analysis: remove TypeGuard renamings of dematerialized allocations from the effect chain Change-Id: Ie7b43feda381647523cb8cc3e7965823d3006063 Reviewed-on: https://chromium-review.googlesource.com/1188140Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#55386}
-
Toon Verwaest authored
This embeds LiteralBuffers in the TokenDesc directly so that we do not need to figure out which one is free; as well as newline tracking. Instead of copying around TokenDesc we now just update the pointer to keep track of the state. Based on this architecture we'll be able to precompute more tokens at once. Change-Id: Ie2e1a95f91713f7ab619fc8632f1eb644884a51f Reviewed-on: https://chromium-review.googlesource.com/1184911 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#55385}
-
Simon Zünd authored
Instead of using the slow-path for COW arrays, we now properly copy them and use the fast-path. R=jgruber@chromium.org Change-Id: Iebbad5f761d97c5400c457877571c7930269d52f Reviewed-on: https://chromium-review.googlesource.com/1188130 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#55384}
-
Igor Sheludko authored
Bug: v8:7703, chromium:876696 Change-Id: Ida3243414215b2ef75a9875ca31cf5a68274f7e0 Reviewed-on: https://chromium-review.googlesource.com/1185186Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#55383}
-
Creddy authored
Change type elements kind in empty array boilerplate desc from PACKED_ELEMENTS to PACKED_SMI_ELEMENTS The default array elements kind should be PACKED_SMI_ELEMENTS (top of type lattice) to allow type transitions to other types. Change-Id: Icda969d0553628ef75d6c26bf6f32fef46512f0f Reviewed-on: https://chromium-review.googlesource.com/1188133Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Chandan Reddy <chandanreddy@google.com> Cr-Commit-Position: refs/heads/master@{#55382}
-
Lei Zhang authored
In LiftoffCompiler::EmitTypeConversion() there is a DCHECK_EQ() where one argument is implicitly converted to bool. This confuses MSVC, which causes it to think the two arguments to DCHECK_EQ() do not have the same type. Fix this with an explicit bool conversion!! This does not affect the "v8_win64_msvc_compile_rel" bot, presumably because it is a release bot with DCHECKs turned off. Change-Id: I602ddae7a970e17388730e895eafd4ec78de7602 Reviewed-on: https://chromium-review.googlesource.com/1187702Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> Cr-Commit-Position: refs/heads/master@{#55381}
-
jgruber authored
Prior to this, it was possible to explicitly specify machine types for stack arguments, but these were simply ignored and treated as tagged-by-default when creating the actual CallDescriptor. This verifies that all stack args specified in the descriptor are actually given tagged types, and fails early if that is not the case. Bug: v8:6666 Change-Id: Idb543a11c976d0260fea60d31e30c21b15b32256 Reviewed-on: https://chromium-review.googlesource.com/1186642Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#55380}
-
Bret Sepulveda authored
Builtin functions were being logged via both LogCodeObjects and LogCompiledFunctions. The latter assumes the code in question has a Name and so would end up logging an unattributable entry. This patch stops logging that entry. Bug: v8:8061 Change-Id: Iebc9bfa9618986afdbf8b1b71b64bf17a1f4196a Reviewed-on: https://chromium-review.googlesource.com/1184923Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Bret Sepulveda <bsep@chromium.org> Cr-Commit-Position: refs/heads/master@{#55379}
-
Florian Sattler authored
This reduces the enum size to only take up one byte, hence decreasing class size. Bug: v8:7926 Change-Id: Ie50cfcd48541e44394814f375fd72f2b65722fdf Reviewed-on: https://chromium-review.googlesource.com/1186582 Commit-Queue: Florian Sattler <sattlerf@google.com> Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#55378}
-
Michaël Zasso authored
Introduced in https://chromium-review.googlesource.com/1183431. The namespace was missing making compilation of Node.js with GCC fail. Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I55c1117ab347db17fd8acfa92c653e8cf737586f Reviewed-on: https://chromium-review.googlesource.com/1188126Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michaël Zasso <mic.besace@gmail.com> Cr-Commit-Position: refs/heads/master@{#55377}
-
Michael Lippautz authored
Bug: chromium:843903 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Ie959e443fdf5dce92c4cd42ef62ec914a13b867e Reviewed-on: https://chromium-review.googlesource.com/1187151 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55376}
-
Florian Sattler authored
This is a reland of d16bce9d Original change's description: > [parser] Removed unnecessary copies > > Bug: v8:8015 > Change-Id: I2ee074559484b9865dc1a27e6ea697ca311ee7ee > Reviewed-on: https://chromium-review.googlesource.com/1185198 > Reviewed-by: Marja Hölttä <marja@chromium.org> > Commit-Queue: Florian Sattler <sattlerf@google.com> > Cr-Commit-Position: refs/heads/master@{#55327} Bug: v8:8015 Change-Id: I63cf34898f4bbdba84f44e3769301d028ea49965 Reviewed-on: https://chromium-review.googlesource.com/1188142Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#55375}
-
Benedikt Meurer authored
The LoadElimination must be able to print Maps, so we need to allow handle dereferencing here. Change-Id: Id39a6db5a4f40ec6212404b3aa30a36fdd1ba57e Reviewed-on: https://chromium-review.googlesource.com/1188127 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55374}
-
Benedikt Meurer authored
In LoadElimination leverage the fact that initializing stores (i.e. stores to freshly allocated objects) cannot touch existing objects, since the object can only escape once it's fully initialized and then all accesses will happen on the FinishRegion node instead of the naked Allocate node. This helps to eliminate the redundant map checks and "length" accesses to arrays, since TurboFan now knows that the iterated array cannot alias with neither the freshly allocated ArrayIterator nor the freshly allocated IterResultObject instances. This improves the times on the benchmark in the tracking bug from console.timeEnd: forOf, 188.111000 console.timeEnd: traditional, 116.380000 console.timeEnd: forOf, 170.721000 console.timeEnd: traditional, 108.209000 console.timeEnd: forOf, 168.491000 console.timeEnd: traditional, 108.839000 to console.timeEnd: forOf, 192.501000 console.timeEnd: traditional, 106.909000 console.timeEnd: forOf, 138.364000 console.timeEnd: traditional, 103.232000 console.timeEnd: forOf, 138.755000 console.timeEnd: traditional, 102.928000 when running with untrusted code mitigations turned off, and thus corresponds to a ~18% performance improvement, roughly cutting the performance difference between the traditional for loop and the for..of loop in half. Besides for..of loops this will also help with array destructuring patterns where TurboFan also emitted redundant map checks on the array and didn't eliminate the redundant "length" accesses. Bug: v8:8070 Change-Id: Iab283247f6d304d1e3c7c147f32ab957577aad21 Reviewed-on: https://chromium-review.googlesource.com/1188124Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55373}
-