Skip to content

V
V8
Switch branch/tag
  1. 31 Jan, 2014 2 commits
  3. 30 Jan, 2014 3 commits
    • machenbach@chromium.org's avatar
      Disable unsuitable tests in ASAN mode. · c3c06436
      machenbach@chromium.org authored 
      BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/148963010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
      c3c06436
    • verwaest@chromium.org's avatar
      Support loads from primitive values. · 73529a7d
      verwaest@chromium.org authored 
      This also changes load computation to use HeapTypes rather than Maps.
TODO: move conversion between maps and heaptypes earlier in the process, already in the oracle.

BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/147763006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
      73529a7d
    • jarin@chromium.org's avatar
      The current · 99ce5a24
      jarin@chromium.org authored 
      version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).

The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.

Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function.  This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).

We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once.  The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address.  Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones.  Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).

Concerns:

- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)

- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.

- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer.  However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.

Thanks for any feedback.

R=danno@chromium.org, mstarzinger@chromium.org
LOG=N
BUG=

Committed: https://code.google.com/p/v8/source/detail?r=18918

Review URL: https://codereview.chromium.org/103243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
      99ce5a24
  5. 29 Jan, 2014 4 commits
    • machenbach@chromium.org's avatar
      [Sheriff] Mark profviz flaky on GC stress. · f8151982
      machenbach@chromium.org authored 
      BUG=
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/149763002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
      f8151982
    • jarin@chromium.org's avatar
      Revert "Captured arguments object materialization" · ec51f26b
      jarin@chromium.org authored 
      R=jarin@chromium.org

Review URL: https://codereview.chromium.org/130803009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
      ec51f26b
    • jarin@chromium.org's avatar
      This is a preview of the captured arguments object materialization, · 868ad01e
      jarin@chromium.org authored 
      mostly to make sure that it is going in the right direction. The current
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).

The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.

Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function.  This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).

We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once.  The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address.  Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones.  Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).

Concerns:

- Is there a simpler/more correct way to store the already-materialized
objects? (At the moment there is a custom root reference to JSArray
containing frames' FixedArrays with their captured objects.)

- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)

- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.

- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer.  However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.

Thanks for any feedback.

R=mstarzinger@chromium.org, danno@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/103243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
      868ad01e
    • svenpanne@chromium.org's avatar
      ES6: Map and Set needs to normalize minus zero · abe807db
      svenpanne@chromium.org authored 
      BUG=v8:3069
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/147143003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18892 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
      abe807db
  7. 28 Jan, 2014 3 commits
  9. 27 Jan, 2014 3 commits
  11. 24 Jan, 2014 4 commits
  13. 23 Jan, 2014 5 commits
  15. 22 Jan, 2014 3 commits
  17. 21 Jan, 2014 2 commits
  19. 20 Jan, 2014 5 commits
  21. 17 Jan, 2014 2 commits
  23. 14 Jan, 2014 4 commits