Google Git
Sign in
chromium / v8 / v8 / 317fad950e8743656f78175253646365d2512096
commit317fad950e8743656f78175253646365d2512096[log] [tgz]
authorBenedikt Meurer <bmeurer@chromium.org>Fri Feb 09 19:10:34 2018
committerCommit Bot <commit-bot@chromium.org>Fri Feb 09 20:05:37 2018
treed2c89a29976eae59d57b4af4ce9a99e8696a634b
parent2f91dbc8acb4716fca2ec7d12b6154b617c79756 [diff]
[ic] Support negative indices for typed array OOB accesses.

Extend the current OOB support for typed arrays to also handle the
negative integer indices in the fast-path. This is safe because in
ECMAScript we never look up integer indexed properties (including
negative indices) on typed arrays in the prototype chain.

This reduces the performance cliff shown in the benchmark on the
relevant bug from

  console.timeEnd: Runtime deopt, 596.185000
  console.timeEnd: Runtime deopt, 1444.289000
  console.timeEnd: Runtime deopt, 1445.191000
  console.timeEnd: Runtime deopt, 1443.008000

to

  console.timeEnd: Runtime deopt, 590.017000
  console.timeEnd: Runtime deopt, 784.899000
  console.timeEnd: Runtime deopt, 792.428000
  console.timeEnd: Runtime deopt, 786.740000

which corresponds to a 2x improvement overall. It's not for free,
especially not in this benchmark, but the cliff isn't as bad as
it was previously.

Bug: v8:7027
Change-Id: Icf8a7ee87bb7ebc54f82c1b9166fc5e78c12bc0e
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/911574
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51222}
6 files changed
tree: d2c89a29976eae59d57b4af4ce9a99e8696a634b
  1. benchmarks/
  2. build_overrides/
  3. docs/
  4. gni/
  5. include/
  6. infra/
  7. samples/
  8. src/
  9. test/
  10. testing/
  11. third_party/
  12. tools/
  13. .clang-format
  14. .editorconfig
  15. .git-blame-ignore-revs
  16. .gitignore
  17. .gn
  18. .vpython
  19. .ycm_extra_conf.py
  20. AUTHORS
  21. BUILD.gn
  22. ChangeLog
  23. CODE_OF_CONDUCT.md
  24. codereview.settings
  25. DEPS
  26. LICENSE
  27. LICENSE.fdlibm
  28. LICENSE.strongtalk
  29. LICENSE.v8
  30. LICENSE.valgrind
  31. OWNERS
  32. PRESUBMIT.py
  33. README.md
  34. snapshot_toolchain.gni
  35. WATCHLISTS
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.