Google Git
Sign in
chromium / v8 / v8 / 947101c8734f7f67346e9414a5aefda00b948ae2
commit947101c8734f7f67346e9414a5aefda00b948ae2[log] [tgz]
authorBenedikt Meurer <bmeurer@chromium.org>Wed Oct 04 13:12:24 2017
committerCommit Bot <commit-bot@chromium.org>Wed Oct 04 13:41:59 2017
tree3bd0252218e4e280eabb83edaa9e4d309647e0ad
parent808dc8cff3f6530a627ade106cbd814d16a10a18 [diff]
[turbofan] Properly optimize polymorphic constructor call inlining.

This CL addresses a couple of minor issues that were in the way of
properly inlining polymorphic constructors calls, i.e. as found in
this common pattern using Symbol.species:

  class A {
    static get [Symbol.species]() { return this; }
    clone() { return new this.constructor[Symbol.species](); }
  }
  class B extends A {
    static get [Symbol.species]() { return this; }
  }

  function foo(o) { return o.clone(); }
  foo(new A());
  foo(new B());

Here the call to this.constructor[Symbol.species]() is the interesting
site. To get this fully inlined, we had to

  - make sure we don't introduce too many CheckHeapObject eagerly that
    block later optimizations (instead we try harder to see whether the
    receiver is already provably a HeapObject), and
  - also update the new.target of polymorphic JSConstruct nodes, when
    it refers to the same node as the target that we're specializing
    to (this way the JSCreate becomes fully inlinable later).

This seems to yield a solid 1.5% on the ARES6 ML benchmark (run via the
d8 cli runner), which confirms the previous profiled estimation. On the
micro-benchmark that specifically measures this feature in isolation we
go from

  testClone: 828 ms.

on V8 ToT as of today and

  testClone: 1439 ms.

on V8 6.1 to

  testClone: 219 ms.

which is a 3.7x improvement, on top of the previous ~2x boost that we
got from inlining the polymorphic symbol lookup.

Bug: v8:6885, v8:6278, v8:6344
Change-Id: Ida7abf683c7879978f181ba7f52a125f4f83ae6f
Reviewed-on: https://chromium-review.googlesource.com/700596
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48284}
2 files changed
tree: 3bd0252218e4e280eabb83edaa9e4d309647e0ad
  1. benchmarks/
  2. build_overrides/
  3. docs/
  4. gni/
  5. gypfiles/
  6. include/
  7. infra/
  8. samples/
  9. src/
  10. test/
  11. testing/
  12. third_party/
  13. tools/
  14. .clang-format
  15. .editorconfig
  16. .gitignore
  17. .gn
  18. .ycm_extra_conf.py
  19. AUTHORS
  20. BUILD.gn
  21. ChangeLog
  22. CODE_OF_CONDUCT.md
  23. codereview.settings
  24. DEPS
  25. LICENSE
  26. LICENSE.fdlibm
  27. LICENSE.strongtalk
  28. LICENSE.v8
  29. LICENSE.valgrind
  30. Makefile
  31. Makefile.android
  32. OWNERS
  33. PRESUBMIT.py
  34. README.md
  35. snapshot_toolchain.gni
  36. WATCHLISTS
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.