Google Git
Sign in
chromium / v8 / v8 / b7168573ed011113746873fd92b71e8bcc9dddb1
commitb7168573ed011113746873fd92b71e8bcc9dddb1[log] [tgz]
authorBenedikt Meurer <bmeurer@chromium.org>Fri Nov 03 06:59:00 2017
committerCommit Bot <commit-bot@chromium.org>Fri Nov 03 07:35:14 2017
tree7ed6fc49de4542fec61b53b99921773238be75e4
parentb4a4f6e3f61a14ef47adefc28bee714a3076928a [diff]
[turbofan] Generalized OOB support for KeyedLoadIC.

This extends the support in TurboFan and the ICs for OOB loads to also
apply to typed arrays and receivers whose prototype chain is protected
by the "no elements" protector (aka the Array protector). TurboFan will
generate code to materialize undefined instead when it sees a load that
has the OOB bit set and add an appropriate code dependency on the global
protector. For typed arrays it doesn't even need to check the global
protector since elements are never looked up in the prototype chain
for typed arrays.

In the simple micro-benchmark from the bug we go from

  testInBounds: 103 ms.
  testOutOfBounds: 289 ms.

to

  testInBounds: 103 ms.
  testOutOfBounds: 102 ms.

which fixes the 3x slowdown and thus addresses the performance cliff. In
general it's still beneficial to make sure that you don't access out of
bounds, especially once we introduce a bounds check elimination pass to
TurboFan.

This also seems to improve the jQuery benchmark on the Speedometer test
suite by like 1-2% on average. And the SixSpeed rest benchmarks go from

  rest-es5: 25 ms.
  rest-es6: 23 ms.

to

  rest-es5: 6 ms.
  rest-es6: 4 ms.

so a solid 5.7x improvement there.

Bug: v8:6936, v8:7014, v8:7027
Change-Id: Ie99699c69cc40057512e72fd40ae28107216c423
Reviewed-on: https://chromium-review.googlesource.com/750089
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49095}
10 files changed
tree: 7ed6fc49de4542fec61b53b99921773238be75e4
  1. benchmarks/
  2. build_overrides/
  3. docs/
  4. gni/
  5. gypfiles/
  6. include/
  7. infra/
  8. samples/
  9. src/
  10. test/
  11. testing/
  12. third_party/
  13. tools/
  14. .clang-format
  15. .editorconfig
  16. .git-blame-ignore-revs
  17. .gitignore
  18. .gn
  19. .vpython
  20. .ycm_extra_conf.py
  21. AUTHORS
  22. BUILD.gn
  23. ChangeLog
  24. CODE_OF_CONDUCT.md
  25. codereview.settings
  26. DEPS
  27. LICENSE
  28. LICENSE.fdlibm
  29. LICENSE.strongtalk
  30. LICENSE.v8
  31. LICENSE.valgrind
  32. Makefile
  33. Makefile.android
  34. OWNERS
  35. PRESUBMIT.py
  36. README.md
  37. snapshot_toolchain.gni
  38. WATCHLISTS
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.