AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
80,102 Commits 1 Branch 0 Tags 839 MiB
ff1dba398d
Commit Graph

23 Commits

Author SHA1 Message Date
Z Nguyen-Huu
1f4bec2775 Add new nonextensible element kinds 
Currently the backing store and elements kind might not aligned aka
backing store can be dictionary where elements kind is frozen/sealed
element kinds or the other way around. The reason is that
Object.preventExtensions change elements kind to DICTIONARY while
Object.seal/freeze change elements kind to SEALED/FROZEN element kind.
Apply both these operations can lead to that problem as in
chromium:992914

To solve this issue, we avoid Object.preventExtensions to change backing
store to dictionary by introducing new nonextensible elements kind.
These new nonextensible elements kind are handled similar to frozen,
sealed element kinds. This change not only fixes the problem but also
optimize the performance of nonextensible objects.

Change-Id: Iffc7f14eb48223c11abf3c577f305d2d072eb65b
Bug: chromium:992914, v8:6831
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760976
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63432}
 2019-08-28 17:24:49 +00:00
Z Nguyen-Huu
6c61c8aa1d Transition to frozen/sealed elements from Smi/Double elements 
When applying Object.seal(), Object.freeze() to Smi, Double elements
kind, it will transition to Object elements kind first then to new
frozen, sealed elements kind accordingly.
Also, add more mjsunit.

Bug: v8:6831
Change-Id: I454b42d7eb329b03e20245896641eb6c1a87831d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662657
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62457}
 2019-07-01 05:42:39 +00:00
Z Nguyen-Huu
a26adb2b41 Optimize array.map for sealed, frozen objects 
Extend same approach for FastJSArray to FastJSArrayForRead in ArrayMap builtin

~6x perf improvement in micro-benchmark JSTests/ObjectFreeze
Before:
ArrayMap
ArrayMap-Numbers(Score): 0.0887

After:
ArrayMap
ArrayMap-Numbers(Score): 0.531

Bug: v8:6831
Change-Id: I06cba44ca4c9198977c6da522b782b61f9df04fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653732
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62127}
 2019-06-12 18:13:55 +00:00
Z Nguyen-Huu
3167b3b600 Add fast path for proxy with isExtensible trap 
ObjectIsExtensible is now a Torque builtin (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously).

Improvement in micro-benchmark
Before:
IsExtensibleWithoutTrap-Proxies(Score): 2228
IsExtensibleWithTrap-Proxies(Score): 917

After:
IsExtensibleWithoutTrap-Proxies(Score): 3683
IsExtensibleWithTrap-Proxies(Score): 3310

Bug: v8:6664
Change-Id: I1fbe1c51cb724a23d7a59fc8231bb3d1461a6add
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637444
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62006}
 2019-06-05 17:38:27 +00:00
Z Nguyen-Huu
6e85742157 Optimize array clone for sealed, frozen objects 
Improve micro-benchmark by ~5x
Before:
ApplySpreadLiteral
ApplySpreadLiteral-Numbers(Score): 279
SpreadCallSpreadLiteral
SpreadCallSpreadLiteral-Numbers(Score): 285

After:
ApplySpreadLiteral
ApplySpreadLiteral-Numbers(Score): 1074
SpreadCallSpreadLiteral
SpreadCallSpreadLiteral-Numbers(Score): 1009


Bug: v8:6831
Change-Id: Ifd676ca13d5b7e86afc1578636fdd4dc2733c474
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628244
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61862}
 2019-05-27 17:26:06 +00:00
Z Duong Nguyen-Huu
9ccad33c97 Optimize spread call for sealed, frozen objects 
Also add mjsunit test for spread call with non-extensible objects

Micro-benchmark JSTests/ObjectFreeze shows ~7x improvement

Before:
SpreadCall
SpreadCall-Numbers(Score): 239

After:
SpreadCall
SpreadCall-Numbers(Score): 1461

Bug: v8:6831
Change-Id: Icefd89ad790ac159b7f0617d0a012eefd90d3b1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1614296
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61669}
 2019-05-20 20:36:32 +00:00
Z Duong Nguyen-Huu
daa62d4f98 Add new frozen, sealed holey elements kind 
This is the follow-up for frozen, sealed packed elements kind.
Design docs: bit.ly/fast-frozen-sealed-elements-in-v8
This change is only support the transition from holey elements to holey sealed elements (via object.seal) or to holey frozen elements (via object.freeze).
Added tests for non-extensible, sealed, frozen holey elements in https://chromium-review.googlesource.com/c/v8/v8/+/1574503 and https://chromium-review.googlesource.com/c/v8/v8/+/1582481

Bug: v8:6831
Change-Id: Ia4373648f79f2ebebb390982a503145844a0c123
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574777
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61307}
 2019-05-07 19:09:32 +00:00
Z Duong Nguyen-Huu
feba84a3f9 Add test for holey non-extensible element 
Bug: v8:6831
Change-Id: I4d4d9b65a346384b8f6c6dc2cfe0c1ce88116e18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574503
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60993}
 2019-04-24 18:09:23 +00:00
Z Duong Nguyen-Huu
f8af2b7581 Fix array.includes(NaN) for sealed/frozen packed element 
Bug: chromium:953888
Change-Id: If2aa613bac18e61ac733102b45b0ebb6553eae1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1579539
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60959}
 2019-04-23 19:55:13 +00:00
Z Duong Nguyen-Huu
3f88ea39b2 Increase length for packed sealed object will transition to dictionary mode 
Increase length of packed sealed array will create holes in packed array so transition to dictionary elements for now.
Later we can consider transitioning to holey sealed array.

Bug: chromium:952382
Change-Id: Ibe26ce56918859a114fccc1933f9c966c47c4112
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566968
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60884}
 2019-04-16 20:01:51 +00:00
Z Duong Nguyen-Huu
d0f18e9af1 Reland of fix array.concat with double for sealed, frozen object 
Just update merge conflict.
The reverted CL is https://chromium-review.googlesource.com/c/v8/v8/+/1565470.
Treat packed sealed, frozen element as packed element.
Also rename to IsPackedFrozenOrSealedElementsKind.

Bug: chromium:951988
Change-Id: I4e7cc0a0d43e1e1c109fa08231dd5396901f9614
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566235
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60881}
 2019-04-16 17:42:30 +00:00
Z Duong Nguyen-Huu
56873d9616 Handle COW map for sealed, frozen object 
Basically, SetPropertyInternal is called without handling COW map.

Improve test coverage as well.

Bug: chromium:951438
Change-Id: Iea8c818ab6a8ddea204f86a9d676a1ea42fd07f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1562731
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60834}
 2019-04-12 19:43:39 +00:00
Sathya Gunasekaran
40004881f6 Revert "Fix array.concat with double for sealed, frozen object" 
This reverts commit 68ba8574f6.

Reason for revert: breaks windows builds https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20builder/27839

Original change's description:
> Fix array.concat with double for sealed, frozen object
> 
> Treat packed sealed, frozen element as packed element.
> Also rename to IsPackedFrozenOrSealedElementsKind.
> 
> Bug: chromium:951988
> Change-Id: Ia636f0a14a229e4c44772627728927db1b877f27
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565470
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#60831}

TBR=jarin@chromium.org,ishell@chromium.org,verwaest@chromium.org,duongn@microsoft.com

Change-Id: I84caf106dbdd2209aef0a994173e1c3982e9f7b1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:951988
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565542
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60832}
 2019-04-12 18:00:09 +00:00
Z Duong Nguyen-Huu
68ba8574f6 Fix array.concat with double for sealed, frozen object 
Treat packed sealed, frozen element as packed element.
Also rename to IsPackedFrozenOrSealedElementsKind.

Bug: chromium:951988
Change-Id: Ia636f0a14a229e4c44772627728927db1b877f27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565470
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60831}
 2019-04-12 17:50:23 +00:00
Z Duong Nguyen-Huu
b151cd2f7f Fix array.includes undefined for sealed/frozen object 
For slow-path of array.includes, it should be able to handle if arguments is undefined for sealed/frozen object

Bug: chromium:951780
Change-Id: I42dcf1e23ab07bfcd87e7a5d27b52e66b2d1d2ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565031
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60829}
 2019-04-12 17:36:32 +00:00
Z Duong Nguyen-Huu
9dfb6a3582 Fix array.splice edge case for sealed object 
The last step in array.splice slow-path is to update length of the array https://cs.chromium.org/chromium/src/v8/src/builtins/array-splice.tq?rcl=59a29d88cc5972d2323a80a70de19ffd2812e5e4&l=349. For sealed object, it should be nop.

Bug: chromium:951164
Change-Id: I0c3098526c7df6c4dd734dd6c79cc0bba3b9b213
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559217
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60793}
 2019-04-11 18:22:17 +00:00
Z Duong Nguyen-Huu
4726e82bfd Add more test for non extensible packed object 
Bug: v8:6831
Change-Id: I6e9f6fc718928f2f86d3b3c2dd144a6636b05790
Reviewed-on: https://chromium-review.googlesource.com/c/1481895
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59844}
 2019-02-25 18:31:44 +00:00
neis
79634a3ffe [es6] Partially implement Reflect.preventExtensions. 
Ignore proxies for now.

R=rossberg
BUG=v8:3931
LOG=n

Review URL: https://codereview.chromium.org/1397853005

Cr-Commit-Position: refs/heads/master@{#31431}
 2015-10-21 09:23:47 +00:00
adamk
4fa7ae1c07 Optimize Object.seal and Object.preventExtensions 
They both now run fast (due to utilizing transitions instead of always
creating new maps) and sealed or non-extensible objects can stay in
fast mode after transitioning.

This almost entirely reuses the code for transitioning objects
frozen by Object.freeze(), with the added benefit of freeing
up a bit on the map (we no longer keep track of frozen-ness,
as that bit wasn't used for anything interesting).

BUG=v8:3662,chromium:115960
LOG=y

Review URL: https://codereview.chromium.org/776143005

Cr-Commit-Position: refs/heads/master@{#25759}
 2014-12-10 20:02:59 +00:00
rossberg@chromium.org
e414be5fc6 After assignment return right hand side value instead of undefined 
when Object.isExtensible(o) === false

Added corresponding tests

ES5 description: http://es5.github.com/#x11.13.1

Related issue: http://code.google.com/p/v8/issues/detail?id=1901

Contributed by ioseb.dzmanashvili@gmail.com

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/9429002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-21 14:09:45 +00:00
yangguo@chromium.org
86a62d0da3 Added check for trailing whitespaces and corrected existing violations. 
Review URL: http://codereview.chromium.org/7826007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-09-01 11:28:10 +00:00
ricow@chromium.org
fb6d7e17df Follow jsc on not throwing when trying to add a property to a non-extensible object. 
This change makes us compatible with Safari on not throwing when trying to add a property to a non-extensible object. 
Review URL: http://codereview.chromium.org/6712059

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2011-03-28 06:11:08 +00:00
ricow@chromium.org
eed4ed99c8 Add ES5 Object.isExtensible and Object.preventExtensions. 
Review URL: http://codereview.chromium.org/2819034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2010-07-02 14:36:34 +00:00