Go to file
Benedikt Meurer 40c6892643 [feedback-vector] Don't go MEGAMORPHIC due to dying handlers.
This fixes a problem where ICs for transitioning stores go MEGAMORPHIC
if the transition target map dies in between invocations of the IC,
which is totally possible, since we only hold on weakly to these
transition targets (both from the FeedbackVectors and also from the
TransitonArrays).

The root problem here was an inconsistency in how the maps and handlers
are being reported by the FeedbackVector. On the on hand side the method
FeedbackVector::ExtractMaps() will report all receiver maps that are
still present (i.e. which haven't died themselves), but then the other
method FeedbackVector::FindHandlers() will only report handlers that are
still alive (i.e. which in case of transition target maps being used as
handlers haven't died yet). If the length of these lists don't match the
IC chickens out and goes MEGAMORPHIC. But this is exactly the case with
the transitioning stores, where there's no handler anymore, i.e. as can
be seen in this simple example:

```
// Flags: --expose-gc
function C() { this.x = 1; }
new C();
new C();
gc();     // map with the `C.x` property dies
new C();  // now the STORE_IC in C goes MEGAMORPHIC
```

So the problem is that we have these two methods that don't agree with
each other. Now FeedbackVector::ExtractMaps() is also used by TurboFan
and it even reports receiver maps for PREMONOMORPHIC state, which is
different from the use case that the ICs need. So I replaced the
FeedbackVector::FindHandlers() with a completely new method
FeedbackVector::ExtractMapsAndHandlers(), which returns both the maps
and handlers, exactly as the ICs need it. And only returns pairs for
which both the receiver map and the handler are still alive.

This fixes the odd problem that sometimes STORE_ICs going MEGAMORPHIC
for no apparent reason. Due to the weakness of the transition target
maps, they can still die and cause deoptimizations, but at least
TurboFan will now be able to reoptimize again later with the new maps
and still generate proper code.

Bug: v8:9316
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Change-Id: I74c8b60f792f310dc813f997e69efe9ad434296a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637878
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61948}
2019-05-31 13:51:29 +00:00
benchmarks Add missing owners files 2019-05-31 07:21:01 +00:00
build_overrides Clean up infra owners 2019-05-15 11:18:43 +00:00
custom_deps Clean up infra owners 2019-05-15 11:18:43 +00:00
docs Add OWNERS for docs/ 2019-05-15 12:06:15 +00:00
gni [tracing] Fix perfetto build on windows 2019-05-28 13:39:00 +00:00
include Add OWNERS files for src and test 2019-05-30 04:51:21 +00:00
infra Revert "Reland "[ptr-compr][x64] Temporarily enable pointer compression on x64"" 2019-05-22 12:51:53 +00:00
samples Add OWNERS file for samples/ 2019-05-14 16:55:03 +00:00
src [feedback-vector] Don't go MEGAMORPHIC due to dying handlers. 2019-05-31 13:51:29 +00:00
test [heap] Simplify computation of max semi-space size. 2019-05-31 13:33:28 +00:00
testing Add missing owners files 2019-05-31 07:21:01 +00:00
third_party Add missing owners files 2019-05-31 07:21:01 +00:00
tools [test] Switch off detect_stack_use_after_return on windows asan 2019-05-31 12:27:27 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.clang-tidy [tool] Remove unfixed clang-tidy warnings to ease use. 2018-10-26 07:40:32 +00:00
.editorconfig Add .editorconfig 2017-07-28 13:39:24 +00:00
.git-blame-ignore-revs Add recent code rewrite to .git-blame-ignore-revs 2019-05-23 10:38:45 +00:00
.gitattributes .gitattributes: Mark minified emscripten js files as -diff 2018-09-19 16:27:10 +00:00
.gitignore Remove d8 from .gitignore 2019-05-23 13:21:45 +00:00
.gn v8: Stop setting secondary_source. 2019-05-13 16:06:53 +00:00
.vpython [tools] Implement confidence-based number of runs 2019-05-09 09:42:28 +00:00
.ycm_extra_conf.py [ycm] Switch from gnu++11 to gnu++14 2017-11-27 07:48:21 +00:00
AUTHORS Improve toString(radix) for doubles near zero 2019-05-29 20:45:02 +00:00
BUILD.gn [roheap] Inform lsan of leaked objects during read-only space set up 2019-05-31 11:14:17 +00:00
ChangeLog [release] Merge ChangeLog back to master 2018-12-07 15:41:59 +00:00
CODE_OF_CONDUCT.md Explicitly state that the Chromium Code of Conduct also applies to V8 2016-03-02 09:51:24 +00:00
codereview.settings Make Gerrit the default code review for V8 2017-06-30 17:37:37 +00:00
COMMON_OWNERS [OWNERS] Add solanes@ to COMMON_OWNERS 2019-05-22 13:50:51 +00:00
DEPS Update wasm-spec. 2019-05-31 04:38:40 +00:00
ENG_REVIEW_OWNERS Add eng review owners as escalation path 2019-05-15 19:12:10 +00:00
INFRA_OWNERS Clean up infra owners 2019-05-15 11:18:43 +00:00
INTL_OWNERS Add missing owners files 2019-05-31 07:21:01 +00:00
LICENSE [wasm] Draft version of C/C++ Wasm API 2019-04-17 16:00:26 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
MIPS_OWNERS Move architecture dependent files 2019-05-28 14:02:15 +00:00
OWNERS Move architecture dependent files 2019-05-28 14:02:15 +00:00
PPC_OWNERS Move architecture dependent files 2019-05-28 14:02:15 +00:00
PRESUBMIT.py Reland "Move logging and diagnostics related source files" 2019-05-20 09:54:57 +00:00
README.md [docs] Change links from old wiki to v8.dev 2019-03-07 12:13:30 +00:00
S390_OWNERS Move architecture dependent files 2019-05-28 14:02:15 +00:00
WATCHLISTS Move remaining files in src/ 2019-05-24 18:24:36 +00:00

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.