This CL also adds speculation to all Math builtins,
and refactors the JSCallReducer.
Bug: v8:7250, v8:7240
Change-Id: Icdaddb767e875bb191939d907f65c7a8dcf79b8b
Reviewed-on: https://chromium-review.googlesource.com/873916
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51426}
Inline the promise constructor when we have one argument and target
matches new_target.
This is not complete, and is sitting behind an experimental flag for
now. We need to fix deoptimization by providing proper frame states.
Create a unittest class for JSCallReducer - just assert whether there
was a change or not, rather than specify the exact graph that should be
produced.
Bug: v8:7253
Change-Id: Ib6886a8feb2799f47cd647853cabcf12a189bc25
Reviewed-on: https://chromium-review.googlesource.com/919282
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51389}
Tbr: jarin@chromium.org
Change-Id: I17477e2c82398b228a366a3d1fd8eb521dd51eae
Reviewed-on: https://chromium-review.googlesource.com/922270
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51317}
instance_class_name takes up space unnecessarily, and %_ClassOf and
class_name implement [[Class]] which isn't part of ES2015+ anymore.
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3a73f732ad83a616817fde9992f4e4d584638fa8
Reviewed-on: https://chromium-review.googlesource.com/776683
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51309}
Moves generation of speculation poison to be based on the PC target vs the
actual PC being executed. The speculation poison is generated in the prologue
of the generated code if CompilationInfo::kGenerateSpeculationPoison is set.
The result is stored in a known register, which can then be read using the
SpeculationPoison machine node.
Currently we need to ensure the SpeculationPoison node is scheduled right after
the code prologue so that the poison register doesn't get clobbered. This is
currently not verified, however it's only use is in RawMachineAssembler where
it is manually scheduled early.
The Ignition bytecode handlers are updated to use this speculation poison
rather than one generated by comparing the target bytecode.
BUG=chromium:798964
Change-Id: I2a3d0cfc694e88d7a8fe893282bd5082f693d5e2
Reviewed-on: https://chromium-review.googlesource.com/893160
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51229}
This is a purely cosmetic change. Rename all local variables and
parameters of type CallDescriptor* to "call_descriptor".
For locals that are now named "call_descriptor", use auto upon
initialization, following the Google style guide
(https://google.github.io/styleguide/cppguide.html#auto).
Note: fields in structs and classes were not renamed in this CL.
R=clemensh@chromium.org,mstarzinger@chromium.org,jarin@chromium.org
Change-Id: Ic6f7afdba12f7b97741b098a9d0e0f58c41c587e
Reviewed-on: https://chromium-review.googlesource.com/909866
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51223}
Where the value we are switching on is a constant, we can just look
through each IfValue case and replace the switch and go straight to
the appropriate case. If no case matches, expect and go to the
IfDefault.
For the (unrealistic) example in the linked bug, this improves
performance ~1.5x.
Bug: v8:7389
Change-Id: I7ffe209bda9ed22571ea106396b18e0bcf9a1e22
Reviewed-on: https://chromium-review.googlesource.com/893141
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51029}
This is a reland of 957ac3641c.
To avoid a race condition TSAN found when accessing FLAG_turbo_disable_switch_jump_table
in the InstructionSelector, this now threads the flag through the CompilationInfo.
Original change's description:
> [turbofan] disable indirect jumps in Turbofan generated switches
>
> Bug:
> Change-Id: I326bf518f895e7c030376210e7797f3dd4a9ae1f
> Reviewed-on: https://chromium-review.googlesource.com/873643
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50984}
Change-Id: I76c2804f140cc116e30881bfd05365a09240e605
Reviewed-on: https://chromium-review.googlesource.com/895643
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51014}
This works around a bug in the libc++ implementation of bitset
(https://bugs.llvm.org/show_bug.cgi?id=35438) resulting in high
bits outside the bitset leaking through, breaking the ordering
invariant of PersistentMap::iterator. This did not surface so far
because the hash values used in escape analysis so far all only used
32 bits.
Bug:
Change-Id: I18ce703020bf1fb3e1b412edaa899fa1afe0bba0
Reviewed-on: https://chromium-review.googlesource.com/793613
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50684}
If a NumberConstant can be represented as a Smi, then lower it to a
IntPtrConstant node during simplified lowering. Thanks to this, all backends can
match Smi values that can also be encoded as immediates in the instruction
selector. Additionally, we can apply the same lowering to the CodeAssembler for
the snapshot.
As a result, we can remove `mov` instructions generated because Int32Matcher and
Int64Matcher didn't not recognize Smis:
For 32-bit target, it's common for Smis also be immediates: "if (a < 100) {}"
~~~
mov r1, #200 -> cmp r0, #200
cmp r0, r1 -> blt <>
blt <> ->
~~~
On Arm64 particularly, we lose opportunites to use `cbz`: "if (a == 0) {}"
~~~
movz x0, #0x0 -> cbz x1 <>
cmp x1, x0 ->
b.eq <> ->
~~~
Overall, we do not see an impact on benchmarks such as webtooling. However, we
do see noteworthy code size reduction, from 0.5% to 1.5%.
Bug:
Change-Id: I7fbb718ad51b9036c3514fa31c1326bdd6f2b0e6
Reviewed-on: https://chromium-review.googlesource.com/848814
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#50569}
This is a reland of bcf1172992
The test was timing out in no snapshot builds, as each CodeAssemblerTester
creates a new Context. Reduced the random iterations significantly.
Original change's description:
> [arm64] Preparation for padding of arguments
>
> As part of JSSP removal, we need to align the arguments passed to functions
> on the stack, by adding a padding slot when the total number of arguments
> is odd.
>
> This patch introduces the kPadArguments flag (which is currently set to
> false for all architectures), which will control padding of arguments in
> architecture-independent parts of the code (deoptimizer, instruction
> selector).
>
> It also adds some executable tests for tail calls with various stack
> parameter counts on the caller and callee sides.
>
> This will be turned on for arm64 together with arm64-specific changes to
> the code generator, the MacroAsembler and the builtins, in a later patch.
>
> Bug: v8:6644
> Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08
> Reviewed-on: https://chromium-review.googlesource.com/806554
> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50134}
TBR=jarin@chromium.org
Bug: v8:6644
Change-Id: I795877ed9791e126ffac6841dbbb65189e95d207
Reviewed-on: https://chromium-review.googlesource.com/833046
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50238}
... or sometimes by FATAL(...) to give a better error message.
The benefit of UNREACHABLE() over CHECK(false) is that the compiler
knows that this macro will never return, hence we can omit the return
of a dummy value afterwards.
R=neis@chromium.org
Change-Id: I14e6a4f1d75f1338f481bd1520d841fd383d6202
Reviewed-on: https://chromium-review.googlesource.com/832431
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50214}
This change is quite invasive, because CheckSmi is lowered
through representation change depending on UseInfo to several
different checked conversion operators. This CL adds feedback
to every checked conversion operator to Int32.
Bug: v8:7127, v8:7204
Change-Id: Icb780e5a69d321c2ec161c3c2a32984bdcf101f1
Reviewed-on: https://chromium-review.googlesource.com/831521
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50167}
This reverts commit bcf1172992.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/16791
The test cctest/test-run-tail-calls/FuzzStackParamCount hangs on
the nosnap debug bot and times out.
Original change's description:
> [arm64] Preparation for padding of arguments
>
> As part of JSSP removal, we need to align the arguments passed to functions
> on the stack, by adding a padding slot when the total number of arguments
> is odd.
>
> This patch introduces the kPadArguments flag (which is currently set to
> false for all architectures), which will control padding of arguments in
> architecture-independent parts of the code (deoptimizer, instruction
> selector).
>
> It also adds some executable tests for tail calls with various stack
> parameter counts on the caller and callee sides.
>
> This will be turned on for arm64 together with arm64-specific changes to
> the code generator, the MacroAsembler and the builtins, in a later patch.
>
> Bug: v8:6644
> Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08
> Reviewed-on: https://chromium-review.googlesource.com/806554
> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50134}
TBR=rmcilroy@chromium.org,jarin@chromium.org,georgia.kouveli@arm.com
Change-Id: Iff4d7da418204834822842b160eacb8980058172
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6644
Reviewed-on: https://chromium-review.googlesource.com/830847
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50144}
As part of JSSP removal, we need to align the arguments passed to functions
on the stack, by adding a padding slot when the total number of arguments
is odd.
This patch introduces the kPadArguments flag (which is currently set to
false for all architectures), which will control padding of arguments in
architecture-independent parts of the code (deoptimizer, instruction
selector).
It also adds some executable tests for tail calls with various stack
parameter counts on the caller and callee sides.
This will be turned on for arm64 together with arm64-specific changes to
the code generator, the MacroAsembler and the builtins, in a later patch.
Bug: v8:6644
Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08
Reviewed-on: https://chromium-review.googlesource.com/806554
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50134}
I also used the opportunity to clean up the loop peeler a bit by making the
class stateful, to avoid passing long argument lists around.
Bug: v8:5864
Change-Id: I2e034c6eabd381b01e15cf3e6aa3ce7b14e7b3d8
Reviewed-on: https://chromium-review.googlesource.com/822933
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50067}
The motivation is to avoid bugs such as the one fixed in
https://chromium-review.googlesource.com/c/v8/v8/+/800270.
Bug: v8:7109
Change-Id: I82a55f4a78d289d00ae7bafe78b45d92bab07a6b
Reviewed-on: https://chromium-review.googlesource.com/800291
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49829}
Add support for matching '(x & mask) == mask' when mask has a single bit set,
and translate this into a tbnz instruction. This patch only does this for 32-bit
operations, we can port it to 64-bit operations as a follow-up if we find
matches.
This transformation mostly touches the snapshot where we get ~120 hits. This pattern can
also show up in JavaScript when introduced by the EffectControlLinearizer pass.
Bug:
Change-Id: Ib37c6e0bd3831b7c17709357b00ca53735621605
Reviewed-on: https://chromium-review.googlesource.com/803272
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#49822}
This patch normalizes the casing of hexadecimal digits in escape
sequences of the form `\xNN` and integer literals of the form
`0xNNNN`.
Previously, the V8 code base used an inconsistent mixture of uppercase
and lowercase.
Google’s C++ style guide uses uppercase in its examples:
https://google.github.io/styleguide/cppguide.html#Non-ASCII_Characters
Moreover, uppercase letters more clearly stand out from the lowercase
`x` (or `u`) characters at the start, as well as lowercase letters
elsewhere in strings.
BUG=v8:7109
TBR=marja@chromium.org,titzer@chromium.org,mtrofin@chromium.org,mstarzinger@chromium.org,rossberg@chromium.org,yangguo@chromium.org,mlippautz@chromium.org
NOPRESUBMIT=true
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I790e21c25d96ad5d95c8229724eb45d2aa9e22d6
Reviewed-on: https://chromium-review.googlesource.com/804294
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49810}
Some uses use uint64_t instead of int64_t to avoid compiler warnings
about illegal narrowing of values with the MSB set.
R=tebbi@chromium.org,mlippautz@chromium.org
Bug: v8:7109
Change-Id: I6e861f48828bd931c451ef336672a260c13ae042
Reviewed-on: https://chromium-review.googlesource.com/803275
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49797}
V8_INT64_C will be cleaned up in a follow-up CL.
R=tebbi@chromium.org,mlippautz@chromium.org
Bug: v8:7109
Change-Id: I6af97e7266039eb443896b404b77b8e2b5de5adb
Reviewed-on: https://chromium-review.googlesource.com/803294
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49790}
Strings are immutable in JavaScript land (contrast with the runtime,
where we can truncate strings that haven't escaped to JavaScript yet),
so the length of a String is immutable. Thus loading the length of a
String is a pure operation and should be expressed as such (i.e. doesn't
depend on control or effect). The StringLength operator does exactly
this and is hooked up to the effect chain in the EffectControlLinearizer.
This will eventually allow us to simplify the optimization of string
concatention and other operations that are a bit cumbersome in TurboFan
currently, and it will also allow us to optimize string operations
across effectful operations, for example combining multiple invocations
to String#slice with the same inputs.
Bug: v8:5269, v8:6936, v8:7109, v8:7137
Change-Id: Iffcccbb0c7fc4cfe1281c10e7af24b40eba4c987
Reviewed-on: https://chromium-review.googlesource.com/799690
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49731}
The ToBooleanHints were used to represent the ToBoolean feedback
collected by Fullcodegen. But Ignition doesn't collect this feedback
and also TurboFan doesn't make use of the hints, so we should remove
this for now.
Bug: v8:7101
Change-Id: Ifc97d3ebb7494029b33ad79fc8bafdf3c08fb871
Reviewed-on: https://chromium-review.googlesource.com/778163
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49470}
Reland of https://chromium-review.googlesource.com/c/v8/v8/+/727893
The crashes should be fixed by https://chromium-review.googlesource.com/c/v8/v8/+/763531
Original change's description:
> Revert "Reland^5 "[turbofan] eagerly prune None types and deadness from the graph""
>
> This reverts commit ac0661b358.
>
> Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
>
> Original change's description:
> > Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This gives up on earlier attempts to interpret DeadValue as a signal of
> > unreachable code. This does not work because free-floating dead value
> > nodes, and even pure branch nodes that use them, can get scheduled so
> > early that they get reachable. Instead, we now eagerly remove branches
> > that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> > to value phi nodes with dummy values.
> >
> > Reland of https://chromium-review.googlesource.com/715716
> >
> > Bug: chromium:741225 chromium:776256
> > Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> > Reviewed-on: https://chromium-review.googlesource.com/727893
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#49188}
>
> TBR=jarin@chromium.org,tebbi@chromium.org
>
> Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
> Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
> Reviewed-on: https://chromium-review.googlesource.com/758770
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49262}
TBR=jarin@chromium.org,tebbi@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6c02b4beb02997ec34015ed2f6791a93c70f5e36
Reviewed-on: https://chromium-review.googlesource.com/772150
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49429}
Removes Isolate from compilation info and instead threads isolate through
function calls. This ensures that we can't access the isolate from
background thread compilations.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I9a4e1cd67c4736e36f609360b996fb55166a1c50
Reviewed-on: https://chromium-review.googlesource.com/751745
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49386}
This reverts commit f010b28fbe.
Reason for revert: Introduces a clusterfuzz issue and CAnary crash
Original change's description:
> [TurboFan] Diagnostic code to track down bug in representation selection
>
> We need to characterize the types of dead (IrOpcode::kDead) nodes
> introduced in compilation phases prior to representation selection.
> Normally, a dead node isn't expected at the start of this phase. The
> question is, which phase introduced the dead node and failed to
> deal with it properly?
>
> Bug: chromium:780658
> Change-Id: Ief5b45480bb7d704a2d09dafd60b5d389e0fd42e
> Reviewed-on: https://chromium-review.googlesource.com/765968
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49328}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org
Change-Id: I5d628eb1de630ce4a353b6ef0f80fd74ad740f17
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:780658
Reviewed-on: https://chromium-review.googlesource.com/768747
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49347}
We need to characterize the types of dead (IrOpcode::kDead) nodes
introduced in compilation phases prior to representation selection.
Normally, a dead node isn't expected at the start of this phase. The
question is, which phase introduced the dead node and failed to
deal with it properly?
Bug: chromium:780658
Change-Id: Ief5b45480bb7d704a2d09dafd60b5d389e0fd42e
Reviewed-on: https://chromium-review.googlesource.com/765968
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49328}
Turn cases where we are multiplying with a power of two into a left shift. We
hit this optimisation roughly 500 times in the snapshot.
Bug:
Change-Id: Ibd3104a3dbe49f247a2d84db94891f6e3a897026
Reviewed-on: https://chromium-review.googlesource.com/763229
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#49306}
MIPS team has recently migrated to @mips.com e-mail address.
Dusan Simicic is no longer part of MIPS V8 team, therefore
his name is removed from OWNERS.
TBR=mstarzinger@chromium.org
NOTRY=true
Bug:
Change-Id: I67fde24a5b9214fa3fca05c0399888b8d18fc699
Reviewed-on: https://chromium-review.googlesource.com/758639
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49299}
This reverts commit ac0661b358.
Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
Original change's description:
> Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This gives up on earlier attempts to interpret DeadValue as a signal of
> unreachable code. This does not work because free-floating dead value
> nodes, and even pure branch nodes that use them, can get scheduled so
> early that they get reachable. Instead, we now eagerly remove branches
> that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> to value phi nodes with dummy values.
>
> Reland of https://chromium-review.googlesource.com/715716
>
> Bug: chromium:741225 chromium:776256
> Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> Reviewed-on: https://chromium-review.googlesource.com/727893
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49188}
TBR=jarin@chromium.org,tebbi@chromium.org
Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
Reviewed-on: https://chromium-review.googlesource.com/758770
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49262}
This gives up on earlier attempts to interpret DeadValue as a signal of
unreachable code. This does not work because free-floating dead value
nodes, and even pure branch nodes that use them, can get scheduled so
early that they get reachable. Instead, we now eagerly remove branches
that use DeadValue in DeadCodeElimination and replace DeadValue inputs
to value phi nodes with dummy values.
Reland of https://chromium-review.googlesource.com/715716
Bug: chromium:741225 chromium:776256
Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
Reviewed-on: https://chromium-review.googlesource.com/727893
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49188}
This adds a new InstanceOfIC where the TestInstanceOf bytecode collects
constant feedback about the right-hand side of instanceof operators,
including both JSFunction and JSBoundFunction instances. TurboFan then
uses the feedback to optimize instanceof in places where the right-hand
side is not a known constant (known to TurboFan).
This addresses the odd performance cliff that we see with instanceof in
functions with multiple closures. It was discovered as one of the main
bottlenecks on the uglify-es test in the web-tooling-benchmark. The
uglify-es test (run in separation) is ~18% faster with this change.
On the micro-benchmark in the tracking bug we go from
instanceofSingleClosure_Const: 69 ms.
instanceofSingleClosure_Class: 246 ms.
instanceofMultiClosure: 246 ms.
instanceofParameter: 246 ms.
to
instanceofSingleClosure_Const: 70 ms.
instanceofSingleClosure_Class: 75 ms.
instanceofMultiClosure: 76 ms.
instanceofParameter: 73 ms.
boosting performance by roughly 3.6x and thus effectively removing the
performance cliff around instanceof.
Bug: v8:6936, v8:6971
Change-Id: Ib88dbb9eaef9cafa4a0e260fbbde73427a54046e
Reviewed-on: https://chromium-review.googlesource.com/730686
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48820}
JSClassOf may lower to a call to a builtin, and needs to be
modeled in a way that the effect chain can be maintained.
Bug: v8:6929
Change-Id: Ida332e6d85e2eb8b33fcad810d195ef3e897ccb0
Reviewed-on: https://chromium-review.googlesource.com/727204
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48786}
This also changes modulo to be more like others, e.g., Pow:
- have an inline Modulo
- have a modulo_double_double that we can use as FUNCTION_ADDR in assembler.cc
Bug:
Change-Id: Id360e4adcde5712ffc5ac22abd3bbaab6aec09f5
Reviewed-on: https://chromium-review.googlesource.com/728027
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48747}
