Paritally revert standalone.gypi changes in a451bd1a68 and introduce a new separate variable for the mkpeephole.
On big-endian MIPS, qemu is used to build the snapshot,
because there's no simulator support for big-endian MIPS.
BUG=
Review-Url: https://codereview.chromium.org/2172653002
Cr-Commit-Position: refs/heads/master@{#38103}
Default icu data file for all architectures was set to icudtl.dat, for
big endian this should be icudtb.dat. This will fix intl tests for big
endian once v8 rolls to a newer version of icu that supports big endian.
BUG=
TEST=intl/*
Review-Url: https://codereview.chromium.org/2182043002
Cr-Commit-Position: refs/heads/master@{#38102}
Remove TODO to perform same optimization as AstGraphBuilder.
When visiting for effect in a postfix count operation, don't
keep the intermediate result of ToNumber.
BUG=v4:4280
LOG=n
Review-Url: https://codereview.chromium.org/2187823002
Cr-Commit-Position: refs/heads/master@{#38101}
All supported ARM targets support unaligned accesses for integer
accesses. This patch removes the remnants of support for older targets.
BUG=v8:5077
Review-Url: https://codereview.chromium.org/2184823002
Cr-Commit-Position: refs/heads/master@{#38099}
Objects that reside below the age mark could be on pages that have been moved
within new space. In this case mementos survived which can actually point to
already-collected allocation sites.
BUG=chromium:631050,chromium:581412
R=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2179033005
Cr-Commit-Position: refs/heads/master@{#38094}
Inline XxxIC::initialize_stub_in_optimized_code() methods to CodeFactory and use stub's call interface descriptor instead of hard-coded one.
BUG=v8:5236
Review-Url: https://codereview.chromium.org/2184063002
Cr-Commit-Position: refs/heads/master@{#38093}
This leads to a better handling of the Smi case when we introduce a checked truncation from a number or oddbal to a 32 bit word, which we were previously doing by concatenating a Smi to float64 conversion with a float64 to word32 truncation.
BUG=
Review-Url: https://codereview.chromium.org/2191503002
Cr-Commit-Position: refs/heads/master@{#38091}
Port 52f2ceb052
Original commit message:
On MIPS different signaling NaN values must be used for hardware and simulator targets, even at snapshot generation when always simulator is used.
This introduces SilenceNaN operator, which makes sure that we only
store quiet NaNs into holey arrays. We omit the NaN silencing code
at instruction selection time if the input is an operation that
cannot possibly produce signalling NaNs.
BUG=
TEST=mjsunit/compiler/regress-store-holey-double-array
Review-Url: https://codereview.chromium.org/2188433002
Cr-Commit-Position: refs/heads/master@{#38090}
Also run the BranchElimination (plus CommonOperatorReducer and the
DeadCodeElimination) during the load elimination phase, so we can
elminate some Phi nodes early on that would otherwise confuse the
truncation analysis and/or representation selection, i.e. if there's a
branch that is never taken, that would yield undefined, we'd have to
choose tagged representation for the Phi, even if the always taken
branch yields an integer.
R=epertoso@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2190543002
Cr-Commit-Position: refs/heads/master@{#38088}
This required the introduction of the CheckedNumberOrOddballAsWord32 use info, and a change in the RepresentationChanger to handle it.
BUG=
Review-Url: https://codereview.chromium.org/2184513003
Cr-Commit-Position: refs/heads/master@{#38086}
This implements graph construction for entry via on-stack replacement
within the {BytecodeGraphBuilder}. Entry points are at loop headers
similar to previous OSR implementations. All interpreter registers are
addressable via {OsrValue} nodes in the graph. Currently we rely on
{OsrPoll} bytecodes to be placed right after loop headers (i.e. at the
targets of back edges).
R=jarin@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2171083004
Cr-Commit-Position: refs/heads/master@{#38083}
This CL fixed one bug in crankshaft compiler for Math.max(-0, 0).
BUG=
Review-Url: https://codereview.chromium.org/2175243002
Cr-Commit-Position: refs/heads/master@{#38079}
The new phase will detect loop variable, infer bounds and bake them into
the type.
Review-Url: https://codereview.chromium.org/2164263003
Cr-Commit-Position: refs/heads/master@{#38077}
Introduce the CheckString during native context specialization when we
have string map feedback on a LOAD_IC/STORE_IC. The CheckString
operator, just like its CheckNumber pendant, renames the input and
assigns a proper type, which we will use soon to lower access operations
on Strings, i.e. charCodeAt calls or keyed accesses.
R=jarin@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2181943003
Cr-Commit-Position: refs/heads/master@{#38076}
Reason for revert:
Revert this CL due to V8 Arm Builder failure and V8 Mips Builder failure.
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20builder/builds/2456https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/2506
Original issue's description:
> [Tracing] V8 Tracing Controller
>
> V8 has had a trace event macro interface for while, but without a tracing
> controller a standalone V8 would be unable to collect traces.
>
> This CL introduces a complete Tracing Controller system for V8.
> It is fully function except that it does not yet store trace event args.
>
> This CL has a few components,
> The tracing controller itself, contributed by the author of this CL
> The Trace config (including the parser), contributed by lpy@
> The Trace Object, Trace Writer, and Trace Buffer are all contributed by rksang@
>
> BUG=v8:4561
> LOG=N
>
> Committed: https://crrev.com/3d598452679ce208ad9b2f48e0fb3fae352ce375
> Cr-Commit-Position: refs/heads/master@{#38073}
TBR=jochen@chromium.org,mattloring@google.com,rskang@google.com,yangguo@chromium.org,fmeawad@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4561
Review-Url: https://codereview.chromium.org/2183943002
Cr-Commit-Position: refs/heads/master@{#38074}
V8 has had a trace event macro interface for while, but without a tracing
controller a standalone V8 would be unable to collect traces.
This CL introduces a complete Tracing Controller system for V8.
It is fully function except that it does not yet store trace event args.
This CL has a few components,
The tracing controller itself, contributed by the author of this CL
The Trace config (including the parser), contributed by lpy@
The Trace Object, Trace Writer, and Trace Buffer are all contributed by rksang@
BUG=v8:4561
LOG=N
Review-Url: https://codereview.chromium.org/2137013006
Cr-Commit-Position: refs/heads/master@{#38073}
Reason for revert:
breaks android build due to uninitialized variable.
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug%20builder/builds/2034
Original issue's description:
> [debugging] print ranges for consecutive values with %DebugPrint
>
> With this CL repeated values in elements are combined into a single printout with a range.
>
> BEFORE:
> - elements = {
> 0: <undefined>
> 1: <undefined>
> 2: <the_hole>
> }
>
> AFTER:
> - elements = {
> 0-1: <undefined>
> 2: <the_hole>
> }
>
> BUG=
>
> Committed: https://crrev.com/ec4165742088043d8fede38db21a281e16682adb
> Cr-Commit-Position: refs/heads/master@{#38069}
TBR=yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2181093003
Cr-Commit-Position: refs/heads/master@{#38071}
With this CL repeated values in elements are combined into a single printout with a range.
BEFORE:
- elements = {
0: <undefined>
1: <undefined>
2: <the_hole>
}
AFTER:
- elements = {
0-1: <undefined>
2: <the_hole>
}
BUG=
Review-Url: https://codereview.chromium.org/2169143003
Cr-Commit-Position: refs/heads/master@{#38069}
The showed up unnaturally high while profiling DOM node creation.
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2181323002
Cr-Commit-Position: refs/heads/master@{#38068}
Port 580fdf3c05
This also reverses the MachineType stored for partial unaligned access support
such that it records the unsupported types, rather than supported types.
BUG=
Review-Url: https://codereview.chromium.org/2182493003
Cr-Commit-Position: refs/heads/master@{#38065}
This adds tracking of the loop depth to the {BytecodeGenerator} in order
to statically determine the loop nesting level for {OsrPoll} bytecodes.
R=rmcilroy@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2176183002
Cr-Commit-Position: refs/heads/master@{#38064}
This is a first step towards a perfect world where a call interface descriptor is the only place that defines calling convention for a particular code stub.
Review-Url: https://codereview.chromium.org/2172223002
Cr-Commit-Position: refs/heads/master@{#38059}
Reason for revert:
Fix has been landed.
Original issue's description:
> Revert of [interpreter] Add explicit OSR polling bytecode. (patchset #6 id:100001 of https://codereview.chromium.org/2172233002/ )
>
> Reason for revert:
> Bunch of breakages. Maybe bad interaction with e520e5da55 ?
>
> E.g.:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/11607
>
> Original issue's description:
> > [interpreter] Add explicit OSR polling bytecode.
> >
> > This adds an explicit {OsrPoll} bytecode into every loop header which
> > triggers on-stack replacement when armed. Note that each such bytecode
> > stores the static loop depths as an operand, and hence can be armed for
> > specific loop depths.
> >
> > This also adds builtin code that triggers OSR compilation and switches
> > execution over to optimized code in case compilation succeeds. In case
> > compilation fails, the bytecode dispatch just continues unhindered.
> >
> > R=rmcilroy@chromium.org
> > TEST=mjsunit/ignition/osr-from-bytecode
> > BUG=v8:4764
> >
> > Committed: https://crrev.com/a55beb68e0ededb3773affa294a71edc50621458
> > Cr-Commit-Position: refs/heads/master@{#38043}
>
> TBR=rmcilroy@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4764
>
> Committed: https://crrev.com/439aa2c6d708bfd95db725bd6f97c4c49bbc51fc
> Cr-Commit-Position: refs/heads/master@{#38044}
TBR=rmcilroy@chromium.org,machenbach@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2184713002
Cr-Commit-Position: refs/heads/master@{#38056}
So far we didn't really recognize leaq, but only leal instructions in
the x64 InstructionSelector. Now that we actually generate more of them,
we should also pay more attention to those.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2186573002
Cr-Commit-Position: refs/heads/master@{#38055}
The bug was caused when validating expressions
X >> 0
for indexing into 8-bit heap views. If X was not an intish, the 'normal'
validation path would fail. That, however, left the type of X registered
in the AsmTyper::node_types_ member.
Later, in the 'lenient' code path for 8-bit views, the entire X >> 0
expression would be validated, which would cause X to be validated
again, at which point AsmTyper::SetTypeOf() would DCHECK because the
supplied node already had a type associated with it.
The fix was to simply FAIL() when X is not an intish. This is safe
because if X is not an intish, then
Validate(>>, !intish, FixNum)
will also fail.
BUG= https://bugs.chromium.org/p/chromium/issues/detail?id=628803
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST= cctest/asmjs/test-asm-typer.cc
LOG= N
Review-Url: https://codereview.chromium.org/2181723002
Cr-Commit-Position: refs/heads/master@{#38053}
This allows us to fuse the address computation with the actual memory
access operation on x64, which reduces the register pressure and the
number of instructions. There's probably some follow up cleanup that has
to happen to make sure the machine operator optimizations that are
relevant to word64 computations are also available (similar to what is
already available for word32).
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2183043002
Cr-Commit-Position: refs/heads/master@{#38051}
With the current approach we cannot eliminate context accesses in
mid-size function contexts, so let's bump the limit a bit to make
sure we can optimize those as well.
R=jarin@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2182973004
Cr-Commit-Position: refs/heads/master@{#38050}
This works around the problem that the lowering for JSStackCheck doesn't
play well with effect chain based state tracking, because it doesn't
report the correct changes (we will address this with a better handling
of stack checks soon).
It also allows us to run the EarlyOptimizationPhase concurrently, which
doesn't need to access the heap or generate code stubs.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2183033002
Cr-Commit-Position: refs/heads/master@{#38049}
Reason for revert:
Bunch of breakages. Maybe bad interaction with e520e5da55 ?
E.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/11607
Original issue's description:
> [interpreter] Add explicit OSR polling bytecode.
>
> This adds an explicit {OsrPoll} bytecode into every loop header which
> triggers on-stack replacement when armed. Note that each such bytecode
> stores the static loop depths as an operand, and hence can be armed for
> specific loop depths.
>
> This also adds builtin code that triggers OSR compilation and switches
> execution over to optimized code in case compilation succeeds. In case
> compilation fails, the bytecode dispatch just continues unhindered.
>
> R=rmcilroy@chromium.org
> TEST=mjsunit/ignition/osr-from-bytecode
> BUG=v8:4764
>
> Committed: https://crrev.com/a55beb68e0ededb3773affa294a71edc50621458
> Cr-Commit-Position: refs/heads/master@{#38043}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2184553003
Cr-Commit-Position: refs/heads/master@{#38044}
This adds an explicit {OsrPoll} bytecode into every loop header which
triggers on-stack replacement when armed. Note that each such bytecode
stores the static loop depths as an operand, and hence can be armed for
specific loop depths.
This also adds builtin code that triggers OSR compilation and switches
execution over to optimized code in case compilation succeeds. In case
compilation fails, the bytecode dispatch just continues unhindered.
R=rmcilroy@chromium.org
TEST=mjsunit/ignition/osr-from-bytecode
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2172233002
Cr-Commit-Position: refs/heads/master@{#38043}
This flag is aiming at shipping the ability to generate optimized code
directly from bytecode (without re-parsing source code). All features
needed to ship such a configuration will be staged behind this flag.
R=hablich@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2174333002
Cr-Commit-Position: refs/heads/master@{#38040}
This test fails because WasmGraphBuilder::BuildCFuncInstruction allocates
space for doubles using StackSlot turbofan operator, but this space is not
guaranteed to be 8 bytes aligned if SP itself is not 8 bytes aligned (which
is the case on 32-bit architectures).
BUG=mjsunit/wasm/embenchen/box2d
Review-Url: https://codereview.chromium.org/2177863002
Cr-Commit-Position: refs/heads/master@{#38039}
When we eliminate nodes during truncation analysis that have no value
uses, we must make sure that we do not eliminate speculative number
operations that would have side effects depending on the inputs, i.e.
for example a SpeculativeNumberMultiply(x,y) does ToNumber(x) and
ToNumber(y) first, so if either x or y could throw an exception during
ToNumber conversion, we must not eliminate the multiplication, even if
it has no value uses (some later pass may kill the actual machine
multiplication, but the checks on the inputs have to remain still).
So we check whether both x and y are PlainPrimitive, i.e. neither
Receiver nor Symbol, which could raise exceptions for ToNumber, and
only in that case we propagate the "unusedness" of the node to its
inputs.
This also uncovered a bug with the type of Dead, which must be None,
as this represents an impossible value, so we had to fix that too.
Also the dead code removal will not work correctly for constants (i.e.
pure nodes with no value inputs), as those might be cached and hence
we might resurrect them for an unrelated node lowering during
SimplifiedLowering and only later kill the actual node (replacing its
uses with Dead), which would then also replace the new use with Dead.
So that was fixed as well. This shouldn't change anything for the
result, as unused constants automagically disappear from the graph later
on anyways.
R=yangguo@chromium.org
BUG=chromium:631318
Review-Url: https://codereview.chromium.org/2182003002
Cr-Commit-Position: refs/heads/master@{#38038}
Reason for revert:
This bug has an error in the toolchain.gypi file, the conditions clause is repeated. This has broken the DrMemory builder - see first failing chromium build https://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20Windows%20Builder%20%28DrMemory%29/builds/17857 which included a v8 roll.
For reference the errors are:
gyp: Key 'conditions' repeated at level 11 with key path 'target_defaults.conditions.6.1.target_conditions.0.1.conditions.0.1' while reading C:\b\build\slave\drm-cr\build\src\v8\gypfiles\toolchain.gypi while reading includes of C:\b\build\slave\drm-cr\build\src\v8\src\d8.gyp
gyp: Key 'conditions' repeated at level 11 with key path 'target_defaults.conditions.6.1.target_conditions.0.1.conditions.0.1' while reading C:\b\build\slave\drm-cr\build\src\v8\gypfiles\toolchain.gypi while reading includes of C:\b\build\slave\drm-cr\build\src\v8\src\v8.gyp
gyp: Key 'conditions' repeated at level 11 with key path 'target_defaults.conditions.6.1.target_conditions.0.1.conditions.0.1' while reading C:\b\build\slave\drm-cr\build\src\v8\gypfiles\toolchain.gypi while reading includes of C:\b\build\slave\drm-cr\build\src\v8\samples\samples.gyp
Original issue's description:
> MIPS: Fix '[turbofan] Prevent storing signalling NaNs into holey double arrays.'
>
> Port 6470ddadf9
>
> On MIPS different signaling NaN values must be used for hardware and simulator targets, even at snapshot generation when always simulator is used.
>
> Original commit message:
> This introduces SilenceNaN operator, which makes sure that we only
> store quiet NaNs into holey arrays. We omit the NaN silencing code
> at instruction selection time if the input is an operation that
> cannot possibly produce signalling NaNs.
>
> BUG=
>
> Committed: https://crrev.com/52f2ceb052f63324050c7a098e4398f510b54763
> Cr-Commit-Position: refs/heads/master@{#38030}
TBR=jarin@chromium.org,machenbach@google.com,akos.palfi@mattakis.com,ivica.bogosavljevic@imgtec.com,marija.antic@imgtec.com,ilija.pavlovic.imgtec@gmail.com,akos.palfi@imgtec.com,machenbach@chromium.org,balazs.kilvady@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
TBR=machenbach
Review-Url: https://codereview.chromium.org/2184573002
Cr-Commit-Position: refs/heads/master@{#38037}
This slightly simplifies scope handling. It also makes it possible to
implement some potential future changes to classes purely in the parser
by adding additional code to the DoExpression.
This is a portion of https://codereview.chromium.org/2142333002/, which
probably isn't going through in full.
Review-Url: https://codereview.chromium.org/2176653003
Cr-Commit-Position: refs/heads/master@{#38035}
Port 6470ddadf9
On MIPS different signaling NaN values must be used for hardware and simulator targets, even at snapshot generation when always simulator is used.
Original commit message:
This introduces SilenceNaN operator, which makes sure that we only
store quiet NaNs into holey arrays. We omit the NaN silencing code
at instruction selection time if the input is an operation that
cannot possibly produce signalling NaNs.
BUG=
Review-Url: https://codereview.chromium.org/2171303002
Cr-Commit-Position: refs/heads/master@{#38030}
ToName was always generated with a subsequent Star, fuse them.
Requires a few changes in the peephole optimizer as ToName cannot be
elided as easily, but must be replaced by Star.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2169813002
Cr-Commit-Position: refs/heads/master@{#38019}
This adds a new field to the header of every BytecodeArray which stores
the current nesting level up to which loop back edges are armed as OSR
points. The intention is to arm OSR points incrementally from outermost
to innermost until one fires (similar to OSR from FullCodegen).
R=rmcilroy@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2172583002
Cr-Commit-Position: refs/heads/master@{#38017}
After multiplying two integers we emit code like:
if (result == 0) {
if (OR_OPERATION(rhs, lhs) < 0) {
DEOPT;
}
}
This CL allows us to eliminate the OR and comparison if either rhs or
lhs is a negative number, reducing the code to:
if (result == 0) DEOPT;
BUG=
Review-Url: https://codereview.chromium.org/2167643002
Cr-Commit-Position: refs/heads/master@{#38016}
Turn the LoadElimination into a proper graph Reducer so that it can run
together with ValueNumbering and RedundancyElimination to a fixpoint
for maximum load/check elimination. This also adds initial support for
eliminating redundant LoadElement/StoreElement nodes.
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2164253002
Cr-Commit-Position: refs/heads/master@{#38015}
Fix failure in mjsunit/regress/regress-5213. When bailout happens,
the double registers are not properly loaded if exponent_type() is
INTEGER (this happens in optimized version of code only).
BUG=mjsunit/regress/regress-5213
Review-Url: https://codereview.chromium.org/2175633003
Cr-Commit-Position: refs/heads/master@{#38013}
Move the logic for allocating the global declaration pair array
from VisitDeclarations to a later step. This is required for
concurrent bytecode generation.
This change requires adding support for reserving fixed
constant pool array entries, which can be later updated
with the value of the literal.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2167763003
Cr-Commit-Position: refs/heads/master@{#38010}
Introducing machine operators early causes trouble for the typing,
truncation analysis and representation selection, so we should rather
stick to simplified operators instead. Now there's only the for-in case
left, which is not clear how we can handle this in a better way.
Drive-by-fix: Also don't introduce Int32Constant and Word32Shl in
JSTypedLowering, but use NumberConstant and proper NumberShiftLeft
operators instead.
R=jarin@chromium.org
BUG=chromium:630951
Review-Url: https://codereview.chromium.org/2182453002
Cr-Commit-Position: refs/heads/master@{#38008}
Reason for revert:
Suspected to cause crbug.com/630969
Original issue's description:
> [heap] Remove black pages and use black areas instead.
>
> BUG=630386
> LOG=n
>
> Committed: https://crrev.com/b008a0d5a3db80a854cb93d9c94d67bf2d780f2c
> Cr-Commit-Position: refs/heads/master@{#37967}
TBR=ulan@chromium.org,hpayer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=630386
Review-Url: https://codereview.chromium.org/2176133002
Cr-Commit-Position: refs/heads/master@{#38006}
Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
is enabled, assuming the function should be compiled for Ignition.
Adds a new MaybeOptimizeIgnition function to runtime-profiler
which is called if the function should be optimized from bytecode
rather than going via full-codegen.
BUG=v8:4280
Committed: https://crrev.com/9ca7db914be88e6792a88eab4a1988ee031d70c4
Review-Url: https://codereview.chromium.org/2156753002
Cr-Original-Commit-Position: refs/heads/master@{#37921}
Cr-Commit-Position: refs/heads/master@{#38002}
This patch parametrizes AstTraversalVisitor by the actual subclass,
in a similar way as AstVisitor is parametrized. This allows a
subclass to, e.g., override the Visit method and still use the
traversal mechanism. It also allows the subclass to override the
specific visiting methods, without them being virtual.
This patch also removes AstExpressionVisitor, subsuming its
functionality in AstTraversalVisitor.
R=adamk@chromium.org, verwaest@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2169833002
Cr-Commit-Position: refs/heads/master@{#37998}
The dead code elimination in SimplifiedLowering can eliminate pure nodes
if they don't have value uses. But some of those can indeed have control
inputs, i.e. Phi nodes do of course have a control input.
R=jarin@chromium.org
BUG=chromium:630923
Review-Url: https://codereview.chromium.org/2177133002
Cr-Commit-Position: refs/heads/master@{#37995}
In PrependElementIndicesImpl we sort a FixedArray of indices potentially
containing HeapNumbers. During the string conversion we might trigger a GC.
This in turn might try to read a slot where we previously had a HeapNumber
but the sort sneaked a SMI in there which is not a valid pointer.
BUG=chromium:630561
Review-Url: https://codereview.chromium.org/2173653003
Cr-Commit-Position: refs/heads/master@{#37993}
Port ba092fb09a
Original commit message:
So far we don't have a useful way to inline Math.max or Math.min in
TurboFan optimized code. This adds new operators NumberMax and NumberMin
and changes the Float64Max/Float64Min operators to have JavaScript
semantics instead of the C++ semantics that it had previously.
This also removes support for recognizing the tenary case in the
CommonOperatorReducer, since that doesn't seem to have any positive
impact (and actually doesn't show up in regular JavaScript, where
people use Math.max/Math.min instead).
Drive-by-fix: Also nuke the unused Float32Max/Float32Min operators.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2179503003
Cr-Commit-Position: refs/heads/master@{#37991}
The uses_arguments() bool is not needed for correct
behavior, since that same information is available after scope analysis
based on whether we allocated the Scope::arguments_ var.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2168293002
Cr-Commit-Position: refs/heads/master@{#37990}
This replaces the AstVisitor approach for scope rewriting with a Scope-only
solution, using a new Scope::Snapshot object that keeps track of inner scopes,
unresolved variables, and temps.
The only use of the AstVisitor is now for parameter varblock scopes introduced
due to sloppy eval in parameters, which greatly simplifies the rewriter
as it no longer needs to handle temps. A future CL may be able to
eliminate it altogether by taking a snapshot per function argument.
Based on verwaest's https://codereview.chromium.org/2166023002/.
BUG=v8:5226
Review-Url: https://codereview.chromium.org/2171703004
Cr-Commit-Position: refs/heads/master@{#37989}
Implement UnalignedLoad and UnalignedStore optional
turbofan operators and use them in WasmCompiler for unaligned
memory access.
BUG=
Review-Url: https://codereview.chromium.org/2122853002
Cr-Commit-Position: refs/heads/master@{#37988}
ToNumber's result is always directly stored to a register using a Star
bytecode. Fuse it into ToNumber.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2165953002
Cr-Commit-Position: refs/heads/master@{#37976}
This will get a new call site in an upcoming commit, move it to String
so it's accessible from without runtime-strings.cc.
BUG=
Review-Url: https://codereview.chromium.org/2176553002
Cr-Commit-Position: refs/heads/master@{#37974}
The effect control linearizer runs off-thread and needs the ToNumber
call descriptor. Add a hack to create this on the main thread to
ensure off-thread's don't race on it's construction. Also add a
DCHEK to the CallInterfaceDescriptor to ensure they are always
initilaized on the main thread.
Review-Url: https://codereview.chromium.org/2168843003
Cr-Commit-Position: refs/heads/master@{#37973}
So far we don't have a useful way to inline Math.max or Math.min in
TurboFan optimized code. This adds new operators NumberMax and NumberMin
and changes the Float64Max/Float64Min operators to have JavaScript
semantics instead of the C++ semantics that it had previously.
This also removes support for recognizing the tenary case in the
CommonOperatorReducer, since that doesn't seem to have any positive
impact (and actually doesn't show up in regular JavaScript, where
people use Math.max/Math.min instead).
Drive-by-fix: Also nuke the unused Float32Max/Float32Min operators.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2170343002
Cr-Commit-Position: refs/heads/master@{#37971}
This allows us to skip complicated logic for setting the accessors.
BUG=
Review-Url: https://codereview.chromium.org/2164903004
Cr-Commit-Position: refs/heads/master@{#37969}
This is in preparation to implementing exception prediction for async
functions. Each handler table entry can now predict "caught", "uncaught", or
"promise". The latter indicates that the exception will lead to a promise
rejection.
To mark the relevant try-catch blocks, we add a new native syntax.
try { } %catch (e) { } indicates a TryCatchStatement with the "promise"
prediction.
The previous implementation of using the function to tell the relevant
try-catch apart from inner try-catch blocks will not work for async functions
since these can have inner try-catch blocks inside the same function.
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2161263003
Cr-Commit-Position: refs/heads/master@{#37966}
We can compute the absolute integer value w/o any conditional execution
by using the bit trick formula
let sign = input >> 31 in
(input ^ sign) - sign
which generates fairly decent code on all supported architectures.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2169293002
Cr-Commit-Position: refs/heads/master@{#37965}
port 4b59bf5313 (r37934)
original commit message:
Use the ForInFilterStub directly. Hence we will only jump to the runtime for
special receivers (instance_type <= LAST_SPECIAL_RECEIVER_TYPE) and for
converting element indices which are not in the string cache.
BUG=
Review-Url: https://codereview.chromium.org/2176473002
Cr-Commit-Position: refs/heads/master@{#37963}
port 66cb026f4a (r37929)
original commit message:
Original message:
Calling Runtime::kAbort through a builtin instead of the c-entry stub
will allow to generate the call in a background thread, because a
builtin provides its own handle, whereas a code stub does not.
@v8-mips-ports: Could you take a special look at the padding that is
done in MacroAssembler::Abort()?
Reason for revert:
The reason for reverting is: Blocks roll:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/1622
The problem was that on arm64 the builtin for Abort() contained a call to
Abort(). The problem is fixed by using a NoUseRealAbortsScope in the
code generation of Abort().
BUG=
Review-Url: https://codereview.chromium.org/2172093002
Cr-Commit-Position: refs/heads/master@{#37962}
This cl also fixes two bugs in the previous code:
1) JITed functions were not allowed access to the heap because the module instance wasn't correctly synthesized. This wasn't discovered in the previous test.
2) Decoding of functions with the JITSingleFunction opcode was off by 1 as the length of the opcode wasn't computed correctly.
BUG=5044
Review-Url: https://codereview.chromium.org/2168183002
Cr-Commit-Position: refs/heads/master@{#37957}
This is never passed to the Typer, and actually wouldn't work
anyways, since we cannot derive any meaningful types for
Parameters in JavaScript.
R=mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2171723002
Cr-Commit-Position: refs/heads/master@{#37944}
Replace the zonelist with a link from a scope to any of its inner scopes, and a link to any sibling scope.
This makes scopes that track inner scopes use roughly the same amount of space as previously scopes without inner scopes would use for the empty zonelist (pointer to the memory + length field, which, granted could be slightly smaller on 64bit).
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2162143005
Cr-Commit-Position: refs/heads/master@{#37941}
Only start checking if new keys are shadowed after the first prototype has added
non-enumerable shadow keys. This helps minimally in some corner cases if there
are few enumerable properties on the prototype compared to the receiver.
BUG=chromium:628173
Review-Url: https://codereview.chromium.org/2169523002
Cr-Commit-Position: refs/heads/master@{#37940}
It's anyway just the "same" AstNodeFactory (i.e., it's passed the same
AstValueFactory), so no need to have several of them for each
FunctionState.
R=verwaest@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2169823002
Cr-Commit-Position: refs/heads/master@{#37938}
Use the ForInFilterStub directly. Hence we will only jump to the runtime for
special receivers (instance_type <= LAST_SPECIAL_RECEIVER_TYPE) and for
converting element indices which are not in the string cache.
BUG=
Review-Url: https://codereview.chromium.org/2151773002
Cr-Commit-Position: refs/heads/master@{#37934}
Move VisitLiteral to decide what type of literal is being emitted by
checking the raw ASTValue type, instead of the internalized on-heap
value. This is required for concurrent bytecode generation.
As part of this change, the NUMBER AstValue constructor is modified to
try to convert numbers without a dot to SMIs where possible. This is to
maintain the behavior in NewNumber where such numbers are internalized as
SMIs, and ensures that we still emit LdaSmi bytecodes for these values
in the generated bytecode.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2152853002
Cr-Commit-Position: refs/heads/master@{#37931}
This removes a duplicate control scope. The visitor for ForOfStatement
nodes in the AST uses VisitIterationBody which pushes a separate control
scope. The number of control scopes will be off when we use them for
tracking loop depths.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2164503005
Cr-Commit-Position: refs/heads/master@{#37930}
We can actually eliminate certain effectful operations like loads and
speculative number operations during representation selection if we
discover that their value outputs are unused (we also propagate this
information through pure operations as well, so that we remove the
maximum number of effectful nodes possible).
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2168023002
Cr-Commit-Position: refs/heads/master@{#37928}
Reason for revert:
Breaks tsan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/10758
Original issue's description:
> [Intepreter] Always use BytecodeGraphBuilder when --turbo-from-bytecode
>
> Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
> is enabled, assuming the function should be compiled for Ignition.
> Adds a new MaybeOptimizeIgnition function to runtime-profiler
> which is called if the function should be optimized from bytecode
> rather than going via full-codegen.
>
> BUG=v8:4280
>
> Committed: https://crrev.com/9ca7db914be88e6792a88eab4a1988ee031d70c4
> Cr-Commit-Position: refs/heads/master@{#37921}
TBR=mstarzinger@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2165223002
Cr-Commit-Position: refs/heads/master@{#37925}
Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
is enabled, assuming the function should be compiled for Ignition.
Adds a new MaybeOptimizeIgnition function to runtime-profiler
which is called if the function should be optimized from bytecode
rather than going via full-codegen.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2156753002
Cr-Commit-Position: refs/heads/master@{#37921}
Putting SloppyBlockFunctionStatement into local_zone_ was too early. It
needs to go into parser_zone_ because Scope refers to it. It will be
moved back to local_zone_ when we can put Scopes into temporary Zones.
A test (to demonstrate we crash without this CL) will follow in a separate CL.
R=verwaest@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2170813002
Cr-Commit-Position: refs/heads/master@{#37920}
The optimizing compilers actually invoke %TransitionElementsKind for
any kind of JSObject, the only relevant thing is the elements kind.
The runtime function was however checking for JSArray unnecessarily.
This only worked by coincindence in Crankshaft because the stub would
normally not call into the runtime fallback.
R=jarin@chromium.org
BUG=chromium:629823
Review-Url: https://codereview.chromium.org/2166963004
Cr-Commit-Position: refs/heads/master@{#37919}
SharedFunctionInfo::name is always a String if present (never a Symbol),
so there's no need to first test it for IsName() before testing IsString().
This is enforced by a check in %FunctionSetName.
As a bonus, the code no longer looks invalid (unconditionally casting
a Name to a String). The logic came into this broken-looking state
accidentally in the flag cleanup CL https://codereview.chromium.org/2096933002/.
Review-Url: https://codereview.chromium.org/2162853003
Cr-Commit-Position: refs/heads/master@{#37914}
NewScope automatically uses scope(), whereas NewScopeWithParent can pass along any local Scope* as outer scope. The number of calls to NewScopeWithParent should be reduced over time.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2164943002
Cr-Commit-Position: refs/heads/master@{#37912}
This CL more or less reverts commit https://codereview.chromium.org/2107733002/
The use of the MathPow code stub that was introduced by that commit caused
problems on arm64, and the MathPow code stub was also an obstacle in the
implementation of parallel code generation.
In addition this CL turns on the mjsunit/wasm/embenchen tests for arm64
which were turned off because of problems with MathPow on arm64.
R=titzer@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2166793002
Cr-Commit-Position: refs/heads/master@{#37911}
This CL fixes weird performance implications when changing layout of Code::flags field:
it happened that the unused ICStateField with MONOMORPHIC value in the handlers' flags
was accidentally offsetting the underflow bug in stub cache probing code on arm, arm64,
mips and mips64.
Stub cache tests now work even when snapshot is enabled.
Drive-by-change: Fixed counters manipulation on arm64 and mips64.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2161153002
Cr-Commit-Position: refs/heads/master@{#37910}
It's the only Scope type that has outer scope nullptr; and it always has outer scope nullptr.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2158913005
Cr-Commit-Position: refs/heads/master@{#37907}
For some bytecodes it is beneficial to always look for a Star
bytecode when dispatching to the next and inline perform it
without dispatching to the Star handler.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2142273003
Cr-Commit-Position: refs/heads/master@{#37904}
This additionally makes the invariant obvious that outer_scope==nullptr+is_with_scope is impossible.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2165923002
Cr-Commit-Position: refs/heads/master@{#37902}
It takes the number of additional elements, not the total target
capacity.
Also, avoid right-shifting a negative integer as this is undefined in general
BUG=v8:4909
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2162333002
Cr-Commit-Position: refs/heads/master@{#37901}
By now TurboFan is shipping on a broad range of language constructs and
wholesale disabling TurboFan can still be done with the --turbo-filter
flag. A dedicated flag controlling AST numbering heuristics is no longer
needed.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2155243006
Cr-Commit-Position: refs/heads/master@{#37900}
This creates the guarantee that we can compute the parent scope later on. We'll do the same for other types of scopes as well (with perhaps a limited number of exceptions that will need to be eagerly allocated).
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2168563002
Cr-Commit-Position: refs/heads/master@{#37898}
As required by the spec.
This is a variant of what I reverted in f47e722403.
It will probably still cause a regression but now it's easier to migrate (parts of)
the current implementation to C++, which is expected to make things faster again.
BUG=chromium:627729,v8:5113
Review-Url: https://codereview.chromium.org/2164923002
Cr-Commit-Position: refs/heads/master@{#37897}
This avoids implementation-defined signed overflow in the simulator's
AddWithCarry implementation. The implementation of AddWithCarry now uses
unsigned arithmetic exclusively.
Testing coverage is also significantly improved.
BUG=
Review-Url: https://codereview.chromium.org/2157283003
Cr-Commit-Position: refs/heads/master@{#37895}
Using Isolate is unsafe, because we might parse (and do scope analysis)
on a background thread.
The illegal access happens when encountering f(arguments) { ... }.
Kudos to verwaest@ for finding this bug.
R=verwaest@chromium.org, rossberg@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2158343002
Cr-Commit-Position: refs/heads/master@{#37893}
This frees up a field in Scope and untangles scope a little from the parser.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2160943004
Cr-Commit-Position: refs/heads/master@{#37887}
In a few places in the parser base, we were forced to initialize
variables of type ExpressionT even if it's not necessary, as they
are assigned to later on before their use. This was required
because, for the case of the preparser, ExpressionT is
PreParserExpression which had no default constructor.
This patch adds a default constructor, equivalent to EmptyExpression
for this class, and gets rid of the unnecessary initializations.
R=adamk@chromium.org, littledan@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2162763003
Cr-Commit-Position: refs/heads/master@{#37884}
Add a dedicated simplified operator to inline the general case for the
ToBoolean conversion. In a follow up CL we will also use the ToBoolean
hints gathered by the baseline compiler.
Review-Url: https://codereview.chromium.org/2167593002
Cr-Commit-Position: refs/heads/master@{#37882}
port 9be015a254 (r37854)
original commit message:
Calling Runtime::kAbort through a builtin instead of the c-entry stub
will allow to generate the call in a background thread, because a
builtin provides its own handle, whereas a code stub does not.
@v8-mips-ports: Could you take a special look at the padding that is
done in MacroAssembler::Abort()?
BUG=
Review-Url: https://codereview.chromium.org/2166703002
Cr-Commit-Position: refs/heads/master@{#37880}
We are enabling this trial on canary to see if we can flush out some missing
context restores.
BUG=
Review-Url: https://codereview.chromium.org/2164633002
Cr-Commit-Position: refs/heads/master@{#37875}
Copies the behaviour of FullCode in attempting to get the state for
ForInPrepare inline and falling back to the runtime if necessary.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2155153002
Cr-Commit-Position: refs/heads/master@{#37874}
Reason for revert:
This cl causes a large regression in octane (https://chromeperf.appspot.com/group_report?bug_id=629503). I have to investigate the reason before I can reland this.
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> current implementation does not collect allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/1eadc76419b323fb2e55ae9953142f801704aa59
> Cr-Commit-Position: refs/heads/master@{#37862}
TBR=rmcilroy@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2165633003
Cr-Commit-Position: refs/heads/master@{#37872}
This ports a large portion of Error methods to C++,
including the constructor, stack setter and getter,
and Error.prototype.toString.
BUG=
Review-Url: https://codereview.chromium.org/2142933003
Cr-Commit-Position: refs/heads/master@{#37870}
Instead of wriring the elements kind transitions into the control flow
early on, we do instead put this marker into the effect chain, so that
the elements transitions are visible to the LoadElimination and can
thus be optimized properly there.
This CL itself doesn't add any of those optimizations, but just adds
the foundations to make them possible later.
R=jarin@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2164573003
Cr-Commit-Position: refs/heads/master@{#37869}
This probably slightly speeds up AllocateParameterLocals, but more importantly it removes ast_value_factory_ uses. If we get rid of ast_value_factory from Scope it's easier to lazily allocate it later from within a ScopeState object.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2158333002
Cr-Commit-Position: refs/heads/master@{#37868}
Original issue's description:
> [interpeter] Move to table based peephole optimizer.
>
> Introduces a lookup table for peephole optimizations.
>
> Fixes some tests using BytecodePeepholeOptimizer::Write() that should
> have been update to use BytecodePeepholeOptimizer::WriteJump().
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/f4234422b93b21a286b0f31799009bcbe8b90b9e
> Cr-Commit-Position: refs/heads/master@{#37819}
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2164583002
Cr-Commit-Position: refs/heads/master@{#37866}
This reduces memory usage when parsing (because temp_zones are discarded
every now and then) and work done by FuncNameInferrer.
BUG=
Review-Url: https://codereview.chromium.org/2156013002
Cr-Commit-Position: refs/heads/master@{#37863}
Collect type feedback in the bytecode handler for 'new' bytecode. The
current implementation does not collect allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2153433002
Cr-Commit-Position: refs/heads/master@{#37862}
Port 8e18a5f2a0
Failing on r6 due to wrong registers used in macro assembler.
TEST=test-run-machops/RunInt32MulWithOverflowImm
BUG=
Review-Url: https://codereview.chromium.org/2165533002
Cr-Commit-Position: refs/heads/master@{#37861}
This will allow us to move more state from Scope into ScopeState and lazily allocate full Scopes only when needed.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2160593002
Cr-Commit-Position: refs/heads/master@{#37858}
For 64-bit cmp, replace the if clause with InputOperand2_64(), and apply the
same change to cmn.
BUG=
Review-Url: https://codereview.chromium.org/2160643002
Cr-Commit-Position: refs/heads/master@{#37855}
This allows to pass deoptimization reasons to the profiler without the
requirement of always providing a source position. The absence of deopt
reasons is now communicated via a sentinel as the deopt id value. The
deoptimization reasons recently added to TurboFan are now passed to the
profiler.
R=bmeurer@chromium.org
TEST=cctest/test-cpu-profiler
Review-Url: https://codereview.chromium.org/2159793002
Cr-Commit-Position: refs/heads/master@{#37852}
We need to pay attention to potential side effects from parameter
evaluation when inlining the fast case Array.prototype.shift.
R=yangguo@chromium.org
BUG=chromium:614644
Review-Url: https://codereview.chromium.org/2161943002
Cr-Commit-Position: refs/heads/master@{#37850}
Introduce a proper CodeStubAssembler::BranchIfToBooleanIsTrue helper
method, that branches to if_true/if_false labels depending on whether
the value that is passed would yield true or false when fed to
ToBoolean. Use this helper to implement the bytecode handlers w/o having
to materialize the temporary booleans and essentially branching twice.
The CodeStubAssembler::BranchIfToBooleanIsTrue helper favors the most
likely case of a Boolean constant now.
Also migrate the ToBooleanStub to a ToBoolean TurboFan builtin, that
also uses the helper method under the hood.
Remove the now obsolete Oddball::to_boolean field.
R=hpayer@chromium.org, rmcilroy@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2151163002
Cr-Commit-Position: refs/heads/master@{#37849}
In case of deoptimization after WordCompare test, the control flow is lost in the
unoptimized version of the code because wrong register is used for comparision
(a0 instead of v0)
TEST=mjsunit/regress/regress-3717
BUG=
Review-Url: https://codereview.chromium.org/2160533003
Cr-Commit-Position: refs/heads/master@{#37845}
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
BUG=chromium:541703
R=verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2155503004
Cr-Commit-Position: refs/heads/master@{#37842}
This is a first step towards reducing memory usage by scopes in the parser. Peak zone memory usage on octane-codeload goes down by ~10%
BUG=
Review-Url: https://codereview.chromium.org/2159573002
Cr-Commit-Position: refs/heads/master@{#37840}
Calling into JS from stack trace generation becomes an issue during
stack overflows: we'd detect a stack overflow, attempt to create an
exception, call into JS, detect a stack overflow, and repeat.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2147193002
Cr-Commit-Position: refs/heads/master@{#37837}
The bug occurs because we do not canonicalize character class ranges
before adding case equivalents. While adding case equivalents, we abort
early for one-byte subject strings, assuming that the ranges are sorted.
Which they are not.
R=marja@chromium.org
BUG=v8:5199
Review-Url: https://codereview.chromium.org/2159683002
Cr-Commit-Position: refs/heads/master@{#37833}
This makes sure that we preserve call's tailness even if we have
introduced a loop exit between the call and the return.
BUG=chromium:628773
Review-Url: https://codereview.chromium.org/2155123002
Cr-Commit-Position: refs/heads/master@{#37832}
In int32 multiplication, if we have a positive integer as input, then we know we can't produce a -0 answer. The same is true if truncation is applied (x * y | 0). Without this information, we have to rather annoyingly check if the result of multiplication is 0, then OR the inputs to check for negativity, and possibly return -0. In TurboFan, we'll deopt in this case.
BUG=
Review-Url: https://codereview.chromium.org/2154073002
Cr-Commit-Position: refs/heads/master@{#37831}
For angular.js on Speedometer, this results in 8.96%
speed up, i.e., the tests take on average 762ms
with this patch, 837ms without.
BUG= v8:5175
Review-Url: https://codereview.chromium.org/2134803002
Cr-Commit-Position: refs/heads/master@{#37827}
So far TurboFan wasn't adding the deoptimization reasons for eager/soft
deoptimization exits that can be used by either the DevTools profiler or
the --trace-deopt flag. This adds basic support for deopt reasons on
Deoptimize, DeoptimizeIf and DeoptimizeUnless nodes and threads through
the reasons to the code generation.
Also moves the DeoptReason to it's own file (to resolve include cycles)
and drops unused reasons.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2161543002
Cr-Commit-Position: refs/heads/master@{#37823}
Reason for revert:
Break MIPS port.
Original issue's description:
> [interpeter] Move to table based peephole optimizer.
>
> Introduces a lookup table for peephole optimizations.
>
> Fixes some tests using BytecodePeepholeOptimizer::Write() that should
> have been update to use BytecodePeepholeOptimizer::WriteJump().
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/f4234422b93b21a286b0f31799009bcbe8b90b9e
> Cr-Commit-Position: refs/heads/master@{#37819}
TBR=rmcilroy@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2161563002
Cr-Commit-Position: refs/heads/master@{#37821}
Introduces a lookup table for peephole optimizations.
Fixes some tests using BytecodePeepholeOptimizer::Write() that should
have been update to use BytecodePeepholeOptimizer::WriteJump().
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2118183002
Cr-Commit-Position: refs/heads/master@{#37819}
This fixes the deoptimization information for the lazy bailout point
after a [[ToObject]] operation inserted for with statements. The result
value was pushed on the operand stack but erroneously ignored and left
on the operand stack by the FullCodeGenerator.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-5205
BUG=v8:5205
Review-Url: https://codereview.chromium.org/2158443002
Cr-Commit-Position: refs/heads/master@{#37818}
crbug.com/518788 looks like AstValueFactory::strings_ would contain
nullptrs which shouldn't be possible. This CL makes us crash earlier
before putting nullptrs into it. It's paranoid, since Zone should
already crash before returning nullptr.
BUG=518788
LOG=n
R=adamk@chromium.org
Review-Url: https://codereview.chromium.org/2156513002
Cr-Commit-Position: refs/heads/master@{#37817}
Highlights:
- Record all imports and exports in the ModuleDescriptor.
- Remove ImportDeclaration; instead, introduce a new variable kind for imports.
- Set name on default exported anonymous functions.
Still to do: declaration of namespace imports.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2108193003
Cr-Commit-Position: refs/heads/master@{#37815}
We will try to loop inner-most loops if they have <1000 nodes (randomly chosen value).
This is an experimental CL to see the performance impact of peeling,
both on compile time and on the generated code.
Review-Url: https://codereview.chromium.org/2156573002
Cr-Commit-Position: refs/heads/master@{#37811}
Delaying for merges caused branch cloning using dummy effect phi inputs,
potentially splitting the effect chain at start.
We still have to delay the creation for loops because we need to break
cycles.
BUG=chromium:628403
Review-Url: https://codereview.chromium.org/2159603002
Cr-Commit-Position: refs/heads/master@{#37808}
No compiled handlers required! Instead, the type feedback vector
contains a Smi encoding the field index.
Review-Url: https://codereview.chromium.org/2133233002
Cr-Commit-Position: refs/heads/master@{#37803}
When it is in executing JS state there should be a JS stack.
Having no stack means something is wrong with frame pointer, so
just skip the bogus sample.
Review-Url: https://codereview.chromium.org/2151103002
Cr-Commit-Position: refs/heads/master@{#37802}
Reason for revert:
Unfortunately, the performance issues are still there on Android.
Original issue's description:
> [ic] [stubs] Don't use Code::flags in megamorphic stub cache hash computations.
>
> This should avoid weird performance issues when changing layout of Code::flags field.
>
> BUG=chromium:618701
>
> Committed: https://crrev.com/aa4140b1ccc114b82700471513c715f68b7c5dac
> Cr-Commit-Position: refs/heads/master@{#37755}
TBR=jkummerow@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2147213004
Cr-Commit-Position: refs/heads/master@{#37801}
This commit introduces support for writing unwinding tables in the
.eh_frame format, to be inserted in the jitdump read by Linux perf and
emitted with FLAG_perf_prof and FLAG_perf_prof_unwinding_info enabled.
x64 is fully implemented and tested, arm and arm64 are untested and the
unwinding information needs to be expanded, but the mechanism is ready.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2026313002
Cr-Commit-Position: refs/heads/master@{#37799}
With this patch, every node in turbo-*.json has an opcode, a title, and
a label. The label field is new; the opcode and title were already
there. The title is for the mouseover text. The label is what will be
displayed in the graph view, unless it's too long, in which case only
the opcode will be displayed. (This is similar to the preexisting
behaviour of putting titles in labels, except that the titles were
rarely short enough to fit in a label.)
With this patch, the labels generated are in practice the same as the
titles we had before, except for LoadField and StoreField, which will be
rendered as LoadField[[+432]] and StoreField[[+432]] (if 432 was the
offset).
This diff adds an overloadable method
virtual void Operator1<T>::PrintParameter(ostream&, PrintVerbosity)
for each type T to Operator1. Its default implementation just uses
operator<<(ostream&, T const&) and adds square brackets around it, but
it is overridden for FieldAccess to print "[+432]" in the example case.
BUG=
R=jarin,danno
Review-Url: https://codereview.chromium.org/2093013002
Cr-Commit-Position: refs/heads/master@{#37795}
This reverts commit 457c02573c because it caused a
regression in SunSpider/string-fasta and possibly AreWeFastYet/Life. Need to
implement this in a smarter way.
TBR=littledan@chromium.org
BUG=chromium:627729,v8:5113
Review-Url: https://codereview.chromium.org/2149303003
Cr-Commit-Position: refs/heads/master@{#37793}
This makes sure that the uses of PlainPrimitiveToNumber get a more
precise type (so that the uses know how to interpret the output
representation).
BUG=chromium:628516
Review-Url: https://codereview.chromium.org/2151223002
Cr-Commit-Position: refs/heads/master@{#37792}
- Add Simd128 type to Wasm AST types
- Add a pass that converts SIMD machine ops to runtime calls
- Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
- Separate out generic SIMD Machine ops as these cannot be
handled by runtime functions just yet.
LOG=N
BUG=v8:4124
R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/1991143002
Cr-Commit-Position: refs/heads/master@{#37789}
This replaces the vtable on AstNode with a NodeType tag. The visitors replace double dispatch with a single switch over the NodeType.
For now, visitors with subclasses still have virtual methods themselves. We should probably specialize them later as well.
The uint8_t NodeType allows us to better pack memory, saving 8-16 bytes on many AST nodes (with additional packing that I'll do in a follow-up CL)
BUG=
Review-Url: https://codereview.chromium.org/2142233003
Cr-Commit-Position: refs/heads/master@{#37788}
There's no use putting it into parser_zone_, and if we do so, it might
refer to dead memory (the Block is in local_zone_ which might get
discarded).
BUG=
Review-Url: https://codereview.chromium.org/2145293003
Cr-Commit-Position: refs/heads/master@{#37787}
Migrate the platform NonNumberToNumber builtin to TurboFan, and change
it to use the new NonPrimitiveToPrimitive builtin for the JSReceiver
case.
R=yangguo@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2153053002
Cr-Commit-Position: refs/heads/master@{#37786}
Annex B.3.3 of the spec requires that sloppy-mode block-scoped functions
declared by "eval" are hoisted unless doing so would cause an early
error (which is to say, conflict with a lexical declaration). This patch
amends the check for conflicting declarations to include those outside
of the eval itself.
BUG=v8:4468, v8:4479
Review-Url: https://codereview.chromium.org/2112163002
Cr-Commit-Position: refs/heads/master@{#37783}
Fast accessors do not have an associated JSFunction, similar to lazy accessors.
Now using the 'lazy' version of the CallApiCallbackStub.
R=vogelheim@chromium.org
BUG=chromium:508898
Review-Url: https://codereview.chromium.org/2143983002
Cr-Commit-Position: refs/heads/master@{#37782}
