Turbofan needs to pass vector slots around for named and keyed stores.
Also, the CL addresses a missing slot for ClassLiterals.
BUG=
Review URL: https://codereview.chromium.org/1178363002
Cr-Commit-Position: refs/heads/master@{#29173}
Reason:
Regressions in various benchmarks.
Revert "Revert of Revert of [strong] Implement strong mode restrictions on property access (patchset #1 id:1 of https://codereview.chromium.org/1189153002/)"
This reverts commit 41405c0470.
Revert "X87: Revert of Revert of [strong] Implement strong mode restrictions on property access."
This reverts commit 48de5f4d6b.
Revert "Fix overlapping KeyedLoadIC bitfield."
This reverts commit 4e6c956abf.
Revert "MIPS64: Fix 'Revert of Revert of [strong] Implement strong mode restrictions on property access'."
This reverts commit 74f97b0d2a.
BUG=
Review URL: https://codereview.chromium.org/1199493002
Cr-Commit-Position: refs/heads/master@{#29166}
The three different concerns that the ControlReducer used to deal with
are now properly separated into
a.) DeadCodeElimination, which is a regular AdvancedReducer, that
propagates Dead via control edges,
b.) CommonOperatorReducer, which does strength reduction on common
operators (i.e. Branch, Phi, and friends), and
c.) GraphTrimming, which removes dead->live edges from the graph.
This will make it possible to run the DeadCodeElimination together with
other passes that actually introduce Dead nodes, i.e. typed lowering;
and it opens the door for general inlining without two stage fix point
iteration.
To make the DeadCodeElimination easier and more uniform, we basically
reverted the introduction of DeadValue and DeadEffect, and changed the
Dead operator to produce control, value and effect. Note however that
this is not a requirement, but merely a way to make dead propagation
easier and more uniform. We could always go back and decide to have
different Dead operators if some other change requires that.
Note that there are several additional opportunities for cleanup now,
i.e. OSR deconstruction could be a regular reducer now, and we don't
need to use TheHole as dead value marker in the GraphReducer. And we can
actually run the dead code elimination together with the other passes
instead of using separate passes over the graph. We will do this in
follow up CLs.
R=jarin@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1193833002
Cr-Commit-Position: refs/heads/master@{#29146}
Implements the strong mode proposal's restrictions on property access.
To be fully explored in a followup: proxies, interceptors, access checks, load from super
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1168093002
Cr-Commit-Position: refs/heads/master@{#29109}
This turns the CommonOperatorReducer into an AdvancedReducer and makes
it independent of JSGraph (which was used only because it was convienent),
and let's the CommonOperatorReducer run together with the ControlReducer.
The ControlReducer is still not able to run together with other reducers,
but we're getting closer. The plan is to split the ControlReducer into
two parts: The dead code elimination part and the common operator
reduction part. This separation will help to avoid tricky bugs in the
future and should make testing a *lot* easier.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1192063002
Cr-Commit-Position: refs/heads/master@{#29105}
We never hit the phi case for DecideCondition in practice, since a more
general optimization is already performed by typing and constant
propagation.
R=jarin@chromium.org,mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1186973005
Cr-Commit-Position: refs/heads/master@{#29102}
Delayed tasks can be used to perform non-urgent clean up work.
BUG=chromium:490559
LOG=NO
Review URL: https://codereview.chromium.org/1179153002
Cr-Commit-Position: refs/heads/master@{#29084}
Up until now that was still mixed with control reduction in the
ControlReducer. This separation allows us to remove the horrible
Reducer::Finish hack and also do graph trimming at more appropriate
places in the pipeline (i.e. trim dead nodes after generic lowering,
which can also make nodes dead).
R=jarin@chromium.org,mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1188433010
Cr-Commit-Position: refs/heads/master@{#29077}
This optimization just duplicates part of the ToBoolean rule in the
Typer, and it doesn't make sense to have adhoc partial typing rules in
the ControlReducer anyway.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1189963002
Cr-Commit-Position: refs/heads/master@{#29064}
This ensures there is a lazy bailout point at the entry of every
exception handler so that deoptimized code is not re-entered through
caught exceptions.
R=jarin@chromium.org
TEST=cctest/test-run-deopt/DeoptExceptionHandler
Review URL: https://codereview.chromium.org/1173253004
Cr-Commit-Position: refs/heads/master@{#29061}
This patch implements %_IsTypedArray in fullcodegen, Hydrogen and
Turbofan in order to implement fast type checks to enable ES6
TypedArray features and semantics efficiently.
R=adamk,titzer
LOG=Y
BUG=v8:4085
Review URL: https://codereview.chromium.org/1183213002
Cr-Commit-Position: refs/heads/master@{#29033}
Up until now we used int32_t for NodeId, but that was not ideal because
negative values are invalid for NodeId and we use it as an array index
for example in the NodeMarker class, where C++ compilers on x64 have to
generate code that does proper sign extension for the indices, which is
completely unnecessary.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1178403004
Cr-Commit-Position: refs/heads/master@{#28997}
With this patch, we can generate simple immediate-shift instructions for
immediates outside the range "0 <= imm < width". Several related
instruction selectors have also been updated accordingly.
Example of generated code:
---- Before --- ---- After ----
movz w0, #33 lsr w0, w1, #1
lsr w0, w1, w0
BUG=
Review URL: https://codereview.chromium.org/1179893003
Cr-Commit-Position: refs/heads/master@{#28977}
Before selecting multiply-accumulate for a multiplication with add operation,
check that the multiply can't be reduced to add-with-shift. This prevents
simple multiplications by 3, 5, etc turning into register moves and madd
instructions.
Review URL: https://codereview.chromium.org/1180863002
Cr-Commit-Position: refs/heads/master@{#28976}
Merge a following arithmetic or logical right shift into the existing shift
of ARM64's Int32MulHigh or Uint32MulHigh code.
BUG=
Review URL: https://codereview.chromium.org/1179503003
Cr-Commit-Position: refs/heads/master@{#28945}
Reason for revert:
Breaks InstructionSelectorTest.Word64ShrWithWord64AndWithImmediate on debug builds (but not optdebug builds). I'll investigate.
Original issue's description:
> [arm64][turbofan]: Handle any immediate shift.
>
> With this patch, we can generate simple immediate-shift instructions for
> immediates outside the range "0 <= imm < width". Several related
> instruction selectors have also been updated accordingly.
>
> Example of generated code:
>
> ---- Before --- ---- After ----
> movz w0, #33 lsr w0, w1, #1
> lsr w0, w1, w0
>
> BUG=
>
> Committed: https://crrev.com/36d771bbfa4af5efcc1c1dcf5b234445cb7ee722
> Cr-Commit-Position: refs/heads/master@{#28943}
TBR=bmeurer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1176393002
Cr-Commit-Position: refs/heads/master@{#28944}
With this patch, we can generate simple immediate-shift instructions for
immediates outside the range "0 <= imm < width". Several related
instruction selectors have also been updated accordingly.
Example of generated code:
---- Before --- ---- After ----
movz w0, #33 lsr w0, w1, #1
lsr w0, w1, w0
BUG=
Review URL: https://codereview.chromium.org/1179733004
Cr-Commit-Position: refs/heads/master@{#28943}
This is needed in order to allow expansion of a throwing node into a
set of nodes that produce different effects for the successful and the
exceptional continuation.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1179543002
Cr-Commit-Position: refs/heads/master@{#28918}
This deprecates the aforementioned mutator in favor of a simpler
NodeProperties::ReplaceUses that doesn't perform any relaxation.
Preparation for enabling support for try-catch statements.
R=bmeurer@chromium.org
TEST=unittests/NodePropertiesTest
Review URL: https://codereview.chromium.org/1172773003
Cr-Commit-Position: refs/heads/master@{#28897}
This adds handling of JSLoadDynamicContext nodes to JSTypedLowering to
perform extension checks and an inline fast path. The fast path is a
context slot load targeting a specific context.
R=bmeurer@chromium.org
BUG=v8:4131
LOG=N
Review URL: https://codereview.chromium.org/1155543003
Cr-Commit-Position: refs/heads/master@{#28823}
This in turn allows usage of AdvancedReducer::ReplaceWithValue which
has access to the underlying graph reducer. It will allow us to deal
with exception continuations correctly.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1158273011
Cr-Commit-Position: refs/heads/master@{#28813}
This allows any AdvancedReducer to remove exception projections from
graphs. This is the common case when JS-operators are being replaced
with pure values. The old NodeProperties::ReplaceWithValue is being
deprecated in favor of AdvancedReducer::ReplaceWithValue.
R=titzer@chromium.org
TEST=unittests/AdvancedReducerTest
Review URL: https://codereview.chromium.org/1168693002
Cr-Commit-Position: refs/heads/master@{#28810}
In typed lowering we can use the ReferenceEqual simplified operator
instead of ObjectIsSmi to check for context extensions. This generates
the desired code.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1163963003
Cr-Commit-Position: refs/heads/master@{#28776}
Select ubfiz for (x & mask) << imm where mask is contiguous and imm is non-zero.
BUG=
Review URL: https://codereview.chromium.org/1161643003
Cr-Commit-Position: refs/heads/master@{#28755}
This adds handling of JSLoadDynamicGlobal nodes to JSTypedLowering to
perform extension checks and an inline fast path. The fast path is a
global variable load from the global object.
R=bmeurer@chromium.org
BUG=v8:4131
LOG=N
Review URL: https://codereview.chromium.org/1150723005
Cr-Commit-Position: refs/heads/master@{#28750}
Unfortunately StringAdd is not pure in V8 because we might throw an
exception if the resulting string length is outside the valid bounds, so
there's no point in having a simplified StringAdd operator.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1164743002
Cr-Commit-Position: refs/heads/master@{#28747}
This introduces a conservative prediction for each exception handler
whether it will locally catch an exception or re-throw it to outside
the code bondaries. It will allow for a more intuitive prediction of
whether an exception is considered "caught" or "uncaught".
R=bmeurer@chromium.org,yangguo@chromium.org
BUG=chromium:492522
LOG=N
Review URL: https://codereview.chromium.org/1158563008
Cr-Commit-Position: refs/heads/master@{#28681}
The control flow optimization should work independent of the JSGraph. We
used the JSGraph there because it was convinient, not because it was
necessary.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1160863003
Cr-Commit-Position: refs/heads/master@{#28674}
The SimplifiedOperatorReducer is (mostly) unused, except for the very
rough store elimination, and just eats compilation time.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1162563002
Cr-Commit-Position: refs/heads/master@{#28673}
If both inputs to JSStrictEqual/JSStrictNotEqual are unique values (i.e.
values with a canonical representation), we can lower the comparison to
ReferenceEqual instead of StringEqual or CompareIC.
Review URL: https://codereview.chromium.org/1154303002
Cr-Commit-Position: refs/heads/master@{#28646}
This way we don't need to connect (potentially) non-terminating loops
later during control reduction, which saves one forward pass over the
control graph. Long term we will move the trimming functionality of
the control reducer to the GraphReducer, and get rid of the Finish
method again.
As a bonus, this change also properly rewires Terminate, Throw and
Deoptimize during inlining.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1155683004
Cr-Commit-Position: refs/heads/master@{#28625}
This simplifies the handling of the End node. Based on this CL we will
finally fix terminating every loop from the beginning (via Terminate
nodes) and fix inlining of Throw, Deoptimize and Terminate.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1157023002
Cr-Commit-Position: refs/heads/master@{#28620}
This reduces the storage per-Node storage from 7 words to 6 and per-edge
storage from 6 words to 4.
On average this is about 10%-15% space savings over the whole graph.
Remove the use of std::deque as the out-of-line storage for inputs.
Reduce size of Use links and use pointer arithmetic to find Node
from Use.
R=mstarzinger@chromium.org,jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1150923003
Cr-Commit-Position: refs/heads/master@{#28583}
This also adjusts transitioning between modes so that crbug.com/460090 remains fixed.
BUG=chromium:489323, chromium:460090
LOG=NO
Review URL: https://codereview.chromium.org/1141393002
Cr-Commit-Position: refs/heads/master@{#28490}
This in turn allows usage of AdvancedReducer::ReplaceWithValue which
has access to the underlying graph reducer. It will allow us to deal
with exception continuations correctly.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1134663006
Cr-Commit-Position: refs/heads/master@{#28485}
This in turn allows usage of AdvancedReducer::ReplaceWithValue which
has access to the underlying graph reducer. It will allow us to deal
with exception continuations correctly.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1134303003
Cr-Commit-Position: refs/heads/master@{#28468}
Enable clang's shorten-64-to-32 warning flag on ARM64, and fix the warnings
that arise.
BUG=
Review URL: https://codereview.chromium.org/1131573006
Cr-Commit-Position: refs/heads/master@{#28412}
Use these check points to optimize comparisons where we already know
that one side cannot be a String (or turn into a string via
ToPrimitive).
Also remove bunch of useless DoNotCrash tests for the scheduler that are
painful to maintain and add almost no value.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1140583004
Cr-Commit-Position: refs/heads/master@{#28383}
Note that this is just a duplication for now. We'll want to get rid of the
NodeProperties::ReplaceWithValue() method in the long run.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1135483004
Cr-Commit-Position: refs/heads/master@{#28363}
Select sbfx for ((x << k) >> k) in ARM64 instruction selector, and similarly
for ubfx. This is a more generic version of the previous sxtb/h selector.
BUG=
Review URL: https://codereview.chromium.org/1135543002
Cr-Commit-Position: refs/heads/master@{#28318}
While the mutator is active, the idle time handler optimizes for latency by doing only incremental steps and scavenges.
When the mutator becomes inactive, the idle time handler forces few incremental GCs to reclaim memory and then stops until mutator is active again.
BUG=460090
LOG=N
Review URL: https://codereview.chromium.org/1105293004
Cr-Commit-Position: refs/heads/master@{#28300}
This introduces V8.MemoryHeapCommitted and V8.MemoryHeapUsed histograms.
In contrast to the existing memory histograms, the new histograms are uniform in time, i.e. their samples happen at regular time intervals. The --histogram-interval specifies the length of the interval.
We implement this by linearly interpolating memory stats between GC and idle notification events.
BUG=chromium:485472
LOG=NO
Review URL: https://codereview.chromium.org/1125683004
Cr-Commit-Position: refs/heads/master@{#28292}
This revives the Terminate operator and removes the weird Always
operator. As a first step we let the ControlReducer connect non
terminating loops via Terminate. The next step will be to change the
graph builder to insert Terminate nodes into every loop.
Review URL: https://codereview.chromium.org/1123213002
Cr-Commit-Position: refs/heads/master@{#28259}
An AdvancedReducer is basically a regular Reducer with an editor
that can perform graph editing operations beyond changing or
replacing the node that is currently being reduced. The GraphReducer
is the default implementation of the AdvancedReducer::Editor interface.
The ControlReducerImpl is now just an AdvancedReducer, which
temporarily requires a Finish method in the reducer to implement
the dead node trimming until we move that to the GraphReducer
(which in turn requires that all loops are connected to End).
Review URL: https://codereview.chromium.org/1122423003
Cr-Commit-Position: refs/heads/master@{#28251}
Tail calls are matched on the graph, with a dedicated tail call
optimization that is actually testable. The instruction selection can
still fall back to a regular if the platform constraints don't allow to
emit a tail call (i.e. the return locations of caller and callee differ
or the callee takes non-register parameters, which is a restriction that
will be removed in the future).
Also explicitly limit tail call optimization to stubs for now and drop
the global flag.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1114163005
Cr-Commit-Position: refs/heads/master@{#28219}
This introduces a simplified allocation operator which can be used to
model inline allocations in TurboFan. It is currently used for context
allocations, but still disabled because change lowering introduces
floating allocations outside the effect chain that interfere.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1109773002
Cr-Commit-Position: refs/heads/master@{#28195}
This CL contains the first steps towards tail call optimization:
* Structurally detect tail calls during instruction selection,
looking for special return/call combinations.
* Added new architecture-specific instructions for tail calls which
jump instead of call and take care of frame adjustment.
* Moved some code around.
Currently we restrict tail calls to callees which only use registers
for arguments/return value and to call sites which are explicitly
marked as being OK for tail calls. This excludes, among other things,
call sites in sloppy JS functions and our IC machinery (both need in
general to be able to access the caller's frame).
All this is behind a flag --turbo-tail-calls, which is currently off
by default, so it can easily be toggled.
Review URL: https://codereview.chromium.org/1108563002
Cr-Commit-Position: refs/heads/master@{#28150}
- allows the optimization of emitted gap move code since the representation of the value in the register is known
- necessary preparation for vector register allocation
- prepare for slot sharing for any value of the same byte width
TBR=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1111323003
Cr-Commit-Position: refs/heads/master@{#28140}
- allows the optimization of emitted gap move code since the representation of the value in the register is known
- necessary preparation for vector register allocation
- prepare for slot sharing for any value of the same byte width
BUG=
Review URL: https://codereview.chromium.org/1087793002
Cr-Commit-Position: refs/heads/master@{#28137}
We shouldn't have shared state between isolates by default. The embedder
is free to pass the same allocator to all isolates it creates.
BUG=none
R=dcarney@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1116633002
Cr-Commit-Position: refs/heads/master@{#28127}
These two test cases "InlineCreateArrayLiteral" and "InlineCreateObjectLiteral" are
added in d1597b7d22. They invokes Linkage::GetStubCallDescriptor
which is unimplemented for turbofan unsupported platform.
BUG=
Review URL: https://codereview.chromium.org/1095793007
Cr-Commit-Position: refs/heads/master@{#28090}
This uses explicit operators instead of intrinsic runtime calls to
create literals froms boilerplates. It allows for easier access of
static parameters and syncs it with other allocating operators.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1104453006
Cr-Commit-Position: refs/heads/master@{#28062}
This introduces a JSCreateClosure operator which can be lowered by the
typed pipeline to the aforementioned stub. It also allows for further
optimizations of closure creation.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1105513002
Cr-Commit-Position: refs/heads/master@{#28058}
Implements the strong mode proposal's restrictions on
implicit conversions for binary arithmetic operations, not
including the + special case. Adds some infrastructure
for future implementation of the restrictions for other
operators.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1092353002
Cr-Commit-Position: refs/heads/master@{#28045}
Now all nodes that care about deoptimization always take frame state
inputs no matter whether deoptimization is enabled for a particular
function. In case that deoptimization is off, the AstGraphBuilder just
inserts the empty frame state. This greatly simplifies the logic in
various places and makes testing easier as well, and is probably the
first step towards enabling --turbo-deoptimization by default.
There seems to be no noticable performance impact on asm.js programs.
Also fix the graph replay in order to regenerate the scheduler unittests.
Review URL: https://codereview.chromium.org/1106613003
Cr-Commit-Position: refs/heads/master@{#28026}
This allows the JSIntrinsicLowering to optimize the cloning of literal
boilerplate objects using either the FastCloneShallowArrayStub or the
FastCloneShallowObjectStub when applicable.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1097963002
Cr-Commit-Position: refs/heads/master@{#27974}
