Previously we always lowered JSToBoolean(x:Number) to the subgraph
NumberLessThan(0.0, NumberAbs(x)), which deals with both 0, -0 and
NaNs appropriately. However this doesn't always generate the best,
especially when we can later derive from feedback that x is always
an Integral32 value, where the ideal code would be just a single
comparison to 0 w/o the absolute value computation.
R=mvstanton@chromium.org
BUG=v8:5267,v8:5270
Review-Url: https://codereview.chromium.org/2309953002
Cr-Commit-Position: refs/heads/master@{#39194}
This will allow for chaining ScopeInfos together to form the same chains
as contexts chains currently do.
BUG=v8:5215
R=mstarzinger@chromium.org,marja@chromium.org,bmeurer@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2314483002
Cr-Commit-Position: refs/heads/master@{#39192}
This restores the contract that all API methods that return Maybe<T> or
MaybeLocal<T> always throw an exception when they return nothing.
Since v8::ValueDeserializer::ReadHeader can now throw exceptions, it
needs a Local<Context> parameter so that it can set up execution state
(entering the context, etc.). The old method has been marked for
deprecation, but since this API is experimental I intend to remove it
as soon as I've removed the use from Blink.
value-serializer-unittest has been updated to expect an exception in
all decode failure cases.
BUG=chromium:148757,chromium:641964
Review-Url: https://codereview.chromium.org/2308053002
Cr-Commit-Position: refs/heads/master@{#39188}
Generate a flag-setting instruction for a binary operation when
the result is tested for equality/inequality to zero.
BUG=
Review-Url: https://codereview.chromium.org/2315453002
Cr-Commit-Position: refs/heads/master@{#39183}
Since the extension field is already used for the catch name, store a
ContextExtension there instead.
In the future, this will allow for chaining ScopeInfos together, so we
no longer need a context chain for lazy parsing / compilation.
BUG=v8:5215
R=bmeurer@chromium.org,neis@chromium.org,marja@chromium.org
Review-Url: https://codereview.chromium.org/2302013002
Cr-Commit-Position: refs/heads/master@{#39164}
Rebuilding (after touching certain files) is crazy slow because
includes are out of control.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2312683002
Cr-Commit-Position: refs/heads/master@{#39161}
Fold a Select that negates a boolean value, i.e. returning true in the
false case and vice versa, into Branch users, similar to what we already
do for Branch nodes with BooleanNot inputs.
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2308303003
Cr-Commit-Position: refs/heads/master@{#39149}
According to the WebAssembly specification the alignment of load and
store instructions has to be less or equal to natural alignment.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2285643002
Cr-Commit-Position: refs/heads/master@{#39131}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
Reland of https://codereview.chromium.org/2190293003/ with a bug fix.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2225923003
Cr-Commit-Position: refs/heads/master@{#39120}
For two FinishRegion nodes, the alias analysis returned "may alias" even
without properly looking through them.
Drive-by-fix: Add meaningful output for --trace-turbo-load-elimination.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2301903002
Cr-Commit-Position: refs/heads/master@{#39075}
Now that the hole NaN is no longer represented as Float64Constant early
on, we should never see such a constant node in any JS-level graph, but
we will only see them after representation selection. Change Typer and
SimplifiedLowering appropriately (and fix the invalid tests).
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2299883003
Cr-Commit-Position: refs/heads/master@{#39063}
This way, many files which only need CompilationInfo but not compiler.h
and its dependencies can include just compilation-info.h.
BUG=
Review-Url: https://codereview.chromium.org/2284313003
Cr-Commit-Position: refs/heads/master@{#39038}
If the type of a tracked field or element value is less precise than the
advertised type of the field or element load, then we replace the load
operation with a TypeGuard that guards the advertised type.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2295643002
Cr-Commit-Position: refs/heads/master@{#39032}
The format of this is a little strange, and has to do with the previous
implementation maintaining a "stack" of objects as it works. As a result,
the format writes the array buffer before giving any hint that the reason
for doing so is to obtain a view wrapping it. Handling this without creating
an explicit on-heap stack requires checking whether the next tag is 'V'
after obtaining an array buffer.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2287653002
Cr-Commit-Position: refs/heads/master@{#38984}
Drop the typing rules for the machine operators and replace them
with UNREACHABLE. These typing rules were never correct and there's
also no need to have those rules at all.
Drive-by-fix: Remove the extremely annoying test-simplified-lowering.cc
file, which is not very useful, but consumes a large amount of time to
keep it compiling and passing. Instead we should introduce appropriate
tests for the SimplifiedLowering that also test something meaningful
w/o just cementing the implementation.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2292463002
Cr-Commit-Position: refs/heads/master@{#38970}
These JavaScript operators were special hacks to ensure that we always
operate on Smis for the magic for-in index variable, but this never
really worked in the OSR case, because the OsrValue for the index
variable didn't have the proper information (that we have for the
JSForInPrepare in the non-OSR case).
Now that we have loop induction variable analysis and binary operation
hints, we can just use JSLessThan and JSAdd instead with appropriate
Smi hints, which handle the OSR case by inserting Smi checks (that are
always true). Thanks to OSR deconstruction and loop peeling these Smi
checks will be hoisted so they don't hurt the OSR case too much.
Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since
we have to lower it to JSLessThan to get the loop induction variable
goodness.
R=epertoso@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2289613002
Cr-Commit-Position: refs/heads/master@{#38968}
The embedder is expected to arrange for the array buffer contents to be
transferred into a v8::ArrayBuffer in the receiving context (generally by
assuming ownership of the externalized backing store).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2275033003
Cr-Commit-Position: refs/heads/master@{#38948}
on architectures that do not support missaligned memory access
BUG=unittests/AstDecoderTest.Float64Const, unittests/AstDecoderTest.Float32Const
Review-Url: https://codereview.chromium.org/2275323002
Cr-Commit-Position: refs/heads/master@{#38941}
This CL fixes the first bug I found with the new fuzzing. The problem is
that the number of locals is unbounded. This CL bounds the number of
locals of one type with 8000000, an arbitrary number.
R=titzer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2271803004
Cr-Commit-Position: refs/heads/master@{#38936}
Introduce a new TypedOptimization reducer that contains the type
based optimization reduction steps, which are not (directly)
related to lowering JavaScript operators based on types (which is
what JSTypedLowering is supposed to do).
This also addresses a chicken-and-egg problem that we see in the
Octane/Mandreel benchmark where type based constant folding isn't
applied to the numeric comparison operators introduced by the
JSTypedLowering itself, and thus gives up to 10% speedup for the
benchmark.
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2280673003
Cr-Commit-Position: refs/heads/master@{#38928}
Suitably scary warnings attached, as this will yet evolve (notably to handle
host objects, which are not currently handled).
Unit tests adjusted to use the public version of ValueSerializer, eliminating
any need they have to access v8::internal.
With this, Blink can begin using this code experimentally behind a flag as it
develops.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2274693002
Cr-Commit-Position: refs/heads/master@{#38915}
Transferral is not included in this CL, nor is SharedArrayBuffer.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2264403004
Cr-Commit-Position: refs/heads/master@{#38913}
Record details, such as cumulative duration, number of steps, and longest steps
in IncrementalMarkingDetails which get populated at a single callsite
(AddScopeSample). Remove member fields that thus become obsolete (unfortunately
not all of them).
Additional remove some dead code and refactor printing. Printing in a single
statement allows for using logcat on Android.
This should also address the regression in chromium:640524.
BUG=chromium:639818,chromium:640524
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2269093002
Cr-Commit-Position: refs/heads/master@{#38912}
Adds compile operations to the CompilerDispatcherJob interface. As such,
introduces Compiler::PrepareUnoptimizedCompilationJob and updates the
unoptimized compilation path to use CompilationJobs. Also unifies
FinalizeCompilationJob to deal with both optimized and unoptimized
compilation jobs.
A dummy FullCodegenCompilationJob is also introduced, where all the work
is done in the ExecuteJob phase, which cannot be run on a
background thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2251713002
Cr-Commit-Position: refs/heads/master@{#38897}
This introduces appropriate unit tests to ensure that merging of
elements/fields information is correct for diamonds.
BUG=chromium:639210,v8:5266
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2278043002
Cr-Commit-Position: refs/heads/master@{#38881}
For O instanceof C, we only need to check the instance type while
iterating the prototypes of O instead of checking both the instance
type and the access check bit of the map. This is because we have
the explicit range of "special object types", which include both
JSProxy as well as the global object and proxy and all API objects
that might have access checks or interceptors. Also restructure the
loop exits somewhat to ensure that the branch cloning gets a chance
to actually eliminate the bit materialization for the results.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2263273003
Cr-Commit-Position: refs/heads/master@{#38860}
Before this patch all tracing scopes in incremental marking would be reset
during a gc tracer start/stop cycle. This patch handles scopes the same way it
does other incremental marking metrics.
Also:
- Align finalization metric with regular marking metric.
- Smaller cleanups
BUG=chromium:639818
Review-Url: https://codereview.chromium.org/2273673002
Cr-Commit-Position: refs/heads/master@{#38834}
Drive-by fix: the order of parameters in the BinaryOpWithFeedback TurboFan code stubs now reflects the convention of having the context at the end.
BUG=v8:5273
Review-Url: https://codereview.chromium.org/2263253002
Cr-Commit-Position: refs/heads/master@{#38832}
Before this patch all tracing scopes in incremental marking would be reset
during a gc tracer start/stop cycle. This patch handles scopes the same way it
does other incremental marking metrics.
Also:
- Align finalization metric with regular marking metric.
- Smaller cleanups
BUG=chromium:639818
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2264033002
Cr-Commit-Position: refs/heads/master@{#38822}
Rebuilding (after touching certain files) is crazy slow because
includes are out of control.
Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2268303002
Cr-Commit-Position: refs/heads/master@{#38818}
When preparing compilation, we can't delay error reporting either.
Also put handles during internalization into a deferred handle scope.
BUG=v8:5215
R=marja@chromium.org,rmcilory@chromium.org
Review-Url: https://codereview.chromium.org/2268983002
Cr-Commit-Position: refs/heads/master@{#38817}
Port 28e3467a72 (r38361)
original commit message:
Adding new methods to the code stub assembler and interpreter
assembler to combine loading and untagging SMIs, so that on 64-bit
architectures we can avoid loading the full 64 bits and load the
32 interesting bits directly instead.
BUG=
Review-Url: https://codereview.chromium.org/2265043002
Cr-Commit-Position: refs/heads/master@{#38811}
This makes us able to get rid of dependencies to parser.h from places
which only need the ParseInfo, and also gets rid of the curious Parser
<-> Compiler circular dependency.
Also IWYUd where necessary.
BUG=
Review-Url: https://codereview.chromium.org/2268513002
Cr-Commit-Position: refs/heads/master@{#38777}
Version 0 dense arrays cannot be deserialized by current Chromium, which
suggests that this is not necessary.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2256413002
Cr-Commit-Position: refs/heads/master@{#38754}
The current "dense" format is not expressive enough to distinguish between
an element that is not defined and one that has the value "undefined",
but in this CL the existing behaviour of Blink is used for such cases.
Format changes to fix these issues could be made later on.
Not included in this CL is compatibility with version 0 arrays.
Those will be implemented in a separate CL.
BUG=chromium:148757
Committed: https://crrev.com/2e000127df2e88e31d352ef70af397741d1f2298
Review-Url: https://codereview.chromium.org/2259633002
Cr-Original-Commit-Position: refs/heads/master@{#38729}
Cr-Commit-Position: refs/heads/master@{#38732}
Reason for revert:
Broke MIPS compile due to an uninitialization warning:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/3110/steps/compile/logs/stdio
Original issue's description:
> Blink-compatible serialization of arrays, both dense and sparse.
>
> The current "dense" format is not expressive enough to distinguish between
> an element that is not defined and one that has the value "undefined",
> but in this CL the existing behaviour of Blink is used for such cases.
> Format changes to fix these issues could be made later on.
>
> Not included in this CL is compatibility with version 0 arrays.
> Those will be implemented in a separate CL.
>
> BUG=chromium:148757
>
> Committed: https://crrev.com/2e000127df2e88e31d352ef70af397741d1f2298
> Cr-Commit-Position: refs/heads/master@{#38729}
TBR=jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2255313002
Cr-Commit-Position: refs/heads/master@{#38730}
The current "dense" format is not expressive enough to distinguish between
an element that is not defined and one that has the value "undefined",
but in this CL the existing behaviour of Blink is used for such cases.
Format changes to fix these issues could be made later on.
Not included in this CL is compatibility with version 0 arrays.
Those will be implemented in a separate CL.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2259633002
Cr-Commit-Position: refs/heads/master@{#38729}
One more bytecode to pass info through to TurboFan.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2260473003
Cr-Commit-Position: refs/heads/master@{#38726}
Use bool is_strict_ to encode language_mode in scopes using a single bit.
BUG=
Review-Url: https://codereview.chromium.org/2261463002
Cr-Commit-Position: refs/heads/master@{#38724}
Generates a JSCreateWithContext node for TurboFan to optimize.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2255793002
Cr-Commit-Position: refs/heads/master@{#38723}
Removes all accesses to the Isolate during bytecode generation and the
bytecode pipeline. Adds an DisallowIsolateAccessScope which is used to
enforce this invariant within the BytecodeGenerator.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2242193002
Cr-Commit-Position: refs/heads/master@{#38716}
We were missing this optimization in a few cases because TruncateInt64ToInt32 was also interfering.
Also removed the equivalent from simplified-lowering.cc, as the arm64 instruction selector has a similar optimization.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2252333002
Cr-Commit-Position: refs/heads/master@{#38711}
The "version 0" format did not deal with references, and used a stack model to
deserialize objects (conceptually, a postorder tree traversal). This requires
an explicit stack, so special logic is added to decode this format.
All subsequent versions also put an object marker at the beginning, which is
equivalent to how the current version serializes.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2248893003
Cr-Commit-Position: refs/heads/master@{#38686}
As part of this CL, object reference tracking is implemented (and tested with a
self-referential object). This sort of reference tracking will be shared with
other receivers (array, date, regexp and host objects).
Not included in this CL is compatibility with version-0 objects (which don't
support a non-tree object graph, and require a little stack to correctly
deserialize).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2246093003
Cr-Commit-Position: refs/heads/master@{#38683}
Now that all backends use the source position builder to record source
positions, simplify the code line logging events to take a source
position table on code creation. This means that the source position
table builder no longer needs to access the isolate until the table is
generated. This is required for off-thread bytecode generation.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2248673002
Cr-Commit-Position: refs/heads/master@{#38676}
Allows us to create a corresponding TurboFan node, so TF can
optimize it.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2248633002
Cr-Commit-Position: refs/heads/master@{#38651}
This includes UTF-8 strings and two-byte strings, both length-delimited
(in bytes, not characters). Two-byte strings are written/read in host byte
order.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2245753002
Cr-Commit-Position: refs/heads/master@{#38636}
This includes unsigned integers (encoded as base-128 varints), signed integers
(ZigZag-encoded, then varint-encoded) and doubles (written in host byte order).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2232323004
Cr-Commit-Position: refs/heads/master@{#38630}
This removes some compiler internals as well as some JavaScript specific
helper from the CodeAssembler, by either hiding or moving the support
into the CodeStubAssembler.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2246463002
Cr-Commit-Position: refs/heads/master@{#38617}
This optimization required access to the heap which we can't do off-thread.
There doesn't seem to be a regression without this optmization in anycase,
so just rip it out.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2238853002
Cr-Commit-Position: refs/heads/master@{#38585}
------------------------------------------------------------------------
This CL adds support for decoding eh-related wasm opcodes:
* Throw: used for raising an exception; the thrown value lives on top of
the evaluation stack;
* TryCatch: used to start a try block that has a catch clause;
* TryFinally: used to start a try block that has a finally clause;
* TryCatchFinally: used to start a try block that has both catch and
finally clauses;
* Catch <local>: used to start the catch block of a
TryCatch/TryCatchFinally block; the thrown value is
stored in local <local>; and
* Finally: used to start a finally block of TryFinally/TryCatchFinally.
Three different opcodes are used to start a try block to simplify the
AST construction during bytecode parsing.
BUG=
Review-Url: https://codereview.chromium.org/2222193004
Cr-Commit-Position: refs/heads/master@{#38579}
This adds a very first version of inlined Array.prototype.pop into
TurboFan optimized code. We currently limit the inlining to fast
object or smi elements, until the unclear situation around hole NaNs
is resolved and we have a clear semantics inside the compiler.
It's also probably overly defensive in when it's safe to inline
the call to Array.prototype.pop, but we can always extend that
later once we have sufficient trust in the implementation and see
an actual need to extend it.
BUG=v8:2229,v8:3952,v8:5267
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2239703002
Cr-Commit-Position: refs/heads/master@{#38578}
These places were found by the trybots.
- regress-crbug-485410
BUG=
Review-Url: https://codereview.chromium.org/2230923002
Cr-Commit-Position: refs/heads/master@{#38572}
When we change representation from Float64 to Tagged and we know that
the input value can never be -0, we don't need to bother introducing
the check for -0 during effect/control linearization.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2231963002
Cr-Commit-Position: refs/heads/master@{#38568}
Reason for revert:
It may or may not have caused a regression in kraken-crypto-ccm.
Original issue's description:
> [turbofan] Reduces x << y ^ x >>> (32 - y) to x ror (32 - y).
>
> The MachineOperatorReducer was only reducing word32 expressions of the type x << y | x >>> (32 - y) (and variants) to the equivalent Word32Ror. This CL applies the same pattern-matching logic to Word32Xor.
>
> BUG=
>
> Committed: https://crrev.com/a86397d890d3caa01a947e2a6e71beb1f58e6e6b
> Cr-Commit-Position: refs/heads/master@{#38284}
TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
NOPRESUBMIT=true
BUG=
Review-Url: https://codereview.chromium.org/2230213002
Cr-Commit-Position: refs/heads/master@{#38545}
Avoids the always generated Star bytecodes after ObjectLiteral.
BUG=v4:4820
LOG=n
Review-Url: https://codereview.chromium.org/2216023003
Cr-Commit-Position: refs/heads/master@{#38480}
This allows us to consume the type hints gathered by the CompareIC
for the strict equality and inequality operators. Similar to abstract
equality We need to distinguish Number and NumberOrOddball feedback,
as strict equality doesn't truncate Oddball to Number.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2222993003
Cr-Commit-Position: refs/heads/master@{#38438}
This CL changes the semantics of FloatXXSub to match the semantics of
the semantics of FloatXXSubPreserveNan. Therefore there is no need
anymore for the FloatXXSubPreserveNan operators.
The optimizations in VisitFloatXXSub which are removed in this CL have
already been moved to machine-operator-reducer.cc in
https://codereview.chromium.org/2226663002R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2220973002
Cr-Commit-Position: refs/heads/master@{#38437}
Up until now "-0.0 - x" was lowered in the instruction selector. I moved
the lowering now to the MachineOperatorReducer.
I did not remove the lowering from the instruction selector yet, I would
prefer to do that in a separate CL.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2226663002
Cr-Commit-Position: refs/heads/master@{#38417}
Introduce a dedicated NumberOperationHint enum that represents the
feedback we can use for speculative number operations.
BUG=v8:4930
Review-Url: https://codereview.chromium.org/2220573002
Cr-Commit-Position: refs/heads/master@{#38411}
Assign feedback slots in the type feedback vector for binary operations.
Update bytecode-generator to use these slots and add them as an operand
to binary operations.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2209633002
Cr-Commit-Position: refs/heads/master@{#38408}
AtomicNumber should make dealing with atomic counters easier. This is not the
case with size_t, as we cannot properly use the Increment() method for negative
numbers.
With this CL we can use AtomicNumber<size_t> and have proper decrements.
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2215693002
Cr-Commit-Position: refs/heads/master@{#38407}
This extends JSNativeContextSpecialization with support for stores to
fast object/smi element backing stores that are marked as copy-on-write.
In this case we first call the CopyFixedArray builtin to take a copy of
the elements backing store, and then store the new elements back to the
object, and finally perform the actual element store.
R=epertoso@chromium.org
BUG=v8:4470
Committed: https://crrev.com/ac98ad22f049a59c48387f1bab1590f135d219c6
Review-Url: https://codereview.chromium.org/2218703003
Cr-Original-Commit-Position: refs/heads/master@{#38370}
Cr-Commit-Position: refs/heads/master@{#38392}
Before this change we would first load an 8/16/32-bit value from memory into a 32-bit register, then zero/sign-extend from that register to a 64-bit one. Now we replace that pattern with a single movsx/movzx.
Ported from http://crrev.com/2183923003R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2220483003
Cr-Commit-Position: refs/heads/master@{#38388}
Reason for revert:
Need to revert https://codereview.chromium.org/2216563003 - just reland rebased version
Original issue's description:
> Hook up compiler dispatcher jobs to lazy parser.
>
> The lazy parser actually parses eagerly. It's called lazy because it
> parses functions that were previously lazy parsed. D'uh.
>
> BUG=v8:5215
> R=marja@chromium.org
>
> Committed: https://crrev.com/255cc15f98507e2bba49574f4dc38c74deb0ca2c
> Cr-Commit-Position: refs/heads/master@{#38375}
TBR=marja@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5215
Review-Url: https://codereview.chromium.org/2211393003
Cr-Commit-Position: refs/heads/master@{#38378}
Reason for revert:
Breaks tree?
Original issue's description:
> [turbofan] Add support for copy-on-write element stores.
>
> This extends JSNativeContextSpecialization with support for stores to
> fast object/smi element backing stores that are marked as copy-on-write.
> In this case we first call the CopyFixedArray builtin to take a copy of
> the elements backing store, and then store the new elements back to the
> object, and finally perform the actual element store.
>
> R=epertoso@chromium.org
> BUG=v8:4470
>
> Committed: https://crrev.com/ac98ad22f049a59c48387f1bab1590f135d219c6
> Cr-Commit-Position: refs/heads/master@{#38370}
TBR=epertoso@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review-Url: https://codereview.chromium.org/2220513002
Cr-Commit-Position: refs/heads/master@{#38376}
The lazy parser actually parses eagerly. It's called lazy because it
parses functions that were previously lazy parsed. D'uh.
BUG=v8:5215
R=marja@chromium.org
Review-Url: https://codereview.chromium.org/2220463002
Cr-Commit-Position: refs/heads/master@{#38375}
This extends JSNativeContextSpecialization with support for stores to
fast object/smi element backing stores that are marked as copy-on-write.
In this case we first call the CopyFixedArray builtin to take a copy of
the elements backing store, and then store the new elements back to the
object, and finally perform the actual element store.
R=epertoso@chromium.org
BUG=v8:4470
Review-Url: https://codereview.chromium.org/2218703003
Cr-Commit-Position: refs/heads/master@{#38370}
Reason for revert:
[Sheriff] Fails on nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/8403
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> earlier cl (https://codereview.chromium.org/2153433002/) was reverted
> because that implementation did not collect allocation site feedback.
> This regressed delta blue by an order of magnitude. This implementation
> includes collection of allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/9d5e6129c4c7f9cbfe81a5fad2a470f219fe137c
> Cr-Commit-Position: refs/heads/master@{#38364}
TBR=bmeurer@chromium.org,rmcilroy@chromium.org,balazs.kilvady@imgtec.com,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2212343002
Cr-Commit-Position: refs/heads/master@{#38368}
Changes ConstantPoolArrayBuilder to do object lookups using the location
of the handles, rather than dereferencing the handles and comparing the
objects. This also updates CanonicalHandleScope when internalizing AST
nodes to ensure that duplicate objects share the same handles and so are
only added to the constant pool once.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2204243003
Cr-Commit-Position: refs/heads/master@{#38366}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2190293003
Cr-Commit-Position: refs/heads/master@{#38364}
Adding new methods to the code stub assembler and interpreter
assembler to combine loading and untagging SMIs, so that on 64-bit
architectures we can avoid loading the full 64 bits and load the
32 interesting bits directly instead.
Review-Url: https://codereview.chromium.org/2183923003
Cr-Commit-Position: refs/heads/master@{#38361}
Moves the creation of SharedFunctionInfo for function literals to the
finalization step. This is required for bytecode generation to be
performed off-thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2179303005
Cr-Commit-Position: refs/heads/master@{#38309}
Add a new bytecode to create a function context. The handler inlines
FastNewFunctionContextStub.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2187523002
Cr-Commit-Position: refs/heads/master@{#38301}
The MachineOperatorReducer was only reducing word32 expressions of the type x << y | x >>> (32 - y) (and variants) to the equivalent Word32Ror. This CL applies the same pattern-matching logic to Word32Xor.
BUG=
Review-Url: https://codereview.chromium.org/2199323003
Cr-Commit-Position: refs/heads/master@{#38284}
This removes the frame state input representing the before-state from
nodes having any int32 bitwise operator. Lowering that inserts number
conversions of the inputs has to be disabled when deoptimization is
enabled, because the frame state layout is no longer known.
R=epertoso@chromium.org
BUG=v8:5021,v8:4746
Review-Url: https://codereview.chromium.org/2194383004
Cr-Commit-Position: refs/heads/master@{#38280}
This completely removes translation of exception handler predictions
from the graph IR. We now rely on the runtime using deoptimization
infomation via {FrameSummary} for predictions in optimized code.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2207533002
Cr-Commit-Position: refs/heads/master@{#38250}
This removes the frame state input representing the before-state from
nodes having any shift operator. Any lowering that woult insert number
conversions of the inputs has already been disabled when deoptimization
is enabled, because the frame state layout is no longer known.
R=epertoso@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2190743003
Cr-Commit-Position: refs/heads/master@{#38194}
This gets rid of the Star bytecodes that were always dispatched to from
ToObject.
ToObject now outputs to register instead of to the accumulator and
ForInPrepare gets the receiver object from an input register.
BUG=v8:4820
LOG=n
Review-Url: https://codereview.chromium.org/2189463006
Cr-Commit-Position: refs/heads/master@{#38177}
Drive-by fix: actually match the hint in the IsSpeculativeBinopMatcher.
Review-Url: https://codereview.chromium.org/2191883002
Cr-Commit-Position: refs/heads/master@{#38176}
Reason for revert:
Still crashing.
Original issue's description:
> [heap] Reland "Remove black pages and use black areas instead."
>
> BUG=chromium:630969,chromium:630386
> LOG=n
>
> Committed: https://crrev.com/9e37a07c8de0a20ef2681e26824ff4d329102603
> Cr-Commit-Position: refs/heads/master@{#38057}
TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:630969,chromium:630386
Review-Url: https://codereview.chromium.org/2183383004
Cr-Commit-Position: refs/heads/master@{#38129}
This patch updates internal data structures used by V8 to support
multiple indirect function tables (WebAssembly/design#682). But, since
this feature is post-MVP, the functionality is not directly exposed and
parsing/generation of WebAssembly is left unchanged. Nevertheless, it
is being used in an experiment to implement fine-grained control flow
integrity based on C/C++ types.
BUG=
Review-Url: https://codereview.chromium.org/2174123002
Cr-Commit-Position: refs/heads/master@{#38110}
This required the introduction of the CheckedNumberOrOddballAsWord32 use info, and a change in the RepresentationChanger to handle it.
BUG=
Review-Url: https://codereview.chromium.org/2184513003
Cr-Commit-Position: refs/heads/master@{#38086}
This is a first step towards a perfect world where a call interface descriptor is the only place that defines calling convention for a particular code stub.
Review-Url: https://codereview.chromium.org/2172223002
Cr-Commit-Position: refs/heads/master@{#38059}
Reason for revert:
Fix has been landed.
Original issue's description:
> Revert of [interpreter] Add explicit OSR polling bytecode. (patchset #6 id:100001 of https://codereview.chromium.org/2172233002/ )
>
> Reason for revert:
> Bunch of breakages. Maybe bad interaction with e520e5da55 ?
>
> E.g.:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/11607
>
> Original issue's description:
> > [interpreter] Add explicit OSR polling bytecode.
> >
> > This adds an explicit {OsrPoll} bytecode into every loop header which
> > triggers on-stack replacement when armed. Note that each such bytecode
> > stores the static loop depths as an operand, and hence can be armed for
> > specific loop depths.
> >
> > This also adds builtin code that triggers OSR compilation and switches
> > execution over to optimized code in case compilation succeeds. In case
> > compilation fails, the bytecode dispatch just continues unhindered.
> >
> > R=rmcilroy@chromium.org
> > TEST=mjsunit/ignition/osr-from-bytecode
> > BUG=v8:4764
> >
> > Committed: https://crrev.com/a55beb68e0ededb3773affa294a71edc50621458
> > Cr-Commit-Position: refs/heads/master@{#38043}
>
> TBR=rmcilroy@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4764
>
> Committed: https://crrev.com/439aa2c6d708bfd95db725bd6f97c4c49bbc51fc
> Cr-Commit-Position: refs/heads/master@{#38044}
TBR=rmcilroy@chromium.org,machenbach@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2184713002
Cr-Commit-Position: refs/heads/master@{#38056}
Reason for revert:
Bunch of breakages. Maybe bad interaction with e520e5da55 ?
E.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/11607
Original issue's description:
> [interpreter] Add explicit OSR polling bytecode.
>
> This adds an explicit {OsrPoll} bytecode into every loop header which
> triggers on-stack replacement when armed. Note that each such bytecode
> stores the static loop depths as an operand, and hence can be armed for
> specific loop depths.
>
> This also adds builtin code that triggers OSR compilation and switches
> execution over to optimized code in case compilation succeeds. In case
> compilation fails, the bytecode dispatch just continues unhindered.
>
> R=rmcilroy@chromium.org
> TEST=mjsunit/ignition/osr-from-bytecode
> BUG=v8:4764
>
> Committed: https://crrev.com/a55beb68e0ededb3773affa294a71edc50621458
> Cr-Commit-Position: refs/heads/master@{#38043}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2184553003
Cr-Commit-Position: refs/heads/master@{#38044}
This adds an explicit {OsrPoll} bytecode into every loop header which
triggers on-stack replacement when armed. Note that each such bytecode
stores the static loop depths as an operand, and hence can be armed for
specific loop depths.
This also adds builtin code that triggers OSR compilation and switches
execution over to optimized code in case compilation succeeds. In case
compilation fails, the bytecode dispatch just continues unhindered.
R=rmcilroy@chromium.org
TEST=mjsunit/ignition/osr-from-bytecode
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2172233002
Cr-Commit-Position: refs/heads/master@{#38043}
ToName was always generated with a subsequent Star, fuse them.
Requires a few changes in the peephole optimizer as ToName cannot be
elided as easily, but must be replaced by Star.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2169813002
Cr-Commit-Position: refs/heads/master@{#38019}
After multiplying two integers we emit code like:
if (result == 0) {
if (OR_OPERATION(rhs, lhs) < 0) {
DEOPT;
}
}
This CL allows us to eliminate the OR and comparison if either rhs or
lhs is a negative number, reducing the code to:
if (result == 0) DEOPT;
BUG=
Review-Url: https://codereview.chromium.org/2167643002
Cr-Commit-Position: refs/heads/master@{#38016}
Turn the LoadElimination into a proper graph Reducer so that it can run
together with ValueNumbering and RedundancyElimination to a fixpoint
for maximum load/check elimination. This also adds initial support for
eliminating redundant LoadElement/StoreElement nodes.
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2164253002
Cr-Commit-Position: refs/heads/master@{#38015}
Move the logic for allocating the global declaration pair array
from VisitDeclarations to a later step. This is required for
concurrent bytecode generation.
This change requires adding support for reserving fixed
constant pool array entries, which can be later updated
with the value of the literal.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2167763003
Cr-Commit-Position: refs/heads/master@{#38010}
Introducing machine operators early causes trouble for the typing,
truncation analysis and representation selection, so we should rather
stick to simplified operators instead. Now there's only the for-in case
left, which is not clear how we can handle this in a better way.
Drive-by-fix: Also don't introduce Int32Constant and Word32Shl in
JSTypedLowering, but use NumberConstant and proper NumberShiftLeft
operators instead.
R=jarin@chromium.org
BUG=chromium:630951
Review-Url: https://codereview.chromium.org/2182453002
Cr-Commit-Position: refs/heads/master@{#38008}
Reason for revert:
Suspected to cause crbug.com/630969
Original issue's description:
> [heap] Remove black pages and use black areas instead.
>
> BUG=630386
> LOG=n
>
> Committed: https://crrev.com/b008a0d5a3db80a854cb93d9c94d67bf2d780f2c
> Cr-Commit-Position: refs/heads/master@{#37967}
TBR=ulan@chromium.org,hpayer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=630386
Review-Url: https://codereview.chromium.org/2176133002
Cr-Commit-Position: refs/heads/master@{#38006}
Implement UnalignedLoad and UnalignedStore optional
turbofan operators and use them in WasmCompiler for unaligned
memory access.
BUG=
Review-Url: https://codereview.chromium.org/2122853002
Cr-Commit-Position: refs/heads/master@{#37988}
ToNumber's result is always directly stored to a register using a Star
bytecode. Fuse it into ToNumber.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2165953002
Cr-Commit-Position: refs/heads/master@{#37976}
So far we don't have a useful way to inline Math.max or Math.min in
TurboFan optimized code. This adds new operators NumberMax and NumberMin
and changes the Float64Max/Float64Min operators to have JavaScript
semantics instead of the C++ semantics that it had previously.
This also removes support for recognizing the tenary case in the
CommonOperatorReducer, since that doesn't seem to have any positive
impact (and actually doesn't show up in regular JavaScript, where
people use Math.max/Math.min instead).
Drive-by-fix: Also nuke the unused Float32Max/Float32Min operators.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2170343002
Cr-Commit-Position: refs/heads/master@{#37971}
For some bytecodes it is beneficial to always look for a Star
bytecode when dispatching to the next and inline perform it
without dispatching to the Star handler.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2142273003
Cr-Commit-Position: refs/heads/master@{#37904}
Add a dedicated simplified operator to inline the general case for the
ToBoolean conversion. In a follow up CL we will also use the ToBoolean
hints gathered by the baseline compiler.
Review-Url: https://codereview.chromium.org/2167593002
Cr-Commit-Position: refs/heads/master@{#37882}
Reason for revert:
This cl causes a large regression in octane (https://chromeperf.appspot.com/group_report?bug_id=629503). I have to investigate the reason before I can reland this.
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> current implementation does not collect allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/1eadc76419b323fb2e55ae9953142f801704aa59
> Cr-Commit-Position: refs/heads/master@{#37862}
TBR=rmcilroy@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2165633003
Cr-Commit-Position: refs/heads/master@{#37872}
