Commit Graph

390 Commits

Author SHA1 Message Date
mstarzinger
5882033203 [turbofan] Mark escape analysis as experimental.
This prefixes the escape analysis flag with "experimental", thereby
making sure the flag in question is not being fuzzed. It will reduce
noise levels on ClusterFuzz again.

R=jarin@chromium.org
BUG=chromium:603653
LOG=n

Review URL: https://codereview.chromium.org/1894513002

Cr-Commit-Position: refs/heads/master@{#35521}
2016-04-15 12:19:29 +00:00
jarin
03975befe3 [turbofan] Remove some clever-but-wrong bits from select lowering.
BUG=chromium:600593
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1870763003

Cr-Commit-Position: refs/heads/master@{#35347}
2016-04-08 08:26:13 +00:00
adamk
ed18aa65ea Remove support for legacy const, part 1
Now that ES2015 const has shipped, in Chrome 49, legacy const declarations
are no more. This lets us remove a bunch of code from many parts of the
codebase.

In this patch, I remove parser support for generating legacy const variables
from const declarations. This also removes the special "illegal declaration"
bit from Scope, which has ripples into all compiler backends.

Also gone are any tests which relied on legacy const declarations.

Note that we do still generate a Variable in mode CONST_LEGACY in one case:
function name bindings in sloppy mode. The likely fix there is to add a new
Variable::Kind for this case and handle it appropriately for stores in each
backend, but I leave that for a later patch to make this one completely
subtractive.

Review URL: https://codereview.chromium.org/1819123002

Cr-Commit-Position: refs/heads/master@{#35002}
2016-03-22 17:52:13 +00:00
bmeurer
43fe7d6854 [builtins] Add support for JS builtins written in TurboFan.
This CL adds support for builtins with JavaScript linkage written using
the TurboFan CodeStubAssembler, but with a JSCall descriptor (which was
already supported thanks to a previous patch by Ben Smith). As a first
example, we convert the Math.sqrt builtin and thereby get rid of the
%_MathSqrt intrinsic, which causes trouble for the representation
selection pass in the JavaScript pipeline.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1824993002

Cr-Commit-Position: refs/heads/master@{#34989}
2016-03-22 13:25:54 +00:00
mstarzinger
2669224274 [compiler] Remove support for concurrent OSR.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1773593002

Cr-Commit-Position: refs/heads/master@{#34572}
2016-03-08 09:02:44 +00:00
rmcilroy
9a26c1aee2 [Interpreter] Fix deopt when accumulator needs to be materialized.
Moves the accumulator value on-heap to be restored in the
InterpreterNotifyDeopt handler rather than explicitly
setting the accumulator register. This allows it to be
materialized correctly if required.

BUG=v8:4678
LOG=N

Review URL: https://codereview.chromium.org/1707133003

Cr-Commit-Position: refs/heads/master@{#34113}
2016-02-18 12:50:38 +00:00
bmeurer
98aec4a719 [runtime] Kill %Arguments and %ArgumentsLength.
This removes support for the %Arguments and %ArgumentsLength runtime
entries and their intrinsic counterparts. If you need variable arguments
in any builtin, either use (strict) arguments object or rest parameters,
which are both compositional across inlining (in TurboFan), and not that
much slower compared to the %_Arguments hackery.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1688163004

Cr-Commit-Position: refs/heads/master@{#33943}
2016-02-12 12:25:23 +00:00
jarin
1b33ffa49a Tests for deopt from finally block.
Review URL: https://codereview.chromium.org/1669303002

Cr-Commit-Position: refs/heads/master@{#33942}
2016-02-12 12:17:36 +00:00
jarin
ab3b3bec86 [turbofan] Unwind and jump to the catch handler in the deoptimizer.
The idea here is to perform the handler lookup in the deoptimizer, and then take the information from the handler table to build the catch handler frame in the deoptimizer. Specifically, we use the pc offset, context location and stack height (in full-code) to tweak the output frame.

Sadly, this still requires nasty voodoo for the liveness analyzer so that it keeps variables alive if they are used in the catch handler.

Review URL: https://codereview.chromium.org/1416543006

Cr-Commit-Position: refs/heads/master@{#33936}
2016-02-12 10:15:32 +00:00
mstarzinger
5bbcdfe680 Reland of [interpreter] Correctly thread through catch prediction. (patchset #1 id:1 of https://codereview.chromium.org/1695613002/ )
Reason for revert:
No fix needed, original CL was perfectly fine!

Original issue's description:
> Revert of [interpreter] Correctly thread through catch prediction. (patchset #1 id:1 of https://codereview.chromium.org/1690973002/ )
>
> Reason for revert:
> Depends on the reverted https://codereview.chromium.org/1691723002
>
> Original issue's description:
> > [interpreter] Correctly thread through catch prediction.
> >
> > This change correctly sets the {CatchPrediction} field in exception
> > handler tables for bytecode and optimized code. It also adds tests
> > independent of promise handling for this prediction, to ensure all our
> > backends are in sync on their prediction.
> >
> > R=rmcilroy@chromium.org,yangguo@chromium.org
> > TEST=mjsunit/compiler/debug-catch-prediction
> > BUG=v8:4674
> > LOG=n
> >
> > Committed: https://crrev.com/ba55f5594cb0b4a1a1e9b35d87fe54afe2d93f3b
> > Cr-Commit-Position: refs/heads/master@{#33906}
>
> TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4674
>
> Committed: https://crrev.com/c5229b311968fd638a6cd537c341b1055eb7be97
> Cr-Commit-Position: refs/heads/master@{#33922}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674

Review URL: https://codereview.chromium.org/1689113004

Cr-Commit-Position: refs/heads/master@{#33933}
2016-02-12 09:52:23 +00:00
adamk
c5229b3119 Revert of [interpreter] Correctly thread through catch prediction. (patchset #1 id:1 of https://codereview.chromium.org/1690973002/ )
Reason for revert:
Depends on the reverted https://codereview.chromium.org/1691723002

Original issue's description:
> [interpreter] Correctly thread through catch prediction.
>
> This change correctly sets the {CatchPrediction} field in exception
> handler tables for bytecode and optimized code. It also adds tests
> independent of promise handling for this prediction, to ensure all our
> backends are in sync on their prediction.
>
> R=rmcilroy@chromium.org,yangguo@chromium.org
> TEST=mjsunit/compiler/debug-catch-prediction
> BUG=v8:4674
> LOG=n
>
> Committed: https://crrev.com/ba55f5594cb0b4a1a1e9b35d87fe54afe2d93f3b
> Cr-Commit-Position: refs/heads/master@{#33906}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674

Review URL: https://codereview.chromium.org/1695613002

Cr-Commit-Position: refs/heads/master@{#33922}
2016-02-12 00:43:13 +00:00
mstarzinger
ba55f5594c [interpreter] Correctly thread through catch prediction.
This change correctly sets the {CatchPrediction} field in exception
handler tables for bytecode and optimized code. It also adds tests
independent of promise handling for this prediction, to ensure all our
backends are in sync on their prediction.

R=rmcilroy@chromium.org,yangguo@chromium.org
TEST=mjsunit/compiler/debug-catch-prediction
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1690973002

Cr-Commit-Position: refs/heads/master@{#33906}
2016-02-11 16:14:42 +00:00
mstarzinger
d60c6bdf2e Add test for exception handler context switch.
This adds test cases for exception handlers that require a context
switch when entering the catch-block or the finally-block, triggered
through nested contexts within the try-block.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1681933002

Cr-Commit-Position: refs/heads/master@{#33845}
2016-02-09 12:31:45 +00:00
bmeurer
00f7d1f5f8 [intrinsics] Kill the %_IsMinusZero intrinsic.
By now only the default %TypedArray%.prototype.sort compare function
and the JS implementation of SameValueZero were still using the odd
%_IsMinusZero intrinsic, whose semantics both included a number check
(actually HeapNumber test) plus testing if the heap number stores the
special -0 value. In both cases we already know that we deal with
number so we can reduce it to a simple number test for -0, which can
be expressed via dividing 1 by that value and checking the sign of
the result. In case of the compare function, we can be even smarter
and work with the reciprocal values in case x and y are equal to 0
(although long term we should probably rewrite the fast case for
the typed array sorting function in C++ anyway, which will be way,
way faster than our handwritten callback-style, type-feedback
polluted JS implementation).

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1680783002

Cr-Commit-Position: refs/heads/master@{#33833}
2016-02-09 06:28:53 +00:00
jarin
52f2dbcac1 [turbofan] Reducers should revisit end after merging to it.
Review URL: https://codereview.chromium.org/1675433003

Cr-Commit-Position: refs/heads/master@{#33767}
2016-02-05 11:01:44 +00:00
bmeurer
6b2001b6b7 [turbofan] Introduce proper ObjectIsReceiver operator.
Avoid the hacking in JSIntrinsicLowering and provide a proper simplified
operator ObjectIsReceiver instead that is used to implement %_IsJSReceiver
which is used by our JavaScript builtins and the JSInliner.

R=jarin@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1657863004

Cr-Commit-Position: refs/heads/master@{#33675}
2016-02-02 11:43:02 +00:00
bmeurer
cb9b801069 [builtins] Make Math.max and Math.min fast by default.
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).

So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1641083003

Cr-Commit-Position: refs/heads/master@{#33582}
2016-01-28 13:07:09 +00:00
bmeurer
721a64ac93 [crankshaft] Remove useless --optimize-for-in flag.
R=jarin@chromium.org
BUG=v8:3650
LOG=n

Review URL: https://codereview.chromium.org/1621583002

Cr-Commit-Position: refs/heads/master@{#33453}
2016-01-22 06:26:14 +00:00
littledan
95145fa826 Ship ES2015 sloppy-mode const semantics
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.

R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1571873004

Cr-Commit-Position: refs/heads/master@{#33218}
2016-01-11 23:09:59 +00:00
rmcilroy
b261976cc0 [Interpreter] Add support for CallRuntimeForPair to Bytecode Graph Builder.
Adds support for the CallRuntimeForPair bytecode to the Bytecode Graph
Builder. Modifies the FrameState support to allow updating of output
registers.

Also adds Eval tests to test-run-bytecode-graph-builder since these are
enabled by CallRuntimeForPair support.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1570623007

Cr-Commit-Position: refs/heads/master@{#33186}
2016-01-08 16:40:58 +00:00
sigurds
3b473d7aad [turbofan] Deopt support for escape analysis
Deopt support is added on two levels. On the IR level,
a new ObjectState node is added, which represenents an
object to be materialized. ObjectState nodes appear as
inputs of FrameState and StateValues nodes. On the
instruction select/code-generation level, the
FrameStateDescriptor class handles the nesting
introduced by ObjectState, and ensures that deopt code
with CAPTURED_OBJECT/DUPLICATED_OBJECT entries are
generated similarly to what crankshaft's escape
analysis does.

Two unittests test correctness of the IR level implementation.

Correctness for instruction selection / code generation
is tested by mjsunit tests.

R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1485183002

Cr-Commit-Position: refs/heads/master@{#33115}
2016-01-05 13:31:02 +00:00
jarin
140f69d784 [turbofan] Add deopt point for InternalSetPrototype in VisitObjectLiteral.
BUG=572409
LOG=n

Review URL: https://codereview.chromium.org/1555023002

Cr-Commit-Position: refs/heads/master@{#33078}
2016-01-04 09:54:51 +00:00
sigurds
3161c17126 [turbofan] Stabilize escape analysis (without deopt)
Bugfixes and improvements in escape analysis include:

* Handling of ObjectIsSmi (non-escaping)
* Handling of nested phi replacements
* Handling of phis with arity > 2
* Resilience against effectful nodes dangling from start
* Allocations escape now, if non-const load/store is performed
* Fixed a bug where non-allocated objects where tracked
* Allow fixed double arrays to be tracked

R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1510973006

Cr-Commit-Position: refs/heads/master@{#32833}
2015-12-14 13:14:17 +00:00
sigurds
5b5821142b [turbofan] Improve escape analysis
This patch improves escape analysis and fixes bugs
triggered by clusterfuzz. Impovements include:
* Handling of LoadElement/StoreElement if index is a
  constant
* Handling of JSStoreProperty: invalidate all information,
  as the store could have altered any field.
* Treat phis that use an allocation as escaping
* Improve resolution of replacements

R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1499143002

Cr-Commit-Position: refs/heads/master@{#32656}
2015-12-07 13:29:06 +00:00
machenbach
154a493cb7 Revert of [es6] Correctify and unify ArrayBuffer and SharedArrayBuffer constructors. (patchset #2 id:20001 of https://codereview.chromium.org/1500543002/ )
Reason for revert:
Blocks the roll:
https://codereview.chromium.org/1497763004/

Original issue's description:
> [es6] Correctify and unify ArrayBuffer and SharedArrayBuffer constructors.
>
> The ArrayBuffer and SharedArrayBuffer constructors should raise an
> exception when called with no arguments or undefined length.  Also
> unified the ArrayBuffer and SharedArrayBuffer implementations as C++
> builtins, and removed some (now) obsolete runtime entries.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/3235ccbb7826ceec2188f6ebab98fc851b54f60e
> Cr-Commit-Position: refs/heads/master@{#32590}

TBR=yangguo@chromium.org,cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1501673002

Cr-Commit-Position: refs/heads/master@{#32606}
2015-12-04 10:38:48 +00:00
bmeurer
3235ccbb78 [es6] Correctify and unify ArrayBuffer and SharedArrayBuffer constructors.
The ArrayBuffer and SharedArrayBuffer constructors should raise an
exception when called with no arguments or undefined length.  Also
unified the ArrayBuffer and SharedArrayBuffer implementations as C++
builtins, and removed some (now) obsolete runtime entries.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1500543002

Cr-Commit-Position: refs/heads/master@{#32590}
2015-12-03 21:16:31 +00:00
danno
3e7e3ed726 [stubs] A new approach to TF stubs
* Add a sibling interface to InterpreterAssembler called
  CodeStubAssembler which provides a wrapper around the
  RawMachineAssembler and is intented to make it easy to build
  efficient cross-platform code stubs. Much of the implementation
  of CodeStubAssembler is shamelessly stolen from the
  InterpreterAssembler, and the idea is to eventually merge the
  two interfaces somehow, probably moving the
  InterpreterAssembler interface over to use the
  CodeStubAssembler. Short-term, however, the two interfaces
  shall remain decoupled to increase our velocity developing the
  two systems in parallel.
* Implement the StringLength stub in TurboFan with the new
  CodeStubAssembler. Replace and remove the old Hydrogen-stub
  version.
* Remove a whole slew of machinery to support JavaScript-style
  code stub generation, since it ultimately proved unwieldy,
  brittle and baroque. This cleanup includes removing the shared
  code stub context, several example stubs and a tangle of build
  file changes.

BUG=v8:4587
LOG=n

Review URL: https://codereview.chromium.org/1475953002

Cr-Commit-Position: refs/heads/master@{#32508}
2015-12-02 12:35:20 +00:00
sigurds
aa0ddf7db4 [turbofan] Initial support for escape analysis.
This is the first part of escape analysis for turbofan.
At the moment, there is no deopt support, and support
for loops is partial (only binary Phis are handled).

The CL includes 4 unittests.

There are also 8 new mjsunit tests, some of which are
skiped as they require features not yet implemented.

BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1457683003

Cr-Commit-Position: refs/heads/master@{#32498}
2015-12-02 10:53:50 +00:00
bmeurer
8003db95cc [test] Reland test for 52bit multiplication and division.
Contributed by Fedor Indutny <fedor@indutny.com>.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1478933002

Cr-Commit-Position: refs/heads/master@{#32314}
2015-11-26 06:46:59 +00:00
jarin
a9fa0498e1 [turbofan] Only infer signedness for Float64->Word32 representation change from the input type.
If the input type does not help us, we are conservative and truncate (rather than guessing signed).

Review URL: https://codereview.chromium.org/1455103002

Cr-Commit-Position: refs/heads/master@{#32075}
2015-11-18 10:02:33 +00:00
bmeurer
a210c3757e [runtime] Remove the very dangerous %_CallFunction intrinsic.
The %_CallFunction doesn't implement the call sequence properly, it
doesn't do the receiver wrapping, nor does it check for
classConstructor. Also the eager deoptimization for %_CallFunction was
seriously b0rked (we must have been lucky with TurboFan so far).

R=yangguo@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1419813010

Cr-Commit-Position: refs/heads/master@{#31821}
2015-11-05 11:48:21 +00:00
bmeurer
eee597209b [turbofan] We can inline property access for all primitives.
TurboFan is actually able to generate property access to all prototypes
of all primitives, except the special Oddball primitives that have no
wrapper counterparts (namely null and undefined from the ES6 point of
view).

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1409163007

Cr-Commit-Position: refs/heads/master@{#31739}
2015-11-03 10:44:57 +00:00
mstarzinger
37f5e23b5c [turbofan] Fix receiver binding for inlined callees.
This introduces a JSConvertReceiver operator to model the implicit
conversion of receiver values for sloppy callees. It is used by the
JSInliner for now, but can also be used to model direction function
calls that bypass call stubs.

Also note that a hint is passed to said operator whenever the source
structure constrains the receiver value type. This hint allows for
optimizations in the lowering of the operator.

The underlying specification in ES6, section 9.2.1.2 is the basis for
this implementation.

R=bmeurer@chromium.org
TEST=mjsunit/compiler/receiver-conversion
BUG=v8:4493, v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1412223015

Cr-Commit-Position: refs/heads/master@{#31598}
2015-10-27 12:13:49 +00:00
verwaest
b694266bb1 Fix Object.preventExtensions, .seal, .freeze on typed arrays
BUG=v8:4460
LOG=n

Review URL: https://codereview.chromium.org/1419823008

Cr-Commit-Position: refs/heads/master@{#31556}
2015-10-26 11:08:02 +00:00
bmeurer
2ab54f109e [turbofan] Add test case for stores to properties that are also present on prototype.
R=verwaest@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1407233006

Cr-Commit-Position: refs/heads/master@{#31517}
2015-10-23 12:09:54 +00:00
mstarzinger
d9a5add017 [turbofan] Fix liveness analysis for let variable in TDZ.
This makes sure that initializing assignments of let-declared variables
perform an environment lookup and hence keep the variable alive. This is
needed because full-codegen contains debug code verifying the variable
is still inside the TDZ at the initializing assignment.

R=jarin@chromium.org
TEST=mjsunit/compiler/regress-variable-liveness-let
BUG=v8:4493
LOG=n

Review URL: https://codereview.chromium.org/1420573002

Cr-Commit-Position: refs/heads/master@{#31437}
2015-10-21 12:23:06 +00:00
bmeurer
a916059aa7 [turbofan] Don't try to inline non-inlineable functions.
R=mstarzinger@chromium.org
BUG=chromium:540593
LOG=n

Review URL: https://codereview.chromium.org/1395453002

Cr-Commit-Position: refs/heads/master@{#31145}
2015-10-07 11:43:39 +00:00
bmeurer
9c8262f11e [builtins] Make sure argument count is always valid for C++ builtins.
When calling into C++ builtins, we need to make sure that the argument
count register contains the correct number of arguments, otherwise the
CEntryStub will not be able to leave the stack in the correct state.

R=ishell@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1391543002

Cr-Commit-Position: refs/heads/master@{#31120}
2015-10-06 08:23:51 +00:00
bmeurer
2a0759d3ff [es6] Fix missing bits for full @@toPrimitive support.
Introduce %_ToNumber intrinsic, which just calls to the existing
ToNumberStub, and remove all uses of our custom JavaScript plus
intrinsics based ToNumber and friends.

Also replace the TO_NUMBER_INLINE macro with TO_NUMBER,
which is currently a wrapper for %_ToNumber. Newly written JS
code should use TO_NUMBER (similar to TO_STRING, TO_INT32,
and friends).

Also finally remove the DefaultString/DefaultNumber builtins, which
are basically the ES5 version of ToPrimitive. Now all code uses the
ES6 version, which is implemented in Object::ToPrimitive and
JSReceiver::ToPrimitive in C++.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1384443002

Cr-Commit-Position: refs/heads/master@{#31054}
2015-10-01 16:08:49 +00:00
bmeurer
7a7b692b30 [runtime] Replace %to_string_fun with %_ToString.
Introduce a new macro TO_STRING that maps to %_ToString and use that
instead of calling into any of the ToString/NonStringToString JavaScript
builtins. Also remove the TO_STRING_INLINE macro, which is basically
obsolete with %_ToString. We still have a few uses of ToString left (via
the utils export mechanism), where we need to investigate whether we
will tank badly if we replace them with TO_STRING as well.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=yangguo@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1323543002

Cr-Commit-Position: refs/heads/master@{#30895}
2015-09-23 21:46:49 +00:00
conradw
33ec0b79b8 Parsing especially large nested functions takes up more memory than necessary.
Inner functions must be eagerly parsed for scope analysis, but the full AST is
also kept around even though it's not needed.

This CL mitigates this problem by allocating some AstNodes of the inner function
to a temporary Zone which is deallocated once the scope information has been
built. The remaining nodes (such as VariableProxy) must persist until scope
analysis actually happens, and have to be allocated to a parser-persistent Zone.

BUG=417697
LOG=N

Review URL: https://codereview.chromium.org/1304923004

Cr-Commit-Position: refs/heads/master@{#30685}
2015-09-10 14:41:14 +00:00
yangguo
299f775cf4 Call JS functions via native context instead of js builtins object.
We look up %-functions in the context if not found in the runtime.

R=bmeurer@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1306993003

Cr-Commit-Position: refs/heads/master@{#30379}
2015-08-26 11:16:57 +00:00
bmeurer
fef38c21e8 [crankshaft] DCE must not eliminate (observable) math operations.
The HUnaryMathOperation cannot be eliminated in general, because the
spec requires a ToNumber conversion on the input, which is observable
of course.

BUG=v8:4389
LOG=y

Review URL: https://codereview.chromium.org/1307413003

Cr-Commit-Position: refs/heads/master@{#30343}
2015-08-25 06:24:55 +00:00
danno
a1475dae5d Create a internal native context used only for TF-generated code stubs
Until now, TF-generated code stubs piggy-backed off of the builtin
context. Since generation of code stubs is lazy, stubs generated at
different times in different native contexts would contain embedded
pointers different builtin contexts, leading to cross-context references
and memory leaks.

After this CL, all TF-generated code stubs are generated inside a
internal thinned-out, native context that lives solely for the
purpose of hosting generated code stubs.

Review URL: https://codereview.chromium.org/1213203007

Cr-Commit-Position: refs/heads/master@{#29593}
2015-07-13 09:45:51 +00:00
bmeurer
b19f118c16 [turbofan] Optimize string "length" property access based on types.
Optimize string "length" property access based on static type
information if possible, but also optimistically optimize the access
based on type feedback from the LoadIC.

R=jarin@chromium.org

Committed: https://crrev.com/17add22ff4b9c5ca638502e7708f0d9d99baca40
Cr-Commit-Position: refs/heads/master@{#29543}

Review URL: https://codereview.chromium.org/1216593003

Cr-Commit-Position: refs/heads/master@{#29588}
2015-07-13 06:02:22 +00:00
adamk
54572281e9 Revert of [turbofan] Optimize string "length" property access based on types. (patchset #2 id:20001 of https://codereview.chromium.org/1216593003/)
Reason for revert:
Causes crash when running benchmarks/octane/regexp.js on ARM:
http://build.chromium.org/p/client.v8/builders/V8%20Arm/builds/2492/steps/Benchmarks/logs/regexp

Original issue's description:
> [turbofan] Optimize string "length" property access based on types.
>
> Optimize string "length" property access based on static type
> information if possible, but also optimistically optimize the access
> based on type feedback from the LoadIC.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/17add22ff4b9c5ca638502e7708f0d9d99baca40
> Cr-Commit-Position: refs/heads/master@{#29543}

TBR=mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1224083002

Cr-Commit-Position: refs/heads/master@{#29544}
2015-07-08 21:30:14 +00:00
bmeurer
17add22ff4 [turbofan] Optimize string "length" property access based on types.
Optimize string "length" property access based on static type
information if possible, but also optimistically optimize the access
based on type feedback from the LoadIC.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1216593003

Cr-Commit-Position: refs/heads/master@{#29543}
2015-07-08 19:12:58 +00:00
danno
737b8573f8 Reland: Add unoptimized/optimized variants of MathFloor TF code stub
- Add a TurboFanIC class, derived from TurboFanCodeStub, that
  automatically distinguishes between versions of the IC called from
  optimized and unoptimized code.
- Add appropriate InterfaceDescriptors for both the versions of the
  stub called from unoptimized and optimized code
- Change the MathFloor TF stub generator to output either the
  for-optimized or for-unoptimized version based on the minor_key
  parameter.

Committed: https://crrev.com/8f13b655b8a10dae2116dd18b32f09337bb2d410
Cr-Commit-Position: refs/heads/master@{#29534}

Review URL: https://codereview.chromium.org/1225943002

Cr-Commit-Position: refs/heads/master@{#29539}
2015-07-08 16:53:50 +00:00
danno
7fc183af06 Revert of Add unoptimized/optimized variants of MathFloor TF code stub (patchset #4 id:60001 of https://codereview.chromium.org/1225943002/)
Reason for revert:
Failure on compiling runtime.js on windows

Original issue's description:
> Add unoptimized/optimized variants of MathFloor TF code stub
>
> - Add a TurboFanIC class, derived from TurboFanCodeStub, that
>   automatically distinguishes between versions of the IC called from
>   optimized and unoptimized code.
> - Add appropriate InterfaceDescriptors for both the versions of the
>   stub called from unoptimized and optimized code
> - Change the MathFloor TF stub generator to output either the
>   for-optimized or for-unoptimized version based on the minor_key
>   parameter.
>
> Committed: https://crrev.com/8f13b655b8a10dae2116dd18b32f09337bb2d410
> Cr-Commit-Position: refs/heads/master@{#29534}

TBR=mvstanton@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1220783006

Cr-Commit-Position: refs/heads/master@{#29535}
2015-07-08 15:00:40 +00:00
danno
8f13b655b8 Add unoptimized/optimized variants of MathFloor TF code stub
- Add a TurboFanIC class, derived from TurboFanCodeStub, that
  automatically distinguishes between versions of the IC called from
  optimized and unoptimized code.
- Add appropriate InterfaceDescriptors for both the versions of the
  stub called from unoptimized and optimized code
- Change the MathFloor TF stub generator to output either the
  for-optimized or for-unoptimized version based on the minor_key
  parameter.

Review URL: https://codereview.chromium.org/1225943002

Cr-Commit-Position: refs/heads/master@{#29534}
2015-07-08 14:43:25 +00:00
bmeurer
5f288c201c [turbofan] Right hand side of shifts needs ToUint32.
Currently we lower shifts directly to machine operators, and add an
appropriate Word32And to implement the & 0x1F operation on the right
hand side required by the specification. However for Word32And we assume
Int32 in simplified lowering, which is basically changes the right hand
side bit interpretation for the shifts from Uint32 to Int32, which is
obviously wrong. So now we represent that explicitly by proper
simplified operators for the shifts, which are lowered to machine in
simplified lowering.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1213803008

Cr-Commit-Position: refs/heads/master@{#29465}
2015-07-03 11:42:00 +00:00
titzer
2c979b96f1 Add mjsunit tests for optimization of float min/max.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1199053011

Cr-Commit-Position: refs/heads/master@{#29239}
2015-06-23 17:26:25 +00:00
bmeurer
78e9a2dff2 [turbofan] NaN is never truish.
BUG=v8:4207
LOG=y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1198993009

Cr-Commit-Position: refs/heads/master@{#29230}
2015-06-23 12:24:54 +00:00
jacob.bramley
d783b76362 [arm64][turbofan] Fix implementation of Float64Min.
ARM64's `fmin` and `fmax` instructions don't have the same behaviour as
TurboFan's Float(32|64)(Min|Max) functions.

BUG=4206
LOG=N

Review URL: https://codereview.chromium.org/1200123004

Cr-Commit-Position: refs/heads/master@{#29229}
2015-06-23 11:58:58 +00:00
bmeurer
d19410f8e7 [mjsunit] Remove unsupported flag --turbo-deoptimization from tests.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1183123002

Cr-Commit-Position: refs/heads/master@{#29018}
2015-06-15 09:43:11 +00:00
mstarzinger
063079976c [turbofan] Fix throwing conversion inserted by JSTypedLowering.
This fixes the graph wiring of implicit JSToNumber nodes inserted by
JSTypedLowering, to be correctly hooked into a surrounding exceptional
continuation.

R=bmeurer@chromium.org
TEST=mjsunit/compiler/try-binop,test262

Review URL: https://codereview.chromium.org/1178153004

Cr-Commit-Position: refs/heads/master@{#28975}
2015-06-12 04:42:14 +00:00
mstarzinger
74c730a08d [turbofan] Add mjsunit tests for try-catch-finally and OSR.
This adds some basic tests of the interaction between try-catch and
try-finally statements and OSR in TurboFan. The try-osr test suite
follows the structure of try-deopt closely.

R=titzer@chromium.org
TEST=mjsunit/compiler/try-osr

Review URL: https://codereview.chromium.org/1165103003

Cr-Commit-Position: refs/heads/master@{#28855}
2015-06-09 08:16:41 +00:00
mstarzinger
b715329a15 [turbofan] Split --turbo-exceptions into two flags.
This allows try-catch and try-finally constructs to be separately
enabled and disabled. We plan to stage try-catch support soon.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1157863015

Cr-Commit-Position: refs/heads/master@{#28848}
2015-06-08 18:22:00 +00:00
bmeurer
b53c35a797 [turbofan] Properly kill Terminate nodes when removing loops.
BUG=chromium:491578
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1161583002

Cr-Commit-Position: refs/heads/master@{#28621}
2015-05-26 10:48:07 +00:00
yangguo
5cb925e448 Revert of Revert of Hook up more import/exports in natives. (patchset #1 id:1 of https://codereview.chromium.org/1154743003/)
Reason for revert:
Unrelated failure that was uncovered by this CL has been fixed (https://codereview.chromium.org/1152243002/)

Original issue's description:
> Revert of Hook up more import/exports in natives. (patchset #3 id:40001 of https://codereview.chromium.org/1154483002/)
>
> Reason for revert:
> [Sheriff] Speculative revert for gc stress failures:
> http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/481
>
> Original issue's description:
> > Hook up more import/exports in natives.
> >
> > R=jkummerow@chromium.org
> >
> > Committed: https://crrev.com/7a918ac9658d11778f39593bfcc19d7c506defd9
> > Cr-Commit-Position: refs/heads/master@{#28573}
> >
> > Committed: https://crrev.com/e13a39dd7f4062898709d7c68900677df0513995
> > Cr-Commit-Position: refs/heads/master@{#28578}
>
> TBR=jkummerow@chromium.org,erik.corry@gmail.com,yangguo@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/eb0024d1dbdda5f51b006dd54887404ee6c5cbfc
> Cr-Commit-Position: refs/heads/master@{#28584}

TBR=jkummerow@chromium.org,erik.corry@gmail.com,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1149773003

Cr-Commit-Position: refs/heads/master@{#28608}
2015-05-26 07:24:21 +00:00
machenbach
eb0024d1db Revert of Hook up more import/exports in natives. (patchset #3 id:40001 of https://codereview.chromium.org/1154483002/)
Reason for revert:
[Sheriff] Speculative revert for gc stress failures:
http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/481

Original issue's description:
> Hook up more import/exports in natives.
>
> R=jkummerow@chromium.org
>
> Committed: https://crrev.com/7a918ac9658d11778f39593bfcc19d7c506defd9
> Cr-Commit-Position: refs/heads/master@{#28573}
>
> Committed: https://crrev.com/e13a39dd7f4062898709d7c68900677df0513995
> Cr-Commit-Position: refs/heads/master@{#28578}

TBR=jkummerow@chromium.org,erik.corry@gmail.com,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1154743003

Cr-Commit-Position: refs/heads/master@{#28584}
2015-05-22 11:21:17 +00:00
svenpanne
a326691c75 JavaScript stubs have access to their calling convention and minor key now.
First steps only, the TurboFan compilation is still triggered from C++ land.

Includes some simplifications/cleanups, too.

Review URL: https://codereview.chromium.org/1150263002

Cr-Commit-Position: refs/heads/master@{#28581}
2015-05-22 11:01:31 +00:00
yangguo
e13a39dd7f Hook up more import/exports in natives.
R=jkummerow@chromium.org

Committed: https://crrev.com/7a918ac9658d11778f39593bfcc19d7c506defd9
Cr-Commit-Position: refs/heads/master@{#28573}

Review URL: https://codereview.chromium.org/1154483002

Cr-Commit-Position: refs/heads/master@{#28578}
2015-05-22 10:32:37 +00:00
machenbach
4c2690a475 Revert of Hook up more import/exports in natives. (patchset #2 id:20001 of https://codereview.chromium.org/1154483002/)
Reason for revert:
[Sheriff] Breaks nosnap:
http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20nosnap%20-%20shared/builds/6943

Original issue's description:
> Hook up more import/exports in natives.
>
> R=jkummerow@chromium.org
>
> Committed: https://crrev.com/7a918ac9658d11778f39593bfcc19d7c506defd9
> Cr-Commit-Position: refs/heads/master@{#28573}

TBR=jkummerow@chromium.org,erik.corry@gmail.com,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1154793003

Cr-Commit-Position: refs/heads/master@{#28574}
2015-05-22 08:53:05 +00:00
yangguo
7a918ac965 Hook up more import/exports in natives.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1154483002

Cr-Commit-Position: refs/heads/master@{#28573}
2015-05-22 08:32:28 +00:00
jarin
d2ca18d849 [turbofan] Fix variable liveness control structure creation.
R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1148133002

Cr-Commit-Position: refs/heads/master@{#28536}
2015-05-21 09:57:11 +00:00
titzer
f659ae4c89 [turbofan] Support vector IC feedback in the JSTypeFeedbackTable.
R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1133113004

Cr-Commit-Position: refs/heads/master@{#28465}
2015-05-19 08:58:29 +00:00
bmeurer
5494920a18 [turbofan] Use frame state before for shift operations as well.
This was already done for other binary operations, so it's basically
copying the existing functionality to shift left and shift right
logical/arithmetic.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1140883003

Cr-Commit-Position: refs/heads/master@{#28389}
2015-05-13 11:17:28 +00:00
bmeurer
2111d18dba [turbofan] Add frame state before JavaScript comparisons.
Use these check points to optimize comparisons where we already know
that one side cannot be a String (or turn into a string via
ToPrimitive).

Also remove bunch of useless DoNotCrash tests for the scheduler that are
painful to maintain and add almost no value.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1140583004

Cr-Commit-Position: refs/heads/master@{#28383}
2015-05-13 07:38:35 +00:00
danno
abc35080b3 Add a MathFloor stub generated with TurboFan
This stub will be used as the basis of a Math.floor-specific CallIC to
detect and track calls to floor that return -0.

Along the way:
- Create a TurboFanCodeStub super class from which the StringLength and
MathRound TF stubs derive.
- Fix the ugly hack that passes the first stub parameter as the "this"
pointer in the the TF-compiled JS function.
- Fix bugs in the ia32/x64 disassembler.

Review URL: https://codereview.chromium.org/1137703002

Cr-Commit-Position: refs/heads/master@{#28339}
2015-05-11 11:45:02 +00:00
yangguo
b0eb920fe2 Reland #2 "Wrap v8natives.js into a function."
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1127693006

Cr-Commit-Position: refs/heads/master@{#28217}
2015-05-05 09:16:01 +00:00
machenbach
6afc0dcbfc Revert of Reland "Wrap v8natives.js into a function." (patchset #2 id:20001 of https://codereview.chromium.org/1123703002/)
Reason for revert:
[Sheriff] Speculative revert for braking arm64 nosnap:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug%20-%202/builds/2314

(reverted already titzer's CL which didn't help)

Original issue's description:
> Reland "Wrap v8natives.js into a function."
>
> Committed: https://crrev.com/72ab42172979b60a1b784ea0c6a495d7ee2bba67
> Cr-Commit-Position: refs/heads/master@{#28193}

TBR=jkummerow@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1127543003

Cr-Commit-Position: refs/heads/master@{#28208}
2015-05-04 16:49:58 +00:00
yangguo
72ab421729 Reland "Wrap v8natives.js into a function."
Review URL: https://codereview.chromium.org/1123703002

Cr-Commit-Position: refs/heads/master@{#28193}
2015-05-04 11:17:01 +00:00
machenbach
b0b82fa89d Revert of Wrap v8natives.js into a function. (patchset #2 id:20001 of https://codereview.chromium.org/1109343004/)
Reason for revert:
[Sheriff] Speculative revert for breaking layout tests, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2682

See. e.g.:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Win/3130/layout-test-results/http/tests/websocket/workers/worker-reload-diff.txt

Original issue's description:
> Wrap v8natives.js into a function.
>
> R=jkummerow@chromium.org
>
> Committed: https://crrev.com/ee1b39b4303829e6c6805fe8b2f2602b13f6463a
> Cr-Commit-Position: refs/heads/master@{#28174}

TBR=jkummerow@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1121453003

Cr-Commit-Position: refs/heads/master@{#28182}
2015-04-30 17:33:19 +00:00
yangguo
ee1b39b430 Wrap v8natives.js into a function.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1109343004

Cr-Commit-Position: refs/heads/master@{#28174}
2015-04-30 14:59:09 +00:00
yangguo
4d12e94801 Port CallSite methods to C++.
The goal is to port all of error stack trace formatting to C++.
We will do this bottom up, by first porting helper functions.

Eventually, CallSite methods will only be used when a custom
error stack trace formatter is defined via Error.prepareStackTrace.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1060583008

Cr-Commit-Position: refs/heads/master@{#28095}
2015-04-28 08:52:47 +00:00
titzer
6e82fbfbaf [turbofan] Reland: Optimize loads from the global object in JSTypeFeedbackSpecializer.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1110503002

Cr-Commit-Position: refs/heads/master@{#28073}
2015-04-27 12:15:06 +00:00
machenbach
fbf300802f Revert of [turbofan] Optimize loads from the global object in JSTypeFeedbackSpecializer. (patchset #10 id:180001 of https://codereview.chromium.org/1063513003/)
Reason for revert:
[sheriff] Breaks nosnap debug:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug%20-%201/builds/156

Original issue's description:
> [turbofan] Optimize loads from the global object in JSTypeFeedbackSpecializer.
>
> Uses lazy deoptimization and code dependencies to introduce loads
> from property cells and also to promote globals to constants.
>
> R=mstarzinger@chromium.org
> BUG=
>
> Committed: https://crrev.com/aae4a62d07e839455b1d0ad4fa512cc5d48a1a68
> Cr-Commit-Position: refs/heads/master@{#28057}

TBR=mstarzinger@chromium.org,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1084533003

Cr-Commit-Position: refs/heads/master@{#28063}
2015-04-27 10:07:08 +00:00
titzer
aae4a62d07 [turbofan] Optimize loads from the global object in JSTypeFeedbackSpecializer.
Uses lazy deoptimization and code dependencies to introduce loads
from property cells and also to promote globals to constants.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1063513003

Cr-Commit-Position: refs/heads/master@{#28057}
2015-04-27 09:06:41 +00:00
jarin
ae0bc41635 Fix stack layout of full code arm64 for object literal.
BUG=

Review URL: https://codereview.chromium.org/1095203005

Cr-Commit-Position: refs/heads/master@{#28055}
2015-04-27 08:31:33 +00:00
titzer
5b6111edff Add test for deoptimization bug.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1100113002

Cr-Commit-Position: refs/heads/master@{#28013}
2015-04-22 14:32:49 +00:00
titzer
1850803d56 [turbofan] Fix reduction of LoadProperty/StoreProperty to LoadNamed/StoreNamed.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1095313002

Cr-Commit-Position: refs/heads/master@{#27972}
2015-04-21 15:12:58 +00:00
jkummerow
3eb277f270 %GetOptimizationStatus(): Unconditionally return a sentinel when --always-opt is present
Review URL: https://codereview.chromium.org/1086923002

Cr-Commit-Position: refs/heads/master@{#27822}
2015-04-14 14:57:48 +00:00
vegorov
021f738127 Treat HArgumentsObject as a safe use during Uint32 analysis phase.
Deoptimization infrastructure already handles it correctly.

This change fixes repetitive deoptimizations in the code like this:

    var u32 = new Uint32Array(1);
    u32[0] = -1;

    function tr(x) { return x|0; }
    function ld() { return tr(u32[0]); }

    while (true) ld();

Currently inlined tr will contain HArgumentsObject that is considered uint32-unsafe use and prevents u32[0] from becoming uint32 load - instead a speculative int32 load is generated which just deopts.

BUG=

Review URL: https://codereview.chromium.org/1077113002

Cr-Commit-Position: refs/heads/master@{#27781}
2015-04-13 10:47:15 +00:00
titzer
a511c78999 Fix maybe_string_add for adds that have no type feedback where --always-opt is on.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1071473003

Cr-Commit-Position: refs/heads/master@{#27667}
2015-04-08 13:14:30 +00:00
titzer
ebc5167476 [turbofan] Fix loading of JSFunction from activation in case of adapter frame.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1026023004

Cr-Commit-Position: refs/heads/master@{#27454}
2015-03-25 17:46:16 +00:00
bmeurer
ff89876bb9 [turbofan] Fix lowering of Math.max for integral inputs.
R=jarin@chromium.org
BUG=chromium:468162
LOG=y

Review URL: https://codereview.chromium.org/1027753002

Cr-Commit-Position: refs/heads/master@{#27341}
2015-03-20 12:05:19 +00:00
bmeurer
d5893cad6b [turbofan] Work-around untagged result of CompareIC in pointer maps.
BUG=chromium:469089
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1026683002

Cr-Commit-Position: refs/heads/master@{#27333}
2015-03-20 09:45:12 +00:00
jarin
b7dc9c580a [turbofan] Remember types for deoptimization during simplified lowering.
With this change, we remember the types of frame state inputs (in a new
operator, called TypedStateValues). Instead of inferring the value types
when building translations, we used the recorded types.

The original approach was not reliable because the passes after
simplified lowering can change node types, and this in turn confuses
the translation builder.

BUG=chromium:468727
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1015423002

Cr-Commit-Position: refs/heads/master@{#27310}
2015-03-19 14:00:33 +00:00
jarin
0cde253c9e [turbofan] Support lazy deopt for truncating store to a typed array.
The change introduces a second frame state (for the state before
the operation) for the StoreProperty nodes. If the store writes
into a typed array, the frame state is used for lazy deopt from
the to-number conversion that is performed by the store.

BUG=v8:3963
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/997983004

Cr-Commit-Position: refs/heads/master@{#27285}
2015-03-19 05:46:30 +00:00
titzer
434d1ad014 [turbofan] Fix bug in OSR deconstruction.
In constructing the transfer between loop copies, we need to merge the backedges from all the previous copies of the given loop. The control reduction will work out which ones are really reachable.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1004993004

Cr-Commit-Position: refs/heads/master@{#27246}
2015-03-17 17:55:29 +00:00
titzer
0b3f4af12c [turbofan] Fix --turbo-osr for OSRing into inner loop inside for-in.
R=mstarzinger@chromium.org
BUG=chromium:462775
LOG=Y

Review URL: https://codereview.chromium.org/988423003

Cr-Commit-Position: refs/heads/master@{#27088}
2015-03-10 09:27:40 +00:00
jarin
6f559b7ec3 [turbofan] Fix lazy deopt for JSToNumber conversions in binary operations.
This slightly hacky change provides lazy deopt points for to-number conversions in binops: When we deopt from a to-number conversion, we create a frame state with the already-converted value(s) so that we do not repeat the side effect of the conversion.

Embenchen numbers are below. It is not quite clear what happened to fasta - the hot code looks nearly identical.

Current: EmbenchenBox2d(RunTime): 12746 ms.
d8-master: EmbenchenBox2d(RunTime): 13861 ms.
----------- bullet.js
Current: EmbenchenBullet(RunTime): 17680 ms.
d8-master: EmbenchenBullet(RunTime): 19170 ms.
----------- copy.js
Current: EmbenchenCopy(RunTime): 4939 ms.
d8-master: EmbenchenCopy(RunTime): 4943 ms.
----------- corrections.js
Current: EmbenchenCorrections(RunTime): 6639 ms.
d8-master: EmbenchenCorrections(RunTime): 6728 ms.
----------- fannkuch.js
Current: EmbenchenFannkuch(RunTime): 4630 ms.
d8-master: EmbenchenFannkuch(RunTime): 4872 ms.
----------- fasta.js
Current: EmbenchenFasta(RunTime): 10209 ms.
d8-master: EmbenchenFasta(RunTime): 9673 ms.
----------- lua_binarytrees.js
Current: EmbenchenLuaBinaryTrees(RunTime): 12936 ms.
d8-master: EmbenchenLuaBinaryTrees(RunTime): 15529 ms.
----------- memops.js
Current: EmbenchenMemOps(RunTime): 7357 ms.
d8-master: EmbenchenMemOps(RunTime): 7340 ms.
----------- primes.js
Current: EmbenchenPrimes(RunTime): 7530 ms.
d8-master: EmbenchenPrimes(RunTime): 7457 ms.
----------- skinning.js
Current: EmbenchenSkinning(RunTime): 15832 ms.
d8-master: EmbenchenSkinning(RunTime): 15630 ms.
----------- zlib.js
Current: EmbenchenZLib(RunTime): 11176 ms.
d8-master: EmbenchenZLib(RunTime): 11324 ms.

BUG=

Review URL: https://codereview.chromium.org/985713003

Cr-Commit-Position: refs/heads/master@{#27071}
2015-03-09 13:24:42 +00:00
mstarzinger
dcb502a4ee [turbofan] Only reduce inline %DeoptimizeNow.
This makes sure only the %_DeoptimizeNow intrinsic is inlined, and
not the %DeoptimizeNow one. It hence re-establishes the invariant
that JSIntrinsicLowering only deals with inline intrinsics.

R=jarin@chromium.org
TEST=mjsunit/compiler/eager-deopt-simple

Review URL: https://codereview.chromium.org/988333003

Cr-Commit-Position: refs/heads/master@{#27070}
2015-03-09 13:20:26 +00:00
jarin
8d2e45669f [turbofan] First shot at eager deoptimization in Turbofan.
BUG=

Review URL: https://codereview.chromium.org/961973002

Cr-Commit-Position: refs/heads/master@{#26993}
2015-03-04 15:21:21 +00:00
mstarzinger
d016387e81 [turbofan] Add test coverage for deopt within try-catch.
This just contains test, no fixes. Note that some of the tests are
still disabled because they either fail or we don't want ClusterFuzz
to pick up the flag yet.

R=jarin@chromium.org
TEST=cctest/test-run-jsexceptions/Deopt,mjsunit/compiler/try-deopt

Review URL: https://codereview.chromium.org/972943004

Cr-Commit-Position: refs/heads/master@{#26968}
2015-03-03 17:23:42 +00:00
Jaroslav Sevcik
f0b11873a3 [turbofan] Fix deferred replacement in simplified lowering.
Deferred replacement must also replace in the pending node vector.

BUG=chromium:463056
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/966423002

Cr-Commit-Position: refs/heads/master@{#26938}
2015-03-02 12:49:49 +00:00
titzer
d050c331eb [turbofan] Simplify context specialization and fix for OSR.
AstGraphBuilder puts a constant context in from the beginning.
Also fix bug in merging contexts in environment.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/934293002

Cr-Commit-Position: refs/heads/master@{#26745}
2015-02-19 11:36:50 +00:00
titzer
71765afff9 [turbofan] Rename context stack as part of the environment for OSR.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/921083004

Cr-Commit-Position: refs/heads/master@{#26705}
2015-02-17 18:10:11 +00:00
jarin
0b8063cec8 [turbofan] Avoid ToNumber conversions if they could deoptimize.
BUG=chromium:454158
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/922623002

Cr-Commit-Position: refs/heads/master@{#26661}
2015-02-16 12:59:20 +00:00