This is a cosmetic change only.
Change-Id: I9a0ea9a23b4fc1490759433153c7d47e492b853d
Reviewed-on: https://chromium-review.googlesource.com/936624
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51733}
ArrayIndexOf is a monolithic builtin which does some checking and then handles
three groups of fast arrays: those with holey doubles, compacted doubles and
SMIs+objects. TF cannot reuse this efficiently, because calling the TFJ
ArrayIndexOf duplicates some checks and also does not allow passing arguments
through registers. Similarly for ArrayInclude.
This CL splits the three different types of fast array handling into a separate
TF stubs, and makes the parent TFJ as well as TurboFan itself use them where
appropriate.
The TODOs not tackled in this CL inculde:
* passing an empty context to spare a register when possible
* inlining the search loop if there is any performance gain to it
(This is the contiunation of http://crrev.com/2757853002, moved due to Rietveld
deprecation.)
BUG=v8:5985
Change-Id: I00c97b71be4892f8bc7e1ed6d72e02087618a9a6
Reviewed-on: https://chromium-review.googlesource.com/573020
Commit-Queue: Vaclav Brozek <vabr@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51729}
This changes the JSArrayIterator to always have only a single instance
type, instead of the zoo of instance types that we had before, and
which became less useful with the specification update to when "next"
is loaded from the iterator now. This greatly simplifies the baseline
implementation of the array iterator, which now only looks at the
iterated object during %ArrayIteratorPrototype%.next invocations.
In TurboFan we introduce a new JSCreateArrayIterator operator, that
holds the IterationKind and get's the iterated object as input. When
optimizing %ArrayIteratorPrototype%.next in the JSCallReducer, we
check whether the receiver is a JSCreateArrayIterator, and if so,
we try to infer maps for the iterated object from there. If we find
any, we speculatively assume that these won't have changed during
iteration (as we did before with the previous approach), and generate
fast code for both JSArray and JSTypedArray iteration.
Drive-by-fix: Drop the fast_array_iteration protector, it's not
necessary anymore since we have the deoptimization guard bit in
the JSCallReducer now.
This addresses the performance cliff noticed in webpack 4. The minimal
repro on the tracking bug goes from
console.timeEnd: mono, 124.773000
console.timeEnd: poly, 670.353000
to
console.timeEnd: mono, 118.709000
console.timeEnd: poly, 141.393000
so that's a 4.7x improvement.
Also make presubmit happy by adding the missing #undef's.
Bug: v8:7510, v7:7514
Change-Id: I79a46bfa2cd0f0710e09365ef72519b1bbb667b5
Reviewed-on: https://chromium-review.googlesource.com/946098
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51725}
This will fire if the CAST is never useful. This is helpful if you add
a TNode return type to a function - its callers no longer need to cast
the result if the types are the same.
Change-Id: If0b04c615cb2dbfa91ba43d5d0d35ace5a31d4e7
Reviewed-on: https://chromium-review.googlesource.com/934449
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51599}
Convert all context, receiver and argc Node*s to their appropriate TNode
type.
Bug: v8:7310
Change-Id: Ic6bf22ffb22199d390731d424b7395c47a8f19cf
Reviewed-on: https://chromium-review.googlesource.com/934442
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51511}
and use it more often.
Bug: v8:7310
Change-Id: I7773f35415a0bb529cdaac380c9068f4ed5010ae
Reviewed-on: https://chromium-review.googlesource.com/930236
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51493}
This is a reland of dda0419ecd.
Originally reviewed-on: https://chromium-review.googlesource.com/914513
and landed as refs/heads/master@{#51342}.
Bug: v8:6791
Change-Id: I3b3a069da7a0e64c38a81b3110dc5ece4887cb19
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/924665
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51352}
Adds a function to call Builtins::kToObject returning a JSReceiver.
Also changes all previous uses of CallBuiltin(Builtins:kToObject to use
it.
Also fixed a case in builtins-object-gen.cc, where the result of
ToObject is cast (unchecked so it doesn't crash) to a JSObject before
actually checking it is a JSObject.
Change-Id: I3b1ff50babc3b3cbf44d56970099d105f7a66d34
Reviewed-on: https://chromium-review.googlesource.com/906778
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51232}
This avoids the ambiguous implicit conversion C++ compile
errors we had to fix with static_cast before.
Change-Id: I4247f617740f2b6d14d9588a902e0e25029a6726
Reviewed-on: https://chromium-review.googlesource.com/911629
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51217}
We don't need to generate TypedArraySpeciesCreate code for each type
case because TypedArraySpeciesCreate also handles each case, so it
generates duplicated codes. Thus, create a result object once before
switching to each type case. Also, replace ToNumber with
ToNumber_Inline.
This CL saves about 8000 bytes of generated code size.
Change-Id: I014535b0ef4b3d2a50a37cdc2b6cb4e83f6c2f17
Reviewed-on: https://chromium-review.googlesource.com/910755
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51213}
This removes the Javascript version of Array.from in js/array.js and
adds a CodeStubAssembler version in src/builtins/builtins-array-gen.cc.
Also modify IteratorBuiltinsAssembler to allow querying the existence
of the iterator method without calling it so we can fall back to the
array-like behavior.
BUG=v8:1956
Change-Id: Ibfb3cef002d72d70bd30b4de676fd22becde006c
Reviewed-on: https://chromium-review.googlesource.com/887066
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51208}
Cleanup CL that removes unnecessary builtins that were just wrapping
the throwing of errors. Use the ThrowTypeError and ThrowRangeError
helpers more consistently from CSA.
Change-Id: I2d0c3647340c88c457b27e16c0a81567869b7ec7
Reviewed-on: https://chromium-review.googlesource.com/906769
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51150}
We need a deopt point for the case when we fail to find an initial
element from which to begin the reduction step.
Bug: v8:7384
Change-Id: I5e476ddc433be690577677b018639c4c0c70809b
Reviewed-on: https://chromium-review.googlesource.com/906508
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51146}
Move the class declaration for SpeciesCreateByLength to a header file
so that we can share more TypedArray CSA code.
Delete the C++ implementation of species create for typed arrays
because it is no longer used.
Change-Id: I7c43b8ef144ba9a8ce12516f7cb8fb570491cb26
Reviewed-on: https://chromium-review.googlesource.com/904987
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51139}
This makes the ArrayBuiltinsAssembler consistent with the StringBuiltinsAssembler
and paves the way for tools that expect the assemblers to have a common structure.
Change-Id: I7470fc2cf144f9cc2fdbcee99b31daed267550be
Reviewed-on: https://chromium-review.googlesource.com/889933
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50920}
Before we can set the length of the created array in CSA, first check
that it's possible and will do what we want. I.e. check
a) that the length is writable
b) the backing store is not copy-on-write and
c) the old length is not greater than the new length (as otherwise later
insertion past the end could restore values from the original
constructor).
If not then fall back on Runtime::kSetProperty.
Bug: chromium:804177
Change-Id: Id0e452f9d160704bbd71e87a075ba4e3983729a7
Reviewed-on: https://chromium-review.googlesource.com/880922
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50818}
When the array created would exceed the maximum size for a regular heap
object, instead create it using Runtime::kNewArray directly rather than
via AllocateJSArray.
Bug: chromium:803750
Change-Id: I78cd82edf5a813a2ed69272361e0ca07f864c5ba
Reviewed-on: https://chromium-review.googlesource.com/876011
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50726}
This removes the Javascript version of Array.of in js/array.js and adds
a CodeStubAssembler version in src/builtins/builtins-array-gen.cc.
Mostly this change is for code-health reasons but it also gives
performance improvements for nearly all cases with the exception of
"transplanted" arrays. E.g.
function ArrayLike {}
ArrayLike.of = Array.of
ArrayLike.of(...) is now slower in the perf tests. Most of this change
can be attributed to using CallRuntime(kSetProperty,...) to set the
length. The JS version can do better due to inline caches trained on
the same datatype for 1000s of iterations, but this kind of workload is
unlikely.
Change-Id: I18e5b19b185257e9e0d553e1183b40ba4a5d3289
Reviewed-on: https://chromium-review.googlesource.com/863625
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50680}
This reduces reduces code size by 16 KB while keeping the fast path (in
which the given argument is already a smi) inlined and extracting
remaining logic to a stub call.
Change-Id: I531999c990519eef1247cc3785ad4b16164f7a5e
Reviewed-on: https://chromium-review.googlesource.com/833912
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50224}
Bug:
Change-Id: If86c51b428f254ffce68d295f9e8001cee27b9ce
Reviewed-on: https://chromium-review.googlesource.com/833236
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#50219}
Support inlining Array.prototype.findIndex in Turbofan.
Depending on array size, quick benchmarks show a >2x
improvement: https://github.com/peterwmwong/v8-perf/blob/master/array-find-findIndex-tf/README.md
Bug: chromium:791045, v8:1956, v8:7165
Change-Id: I250554885f924c97b0072e09ee289713df5cbe63
Reviewed-on: https://chromium-review.googlesource.com/824382
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50133}
- Removes JS implementation and InnerArrayFind/InnerArrayFindIndex
- Adds TFJ, with TFS for slow continuation path
Some quick benchmarks show ~2x improvement for unoptimized code
and up to 16% improvement against optimized code (diminishes with
larger arrays as iterating dominates).
https://github.com/peterwmwong/v8-perf/blob/master/array-find-findIndex/README.md
Bug: chromium:791045, v8:1956, v8:5049, v8:7165
Change-Id: Ie16252ed495bbd91fe548b16d5ef6764de791a50
Reviewed-on: https://chromium-review.googlesource.com/804704
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49851}
This reduces the overhead of calling the builtin.
Quick measurements show >5x improvement. As the
typed array's size grows, iterating dominates
and the performance gap closes.
https://github.com/peterwmwong/v8-perf/blob/master/typedarray-findIndex/README.md
Bug: v8:5929
Change-Id: I27d67776c83cbe28f4f9f5ef479a7eeabf594654
Reviewed-on: https://chromium-review.googlesource.com/792394
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49720}
This reduces the overhead of calling the builtin.
Quick measurements show >5x improvement. As the
typed array's size grows, iterating dominates
and the performance gap closes.
https://github.com/peterwmwong/v8-perf/blob/master/typedarray-find/README.md
Bug: v8:5929
Change-Id: Ia74546bb46d446c6161c8956e350d4b5cdc1b328
Reviewed-on: https://chromium-review.googlesource.com/792454
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49706}
The "array protector" now guards the Object.prototype, the
Array.prototype and the String.prototype, so the name was a
bit misleading nowadays. So the new name "no elements protector"
was chosen.
Bug: v8:6936, v8:7014, v8:7027
Change-Id: I9a9d7caa2caf0ac9e78cc6658de2f0506970dfa2
Reviewed-on: https://chromium-review.googlesource.com/778162
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49471}
This CL adds support for two byte string comparisons to the StringEqual
builtin, which so far was bailing out to the generic %StringEqual
runtime function whenever any two-byte string was involved. This made
comparisons that involved two-byte strings, either comparing them to
one-byte strings or comparing two two-byte strings, up to 3x slower than
if only one-byte strings were involved.
With this change, all direct string (SeqString or ExternalString)
equality checks are roughly on par now, and the weird performance cliff
is gone. On the micro-benchmark from the bug we go from
stringEqualBothOneByteSeqString: 162 ms.
stringEqualTwoByteAndOneByteSeqString: 446 ms.
stringEqualOneByteAndTwoByteSeqString: 438 ms.
stringEqualBothTwoByteSeqString: 472 ms.
to
stringEqualBothOneByteSeqString: 151 ms.
stringEqualTwoByteAndOneByteSeqString: 158 ms.
stringEqualOneByteAndTwoByteSeqString: 166 ms.
stringEqualBothTwoByteSeqString: 160 ms.
which is the desired result. On the esprima test of the
web-tooling-benchmark we seem to improve by 1-2%, which corresponds to
the savings of going to the runtime for many StringEqual comparisons.
Drive-by-cleanup: Introduce LoadAndUntagStringLength helper into the CSA
with proper typing to avoid the unnecessary shifts on 64-bit platforms
when keeping the length tagged initially in StringEqual.
Bug: v8:4913, v8:6365, v8:6371, v8:6936, v8:7022
Change-Id: I566f4b80e217513775ffbd35e0480154abf59b27
Reviewed-on: https://chromium-review.googlesource.com/749223
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49067}
and use a newly-introduced "enum class Operation" in all
other places that so far passed Token::Values around.
Also delete some related dead code along the way.
Bug: v8:6921
Change-Id: I062f396d304aa62298cfeff202e3132a4a5597c1
Reviewed-on: https://chromium-review.googlesource.com/736851
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48944}
E.g. use TrueConstant() instead of BooleanConstant(true) and
NullConstant() instead of HeapConstant(factory...null_value()).
R=jkummerow@chromium.org
Bug:
Change-Id: I0588d71940d8baf289eb8f8e6c8d20aa717d57f6
Reviewed-on: https://chromium-review.googlesource.com/735681
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48911}