Commit Graph

715 Commits

Author SHA1 Message Date
mstarzinger
7ca1f80d31 [runtime] Fix number of literals for builtin functions.
This fixes the SharedFunctionInfo::num_literals field for global builtin
functions (e.g. {Object} and friends) to be accurate. The field was not
being updated by Runtime_SetCode. It also removes the dangerous and by
now obsolete JSFunction::NumberOfLiterals accessor.

R=mvstanton@chromium.org

Review-Url: https://codereview.chromium.org/2007943002
Cr-Commit-Position: refs/heads/master@{#36480}
2016-05-24 15:12:58 +00:00
pierre.langlois
11b661f414 [turbofan] ARM: Support shifted indexes in loads and stores
This patch is a follow up to https://codereview.chromium.org/1972103002/
adding support for the `Operand_R_LSL_I` addressing mode to loads and
stores for ARM.

Just as the ARM64 implementation, the shift + load/store pattern is only
really relevant to the interpreter. For this reason, this patch does not
add support for the other addressing modes (`R_LSR_I`, `R_ASR_I` and
`R_ROR_I`) as I haven't seen those pattern being generated. Additionally,
the optimization is restricted 32 bit loads and stores.

kind = BYTECODE_HANDLER
name = Star
compiler = turbofan
Instructions (size = 40)
0x22a5f860     0  e2851001       add r1, r5, #1
0x22a5f864     4  e19610d1       ldrsb r1, [r6, +r1]
0x22a5f868     8  e1a0200b       mov r2, fp
0x22a5f86c    12  e7820101       str r0, [r2, +r1, lsl #2]
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^
0x22a5f870    16  e2855002       add r5, r5, #2
0x22a5f874    20  e7d61005       ldrb r1, [r6, +r5]
0x22a5f878    24  e7981101       ldr r1, [r8, +r1, lsl #2]
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^
0x22a5f87c    28  e12fff11       bx r1

BUG=

Review-Url: https://codereview.chromium.org/1974263002
Cr-Commit-Position: refs/heads/master@{#36381}
2016-05-19 19:18:25 +00:00
jacob.bramley
feeaac4061 [arm] Remove CpuFeature::MLS.
The MLS instruction is available in all ARMv7 devices, and in no ARMv6
devices, aside from the usual ARMv6T2 caveat. We don't need a separate
feature flag for it.

BUG=

Review-Url: https://codereview.chromium.org/1988133004
Cr-Commit-Position: refs/heads/master@{#36378}
2016-05-19 18:04:28 +00:00
neis
75140f39dd [compiler] Remove obsolete JSYield operator.
R=bmeurer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1981323002
Cr-Commit-Position: refs/heads/master@{#36312}
2016-05-18 08:55:33 +00:00
bmeurer
91a2ea815b [turbofan] We never use Int64Constant for branch/select conditions.
Remove dead code to optimize Int64Constants as branch/select conditions,
because we either have tagged booleans or bits represented as word32.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1994533002
Cr-Commit-Position: refs/heads/master@{#36308}
2016-05-18 07:20:19 +00:00
bmeurer
c5a71f029f [turbofan] Turn common Guard operator into simplified TypeGuard.
The type guard should never be used after the effect/control
linearization pass, so making it a simplified operator better
expresses the intended use. Also this way none of the common
operators actually has any dependency on the type system.

Drive-by-fix: Properly print the type parameter to a TypeGuard operator.

BUG=chromium:612142
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1994503002
Cr-Commit-Position: refs/heads/master@{#36304}
2016-05-18 06:19:30 +00:00
bmeurer
551e0aa11b [es6] Reintroduce the instanceof operator in the backends.
This adds back the instanceof operator support in the backends and
introduces a @@hasInstance protector cell on the isolate that guards the
fast path for the InstanceOfStub. This way we recover the ~10%
regression on Octane EarleyBoyer in Crankshaft and greatly improve
TurboFan and Ignition performance of instanceof.

R=ishell@chromium.org
TBR=hpayer@chromium.org,rossberg@chromium.org
BUG=chromium:597249, v8:4447
LOG=n

Review-Url: https://codereview.chromium.org/1980483003
Cr-Commit-Position: refs/heads/master@{#36275}
2016-05-17 11:25:59 +00:00
pierre.langlois
60fb6ea1b8 [turbofan] ARM64: Support shifted indexes in loads and stores
This patch adds support for the `Operand2_R_LSL_I` addressing mode to
loads and stores. This allows merging a shift instruction into a
MemoryOperand. Since the shift immediate is restricted to the log2 of
the operation width, the opportunities to hit this are slim. However,
Ignition's bytecode handlers hit this case all the time:

kind = BYTECODE_HANDLER
name = Star
compiler = turbofan
Instructions (size = 44)
0x23e67280     0  add x1, x19, #0x1 (1)
0x23e67284     4  ldrsb x1, [x20, x1]
0x23e67288     8  sxtw x1, w1
0x23e6728c    12  mov x2, fp
0x23e67290    16  str x0, [x2, x1, lsl #3]
                  ^^^^^^^^^^^^^^^^^^^^^
0x23e67294    20  add x19, x19, #0x2 (2)
0x23e67298    24  ldrb w1, [x20, x19]
0x23e6729c    28  ldr x1, [x21, x1, lsl #3]
                  ^^^^^^^^^^^^^^^^^^^^^
0x23e672a0    32  br x1

Additionally, I noticed the optimisation occurs once in both the
`StringPrototypeCharAt` and `StringPrototypeCharCodeAt` turbofan stubs.

BUG=

Review-Url: https://codereview.chromium.org/1972103002
Cr-Commit-Position: refs/heads/master@{#36227}
2016-05-13 07:58:59 +00:00
bmeurer
fa7460adbc [turbofan] Fix optimized lowering of Math.imul.
We eagerly inserted Int32Mul for Math.imul during builtin lowering and
messed up with the types, which confused the representation selection.
This adds a proper NumberImul operator, and fixes the builtin reducer to
do the right thing according to the spec.

R=mstarzinger@chromium.org
BUG=v8:5006
LOG=n

Review-Url: https://codereview.chromium.org/1971163002
Cr-Commit-Position: refs/heads/master@{#36219}
2016-05-12 18:43:32 +00:00
bmeurer
1270caeda4 [turbofan] Unify function prototype constant folding.
Up until now we had two places where we did the function prototype
folding, once in the Typer and once in JSTypedLowering. Put this logic
into JSNativeContextSpecialization instead.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1965293002
Cr-Commit-Position: refs/heads/master@{#36157}
2016-05-11 08:12:49 +00:00
bmeurer
2301473a88 [turbofan] Slighly improve JSCreateArguments lowering.
Make JSCreateArguments eliminatable, and remove the need for frame
states on JSCreateArguments nodes being lowered to (optimized) stub
calls. Only the runtime fallback needs a frame state, because in that
case we need to ask the deoptimizer for arguments to inlined functions.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1965013005
Cr-Commit-Position: refs/heads/master@{#36154}
2016-05-11 06:12:00 +00:00
bmeurer
b8229ec446 [turbofan] Initial version of allocation folding and write barrier elimination.
This adds a new pass MemoryOptimizer that walks over the effect chain
from Start and lowers all Allocate, LoadField, StoreField, LoadElement,
and StoreElement nodes, trying to fold allocations into allocation
groups and eliminate write barriers on StoreField and StoreElement if
possible (i.e. if the object belongs to the current allocation group and
that group allocates in new space).

R=hpayer@chromium.org, jarin@chromium.org
BUG=v8:4931, chromium:580959
LOG=n

Review-Url: https://codereview.chromium.org/1963583004
Cr-Commit-Position: refs/heads/master@{#36128}
2016-05-10 10:12:25 +00:00
jkummerow
148e7076ca Turn on -Wmissing-field-initializers on Linux.
Because not initializing fields can be, you know, dangerous.

Review-Url: https://codereview.chromium.org/1952703002
Cr-Commit-Position: refs/heads/master@{#36071}
2016-05-06 10:20:30 +00:00
bmeurer
8e5e6333cf [turbofan] Remove obsolete EffectSet common operator.
This operator was initially designed to handle arbitrary effect merging
for effect relaxation, but we don't do that (at least currently). So no
need to keep the dead operator around.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1954983002
Cr-Commit-Position: refs/heads/master@{#36063}
2016-05-06 07:46:44 +00:00
pierre.langlois
f07d2cdd6a ARM64: [turbofan] Avoid zero-extension after a 32-bit load
A load instruction will implicitely clear the top 32 bits when writing to a W
register. This patch avoids generating a `mov` instruction to zero-extend the
result in this case.

For example, this occurs in the generated code for dispatching to the next
bytecode in the interpreter:

  kind = BYTECODE_HANDLER
  name = LdaZero
  compiler = turbofan
  Instructions (size = 36)
  0x32e64c60     0  add x19, x19, #0x1 (1)
  0x32e64c64     4  ldrb w0, [x20, x19]
  0x32e64c68     8  mov w0, w0
                    ^^^^^^^^^^
  0x32e64c6c    12  lsl x0, x0, #3
  0x32e64c70    16  ldr x1, [x21, x0]
  0x32e64c74    20  movz x0, #0x0
  0x32e64c78    24  br x1

BUG=

Review-Url: https://codereview.chromium.org/1950013003
Cr-Commit-Position: refs/heads/master@{#36038}
2016-05-04 18:35:56 +00:00
bmeurer
ce38a8a92a [turbofan] Inline the allocation fast path.
Now that everything is properly wired to the effect chain when we get to
ChangeLowering, we can safely inline the allocation fast path and only
need to consule the slow path stub fallback when bump pointer allocation
fails.

R=jarin@chromium.org
BUG=v8:4931
LOG=n

Review-Url: https://codereview.chromium.org/1951853002
Cr-Commit-Position: refs/heads/master@{#36022}
2016-05-04 12:44:32 +00:00
martyn.capewell
0322c20d17 [turbofan] ARM64: Use zr to store immediate zero
When storing an immediate integer or floating point zero, use the zero register
as the source value. This avoids the need to sometimes allocate a new register.

BUG=

Review-Url: https://codereview.chromium.org/1945783002
Cr-Commit-Position: refs/heads/master@{#36013}
2016-05-04 10:19:48 +00:00
ahaas
b6db2255e6 [wasm] Mark all 64-bit instructions as supported on 32-bit platforms.
Additionally I removed some stale comments.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/1941323002
Cr-Commit-Position: refs/heads/master@{#35976}
2016-05-03 11:47:59 +00:00
bmeurer
4aa02441da [turbofan] Remove left-over change bits from ChangeLowering.
Now ChangeLowering is only concerned with lowering memory access and
allocation operations, and all changes are consistently lowered during
the effect/control linearization pass. The next step is to move the
left over lowerings to a pass dedicated to eliminate redundant loads and
stores, eliminate write barriers, fold and inline allocations.

Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
ChangeInt31ToTaggedSigned for consistency.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel

Committed: https://crrev.com/ceca5ae308bddda166651c654f96d71d74f617d0
Cr-Commit-Position: refs/heads/master@{#35924}

Review-Url: https://codereview.chromium.org/1941673002
Cr-Commit-Position: refs/heads/master@{#35929}
2016-05-02 10:23:43 +00:00
machenbach
b4c3864ba4 Revert of [turbofan] Remove left-over change bits from ChangeLowering. (patchset #2 id:20001 of https://codereview.chromium.org/1941673002/ )
Reason for revert:
[Sheriff] Breaks mac gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/5821

Original issue's description:
> [turbofan] Remove left-over change bits from ChangeLowering.
>
> Now ChangeLowering is only concerned with lowering memory access and
> allocation operations, and all changes are consistently lowered during
> the effect/control linearization pass. The next step is to move the
> left over lowerings to a pass dedicated to eliminate redundant loads and
> stores, eliminate write barriers, fold and inline allocations.
>
> Also remove the atomic regions now that we wire everything into the
> effect chain properly. This is an important step towards allocation
> inlining.
>
> Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
> ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
> ChangeInt31ToTaggedSigned for consistency.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
>
> Committed: https://crrev.com/ceca5ae308bddda166651c654f96d71d74f617d0
> Cr-Commit-Position: refs/heads/master@{#35924}

TBR=ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/1942733002
Cr-Commit-Position: refs/heads/master@{#35927}
2016-05-02 09:29:19 +00:00
bmeurer
ceca5ae308 [turbofan] Remove left-over change bits from ChangeLowering.
Now ChangeLowering is only concerned with lowering memory access and
allocation operations, and all changes are consistently lowered during
the effect/control linearization pass. The next step is to move the
left over lowerings to a pass dedicated to eliminate redundant loads and
stores, eliminate write barriers, fold and inline allocations.

Also remove the atomic regions now that we wire everything into the
effect chain properly. This is an important step towards allocation
inlining.

Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
ChangeInt31ToTaggedSigned for consistency.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel

Review-Url: https://codereview.chromium.org/1941673002
Cr-Commit-Position: refs/heads/master@{#35924}
2016-05-02 08:42:03 +00:00
bbudge
d565ba8ff3 RegisterAllocator: Clean up before adding aliasing.
Remove some unused fields in RegisterAllocationData.
Move some DCHECKS about configuration constraints.
Rename kMaxDoubleRegisters -> kMaxFPRegisters

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1518573002

Cr-Commit-Position: refs/heads/master@{#35777}
2016-04-25 20:11:40 +00:00
bmeurer
dcf178fb29 [turbofan] Move ChangeTaggedToFoo lowerings to EffectControlLinearizer.
These also lower to subgraphs that have to be connected to the effect
and control chains, otherwise removing the atomic regions around heap
allocations would still be unsound.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1916763003

Cr-Commit-Position: refs/heads/master@{#35762}
2016-04-25 12:41:17 +00:00
jarin
692eec3969 [turbofan] Remove obsolete parts of change lowering.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1917753002

Cr-Commit-Position: refs/heads/master@{#35756}
2016-04-25 09:27:18 +00:00
jarin
9cae24b8cc [turbofan] Wire in floating control during effect linearization phase.
Review URL: https://codereview.chromium.org/1921483002

Cr-Commit-Position: refs/heads/master@{#35747}
2016-04-25 04:29:23 +00:00
bmeurer
0231a7efa2 [turbofan] Introduce TruncateTaggedToWord32 simplified operator.
This allows us to get rid of the "push TruncateFloat64ToInt32 into Phi"
trick that was used in the MachineOperatorReducer to combine the
ChangeTaggedToFloat64 and TruncateFloat64ToInt32 operations. Instead of
doing that later, we can just introduce the proper operator during the
representation selection directly.

Also separate the TruncateFloat64ToInt32 machine operator, which had two
different meanings depending on a flag (either JavaScript truncation or
C++ style round to zero). Now there's a TruncateFloat64ToWord32 which
represents the JavaScript truncation (implemented via TruncateDoubleToI
macro + code stub) and the RoundFloat64ToInt32, which implements the C++
round towards zero operation (in the same style as the other WebAssembly
driven Round* machine operators).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1919513002

Cr-Commit-Position: refs/heads/master@{#35743}
2016-04-24 11:41:20 +00:00
bmeurer
550c0f9f55 [turbofan] Move more type checks to the representation selector.
Get rid of further typing checks from ChangeLowering and put them into
the representation selection pass instead (encoding the information in
the operator instead).

Drive-by-change: Rename ChangeSmiToInt32 to ChangeTaggedSignedToInt32
for consistency about naming Tagged, TaggedSigned and TaggedPointer.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1909343002

Cr-Commit-Position: refs/heads/master@{#35723}
2016-04-22 11:03:17 +00:00
bmeurer
861295bf16 [turbofan] Optimize tagged conversion based on type.
If we have to convert a float64 value to tagged representation and we
already know that the value is either in Signed31/Signed32 or
Unsigned32 range, then we can just convert the float64 to word32 and
use the fast word32 to tagged conversion. Doing this in
ChangeLowering (or the effect linearization pass) would be unsound, as
the types on the nodes are no longer usable.

This removes all Type uses from effect linearization. There's still some
work to be done for ChangeLowering tho.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1908093002

Cr-Commit-Position: refs/heads/master@{#35713}
2016-04-22 08:40:05 +00:00
rmcilroy
623ad7de88 [Interpreter] Remove register file register and replace with LoadParentFramePointer.
Removes the register file machine register from the interpreter and
replaces it will loads from the parent frame pointer. As part of this
change the raw operand values for register values changes to enable the
interpreter to keep using the operand value as the offset from the
parent frame pointer.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1894063002

Cr-Commit-Position: refs/heads/master@{#35618}
2016-04-19 12:48:41 +00:00
jarin
b9e287c6d9 [turbofan] Effect linearization after representation inference.
This introduces a compiler pass that schedules the graph and re-wires effect chain according to the schedule. It also connects allocating representation changes to the effect chain, and removes the BeginRegion and EndRegion nodes - they should not be needed anymore because all effectful nodes should be already wired-in.

This is an intermediate CL - the next step is to move lowering of the Change*ToTaggedEffect nodes to StateEffectIntroduction so that we do not have to introduce the effectful versions of nodes.

Review URL: https://codereview.chromium.org/1849603002

Cr-Commit-Position: refs/heads/master@{#35565}
2016-04-18 08:29:51 +00:00
bmeurer
662caac9d2 [turbofan] JSTypeOf, JSStrictEqual, JSStrictNotEqual and JSToBoolean are pure.
These operators are really pure on the JavaScript level, and were only
part of the effect chain to make sure we don't accidentially schedule
them right after raw allocations, which is no longer an issue since we
now have the concept of atomic regions.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1893543004

Cr-Commit-Position: refs/heads/master@{#35552}
2016-04-16 19:28:12 +00:00
mstarzinger
43c7c76f1d [turbofan] Use inline allocation for closures.
This changes closure creation to lower to inline allocations when
possible instead of going through the FastNewClosureStub. It allows us
to leverage all advantages of inline allocations on closures. Note that
it is only safe to embed the raw entry point of the compile lazy stub
into the code, because that stub is immortal and immovable.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1573153002

Cr-Commit-Position: refs/heads/master@{#35499}
2016-04-14 15:19:17 +00:00
jarin
f5961f90b1 [turbofan] Change number operations to handle Undefined as well.
This allows us to remove the turbofan bailout that we introduced
as a response to crbug.com/589792.

BUG=chromium:589792
LOG=n

Review URL: https://codereview.chromium.org/1884713003

Cr-Commit-Position: refs/heads/master@{#35493}
2016-04-14 13:13:56 +00:00
bmeurer
5b99eec342 [turbofan] Remove unused PlainPrimitiveToNumber operator.
At some point we thought about using this instead of JSToNumber, but now
there doesn't seem to be any reason for this anymore.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1890763002

Cr-Commit-Position: refs/heads/master@{#35469}
2016-04-14 07:42:22 +00:00
jarin
03975befe3 [turbofan] Remove some clever-but-wrong bits from select lowering.
BUG=chromium:600593
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1870763003

Cr-Commit-Position: refs/heads/master@{#35347}
2016-04-08 08:26:13 +00:00
jacob.bramley
141324cfdc [arm] Implement Float(32|64)(Min|Max) using vsel.
BUG=

Review URL: https://codereview.chromium.org/1862993002

Cr-Commit-Position: refs/heads/master@{#35292}
2016-04-06 10:17:57 +00:00
jarin
4142bc6bc1 [turbofan] Restrict types in load elimination.
In simplified numbering, we make sanity checks based on types (e.g.,
NumberSubtract should take numbers as inputs), but this can be
violated if optimization passes make types less precise.

In this CL, we fix load elimination to make sure that types are
smaller in the store -> load elimination by taking an intersection
of the load's type with the store value's type and inserting a guard
with that type. Note that the load type comes from type feedback, so
it can be disjoint from the stored value type (in that case, this
must be dead code because the map chack for the load should prevent
us from using the stored value).

BUG=chromium:599412
LOG=n

Review URL: https://codereview.chromium.org/1857133003

Cr-Commit-Position: refs/heads/master@{#35259}
2016-04-05 12:30:14 +00:00
titzer
45d75bca5c [turbofan] Handle dead diamonds in scheduling and add a test.
The background here is that graphs generated from WASM are not trimmed.
That means there can be some floating control diamonds that are not
reachable from end. An assertion in the scheduler for phis from floating
diamonds checks that the use edge in this situation is the control edge,
but in general, any edge could cause this.

Scheduling still works without this assertion. The longer term fix
is to either trim the graphs (more compile time overhead for WASM)
or improve the scheduler's handling of dead code in the graph. Currently
it does not schedule dead code but the potential use positions of
dead code are used in the computation of the common dominator of uses. We could
recognize dead nodes in PrepareUses() and check in GetBlockForUse()
as per TODO.

R=bradnelson@chromium.org, mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1846933002

Cr-Commit-Position: refs/heads/master@{#35245}
2016-04-04 17:45:59 +00:00
bmeurer
eaa92feb9a [builtins] Migrate Math.clz32 to a TurboFan builtin.
This allows us to remove the troublesome %_MathClz32 intrinsic and also
allows us to utilize the functionality that is already available in
TurboFan. Also introduce a proper NumberClz32 operator so we don't need
to introduce a machine operator at the JS level.

R=epertoso@chromium.org

Review URL: https://codereview.chromium.org/1852553003

Cr-Commit-Position: refs/heads/master@{#35208}
2016-04-01 14:36:32 +00:00
jochen
cb7aa79b12 Expose a lower bound of malloc'd memory via heap statistics
We expect that the majority of malloc'd memory held by V8 is allocated
in Zone objects. Introduce an Allocator class that is used by Zones to
manage memory, and allows for querying the current usage.

BUG=none
R=titzer@chromium.org,bmeurer@chromium.org,jarin@chromium.org
LOG=n
TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1847543002

Cr-Commit-Position: refs/heads/master@{#35196}
2016-04-01 10:01:56 +00:00
ahaas
bd4fb28ecd [wasm] Int64Lowering of Word64Ror and Word64Rol.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1843123002

Cr-Commit-Position: refs/heads/master@{#35173}
2016-03-31 17:05:43 +00:00
ahaas
40bdbef975 [wasm] Int64Lowering of Int64Mul on ia32 and arm.
Int64Mul is lowered to a new turbofan operator, Int32MulPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the multiplication.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1807273002

Cr-Commit-Position: refs/heads/master@{#35131}
2016-03-30 10:40:06 +00:00
ahaas
682df6dd33 [wasm] New attempt to implement the Int64Lowering of phis.
The new implementation deals with cycles in the TF graph in two steps:
1) The lowering of phis is delayed to avoid cyclic dependencies.
2) The replacement nodes of phis are created already when the phi is
   pushed onto the stack so that other nodes can use these replacements
   for their lowering.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1844553002

Cr-Commit-Position: refs/heads/master@{#35126}
2016-03-30 08:14:35 +00:00
bmeurer
36ead519c8 [builtins] Provide Math.floor as TurboFan builtin.
This way we avoid the second deoptimization for the Math.floor and
Math.ceil builtins when -0 is involved. We still deoptimize the inlined
Crankshaft version in various cases, that's a separate issue.

The algorithm used for implement CodeStubAssembler::Float64Floor is
vaguely based on the fast math version used in the libm of various BSDs,
but had to be reengineered to match the EcmaScript specification.

R=epertoso@chromium.org
BUG=v8:2890, v8:4059
LOG=n

Review URL: https://codereview.chromium.org/1828253002

Cr-Commit-Position: refs/heads/master@{#35083}
2016-03-28 17:31:43 +00:00
bmeurer
43fe7d6854 [builtins] Add support for JS builtins written in TurboFan.
This CL adds support for builtins with JavaScript linkage written using
the TurboFan CodeStubAssembler, but with a JSCall descriptor (which was
already supported thanks to a previous patch by Ben Smith). As a first
example, we convert the Math.sqrt builtin and thereby get rid of the
%_MathSqrt intrinsic, which causes trouble for the representation
selection pass in the JavaScript pipeline.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1824993002

Cr-Commit-Position: refs/heads/master@{#34989}
2016-03-22 13:25:54 +00:00
jarin
e1bd9af173 [turbofan] Add more sanity checks to representation inference.
The CL also add guard nodes to places where we assume that certain
values are numbers.

Review URL: https://codereview.chromium.org/1821133002

Cr-Commit-Position: refs/heads/master@{#34977}
2016-03-22 06:50:52 +00:00
mvstanton
992ae64de0 Provide optimized support for the %GetOrdinaryHasInstance intrinsic.
This new intrinsic is used by the desugared ES6 instanceof implementation for
the cases when the F[@@hasInstance] property is null or undefined.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1809993002

Cr-Commit-Position: refs/heads/master@{#34866}
2016-03-17 15:46:59 +00:00
ahaas
7f19628a5b [wasm] Int64Lowering of Word64Ctz.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1806593003

Cr-Commit-Position: refs/heads/master@{#34811}
2016-03-16 12:16:00 +00:00
ahaas
5c16cac96d [wasm] Int64Lowering of Word64Clz.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1810473002

Cr-Commit-Position: refs/heads/master@{#34809}
2016-03-16 11:03:07 +00:00
ahaas
33c08596e1 [wasm] Int64Lowering of Int64Sub on ia32 and arm.
Int64Sub is lowered to a new turbofan operator, Int32SubPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the subtraction.

The implementation is very similar to the implementation of Int64Add.

@v8-arm-ports: please take a careful look at the implementation of sbc
in the simulator.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1778893005

Cr-Commit-Position: refs/heads/master@{#34808}
2016-03-16 10:58:05 +00:00