Adds JumpIfNotHoleConstant and JumpIfNotHoleConstantWide bytecodes
and removes JumpIfHole bytecode.
In situations with large numbers of constants, the generator would
fail because an 8-bit constant could not be reserved for
JumpIfHole/JumpIfNotHole and so a 16-bit constant would be reserved.
Then when patching the bytecode the patcher would discover there was
no wide constant variant of the emitted jump.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1697473002
Cr-Commit-Position: refs/heads/master@{#33952}
This was causing code like:
REX.W cmpq r9,r8
setzl r8l
movzxbl r8,r8
REX.W cmpq r8,0x0
jz 185
(note the cmpq instead of cmpl above) on x64 instead of:
REX.W cmpq r9,r8
jnz 149
http://crrev.com/1677503002 is now obsolete and has been reverted.
Review URL: https://codereview.chromium.org/1685183003
Cr-Commit-Position: refs/heads/master@{#33934}
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
R=jarin@chromium.orgTBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1693513002
Cr-Commit-Position: refs/heads/master@{#33925}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33909}
This replaces the bytecode in question with a runtime call within the
bytecode stream. The tradeoff is to safe one bytecode opcode for more
expensive encoding of lookup slot deletion.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1690913002
Cr-Commit-Position: refs/heads/master@{#33907}
Reason for revert:
[Sheriff] Breaks the tree:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20builder/builds/13892
Blamelists are wrong because of overloaded master. The trybots on this CL might have been outdated by the time of commit... Please rebase and retry.
Original issue's description:
> [Interpreter] Rename GetCountOperand to GetRegisterCountOperand.
>
> Apparently, this BytecodeArrayIterator method was missed during the
> previous refactor. No other (collateral) change was done.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/3781ca79f5c48b55d7f0bf6df370ec11515a1466
> Cr-Commit-Position: refs/heads/master@{#33897}
TBR=oth@chromium.org,rmcilroy@chromium.org,mstarzinger@chromium.org,ssanfilippo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1690963002
Cr-Commit-Position: refs/heads/master@{#33900}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33897}
Add dedicated %LoadLookupSlot, %LoadLookupSlotInsideTypeof,
%LoadLookupSlotForCall, %StoreLookupSlot_Sloppy and
%StoreLookupSlot_Strict runtime entry points and use them
appropriately in the various compilers. This way we can
finally drop the machine operators from the JS graph level
completely in TurboFan.
Also drop the funky JSLoadDynamic operator from TurboFan,
which was by now just a small wrapper around the runtime
call to %LoadLookupSlot.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1683103002
Cr-Commit-Position: refs/heads/master@{#33880}
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1673333004
Cr-Commit-Position: refs/heads/master@{#33873}
Reason for revert:
Possibly causing Mozilla test failures - will investigate.
Original issue's description:
> [turbofan] ARM: Improve AND instruction selection
>
> Improve instruction selector for mask and shift operations by using cheaper
> instructions where possible, in preference to UBFX.
>
> BUG=
>
> Committed: https://crrev.com/53d9c12977f07f55b6f2a72128b8d02c4c857845
> Cr-Commit-Position: refs/heads/master@{#33843}
TBR=bmeurer@chromium.org,jarin@chromium.org,danno@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1681953003
Cr-Commit-Position: refs/heads/master@{#33850}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
BUG=
Review URL: https://codereview.chromium.org/1677023002
Cr-Commit-Position: refs/heads/master@{#33843}
This allows us to remove the somewhat awkward BuildLoadObjectField
from the BytecodeGraphBuilder and also allows us to simplify the
bytecode stream for class literals.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1678103002
Cr-Commit-Position: refs/heads/master@{#33820}
Adds implementation and tests to support const/let variables in the
interpreter.
BUG=v8:4280,v8:4679
LOG=N
Review URL: https://codereview.chromium.org/1634153002
Cr-Commit-Position: refs/heads/master@{#33819}
This moves the JSCreate related functionality from JSTypedLowering into
a dedicated JSCreateLowering reducer. This is in preparation of landing
the support for optimized literals in TurboFan, which would blow up
JSTypedLowering quite seriously otherwise.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1678833002
Cr-Commit-Position: refs/heads/master@{#33813}
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
R=jarin@chromium.org, rmcilroy@chromium.orgTBR=rossberg@chromium.org
BUG=v8:2159
LOG=n
Review URL: https://codereview.chromium.org/1676883002
Cr-Commit-Position: refs/heads/master@{#33809}
This replaces the global remembered set with per-page remembered sets.
Each page in the old space, map space, and large object space keeps track of
the set of slots in the page pointing to the new space.
The data structure for storing slot sets is a two-level bitmap, which allows
us to remove the store buffer overflow and SCAN_ON_SCAVENGE logic.
Design doc: https://goo.gl/sMKCf7
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1608583002
Cr-Commit-Position: refs/heads/master@{#33806}
Reason for revert:
Must revert for now due to chromium api natives issues.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> (RELAND: the problem before was a missing write barrier for adding the code
> entry to the new closure. It's been addressed with a new macro instruction
> and test. The only change to this CL is the addition of two calls to
> __ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
> Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
> And Benedikt reviewed it as well.
>
> TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/bb31db3ad6de16f86a61f6c7bbfd3274e3d957b5
> Cr-Commit-Position: refs/heads/master@{#33741}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1670813005
Cr-Commit-Position: refs/heads/master@{#33766}
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1668103002
Cr-Commit-Position: refs/heads/master@{#33741}
Moves the stack check from the function entry trampoline to instead be
after function activation using an explicit StackCheck bytecode. Also
add stack checks on back edges of loops.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1665853002
Cr-Commit-Position: refs/heads/master@{#33730}
This cleans up and simplifyies handling the bytes followin an opcode
with little helper structs that will be useful in the interpreter and
already have been in keeping OpcodeArity and OpcodeLength up to date
with the decoder.
R=bradnelson@chromium.org, ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1664883002
Cr-Commit-Position: refs/heads/master@{#33723}
So far, we've been moving down gaps wholesale. This change moves
individual move operations instead. This improves some benchmarks,
and should overall reduce code size, because it improves the chance of
reducing the number of moves.
For example, there are improvements on x64 in Emscripten (Bullet, in
particular) , JetStream geomean, Embenchen (zlib).
In the process of making this change, I noticed we can separate the
tasks performed by the move optimizer, as follows:
- group gaps into 1
- push gaps down, jumping instructions (these 2 were together before)
- merge blocks (and then push gaps down)
- finalize
We can do without a finalization list. This avoids duplicating storage -
we already have the list of instructions; it also simplifies the logic, since,
with this change, we may process an instruction's gap twice.
Compile time doesn't regress much (see pathological cases), but we
may want to avoid the allocations of the few sets used in the new code.
I'll do that in a subsequent change.
BUG=
Review URL: https://codereview.chromium.org/1634093002
Cr-Commit-Position: refs/heads/master@{#33715}
Moves the temporary register allocator out of the bytecode array
builder into TemporaryRegisterAllocator class and adds unittests.
Particular must be taken around the translation window boundary
motivating the addition of tests.
Also adds a Clear() method to IdentityMap() which is called by
the destructor. This allows classes to hold an IdentityMap if
they are zone allocated. Classes must call Clear() before the zone
is re-cycled or face v8 heap corruption.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1651133002
Cr-Commit-Position: refs/heads/master@{#33686}
Move all the code that deals with falling back to object creation via
stubs to JSGenericLowering, where we can already deal well with stub
calls. This includes JSCreateLiteralArray, JSCreateLiteralObject,
JSCreateClosure, JSCreateFunctionContext and JSCreateArray.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1653353002
Cr-Commit-Position: refs/heads/master@{#33682}
Avoid the hacking in JSIntrinsicLowering and provide a proper simplified
operator ObjectIsReceiver instead that is used to implement %_IsJSReceiver
which is used by our JavaScript builtins and the JSInliner.
R=jarin@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1657863004
Cr-Commit-Position: refs/heads/master@{#33675}
There's no point in having %_IsFunction as inline intrinsic, as it
is only used in non performance critical code, which is already full
of runtime calls anyway, so %IsFunction will do the trick as well.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1658123002
Cr-Commit-Position: refs/heads/master@{#33660}
This CL removes the Config templatization from the types. It is not
necessary anymore, after the HeapTypes have been removed.
The CL also changes the type hierarchy - the specific type kinds are
not inner classes of the Type class and they do not inherit from Type.
This is partly because it seems impossible to make this work without
templates. Instead, a new TypeBase class is introduced and all the
structural (i.e., non-bitset) types inherit from it.
The bitset type still requires the bit-munging hack and some nasty
reinterpret-casts to pretend bitsets are of type Type*. Additionally,
there is now the same hack for TypeBase - all pointers to the sub-types
of TypeBase are reinterpret-casted to Type*. This is to keep the type
constructors in inline method definitions (although it is unclear how
much that actually buys us).
In future, we would like to move to a model where we encapsulate Type*
into a class (or possibly use Type where we used to use Type*). This
would loosen the coupling between bitset size and pointer size, and
eventually we would be able to have more bits.
TBR=bradnelson@chromium.org
Review URL: https://codereview.chromium.org/1655833002
Cr-Commit-Position: refs/heads/master@{#33656}
Reason for revert:
problems on Mac64
Original issue's description:
> [turbofan] Add the StackSlot operator to turbofan.
>
> The StackSlot operator allows to allocate a spill slot on the stack. We
> are going to use this operator to pass floats through pointers to c
> functions, which we need for floating point rounding in the case where
> the architecture does not provide rounding instructions.
>
> R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-ppc-ports@googlegroups.com, v8-mips-ports@googlegroups.com
>
> Committed: https://crrev.com/7a693437787090d62d937b862e29521debcc5223
> Cr-Commit-Position: refs/heads/master@{#33600}
TBR=titzer@chromium.org,v8-arm-ports@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1644283002
Cr-Commit-Position: refs/heads/master@{#33601}
Reason for revert:
Bug: failing to use write barrier when writing code entry into closure.
Original issue's description:
> Reland of Type Feedback Vector lives in the closure
>
> (Fixed a bug found by nosnap builds.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/d984b3b0ce91e55800f5323b4bb32a06f8a5aab1
> Cr-Commit-Position: refs/heads/master@{#33548}
TBR=bmeurer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1643533003
Cr-Commit-Position: refs/heads/master@{#33556}
(Fixed a bug found by nosnap builds.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1642613002
Cr-Commit-Position: refs/heads/master@{#33548}
Introduces the concept of transfer direction to register operands. This
enables the register translator to emit exactly the moves that a
bytecode having it's register operands translated needs.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1633153002
Cr-Commit-Position: refs/heads/master@{#33544}
Reason for revert:
FAilure on win32 bot, need to investigate webkit failures.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/a5200f7ed4d11c6b882fa667da7a1864226544b4
> Cr-Commit-Position: refs/heads/master@{#33518}
TBR=bmeurer@chromium.org,akos.palfi@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1632993003
Cr-Commit-Position: refs/heads/master@{#33520}
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1563213002
Cr-Commit-Position: refs/heads/master@{#33518}
This increases the size of register operands to be 16-bit.
Not all bytecodes have wide register variants, so when they are
needed a register translator will copy them into a small area
reserved at the top of the 8-bit register range and these registers
are supplied as arguments to the bytecode with 8-bit operands.
This is non-intrusive for typical bytecode where the number of
registers is less than 120. For bytecodes with wide register
operands (above the window) their index needs to be translated
to avoid the reserved translation window.
Enables splay.js to run in Octane and a handful of mjsunit tests.
BUG=v8:4280,v8:4675
LOG=NO
Review URL: https://codereview.chromium.org/1613163002
Cr-Commit-Position: refs/heads/master@{#33516}
* Add caching to handling of dangling loads
* Add two unittests for load elimination on escaped objects
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1619103004
Cr-Commit-Position: refs/heads/master@{#33498}
This CL implements loop assignment analysis, a pass over a loop's body
to record local variables that are assigned. This pre-pass is similar
to that done on the JavaScript AST for the same reason: avoid introducing
too many phis at loop headers when building a graph.
R=bradnelson@chromium.org,ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1617723003
Cr-Commit-Position: refs/heads/master@{#33486}
moves, we move those to the node, and remove them from the
predecessors ("merge" them to the common node).
If only some of the moves are common, we don't do anything. This is
what this change addresses.
The bug linked below should be addressed by this change. The only
difference in codegen before/after the change that introduced the bug
was un-merged moves.
BUG=chromium:549262
LOG=N
Review URL: https://codereview.chromium.org/1527203002
Cr-Commit-Position: refs/heads/master@{#33481}
Change the interpreter to always store the current context in the frame's
context slot instead of the function context. This makes it possible to
restore the correct context during deopt.
BUG=v8:4678,v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1604923002
Cr-Commit-Position: refs/heads/master@{#33477}
This adds an explicit ReThrow bytecode to be used in the modelling of
try-finally statements. An exception that is being re-thrown should not
trigger message object creation or location computation and hence cannot
use the existing Throw bytecode.
R=rmcilroy@chromium.org
TEST=cctest/test-interpreter/InterpreterTryFinally
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1621673002
Cr-Commit-Position: refs/heads/master@{#33472}
