...based on the 2-lock algorithm by M. Scott and M. Michael (1992).
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1448283004
Cr-Commit-Position: refs/heads/master@{#32078}
Retrieve the native context/global object from the Node being
specialized in the JSNativeContextSpecialization and the
JSGlobalObjectSpecialization classes. For this we introduce two
new methods NodeProperties::GetSpecializationNativeContext and
NodeProperties::GetSpecializationGlobalObject, which walk up
the context chain and might in the end take the native context
from the outermost activation (if native context specialization
is enabled). This allows us to run the native context specialization
pass as part of the inlining phase without hacking some of that into
the JSInliner.
Also refactor the NodeProperties::GetSpecializationContext method
that was previously local to the JSContextSpecialization.
Also refactor two other oddities in JSNativeContextSpecialization.
R=jarin@chromium.org
BUG=v8:4470, v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1451143005
Cr-Commit-Position: refs/heads/master@{#32076}
If the input type does not help us, we are conservative and truncate (rather than guessing signed).
Review URL: https://codereview.chromium.org/1455103002
Cr-Commit-Position: refs/heads/master@{#32075}
This CL brings us one step closer to untangle the runtime-gc dependency, i.e. RecordWrites should not be called from the runtime.
BUG=
Review URL: https://codereview.chromium.org/1456533002
Cr-Commit-Position: refs/heads/master@{#32074}
I found this optimization opportunity when analyzing some pathological
compile-time examples. When tying together live ranges across control
flow boundaries, we used to repeatedly check if the top level range was
spilled in deferred blocks or not. This proved to be a hotspot in such
cases (i.e. the pathological compile time ones).
Because the analysis needs to progress block by block and not live range by live range, we cannot feasibly save per-range information to
remove the hotspot. Instead, we save this information when
constructing LiveRangeBounds.
The result is 2.5 to 7% improvement in the pathological cases, and a few
similar bonuses in perf in a couple of other benchmarks.
Also, opportunistically removed the loop counting the number of child
ranges, since we have that count from the new (post - refactoring)
range numbering technique.
BUG=
Review URL: https://codereview.chromium.org/1412573009
Cr-Commit-Position: refs/heads/master@{#32071}
Lower access to byteOffset and byteLength getters on JSArrayBufferViews
and to length on JSTypedArrays. This requires a check to see whether the
backing JSArrayBuffer was neutered.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1453653003
Cr-Commit-Position: refs/heads/master@{#32070}
Port e5edd66d07
Original commit message:
This is the first part to refactoring the JSNativeContextSpecialization
class, which has grown way too big recently.
Also don't collect cross context feedback for the CallIC in general.
Neither TurboFan nor Crankshaft can make any use of cross context
JSFunction feedback that is collected by the CallIC, so there's no
point in gathering that feedback at all (it just complicates the
checking that is necessary in the compilers). What we should do
instead at some point (when Crankshaft becomes less important) is
to collect the SharedFunctionInfo as feedback for those cases.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1455663002
Cr-Commit-Position: refs/heads/master@{#32059}
With do-expressions any expression used within literals can turn into an
OSR entry-point. This means the literal object being constructed is then
renamed to an OSR value and needs to be reloaded from the environment.
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-literal
Review URL: https://codereview.chromium.org/1453733002
Cr-Commit-Position: refs/heads/master@{#32050}
Adds support for the LdaGlobal and StaGlobal bytecodes to the
BytecodeGraphBuilder. Also fixes a bug in the context node's parameter
index and start node inputs.
Landed on behalf of rmcilroy.
TBR=bmeuer@chromium.org,mythria@chromium.org
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1449373002
Cr-Commit-Position: refs/heads/master@{#32049}
With do-expressions any expression used within literals can turn into an
OSR entry-point. This means the literal object being constructed is then
renamed to an OSR value and needs to be reloaded from the environment.
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-literal
Review URL: https://codereview.chromium.org/1452193003
Cr-Commit-Position: refs/heads/master@{#32048}
With do-expressions any expression used within literals can turn into an
OSR entry-point. This means the literal object being constructed is then
renamed to an OSR value and needs to be reloaded from the environment.
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-literal
Review URL: https://codereview.chromium.org/1451423002
Cr-Commit-Position: refs/heads/master@{#32047}
Several changes are included here:
1. Each resolution callback references shared data indicating whether
it has already been resolved or not, as described in 25.4.1.3
http://tc39.github.io/ecma262/#sec-createresolvingfunctions.
Previously this was handled exclusively by the Promise's status,
which does not work correctly with the current chaining behaviour.
2. During fulfillment, When a Promise is resolved with a thenable, the
spec chains the promises together by invoking the thenable's `then`
function with the original Promise's resolve and reject methods (per
section 25.4.2.2, or
http://tc39.github.io/ecma262/#sec-promiseresolvethenablejob, on the
next tick, regardless of whether or not there are pending tasks.
3. Adds a spec compliance fix to ensure that the Promise constructor
is only loaded once when `then()` is called, solving v8:4539 as well.
This involves refactoring PromiseChain to accept a constructor
argument. PromiseChain/PromiseDeferred will hopefully be removed soon,
simplifying the process.
BUG=v8:4162, v8:4539, v8:3237
LOG=N
R=rossberg@chromium.org, littledan@chromium.org, adamk@chromium.org
Review URL: https://codereview.chromium.org/1394463003
Cr-Commit-Position: refs/heads/master@{#32046}
This disables the eager flushing of optimized code maps during full GCs
and instead treats entries in those tables weakly by default. Note that
for now entries are removed when one of its components dies.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1430293002
Cr-Commit-Position: refs/heads/master@{#32045}
This splits the work to be done for dead and life maps
and avoids unnecessary operations in the hot loop.
Results for v8.infinite_scroll:
Before:
nonlive_refs
len: 93
min: 0.0
max: 6.3
avg: 1.35268817204
[0,5[: 91
[5,10[: 2
After:
nonlive_refs
len: 91
min: 0.0
max: 4.2
avg: 0.968131868132
[0,5[: 91
BUG=chromium:554488
LOG=no
Review URL: https://codereview.chromium.org/1441633002
Cr-Commit-Position: refs/heads/master@{#32042}
Also properly support loading from holey double element backing stores
in JSNativeContextSpecialization. This adds a new simplified operator
NumberIsHoleNaN, which checks whether a certain value is the special NaN
that we use to encode "the hole" in holey double element backing stores.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1448343002
Cr-Commit-Position: refs/heads/master@{#32039}
Reason for revert:
Regression in thread_times.key_idle_power_cases (crbug.com/555153)
Original issue's description:
> Remove redundant activation threshold for incremental marking.
>
> The minimum allocation limit already enforces this constraint for normal GCs.
>
> GCs triggered by the memory reducer and external limit should work for all heap sizes.
>
> BUG=chromium:552305
> LOG=NO
>
> Committed: https://crrev.com/e28e4d5f52852e2f14facc37a02069b6bfc82c4e
> Cr-Commit-Position: refs/heads/master@{#31921}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:552305
Review URL: https://codereview.chromium.org/1456523002
Cr-Commit-Position: refs/heads/master@{#32038}
Adds support for visiting the Call bytecode to the bytecode graph builder.
This change also adds the call type feedback slot to the Call bytecode.
This is not currently used by the interpreter, but is used by the
graph builder.
Also adds a CallWide varient of the Call bytecode, and adds the kCount16
operand type.
Landed on behalf of rmcilroy.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1456453002
Cr-Commit-Position: refs/heads/master@{#32033}