We already had an optimization to turn Function.prototype.apply with
arguments object, i.e.
function foo() { return bar.apply(this, arguments); }
into a special operator JSCallForwardVarargs, which avoids the
allocation and deconstruction of the arguments object, but just passes
along the incoming parameters. We can do the same for rest parameters
and spread calls/constructs, i.e.
class A extends B {
constructor(...args) { super(...args); }
}
or
function foo(...args) { return bar(1, 2, 3, ...args); }
where we basically pass along the parameters (plus maybe additional
statically known parameters).
For this, we introduce a new JSConstructForwardVarargs operator and
generalize the CallForwardVarargs builtins that are backing this.
BUG=v8:6407,v8:6278,v8:6344
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2890023004
Cr-Commit-Position: refs/heads/master@{#45388}
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Original-Commit-Position: refs/heads/master@{#44770}
Committed: 74f2497eae
Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Commit-Position: refs/heads/master@{#44775}
Committed: 9c0832eb1a
Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44779}
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Commit-Position: refs/heads/master@{#44770}
Committed: 74f2497eae
Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44775}
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Android%20Arm64%20-%20builder/builds/9118
Original issue's description:
> [regexp] Remove remainder of native RegExpExecStub
>
> If we avoid throwing a stack overflow exception from Irregexp code during
> direct calls, there is no need to construct exit frames before the Irregexp
> call anymore. As that was the last remaining blocker, we can now implement the
> entire stub in CSA.
>
> BUG=v8:5339
>
> Review-Url: https://codereview.chromium.org/2752143003
> Cr-Commit-Position: refs/heads/master@{#44770}
> Committed: 74f2497eaeTBR=ishell@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2833083002
Cr-Commit-Position: refs/heads/master@{#44771}
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44770}
Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.
As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.
Reland of https://chromium-review.googlesource.com/c/463287 after fixing
tests in https://codereview.chromium.org/2813873002.
Change-Id: I314d69c7643ceec6a5750ffdab60dad38dad09e5
Reviewed-on: https://chromium-review.googlesource.com/474752
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44582}
This reverts commit 751e893591.
Reason for revert: Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14885
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original change's description:
> [ignition] Add call bytecodes for undefined receiver
>
> Adds a collection of call bytecodes which have an implicit undefined
> receiver argument, for cases such as global calls where we know that the
> receiver has to be undefined. This way we can skip an LdaUndefined,
> decrease bytecode register pressure, and set a more accurate
> ConvertReceiverMode on the interpreter and TurboFan call.
>
> As a side effect, the "normal" Call bytecode now becomes a rare case
> (only with calls and super property calls), so we get rid of its 0-2
> argument special cases and modify CallProperty[N] to use the
> NotNullOrUndefined ConvertReceiverMode.
>
> Change-Id: I9374a32fefd66fc0251b5193bae7a6b7dc31eefc
> Reviewed-on: https://chromium-review.googlesource.com/463287
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44530}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org,v8-reviews@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com,v8-x87-ports@googlegroups.com,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: I7629dec609d0ec938ce7105d6c1c74884e5f9272
Reviewed-on: https://chromium-review.googlesource.com/474744
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44548}
Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.
As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.
Change-Id: I9374a32fefd66fc0251b5193bae7a6b7dc31eefc
Reviewed-on: https://chromium-review.googlesource.com/463287
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44530}
Split TFS builtins into
* TFC: TF builtins with stub linkage that use a custom interface descriptor
(e.g. because of a non-standard return size or untagged arguments)
* TFS: the rest.
Automatically generate interface descriptors for TFS builtins to reduce
boilerplate involved in setting up stub calls. These are now as simple as
creating the TFS stub and using CSA::CallBuiltin, no extra work required.
BUG=v8:6116
Review-Url: https://codereview.chromium.org/2777203007
Cr-Commit-Position: refs/heads/master@{#44490}
This moves most of the logic contained in RegExpExecStub to CSA. Benefits are
mostly easier readability and hackability, and removal of a large chunk of
platform-specific assembly.
Exit frame construction and the final call remain in RegExpExecStub.
BUG=v8:5339,v8:592
Review-Url: https://codereview.chromium.org/2738413002
Cr-Commit-Position: refs/heads/master@{#43844}
The new NewUnmappedArgumentsElements node now takes two inputs:
- the frame holding the arguments (current frame or arguments adaptor frame)
- the length of the suffix of passed arguments to be copied into the backing store
These inputs are computed with two new node types:
ArgumentsFrame()
ArgumentsLength[formal_parameter_count,is_rest_length](Node* arguments_frame)
The node type NewRestParameterElements can now be expressed with NewUnmappedArgumentsElements and an appropriate length and is thus not needed anymore.
In escape analysis, we lower loads from the length field of NewUnmappedArgumentsElements with its length input and if we find out that no write access to the arguments elements exists, we replace element loads with direct stack access and replace the NewUnmappedArgumentsElements node with a node of the new node type ArgumentsElementsState. This corresponds to an ObjectState node and gets translated into a deoptimizer instruction to allocate the backing store. Together with the already existing deoptimizer support for the actual arguments object/rest parameters, this allows to remove all allocations for arguments objects/rest parameters in this case.
In the deoptimizer, we read the actual parameters from the stack while transforming the static deopt info into TranslatedValue objects.
If escape analysis cannot remove the backing store allocation, NewUnmappedArgumentsElements gets lo
BUG=v8:5726
Review-Url: https://codereview.chromium.org/2692753004
Cr-Commit-Position: refs/heads/master@{#43475}
Before this patch, the registers needed for bytecode dispatch in interpreter
handlers were inconsistently stored in the interpreter frame and/or kept in
values that remained live across calls.
After this patch, these registers are explicitly reloaded after calls, making it
possible to elide the spills of those registers before the call in many cases.
Some highlights from the CL:
* Added methods to the CSA and InterpreterAssembler to efficiently store and
load Smis values and Smi interpreter registers on x64 without explicit
tagging/untagging.
* Created Variables for all of the interpreter-internal values that need to be
reloaded before bytecode dispatch at the end of an interpreter handler.
* The bytecode offset can be written out early in a handler by marking it
has having a call along it's critical path. By moving this early in a
handler, it becomes possible to use memory operands for pushes used to
marshall parameters when making calls.
Change-Id: Icf8d7798789f88a4489e06a7092616bbbb881577
Reviewed-on: https://chromium-review.googlesource.com/442566
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43260}
Includes the port of these three builtins: FastNewStrictArguments,
FastNewSloppyArguments and FastNewRestParameter. Also inline
the implementation of these into the corresponding interpreter
byte codes.
BUG=v8:5269
LOG=N
R=ishell@chromium.org, rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2645743002
Cr-Commit-Position: refs/heads/master@{#43002}
Port the Call feedback machinery from the interpreter to the CallICStub
as second step to unify the feedback collection. This removes a lot of
hand-written native code, and makes the runtime miss handler obsolete.
The next step will be to use the CallICStub from the interpreter as
well.
Drive-by-fix: Adjust CallIC/CallICTrampoline descriptors names.
R=mvstanton@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2670843002
Cr-Commit-Position: refs/heads/master@{#42889}
Previously, when restarting a frame, we would rewrite all frames
between the debugger activation and the frame to restart to squash
them, and replace the return address with that of a builtin to
leave that rewritten frame, and restart the function by calling it.
We now simply remember the frame to drop to, and upon returning
from the debugger, we check whether to drop the frame, load the
new FP, and restart the function.
R=jgruber@chromium.org, mstarzinger@chromium.org
BUG=v8:5587
Review-Url: https://codereview.chromium.org/2636913002
Cr-Commit-Position: refs/heads/master@{#42725}
We turn a JSCallFunction node for
f.apply(receiver, arguments)
into a JSCallForwardVarargs node, when the arguments refers to the
arguments of the outermost optimized code object, i.e. not an inlined
arguments, and the apply method refers to Function.prototype.apply,
and there's no other user of arguments except in frame states.
We also replace the arguments node in the graph with a marker for
the Deoptimizer similar to Crankshaft to make sure we don't materialize
unused arguments just for the sake of deoptimization. We plan to replace
this with a saner EscapeAnalysis based solution soon.
R=jarin@chromium.org
BUG=v8:5267,v8:5726
Review-Url: https://codereview.chromium.org/2655233002
Cr-Commit-Position: refs/heads/master@{#42680}
LoadFieldStub is the last Crankshaft/Hydrogen stub that stands in the way
of being able to run --ignition-staging --turbo without any Crankshaft support,
even for ICs/stubs.
Review-Url: https://codereview.chromium.org/2595343002
Cr-Commit-Position: refs/heads/master@{#41939}
Introduce a dedicated StringCharCodeAt builtin, that performs the core
logic of String.prototype.charCodeAt and lower the StringCharCodeAt
simplified operator to a call to this builtin rather than inlining the
full functionality into each and every TurboFan graph using it. This can
significantly reduce compile time in some cases (i.e. can easily shave
off over 50% of compile time overhead for small functions that call
String.prototype.charCodeAt).
Currently it returns the char code as TaggedSigned value, but
middle-term we should make it possible to return untagged values
from builtins.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2600443002
Cr-Commit-Position: refs/heads/master@{#41912}
Previously String element access and String.prototype.charAt were
lowered to a subgraph StringFromCharCode(StringCharCodeAt(s, k)),
however that can be fairly expensive both runtime and compile time
wise. The dedicated StringCharAt operator is implemented via a call
to a builtin that does exactly this.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2599683002
Cr-Commit-Position: refs/heads/master@{#41909}
First step towards making arguments and rest parameters optimizable by
splitting the allocations for the actual object and the elements. The
object allocations can already be escape analyzed this way, the elements
would need special support in the deoptimizer and the escape analysis,
but that can be done as a second separate step.
R=jarin@chromium.org
BUG=v8:5726
Review-Url: https://codereview.chromium.org/2557283002
Cr-Commit-Position: refs/heads/master@{#41573}
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
The reasons are:
1) The names dictionaries in the feedback metadata seems to consume a lot of memory
and the idea didn't payoff.
2) The absence of a name parameter blocks data handlers support in LoadGlobalIC.
This CL reverts a part of r37278 (https://codereview.chromium.org/2096653003/).
BUG=chromium:576312, v8:5561
Review-Url: https://codereview.chromium.org/2510653002
Cr-Commit-Position: refs/heads/master@{#41046}
This is to fix the performance regression by avoiding creation of a frame
in LoadIC dispatcher caused by complicated logic of CSA::EmitLoadICProtoArrayCheck().
BUG=v8:5561, chromium:660795
Review-Url: https://codereview.chromium.org/2496333002
Cr-Commit-Position: refs/heads/master@{#40986}
This is the next step to unify the Call/Construct feedback collection
and prepare it to be able to collect SharedFunctionInfo feedback. This
also reduces the CallICStub overhead quite a bit since we only need one
stub per mode (and tail call mode), not also one per call arity.
R=mvstanton@chromium.org
BUG=v8:2206
NOTRY=true
Review-Url: https://codereview.chromium.org/2412453005
Cr-Commit-Position: refs/heads/master@{#40206}
... by passing a field offset as a runtime parameter.
This CL also introduces a StoreMapStub - a special case of a store transition
that used to be handled by old StoreTransitionStub.
BUG=chromium:648545
Review-Url: https://codereview.chromium.org/2397573004
Cr-Commit-Position: refs/heads/master@{#39997}
The bytecode offset parameter was Int32, but everywhere else it's an IntPtr.
BUG=
Review-Url: https://codereview.chromium.org/2369033003
Cr-Commit-Position: refs/heads/master@{#39777}
Each stub should have more meaningful descriptor instead.
BUG=v8:5407
Review-Url: https://codereview.chromium.org/2356163002
Cr-Commit-Position: refs/heads/master@{#39593}
This cleanup is necessary to make HCallWithDescriptor support passing arguments on the stack.
BUG=v8:5407
Review-Url: https://codereview.chromium.org/2352163004
Cr-Commit-Position: refs/heads/master@{#39590}
This CL also cleans up related interface descriptors:
1) unused StoreTransitionDescriptor is removed and VectorStoreTransitionDescriptor is
renamed to StoreTransitionDescriptor.
2) on ia32/x87 architectures slot and vector are passed on the stack (dispatcher/handlers
cleanup will be addressed in a separate CL).
These two stub ports have to be combined in one CL because:
1) without changing the StoreTransitionDescriptor TF was not able to compile them
on ia32/x87 (because of lack of registers),
2) it was not possible to change the descriptor first because Crankshaft was not able
to deal with the stack allocated parameters in case of a stub failure.
TBR=jkummerow@chromium.org
BUG=v8:5269
Review-Url: https://codereview.chromium.org/2313093002
Cr-Commit-Position: refs/heads/master@{#39476}
We really just need representation information from the CallInterfaceDescriptor. This change allows us to keep that, get away from Type, and it's Zone-based allocation as well.
BUG=
Review-Url: https://codereview.chromium.org/2301883002
Cr-Commit-Position: refs/heads/master@{#39105}
Drive-by fix: the order of parameters in the BinaryOpWithFeedback TurboFan code stubs now reflects the convention of having the context at the end.
BUG=v8:5273
Review-Url: https://codereview.chromium.org/2263253002
Cr-Commit-Position: refs/heads/master@{#38832}
This will enable the interpreter to add a bytecode and use the stub.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2177273002
Cr-Commit-Position: refs/heads/master@{#38219}
This is a first step towards a perfect world where a call interface descriptor is the only place that defines calling convention for a particular code stub.
Review-Url: https://codereview.chromium.org/2172223002
Cr-Commit-Position: refs/heads/master@{#38059}
All stores require a Slot parameter so VectorStoreICTrampolineDescriptor is a new StoreDescriptor.
VectorStoreICDescriptor renamed to StoreWithVectorDescriptor.
Review-Url: https://codereview.chromium.org/2147043002
Cr-Commit-Position: refs/heads/master@{#37779}
This simplifies the calling convention of LoadGlobalIC.
Currently we do a linear search to get the name but I'll address this in a follow-up CL.
BUG=chromium:576312
TBR=rossberg@chromium.org
Review-Url: https://codereview.chromium.org/2084913006
Cr-Commit-Position: refs/heads/master@{#37253}
Adds support for intrinsics which can be called as stubs. Namely:
- HasProperty
- MathPow
- NewObject
- NumberToString
- RegExpConstructResult
- RegExpExec
- Substring
- ToString
- ToName
- ToLength
- ToNumber
- ToObject
Also adds interface descriptors for stub calls which have arguments
passed on the stack.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2051573002
Cr-Commit-Position: refs/heads/master@{#37185}
The new approach is that instead of compiling custom handlers for
every global object's PropertyCell it uses single dispatcher that
caches PropertyCells in respective slot of the feedback vector.
Currently the new LoadGlobalIC machinery is disabled.
This CL also removes unused LoadGlobalViaContext* stuff.
BUG=chromium:576312
LOG=Y
Review-Url: https://codereview.chromium.org/2065113002
Cr-Commit-Position: refs/heads/master@{#37002}
The former will handle loads of predeclared global variables (vars and
functions), lets, consts and undeclared variables. The latter will handle
named loads from explicit receiver. In addition, named loads does not
depend of the TypeofMode.
TypeofMode related cleanup will be done in the follow-up CL.
BUG=chromium:576312
LOG=Y
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1912633002
Cr-Commit-Position: refs/heads/master@{#36965}
Instead, always tail call to the runtime. Also, cleanup the various versions
of the runtime call that is used for Array construction fallback. There can be
only one.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2024253002
Cr-Commit-Position: refs/heads/master@{#36888}
This speeds up .bind by >10x as measured by
function f(a,b,c) {}
for (var i = 0; i < 10000000; i++) {
f.bind(1); // or more arguments.
}
(Uses hydrogen-stubs rather than TF due to var-args + possible runtime fallback, which is still unsupported in TF.)
BUG=
Review-Url: https://codereview.chromium.org/2044113002
Cr-Commit-Position: refs/heads/master@{#36817}
