using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
(Previously landed as #42168 / af51befe69)
(Previously landed as #42193 / 4c699e349a)
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42235}
Reason for revert:
blocks roll, see: https://codereview.chromium.org/2628733002/
Debug mode runs into an Abort("External string expected, but not found").
Original issue's description:
> Internalize strings in-place (reland)
>
> using newly introduced ThinStrings, which store a pointer to the actual,
> internalized string they represent.
>
> BUG=v8:4520
>
> (Previously landed as #42168 / af51befe69.
>
> Review-Url: https://codereview.chromium.org/2549773002
> Cr-Commit-Position: refs/heads/master@{#42193}
> Committed: 4c699e349aTBR=ishell@chromium.org,hpayer@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2625073002
Cr-Commit-Position: refs/heads/master@{#42212}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
(Previously landed as #42168 / af51befe69.
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42193}
- Refactor Dispatch tables to have separate function, signature tables
- New Relocation type for WasmFunctionTableReference, assembler, compiler support.
- RelocInfo helper functions for Wasm references
Review-Url: https://codereview.chromium.org/2627543003
Cr-Commit-Position: refs/heads/master@{#42192}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42168}
This changes the NewClosure interface descriptor, but ignores
the additional vector/slot arguments for now. The feedback vector
gets larger, as it holds a space for each literal array. A follow-on
CL will constructively use this space.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2614373002
Cr-Commit-Position: refs/heads/master@{#42146}
Don't fallback to the %StrictEqual / %Equal runtime functions for the
generic CompareIC slow path, but use the (new) StrictEqual and Equal
builtins instead. This avoids a performance cliff when mixing input
types for strict equality sites.
R=jochen@chromium.org
BUG=v8:4773
Review-Url: https://codereview.chromium.org/2609153002
Cr-Commit-Position: refs/heads/master@{#42021}
Reason for revert:
Speculative revert because of blocked roll: https://codereview.chromium.org/2596013002/
Original issue's description:
> [TypeFeedbackVector] Root literal arrays in function literals slots
>
> Literal arrays and feedback vectors for a function can be garbage
> collected if we don't have a rooted closure for the function, which
> happens often. It's expensive to come back from this (recreating
> boilerplates and gathering feedback again), and the cost is
> disproportionate if the function was inlined into optimized code.
>
> To guard against losing these arrays when we need them, we'll now
> create literal arrays when creating the feedback vector for the outer
> closure, and root them strongly in that vector.
>
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2504153002
> Cr-Commit-Position: refs/heads/master@{#41893}
> Committed: 93df094081TBR=bmeurer@chromium.org,mlippautz@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2597163002
Cr-Commit-Position: refs/heads/master@{#41917}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2504153002
Cr-Commit-Position: refs/heads/master@{#41893}
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
MarkingParity was used to avoid performing an operation on an object if it was
marked multiple times. We no longer mark things multiple times, so this concept
is no longer required.
BUG=chromium:666275
Review-Url: https://codereview.chromium.org/2529173002
Cr-Commit-Position: refs/heads/master@{#41354}
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.
Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
This is to fix the performance regression by avoiding creation of a frame
in LoadIC dispatcher caused by complicated logic of CSA::EmitLoadICProtoArrayCheck().
BUG=v8:5561, chromium:660795
Review-Url: https://codereview.chromium.org/2496333002
Cr-Commit-Position: refs/heads/master@{#40986}
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
- The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
- The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().
If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.
All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.
At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.
I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.
The following additional changes were necessary:
- The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
- The class HPositionInfo was effectively dead code and is now removed.
- SourcePosition has new printing and information facilities, including computing a full inlining stack.
- I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
- I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
- I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
- Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}
All vector ICs use the TypeFeedbackVector::ComputeCounts method now,
while the remaining patching ICs still use the traditional way of
counting on the TypeFeedbackInfo hanging off the fullcodegen code
object. This fixes the problem that counts were sometimes off.
Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2472653002
Cr-Commit-Position: refs/heads/master@{#40690}
The reasons are:
1) Type feedback vectors are not shared between different native contexts and
therefore the IC handler created for one native context will not be reused
in other native context.
2) Access rights revocation is not supported at all, therefore given (1) once
we pass the access check we don't have to check access rights again.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2455953002
Cr-Commit-Position: refs/heads/master@{#40627}
This CL removes code that is now unused since the port of regexp.js has been
completed. Removed functions / classes are:
* regexp.js (GetSubstitution moved to string.js)
* RegExpConstructResult stub
* RegExpFlags intrinsic
* RegExpSource intrinsic
* RegExpInitializeAndCompile runtime function
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2448463002
Cr-Commit-Position: refs/heads/master@{#40547}
These intrinsics are unused now, and so we can drop all the code in
fullcodegen and Crankshaft that deals with those. TurboFan and Ignition
never tried to optimize those.
R=mstarzinger@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2427673004
Cr-Commit-Position: refs/heads/master@{#40401}
Now that all accesses to the last match info are in C++ and TF code, we can
finally turn the last match info into a FixedArray. Similar to the ArrayList,
it uses its first field to store its length and grows dynamically in amortized
O(1) time.
Unlike previously, this means that the last match info pointer stored on the
context can actually change (in case the FixedArray needs to grow).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415103002
Cr-Commit-Position: refs/heads/master@{#40308}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2413653003
Cr-Commit-Position: refs/heads/master@{#40216}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2418513002
Cr-Commit-Position: refs/heads/master@{#40211}
This is the next step to unify the Call/Construct feedback collection
and prepare it to be able to collect SharedFunctionInfo feedback. This
also reduces the CallICStub overhead quite a bit since we only need one
stub per mode (and tail call mode), not also one per call arity.
R=mvstanton@chromium.org
BUG=v8:2206
NOTRY=true
Review-Url: https://codereview.chromium.org/2412453005
Cr-Commit-Position: refs/heads/master@{#40206}
Remove the special side channel from the CallICStub to the
ArrayConstructorStub and make the CallICStub always use the
general entry point.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2405203002
Cr-Commit-Position: refs/heads/master@{#40162}
This reverts commit 7db0ecdec3.
Manual revert since automatic revert is too large for the web interface.
BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
This ports the platform-specific SubStringStub to TurboFan.
It also contains a minor bug-fix for the case when the requested substring
length equals the subject string length, but the start index is not equal to 0.
The old stub implementation returned the subject string, while the new
implementation calls into runtime, which finally results in a thrown exception.
BUG=v8:5415
Committed: https://crrev.com/49be31921536716706a6790fbbf9c346b975af16
Review-Url: https://codereview.chromium.org/2355793003
Cr-Original-Commit-Position: refs/heads/master@{#39653}
Cr-Commit-Position: refs/heads/master@{#39851}
This patch simplifies code for speeding up marking and
removes write barrier counter.
The step size is now computed based in two parts:
- bytes to mark in order to keep up with allocation,
- bytes to mark in order to make progress.
BUG=chromium:616434, chromium:646139, chromium:644819
LOG=NO
Review-Url: https://codereview.chromium.org/2359903002
Cr-Commit-Position: refs/heads/master@{#39827}
Reason for revert:
Speculative revert because of stability problems
Original issue's description:
> [stubs] Port SubStringStub to TurboFan
>
> This ports the platform-specific SubStringStub to TurboFan.
>
> It also contains a minor bug-fix for the case when the requested substring
> length equals the subject string length, but the start index is not equal to 0.
> The old stub implementation returned the subject string, while the new
> implementation calls into runtime, which finally results in a thrown exception.
>
> BUG=v8:5415
>
> Committed: https://crrev.com/49be31921536716706a6790fbbf9c346b975af16
> Cr-Commit-Position: refs/heads/master@{#39653}
TBR=ishell@chromium.org,bmeurer@chromium.org,jgruber@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5415, chromium:649967
NOPRESUBMIT=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2365413002
Cr-Commit-Position: refs/heads/master@{#39737}
According to new store IC calling convention the value, slot and vector are passed
on the stack and there's no need in trying to preserve values or respective registers
in store handlers.
Nice bonus: we also don't need virtual registers anymore.
BUG=v8:5407
Review-Url: https://codereview.chromium.org/2357323003
Cr-Commit-Position: refs/heads/master@{#39672}
This ports the platform-specific SubStringStub to TurboFan.
It also contains a minor bug-fix for the case when the requested substring
length equals the subject string length, but the start index is not equal to 0.
The old stub implementation returned the subject string, while the new
implementation calls into runtime, which finally results in a thrown exception.
BUG=v8:5415
Review-Url: https://codereview.chromium.org/2355793003
Cr-Commit-Position: refs/heads/master@{#39653}
This cleanup is necessary to make HCallWithDescriptor support passing arguments on the stack.
BUG=v8:5407
Review-Url: https://codereview.chromium.org/2352163004
Cr-Commit-Position: refs/heads/master@{#39590}
This CL also cleans up related interface descriptors:
1) unused StoreTransitionDescriptor is removed and VectorStoreTransitionDescriptor is
renamed to StoreTransitionDescriptor.
2) on ia32/x87 architectures slot and vector are passed on the stack (dispatcher/handlers
cleanup will be addressed in a separate CL).
These two stub ports have to be combined in one CL because:
1) without changing the StoreTransitionDescriptor TF was not able to compile them
on ia32/x87 (because of lack of registers),
2) it was not possible to change the descriptor first because Crankshaft was not able
to deal with the stack allocated parameters in case of a stub failure.
TBR=jkummerow@chromium.org
BUG=v8:5269
Review-Url: https://codereview.chromium.org/2313093002
Cr-Commit-Position: refs/heads/master@{#39476}
To make better inlining decisions, it's good to have call counts for poly/mega-morphic cases. This CL makes it work for calls, and another will follow to better unify the code between constructor calls and normal calls (and thence, to record megamorphic call counts there as well).
BUG=
Review-Url: https://codereview.chromium.org/2325083003
Cr-Commit-Position: refs/heads/master@{#39377}
Adds support to collect allocation site feedback for Array function calls
to the call bytecode handler.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2307903002
Cr-Commit-Position: refs/heads/master@{#39283}
This way we avoid the cyclic dependency between objects.h and heap.h and still
have one definition. Add a static assert that this size is indeed smaller than
the payload of a page.
Follow ups can finally remove the dependency on spaces.h for all heap.h users.
R=ulan@chromium.org,bmeurer@chromium.org,vogelheim@chromium.og
Review-Url: https://codereview.chromium.org/2311203002
Cr-Commit-Position: refs/heads/master@{#39206}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
Reland of https://codereview.chromium.org/2190293003/ with a bug fix.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2225923003
Cr-Commit-Position: refs/heads/master@{#39120}
Drive-by fix: the order of parameters in the BinaryOpWithFeedback TurboFan code stubs now reflects the convention of having the context at the end.
BUG=v8:5273
Review-Url: https://codereview.chromium.org/2263253002
Cr-Commit-Position: refs/heads/master@{#38832}
Rebuilding (after touching certain files) is crazy slow because
includes are out of control.
Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2258603003
Cr-Commit-Position: refs/heads/master@{#38770}
The hand-written KeyedLoadIC_Megamorphic stub didn't care about JSArray
lengths, which made it lenient towards said lengths being wrong, but it
will soon fix that bug and thereby become more strict.
LiveEdit: factory->NewJSArray(capacity) doesn't set a length, so set it
manually.
RegExp: to avoid having to take care of array length updating in the
RegExpExecStub, just use a JSObject instead.
Review-Url: https://codereview.chromium.org/2244673002
Cr-Commit-Position: refs/heads/master@{#38624}
Reason for revert:
[Sheriff] Fails on nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/8403
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> earlier cl (https://codereview.chromium.org/2153433002/) was reverted
> because that implementation did not collect allocation site feedback.
> This regressed delta blue by an order of magnitude. This implementation
> includes collection of allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/9d5e6129c4c7f9cbfe81a5fad2a470f219fe137c
> Cr-Commit-Position: refs/heads/master@{#38364}
TBR=bmeurer@chromium.org,rmcilroy@chromium.org,balazs.kilvady@imgtec.com,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2212343002
Cr-Commit-Position: refs/heads/master@{#38368}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2190293003
Cr-Commit-Position: refs/heads/master@{#38364}
A corresponding flag was added as well to help us find out what breaks when we
do not clear pending exceptions on each JS entry.
BUG=5259
Review-Url: https://codereview.chromium.org/2208663002
Cr-Commit-Position: refs/heads/master@{#38292}
This will enable the interpreter to add a bytecode and use the stub.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2177273002
Cr-Commit-Position: refs/heads/master@{#38219}
In the process also inline the stub into the appropriate interpreter bytecode
handler and make sure that the context register is preserved in hand-written
assembly code that calls the stub and expects the context register to be
preserved.
BUG=608675
Review-Url: https://codereview.chromium.org/2188993003
Cr-Commit-Position: refs/heads/master@{#38132}
Reason for revert:
Still crashing.
Original issue's description:
> [heap] Reland "Remove black pages and use black areas instead."
>
> BUG=chromium:630969,chromium:630386
> LOG=n
>
> Committed: https://crrev.com/9e37a07c8de0a20ef2681e26824ff4d329102603
> Cr-Commit-Position: refs/heads/master@{#38057}
TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:630969,chromium:630386
Review-Url: https://codereview.chromium.org/2183383004
Cr-Commit-Position: refs/heads/master@{#38129}
Reason for revert:
Suspected to cause crbug.com/630969
Original issue's description:
> [heap] Remove black pages and use black areas instead.
>
> BUG=630386
> LOG=n
>
> Committed: https://crrev.com/b008a0d5a3db80a854cb93d9c94d67bf2d780f2c
> Cr-Commit-Position: refs/heads/master@{#37967}
TBR=ulan@chromium.org,hpayer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=630386
Review-Url: https://codereview.chromium.org/2176133002
Cr-Commit-Position: refs/heads/master@{#38006}
So far TurboFan wasn't adding the deoptimization reasons for eager/soft
deoptimization exits that can be used by either the DevTools profiler or
the --trace-deopt flag. This adds basic support for deopt reasons on
Deoptimize, DeoptimizeIf and DeoptimizeUnless nodes and threads through
the reasons to the code generation.
Also moves the DeoptReason to it's own file (to resolve include cycles)
and drops unused reasons.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2161543002
Cr-Commit-Position: refs/heads/master@{#37823}
All stores require a Slot parameter so VectorStoreICTrampolineDescriptor is a new StoreDescriptor.
VectorStoreICDescriptor renamed to StoreWithVectorDescriptor.
Review-Url: https://codereview.chromium.org/2147043002
Cr-Commit-Position: refs/heads/master@{#37779}
- Adds move/swap handling for 4 and 16 bytes to ia32.
- Register allocator now only requests 4 bytes for floats on ia32 and arm.
- We probably need similar support in mips.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2027043002
Cr-Commit-Position: refs/heads/master@{#37714}
After this CL we can avoid using Code::flags in hash computations for megamorphic
stub caches and therefore the unused ICState field can be finally removed from flags.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2123983004
Cr-Commit-Position: refs/heads/master@{#37708}
Collect type feedback in the call bytecode handler. The current
implementation only collects feedback for JS function objects. The other
objects and Array functions do not collect any feedback. They will be
marked Megamorphic.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2122183002
Cr-Commit-Position: refs/heads/master@{#37700}
Stack trace generation requires access to the receiver; and while the
receiver is already on the stack, we cannot determine its position
during stack trace generation (it's stored in argv[0], and argc is only
stored in a callee-saved register).
This patch grants access to the receiver by pushing argc onto builtin
exit frames as an extra argument. Compared to simply pushing the
receiver, this requires an additional dereference during stack trace
generation, but one fewer during builtin calls.
BUG=v8:4815
Review-Url: https://codereview.chromium.org/2106883003
Cr-Commit-Position: refs/heads/master@{#37500}
-Defines SIMD128_REGISTERS for all platforms.
-Adds Simd128 register information to RegisterConfiguration, and implements
aliasing calculations.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2092103004
Cr-Commit-Position: refs/heads/master@{#37437}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel;tryserver.v8:v8_linux_nosnap_dbg
Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
Review-Url: https://codereview.chromium.org/2090723005
Cr-Original-Commit-Position: refs/heads/master@{#37384}
Cr-Commit-Position: refs/heads/master@{#37416}
Reason for revert:
Looks like this breaks on nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/7626
Original issue's description:
> [builtins] New frame type for exits to C++ builtins
>
> Prior to this commit, calls to C++ builtins created standard exit
> frames, which are skipped when constructing JS stack traces. In order to
> show these calls on traces, we introduce a new builtin exit frame type.
>
> Builtin exit frames contain target and new.target on the stack and are
> not skipped during stack trace construction.
>
> BUG=v8:4815
> R=bmeurer@chromium.org, yangguo@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
> Cr-Commit-Position: refs/heads/master@{#37384}
TBR=yangguo@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4815
Review-Url: https://codereview.chromium.org/2106113002
Cr-Commit-Position: refs/heads/master@{#37394}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2090723005
Cr-Commit-Position: refs/heads/master@{#37384}
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
Adds a regression test.
BUG=621926
Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
Review-Url: https://codereview.chromium.org/2103713003
Cr-Original-Commit-Position: refs/heads/master@{#37339}
Cr-Commit-Position: refs/heads/master@{#37345}
Reason for revert:
Causes "buildbot failure in V8 on V8 Linux gcc 4.8, Check"
Original issue's description:
> [ia32] Fixes a bug in cmpw.
>
> The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
>
> Adds a regression test.
>
> BUG=621926
>
> Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
> Cr-Commit-Position: refs/heads/master@{#37339}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=621926
Review-Url: https://codereview.chromium.org/2106913002
Cr-Commit-Position: refs/heads/master@{#37342}
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
Adds a regression test.
BUG=621926
Review-Url: https://codereview.chromium.org/2103713003
Cr-Commit-Position: refs/heads/master@{#37339}
The reason for reverting is: This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set. These duplicates could cause a DCHECK to trigger which checks that slots recorded in the remembered set never point to to-space. This reland-CL allows duplicates in the remembered set by removing the DCHECK, and additionally clears entries in the remembered set if objects are moved.
Original issue's description:
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
Review-Url: https://codereview.chromium.org/2097023002
Cr-Commit-Position: refs/heads/master@{#37325}
Introduce a new machine operator Float64Pow that for now is backed by
the existing MathPowStub to start the unification of Math.pow, and at
the same time address the main performance issue that TurboFan still has
with the imaging-darkroom benchmark in Kraken.
Also migrate the Math.pow builtin itself to a TurboFan builtin and
remove a few hundred lines of hand-written platform code for special
handling of the fullcodegen Math.pow version.
BUG=v8:3599,v8:5086,v8:5157
Review-Url: https://codereview.chromium.org/2103733003
Cr-Commit-Position: refs/heads/master@{#37323}
the .eh_frame format as part of the jitdump generated when
FLAG_perf_prof is enabled. The final goal is allowing precise unwinding
of callchains that include JITted code when profiling V8 using perf.
Unwinding information is stored in the body of code objects after the
code itself, prefixed with its length and aligned to a 8-byte boundary.
A boolean flag in the header signals its presence, resulting in zero
memory overhead when the generation of unwinding info is disabled or
no such information was attached to the code object.
A new jitdump record type (with id 4) is introduced for specifying
optional unwinding information for code load records. The EhFrameHdr
struct is also introduced, together with a constructor to initialise it
from the associated code object.
At this stage no unwinding information is written to the jitdump, but
the infrastructure for doing so is ready in place.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/1993653003
Cr-Commit-Position: refs/heads/master@{#37296}
- Add a const bool kSimpleFPAliasing variable for each platform so it's
easier for the compiler to eliminate dead code.
- Modify RegisterAllocator to use it.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2101473002
Cr-Commit-Position: refs/heads/master@{#37288}
Port fc59eb8a7a
Original commit message:
Moves between operands with different representations shouldn't happen,
so don't test them. This makes it easier to modify canonicalization to
differentiate between floating point types, which is needed to support
floating point register aliasing for ARM and MIPS.
This change also expands tests to include explicit FP moves (both register and stack slot).
LOG=N
BUG=v8:4124
BUG=chromium:622619
Review-Url: https://codereview.chromium.org/2090993002
Cr-Commit-Position: refs/heads/master@{#37241}
Reason for revert:
This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#
I can reproduce locally, and local revert also fixes it -> revert.
Reproduce with:
out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation
(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)
Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}
TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2090983002
Cr-Commit-Position: refs/heads/master@{#37221}
The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.
Additionally some rebasing was necessary.
Original issue's description:
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=mlippautz@chromium.org
Review-Url: https://codereview.chromium.org/2091733002
Cr-Commit-Position: refs/heads/master@{#37217}
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended. This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.
TBR=littledan@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
Reason for revert:
[Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038
Original issue's description:
> [heap] Avoid the use of cells to point from code to new-space objects.
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/2d2087b79a293a92a6ed34a2775e481ff2173b3c
> Cr-Commit-Position: refs/heads/master@{#37134}
TBR=titzer@chromium.org,ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2087463004
Cr-Commit-Position: refs/heads/master@{#37139}
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2045263002
Cr-Commit-Position: refs/heads/master@{#37134}
Compilation of wasm functions happens before instantiation. Imports are linked afterwards, at instantiation time. Globals and memory are also
allocated and then tied in via relocation at instantiation time.
This paves the way for implementing Wasm.compile, a prerequisite to
offering the compiled code serialization feature.
Currently, the WasmModule::Compile method just returns a fixed array
containing the code objects. More appropriate modeling of the compiled module to come.
Opportunistically centralized the logic on how to update memory
references, size, and globals, since that logic is the exact same on each
architecture, except for the actual storing of values back in the
instruction stream.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2056633002
Cr-Commit-Position: refs/heads/master@{#37086}
As a first step towards showing builtin frames in stack traces, we will now
push target and new target unconditionally.
Since the various specializations of BuiltinArguments are made redundant by
this change, we can remove them and all related code.
R=bmeurer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2074063002
Cr-Commit-Position: refs/heads/master@{#37061}
This adds a new BUILTIN frame type, which supports variable number of
arguments for builtins implemented in hand-written native code (we will
extend this mechanism to TurboFan builtins at some point). Convert the
Math.max and Math.min builtins to construct a BUILTIN frame if required.
This does not yet work for C++ builtins, but that'll be the next step.
R=bmeurer@chromium.org, jarin@chromium.org
BUG=v8:4815
LOG=n
Review-Url: https://codereview.chromium.org/2069423002
Cr-Commit-Position: refs/heads/master@{#37051}
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108,chromium:620786
R=mvstanton@chromium.org
Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
Review-Url: https://codereview.chromium.org/2077533002
Cr-Original-Commit-Position: refs/heads/master@{#37037}
Cr-Commit-Position: refs/heads/master@{#37047}
Reason for revert:
[Sheriff] Leads to some different rounding as it seems in some audio layout tests. Please rebase upstream first if intended:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7508
Original issue's description:
> [builtins] Introduce proper Float64Exp operator.
>
> Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
> TurboFan operator based on that, similar to what we do for Float64Log.
> Rewrite Math.exp() as TurboFan builtin and use that operator to also
> inline Math.exp() into optimized TurboFan functions.
>
> BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
> Cr-Commit-Position: refs/heads/master@{#37037}
TBR=mvstanton@chromium.org,ahaas@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
Review-Url: https://codereview.chromium.org/2070813002
Cr-Commit-Position: refs/heads/master@{#37039}
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2077533002
Cr-Commit-Position: refs/heads/master@{#37037}
LoadICState was used to hold the TypeofMode flag which is relevant only for LoadGlobalIC.
This CL removes usage of this state from LoadIC and KeyedLoadIC and renames the state
class to LoadGlobalICState.
BUG=chromium:576312
LOG=Y
Review-Url: https://codereview.chromium.org/2065373003
Cr-Commit-Position: refs/heads/master@{#37033}
The new approach is that instead of compiling custom handlers for
every global object's PropertyCell it uses single dispatcher that
caches PropertyCells in respective slot of the feedback vector.
Currently the new LoadGlobalIC machinery is disabled.
This CL also removes unused LoadGlobalViaContext* stuff.
BUG=chromium:576312
LOG=Y
Review-Url: https://codereview.chromium.org/2065113002
Cr-Commit-Position: refs/heads/master@{#37002}
Support for relocatable globals, to facilitate compilation before
instantiation.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2062003002
Cr-Commit-Position: refs/heads/master@{#36978}
This fixes FastNewStrictArgumentsStub and FastNewRestParameterStub to no
longer assume that the strict arguments object being allocated will fit
into new-space. The case where said object needs to move to large object
space is now handled in the runtime.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-614727
BUG=chromium:614727
Review-Url: https://codereview.chromium.org/2054853002
Cr-Commit-Position: refs/heads/master@{#36917}
Instead, always tail call to the runtime. Also, cleanup the various versions
of the runtime call that is used for Array construction fallback. There can be
only one.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2024253002
Cr-Commit-Position: refs/heads/master@{#36888}
This makes sure we do not compile ToNumber stub on demand. This makes it
easier to use during concurrent compilation.
Review-Url: https://codereview.chromium.org/2051113002
Cr-Commit-Position: refs/heads/master@{#36870}
Since some builtins use StringToNumberStub (so the code is always there),
it makes more sense to have StringToNumber builtin.
Review-Url: https://codereview.chromium.org/2050853003
Cr-Commit-Position: refs/heads/master@{#36843}
This speeds up .bind by >10x as measured by
function f(a,b,c) {}
for (var i = 0; i < 10000000; i++) {
f.bind(1); // or more arguments.
}
(Uses hydrogen-stubs rather than TF due to var-args + possible runtime fallback, which is still unsupported in TF.)
BUG=
Review-Url: https://codereview.chromium.org/2044113002
Cr-Commit-Position: refs/heads/master@{#36817}
It may be that we have a feedback vector, but no literals. In this case
we can store into the OptimizedCodeMap directly instead of using a WeakCell,
because all data in the feedback vector is already held weakly.
The use of a WeakCell in the OptimizedCodeMap is only required when
there are literals which may hold maps strongly.
This is to address a performance regression caused by the creation of
a large number of WeakCells.
BUG=chromium:615831
Review-Url: https://codereview.chromium.org/2031123003
Cr-Commit-Position: refs/heads/master@{#36786}
Passing in the isolate and pointer compare the instnance against the
corresponding constant is always faster than decoding the instance types.
BUG=
Review-Url: https://codereview.chromium.org/2028983002
Cr-Commit-Position: refs/heads/master@{#36744}
This CL introduces a DECLARE_DEFAULT_DESCRIPTOR macro that helps defining a CallInterfaceDescriptor in a cases where it is not important which registers to use for passing arguments. One can use such descriptors for new TurboFan stubs.
HasPropertyDescriptor now uses the new machinery.
Review-Url: https://codereview.chromium.org/2002143002
Cr-Commit-Position: refs/heads/master@{#36675}
GenerateSmiToDouble on ia32 assumes that it is called from a JSFrame and can restore
the context from the StandardFrameConstants::kContextObject. In the case of the
interpreter it is called from a interpreter handler stub frame which doesn't
push the context onto it's frame. Instead, push and pop esi to explicitly restore it
correctly.
BUG=chromium:612386
Review-Url: https://codereview.chromium.org/2011313003
Cr-Commit-Position: refs/heads/master@{#36649}
This was initially used to special case some weird date.js behavior, but
has since been abused in other areas. In case of the string character
access, everything that is outside the Smi range cannot be a valid
string index anyways, so %NumberToSmi is perfect here in either case,
and for ToPositiveInteger it's better to just use ToInteger adding +0 to
turn -0 into +0.
R=ishell@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2010183003
Cr-Commit-Position: refs/heads/master@{#36545}
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
BUG=
Review-Url: https://codereview.chromium.org/1906823002
Cr-Commit-Position: refs/heads/master@{#36539}
For cross-compiler-compatibility and standards compliance %p
requires a void*, rather than any pointer type.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2001073002
Cr-Commit-Position: refs/heads/master@{#36466}
We cannot tier up from interpreted to baseline code when there is an
activation of the function on the stack. This significantly regresses
the performance of recursive functions since they are unlikely to get
tiered up.
This CL adds the ability for a function to be marked for baseline
compilation when it returns. To do this we patch the
InterpreterEntryTrampoline return address to point to
InterpreterMarkBaselineOnReturn, which leaves the
interpreted frame and recompile the function for
baseline.
This improves the score of EarlyBoyer by ~8x for Ignition.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1965343002
Cr-Commit-Position: refs/heads/master@{#36360}
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.
This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/34c9626e2ee56fe805de549697ca5323aed7cb66
Cr-Commit-Position: refs/heads/master@{#36288}
Review-Url: https://codereview.chromium.org/1969423002
Cr-Commit-Position: refs/heads/master@{#36310}
Reason for revert:
Breaks
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim/builds/619
Might only affect pure release builds?
Original issue's description:
> [Interpreter] Remove InterpreterExitTrampoline and replace with returning to the entry trampoline.
>
> In order to support compiling to baseline on return we need to be able to
> return to the actual return address. With this change this is what the
> Return bytecode now does, removing the need for the
> InterpreterExitTrampoline.
>
> This change also removes the InterpreterNotifyDeoptXXX builtins and
> unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
> change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/34c9626e2ee56fe805de549697ca5323aed7cb66
> Cr-Commit-Position: refs/heads/master@{#36288}
TBR=mstarzinger@chromium.org,oth@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1986353002
Cr-Commit-Position: refs/heads/master@{#36294}
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.
This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1969423002
Cr-Commit-Position: refs/heads/master@{#36288}
This adds back the instanceof operator support in the backends and
introduces a @@hasInstance protector cell on the isolate that guards the
fast path for the InstanceOfStub. This way we recover the ~10%
regression on Octane EarleyBoyer in Crankshaft and greatly improve
TurboFan and Ignition performance of instanceof.
R=ishell@chromium.orgTBR=hpayer@chromium.org,rossberg@chromium.org
BUG=chromium:597249, v8:4447
LOG=n
Review-Url: https://codereview.chromium.org/1980483003
Cr-Commit-Position: refs/heads/master@{#36275}
This makes the profiler reconstruct inlined function frames at eager
deopt points from the deoptimization data. The main goal of this is to
remove the last side-channel where Crankshaft communicates directly to
the profiler. This is the last preparatory step towards deprecating the
side-channel in question.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1973993002
Cr-Commit-Position: refs/heads/master@{#36229}
The previous approach taken by FastNew[Sloppy,Strict,Rest]ArgumentsStub
looked at the function slot in order to skip stub frames
and find the JS frame. However, stub frames do not have a
function slot (in fact their fixed frame ends one slot
before the JS frame's function slot). Therefore, if this
location in the stub frame happens to have the function
object the create arguments stubs won't skip this frame
correctly.
Replace this approach with one where the stub is
specialized to either skip a frame if required (since
there will only ever be one extra frame on Ignition
the loop approach isn't necessary).
BUG=v8:4928
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
Review-Url: https://codereview.chromium.org/1949023003
Cr-Commit-Position: refs/heads/master@{#36181}
This passes the inlining_id of deoptimization points via the relocation
info instead of via a side-channel to the CPU profiler. This is one step
towards deprecating the side-channel in question and avoid the need for
performing a lookup of the return address of the deopt point.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1956693002
Cr-Commit-Position: refs/heads/master@{#36177}
Rather than pushing zero for the initial bytecode offset, we should push the
offset of the first bytecode handler, Smi tagged. This fixes the line number
for the top stack frame on overflow errors.
BUG=v8:4981
LOG=N
Review-Url: https://codereview.chromium.org/1950913004
Cr-Commit-Position: refs/heads/master@{#36137}
The new allocation folding implementation avoids fragmentation between folded allocation. As a consequence, our heap will always be iterable i.e. we do not have to perform a garbage collection before iterating the heap.
BUG=chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1899813003
Cr-Commit-Position: refs/heads/master@{#36133}
This adds a new pass MemoryOptimizer that walks over the effect chain
from Start and lowers all Allocate, LoadField, StoreField, LoadElement,
and StoreElement nodes, trying to fold allocations into allocation
groups and eliminate write barriers on StoreField and StoreElement if
possible (i.e. if the object belongs to the current allocation group and
that group allocates in new space).
R=hpayer@chromium.org, jarin@chromium.org
BUG=v8:4931, chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1963583004
Cr-Commit-Position: refs/heads/master@{#36128}
Changes some platform specific class names and uses typedefs
to define FloatRegister, DoubleRegister, etc.
This will be needed to do register allocation on ARM/MIPS where
registers combine to form larger registers.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/1954953002
Cr-Commit-Position: refs/heads/master@{#36117}
Code common with ObjectHasOwnProperty builtin was moved to CodeStubAssembler.
BUG=v8:2743
LOG=Y
Review-Url: https://codereview.chromium.org/1894953004
Cr-Commit-Position: refs/heads/master@{#35972}
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
R=mstarzinger@chromium.org
BUG=v8:4969
LOG=n
Review-Url: https://codereview.chromium.org/1926023002
Cr-Commit-Position: refs/heads/master@{#35918}
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Review-Url: https://codereview.chromium.org/1926023002
Cr-Commit-Position: refs/heads/master@{#35861}
This is needed by Blink to implement the Custom Elements spec.
BUG=v8:4261
LOG=y
Review-Url: https://codereview.chromium.org/1910253005
Cr-Commit-Position: refs/heads/master@{#35833}
Default (and only way) is now to retrieve a tagged object.
BUG=chromium:606711
LOG=N
Review URL: https://codereview.chromium.org/1922553002
Cr-Commit-Position: refs/heads/master@{#35792}
This adds a baseline tier to the compilation pipeline. Currently this
tier is used to model a path from the interpreter to optimized code via
full-codegen code (to ensure sufficient type feedback). Switching from
the unoptimized tier to the baseline tier is limited to happen only when
there are no activations of the given function on the stack.
R=rmcilroy@chromium.org,bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1903273004
Cr-Commit-Position: refs/heads/master@{#35757}
Use the FastNewSloppyArgumentsStub in the interpreter when function doesn't have
duplicate parameters.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1909903003
Cr-Commit-Position: refs/heads/master@{#35754}
This ensures the InterpreterEntryTrampoline heals code entry fields
inside closures when being called without a valid bytecode array. This
is preparatory work to allow removal of bytecode when switching some
functions to other types of code.
R=rmcilroy@chromium.org
BUG=v8:4280
LOG=n
Review URL: https://codereview.chromium.org/1904093002
Cr-Commit-Position: refs/heads/master@{#35724}
Adds IncStub and DecStub TurboFan code stubs and hooks them up to the
interpreter's Inc and Dec bytecodes (which are used for count
operations, e.g. i++).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1901083002
Cr-Commit-Position: refs/heads/master@{#35720}
Short external strings do not cache the resource data, and may be used
for compressible strings. The assumptions about their lengths is
invalid and may lead to oob reads.
R=jkummerow@chromium.org
BUG=v8:4923,chromium:604897
LOG=N
Review URL: https://codereview.chromium.org/1901573003
Cr-Commit-Position: refs/heads/master@{#35660}
Removes the register file machine register from the interpreter and
replaces it will loads from the parent frame pointer. As part of this
change the raw operand values for register values changes to enable the
interpreter to keep using the operand value as the offset from the
parent frame pointer.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1894063002
Cr-Commit-Position: refs/heads/master@{#35618}
Adds code to call FunctionEntryHook on entry to the InterpreterEntryTrampoline.
This should give SyzyProf enough information to build non-discontinous profile
graphs, however since interpreter functions aren't uniquely identified they will
all get lumped into one bucket. This should be good enough for SyzyProf's current
use-case.
BUG=v8:4763
LOG=N
Review URL: https://codereview.chromium.org/1884133002
Cr-Commit-Position: refs/heads/master@{#35568}
This is a much cleaner solution, which won't require nearly as much
architecture-specific code. Thanks bmeurer@!
BUG=v8:4614
LOG=y
R=bmeurer@chromium.org,jarin@chromium.org
Review URL: https://codereview.chromium.org/1891033002
Cr-Commit-Position: refs/heads/master@{#35547}
The current context is stored as a stack slot on the interpreter frame
and therefore we don't need to also maintain a machine register for the
context. Removes this register from bytecode handlers.
In the process modifies this frees up a register on ia32 to keep the
dispatch table pointer in a register rather than on a stack slot on
ia32.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1887493004
Cr-Commit-Position: refs/heads/master@{#35511}
The current code for testing the VEX.L flag, indicating whether
128-bit or 256-bit registers are being accessed, was erroneous
and always returned true (i.e. indicated 128-bit registers).
This patch fixes this behaviour and checks the flag correctly.
Ref: https://github.com/nodejs/node/issues/6151
BUG=
Review URL: https://codereview.chromium.org/1875323002
Cr-Commit-Position: refs/heads/master@{#35506}
Modifies Ignition to store code entry addresses in the dispatch table
rather than code objects. This allows the interpreter to avoid
calculating the code entry address from the code object on every
dispatch and provides a ~5-7% performance improvement on Octane with
Ignition.
This change adds ArchOpcode::kArchTailCallAddress to TurboFan to enable
tail call dispatch using these code addresses. It also adds a Dispatch
linkage creator (distinct from the stub linkage type used previously) to
allow targetting a code address target (which will diverge further from
the stub linkage type when we remove the context machine register in
Ignition).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1882073002
Cr-Commit-Position: refs/heads/master@{#35480}
Reland of (https://codereview.chromium.org/1617503003)
* New atomic code stubs for x64, ia32, arm, arm64
* Add convenience functions JumpIfNotValidSmiValue, JumpIfUintNotValidSmiValue
to macro-assembler-ia32 (API based on x64 macro assembler)
* Remove runtime implementation of Atomics.load, the code stub should always be
called instead
* Add new test to mjsunit atomics test; check that Smi values of different
sizes are supported when possible, else fall back to HeapNumbers
These changes were needed to add another codestub:
* Bump kStubMajorKeyBits from 7 to 8
* Reduce ScriptContextFieldStub::kSlotIndexBits from 13 to 12
BUG=v8:4614
LOG=y
TBR=jarin@chromium.org,bmeurer@chromium.org,rodolph.perfetta@gmail.com,machenbach@chromium.org
Review URL: https://codereview.chromium.org/1617503003
Cr-Commit-Position: refs/heads/master@{#35427}
Review URL: https://codereview.chromium.org/1881383003
Cr-Commit-Position: refs/heads/master@{#35453}
Reason for revert:
[Sheriff] Roll was reverted. Please fix unused methods, see:
https://codereview.chromium.org/1884913002/https://build.chromium.org/p/tryserver.chromium.win/builders/win_clang/builds/5585/steps/compile%20%28with%20patch%29/logs/stdio
Original issue's description:
> [Atomics] code stubs for atomic operations
>
> * New atomic code stubs for x64, ia32, arm, arm64
> * Add convenience functions JumpIfNotValidSmiValue, JumpIfUintNotValidSmiValue
> to macro-assembler-ia32 (API based on x64 macro assembler)
> * Remove runtime implementation of Atomics.load, the code stub should always be
> called instead
> * Add new test to mjsunit atomics test; check that Smi values of different
> sizes are supported when possible, else fall back to HeapNumbers
>
> These changes were needed to add another codestub:
> * Bump kStubMajorKeyBits from 7 to 8
> * Reduce ScriptContextFieldStub::kSlotIndexBits from 13 to 12
>
> BUG=v8:4614
> LOG=y
>
> Committed: https://crrev.com/10b5febe11b318cfef130abae343183ac862e60d
> Cr-Commit-Position: refs/heads/master@{#35427}
TBR=jarin@chromium.org,bmeurer@chromium.org,rodolph.perfetta@gmail.com,binji@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4614
Review URL: https://codereview.chromium.org/1884883003
Cr-Commit-Position: refs/heads/master@{#35443}
Visit the Optimized Code Map on first call rather than closure creation.
This is useful for escape analysis, and helps upcoming changes to
type feedback gathering.
Adding notry due to crashed builders:
NOTRY=true
BUG=
Committed: https://crrev.com/9336f4cc6d25d39a128176679a70dbd13a6d946e
Cr-Commit-Position: refs/heads/master@{#35395}
Review URL: https://codereview.chromium.org/1670143002
Cr-Commit-Position: refs/heads/master@{#35440}
* New atomic code stubs for x64, ia32, arm, arm64
* Add convenience functions JumpIfNotValidSmiValue, JumpIfUintNotValidSmiValue
to macro-assembler-ia32 (API based on x64 macro assembler)
* Remove runtime implementation of Atomics.load, the code stub should always be
called instead
* Add new test to mjsunit atomics test; check that Smi values of different
sizes are supported when possible, else fall back to HeapNumbers
These changes were needed to add another codestub:
* Bump kStubMajorKeyBits from 7 to 8
* Reduce ScriptContextFieldStub::kSlotIndexBits from 13 to 12
BUG=v8:4614
LOG=y
Review URL: https://codereview.chromium.org/1617503003
Cr-Commit-Position: refs/heads/master@{#35427}
The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
- Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
- Uses it appropriately.
- Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
- Fixes a bunch of incorrect formats.
Original CL: https://codereview.chromium.org/1869433004
Reverted in: https://codereview.chromium.org/1867383002
Reverted again in: https://codereview.chromium.org/1877823003
Reverts due to non-CQ bots:
- First: v8_win_dbg, v8_win64_dbg, v8_mac_dbg
- Second: gc mole (added to v8_linux_rel_ng for this patch)
R= jochen@chromium.org
TBR= ahaas@chromium.org,bmeurer@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1872203005
Cr-Commit-Position: refs/heads/master@{#35423}
Reason for revert:
Blocks roll. See https://codereview.chromium.org/1877003002/ for detailed messages.
You should be able to repro this with Linux ASAN.
Original issue's description:
> Visit the Optimized Code Map on first call rather than closure creation.
>
> This is useful for escape analysis, and helps upcoming changes to
> type feedback gathering.
>
> BUG=
>
> Committed: https://crrev.com/9336f4cc6d25d39a128176679a70dbd13a6d946e
> Cr-Commit-Position: refs/heads/master@{#35395}
TBR=mstarzinger@chromium.org,bmeurer@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1878063004
Cr-Commit-Position: refs/heads/master@{#35404}
This is useful for escape analysis, and helps upcoming changes to
type feedback gathering.
BUG=
Review URL: https://codereview.chromium.org/1670143002
Cr-Commit-Position: refs/heads/master@{#35395}
Reason for revert:
One small issue easily fixed here: https://codereview.chromium.org/1867333003/
But it looks like MSVS 2013 doesn't like some of the formats and exists with the unhelpful:
Stderr:
f:\dd\vctools\crt\crtw32\stdio\output.c(1125) : Assertion failed: ("Incorrect
format specifier", 0)
It's easier to revert for now, I'll dig more into the docs:
https://msdn.microsoft.com/en-us/library/56e442dc(v=vs.120).aspxhttps://msdn.microsoft.com/en-us/library/tcxf1dw6(v=vs.120).aspx
And then resubmit, making sure I run these bots.
Original issue's description:
> Fix printf formats
>
> The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
>
> - Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
> - Uses it appropriately.
> - Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
> - Fixes a bunch of incorrect formats.
>
> R= jochen@chromium.org, bmeurer@chromium.org, yangguo@chromium.org, ahaas@chromium.org
>
> Committed: https://crrev.com/6ebf9fbb93d31f9be41156a3325d58704ed4933d
> Cr-Commit-Position: refs/heads/master@{#35365}
TBR=jochen@chromium.org,bmeurer@chromium.org,yangguo@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1867383002
Cr-Commit-Position: refs/heads/master@{#35366}
The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
- Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
- Uses it appropriately.
- Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
- Fixes a bunch of incorrect formats.
R= jochen@chromium.org, bmeurer@chromium.org, yangguo@chromium.org, ahaas@chromium.org
Review URL: https://codereview.chromium.org/1869433004
Cr-Commit-Position: refs/heads/master@{#35365}
The previous code cache system required stubs to be marked with a StubType, causing them to be inserted either into a fixed array or into a dictionary-mode code cache. This could cause names to be in both cases, and lookup would just find the "fast" one first. Given that we clear out the caches on each GC, the memory overhead shouldn't be too bad. Additionally, the dictionary itself should just stay linear for small arrays; that's faster anyway.
This CL additionally deletes some dead IC code.
BUG=
Review URL: https://codereview.chromium.org/1846963002
Cr-Commit-Position: refs/heads/master@{#35291}
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
R=mstarzinger@chromium.org, neis@chromium.orgTBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n
Review URL: https://codereview.chromium.org/1865833002
Cr-Commit-Position: refs/heads/master@{#35283}
Currently, if the size of two cmp or test operands is a byte or a word, we sign-extend or zero-extend each of them into a 32-bit register before doing the comparison, even when the conditions for the use of a memory operand are met.
This CL makes it possible to load only one of them into a register and address the other as a memory operand.
The tricky bit is that, unlike as in the x64 counterpart http://crrev.com/1780193003, not all registers can be accessed as bytes.
BUG=
Review URL: https://codereview.chromium.org/1845603002
Cr-Commit-Position: refs/heads/master@{#35199}
This reduces the reserved virtual memory size needed for the store buffer.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1851473002
Cr-Commit-Position: refs/heads/master@{#35174}
In the earlier implementation of GenerateDoubleToObject the context
is loaded from the parent's frame. rsi is clobbered because it is used
to store kHoleNan constnat. It is not always safe to peek at
the parents frame. Bytecode handlers have TypedFrame and the type of
frame is stored at FP + 1. GenerateDoubleToObject expects context
to be store at that place. In the current implementation rsi is pushed
onto the stack and is popped when exiting this function.
BUG=v8:4280,chromium:597565
LOG=N
Review URL: https://codereview.chromium.org/1848473002
Cr-Commit-Position: refs/heads/master@{#35163}
We now have everything in place to fully implement ToLengthStub as
TurboFanCodeStub without any runtime fallback (modulo allocation failure
of course).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1843933002
Cr-Commit-Position: refs/heads/master@{#35137}
Thus DevTools will be able to disable tail call elimination dynamically upon user's choice.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1837513002
Cr-Commit-Position: refs/heads/master@{#35098}
Now implemented as a builtin that delegates to the InstanceOfStub. That
stub was parameterized to fallback to either Runtime_InstanceOf or to
Runtime_OrdinaryHasInstance depending on the --harmony-instanceof flag.
Once the feature stabilizes and the flag is no longer needed, we can get
rid of this parameterization again.
R=bmeurer@chromium.org
BUG=v8:4447
LOG=n
Review URL: https://codereview.chromium.org/1819813002
Cr-Commit-Position: refs/heads/master@{#34959}
Split ToNumberStub into the entry ToNumberStub, and two new stubs,
StringToNumberStub and NonNumberToNumberStub, which can be used when we
already know something about the input (i.e. in various branches of the
code stubs, or in TurboFan graphs).
Also introduce an appropriate StringToNumber simplified operator for
TurboFan, that is pure and is lowered to an invocation of the newly
added StringToNumberStub.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1818923002
Cr-Commit-Position: refs/heads/master@{#34922}
Up until now all type conversions (i.e. ToNumber, ToString and friends)
had their own specific call interface descriptors, where some of them
had to match (i.e. ToString and NumberToString have to use the same
argument register). Instead of all the different descriptors, it's
sufficient to have a single TypeConversionDescriptor instead.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1823523002
Cr-Commit-Position: refs/heads/master@{#34916}
Repair this to match what the runtime correctly does, by first checking if the
function is a constructor before we access the prototype.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1810953002
Cr-Commit-Position: refs/heads/master@{#34863}
- New RelocInfo mode WASM_MEMORY_REFERENCE as a marker for wasm code objects that need to be relocated on a heap change
- RelocInfo mode recorded for immediates that use the memory buffer as base
- Tests to verify address patching works
BUG=
Committed: https://crrev.com/cc815b69c17da368107ed77306a5bb161170c834
Cr-Commit-Position: refs/heads/master@{#34831}
Review URL: https://codereview.chromium.org/1759873002
Cr-Commit-Position: refs/heads/master@{#34836}
Reason for revert:
Breaks compile:
https://build.chromium.org/p/client.v8/builders/V8%20Mac64/builds/7740
Probably had outdated tryjobs
Original issue's description:
> Assembler changes for enabling GrowHeap in Wasm
> - New RelocInfo mode WASM_MEMORY_REFERENCE as a marker for wasm code objects that need to be relocated on a heap change
> - RelocInfo mode recorded for immediates that use the memory buffer as base
> - Tests to verify address patching works
>
> BUG=
>
> Committed: https://crrev.com/cc815b69c17da368107ed77306a5bb161170c834
> Cr-Commit-Position: refs/heads/master@{#34831}
TBR=titzer@chromium.org,yangguo@chromium.org,bradnelson@chromium.org,bradnelson@google.com,marija.antic@imgtec.com,gdeepti@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1808823002
Cr-Commit-Position: refs/heads/master@{#34832}
- New RelocInfo mode WASM_MEMORY_REFERENCE as a marker for wasm code objects that need to be relocated on a heap change
- RelocInfo mode recorded for immediates that use the memory buffer as base
- Tests to verify address patching works
BUG=
Review URL: https://codereview.chromium.org/1759873002
Cr-Commit-Position: refs/heads/master@{#34831}
Int64Add is lowered to a new turbofan operator, Int32AddPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the addition.
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1778493004
Cr-Commit-Position: refs/heads/master@{#34747}
- Eliminate stubs with a variable number of arguments.
(That only worked due to their very limited use. These
stubs' interface descriptors were basically lying
about their number of args, which will fail when used
generically.)
- Fix all CallApi*Stubs' interface descriptors to no
longer lie about their arguments.
- Unify CallApi*Stub, for * in Function, Accessor,
FunctionWithFixedArgs.
(Since these are now all doing the same thing.)
- Rename the unified stub (and interface descriptors) to
*ApiCallback*, since that's really what they're doing.
- Refuse inlining an API callback if its number of
parameters exceeds the supported number of args.
BUG=
Committed: https://crrev.com/d238b953a474272c0e3ea22ef6a9b63fa9729340
Cr-Commit-Position: refs/heads/master@{#34614}
Review URL: https://codereview.chromium.org/1748123003
Cr-Commit-Position: refs/heads/master@{#34627}
Reason for revert:
Breaks Chromium.
Original issue's description:
> Rework CallApi*Stubs.
>
> - Eliminate stubs with a variable number of arguments.
> (That only worked due to their very limited use. These
> stubs' interface descriptors were basically lying
> about their number of args, which will fail when used
> generically.)
> - Fix all CallApi*Stubs' interface descriptors to no
> longer lie about their arguments.
> - Unify CallApi*Stub, for * in Function, Accessor,
> FunctionWithFixedArgs.
> (Since these are now all doing the same thing.)
> - Rename the unified stub (and interface descriptors) to
> *ApiCallback*, since that's really what they're doing.
> - Refuse inlining an API callback if its number of
> parameters exceeds the supported number of args.
>
> BUG=
>
> Committed: https://crrev.com/d238b953a474272c0e3ea22ef6a9b63fa9729340
> Cr-Commit-Position: refs/heads/master@{#34614}
TBR=danno@chromium.org,jkummerow@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1775933005
Cr-Commit-Position: refs/heads/master@{#34624}
- Eliminate stubs with a variable number of arguments.
(That only worked due to their very limited use. These
stubs' interface descriptors were basically lying
about their number of args, which will fail when used
generically.)
- Fix all CallApi*Stubs' interface descriptors to no
longer lie about their arguments.
- Unify CallApi*Stub, for * in Function, Accessor,
FunctionWithFixedArgs.
(Since these are now all doing the same thing.)
- Rename the unified stub (and interface descriptors) to
*ApiCallback*, since that's really what they're doing.
- Refuse inlining an API callback if its number of
parameters exceeds the supported number of args.
BUG=
Review URL: https://codereview.chromium.org/1748123003
Cr-Commit-Position: refs/heads/master@{#34614}
In case when F was called with incompatible number of arguments (and therefore
the arguments adator frame was created), F inlines a tail call of G which then
deopts the deoptimizer should also remove the arguments adaptor frame for F.
This CL adds required machinery to the deoptimizer.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1768263004
Cr-Commit-Position: refs/heads/master@{#34610}
Before this CL, various code stubs used different techniques
for marking their frames to enable stack-crawling and other
access to data in the frame. All of them were based on a abuse
of the "standard" frame representation, e.g. storing the a
context pointer immediately below the frame's fp, and a
function pointer after that. Although functional, this approach
tends to make stubs and builtins do an awkward, unnecessary
dance to appear like standard frames, even if they have
nothing to do with JavaScript execution.
This CL attempts to improve this by:
* Ensuring that there are only two fundamentally different
types of frames, a "standard" frame and a "typed" frame.
Standard frames, as before, contain both a context and
function pointer. Typed frames contain only a minimum
of a smi marker in the position immediately below the fp
where the context is in standard frames.
* Only interpreted, full codegen, and optimized Crankshaft and
TurboFan JavaScript frames use the "standard" format. All
other frames use the type frame format with an explicit
marker.
* Typed frames can contain one or more values below the
type marker. There is new magic macro machinery in
frames.h that simplifies defining the offsets of these fields
in typed frames.
* A new flag in the CallDescriptor enables specifying whether
a frame is a standard frame or a typed frame. Secondary
register location spilling is now only enabled for standard
frames.
* A zillion places in the code have been updated to deal with
the fact that most code stubs and internal frames use the
typed frame format. This includes changes in the
deoptimizer, debugger, and liveedit.
* StandardFrameConstants::kMarkerOffset is deprecated,
(CommonFrameConstants::kContextOrFrameTypeOffset
and StandardFrameConstants::kFrameOffset are now used
in its stead).
LOG=N
Review URL: https://codereview.chromium.org/1696043002
Cr-Commit-Position: refs/heads/master@{#34571}
In case when F tail calls G we should also remove the potential arguments adaptor frame for F.
This CL introduces two new machine instructions ArchTailCallCodeObjectFromJSFunction and ArchTailCallJSFunctionFromJSFunction which (unlike existing ArchTailCallCodeObject and ArchTailCallJSFunction) also drop arguments adaptor frame if it exists right before jumping to the target function.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1702423002
Cr-Commit-Position: refs/heads/master@{#34566}
I64Shl is lowered to a new turbofan operator, WasmWord64Shl. The new
operator takes 3 inputs, the low-word input, the high-word input, and
the shift, and produces 2 output, the low-word output and the high-word
output.
At the moment I implemented the lowering only for ia32, but I think the
CL is already big enough. I will add the other platforms in separate
CLs.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1756863002
Cr-Commit-Position: refs/heads/master@{#34546}
HInvokeFunction and HApplyArguments instructions now support tail calling.
Inlining of calls at tail position is not supported yet and therefore still disabled.
The tail-call-megatest was modified so that the usages of "arguments" object do not disable Crankshaft.
TBR=bmeurer@chromium.org
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1760253003
Cr-Commit-Position: refs/heads/master@{#34542}
Add StringLessThanStub, StringLessThanOrEqualStub, StringGreaterThanStub
and StringGreaterThanOrEqualStub, based on the CodeStubAssembler, and
hook them up with TurboFan (and Ignition). The stubs are currently
essentially comparable with the StringCompareStub, which is now
obsolete. We can later extend these stubs to cover more interesting
cases (i.e. two byte sequential string comparisons, etc.).
R=epertoso@chromium.org
Review URL: https://codereview.chromium.org/1765823002
Cr-Commit-Position: refs/heads/master@{#34485}
The support was already removed from the Crankshaft and this CL removes the last piece.
Review URL: https://codereview.chromium.org/1764593002
Cr-Commit-Position: refs/heads/master@{#34456}
Initial version of a new StrictEqualStub written as TurboFan code stub,
that implements the full strict equality comparison and is usable for
both TurboFan and Ignition (and soon for the generic CompareIC case
too). The stub is not fully optimized yet, i.e. we still go to the
runtime for string comparisons, but that'll be addressed in a follow-up
CL.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1753173003
Cr-Commit-Position: refs/heads/master@{#34423}
Add support to log source position offsets to the profiler. As part of
this change PositionsRecorder is split into two, with the subset needed
by log.cc moved into log.h and the remainder kept in assembler.h as
AssemblerPositionsRecorder. The interpreter's source position table
builder is updated to log positions when the profiler is active.
BUG=v8:4766
LOG=N
Review URL: https://codereview.chromium.org/1737043002
Cr-Commit-Position: refs/heads/master@{#34416}
In ia32 PushArgsAndConstruct builtin, we run out of registers and need to
temporarily store the data in the stack. In the earlier implementation,
a location outside the esp was used. This causes a problem if there is a
interrupt/signals which would use the same stack and corrupt the data that
is above the esp. This cl fixes it by pushing it onto the stack so that
the stack pointer is updated and hence the corruption will not happen. We
reuse the slot meant for receiver as a temporary store.
TBR=rmcilroy@chromium.org
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1750373002
Cr-Commit-Position: refs/heads/master@{#34397}
Since both null and undefined are also marked as undetectable now, we
can just test that bit instead of having the CompareNilIC try to collect
feedback to speed up the general case (without the undetectable bit
being used).
Drive-by-fix: Update the type system to match the new handling of
undetectable in the runtime.
R=danno@chromium.org
Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba
Cr-Commit-Position: refs/heads/master@{#34237}
Review URL: https://codereview.chromium.org/1722193002
Cr-Commit-Position: refs/heads/master@{#34344}
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.
Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.
R=mstarzinger@chromium.org
BUG=v8:4788
LOG=n
Review URL: https://codereview.chromium.org/1738153002
Cr-Commit-Position: refs/heads/master@{#34335}
Reason for revert:
Speculative revert in attempt to fix#2 crasher on canary.
Original issue's description:
> [compiler] Drop the CompareNilIC.
>
> Since both null and undefined are also marked as undetectable now, we
> can just test that bit instead of having the CompareNilIC try to collect
> feedback to speed up the general case (without the undetectable bit
> being used).
>
> Drive-by-fix: Update the type system to match the new handling of
> undetectable in the runtime.
>
> R=danno@chromium.org
>
> Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba
> Cr-Commit-Position: refs/heads/master@{#34237}
TBR=danno@chromium.org,verwaest@chromium.org,bmeurer@chromium.org
LOG=y
BUG=chromium:589897
NOTRY=true
Review URL: https://codereview.chromium.org/1743433002
Cr-Commit-Position: refs/heads/master@{#34308}
Only use one set of %StrictEquals/%StrictNotEquals and
%Equals/%NotEquals runtime entries for both the interpreter
and the old-style CompareICStub. The long-term plan is to
update the CompareICStub to also return boolean values, and
even allow some more code sharing with the interpreter there.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1738883002
Cr-Commit-Position: refs/heads/master@{#34303}
This optimization does not give us much (see perf try bot results associated with this CL) but complicates things a lot. The main motivation is to avoid additional complexity in tail call optimization.
There are some pieces left in the deoptimizer, but I'll address this in a separate CL.
Review URL: https://codereview.chromium.org/1731273003
Cr-Commit-Position: refs/heads/master@{#34273}
Reason for revert:
It is not a good idea to call CallICStub from the builtin. It might be sensitive to the frame structure. Constructing a internal frame might cause problems. It is much better to inline the code related to the type feedback vector into the builtin.
Original issue's description:
> [Interpreter] Implements calls through CallICStub in the interpreter.
>
> Calls are implemented through CallICStub to collect type feedback. Adds
> a new builtin called InterpreterPushArgsAndCallIC that pushes the
> arguments onto stack and calls CallICStub.
>
> Also adds two new bytecodes CallIC and CallICWide to indicate calls have to
> go through CallICStub.
>
> MIPS port contributed by balazs.kilvady.
>
> BUG=v8:4280, v8:4680
> LOG=N
>
> Committed: https://crrev.com/20362a2214c11a0f2ea5141b6a79e09458939cec
> Cr-Commit-Position: refs/heads/master@{#34244}
TBR=rmcilroy@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4680
Review URL: https://codereview.chromium.org/1731253003
Cr-Commit-Position: refs/heads/master@{#34252}
Calls are implemented through CallICStub to collect type feedback. Adds
a new builtin called InterpreterPushArgsAndCallIC that pushes the
arguments onto stack and calls CallICStub.
Also adds two new bytecodes CallIC and CallICWide to indicate calls have to
go through CallICStub.
MIPS port contributed by balazs.kilvady.
BUG=v8:4280, v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1688283003
Cr-Commit-Position: refs/heads/master@{#34244}
Since both null and undefined are also marked as undetectable now, we
can just test that bit instead of having the CompareNilIC try to collect
feedback to speed up the general case (without the undetectable bit
being used).
Drive-by-fix: Update the type system to match the new handling of
undetectable in the runtime.
R=danno@chromium.org
Review URL: https://codereview.chromium.org/1722193002
Cr-Commit-Position: refs/heads/master@{#34237}
The InstructionSelector now associates an effect level to every node in a block.
The effect level of a node is the number of non-eliminatable nodes encountered from the beginning of the block to the node itself.
With this change, on ia32 and x64, a load from memory into a register can be replaced by a memory operand if all of the following conditions hold:
1. The only use of the load is in a 32 or 64 bit word comparison.
2. The user node and the load node belong to the same block.
3. The values of the operands have the same size (i.e., no need to zero-extend or sign-extend the result of the load).
BUG=
Review URL: https://codereview.chromium.org/1706763002
Cr-Commit-Position: refs/heads/master@{#34187}
