The type feedback for load and store ICs might be polluted because of
different/conflicting call sites, but yet we can utilize some of the
static information that is available in the graph to determine the
effective receiver map, or at least filter out impossible receiver maps
from the feedback by looking at the transition trees.
This is similar to what Crankshaft does in ComputeReceiverTypes, but
more general and less hacky.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1972563002
Cr-Commit-Position: refs/heads/master@{#36167}
... by
1) avoiding accessing RuntimeCallStats instance,
2) avoiding calculating address of a counter field,
3) and using statically known pointer to a member counter instead.
And in addition some code cleanup.
BUG=chromium:596055
LOG=N
Review-Url: https://codereview.chromium.org/1965133002
Cr-Commit-Position: refs/heads/master@{#36162}
By now the runtime entry function in question is a duplicate of the
existing Runtime_ToFastProperties function. This just gets rid of the
duplication.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1963973003
Cr-Commit-Position: refs/heads/master@{#36161}
port 2da70f853d (r36136)
original commit message:
Trying to re-land http://crrev.com/1948453002 after fixing assembler-x64.cc in http://crrev.com/1962563003.
Before this patch, we would emit a cmp or test with a memory operand only if both of the operands in the IR were loads.
Now if either of them is a load and the other one is an immediate, we can use a memory operand if the load representation machine size is wide enough to represent the latter.
BUG=
Review-Url: https://codereview.chromium.org/1967913003
Cr-Commit-Position: refs/heads/master@{#36159}
port 61f5fbbb19 (r36133)
original commit message:
The new allocation folding implementation avoids fragmentation between folded allocation. As a consequence, our heap will always be iterable i.e. we do not have to perform a garbage collection
before iterating the heap.
BUG=
Review-Url: https://codereview.chromium.org/1969553003
Cr-Commit-Position: refs/heads/master@{#36158}
Up until now we had two places where we did the function prototype
folding, once in the Typer and once in JSTypedLowering. Put this logic
into JSNativeContextSpecialization instead.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1965293002
Cr-Commit-Position: refs/heads/master@{#36157}
This removes the explicit disabling of optimization for eval code. Such
code can by now be optimized by TurboFan. Note that the usual heuristics
in the AstNumberingVisitor still apply and will be used to choose the
effective optimization backend.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1962103003
Cr-Commit-Position: refs/heads/master@{#36156}
Make JSCreateArguments eliminatable, and remove the need for frame
states on JSCreateArguments nodes being lowered to (optimized) stub
calls. Only the runtime fallback needs a frame state, because in that
case we need to ask the deoptimizer for arguments to inlined functions.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1965013005
Cr-Commit-Position: refs/heads/master@{#36154}
The data from UseCounters are in--V8's custom Promise methods are not
in wide use on the web (<.002%). Therefore, this patch removes them.
That includes:
- Promise.prototype.chain
- Promise.defer -- the most widely used of the bunch
- Promise.accept
For now, those methods are still available by checking the "disable
latest stable JavaScript features" flag, or --promise-extra at the
command line, but I expect them to be fully removable.
R=adamk
CC=rossberg
BUG=v8:3238,v8:4633
Review-Url: https://codereview.chromium.org/1965183002
Cr-Commit-Position: refs/heads/master@{#36152}
Globals used to be hole-initialized in the case of toplevel legacy
const declarations. But now that the only use of legacy const is
for sloppy function expression names, we can unconditionally
initialize globals to undefined instead of the_hole.
Review-Url: https://codereview.chromium.org/1964993002
Cr-Commit-Position: refs/heads/master@{#36151}
When the rewriter moves a temporary variable between scopes, it must
be sure to maintain the order, so that the rewritten order is the
same as it would have been without rewriting.
To expose the difference in behavior, this patch removes the superfluous
visitation of ForOfStatement::each() from AstExpressionVisitor, which
happened to be the only thing keeping all the temporaries in order
in mjsunit/harmony/regress/regress-crbug-578038.js. Without the proper
order, this test would fail under --stress-opt, because the ".for"
variable (behind the "each" proxy) would get two different positions
in the scope, one on first parse (with rewriting) and the other on
second parse (lazy parsing for optimization).
A follow-up patch will remove each() and iterable() from ForOfStatement
altogether, but I wanted to keep this patch small to highlight exactly
the bit of code needed to make the test pass when not visiting each().
BUG=v8:4791
LOG=n
Review-Url: https://codereview.chromium.org/1784893003
Cr-Commit-Position: refs/heads/master@{#36150}
Old code failed to walk over deleted elements, instead treating
deleted elements as "undefined" in the output array.
This is the Map equivalent of commit 2d9bfe9ad5.
Also micro-optimized the loops to avoid an extra call to KeyAt()
and used a direct hole comparison instead of calling IsTheHole().
R=cbruni@chromium.org
BUG=v8:4946
LOG=y
Review-Url: https://codereview.chromium.org/1965593002
Cr-Commit-Position: refs/heads/master@{#36149}
Renames IsDouble* predicates to IsFP*.
Adds specific IsFloat*, IsDouble*, and IsSimd128* predicates.
Adds specific GetFloatRegister, GetDoubleRegister, and
GetSimd128Register methods.
This is mostly a mechanical renaming of IsDouble* to IsFP* methods.
This shouldn't change code generation at all. All fp registers are still
treated as double registers.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/1959763002
Cr-Commit-Position: refs/heads/master@{#36146}
Adds a tool which enables annotation of the disassembly of bytecode handlers
based on perf output.
BUG=4899
LOG=N
Review-Url: https://codereview.chromium.org/1945673002
Cr-Commit-Position: refs/heads/master@{#36145}
Rather than pushing zero for the initial bytecode offset, we should push the
offset of the first bytecode handler, Smi tagged. This fixes the line number
for the top stack frame on overflow errors.
BUG=v8:4981
LOG=N
Review-Url: https://codereview.chromium.org/1950913004
Cr-Commit-Position: refs/heads/master@{#36137}
Trying to re-land http://crrev.com/1948453002 after fixing assembler-x64.cc in http://crrev.com/1962563003.
Before this patch, we would emit a cmp or test with a memory operand only if both of the operands in the IR were loads. Now if either of them is a load and the other one is an immediate, we can use a memory operand if the load representation machine size is wide enough to represent the latter.
Review-Url: https://codereview.chromium.org/1968453002
Cr-Commit-Position: refs/heads/master@{#36136}
Reason for revert:
Causes regressions.
Original issue's description:
> [build] Use -O2 on linux by default
>
> This switches O2 -> O3 to match chromium's configuration.
>
> This makes the difference between gn and gyp a bit smaller
> before switching.
>
> BUG=chromium:474921
> LOG=n
>
> Committed: https://crrev.com/a37ab71e343b8cc24df05868b941a49e0c271376
> Cr-Commit-Position: refs/heads/master@{#36124}
TBR=jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/1958253004
Cr-Commit-Position: refs/heads/master@{#36135}
In the bytecode graphbuilder, translate the two generator-specific
bytecodes as a couple of runtime calls for now.
BUG=v8:4907
LOG=n
Review-Url: https://codereview.chromium.org/1957393004
Cr-Commit-Position: refs/heads/master@{#36134}
The new allocation folding implementation avoids fragmentation between folded allocation. As a consequence, our heap will always be iterable i.e. we do not have to perform a garbage collection before iterating the heap.
BUG=chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1899813003
Cr-Commit-Position: refs/heads/master@{#36133}
This adds a new pass MemoryOptimizer that walks over the effect chain
from Start and lowers all Allocate, LoadField, StoreField, LoadElement,
and StoreElement nodes, trying to fold allocations into allocation
groups and eliminate write barriers on StoreField and StoreElement if
possible (i.e. if the object belongs to the current allocation group and
that group allocates in new space).
R=hpayer@chromium.org, jarin@chromium.org
BUG=v8:4931, chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1963583004
Cr-Commit-Position: refs/heads/master@{#36128}
This implements declaration of lookup slots for variables and functions
within optimized code. Such a declaration only appears with top-level
eval code, which we only recently started handling in TurboFan.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1962723002
Cr-Commit-Position: refs/heads/master@{#36125}
This switches O2 -> O3 to match chromium's configuration.
This makes the difference between gn and gyp a bit smaller
before switching.
BUG=chromium:474921
LOG=n
Review-Url: https://codereview.chromium.org/1963693004
Cr-Commit-Position: refs/heads/master@{#36124}
Treat --trace-turbo and --trace-turbo-graph similar to --trace-hydrogen
and --trace-hydrogen-stubs, in that we disable concurrent recompilation
in that case (otherwise we cannot print heap objects and stuff).
R=ishell@chromium.org
BUG=v8:4969
LOG=n
Review-Url: https://codereview.chromium.org/1965653003
Cr-Commit-Position: refs/heads/master@{#36123}
- Inline reads to the species protector
- Put V8_LIKELY/V8_UNLIKELY to guide Array.prototype.{slice,splice,concat}
to the fast paths
- Put the Array species good path checks directly in
Array.prototype.concat to avoid a couple reads of the array constructor
from the native context
These changes together bring a ~4-6% win on
kraken-orig/stanford-crypto-pbkdf2-orig which more than makes up from
the performance degradation from a recent other species-related change.
BUG=chromium:609739
R=cbruni@chromium.org
LOG=Y
Review-Url: https://codereview.chromium.org/1958713003
Cr-Commit-Position: refs/heads/master@{#36121}
Rolling v8/build to 143dcc2b1b07c16858f16f25fefe04311f663279
Rolling v8/tools/clang to 18b63c680a59a7125514b1e05ca42cdfb89a19c7
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/1959293002
Cr-Commit-Position: refs/heads/master@{#36120}
