- Lower LoadObjectField to LoadFromObject
- Mark LoadFromObject and StoreToObject as non-allocating
- Use optimizable BitcastTaggedSignedToWord in TaggedIsNotSmi check
R=jarin@chromium.org, tebbi@chromium.org
Change-Id: I42992d46597be795aee3702018f7efd93fcc6ebf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657926
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62173}
As a component of the wider Turbofan logging scheme, it makes sense
for JSHeapBroker logging to come through flags specified in the
OptimizedCompilationInfo class, which uses --trace-turbo-filter
to control which functions are logged.
Bug: v8:7790
Change-Id: I3b068d8be78867ab0bd9607dda9eca4123b9d7b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655297
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62111}
Currently, decompression elimination may reduce phis by pushing decompressions in the value inputs of the phi "down" and replacing it by a single decompression following the phi node. Because of the way that the replacement is currently done, other reducers in the same phase will not generally get a chance to revisit the modified phi.
In the specific case of v8:9335 this blocked an additional optimization in CommonOperatorReducer from being applied, causing the overall load elimination test to fail.
This CL fixes the replacement behavior in decompression elimination to also allow for revisitations of the modified phi node.
Bug: v8:9335 v8:9336
Change-Id: I3ca5686dacb41a525160b08456905ba77cf28b39
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Change-Id: I3ca5686dacb41a525160b08456905ba77cf28b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648238
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#62054}
On Windows, long is 32-bits, so the 'L' suffix shouldn't be used if a
64-bit value is needed. This caused a test failure in 'Int64MulWithImmediate'.
Change-Id: I93c43a1f166aa0e5bcd53aaf7a860fffd006fd0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627538
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61986}
CompressedHeapConstant is used in the DecompressionElimination Reducer to
create compressed HeapConstant values. It won't appear in the graph
up until that point.
This CL enables back the disabled tests in DecompressionElimination, as
well as generating the CompressedHeapConstant in that reducer.
The RelocInfo has already been added for x64 but not for arm64. Therefore,
the x64 version is now doing the mov on 32 bits. The support for ARM will
come in a following CL, and for now it is doing the mov in 64 bits.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: If0ca4f937cfa60501679e66f6fd5ded2df38f605
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632236
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61950}
There were some cases that were not yet contemplated on machine graph
verifier.
Also, there is some work to be done to create a Compressed HeapConstant.
Until that happens, we have to ignore HeapConstants for
DecompressionElimination's reductions.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: I9de8dd4272866830807a8d88e625e863fb5f1d0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632209
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61892}
Reduces compressions of constants, going from
Constant <- Compress <- Child
to
Compressed_Constant <- Child
This pattern commonly appeared when the Constant was being used as a
Store value (e.g StoreElement's value).
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I2e71f79ddd2a6fba42cdfe782cc89fff3a8d5ac1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627988
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61887}
The DecompressionElimination reducer can handle that case with the
comparison of Decompress vs HeapConstant. There is no need to do extra
work.
Reverts parts of https://chromium-review.googlesource.com/c/v8/v8/+/1518182.
The rest of that CL was reverted in a previous CL where the AccessBuilders
were updated.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I871577e49f9ccd95864af54bdd61884d34b7f223
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628792
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61883}
Especially for function types, this increases readability significantly.
Also the style guide recommends for 'using' over 'typedef'.
R=mstarzinger@chromium.org
Bug: v8:9183
Change-Id: If2d17863de39383f5a35e089298d37408791ce4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631415
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61872}
This is a reland of 4b86fea530 with
copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed
(bug led to holes in new space, which was crashing reproducibly
on the ia32 bot).
Original change's description:
> [typedarray] Move external/data pointer to JSTypedArray.
>
> As the next step in supporting huge typed arrays in V8, this moves the
> external/data pointer from the FixedTypedArrayBase backing store to the
> JSTypedArray instance itself, and replaces the special backing stores
> with a plain ByteArray (removing all the code for the FixedTypedArrayBase
> class hierarchy). By doing so, we can drastically simplify the system
> around typed arrays.
>
> Note: Several places in the code base used to check the instance type
> of the elements backing store of a JSTypedArray instead of checking the
> elements kind on the JSTypedArray map directly. Those had to be fixed,
> since the backing store is now always a ByteArray.
>
> Drive-by-fix: Move all the typed elements access related code into the
> elements.cc file to properly encapsulate the accesses.
>
> Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
> Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
> Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646
> Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61855}
Tbr: petermarshall@chromium.org
Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810
Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel
Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61864}
This reverts commit 4b86fea530.
Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045
Original change's description:
> [typedarray] Move external/data pointer to JSTypedArray.
>
> As the next step in supporting huge typed arrays in V8, this moves the
> external/data pointer from the FixedTypedArrayBase backing store to the
> JSTypedArray instance itself, and replaces the special backing stores
> with a plain ByteArray (removing all the code for the FixedTypedArrayBase
> class hierarchy). By doing so, we can drastically simplify the system
> around typed arrays.
>
> Note: Several places in the code base used to check the instance type
> of the elements backing store of a JSTypedArray instead of checking the
> elements kind on the JSTypedArray map directly. Those had to be fixed,
> since the backing store is now always a ByteArray.
>
> Drive-by-fix: Move all the typed elements access related code into the
> elements.cc file to properly encapsulate the accesses.
>
> Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
> Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
> Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646
> Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61855}
TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org
Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61856}
As the next step in supporting huge typed arrays in V8, this moves the
external/data pointer from the FixedTypedArrayBase backing store to the
JSTypedArray instance itself, and replaces the special backing stores
with a plain ByteArray (removing all the code for the FixedTypedArrayBase
class hierarchy). By doing so, we can drastically simplify the system
around typed arrays.
Note: Several places in the code base used to check the instance type
of the elements backing store of a JSTypedArray instead of checking the
elements kind on the JSTypedArray map directly. Those had to be fixed,
since the backing store is now always a ByteArray.
Drive-by-fix: Move all the typed elements access related code into the
elements.cc file to properly encapsulate the accesses.
Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61855}
This replaces all typedefs that define types and not functions by the
equivalent "using" declaration.
This was done mostly automatically using this command:
ag -l '\btypedef\b' src test | xargs -L1 \
perl -i -p0e 's/typedef ([^*;{}]+) (\w+);/using \2 = \1;/sg'
Patchset 2 then adds some manual changes for typedefs for pointer types,
where the regular expression did not match.
R=mstarzinger@chromium.orgTBR=yangguo@chromium.org, jarin@chromium.org
Bug: v8:9183
Change-Id: I6f6ee28d1793b7ac34a58f980b94babc21874b78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631409
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61849}
This reduction replaces the Phi's input decompressions with their parent
node, if and only if all of the Phi's inputs are Decompress nodes.
Also, if we have different Decompress nodes as inputs, we need to use
a conservative decompression after the Phi.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I8cc0264f9d08fe5ad25364f18c9f305afc54529c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624785
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61820}
This CL was generated by an automatic clang AST rewriter using this
matcher expression:
callExpr(
callee(
cxxMethodDecl(
hasName("operator->"),
ofClass(isSameOrDerivedFrom("v8::internal::Object"))
)
),
argumentCountIs(1)
)
The "->" at the expression location was then rewritten to ".".
R=jkummerow@chromium.orgTBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org
Bug: v8:9183, v8:3770
No-Try: true
No-Tree-Checks: true
Change-Id: I0a7ecabdeafe51d0cf427f5280af0c7cab96869e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624209
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61764}
Adding the case of having a decompress and a constant (both HeapConstant
and Int64Constant).
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: Ic9475e9762575e7f6ca2937d832638f7c9897e1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613253
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61736}
This is a border case that appeared in one of our tests. It seems a good
idea to test for it. It does not seem to be common enough to handle it
specifically (i.e replacing the Word64Equal with a true bool constant)
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I27e85a2493ab03b92591e788a185d6109904eef1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613252
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61726}
This CL also removes the corresponding intrinsic lowering of
IsTypedArray in TurboFan and Ignition.
Drive-by: Remove unused ArrayBufferViewWasDetached runtime function.
Bug: v8:9183
Change-Id: I2767b22fbdfb679cba30b9fbc555c8d41c7f4345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617930
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61677}
This also fixes a bug in 'InitializeCallBuffer', where it wouldn't claim enough
slots for each parameter. This caused the Simd128 instruction selector test to
only claim 3 slots (rather than 4) and then perform an unnecessary padding poke.
v8_Default_embedded_blob_size from the generated file gen/embedded.S
Before: 4957056
After: 4954368
This gives a 0.05% size decrease.
Change-Id: Ic9bb998fb8a9111fb90e1c3e537ea0f2a5fa7b33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617665
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#61649}
Added the comparison of two decompresses to the DecompressionElimination
AdvancedReducer. Note that it works in the case that lhs is equal to rhs.
Also added tests for its implementation.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I21676a78b592859692768c3499ea11117d3bb5a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609793
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61647}
After introducing explicit compress and decompress nodes for each load
and store we are left with many nodes that are redundant.
This CL aims to eliminate redundant decompressions and compressions in the
"direct decompression & compression" category.
Also added tests to test the new reducer.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I93e024d13af34d484086b7983f379265d16ac154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602702
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61473}
... by moving the EffectControlLinearizer class into the .cc file and
only exposing a single function in the header.
Change-Id: I63dc3edd9de7df60041f0687d920996e308e0d4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605739
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61413}
Everything after UNREACHABLE is dead code, so it makes sense to remove them.
Bug: v8:9183
Change-Id: If76468a73b926d74717cc2348fd5b36d30f680c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605727
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61411}
The call to EnsureSourcePositionsAvailable for a given SharedFunctionInfo
is now done in the serializer for each SFI that is marked as serialized for
compilation. This will enable brokerization of the JSInliner class.
Change-Id: I7821a50fcac8a3e19386e98758f2b0dea3023bb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582400
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61260}
FNMUL is efficient arm64 instruction, which can save 1 cycle
by optimizing FNEG(FMUL x y)) to FNMUL x y and
FMUL((FNEG x) y) to FNMUL x y
Change-Id: If25d9de1253098b17033a9d8736ff6a1c06601f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1572681
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61230}
This CL removes the flag '--turbo-preprocess-ranges' and enables it by
default.
If FLAG_turbo_control_flow_aware_allocation is set,
--turbo-preprocess-ranges is disabled and control flow aware
allocation is enabled instead.
Bug: v8:9088
Change-Id: I81d56f15efc8f765e317aa828d27f415f8b7fd40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585725
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61070}
We see crashes in the wild that we suspect are caused by these changes.
This is a manual revert because of conflicts.
Revert "[turbofan] Fix incorrect CheckNonEmptyString lowering."
This reverts commit b3b7011867.
Revert "[turbofan] Fix incorrect lowering of CheckNonEmptyString."
This reverts commit 5758209026.
Revert "[turbofan] Significantly improve ConsString creation performance."
This reverts commit d6a60a0ee1.
Bug: v8:9147
Change-Id: I262c21e5406a9c4c8ad0e0f995582c5802f0fa1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571613
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60919}
We translate loads with TaggedXXX (XXX in {"", "Signed", "Pointer"})
representation in CSA into loads of CompressedXXX +
ChangeCompressedXXXToTaggedXXX in the raw-machine-assembler.
This way, CSA doesn't need to know about Compressed values since we
are introducing an explicit "decompress" node.
Also updating tests that were checking for the load nodes.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: Ie22ca8123a25ef005c1ff7383776f9355020fa42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565897
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60873}
Includes both changing from compressed pointers and to compressed pointers.
Also added tests to the representation changer test
B
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977
Change-Id: I8a13f6b7ec2208442aa354949173cc9061bce168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533866
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60587}
Allocate feedback vectors lazily when the function's interrupt budget has
reached a specified threshold. This cl introduces a new field in the
ClosureFeedbackCellArray to track the interrupt budget for allocating
feedback vectors. Using the interrupt budget on the bytecode array could
cause problems when there are closures across native contexts and we may
delay allocating feedback vectors in one of them causing unexpected
performance cliffs. In the long term we may want to remove interrupt budget
from bytecode array and use context specific budget for tiering up decisions
as well.
Bug: v8:8394
Change-Id: Ia8fbb71f5e8543a92f14c44aa762973da82d445c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520719
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60450}
This is a reland of 1ca088652d
Original change's description:
> Reland "[regalloc] Introduce deferred fixed ranges"
>
> This is a reland of b176931311
>
> Original change's description:
> > [regalloc] Introduce deferred fixed ranges
> >
> > Fixed ranges are used to express register constraints in the
> > allocator. This change splits these fixed ranges into one for
> > normal code and deferred code. The former are handeled as before
> > whereas the latter are only made visible while allocating
> > registers for deferred code.
> >
> > This prevents forward looking decisions in normal code to be
> > impacted by register constraints from deferred code.
> >
> > Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60322}
>
> Change-Id: I1a31150256eb5608db985b144aab7ea457169d0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530810
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60364}
Change-Id: If4a956716e7e4de132f706be2c395cdfdc04ec94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532328
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60408}
In the int64 lowering pass some parameter nodes are considered special
and don't require any transformation. For instance the Wasm instance.
With the experimental-wasm-bigint proposal, two new special parameters
are going through the pass, this CL avoids transforming them.
Change-Id: Ie99ffaff125b9ef8c56e1883aac9e18e4072fc3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532336
Auto-Submit: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#60404}
This reverts commit 1ca088652d.
Reason for revert: Regressions across the board
Original change's description:
> Reland "[regalloc] Introduce deferred fixed ranges"
>
> This is a reland of b176931311
>
> Original change's description:
> > [regalloc] Introduce deferred fixed ranges
> >
> > Fixed ranges are used to express register constraints in the
> > allocator. This change splits these fixed ranges into one for
> > normal code and deferred code. The former are handeled as before
> > whereas the latter are only made visible while allocating
> > registers for deferred code.
> >
> > This prevents forward looking decisions in normal code to be
> > impacted by register constraints from deferred code.
> >
> > Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60322}
>
> Change-Id: I1a31150256eb5608db985b144aab7ea457169d0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530810
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60364}
TBR=jarin@chromium.org,sigurds@chromium.org,herhut@chromium.org
Change-Id: Id8ad6c39774e38dd67decea997e08a4c58c452ec
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532327
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60381}
This is a reland of b176931311
Original change's description:
> [regalloc] Introduce deferred fixed ranges
>
> Fixed ranges are used to express register constraints in the
> allocator. This change splits these fixed ranges into one for
> normal code and deferred code. The former are handeled as before
> whereas the latter are only made visible while allocating
> registers for deferred code.
>
> This prevents forward looking decisions in normal code to be
> impacted by register constraints from deferred code.
>
> Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60322}
Change-Id: I1a31150256eb5608db985b144aab7ea457169d0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530810
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60364}
This reverts commit b176931311.
Reason for revert: Flag access breaks TSAN (not an issue with this
CL as such, but we need to revert to re-open the tree).
Original change's description:
> [regalloc] Introduce deferred fixed ranges
>
> Fixed ranges are used to express register constraints in the
> allocator. This change splits these fixed ranges into one for
> normal code and deferred code. The former are handeled as before
> whereas the latter are only made visible while allocating
> registers for deferred code.
>
> This prevents forward looking decisions in normal code to be
> impacted by register constraints from deferred code.
>
> Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60322}
TBR=jarin@chromium.org,sigurds@chromium.org,herhut@chromium.org
Change-Id: I5675a96acf0b5e5f7d63c60a742d2971b6d0d34d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530803
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60324}
Fixed ranges are used to express register constraints in the
allocator. This change splits these fixed ranges into one for
normal code and deferred code. The former are handeled as before
whereas the latter are only made visible while allocating
registers for deferred code.
This prevents forward looking decisions in normal code to be
impacted by register constraints from deferred code.
Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60322}
This change significantly improves the performance of string
concatenation in optimized code for the case where the resulting string
is represented as a ConsString. On the relevant test cases we go from
serializeNaive: 10762 ms.
serializeClever: 7813 ms.
serializeConcat: 10271 ms.
to
serializeNaive: 10278 ms.
serializeClever: 5533 ms.
serializeConcat: 10310 ms.
which represents a 30% improvement on the "clever" benchmark, which
tests specifically the ConsString creation performance.
This was accomplished via a couple of different steps, which are briefly
outlined here:
1. The empty_string gets its own map, so that we can easily recognize
and handle it appropriately in the TurboFan type system. This
allows us to express (and assert) that the inputs to NewConsString
are non-empty strings, making sure that TurboFan no longer creates
"crippled ConsStrings" with empty left or right hand sides.
2. Further split the existing String types in TurboFan to be able to
distinguish between OneByte and TwoByte strings on the type system
level. This allows us to avoid having to dynamically lookup the
resulting ConsString map in case of ConsString creation (i.e. when
we know that both input strings are OneByte strings or at least
one of the input strings is TwoByte).
3. We also introduced more finegrained feedback for the Add bytecode
in the interpreter, having it collect feedback about ConsStrings,
specifically ConsOneByteString and ConsTwoByteString. This feedback
can be used by TurboFan to only inline the relevant code for what
was seen so far. This allows us to remove the Octane/Splay specific
magic in JSTypedLowering to detect ConsString creation, and instead
purely rely on the feedback of what was seen so far (also making it
possible to change the semantics of NewConsString to be a low-level
operator, which is only introduced in SimplifiedLowering by looking
at the input types of StringConcat).
4. On top of the before mentioned type and interpreter changes we added
new operators CheckNonEmptyString, CheckNonEmptyOneByteString, and
CheckNonEmptyTwoByteString, which perform the appropriate (dynamic)
checks.
There are several more improvements that are possible based on this, but
since the change was already quite big, we decided not to put everything
into the first change, but do some follow up tweaks to the type system,
and builtin optimizations later.
Tbr: mstarzinger@chromium.org
Bug: v8:8834, v8:8931, v8:8939, v8:8951
Change-Id: Ia24e17c6048bf2b04df966d3cd441f0edda05c93
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: https://bit.ly/fast-string-concatenation-in-javascript
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499497
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60318}
If pointer compression is on, it makes sense to embed the map as
a 32-bit constant, for direct comparison. No need to uncompress
the receiver map.
Bug: v8:8982
Change-Id: I285ca4d5b49b26536873776d298e18bcbf84b23e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518182
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60313}
There were four places where we did essentially the same steps in
order to extract the initial map for inlining a JSCreate operation.
This CL creates a function on NodeProperties for this task.
As a side effect, this fixes a bug in ReduceJSCreateArray, where
has_initial_map could get called when it wasn't permissible to do so.
Notes: For simplicity, in one or two places where we used to get the
target/newtarget constants from the types we now get them from
HeapConstant nodes.
Cosmetic change: rename "receiver_map" to the more accurate
"root_map" in JSNativeContextSpecialization::ExtractReceiverMaps.
Bug: chromium:939316
Change-Id: I8fd9eb50993be3d839ab9b18eeea28184c53eabf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528435
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60301}
