Add methods for converting parameter index to a register and vice-versa.
Move Register class into bytecodes.h.
Update Bytecodes::Decode to pretty print parameters.
BUG=v8:4280
LOG=NO
Review URL: https://codereview.chromium.org/1325983002
Cr-Commit-Position: refs/heads/master@{#30549}
Adds support for property load operations via Load/KeyedLoad ICs. Adds the
following bytecodes:
- LoadIC
- KeyedLoadIC
Also adds support to the interpreter assembler for loading the type feedback
vector from the function on the stack, and calling ICs.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1309843007
Cr-Commit-Position: refs/heads/master@{#30543}
Now that it is no longer needed, this also removes the invalid inclusion
of "object-inl.h" within the "unique.h" header file.
Note that this change still leaves 2 violations of that rule in the
code, checked with the "tools/check-inline-includes.sh" tool.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1321223002
Cr-Commit-Position: refs/heads/master@{#30503}
This CL us a pure refactoring that makes an empty compilation unit
including just "isolate.h" or "contexts.h" but not "objects-inl.h"
compile without warnings or errors. This is needed to further reduce
the header dependency tangle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1322883002
Cr-Commit-Position: refs/heads/master@{#30500}
I plan to reuse this for live range splitting/splintering/merging tests.
BUG=
Review URL: https://codereview.chromium.org/1305313008
Cr-Commit-Position: refs/heads/master@{#30461}
The usage of Unique<T> throughout the TurboFan IR does not have any
advantage. There is no single point in time when they are initialized
and most use-sites looked through to the underlying Handle<T> anyways.
Also there already was a mixture of Handle<T> versus Unique<T> in the
graph and this unifies the situation to use Handle<T> everywhere.
R=bmeurer@chromium.org,titzer@chromium.org
Review URL: https://codereview.chromium.org/1314473007
Cr-Commit-Position: refs/heads/master@{#30458}
Adds support to the interpreter for loading literals from the constant pool.
Adds the LoadConstant bytecode and makes use of it for loading large Smis and
HeapObject literals.
Also removes unused HandleVector from utils.h.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1321663003
Cr-Commit-Position: refs/heads/master@{#30450}
Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1303403004
Cr-Commit-Position: refs/heads/master@{#30403}
A TopLevelLiveRange is the live range of a virtual register. Through
register allocation, it may end up being split in a succession of child
live ranges, where data flow is handled through moves from
predecessor to successor child.
Today, the concepts of "top level" and "child" live ranges are conflated
under the LiveRange class. However, a good few APIs pertain solely
to TopLevelLiveRanges. This was communicated through comments or
DCHECKs - but this makes for poor code comprehensibility and maintainability.
For example, the worklist of the register allocator (live_ranges()) needs
to only contain TopLevelLiveRanges; spill range concerns are associated
only with the top range; phi-ness; certain phases in the allocation pipeline;
APIs on LiveRange used for initial construction - before splitting;
splintering - these are all responsibilities associated to TopLevelLiveRanges,
and not child live ranges.
This change separates the concepts.
An effect of this change is that child live range allocation need not involve
RegisterAllocationData. That's "a good thing" (lower coupling), but it has
the side-effect of not having a good way to construct unique identifiers for
child live ranges, relative to a given InstructionSequence.
LiveRange Id are used primarily for tracing/output-ing, and debugging.
I propose a 2-component identifier: a virtual register (vreg) number,
uniquely identifying TopLevelLiveRanges; and a relative identifier, which
uniquely identifies children of a given TopLevelLiveRange. "0" is reserved
for the TopLevel range. The relative identifier does not necessarily
indicate order in the child chain, which is no worse than the current state
of affairs.
I believe this change should make it easier to understand a trace output
(because the virtual register number is readily available). I plan to formalize
with a small structure the notion of live range id, and consolidate tracing
around that, as part of a separate CL. (there are seemingly disparate ways
to trace - printf or stream-based APIs - so this seems like an opportune
change to consolidate that)
Review URL: https://codereview.chromium.org/1311983002
Cr-Commit-Position: refs/heads/master@{#30370}
This change encompasses what is necessary to enable stack checks in loops without suffering large regressions.
Primarily, it consists of a new mechanism for dealing with deferred blocks by "splintering", rather than splitting, inside deferred blocks.
My initial change was splitting along deferred block boundaries, but the regression introduced by stackchecks wasn't resolved conclusively. After investigation, it appears that just splitting ranges along cold block boundaries leads to a greater opportunity for moves on the hot path, hence the suboptimal outcome.
The alternative "splinters" ranges rather than splitting them. While splitting creates 2 ranges and links them (parent-child), in contrast, splintering creates a new independent range with no parent-child relation to the original. The original range appears as if it has a liveness hole in the place of the splintered one. All thus obtained ranges are then register allocated with no change to the register allocator.
The splinters (cold blocks) do not conflict with the hot path ranges, by construction. The hot path ones have less pressure to split, because we remove a source of conflicts. After allocation, we merge the splinters back to their original ranges and continue the pipeline. We leverage the previous changes made for deferred blocks (determining where to spill, for example).
Review URL: https://codereview.chromium.org/1305393003
Cr-Commit-Position: refs/heads/master@{#30357}
Adds implementations and tests for the following bytecodes:
- Add
- Sub
- Mul
- Div
- Mod
Also adds the Mod bytecode and adds support to BytecodeGenerator and
BytecodeArrayBuilder to enable it's use.
The current bytecodes always call through to the JS builtins. This also adds
LoadObjectField and CallJSBuiltin operators to the InterpreterAssembler.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1300813005
Cr-Commit-Position: refs/heads/master@{#30352}
Passes the current context to bytecode interpreter handlers. This is held in the
context register on all architectures except for ia32 where there are too few
registers and it is instead spilled to the stack.
Also changes Load/StoreRegister to use kMachAnyTagged representation since they
should only ever hold tagged values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1294133004
Cr-Commit-Position: refs/heads/master@{#30325}
Makes the following modifications to the interpreter builtins and
InterpreterAssembler:
- Adds an accumulator register and initializes it to undefined()
- Adds a register file pointer register and use it instead of FramePointer to
access registers
- Modifies builtin to support functions with 0 regiters in the register file
- Modifies builtin to Call rather than TailCall to first bytecode handler.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1289863003
Cr-Commit-Position: refs/heads/master@{#30219}
- Make the API look like v8::V8::InitializeICU.
(That is: A static method call, not an object to be created on the stack.)
- Fix path separator on Windows, by calling base::OS::isPathSeparator.
- Move into API, so that it can be called by hello-world & friends.
- Actually call it from hello-world and friends.
R=jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1292053002
Cr-Commit-Position: refs/heads/master@{#30174}
Reason for revert:
Breaks win32 nosnap
Original issue's description:
> [runtime] Remove useless IN builtin.
>
> Similar to DELETE, the IN builtin is just a thin wrapper for %HasElement
> and %HasProperty anyway, and cannot be optimized, plus it had a weird
> special fast case (which also involved at least one LOAD_IC plus some
> intrinsic magic).
>
> R=yangguo@chromium.org,jarin@chromium.org
>
> Committed: https://crrev.com/72d60a1e80e81e2e68ca402665e2acbc46c5e471
> Cr-Commit-Position: refs/heads/master@{#30154}
TBR=yangguo@chromium.org,jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1288923002
Cr-Commit-Position: refs/heads/master@{#30155}
Similar to DELETE, the IN builtin is just a thin wrapper for %HasElement
and %HasProperty anyway, and cannot be optimized, plus it had a weird
special fast case (which also involved at least one LOAD_IC plus some
intrinsic magic).
R=yangguo@chromium.org,jarin@chromium.org
Review URL: https://codereview.chromium.org/1295433002
Cr-Commit-Position: refs/heads/master@{#30154}
Modifies the BytecodeArrayBuilder to create register operands which are
negative. This reduces the number of instructions to access registers
by the interpreter and allows us to use positive register operands to
access parameter values.
Adds a Register class to keep register usage typesafe and simplify the
convertion to bytecode operand values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1283313003
Cr-Commit-Position: refs/heads/master@{#30151}
TurboFan is now a requirement and supported by all backends, so we don't
need those macros (plus all the machinery on top) anymore.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1282763002
Cr-Commit-Position: refs/heads/master@{#30082}
Rationale: The {kind} of a call descriptor describes what the {target} being
called is--i.e. a JSFunction, code object, or address. That kind materially
dictates the instruction(s) generated for an outgoing call.
The other flags on a call descriptor should describe specific properties
(like whether a roots register is valid or not) so that backend logic doesn't
have to switch over the kind, but is informed directly of what it wants to
know.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1268273003
Cr-Commit-Position: refs/heads/master@{#30065}
Add factory methods for different types of LinkageLocations, and ensure that
accesses to the underlying data in the location are classified by type and
funneled through explicit accessors.
Also change the representation of LinkageLocation to use a BitField rather
than using a reserved section of the integer range.
Review URL: https://codereview.chromium.org/1262343002
Cr-Commit-Position: refs/heads/master@{#29938}
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
MIPS and MIPS64 port contributed by Paul Lind (paul.lind@imgtec.com)
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1245133002
Cr-Commit-Position: refs/heads/master@{#29929}
Changes the interpreter to use a BytecodeArray pointer and an offset to avoid
having an inner pointer to a BytecodeArray object in registers during dispatch.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1254293006
Cr-Commit-Position: refs/heads/master@{#29910}
Adds basic support for generation of interpreter bytecode handler code
snippets. The InterpreterAssembler class exposes a set of low level,
interpreter specific operations which can be used to build a Turbofan
graph. The Interpreter class generates a bytecode handler snippet for
each bytecode by assembling operations using an InterpreterAssembler.
Currently only two simple bytecodes are supported: LoadLiteral0 and Return.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1239793002
Cr-Commit-Position: refs/heads/master@{#29814}
Consolidated conflict detection and traversal logic in CoalescedLiveRanges to avoid duplication in both code and testing. In addition, this change achieves better separation between CoalescedLiveRanges and other register allocator components, improving testability and maintainability.
BUG=
Review URL: https://codereview.chromium.org/1219063017
Cr-Commit-Position: refs/heads/master@{#29783}
The InterpreterAssembler needs to specify a specific CallDescriptor type
instead of using the SimplifiedCDescriptor type. This CL makes it possible
to specify the CallDescriptor used by the RawMachineAssembler instead of
specifying a MachineSignature.
Also removes instruction-selector-tester.h which was erroneously resurrected
at some point.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1235313002
Cr-Commit-Position: refs/heads/master@{#29777}
In many cases, the context that TurboFan's ASTGraphBuilder or subsequent
reduction operations attaches to nodes does not need to be that exact
context, but rather only needs to be one with the same native context,
because it is used internally only to fetch the native context, e.g. for
creating and throwing exceptions.
This reducer recognizes common cases where the context that is specified
for a node can be relaxed to a canonical, less specific one. This
relaxed context can either be the enclosing function's context or a specific
Module or Script context that is explicitly created within the function.
This optimization is especially important for TurboFan-generated code stubs
which use context specialization and inlining to generate optimal code.
Without context relaxation, many extraneous moves are generated to pass
exactly the right context to internal functions like ToNumber and
AllocateHeapNumber, which only need the native context. By turning context
relaxation on, these moves disappear because all these common internal
context uses are unified to the context passed into the stub function, which
is typically already in the correct context register and remains there for
short stubs. It also eliminates the explicit use of a specialized context
constant in the code stub in these cases, which could cause memory leaks.
Review URL: https://codereview.chromium.org/1244583003
Cr-Commit-Position: refs/heads/master@{#29763}
This CL also adds hydrogen stubs for global loads and global stores, full-codegen and TurboFan now uses this machinery.
Review URL: https://codereview.chromium.org/1224793002
Cr-Commit-Position: refs/heads/master@{#29592}
Reduce Float64 comparison to Float32 when both inputs are conversions from
Float32.
Review URL: https://codereview.chromium.org/1235663002
Cr-Commit-Position: refs/heads/master@{#29586}
Optimize string "length" property access based on static type
information if possible, but also optimistically optimize the access
based on type feedback from the LoadIC.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1216593003
Cr-Commit-Position: refs/heads/master@{#29543}
We actually need round to zero truncation to implement the counterpart
of LDoubleToI in TurboFan, which tries to convert a double to an integer
as required for keyed load/store optimizations.
Drive-by-cleanup: Reduce some code duplication in the InstructionSelector
implementations.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1225993002
Cr-Commit-Position: refs/heads/master@{#29527}
The RawMachineAssembler will be used to build the interpreter, so it needs
to move back to src/compiler.
This reverts commit b5b00cc031.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1221303014
Cr-Commit-Position: refs/heads/master@{#29519}
Currently we lower shifts directly to machine operators, and add an
appropriate Word32And to implement the & 0x1F operation on the right
hand side required by the specification. However for Word32And we assume
Int32 in simplified lowering, which is basically changes the right hand
side bit interpretation for the shifts from Uint32 to Int32, which is
obviously wrong. So now we represent that explicitly by proper
simplified operators for the shifts, which are lowered to machine in
simplified lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1213803008
Cr-Commit-Position: refs/heads/master@{#29465}
Support 32-bit cmp with shift/extend by reusing the existing add/sub shift and
extend code.
Review URL: https://codereview.chromium.org/1218103005
Cr-Commit-Position: refs/heads/master@{#29435}
Revert "Revert relanded strong property access CL"
Regression issues should be solved. Initial patchset is the original, subsequent patchsets are the fixing modifications.
This reverts commit 4ac7be5656.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1199983002
Cr-Commit-Position: refs/heads/master@{#29384}
Move the arithmetic shift from Int32MulHigh to a following Int32Add on ARM64.
This graph is commonly generated on reduction of signed integer division.
Review URL: https://codereview.chromium.org/1209413008
Cr-Commit-Position: refs/heads/master@{#29380}
This change makes possible to save and restore the FP registers
in the Prologue and Return parts for the CallAddress kind functions.
TEST=test-simplified-lowering/RunNumberDivide_2_TruncatingToUint32,
test-simplified-lowering/RunNumberMultiply_TruncatingToUint32
Review URL: https://codereview.chromium.org/1191513003
Cr-Commit-Position: refs/heads/master@{#29378}
This optimization never triggers currently, and is inherently native
context dependent for no real reason (for example it will not properly
detect those constructors in the case of cross native context inlining),
plus it is slow and awkward. In case we really need this functionality
at some point, we should find a way to make it work with the builtin
function id mechanism that is already in place to match other builtins.
R=jarin@chromium.org,rossberg@chromium.org
Review URL: https://codereview.chromium.org/1221683006
Cr-Commit-Position: refs/heads/master@{#29365}
This will enable tail call optimization even across inlining. Plus it
might enable some other interesting optimizations as well. In order to
avoid blowing up the generated code, we can still canonicalize the
epilogue in the CodeGenerator, similar to what fullcodegen does.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1215623002
Cr-Commit-Position: refs/heads/master@{#29311}
- Thread Type::FunctionType through stubs and the TF pipeline.
- Augment Typer to decorate parameter nodes with types from
a Type::FunctionType associated with interface descriptors.
- Factor interface descriptors into platform-specific and
platform-independent components so that all descriptors share
a common Type::FunctionType for all platforms.
Review URL: https://codereview.chromium.org/1197703002
Cr-Commit-Position: refs/heads/master@{#29248}
This is a precursor to using specialized LoadIC and StoreIC stubs for
global variable access. It also removes the need to keep track of the
global object in the type system, hence freeing up one bit.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1205473004
Cr-Commit-Position: refs/heads/master@{#29231}
This makes usage of the MachineOperatorBuilder more robust, as it will be
an error to request an unsupported operator.
Along the way, I noticed that all 7 platforms support Float32Abs and
Float64Abs. Should make them non-optional in another CL?
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1128133003
Cr-Commit-Position: refs/heads/master@{#29223}
Reason for revert:
Looks like this breaks Tests262.
Original issue's description:
> [turbofan] Run DeadCodeElimination together with the advanced reducers.
>
> This will immediately remove dead code from the graph once any of
> the advanced reducers inserts it. Also changes the GraphReducer to
> use the canonical Dead node for ReplaceWithValue.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/88a40c5fb381924b1c0b2403dc582bceb2abe5da
> Cr-Commit-Position: refs/heads/master@{#29217}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1200983004
Cr-Commit-Position: refs/heads/master@{#29220}
Lowering of stores need the vector and slot if --vector-stores is true.
BUG=
Review URL: https://codereview.chromium.org/1193313002
Cr-Commit-Position: refs/heads/master@{#29219}
This will immediately remove dead code from the graph once any of
the advanced reducers inserts it. Also changes the GraphReducer to
use the canonical Dead node for ReplaceWithValue.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1206533002
Cr-Commit-Position: refs/heads/master@{#29217}
This also threads through the parameter count and local count to the instruction selector. This will be later used to allow merging of various StateValues vector (and prepare for differential encoding which will not distinguish between parameters, locals and expression stack).
BUG=
Review URL: https://codereview.chromium.org/1191243003
Cr-Commit-Position: refs/heads/master@{#29214}
We resurrect the VectorSlotPair in order to be able to separate the
feedback input for the compiler from the actual type feedback vector
that is required to meet the IC requirements at runtime. This will allow
us to for example use feedback from a different context or divide the
type feedback vector into two separate vectors, without having to touch
the compiler. It'll allow use to load the vector from the shared
function info at runtime, while still consuming feedback in the
compiler (i.e. we don't rely on the feedback vector node to be a heap
constant).
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1198983002
Cr-Commit-Position: refs/heads/master@{#29185}
Turbofan needs to pass vector slots around for named and keyed stores.
Also, the CL addresses a missing slot for ClassLiterals.
BUG=
Review URL: https://codereview.chromium.org/1178363002
Cr-Commit-Position: refs/heads/master@{#29173}
Reason:
Regressions in various benchmarks.
Revert "Revert of Revert of [strong] Implement strong mode restrictions on property access (patchset #1 id:1 of https://codereview.chromium.org/1189153002/)"
This reverts commit 41405c0470.
Revert "X87: Revert of Revert of [strong] Implement strong mode restrictions on property access."
This reverts commit 48de5f4d6b.
Revert "Fix overlapping KeyedLoadIC bitfield."
This reverts commit 4e6c956abf.
Revert "MIPS64: Fix 'Revert of Revert of [strong] Implement strong mode restrictions on property access'."
This reverts commit 74f97b0d2a.
BUG=
Review URL: https://codereview.chromium.org/1199493002
Cr-Commit-Position: refs/heads/master@{#29166}
The three different concerns that the ControlReducer used to deal with
are now properly separated into
a.) DeadCodeElimination, which is a regular AdvancedReducer, that
propagates Dead via control edges,
b.) CommonOperatorReducer, which does strength reduction on common
operators (i.e. Branch, Phi, and friends), and
c.) GraphTrimming, which removes dead->live edges from the graph.
This will make it possible to run the DeadCodeElimination together with
other passes that actually introduce Dead nodes, i.e. typed lowering;
and it opens the door for general inlining without two stage fix point
iteration.
To make the DeadCodeElimination easier and more uniform, we basically
reverted the introduction of DeadValue and DeadEffect, and changed the
Dead operator to produce control, value and effect. Note however that
this is not a requirement, but merely a way to make dead propagation
easier and more uniform. We could always go back and decide to have
different Dead operators if some other change requires that.
Note that there are several additional opportunities for cleanup now,
i.e. OSR deconstruction could be a regular reducer now, and we don't
need to use TheHole as dead value marker in the GraphReducer. And we can
actually run the dead code elimination together with the other passes
instead of using separate passes over the graph. We will do this in
follow up CLs.
R=jarin@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1193833002
Cr-Commit-Position: refs/heads/master@{#29146}
Implements the strong mode proposal's restrictions on property access.
To be fully explored in a followup: proxies, interceptors, access checks, load from super
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1168093002
Cr-Commit-Position: refs/heads/master@{#29109}
This turns the CommonOperatorReducer into an AdvancedReducer and makes
it independent of JSGraph (which was used only because it was convienent),
and let's the CommonOperatorReducer run together with the ControlReducer.
The ControlReducer is still not able to run together with other reducers,
but we're getting closer. The plan is to split the ControlReducer into
two parts: The dead code elimination part and the common operator
reduction part. This separation will help to avoid tricky bugs in the
future and should make testing a *lot* easier.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1192063002
Cr-Commit-Position: refs/heads/master@{#29105}
We never hit the phi case for DecideCondition in practice, since a more
general optimization is already performed by typing and constant
propagation.
R=jarin@chromium.org,mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1186973005
Cr-Commit-Position: refs/heads/master@{#29102}
Delayed tasks can be used to perform non-urgent clean up work.
BUG=chromium:490559
LOG=NO
Review URL: https://codereview.chromium.org/1179153002
Cr-Commit-Position: refs/heads/master@{#29084}
Up until now that was still mixed with control reduction in the
ControlReducer. This separation allows us to remove the horrible
Reducer::Finish hack and also do graph trimming at more appropriate
places in the pipeline (i.e. trim dead nodes after generic lowering,
which can also make nodes dead).
R=jarin@chromium.org,mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1188433010
Cr-Commit-Position: refs/heads/master@{#29077}
This optimization just duplicates part of the ToBoolean rule in the
Typer, and it doesn't make sense to have adhoc partial typing rules in
the ControlReducer anyway.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1189963002
Cr-Commit-Position: refs/heads/master@{#29064}
This ensures there is a lazy bailout point at the entry of every
exception handler so that deoptimized code is not re-entered through
caught exceptions.
R=jarin@chromium.org
TEST=cctest/test-run-deopt/DeoptExceptionHandler
Review URL: https://codereview.chromium.org/1173253004
Cr-Commit-Position: refs/heads/master@{#29061}
This patch implements %_IsTypedArray in fullcodegen, Hydrogen and
Turbofan in order to implement fast type checks to enable ES6
TypedArray features and semantics efficiently.
R=adamk,titzer
LOG=Y
BUG=v8:4085
Review URL: https://codereview.chromium.org/1183213002
Cr-Commit-Position: refs/heads/master@{#29033}
Up until now we used int32_t for NodeId, but that was not ideal because
negative values are invalid for NodeId and we use it as an array index
for example in the NodeMarker class, where C++ compilers on x64 have to
generate code that does proper sign extension for the indices, which is
completely unnecessary.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1178403004
Cr-Commit-Position: refs/heads/master@{#28997}
With this patch, we can generate simple immediate-shift instructions for
immediates outside the range "0 <= imm < width". Several related
instruction selectors have also been updated accordingly.
Example of generated code:
---- Before --- ---- After ----
movz w0, #33 lsr w0, w1, #1
lsr w0, w1, w0
BUG=
Review URL: https://codereview.chromium.org/1179893003
Cr-Commit-Position: refs/heads/master@{#28977}
Before selecting multiply-accumulate for a multiplication with add operation,
check that the multiply can't be reduced to add-with-shift. This prevents
simple multiplications by 3, 5, etc turning into register moves and madd
instructions.
Review URL: https://codereview.chromium.org/1180863002
Cr-Commit-Position: refs/heads/master@{#28976}
Merge a following arithmetic or logical right shift into the existing shift
of ARM64's Int32MulHigh or Uint32MulHigh code.
BUG=
Review URL: https://codereview.chromium.org/1179503003
Cr-Commit-Position: refs/heads/master@{#28945}
Reason for revert:
Breaks InstructionSelectorTest.Word64ShrWithWord64AndWithImmediate on debug builds (but not optdebug builds). I'll investigate.
Original issue's description:
> [arm64][turbofan]: Handle any immediate shift.
>
> With this patch, we can generate simple immediate-shift instructions for
> immediates outside the range "0 <= imm < width". Several related
> instruction selectors have also been updated accordingly.
>
> Example of generated code:
>
> ---- Before --- ---- After ----
> movz w0, #33 lsr w0, w1, #1
> lsr w0, w1, w0
>
> BUG=
>
> Committed: https://crrev.com/36d771bbfa4af5efcc1c1dcf5b234445cb7ee722
> Cr-Commit-Position: refs/heads/master@{#28943}
TBR=bmeurer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1176393002
Cr-Commit-Position: refs/heads/master@{#28944}
With this patch, we can generate simple immediate-shift instructions for
immediates outside the range "0 <= imm < width". Several related
instruction selectors have also been updated accordingly.
Example of generated code:
---- Before --- ---- After ----
movz w0, #33 lsr w0, w1, #1
lsr w0, w1, w0
BUG=
Review URL: https://codereview.chromium.org/1179733004
Cr-Commit-Position: refs/heads/master@{#28943}
This is needed in order to allow expansion of a throwing node into a
set of nodes that produce different effects for the successful and the
exceptional continuation.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1179543002
Cr-Commit-Position: refs/heads/master@{#28918}
This deprecates the aforementioned mutator in favor of a simpler
NodeProperties::ReplaceUses that doesn't perform any relaxation.
Preparation for enabling support for try-catch statements.
R=bmeurer@chromium.org
TEST=unittests/NodePropertiesTest
Review URL: https://codereview.chromium.org/1172773003
Cr-Commit-Position: refs/heads/master@{#28897}
This adds handling of JSLoadDynamicContext nodes to JSTypedLowering to
perform extension checks and an inline fast path. The fast path is a
context slot load targeting a specific context.
R=bmeurer@chromium.org
BUG=v8:4131
LOG=N
Review URL: https://codereview.chromium.org/1155543003
Cr-Commit-Position: refs/heads/master@{#28823}
This in turn allows usage of AdvancedReducer::ReplaceWithValue which
has access to the underlying graph reducer. It will allow us to deal
with exception continuations correctly.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1158273011
Cr-Commit-Position: refs/heads/master@{#28813}
This allows any AdvancedReducer to remove exception projections from
graphs. This is the common case when JS-operators are being replaced
with pure values. The old NodeProperties::ReplaceWithValue is being
deprecated in favor of AdvancedReducer::ReplaceWithValue.
R=titzer@chromium.org
TEST=unittests/AdvancedReducerTest
Review URL: https://codereview.chromium.org/1168693002
Cr-Commit-Position: refs/heads/master@{#28810}
In typed lowering we can use the ReferenceEqual simplified operator
instead of ObjectIsSmi to check for context extensions. This generates
the desired code.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1163963003
Cr-Commit-Position: refs/heads/master@{#28776}
Select ubfiz for (x & mask) << imm where mask is contiguous and imm is non-zero.
BUG=
Review URL: https://codereview.chromium.org/1161643003
Cr-Commit-Position: refs/heads/master@{#28755}
This adds handling of JSLoadDynamicGlobal nodes to JSTypedLowering to
perform extension checks and an inline fast path. The fast path is a
global variable load from the global object.
R=bmeurer@chromium.org
BUG=v8:4131
LOG=N
Review URL: https://codereview.chromium.org/1150723005
Cr-Commit-Position: refs/heads/master@{#28750}
Unfortunately StringAdd is not pure in V8 because we might throw an
exception if the resulting string length is outside the valid bounds, so
there's no point in having a simplified StringAdd operator.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1164743002
Cr-Commit-Position: refs/heads/master@{#28747}
This introduces a conservative prediction for each exception handler
whether it will locally catch an exception or re-throw it to outside
the code bondaries. It will allow for a more intuitive prediction of
whether an exception is considered "caught" or "uncaught".
R=bmeurer@chromium.org,yangguo@chromium.org
BUG=chromium:492522
LOG=N
Review URL: https://codereview.chromium.org/1158563008
Cr-Commit-Position: refs/heads/master@{#28681}
The control flow optimization should work independent of the JSGraph. We
used the JSGraph there because it was convinient, not because it was
necessary.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1160863003
Cr-Commit-Position: refs/heads/master@{#28674}
The SimplifiedOperatorReducer is (mostly) unused, except for the very
rough store elimination, and just eats compilation time.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1162563002
Cr-Commit-Position: refs/heads/master@{#28673}
If both inputs to JSStrictEqual/JSStrictNotEqual are unique values (i.e.
values with a canonical representation), we can lower the comparison to
ReferenceEqual instead of StringEqual or CompareIC.
Review URL: https://codereview.chromium.org/1154303002
Cr-Commit-Position: refs/heads/master@{#28646}
This way we don't need to connect (potentially) non-terminating loops
later during control reduction, which saves one forward pass over the
control graph. Long term we will move the trimming functionality of
the control reducer to the GraphReducer, and get rid of the Finish
method again.
As a bonus, this change also properly rewires Terminate, Throw and
Deoptimize during inlining.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1155683004
Cr-Commit-Position: refs/heads/master@{#28625}
This simplifies the handling of the End node. Based on this CL we will
finally fix terminating every loop from the beginning (via Terminate
nodes) and fix inlining of Throw, Deoptimize and Terminate.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1157023002
Cr-Commit-Position: refs/heads/master@{#28620}
This reduces the storage per-Node storage from 7 words to 6 and per-edge
storage from 6 words to 4.
On average this is about 10%-15% space savings over the whole graph.
Remove the use of std::deque as the out-of-line storage for inputs.
Reduce size of Use links and use pointer arithmetic to find Node
from Use.
R=mstarzinger@chromium.org,jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1150923003
Cr-Commit-Position: refs/heads/master@{#28583}
This also adjusts transitioning between modes so that crbug.com/460090 remains fixed.
BUG=chromium:489323, chromium:460090
LOG=NO
Review URL: https://codereview.chromium.org/1141393002
Cr-Commit-Position: refs/heads/master@{#28490}
This in turn allows usage of AdvancedReducer::ReplaceWithValue which
has access to the underlying graph reducer. It will allow us to deal
with exception continuations correctly.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1134663006
Cr-Commit-Position: refs/heads/master@{#28485}
This in turn allows usage of AdvancedReducer::ReplaceWithValue which
has access to the underlying graph reducer. It will allow us to deal
with exception continuations correctly.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1134303003
Cr-Commit-Position: refs/heads/master@{#28468}
Enable clang's shorten-64-to-32 warning flag on ARM64, and fix the warnings
that arise.
BUG=
Review URL: https://codereview.chromium.org/1131573006
Cr-Commit-Position: refs/heads/master@{#28412}
Use these check points to optimize comparisons where we already know
that one side cannot be a String (or turn into a string via
ToPrimitive).
Also remove bunch of useless DoNotCrash tests for the scheduler that are
painful to maintain and add almost no value.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1140583004
Cr-Commit-Position: refs/heads/master@{#28383}
Note that this is just a duplication for now. We'll want to get rid of the
NodeProperties::ReplaceWithValue() method in the long run.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1135483004
Cr-Commit-Position: refs/heads/master@{#28363}
Select sbfx for ((x << k) >> k) in ARM64 instruction selector, and similarly
for ubfx. This is a more generic version of the previous sxtb/h selector.
BUG=
Review URL: https://codereview.chromium.org/1135543002
Cr-Commit-Position: refs/heads/master@{#28318}
While the mutator is active, the idle time handler optimizes for latency by doing only incremental steps and scavenges.
When the mutator becomes inactive, the idle time handler forces few incremental GCs to reclaim memory and then stops until mutator is active again.
BUG=460090
LOG=N
Review URL: https://codereview.chromium.org/1105293004
Cr-Commit-Position: refs/heads/master@{#28300}
This introduces V8.MemoryHeapCommitted and V8.MemoryHeapUsed histograms.
In contrast to the existing memory histograms, the new histograms are uniform in time, i.e. their samples happen at regular time intervals. The --histogram-interval specifies the length of the interval.
We implement this by linearly interpolating memory stats between GC and idle notification events.
BUG=chromium:485472
LOG=NO
Review URL: https://codereview.chromium.org/1125683004
Cr-Commit-Position: refs/heads/master@{#28292}
This revives the Terminate operator and removes the weird Always
operator. As a first step we let the ControlReducer connect non
terminating loops via Terminate. The next step will be to change the
graph builder to insert Terminate nodes into every loop.
Review URL: https://codereview.chromium.org/1123213002
Cr-Commit-Position: refs/heads/master@{#28259}
An AdvancedReducer is basically a regular Reducer with an editor
that can perform graph editing operations beyond changing or
replacing the node that is currently being reduced. The GraphReducer
is the default implementation of the AdvancedReducer::Editor interface.
The ControlReducerImpl is now just an AdvancedReducer, which
temporarily requires a Finish method in the reducer to implement
the dead node trimming until we move that to the GraphReducer
(which in turn requires that all loops are connected to End).
Review URL: https://codereview.chromium.org/1122423003
Cr-Commit-Position: refs/heads/master@{#28251}
Tail calls are matched on the graph, with a dedicated tail call
optimization that is actually testable. The instruction selection can
still fall back to a regular if the platform constraints don't allow to
emit a tail call (i.e. the return locations of caller and callee differ
or the callee takes non-register parameters, which is a restriction that
will be removed in the future).
Also explicitly limit tail call optimization to stubs for now and drop
the global flag.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1114163005
Cr-Commit-Position: refs/heads/master@{#28219}
This introduces a simplified allocation operator which can be used to
model inline allocations in TurboFan. It is currently used for context
allocations, but still disabled because change lowering introduces
floating allocations outside the effect chain that interfere.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1109773002
Cr-Commit-Position: refs/heads/master@{#28195}
This CL contains the first steps towards tail call optimization:
* Structurally detect tail calls during instruction selection,
looking for special return/call combinations.
* Added new architecture-specific instructions for tail calls which
jump instead of call and take care of frame adjustment.
* Moved some code around.
Currently we restrict tail calls to callees which only use registers
for arguments/return value and to call sites which are explicitly
marked as being OK for tail calls. This excludes, among other things,
call sites in sloppy JS functions and our IC machinery (both need in
general to be able to access the caller's frame).
All this is behind a flag --turbo-tail-calls, which is currently off
by default, so it can easily be toggled.
Review URL: https://codereview.chromium.org/1108563002
Cr-Commit-Position: refs/heads/master@{#28150}
- allows the optimization of emitted gap move code since the representation of the value in the register is known
- necessary preparation for vector register allocation
- prepare for slot sharing for any value of the same byte width
TBR=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1111323003
Cr-Commit-Position: refs/heads/master@{#28140}
- allows the optimization of emitted gap move code since the representation of the value in the register is known
- necessary preparation for vector register allocation
- prepare for slot sharing for any value of the same byte width
BUG=
Review URL: https://codereview.chromium.org/1087793002
Cr-Commit-Position: refs/heads/master@{#28137}
We shouldn't have shared state between isolates by default. The embedder
is free to pass the same allocator to all isolates it creates.
BUG=none
R=dcarney@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1116633002
Cr-Commit-Position: refs/heads/master@{#28127}
These two test cases "InlineCreateArrayLiteral" and "InlineCreateObjectLiteral" are
added in d1597b7d22. They invokes Linkage::GetStubCallDescriptor
which is unimplemented for turbofan unsupported platform.
BUG=
Review URL: https://codereview.chromium.org/1095793007
Cr-Commit-Position: refs/heads/master@{#28090}
This uses explicit operators instead of intrinsic runtime calls to
create literals froms boilerplates. It allows for easier access of
static parameters and syncs it with other allocating operators.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1104453006
Cr-Commit-Position: refs/heads/master@{#28062}
This introduces a JSCreateClosure operator which can be lowered by the
typed pipeline to the aforementioned stub. It also allows for further
optimizations of closure creation.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1105513002
Cr-Commit-Position: refs/heads/master@{#28058}
Implements the strong mode proposal's restrictions on
implicit conversions for binary arithmetic operations, not
including the + special case. Adds some infrastructure
for future implementation of the restrictions for other
operators.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1092353002
Cr-Commit-Position: refs/heads/master@{#28045}
Now all nodes that care about deoptimization always take frame state
inputs no matter whether deoptimization is enabled for a particular
function. In case that deoptimization is off, the AstGraphBuilder just
inserts the empty frame state. This greatly simplifies the logic in
various places and makes testing easier as well, and is probably the
first step towards enabling --turbo-deoptimization by default.
There seems to be no noticable performance impact on asm.js programs.
Also fix the graph replay in order to regenerate the scheduler unittests.
Review URL: https://codereview.chromium.org/1106613003
Cr-Commit-Position: refs/heads/master@{#28026}
This allows the JSIntrinsicLowering to optimize the cloning of literal
boilerplate objects using either the FastCloneShallowArrayStub or the
FastCloneShallowObjectStub when applicable.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1097963002
Cr-Commit-Position: refs/heads/master@{#27974}
- make ParallelMove into a ZoneVector, removing an annoying level of indirection
- make MoveOperands hold InstructionOperands instead of pointers, so there's no more operand aliasing for moves
- opens up possibility of storing MachineType in allocated operands
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1081373002
Cr-Commit-Position: refs/heads/master@{#27842}
Currently we always generate a diamond in the graph builder for every
legacy const context slot, which we cannot get rid of until late control
reduction, even if we know after context specialization that the slot is
already initialized.
Now we generate a select instead, which the CommonOperatorReducer
happily removes during typed lowering. This greatly speeds up asm.js
code generated by Emscripten with the new POINTER_MASKING mode.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1072353002
Cr-Commit-Position: refs/heads/master@{#27739}
- ConstantOperand was using a too-small field too store its virtual register
- drop ConvertTo, replace it with simple copy
- split AllocatedOperand off from Immediate and Constant to make assignment clearer, also paving the way for small Immediates
- put zone first in *Operand::New
- driveby: drop delayed ssa deconstruction experiment
R=titzer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1050803002
Cr-Commit-Position: refs/heads/master@{#27692}
Port 9af9f1d026
Original commit message:
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).
BUG=
Review URL: https://codereview.chromium.org/1073463003
Cr-Commit-Position: refs/heads/master@{#27679}
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1066393002
Cr-Commit-Position: refs/heads/master@{#27662}
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1053063003
Cr-Commit-Position: refs/heads/master@{#27633}
Support sxtb and sxth extend operators on add and subtract, as we've
done for ubtx/h. This is similar to ARM support for sxtab/h.
BUG=
Review URL: https://codereview.chromium.org/1064813003
Cr-Commit-Position: refs/heads/master@{#27624}
This CL primarily makes the loop peeling algorithm more robust; it no longer damages the graph if the loops are improperly closed.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1052753004
Cr-Commit-Position: refs/heads/master@{#27620}
We can use xorps/xorpd on Intel CPUs to flip the sign bit. Ideally we'd
use an absolute 128-bit constant in the code object, as OCaml/GCC
does, however that requires 128-bit alignment for code objects,
which is not yet implemented. So for now we materialize the mask
inline.
As drive-by-fix, don't hardcode xmm0 as scratch double register.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1064833002
Cr-Commit-Position: refs/heads/master@{#27618}
We can use xorps/xorpd on Intel CPUs to flip the sign bit. Ideally we'd
use a RIP-relative 128-bit constant in the code object, as OCaml/GCC
does, however that requires 128-bit alignment for code objects, which is
not yet implemented. So for now we materialize the mask inline.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1046893002
Cr-Commit-Position: refs/heads/master@{#27611}
Currently, this doesn't really help to generate better code,
nevertheless this is the right thing to do. When our type system(s)
are fixed, this should avoid falling back to floating point operations
in various cases.
Review URL: https://codereview.chromium.org/1057813002
Cr-Commit-Position: refs/heads/master@{#27578}
This changes the IrOpcode::kThrow operator to have kNoThrow property,
which sounds unintuitive, but holds for our graphs. The operators is
used to indicate exceptional control flow out of the function, but in
itself does not throw, the throwing is done by a runtime call.
R=titzer@chromium.org
TEST=unittests/CommonOperatorTest/CommonSharedOperatorTest.Properties
Review URL: https://codereview.chromium.org/1046173002
Cr-Commit-Position: refs/heads/master@{#27541}
Currently this only sets branch hints, so we get unlikely code "out of
the way", but in the long run the register allocator needs some love
to treat the unlikely code as, well, unlikely. :-)
Review URL: https://codereview.chromium.org/1048063002
Cr-Commit-Position: refs/heads/master@{#27540}
The V8::IdleNotification will only return 'True' when the gc idle time handler
thinks there is no more GC which can be done. However, the gc idle task handler
can end up repeatedly making no progress (e.g., if it can't finalize a sweep)
which causes idle tasks to be repeatedly scheduled in Chrome which do nothing
but wake up Chrome. Fix this by returning Done if we can't make any progress
within an Idle Round.
BUG=chromium:470615
LOG=Y
Review URL: https://codereview.chromium.org/1042483002
Cr-Commit-Position: refs/heads/master@{#27529}
This prepares for re-landing crrev.com/956373002
This pulls all decision about the snapshot [no|internal|external] into one rule. Previously, this logic was in separate places and not /quite/ the same, which causes build problems.
BUG=
Review URL: https://codereview.chromium.org/1016603004
Cr-Commit-Position: refs/heads/master@{#27523}
This adds the basics necessary to support float32 operations in TurboFan.
The actual functionality required to detect safe float32 operations will
be added based on this later. Therefore this does not affect production
code except for some cleanup/refactoring.
In detail, this patchset contains the following features:
- Add support for float32 operations to arm, arm64, ia32 and x64
backends.
- Add float32 machine operators.
- Add support for float32 constants to simplified lowering.
- Handle float32 representation for phis in simplified lowering.
In addition, contains the following (related) cleanups:
- Fix/unify naming of backend instructions.
- Use AVX comparisons when available.
- Extend ArchOpcodeField to 9 bits (required for arm64).
- Refactor some code duplication in instruction selectors.
BUG=v8:3589
LOG=n
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1044793002
Cr-Commit-Position: refs/heads/master@{#27509}
The current GC idle time handling heuristics are getting too complicated. Moreover, with longer idle time we are getting more full garbage collections. This CL shrinks the idle round window and reduces complexity in the case where we cause a full garbage collection.
BUG=chromium:468554
LOG=n
Review URL: https://codereview.chromium.org/1024043003
Cr-Commit-Position: refs/heads/master@{#27493}
With this change, we remember the types of frame state inputs (in a new
operator, called TypedStateValues). Instead of inferring the value types
when building translations, we used the recorded types.
The original approach was not reliable because the passes after
simplified lowering can change node types, and this in turn confuses
the translation builder.
BUG=chromium:468727
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1015423002
Cr-Commit-Position: refs/heads/master@{#27310}
Add support for appending extend modes uxtb or uxth to add and subtract
instructions, and using them in the instruction selector.
BUG=
Review URL: https://codereview.chromium.org/1021533002
Cr-Commit-Position: refs/heads/master@{#27303}
This reduces the overhead of typed lowering, because we lower
JSToBoolean/JSUnaryNot directly if possible, instead of first lowering
to AnyToBoolean, and then letting the SimplifiedOperatorReducer do the
further lowering.
Also remove some obsolete tests from the cctest suite that have since
been removed by proper unittests. And improve unitttest coverage for the
typed lowering cases.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/999173003
Cr-Commit-Position: refs/heads/master@{#27295}
The control input is only relevant for operations that may "write" (to
prevent hoisting) or "throw" (because they are part of the control chain).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1015353004
Cr-Commit-Position: refs/heads/master@{#27288}
The change introduces a second frame state (for the state before
the operation) for the StoreProperty nodes. If the store writes
into a typed array, the frame state is used for lazy deopt from
the to-number conversion that is performed by the store.
BUG=v8:3963
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/997983004
Cr-Commit-Position: refs/heads/master@{#27285}
- Use representation information provided by the type system to skip SMI
checks.
- Fix combining of ChangeTaggedToFloat64 with JSToNumber now that JS
operators can produce control.
- Remove the unnecessary abstraction of smi/field offsets.
- Improve unit test coverage.
- Various cosmetic fixes.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1018873002
Cr-Commit-Position: refs/heads/master@{#27250}
This change introduces a liveness analyzer for local variables in frame states.
The main idea is to use the AstGraphBuilder::Environment class to build the control flow graph, and record local variable loads, stores and checkpoints in the CFG basic blocks (LivenessAnalyzerBlock class).
After the graph building finishes, we run a simple data flow analysis over the CFG to figure out liveness of each local variable at each checkpoint. Finally, we run a pass over all the checkpoints and replace dead local variables in the frame states with the 'undefined' value.
Performance numbers for Embenchen are below.
----------- box2d.js
Current --turbo-deoptimization: EmbenchenBox2d(RunTime): 11265 ms.
d8-master --turbo-deoptimization: EmbenchenBox2d(RunTime): 11768 ms.
d8-master: EmbenchenBox2d(RunTime): 10996 ms.
----------- bullet.js
Current --turbo-deoptimization: EmbenchenBullet(RunTime): 17049 ms.
d8-master --turbo-deoptimization: EmbenchenBullet(RunTime): 17384 ms.
d8-master: EmbenchenBullet(RunTime): 16153 ms.
----------- copy.js
Current --turbo-deoptimization: EmbenchenCopy(RunTime): 4877 ms.
d8-master --turbo-deoptimization: EmbenchenCopy(RunTime): 4938 ms.
d8-master: EmbenchenCopy(RunTime): 4940 ms.
----------- corrections.js
Current --turbo-deoptimization: EmbenchenCorrections(RunTime): 7068 ms.
d8-master --turbo-deoptimization: EmbenchenCorrections(RunTime): 6718 ms.
d8-master: EmbenchenCorrections(RunTime): 6858 ms.
----------- fannkuch.js
Current --turbo-deoptimization: EmbenchenFannkuch(RunTime): 4167 ms.
d8-master --turbo-deoptimization: EmbenchenFannkuch(RunTime): 4608 ms.
d8-master: EmbenchenFannkuch(RunTime): 4149 ms.
----------- fasta.js
Current --turbo-deoptimization: EmbenchenFasta(RunTime): 9981 ms.
d8-master --turbo-deoptimization: EmbenchenFasta(RunTime): 9848 ms.
d8-master: EmbenchenFasta(RunTime): 9640 ms.
----------- lua_binarytrees.js
Current --turbo-deoptimization: EmbenchenLuaBinaryTrees(RunTime): 11571 ms.
d8-master --turbo-deoptimization: EmbenchenLuaBinaryTrees(RunTime): 13089 ms.
d8-master: EmbenchenLuaBinaryTrees(RunTime): 10957 ms.
----------- memops.js
Current --turbo-deoptimization: EmbenchenMemOps(RunTime): 7766 ms.
d8-master --turbo-deoptimization: EmbenchenMemOps(RunTime): 7346 ms.
d8-master: EmbenchenMemOps(RunTime): 7738 ms.
----------- primes.js
Current --turbo-deoptimization: EmbenchenPrimes(RunTime): 7459 ms.
d8-master --turbo-deoptimization: EmbenchenPrimes(RunTime): 7453 ms.
d8-master: EmbenchenPrimes(RunTime): 7451 ms.
----------- skinning.js
Current --turbo-deoptimization: EmbenchenSkinning(RunTime): 15564 ms.
d8-master --turbo-deoptimization: EmbenchenSkinning(RunTime): 15611 ms.
d8-master: EmbenchenSkinning(RunTime): 15583 ms.
----------- zlib.js
Current --turbo-deoptimization: EmbenchenZLib(RunTime): 10825 ms.
d8-master --turbo-deoptimization: EmbenchenZLib(RunTime): 11180 ms.
d8-master: EmbenchenZLib(RunTime): 10823 ms.
BUG=
Review URL: https://codereview.chromium.org/949743002
Cr-Commit-Position: refs/heads/master@{#27232}
Instead of the current approach of storing flat vectors in frame states (and possibly reusing the last vector in AST graph builder), this change list builds a tree for the values and tries to reuse the nodes for different frame states. At the moment, we only use this for the local variable part of frame state, but nothing prevents us from using this for all parts.
This change provides two new classes: one for creating the tree (StateValuesCache) and one for iterating the trees (StateValuesAccess).
BUG=
Review URL: https://codereview.chromium.org/1008213002
Cr-Commit-Position: refs/heads/master@{#27222}
The CL enables the same instructions are selected for Word32 and Word64 compare
operations which is possible due to a fact 32-bit inputs and produced values
are always sign-extended.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1005123002
Cr-Commit-Position: refs/heads/master@{#27212}
Reduces the amount of custom support code for Math functions in TurboFan
and allows for more general inlining (i.e. independent of parameter
types).
BUG=v8:3952
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1004083002
Cr-Commit-Position: refs/heads/master@{#27172}
Basically recognize certain x < y ? x : y constructs and turn that into
Float64Min/Float64Max operations, if the target machine supports that.
On x86 we lower to (v)minsd/(v)maxsd.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/998283002
Cr-Commit-Position: refs/heads/master@{#27160}
Provide an intrinsic %MathFloor / %_MathFloor that is used to optimize
both Math.ceil and Math.floor, and use the JS inlining mechanism to
inline Math.ceil into TurboFan code. Although we need to touch code
outside of TurboFan to make this work, this does not affect the way we
handle Math.ceil and/or Math.floor in CrankShaft, because for CrankShaft
the old-style builtin function id based inlining still kicks in first.
Once this solution is stabilized, we can use it for Math.floor as well.
And once that is settled, we can establish it as the unified way to
inline builtins, and get rid of the specialized builtin function id
based inlining at some point.
Note that "builtin" applies to basically every piece of internal
JavaScript/intrinsics based code, so this also applies to the yet to be
defined JavaScript based code stubs and handlers.
BUG=v8:3953
LOG=n
R=yangguo@chromium.org,svenpanne@chromium.org
Review URL: https://codereview.chromium.org/990963003
Cr-Commit-Position: refs/heads/master@{#27086}
This adds support for the double bits intrinsics to TurboFan, and is
a first step towards fast Math functions inlined into TurboFan code
or even compiled by themselves with TurboFan.
Review URL: https://codereview.chromium.org/974313002
Cr-Commit-Position: refs/heads/master@{#27006}
Without this shortcut we generate one BooleanNot per JSUnaryNot with
number input, which is quite common in asm.js. These dead nodes then
survive until the late control reducer runs, and may prevent
optimizations in the mean time.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/963713002
Cr-Commit-Position: refs/heads/master@{#26911}
