Commit Graph

31221 Commits

Author SHA1 Message Date
mstarzinger
a7ff61654a [turbofan] Remove eager frame state from runtime calls.
This removes the frame state input representing the before-state from
nodes having the {JSCallRuntime} operator. These frame states can by now
be found via checkpoints in the graph. It also makes the predicate for
runtime function ids (i.e. {Linkage::NeedsFrameStateInput}) binary.

R=jarin@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2018353004
Cr-Commit-Position: refs/heads/master@{#36679}
2016-06-02 10:45:32 +00:00
mythria
31392d7002 Updates incremental marking pass to collect object statistics.
Object statistics were collected during the mark compact phase. If
an incremental marking happened before mark compact phase then most
of the objects are already visited and hence this phase does not collect
accurate statistics. This cl updates incremental marking pass to collect
object statistics along with mark compact phase.

BUG=

Review-Url: https://codereview.chromium.org/1943423002
Cr-Commit-Position: refs/heads/master@{#36678}
2016-06-02 09:59:57 +00:00
jochen
09d90e4e70 Reland "Move (hopefully) remaining isolate related variables to toolchain.gypi"
BUG=chromium:609107
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2032733003
Cr-Commit-Position: refs/heads/master@{#36677}
2016-06-02 09:55:44 +00:00
neis
8154d977e4 Fix bug in yield* desugaring.
In one corner case, we incorrectly returned a value without first wrapping it in
an iterator result object.

R=littledan@chromium.org
BUG=v8:5057

Review-Url: https://codereview.chromium.org/2034653002
Cr-Commit-Position: refs/heads/master@{#36676}
2016-06-02 09:43:59 +00:00
ishell
a2fef3af4b [stubs] An easier way of defining a stub call interface descriptor.
This CL introduces a DECLARE_DEFAULT_DESCRIPTOR macro that helps defining a CallInterfaceDescriptor in a cases where it is not important which registers to use for passing arguments. One can use such descriptors for new TurboFan stubs.

HasPropertyDescriptor now uses the new machinery.

Review-Url: https://codereview.chromium.org/2002143002
Cr-Commit-Position: refs/heads/master@{#36675}
2016-06-02 09:28:24 +00:00
jarin
216bcf9fb3 [turbofan] Initial version of number type feedback.
This introduces optimized number operations based on type feedback.

Summary of changes:

1. Typed lowering produces SpeculativeNumberAdd/Subtract for JSAdd/Subtract if
   there is suitable feedback. The speculative nodes are connected to both the
   effect chain and the control chain and they retain the eager frame state.

2. Simplified lowering now executes in three phases:
  a. Propagation phase computes truncations by traversing the graph from uses to
     definitions until checkpoint is reached. It also records type-check decisions
     for later typing phase, and computes representation.
  b. The typing phase computes more precise types base on the speculative types (and recomputes
     representation for affected nodes).
  c. The lowering phase performs lowering and inserts representation changes and/or checks.

3. Effect-control linearization lowers the checks to machine graphs.

Notes:

- SimplifiedLowering will be refactored to have handling of each operation one place and
  with clearer input/output protocol for each sub-phase. I would prefer to do this once
  we have more operations implemented, and the pattern is clearer.

- The check operations (Checked<A>To<B>) should have some flags that would affect
  the kind of truncations that they can handle. E.g., if we know that a node produces
  a number, we can omit the oddball check in the CheckedTaggedToFloat64 lowering.

- In future, we want the typer to reuse the logic from OperationTyper.

BUG=v8:4583
LOG=n

Review-Url: https://codereview.chromium.org/1921563002
Cr-Commit-Position: refs/heads/master@{#36674}
2016-06-02 09:23:13 +00:00
jochen
a8f57df4f4 Remove has_valgrind.py - the bots now set this flag explicitly
BUG=none
R=machenbach@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2034643002
Cr-Commit-Position: refs/heads/master@{#36673}
2016-06-02 09:02:56 +00:00
Benedikt Meurer
bea121aaa5 [turbofan] Eager frame state gone from JSCallFunction.
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/2038463003 .

Cr-Commit-Position: refs/heads/master@{#36672}
2016-06-02 08:49:30 +00:00
bmeurer
fc881eb7a6 [turbofan] Run EarlyOptimizationPhase after we nuked the types.
It's not safe to look at the types after SimplifiedLowering runs,
as the types are unreliable by that time. So better make sure we
nuke the types first.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2032613006
Cr-Commit-Position: refs/heads/master@{#36671}
2016-06-02 08:30:03 +00:00
yangguo
7ca611d1a5 [regexp] fix subtle bug in RegExpTest.
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2032713003
Cr-Commit-Position: refs/heads/master@{#36670}
2016-06-02 08:04:30 +00:00
mstarzinger
864b07e9eb [turbofan] Remove eager frame state from call nodes.
This removes the frame state input representing the before-state from
nodes having the {JSCallFunction} or {JSCallConstruct} operator. These
frame states can by now be found via checkpoints in the graph.

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2025573003
Cr-Commit-Position: refs/heads/master@{#36669}
2016-06-02 08:04:29 +00:00
bmeurer
5a3a6dafae [turbofan] Add new StringFromCharCode simplified operator.
We use StringFromCharCode to optimize calls to String.fromCharCode with
a single Number argument for now. We will use it to also implement the
charAt method on the String prototype.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2037453003
Cr-Commit-Position: refs/heads/master@{#36668}
2016-06-02 08:01:48 +00:00
v8-autoroll
a096aeed10 Update V8 DEPS.
Rolling v8/build to 2a6b3280927ceaff306473034f1f6c1b390c938b

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2029403002
Cr-Commit-Position: refs/heads/master@{#36667}
2016-06-02 07:21:43 +00:00
machenbach
c0774148d4 [gn] Turn on external_startup_data by default except on ios
This sets the default for the feature, as chromium expects
it: It is turned on for all platforms except ios.

Chromium's build_override can be removed after this.

This will also allow to override the value as a gn arg.

BUG=chromium:474921,chromium:616034
NOTRY=true

Review-Url: https://codereview.chromium.org/2025803003
Cr-Commit-Position: refs/heads/master@{#36666}
2016-06-02 07:17:22 +00:00
machenbach
dab67f0331 Revert of Move (hopefully) remaining isolate related variables to toolchain.gypi (patchset #1 id:1 of https://codereview.chromium.org/2027213002/ )
Reason for revert:
Fails:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7182/steps/gclient%20runhooks/logs/stdio

Original issue's description:
> Move (hopefully) remaining isolate related variables to toolchain.gypi
>
> BUG=chromium:609107
> R=machenbach@chromium.org
>
> Committed: https://crrev.com/a68a1eb38dda0a1eba3b7644a172d2f85e9c7abe
> Cr-Commit-Position: refs/heads/master@{#36664}

TBR=jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:609107

Review-Url: https://codereview.chromium.org/2038463002
Cr-Commit-Position: refs/heads/master@{#36665}
2016-06-02 07:10:36 +00:00
jochen
a68a1eb38d Move (hopefully) remaining isolate related variables to toolchain.gypi
BUG=chromium:609107
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2027213002
Cr-Commit-Position: refs/heads/master@{#36664}
2016-06-02 06:52:56 +00:00
mlippautz
5979bf5654 Revert of Reland "[heap] Fine-grained JSArrayBuffer tracking" (patchset #7 id:180001 of https://codereview.chromium.org/2026633003/ )
Reason for revert:
Also failing with the new implementation:
  https://build.chromium.org/p/chromium.gpu/builders/Linux%20Debug%20%28NVIDIA%29/builds/62646

Will do a local repro now.

Original issue's description:
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> TEST=cctest/test-array-buffer-tracker/*
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/279e274eccf95fbb4bd41d908b9153acf6ec118a
> Cr-Commit-Position: refs/heads/master@{#36653}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2032973002
Cr-Commit-Position: refs/heads/master@{#36663}
2016-06-02 06:47:34 +00:00
jarin
0d4c526a1d [crankshaft] Reland "Only exclude explicit 'arguments' (and 'this') from liveness analysis."
Reland of https://codereview.chromium.org/2026173003 (reverted by
https://codereview.chromium.org/2029563002).

Additionally, we need to record environment markers even for the
case of a.length, where a is aliased arguments (which crankshaft
optimizes to constant for the inlined case or to HArgumentsLength
when not inlined).

BUG=chromium:612146

Review-Url: https://codereview.chromium.org/2028243002
Cr-Commit-Position: refs/heads/master@{#36662}
2016-06-02 04:30:17 +00:00
bjaideep
6f76cc567d PPC: Sign-extended result in DoFlooringDivI/DoDivI on 64bit
result is sign-extended on 64bit for functions
     LCodeGen::DoFlooringDivI and LCodeGen::DoDivI

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2029273002
Cr-Commit-Position: refs/heads/master@{#36661}
2016-06-02 00:44:58 +00:00
rmcilroy
2fd3f9d69b [Interpreter] Don't try to eliminate dead-code in bytecode-array-builder
Eliminating dead code in the bytecode array builder doesn't play nice
with the register elimination optimizer. We should move it to it's own
stage in the optimization pipeline, however doing so would require
refactoring of how we deal with jumps, so for now just remove the dead
code elimination optimization.

BUG=chromium:616064

Review-Url: https://codereview.chromium.org/2030583002
Cr-Commit-Position: refs/heads/master@{#36660}
2016-06-01 22:55:10 +00:00
ishell
9b4f836a2d Revert of Extend HasProperty stub with dictionary-mode and double-elements objects support. (patchset #8 id:280001 of https://codereview.chromium.org/1995453002/ )
Reason for revert:
There are crashes on Win32 and Win64 bots.

Original issue's description:
> Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
>
> This CL also replaces some Branch() usages with GotoIf/GotoUnless.
>
> BUG=v8:2743
> LOG=Y
>
> Committed: https://crrev.com/24066b6df4259b302edfa1db884c479008776a7e
> Cr-Commit-Position: refs/heads/master@{#36657}

TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2743

Review-Url: https://codereview.chromium.org/2028333002
Cr-Commit-Position: refs/heads/master@{#36659}
2016-06-01 21:10:13 +00:00
jarin
e60c4053c7 [turbofan] Make sure binop results do not overwrite deoptimization inputs on arm.
Review-Url: https://codereview.chromium.org/2031593002
Cr-Commit-Position: refs/heads/master@{#36658}
2016-06-01 20:08:19 +00:00
ishell
24066b6df4 Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
This CL also replaces some Branch() usages with GotoIf/GotoUnless.

BUG=v8:2743
LOG=Y

Review-Url: https://codereview.chromium.org/1995453002
Cr-Commit-Position: refs/heads/master@{#36657}
2016-06-01 20:00:20 +00:00
lpy
ee43805a66 [base] Implement CPU time on Windows.
We already implemented CPU time for OS X and POSIX, this path is a
follow up for the implementation on Windows.

BUG=v8:5000
LOG=n

Review-Url: https://codereview.chromium.org/1977983003
Cr-Commit-Position: refs/heads/master@{#36656}
2016-06-01 18:55:51 +00:00
gsathya
a7d091ffe3 math.js: Use %_TypedArrayGetLength to get length
https://codereview.chromium.org/2001393004 makes TypedArray
length property writable, which means we shouldn't depend on it.
Instead, use %_TypedArrayGetLength% to get length.

Attached regression test.

BUG=chromium:615776

Review-Url: https://codereview.chromium.org/2020203006
Cr-Commit-Position: refs/heads/master@{#36655}
2016-06-01 18:44:30 +00:00
bbudge
817b59c8ad Turbofan: Modify WASM linkage to store floats using only 4 bytes.
Adds instructions for ARM to push floats.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2024443002
Cr-Commit-Position: refs/heads/master@{#36654}
2016-06-01 17:43:45 +00:00
mlippautz
279e274ecc Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2026633003
Cr-Commit-Position: refs/heads/master@{#36653}
2016-06-01 16:30:32 +00:00
ishell
9fa206e1f4 [runtime] Ensure that all elements kind transitions are chained to the root map.
This CL also updates the elements kind transition lookup logic:
1) First we go back to the root map,
2) Follow elements kind transitions,
3) Replay the property transitions.

BUG=v8:5009
LOG=Y
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2015513002
Cr-Commit-Position: refs/heads/master@{#36652}
2016-06-01 15:55:11 +00:00
ulan
fa9756d08b Instrument code entry slot recording to help with crash investigation.
BUG=chromium:414964
LOG=NO

Review-Url: https://codereview.chromium.org/1975593004
Cr-Commit-Position: refs/heads/master@{#36651}
2016-06-01 15:47:19 +00:00
hpayer
b6a2b438aa [heap] Do not use the high memory watermark for committed memory accounting in large object space.
BUG=

Review-Url: https://codereview.chromium.org/2019333009
Cr-Commit-Position: refs/heads/master@{#36650}
2016-06-01 15:44:34 +00:00
rmcilroy
471893ccec [Interpreter] Fix GenerateSmiToDouble to avoid assuming it is called from a JSFrame.
GenerateSmiToDouble on ia32 assumes that it is called from a JSFrame and can restore
the context from the StandardFrameConstants::kContextObject. In the case of the
interpreter it is called from a interpreter handler stub frame which doesn't
push the context onto it's frame. Instead, push and pop esi to explicitly restore it
correctly.

BUG=chromium:612386

Review-Url: https://codereview.chromium.org/2011313003
Cr-Commit-Position: refs/heads/master@{#36649}
2016-06-01 14:49:00 +00:00
machenbach
9d5b4b6cd9 [gn] Add cctest
BUG=chromium:474921

Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
Cr-Commit-Position: refs/heads/master@{#36517}

Committed: https://crrev.com/65678bc67fc48dfe4dcab7fdd2c4b7e1d6e918f4
Cr-Commit-Position: refs/heads/master@{#36586}

TBR=jochen@chromium.org

Committed: https://crrev.com/eea9fbe1858df23dd832ed8ddd284f98120d9e21
Cr-Commit-Position: refs/heads/master@{#36607}

Review-Url: https://codereview.chromium.org/2007143003
Cr-Commit-Position: refs/heads/master@{#36648}
2016-06-01 14:16:27 +00:00
machenbach
2242cb0361 [release] Auto-detect clusterfuzz issues for ignition with arm
NOTRY=true
TBR=hablich@chromium.org, rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2027183002
Cr-Commit-Position: refs/heads/master@{#36647}
2016-06-01 13:31:30 +00:00
bmeurer
32820ddf92 [x64] Make xmm0 allocatable and use xmm15 as scratch register instead.
The idea is to make it easier (cheaper) to call into C/C++ directly with
C calling conventions, which require xmm0 to be used to pass and return
floating point values in the future.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2023763010
Cr-Commit-Position: refs/heads/master@{#36646}
2016-06-01 13:05:36 +00:00
Miran.Karic
b8786b35fc Fix bytecode operand values
A few values were missing use of a macro causing test to fail on big
endian machines.

BUG=

Review-Url: https://codereview.chromium.org/2024123002
Cr-Commit-Position: refs/heads/master@{#36645}
2016-06-01 13:05:35 +00:00
machenbach
8b0a6dd652 Revert of [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis. (patchset #2 id:20001 of https://codereview.chromium.org/2026173003/ )
Reason for revert:
Triggers crashes on the deopt fuzzer:
https://build.chromium.org/p/client.v8/builders/V8%20Deopt%20Fuzzer/builds/10608

Repro:
out/Release/d8 --test --random-seed=849179141 --deopt-every-n-times 149 --nohard-abort --nodead-code-elimination --nofold-constants --noconcurrent-recompilation test/webkit/resources/standalone-pre.js test/webkit/dfg-arguments-mixed-alias.js test/webkit/resources/standalone-post.js

Original issue's description:
> [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis.
>
> Currently, we do not emit EnvironmentMarkers if the hydrogen value
> in the environment is arguments object. As the hydrogen value can change
> for local variables, we emit only some environment markers. That can
> cause environment liveness analysis to mark part of live range as live
> and part as dead. The zapping phase then only inserts zaps in
> live->dead transitions, potentially zapping a live value.
>
> With this CL, we only emit EnvironmentMarkers for 'this' and
> 'arguments' local variables, disregarding the hydrogen value.
>
> BUG=chromium:612146
> LOG=n
>
> Committed: https://crrev.com/1428fbe224dc2df0cb6f59e4959430f7aa614064
> Cr-Commit-Position: refs/heads/master@{#36641}

TBR=jkummerow@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:612146

Review-Url: https://codereview.chromium.org/2029563002
Cr-Commit-Position: refs/heads/master@{#36644}
2016-06-01 12:45:06 +00:00
hlopko
dc78e0d4d7 Immediately promote marked objects during scavenge
It happens that a scavenger runs during incremental marking. Currently scavenger does not care about MarkCompact's mark bits. When an object is alive and marked, and at least one scavenge happens during incremental marking, the object will be copied once to the other semispace in the new_space, and then once to the old_space. For surviving objects this is useless extra work.

In our current attempts (https://codereview.chromium.org/1988623002) to ensure marked objects are scavenged, all marked objects will survive therefore there will be many objects which will be uselessly copied.

This cl modifies our promotion logic so when incremental marking is in progress, and the object is marked, we promote it unconditionally.

BUG=
LOG=no

Review-Url: https://codereview.chromium.org/2005173003
Cr-Commit-Position: refs/heads/master@{#36643}
2016-06-01 12:32:20 +00:00
machenbach
d87fb10fe7 [gn] Add unittests
BUG=chromium:474921
NOTRY=true

Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
Cr-Commit-Position: refs/heads/master@{#36510}

Committed: https://crrev.com/143b3d167d7014525d049d3ab53c73cf2592243c
Cr-Commit-Position: refs/heads/master@{#36582}

Committed: https://crrev.com/378a26c03efc74bda401daa5accda223cb266177
Cr-Commit-Position: refs/heads/master@{#36606}

Review-Url: https://codereview.chromium.org/2011853002
Cr-Commit-Position: refs/heads/master@{#36642}
2016-06-01 12:29:40 +00:00
jarin
1428fbe224 [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis.
Currently, we do not emit EnvironmentMarkers if the hydrogen value
in the environment is arguments object. As the hydrogen value can change
for local variables, we emit only some environment markers. That can
cause environment liveness analysis to mark part of live range as live
and part as dead. The zapping phase then only inserts zaps in
live->dead transitions, potentially zapping a live value.

With this CL, we only emit EnvironmentMarkers for 'this' and
'arguments' local variables, disregarding the hydrogen value.

BUG=chromium:612146
LOG=n

Review-Url: https://codereview.chromium.org/2026173003
Cr-Commit-Position: refs/heads/master@{#36641}
2016-06-01 12:04:35 +00:00
epertoso
79f45e026b Revert of Provide a tagged allocation top pointer. (patchset #4 id:60001 of https://codereview.chromium.org/2028633002/ )
Reason for revert:
Seems to be causing flakiness in some wasm tests:

https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/10598
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/2528

Original issue's description:
> Provide a tagged allocation top pointer.
>
> Taking over http://crrev.com/1924223002.
>
> BUG=chromium:606711
> LOG=N
>
> Committed: https://crrev.com/f42c9e93c80fdf57e8f92bb87f6ed927d0ae4028
> Cr-Commit-Position: refs/heads/master@{#36633}

TBR=bmeurer@chromium.org,hpayer@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:606711

Review-Url: https://codereview.chromium.org/2031493002
Cr-Commit-Position: refs/heads/master@{#36640}
2016-06-01 11:04:18 +00:00
littledan
88ab533b32 Reland of [ESNext] Activate async/await for ClusterFuzz (patchset #2 id:40001 of https://codereview.chromium.org/2003503002/ )
Reason for revert:
All known async/await issues are fixed; turn back on Clusterfuzz

Original issue's description:
> Revert of [ESNext] Activate async/await for ClusterFuzz (patchset #1 id:1 of https://codereview.chromium.org/1992173002/ )
>
> Reason for revert:
> First CF feedback is in, reverting for now until the know bugs are fixed.
>
> Original issue's description:
> > [ESNext] Activate async/await for ClusterFuzz
> >
> > BUG=v8:4483
> > R=neis@chromium.org,littledan@chromium.org,caitpotter88@gmail.com
> > LOG=N
> >
> > Committed: https://crrev.com/c57cadfa09fa493141bf43c1c7b898187a71da19
> > Cr-Commit-Position: refs/heads/master@{#36362}
>
> TBR=littledan@chromium.org,caitpotter88@gmail.com,neis@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4483
>
> Committed: https://crrev.com/eb059498b2b2d05731b0dce648bdab801d3873fd
> Cr-Commit-Position: refs/heads/master@{#36397}

TBR=caitpotter88@gmail.com,neis@chromium.org,mstarzinger@chromium.org,hablich@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2023003002
Cr-Commit-Position: refs/heads/master@{#36639}
2016-06-01 10:58:54 +00:00
mstarzinger
e065d3eff8 [turbofan] Emit explicit checkpoint before operations.
This is a first step towards explicit checkpoints in the graph. For now
we still use the explicit eager bailout points in the AstGraphBuilder
that are marked by the FrameStateBeforeAndAfter helper. Eventually these
will be implicitly emitted by expression visits having a side-effect.

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2018403002
Cr-Commit-Position: refs/heads/master@{#36638}
2016-06-01 10:48:33 +00:00
mstarzinger
d673d8908a [turbofan] Rename {CheckPoint} to {Checkpoint} everywhere.
R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2022033004
Cr-Commit-Position: refs/heads/master@{#36637}
2016-06-01 09:07:19 +00:00
jacob.bramley
886b259e22 [arm] Fix test failures on old architectures.
This mostly affects ARMv6, but also fixes some failures on ARMv7 when
hardware integer division is not available.

- Fix a case where a CodePatcher accumulates literal pool entries, but
  does not actually emit them.
- Don't treat division as safe if we can't use the hardware instruction.
  Our fallback implementation returns the wrong result if the divisor is
  zero.
- Support deoptimization tables bigger than 8 bits. (kMaxNumberOfEntries
  requires a 16-bit table index.)
- Correct a TurboFan instruction encoding to encode the Operand2 mode.

BUG=

Review-Url: https://codereview.chromium.org/2021343002
Cr-Commit-Position: refs/heads/master@{#36636}
2016-06-01 09:04:34 +00:00
bmeurer
a478bcb8ca [turbofan] Add Enrico to OWNERS.
R=jarin@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2025273002
Cr-Commit-Position: refs/heads/master@{#36635}
2016-06-01 08:56:46 +00:00
mstarzinger
7ecf1a059b [turbofan] Implement simplistic checkpoint reducer.
This adds a very simplistic reduction of {CheckPoint} nodes via the new
{CheckpointElimination}, eliminating redundant check points that appear
in an effect chain of operations that are all {kNoWrite}. Such a chain
allows an arbitrary check point to be chosen. The current approach will
end up choosing the first one for all deopts in the chain.

R=bmeurer@chromium.org
TEST=unittests/CheckpointEliminationTest.CheckPointChain
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2022913003
Cr-Commit-Position: refs/heads/master@{#36634}
2016-06-01 08:39:11 +00:00
epertoso
f42c9e93c8 Provide a tagged allocation top pointer.
Taking over http://crrev.com/1924223002.

BUG=chromium:606711
LOG=N

Review-Url: https://codereview.chromium.org/2028633002
Cr-Commit-Position: refs/heads/master@{#36633}
2016-06-01 08:39:10 +00:00
pierre.langlois
27bd1747b4 [turbofan] ARM64: Match 64 bit compare with zero and branch
This patch enables the following transformations in the instruction
selector:

| Before           | After                  |
|------------------+------------------------|
| and x3, x1, #0x1 | tb{,n}z w1, #0, #+0x78 |
| cmp x3, #0x0     |                        |
| b.{eq,ne} #+0x80 |                        |
|------------------+------------------------|
| cmp x0, #0x0     | cb{,n}z x0, #+0x48     |
| b.{eq,ne} #+0x4c |                        |

I have not seen these patterns beeing generated by turbofan, however the
stubs hit these cases frequently. A particular reason is that we are
turning operations that check for a Smi into a single `tbz`.

As a concequence, the interpreter is affected thanks to inlining
turbofan stubs into it's bytecode handlers. I have noticed the size of
the interpreter was reduced by 200 instructions.

BUG=

Review-Url: https://codereview.chromium.org/2022073002
Cr-Commit-Position: refs/heads/master@{#36632}
2016-06-01 08:03:01 +00:00
bmeurer
f2c0264a0a [x64] Fix invalid REX prefix for pslld, psrld and friends.
R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2026633004
Cr-Commit-Position: refs/heads/master@{#36631}
2016-06-01 07:59:56 +00:00
bmeurer
a6f6d8ad2e [crankshaft] HCall and HCallWithDescriptor should not override CalculateInferredType.
We may set a proper HType on HCall or HCallWithDescriptor nodes, for
example for the InstanceOfStub, where we know that the result is a
boolean. So HCall and HCallWithDescriptor shall not ignore the type,
but pass through whatever we set (defaulting to Tagged).

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2024033005
Cr-Commit-Position: refs/heads/master@{#36630}
2016-06-01 06:49:53 +00:00