Callables for TF builtins are autogenerated and accessible through
Builtins::CallableFor. This removes the manually written accessors from
CodeFactory.
Bug: v8:6474,v8:5737
Change-Id: I9d8dec97995471c1bb258147220c190bf72e5de8
Reviewed-on: https://chromium-review.googlesource.com/530745
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45839}
This splits the monolithic Apply builtin into several smaller builtins,
namely CallVargargs and ConstructVarargs, which accept a length and a
FixedArray of elements and deal with the actual stack manipulation, and
CallWithArrayLike / ConstructWithArrayLike that deal with getting the
elements from the receiver (for Function.prototype.apply, Reflect.apply
and Reflect.construct), which can now be written using the CSA.
The idea is that these builtins can be reused by TurboFan directly in
the future when we optimize apply better, and that we can also reuse the
core logic in the handling of spread calls/constructs.
R=petermarshall@chromium.org
BUG=v8:4587,v8:5269
Review-Url: https://codereview.chromium.org/2930623002
Cr-Commit-Position: refs/heads/master@{#45794}
We already had an optimization to turn Function.prototype.apply with
arguments object, i.e.
function foo() { return bar.apply(this, arguments); }
into a special operator JSCallForwardVarargs, which avoids the
allocation and deconstruction of the arguments object, but just passes
along the incoming parameters. We can do the same for rest parameters
and spread calls/constructs, i.e.
class A extends B {
constructor(...args) { super(...args); }
}
or
function foo(...args) { return bar(1, 2, 3, ...args); }
where we basically pass along the parameters (plus maybe additional
statically known parameters).
For this, we introduce a new JSConstructForwardVarargs operator and
generalize the CallForwardVarargs builtins that are backing this.
BUG=v8:6407,v8:6278,v8:6344
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2890023004
Cr-Commit-Position: refs/heads/master@{#45388}
This CL changes certain frequently-called Array builtins to use CodeStubArguments
rather than peek at the stack frames above array builtins to determine if options
arguments have been passed into them.
Previous failure likely due to unfortunate/unluckily timed GC that moved due to
changed timing/allocation from this CL. Test mitigation for allocation-site-info.js
included.
BUG=v8:1956
LOG=N
Review-Url: https://codereview.chromium.org/2829093004
Cr-Commit-Position: refs/heads/master@{#44998}
Reason for revert:
Still fails. Likely has to do with gc heap size for allocation site tests, mitigation pending...
Original issue's description:
> [turbofan] Reland: Avoid going through ArgumentsAdaptorTrampoline for select CSA array builtins
>
> This CL changes certain frequently-called Array builtins to use CodeStubArguments
> rather than peek at the stack frames above array builtins to determine if options
> arguments have been passed into them.
>
> Previous failure cannot be reproed with failing config. Flake?
>
> BUG=v8:1956
> LOG=N
>
> Review-Url: https://codereview.chromium.org/2829093004
> Cr-Commit-Position: refs/heads/master@{#44996}
> Committed: 7ca381e847TBR=mvstanton@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1956
Review-Url: https://codereview.chromium.org/2851063002
Cr-Commit-Position: refs/heads/master@{#44997}
This CL changes certain frequently-called Array builtins to use CodeStubArguments
rather than peek at the stack frames above array builtins to determine if options
arguments have been passed into them.
Previous failure cannot be reproed with failing config. Flake?
BUG=v8:1956
LOG=N
Review-Url: https://codereview.chromium.org/2829093004
Cr-Commit-Position: refs/heads/master@{#44996}
Reason for revert:
Nosnap failure
Original issue's description:
> [turbofan] Avoid going through ArgumentsAdaptorTrampoline for select CSA/C++ builtins
>
> This CL changes certain frequently-called Array builtins to use CodeStubArguments
> rather than peek at the stack frames above array builtins to determine if options
> arguments have been passed into them.
>
> BUG=v8:1956
> LOG=N
>
> Review-Url: https://codereview.chromium.org/2829093004
> Cr-Commit-Position: refs/heads/master@{#44994}
> Committed: 680356278dTBR=mvstanton@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1956
Review-Url: https://codereview.chromium.org/2851703005
Cr-Commit-Position: refs/heads/master@{#44995}
This CL changes certain frequently-called Array builtins to use CodeStubArguments
rather than peek at the stack frames above array builtins to determine if options
arguments have been passed into them.
BUG=v8:1956
LOG=N
Review-Url: https://codereview.chromium.org/2829093004
Cr-Commit-Position: refs/heads/master@{#44994}
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Original-Commit-Position: refs/heads/master@{#44770}
Committed: 74f2497eae
Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Commit-Position: refs/heads/master@{#44775}
Committed: 9c0832eb1a
Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44779}
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Commit-Position: refs/heads/master@{#44770}
Committed: 74f2497eae
Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44775}
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Android%20Arm64%20-%20builder/builds/9118
Original issue's description:
> [regexp] Remove remainder of native RegExpExecStub
>
> If we avoid throwing a stack overflow exception from Irregexp code during
> direct calls, there is no need to construct exit frames before the Irregexp
> call anymore. As that was the last remaining blocker, we can now implement the
> entire stub in CSA.
>
> BUG=v8:5339
>
> Review-Url: https://codereview.chromium.org/2752143003
> Cr-Commit-Position: refs/heads/master@{#44770}
> Committed: 74f2497eaeTBR=ishell@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2833083002
Cr-Commit-Position: refs/heads/master@{#44771}
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44770}
Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.
As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.
Reland of https://chromium-review.googlesource.com/c/463287 after fixing
tests in https://codereview.chromium.org/2813873002.
Change-Id: I314d69c7643ceec6a5750ffdab60dad38dad09e5
Reviewed-on: https://chromium-review.googlesource.com/474752
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44582}
This reverts commit 751e893591.
Reason for revert: Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14885
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original change's description:
> [ignition] Add call bytecodes for undefined receiver
>
> Adds a collection of call bytecodes which have an implicit undefined
> receiver argument, for cases such as global calls where we know that the
> receiver has to be undefined. This way we can skip an LdaUndefined,
> decrease bytecode register pressure, and set a more accurate
> ConvertReceiverMode on the interpreter and TurboFan call.
>
> As a side effect, the "normal" Call bytecode now becomes a rare case
> (only with calls and super property calls), so we get rid of its 0-2
> argument special cases and modify CallProperty[N] to use the
> NotNullOrUndefined ConvertReceiverMode.
>
> Change-Id: I9374a32fefd66fc0251b5193bae7a6b7dc31eefc
> Reviewed-on: https://chromium-review.googlesource.com/463287
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44530}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org,v8-reviews@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com,v8-x87-ports@googlegroups.com,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: I7629dec609d0ec938ce7105d6c1c74884e5f9272
Reviewed-on: https://chromium-review.googlesource.com/474744
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44548}
Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.
As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.
Change-Id: I9374a32fefd66fc0251b5193bae7a6b7dc31eefc
Reviewed-on: https://chromium-review.googlesource.com/463287
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44530}
This hopefully shrinks binary size a bit, at the cost of (slightly)
increasing the complexity of the ResumeGenerator stub. Includes ia32,
x64, mips, mips64, arm and arm64 ports.
BUG=v8:5855
R=rmcilroy@chromium.org, paul.lind@imgtec.com, bmeurer@chromium.org, neis@chromium.org
Change-Id: I848ce08afd828091a11e03c89d5be065ff557ef3
Reviewed-on: https://chromium-review.googlesource.com/461303
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44244}
- Introduce new struct AsyncGeneratorRequest, which holds
information pertinent to resuming execution of an
AsyncGenerator, such as the Promise associated with the async
generator request. It is intended to be used as a singly
linked list, and holds a pointer to the next item in te queue.
- Introduce JSAsyncGeneratorObject (subclass of
JSGeneratorObject), which includes several new internal fields
(`queue` which contains a singly linked list of
AsyncGeneratorRequest objects, and `await_input` which
contains the sent value from an Await expression (This is
necessary to prevent function.sent (used by yield*) from
having the sent value observably overwritten during
execution).
- Modify SuspendGenerator to accept a set of Flags, which
indicate whether the suspend is for a Yield or Await, and
whether it takes place on an async generator or ES6
generator.
- Introduce interpreter intrinsics and TF intrinsic lowering for
accessing the await input of an async generator
- Modify the JSGeneratorStore operator to understand whether or
not it's suspending for a normal yield, or an AsyncGenerator
Await. This ensures appropriate registers are stored.
- Add versions of ResumeGeneratorTrampoline which store the
input value in a different field depending on wether it's an
AsyncGenerator Await resume, or an ordinary resume. Also modifies
whether debug code will assert that the generator object is a
JSGeneratorObject or a JSAsyncGeneratorObject depending on the
resume type.
BUG=v8:5855
R=bmeurer@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org,
littledan@chromium.org, neis@chromium.orgTBR=marja@chromium.org
Change-Id: I9d58df1d344465fc937fe7eed322424204497187
Reviewed-on: https://chromium-review.googlesource.com/446961
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44240}
The former will handle stores to global variables, lets and undeclared
variables. The latter will handle named stores to explicit receiver.
BUG=chromium:576312, v8:5561
Change-Id: I335fa21db47c3d001da8cc79fa8cb6f8abcbb7e2
Reviewed-on: https://chromium-review.googlesource.com/458639
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44085}
Previous to this CL, CSA-optimized Array builtins--like forEach, some, and
every--were written in a single, monolithic block of CSA code.
This CL teases the code for each of these builtins apart into two chunks, a main
body with optimizations for fast cases, and a "continuation" builtin that
performs a spec-compliant, but slower version of the main loop of the
builtin. The general idea is that when the "fast" main body builtin encounters
an unexpected condition that invalidates assumptions allowing fast-case code, it
tail calls to the slow, correct version of the loop that finishes the builtin
execution.
This separation currently doens't really provide any specific advantage over the
combined version. However, it paves the way to TF-optimized inlined Array
builtins. Inlined Array builtins may trigger deopts during the execution of the
builtin's loop, and those deopt must continue execution from the point at which
they failed. With some massaging of the deoptimizer, it will be possible to make
those deopt points create an extra frame on the top of the stack which resumes
execution in the slow-loop builtin created in this CL.
BUG=v8:1956
LOG=N
Review-Url: https://codereview.chromium.org/2753793002
Cr-Commit-Position: refs/heads/master@{#43867}
This is another step towards making calls to builtins more convenient.
Builtins::CallableFor is an automatically generated Callable accessor for TFS
builtins (whereas previously we had to manually add an accessor to
code-factory.{h,cc}).
CSA::CallBuiltin is a convenience wrapper around CallStub for TFS builtins.
We can begin removing accessors for TFS builtins from CodeFactory in an
upcoming commit.
BUG=v8:5737
Review-Url: https://codereview.chromium.org/2752213002
Cr-Commit-Position: refs/heads/master@{#43865}
This inlines common LoadIC cases into the LdaNamedProperty bytecode
handler. Smi handlers resulting in constant/field loads for
monomorphic ICs omit frame construction. The same counts for the
polymorphic case as long as the target handler is in the first two
vector slots.
Other cases (megamorphic, uninitialized) call the new
LoadIC_Noninlined stub.
Local benchmarks show up to 6% improvement on Sunspider with --future.
BUG=v8:5917
Review-Url: https://codereview.chromium.org/2733563002
Cr-Commit-Position: refs/heads/master@{#43630}
The parser already changes all negative equality comparison operations
to their positive pendants in {ParserBase::ParseBinaryExpression}. No
other source of the Token::NE exists in the system. We can remove all
handling from the compiler and interpreter backends.
R=bmeurer@chromium.org
Change-Id: I58722c08dd8e498f20c65886fce86b8172737b10
Reviewed-on: https://chromium-review.googlesource.com/449716
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43627}
We don't need the JSStrictNotEqual operator in the compiler, because
this is never generated by the BytecodeGraphBuilder, and the code in
the AstGraphBuilder was dead code. Also remove the backing builtin
StrictNotEqual.
R=mstarzinger@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2727003006
Cr-Commit-Position: refs/heads/master@{#43594}
The new NewUnmappedArgumentsElements node now takes two inputs:
- the frame holding the arguments (current frame or arguments adaptor frame)
- the length of the suffix of passed arguments to be copied into the backing store
These inputs are computed with two new node types:
ArgumentsFrame()
ArgumentsLength[formal_parameter_count,is_rest_length](Node* arguments_frame)
The node type NewRestParameterElements can now be expressed with NewUnmappedArgumentsElements and an appropriate length and is thus not needed anymore.
In escape analysis, we lower loads from the length field of NewUnmappedArgumentsElements with its length input and if we find out that no write access to the arguments elements exists, we replace element loads with direct stack access and replace the NewUnmappedArgumentsElements node with a node of the new node type ArgumentsElementsState. This corresponds to an ObjectState node and gets translated into a deoptimizer instruction to allocate the backing store. Together with the already existing deoptimizer support for the actual arguments object/rest parameters, this allows to remove all allocations for arguments objects/rest parameters in this case.
In the deoptimizer, we read the actual parameters from the stack while transforming the static deopt info into TranslatedValue objects.
If escape analysis cannot remove the backing store allocation, NewUnmappedArgumentsElements gets lo
BUG=v8:5726
Review-Url: https://codereview.chromium.org/2692753004
Cr-Commit-Position: refs/heads/master@{#43475}
Avoiding runtime call overhead.
There's a fast path for Function.prototype loads, which are very common.
BUG=v8:5269
Review-Url: https://codereview.chromium.org/2711353002
Cr-Commit-Position: refs/heads/master@{#43474}
... which is used for initializing properties with non compile time values.
Currently we use StoreOwnIC only for storing properties that already exist
in the boilerplate therefore we can reuse StoreIC dispatcher.
The proper StoreOwnIC dispatcher will be implemented in a separate CL.
BUG=v8:5495, v8:4414
Change-Id: I9c33fdb8499ec5be2c7fce1ecb6ce7aa285e5844
Reviewed-on: https://chromium-review.googlesource.com/443588
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43285}
Includes the port of these three builtins: FastNewStrictArguments,
FastNewSloppyArguments and FastNewRestParameter. Also inline
the implementation of these into the corresponding interpreter
byte codes.
BUG=v8:5269
LOG=N
R=ishell@chromium.org, rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2645743002
Cr-Commit-Position: refs/heads/master@{#43002}
Reason for revert:
Doesn't fix perf regressions in crbug.com/688972 and introduces new ones for RegExp in crbug.com/689395.
Original issue's description:
> [regexp] Add stub for RegExpExec instead of inlining
>
> The code produced for RegExpExec is quite large, and we ended up completely
> inlining it several spots. This CL moves RegExpPrototypeExecBody into two
> stubs (one each for fast and slow paths) and converts inlined uses into stub
> calls. This decreases the local x64 snapshot size by around 80K.
>
> BUG=chromium:688972
>
> Review-Url: https://codereview.chromium.org/2677073004
> Cr-Commit-Position: refs/heads/master@{#42965}
> Committed: 5ea144afe3TBR=yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:688972
Review-Url: https://codereview.chromium.org/2679063003
Cr-Commit-Position: refs/heads/master@{#42985}
The code produced for RegExpExec is quite large, and we ended up completely
inlining it several spots. This CL moves RegExpPrototypeExecBody into two
stubs (one each for fast and slow paths) and converts inlined uses into stub
calls. This decreases the local x64 snapshot size by around 80K.
BUG=chromium:688972
Review-Url: https://codereview.chromium.org/2677073004
Cr-Commit-Position: refs/heads/master@{#42965}
This adds helper stubs for RegExp split and replace operations, called directly
by both RegExpPrototype{Replace,Split} and StringPrototype{Replace,Split}.
BUG=
Review-Url: https://codereview.chromium.org/2668703002
Cr-Commit-Position: refs/heads/master@{#42919}
Port the Call feedback machinery from the interpreter to the CallICStub
as second step to unify the feedback collection. This removes a lot of
hand-written native code, and makes the runtime miss handler obsolete.
The next step will be to use the CallICStub from the interpreter as
well.
Drive-by-fix: Adjust CallIC/CallICTrampoline descriptors names.
R=mvstanton@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2670843002
Cr-Commit-Position: refs/heads/master@{#42889}
Rename the CallIC factory method to CallICTrampoline and the
CallICInOptimizedCode to CallIC to match the naming of the
stubs and better reflect their functionality.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2670073002
Cr-Commit-Position: refs/heads/master@{#42876}
