On those architectures that do support unaligned memory access
there is no need to emit heap alignment code in TypedArrayInitialize.
BUG=chromium:708545
Review-Url: https://codereview.chromium.org/2802003003
Cr-Commit-Position: refs/heads/master@{#44501}
some arch like s390 has native instr can benefit from this.
see ~10% improvement on MathAbs on s390
Review-Url: https://codereview.chromium.org/2785773002
Cr-Commit-Position: refs/heads/master@{#44310}
- Introduce new struct AsyncGeneratorRequest, which holds
information pertinent to resuming execution of an
AsyncGenerator, such as the Promise associated with the async
generator request. It is intended to be used as a singly
linked list, and holds a pointer to the next item in te queue.
- Introduce JSAsyncGeneratorObject (subclass of
JSGeneratorObject), which includes several new internal fields
(`queue` which contains a singly linked list of
AsyncGeneratorRequest objects, and `await_input` which
contains the sent value from an Await expression (This is
necessary to prevent function.sent (used by yield*) from
having the sent value observably overwritten during
execution).
- Modify SuspendGenerator to accept a set of Flags, which
indicate whether the suspend is for a Yield or Await, and
whether it takes place on an async generator or ES6
generator.
- Introduce interpreter intrinsics and TF intrinsic lowering for
accessing the await input of an async generator
- Modify the JSGeneratorStore operator to understand whether or
not it's suspending for a normal yield, or an AsyncGenerator
Await. This ensures appropriate registers are stored.
- Add versions of ResumeGeneratorTrampoline which store the
input value in a different field depending on wether it's an
AsyncGenerator Await resume, or an ordinary resume. Also modifies
whether debug code will assert that the generator object is a
JSGeneratorObject or a JSAsyncGeneratorObject depending on the
resume type.
BUG=v8:5855
R=bmeurer@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org,
littledan@chromium.org, neis@chromium.orgTBR=marja@chromium.org
Change-Id: I9d58df1d344465fc937fe7eed322424204497187
Reviewed-on: https://chromium-review.googlesource.com/446961
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44240}
filter creates an output array with the Array species constructor for
storing values from the input array that pass the user-supplied
predicate function. Our new array builtins are implemented such that
if we fall out of the fast path, we'll pick up where we left off
in a continuation function. It's important to pass the index of
where we left off appending to the output array, because otherwise
we will read it at the start of the continuation function.
That would be observable, and a spec violation.
BUG=
Review-Url: https://codereview.chromium.org/2771483002
Cr-Commit-Position: refs/heads/master@{#44023}
Previous to this CL, CSA-optimized Array builtins--like forEach, some, and
every--were written in a single, monolithic block of CSA code.
This CL teases the code for each of these builtins apart into two chunks, a main
body with optimizations for fast cases, and a "continuation" builtin that
performs a spec-compliant, but slower version of the main loop of the
builtin. The general idea is that when the "fast" main body builtin encounters
an unexpected condition that invalidates assumptions allowing fast-case code, it
tail calls to the slow, correct version of the loop that finishes the builtin
execution.
This separation currently doens't really provide any specific advantage over the
combined version. However, it paves the way to TF-optimized inlined Array
builtins. Inlined Array builtins may trigger deopts during the execution of the
builtin's loop, and those deopt must continue execution from the point at which
they failed. With some massaging of the deoptimizer, it will be possible to make
those deopt points create an extra frame on the top of the stack which resumes
execution in the slow-loop builtin created in this CL.
BUG=v8:1956
LOG=N
Review-Url: https://codereview.chromium.org/2753793002
Cr-Commit-Position: refs/heads/master@{#43867}
Part of the performance and refactoring work to move the TypedArray
constructors into CSA. This CL moves ConstructByArrayBuffer from JS
to CSA.
BUG=v8:5977
Change-Id: I0a200e6b3f6261ea2372ea9c3d3ca98e313cf2c5
Reviewed-on: https://chromium-review.googlesource.com/451620
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43747}
This should improve readability, code generation, and ensure that
we verify such locations are never reached.
BUG=
Review-Url: https://codereview.chromium.org/2705163005
Cr-Commit-Position: refs/heads/master@{#43367}
It's a common pattern to create a Variable and immediately initialize
it. This adds a new constructor to make that pattern more natural.
BUG=
Review-Url: https://codereview.chromium.org/2657533003
Cr-Commit-Position: refs/heads/master@{#42649}
CodeAssemblerLabel's destructor was not calling RawMachineLabel's destructor, because label_ is zone-allocated. RawMachineLabel's destructor contains a DCHECK that would make debugging easier. If the DCHECK is not triggered, things will go awry in the register allocation phase, making it harder to debug the issue.
BUG=
Review-Url: https://codereview.chromium.org/2641863002
Cr-Commit-Position: refs/heads/master@{#42461}
Add a feedback vector slot for computed property names in object
and class literals. Introduce new slot kind for storing
computed property names.
Change StaDataPropertyInLiteral to use the accumulator (again), so
we don't exceed Bytecodes::kMaxOperands.
We assume that most computed property names are
symbols. Therefore we should see performance
improvements, even if we deal with monomorphic ICs only.
This CL only collects feedback but does not use
it in Reduce() yet.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2587393006
Cr-Commit-Position: refs/heads/master@{#42082}
- Adds CodeAssembler::ConstructJS() to simplify calling JS functions as
constructors, used by NewPromiseCapability()
- Defines PromiseCapability as a special JSObject subclass, with a
non-exensible Map, and read-only non-configurable DataDescriptors which
point to its in-object fields. This allows its fields to be used by JS
builtins until there is no longer any need.
Currently, the performance benefit comes from
https://codereview.chromium.org/2567033003/, but does not appear to
regress performance in any significant way.
BUG=v8:5343
TBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2567333002
Cr-Commit-Position: refs/heads/master@{#42014}
... and add explicit CallPrologue/CallEpilogue callbacks to CodeAssemblerState instead.
This will allow IntepreterAssembler to use any other helper assembler.
TBR=rmcilroy@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2600183004
Cr-Commit-Position: refs/heads/master@{#41973}
Many websites use simple calls to String.prototype.indexOf with either a
one character ASCII needle or needles bigger than the search string. This
CL adds a TFJ builtin for these simple cases, giving up to factor 5 speedup.
Drive-by-fix: Add default Object type to Arguments.at
BUG=
Review-Url: https://codereview.chromium.org/2539093002
Cr-Commit-Position: refs/heads/master@{#41760}
.. by using variadic templates in CodeAssembler and RawMachineAssembler.
BUG=
Review-Url: https://codereview.chromium.org/2580823002
Cr-Commit-Position: refs/heads/master@{#41733}
The error reported by the graph verifier looks like:
#
# Fatal error in ../src/compiler/machine-graph-verifier.cc, line 638
# TypeError: node #54:ChangeInt32ToInt64 uses node #53:ChangeUint32ToUint64 which doesn't have an int32-compatible representation.
#
# Specify option --csa-trap-on-node=test,54 for debugging.
#
BUG=
Review-Url: https://codereview.chromium.org/2574353002
Cr-Commit-Position: refs/heads/master@{#41721}
This allows us to forward declare Label and Variable classes without including the
code-assembler.h.
BUG=
Review-Url: https://codereview.chromium.org/2551163003
Cr-Commit-Position: refs/heads/master@{#41509}
1) CSA::Select() receives lambdas for generating true/false values.
The representation parameter made mandatory.
2) CSA::Select[Type]Constant() methods receive true/false nodes directly.
These methods are intended to be used for generating "selects" when
true/false values are already computed.
BUG=
Review-Url: https://codereview.chromium.org/2550683003
Cr-Commit-Position: refs/heads/master@{#41483}
1) CSA::StoreMap() added which triggers map-specific write barrier
unlike StoreObjectField() which triggers the full write barrier.
2) CSA::StoreMapNoWriteBarrier(object, map_root_index) added.
3) StoreMapNoWriteBarrier() is used for storing immortal immovable
maps since they don't require write barriers even for objects in
old space.
BUG=
Review-Url: https://codereview.chromium.org/2544793002
Cr-Commit-Position: refs/heads/master@{#41435}
... because only MachineRepresentation::kTagged makes sense there.
BUG=
Review-Url: https://codereview.chromium.org/2544713003
Cr-Commit-Position: refs/heads/master@{#41426}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Original review: https://codereview.chromium.org/2498073002/
Review-Url: https://codereview.chromium.org/2502293002
Cr-Commit-Position: refs/heads/master@{#41028}
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared doesn't want to compile. Missing export annotation?
Original issue's description:
> [refactoring] Split CodeAssemblerState out of CodeAssembler
>
> This is in preparation for introducing more specialized
> CodeStubAssembler subclasses. The state object can be handed
> around, while the Assembler instances are temporary-scoped.
>
> BUG=v8:5628
TBR=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2504913002
Cr-Commit-Position: refs/heads/master@{#41018}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2498073002
Cr-Commit-Position: refs/heads/master@{#41015}
CodeAssembler::CallRuntime() with 5 arguments was declared but
not implemented.
BUG=
Review-Url: https://codereview.chromium.org/2503523002
Cr-Commit-Position: refs/heads/master@{#40973}
In the process, add a more general mechanism for passing around
and amending list of CodeStubAssembler Variables. That change
makes it possible to more easily add Variables to loops that are
generated by utility functions, e.g. BuildFastLoop.
LOG=N
Review-Url: https://codereview.chromium.org/2461363002
Cr-Commit-Position: refs/heads/master@{#40700}
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
LOG=N
Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40699}
Reason for revert:
Seems to break arm64 sim debug and blocks roll:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/3294
Original issue's description:
> [turbofan] Support variable size argument removal in TF-generated functions
>
> This is preparation for using TF to create builtins that handle variable number of
> arguments and have to remove these arguments dynamically from the stack upon
> return.
>
> The gist of the changes:
> - Added a second argument to the Return node which specifies the number of stack
> slots to pop upon return in addition to those specified by the Linkage of the
> compiled function.
> - Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
> handles all tail-call cases except where the return value type differs, this fallback
> was not really useful and in fact caused unexpected behavior with variable
> sized argument popping, since it wasn't possible to materialize a Return node
> with the right pop count from the TailCall without additional context.
> - Modified existing Return generation to pass a constant zero as the additional
> pop argument since the variable pop functionality
>
> LOG=N
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,epertoso@chromium.org,danno@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2473643002
Cr-Commit-Position: refs/heads/master@{#40691}
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
LOG=N
Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40678}
Object.create(null) is most likely to be used for dictionary-like objects.
Hence it would be beneficial to directly create a slow-mode object and avoid
additional overhead later-on.
BUG=
Review-Url: https://codereview.chromium.org/2430273007
Cr-Commit-Position: refs/heads/master@{#40551}
This adds a fast-path for calls to RegExp.prototype[@@replace] for cases in
which the given regexp is unmodified and global, and the given replace argument
is callable.
The fast-path implementation itself is almost identical to the original JS
implementation except that it currently does not reuse result_array.
SunSpider/unpack-code relies heavily on this codepath.
BUG=v8:5339
Review-Url: https://chromiumcodereview.appspot.com/2433923003
Cr-Commit-Position: refs/heads/master@{#40504}
