The usage of Unique<T> throughout the TurboFan IR does not have any
advantage. There is no single point in time when they are initialized
and most use-sites looked through to the underlying Handle<T> anyways.
Also there already was a mixture of Handle<T> versus Unique<T> in the
graph and this unifies the situation to use Handle<T> everywhere.
R=bmeurer@chromium.org,titzer@chromium.org
Review URL: https://codereview.chromium.org/1314473007
Cr-Commit-Position: refs/heads/master@{#30458}
Adds implementations and tests for the following bytecodes:
- Add
- Sub
- Mul
- Div
- Mod
Also adds the Mod bytecode and adds support to BytecodeGenerator and
BytecodeArrayBuilder to enable it's use.
The current bytecodes always call through to the JS builtins. This also adds
LoadObjectField and CallJSBuiltin operators to the InterpreterAssembler.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1300813005
Cr-Commit-Position: refs/heads/master@{#30352}
Passes the current context to bytecode interpreter handlers. This is held in the
context register on all architectures except for ia32 where there are too few
registers and it is instead spilled to the stack.
Also changes Load/StoreRegister to use kMachAnyTagged representation since they
should only ever hold tagged values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1294133004
Cr-Commit-Position: refs/heads/master@{#30325}
Makes the following modifications to the interpreter builtins and
InterpreterAssembler:
- Adds an accumulator register and initializes it to undefined()
- Adds a register file pointer register and use it instead of FramePointer to
access registers
- Modifies builtin to support functions with 0 regiters in the register file
- Modifies builtin to Call rather than TailCall to first bytecode handler.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1289863003
Cr-Commit-Position: refs/heads/master@{#30219}
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
MIPS and MIPS64 port contributed by Paul Lind (paul.lind@imgtec.com)
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1245133002
Cr-Commit-Position: refs/heads/master@{#29929}
Changes the interpreter to use a BytecodeArray pointer and an offset to avoid
having an inner pointer to a BytecodeArray object in registers during dispatch.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1254293006
Cr-Commit-Position: refs/heads/master@{#29910}
Adds basic support for generation of interpreter bytecode handler code
snippets. The InterpreterAssembler class exposes a set of low level,
interpreter specific operations which can be used to build a Turbofan
graph. The Interpreter class generates a bytecode handler snippet for
each bytecode by assembling operations using an InterpreterAssembler.
Currently only two simple bytecodes are supported: LoadLiteral0 and Return.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1239793002
Cr-Commit-Position: refs/heads/master@{#29814}
Reduce Float64 comparison to Float32 when both inputs are conversions from
Float32.
Review URL: https://codereview.chromium.org/1235663002
Cr-Commit-Position: refs/heads/master@{#29586}
Currently we lower shifts directly to machine operators, and add an
appropriate Word32And to implement the & 0x1F operation on the right
hand side required by the specification. However for Word32And we assume
Int32 in simplified lowering, which is basically changes the right hand
side bit interpretation for the shifts from Uint32 to Int32, which is
obviously wrong. So now we represent that explicitly by proper
simplified operators for the shifts, which are lowered to machine in
simplified lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1213803008
Cr-Commit-Position: refs/heads/master@{#29465}
This will enable tail call optimization even across inlining. Plus it
might enable some other interesting optimizations as well. In order to
avoid blowing up the generated code, we can still canonicalize the
epilogue in the CodeGenerator, similar to what fullcodegen does.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1215623002
Cr-Commit-Position: refs/heads/master@{#29311}
The three different concerns that the ControlReducer used to deal with
are now properly separated into
a.) DeadCodeElimination, which is a regular AdvancedReducer, that
propagates Dead via control edges,
b.) CommonOperatorReducer, which does strength reduction on common
operators (i.e. Branch, Phi, and friends), and
c.) GraphTrimming, which removes dead->live edges from the graph.
This will make it possible to run the DeadCodeElimination together with
other passes that actually introduce Dead nodes, i.e. typed lowering;
and it opens the door for general inlining without two stage fix point
iteration.
To make the DeadCodeElimination easier and more uniform, we basically
reverted the introduction of DeadValue and DeadEffect, and changed the
Dead operator to produce control, value and effect. Note however that
this is not a requirement, but merely a way to make dead propagation
easier and more uniform. We could always go back and decide to have
different Dead operators if some other change requires that.
Note that there are several additional opportunities for cleanup now,
i.e. OSR deconstruction could be a regular reducer now, and we don't
need to use TheHole as dead value marker in the GraphReducer. And we can
actually run the dead code elimination together with the other passes
instead of using separate passes over the graph. We will do this in
follow up CLs.
R=jarin@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1193833002
Cr-Commit-Position: refs/heads/master@{#29146}
This adds handling of JSLoadDynamicGlobal nodes to JSTypedLowering to
perform extension checks and an inline fast path. The fast path is a
global variable load from the global object.
R=bmeurer@chromium.org
BUG=v8:4131
LOG=N
Review URL: https://codereview.chromium.org/1150723005
Cr-Commit-Position: refs/heads/master@{#28750}
If both inputs to JSStrictEqual/JSStrictNotEqual are unique values (i.e.
values with a canonical representation), we can lower the comparison to
ReferenceEqual instead of StringEqual or CompareIC.
Review URL: https://codereview.chromium.org/1154303002
Cr-Commit-Position: refs/heads/master@{#28646}
This simplifies the handling of the End node. Based on this CL we will
finally fix terminating every loop from the beginning (via Terminate
nodes) and fix inlining of Throw, Deoptimize and Terminate.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1157023002
Cr-Commit-Position: refs/heads/master@{#28620}
This revives the Terminate operator and removes the weird Always
operator. As a first step we let the ControlReducer connect non
terminating loops via Terminate. The next step will be to change the
graph builder to insert Terminate nodes into every loop.
Review URL: https://codereview.chromium.org/1123213002
Cr-Commit-Position: refs/heads/master@{#28259}
Tail calls are matched on the graph, with a dedicated tail call
optimization that is actually testable. The instruction selection can
still fall back to a regular if the platform constraints don't allow to
emit a tail call (i.e. the return locations of caller and callee differ
or the callee takes non-register parameters, which is a restriction that
will be removed in the future).
Also explicitly limit tail call optimization to stubs for now and drop
the global flag.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1114163005
Cr-Commit-Position: refs/heads/master@{#28219}
This introduces a simplified allocation operator which can be used to
model inline allocations in TurboFan. It is currently used for context
allocations, but still disabled because change lowering introduces
floating allocations outside the effect chain that interfere.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1109773002
Cr-Commit-Position: refs/heads/master@{#28195}
Now all nodes that care about deoptimization always take frame state
inputs no matter whether deoptimization is enabled for a particular
function. In case that deoptimization is off, the AstGraphBuilder just
inserts the empty frame state. This greatly simplifies the logic in
various places and makes testing easier as well, and is probably the
first step towards enabling --turbo-deoptimization by default.
There seems to be no noticable performance impact on asm.js programs.
Also fix the graph replay in order to regenerate the scheduler unittests.
Review URL: https://codereview.chromium.org/1106613003
Cr-Commit-Position: refs/heads/master@{#28026}
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1066393002
Cr-Commit-Position: refs/heads/master@{#27662}
This reduces the overhead of typed lowering, because we lower
JSToBoolean/JSUnaryNot directly if possible, instead of first lowering
to AnyToBoolean, and then letting the SimplifiedOperatorReducer do the
further lowering.
Also remove some obsolete tests from the cctest suite that have since
been removed by proper unittests. And improve unitttest coverage for the
typed lowering cases.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/999173003
Cr-Commit-Position: refs/heads/master@{#27295}
Basically recognize certain x < y ? x : y constructs and turn that into
Float64Min/Float64Max operations, if the target machine supports that.
On x86 we lower to (v)minsd/(v)maxsd.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/998283002
Cr-Commit-Position: refs/heads/master@{#27160}
Provide an intrinsic %MathFloor / %_MathFloor that is used to optimize
both Math.ceil and Math.floor, and use the JS inlining mechanism to
inline Math.ceil into TurboFan code. Although we need to touch code
outside of TurboFan to make this work, this does not affect the way we
handle Math.ceil and/or Math.floor in CrankShaft, because for CrankShaft
the old-style builtin function id based inlining still kicks in first.
Once this solution is stabilized, we can use it for Math.floor as well.
And once that is settled, we can establish it as the unified way to
inline builtins, and get rid of the specialized builtin function id
based inlining at some point.
Note that "builtin" applies to basically every piece of internal
JavaScript/intrinsics based code, so this also applies to the yet to be
defined JavaScript based code stubs and handlers.
BUG=v8:3953
LOG=n
R=yangguo@chromium.org,svenpanne@chromium.org
Review URL: https://codereview.chromium.org/990963003
Cr-Commit-Position: refs/heads/master@{#27086}
This adds support for the double bits intrinsics to TurboFan, and is
a first step towards fast Math functions inlined into TurboFan code
or even compiled by themselves with TurboFan.
Review URL: https://codereview.chromium.org/974313002
Cr-Commit-Position: refs/heads/master@{#27006}
This adds a new ControlFlowOptimizer that - for now - recognizes chains
of Branches generated by the SwitchBuilder for a subset of javascript
switches into Switch nodes. Those Switch nodes are then lowered to
either table or lookup switches.
Also rename Case to IfValue (and introduce IfDefault) for consistency.
BUG=v8:3872
LOG=n
Review URL: https://codereview.chromium.org/931623002
Cr-Commit-Position: refs/heads/master@{#26691}
Up until now we used a special Terminate node to artifically connect non
terminating loops to the End node, but this was kind of adhoc and didn't
work for the CFG. So without all kinds of weird hacks, the end block in
the CFG will not be connected to NTLs, which makes it impossible to
compute post dominance / control dependence in the current setting.
So instead of Terminate, we add a special Branch to NTLs, whose
condition is the special Always node, which corresponds to True, except
that it cannot be folded away. This way we don't need any special
machinery in the scheduler, since it's just a regular Branch.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/875263004
Cr-Commit-Position: refs/heads/master@{#26294}
Introduce a new AnyToBoolean simplified operator to handle the later
lowering of boolean conversions. Previously we tried to hack that with
the generic JSToBoolean, having its context set to zero, but that lead
to various problems/bugs and did not handle all cases.
TEST=cctest,unittests
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/800833003
Cr-Commit-Position: refs/heads/master@{#25958}
