Commit Graph

149 Commits

Author SHA1 Message Date
Leszek Swirski
51ded9d3c0 Reland^2: Remove SFI code field
This is a reland of d8f564eac6

TBR=mstarzinger@chromium.org,yangguo@chromium.org,jgruber@chromium.org

Original change's description:
> Reland: Remove SFI code field
>
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
>
> (Reland of https://chromium-review.googlesource.com/952452)
>
> TBR=mstarzinger@chromium.org
>
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}

Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I5187851b923e9a92f43daf8cb99e662786cbb839
Reviewed-on: https://chromium-review.googlesource.com/975942
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52159}
2018-03-22 17:06:06 +00:00
Leszek Swirski
48f89fbdc4 Revert "Reland: Remove SFI code field"
This reverts commit d8f564eac6.

Reason for revert: Breaks mac asan (https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/17067)

Original change's description:
> Reland: Remove SFI code field
> 
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
> 
> (Reland of https://chromium-review.googlesource.com/952452)
> 
> TBR=mstarzinger@chromium.org
> 
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,leszeks@chromium.org

Change-Id: I348ec7a9d837a7b068fd08312b77e87abf21be7b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/975305
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52143}
2018-03-22 12:56:54 +00:00
Leszek Swirski
d8f564eac6 Reland: Remove SFI code field
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).

(Reland of https://chromium-review.googlesource.com/952452)

TBR=mstarzinger@chromium.org

Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
Reviewed-on: https://chromium-review.googlesource.com/970649
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52136}
2018-03-22 11:16:20 +00:00
Leszek Swirski
9b4d8fe41f Revert "Remove SFI code field"
This reverts commit 520b025f72.

Reason for revert: Breaks internal-snapshot build: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20internal%20snapshot/builds/14603

Original change's description:
> Remove SFI code field
> 
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
> 
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I1219a4d6aa5abaa9fee54dda883da7a3186e347a
> Reviewed-on: https://chromium-review.googlesource.com/952452
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52064}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,leszeks@chromium.org,bmeurer@chromium.org,verwaest@chromium.org

Change-Id: Iaf464ed29ba4317bbbb255c1aec76fb65cddba84
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/970647
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52066}
2018-03-20 13:47:34 +00:00
Leszek Swirski
520b025f72 Remove SFI code field
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).

Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1219a4d6aa5abaa9fee54dda883da7a3186e347a
Reviewed-on: https://chromium-review.googlesource.com/952452
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52064}
2018-03-20 13:14:53 +00:00
Jaroslav Sevcik
8c1234861c [turbofan] Bailout from optimizations for large bytecode sizes (>128kB).
Turbofan can only handle 64K control inputs for merges. Such large
can only be created by functions with 64K jumps, so we limit the
bytecode size to the minimum size of bytecode arrays with 64K jumps.

Bug: chromium:815392, v8:7438
Change-Id: I674705e87e19ce451b40d5827c9fe3e6ec17293a
Reviewed-on: https://chromium-review.googlesource.com/938421
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51598}
2018-02-27 13:22:53 +00:00
Michael Starzinger
c462ddc80b [turbofan] Ensure instruction start is in fixed register.
This makes sure that {JSFunction} invocations always load the code start
address into the fixed {kJavaScriptCallCodeStartRegister} register. This
allows us to perform PC-relative operations more effective. For now this
only applies to code with {kCallJSFunction} linkage.

R=jarin@chromium.org

Change-Id: I16a32184c07f5e90b05114dff7530acf46c175f1
Reviewed-on: https://chromium-review.googlesource.com/888700
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51063}
2018-02-02 13:15:30 +00:00
Leszek Swirski
830e39abae [ignition] Fix wide suspends to also return
Wide suspends have a "wide" (or "extra-wide") bytecode at their offset,
rather than the suspend itself, so they were failing the return check.

Bug: chromium:805765
Change-Id: Iabfc2a2167d09eda2f6885d9100287aadcd8fee9
Reviewed-on: https://chromium-review.googlesource.com/887082
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50923}
2018-01-29 12:38:33 +00:00
Martyn Capewell
db1e370dec [arm64] Remove remaining instances of csp
Remove final csp instances, missed in the earlier patch due to being outside
the arm64 tree.

Bug: v8:6644
Change-Id: I2b5a2716568949740991c368b64c0a06105e4ff2
Reviewed-on: https://chromium-review.googlesource.com/874310
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50698}
2018-01-18 18:07:18 +00:00
Sathya Gunasekaran
fba4cdf16c Refactor bailout reasons
This patch breaks out bailout reasons into two enum classes.

This helps save 3 bits on the SharedFunctionInfo as we don't have to
track the abort reasons.

Change-Id: Ic2e7e7e32b0fa31491f1c6f0003a61390d68fd97
Reviewed-on: https://chromium-review.googlesource.com/848244
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50364}
2018-01-04 19:08:45 +00:00
Jaroslav Sevcik
f3b4841d28 Revert "[turbofan] Prune control flow based on failed map checks and comparisons."
This reverts commit 37b4b2f1e3.

Reason for revert: Likely breaking canary.

Original change's description:
> [turbofan] Prune control flow based on failed map checks and comparisons.
> 
> This introduces unreachable state into load elimination. We mark state
> as unreachable if we know statically that a map check would fail.
> When processing effect phis, we disconnect unreachable state's
> control from the effect phi's merge, and point it to RuntimeAbort.
> The control input to the merge is then updated with Dead. Dead
> code elimination prunes the merge, phis and effect phis.
> 
> Bug: v8:6396
> Change-Id: I01874b576e548747a915c7b645b96ebaa6f6700d
> Reviewed-on: https://chromium-review.googlesource.com/730754
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48810}

TBR=jarin@chromium.org,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6396, chromium:777843
Change-Id: I6fac6f86e138f33756e688ec30424cb940690dae
Reviewed-on: https://chromium-review.googlesource.com/737829
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48918}
2017-10-25 11:03:35 +00:00
Jaroslav Sevcik
37b4b2f1e3 [turbofan] Prune control flow based on failed map checks and comparisons.
This introduces unreachable state into load elimination. We mark state
as unreachable if we know statically that a map check would fail.
When processing effect phis, we disconnect unreachable state's
control from the effect phi's merge, and point it to RuntimeAbort.
The control input to the merge is then updated with Dead. Dead
code elimination prunes the merge, phis and effect phis.

Bug: v8:6396
Change-Id: I01874b576e548747a915c7b645b96ebaa6f6700d
Reviewed-on: https://chromium-review.googlesource.com/730754
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48810}
2017-10-22 06:48:37 +00:00
Jaroslav Sevcik
8f09a7511e Revert "[turbofan] Load elimination prunes control flow based on instance type."
This reverts commit 71bcc1d960.

Reason for revert: Regresses Octane/Box2D, among other things.

Original change's description:
> [turbofan] Load elimination prunes control flow based on instance type.
> 
> Changes:
> - introduce the notion of unreachable abstract states.
> 
> - reconnect unreachables states to runtime abort in effect phis (so that
>   the merged states are not polluted by unreachable branches while
>   preserving SSA).
> 
> - mark states with failed map checks, unreachable map guars as unreachable.
> 
> - add instance type to AbstractMaps, only invalidate instance type on
>   mismatched effect merges.
> 
> 
> This results in 2-3% improvement on ARES/ML steady state.
> 
> Bug: v8:6396
> Change-Id: I35b0d4482fa400ba7ee9a754f8ef1b2663ebc7dc
> Reviewed-on: https://chromium-review.googlesource.com/727761
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48742}

TBR=jarin@chromium.org,bmeurer@chromium.org

Change-Id: I6302b37dbf5ea781c64815ef1900681531ad7d71
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6396
Reviewed-on: https://chromium-review.googlesource.com/728440
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48763}
2017-10-19 20:52:50 +00:00
Jaroslav Sevcik
71bcc1d960 [turbofan] Load elimination prunes control flow based on instance type.
Changes:
- introduce the notion of unreachable abstract states.

- reconnect unreachables states to runtime abort in effect phis (so that
  the merged states are not polluted by unreachable branches while
  preserving SSA).

- mark states with failed map checks, unreachable map guars as unreachable.

- add instance type to AbstractMaps, only invalidate instance type on
  mismatched effect merges.


This results in 2-3% improvement on ARES/ML steady state.

Bug: v8:6396
Change-Id: I35b0d4482fa400ba7ee9a754f8ef1b2663ebc7dc
Reviewed-on: https://chromium-review.googlesource.com/727761
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48742}
2017-10-19 11:57:51 +00:00
Toon Verwaest
c95edbf27d [codegen] Delete unused StringCharLoadGenerator
Bug: v8:6921
Change-Id: I9e42d0a5e7ce7fdda1d00468a82d35b973200e2c
Reviewed-on: https://chromium-review.googlesource.com/718697
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48545}
2017-10-13 13:28:32 +00:00
Toon Verwaest
bde0733a8d [code-stubs] Remove StringHelper and related helpers
Bug: v8:6921
Change-Id: I651b54a061a1ea401bb345569b96763daef0abe4
Reviewed-on: https://chromium-review.googlesource.com/707238
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48520}
2017-10-13 08:42:48 +00:00
Toon Verwaest
de578fe3f8 [macro-assembler] Delete unused Jump/CheckBothSmi
Bug: 
Change-Id: I0c2dabebbfa709589c19b1c48ec8de4c7f7a3952
Reviewed-on: https://chromium-review.googlesource.com/707151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48410}
2017-10-09 23:29:45 +00:00
Toon Verwaest
20a47ce094 [macro-assembler] Delete unused AllocateJSValue and related functions
Bug: 
Change-Id: I315d0017179e2f0a9883647b91fd4f0a762eade0
Reviewed-on: https://chromium-review.googlesource.com/707054
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48381}
2017-10-09 13:32:21 +00:00
Ross McIlroy
1458e8b01a [fullcodegen] Delete FullCodegen.
Deletes the now unused Full-codegen compiler. Also removes some macro
assembler instructions which are no longer used.

Note: there is still additional cleanup work to do after this lands
(e.g., remove support for FCG frames support and FCG
debugger support, etc.), but this will be done in followup CLs to keep
this patch managable.

BUG=v8:6409

Change-Id: I8d828fe7a64d29f2c1252d5fda968a630a2e9ef2
Reviewed-on: https://chromium-review.googlesource.com/584773
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47307}
2017-08-11 11:50:05 +00:00
Leszek Swirski
33cac84c73 [objects] Remove unused bailout reasons
Some bailout reasons are never referenced. Removing these allows us to
decrease the size of bailout reason bit-fields to 7 bits.

Change-Id: Ib5e884d224c12313e06493ed05a18a22b3951665
Reviewed-on: https://chromium-review.googlesource.com/596128
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47077}
2017-08-02 11:28:18 +00:00
Ross McIlroy
9dc664bbdd [Compile] Remove CompilationInfo::ExpectsJSReceiverAsReceiver.
Removes CompilationInfo::ExpectsJSReceiverAsReceiver and the associated
debug code in full-codegen which uses it. This avoids the need to check
language_mode from CompilationInfo and will enable decoupling of
ParseInfo and CompilationInfo in a followup CL.

BUG=v8:5203

Change-Id: Ib88252408e59ef321d16d5a1dd4b2b6cea609729
Reviewed-on: https://chromium-review.googlesource.com/593954
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47018}
2017-07-31 18:08:34 +00:00
Leszek Swirski
1c02987d2d [compiler] Kill the deoptimized too many times bailout
With TurboFan, there should no longer be any deopt loops (aside from
bugs). So, the "too many deopts" bailout is no longer needed, at least
in its current form.

This fixes an issue where deopt counts are leaked between native
contexts, resulting in optimization being disabled unnecessarily.

Bug: v8:6402
Change-Id: Ia06374ae6b5c2d473bcdd8eef1284bf02766c2fb
Reviewed-on: https://chromium-review.googlesource.com/588894
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46961}
2017-07-28 10:08:29 +00:00
Leszek Swirski
24b7026d73 [compiler] Drive optimizations with feedback vector (reland)
For interpreted functions, use the optimized code slot in the feedback
vector to store an optimization marker (optimize/in optimization queue)
rather than changing the JSFunction's code object. Then, adapt the
self-healing mechanism to also dispatch based on this optimization
marker. Similarly, replace SFI marking with optimization marker checks
in CompileLazy.

This allows JSFunctions to share optimization information (replacing
shared function marking) without leaking this information across native
contexts. Non I+TF functions (asm.js or --no-turbo) use a
CheckOptimizationMarker shim which generalises the old
CompileOptimized/InOptimizationQueue builtins and also checks the same
optimization marker as CompileLazy and InterpreterEntryTrampoline.

This is a reland of https://chromium-review.googlesource.com/c/509716

Change-Id: I02b790544596562373da4c9c9f6afde5fb3bcffe
Reviewed-on: https://chromium-review.googlesource.com/535460
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45997}
2017-06-19 10:33:59 +00:00
Leszek Swirski
58978da698 Revert "[compiler] Drive optimizations with feedback vector"
This reverts commit e39c9e020f.

Reason for revert: Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/15561

Original change's description:
> [compiler] Drive optimizations with feedback vector
> 
> For interpreted functions, use the optimized code slot in the feedback vector
> to store an optimization marker (optimize/in optimization queue) rather than
> changing the JSFunction's code object. Then, adapt the self-healing mechanism
> to also dispatch based on this optimization marker. Similarly, replace SFI
> marking with optimization marker checks in CompileLazy.
> 
> This allows JSFunctions to share optimization information (replacing shared
> function marking) without leaking this information across native contexts. Non
> I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
> generalises the old CompileOptimized/InOptimizationQueue builtins and also
> checks the same optimization marker as CompileLazy and
> InterpreterEntryTrampoline.
> 
> Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
> Reviewed-on: https://chromium-review.googlesource.com/509716
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45901}

TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Change-Id: Ib6c2b4d90fc5f659a6dcaf3fd30321507ca9cb94
Reviewed-on: https://chromium-review.googlesource.com/532916
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45903}
2017-06-13 13:24:20 +00:00
Leszek Swirski
e39c9e020f [compiler] Drive optimizations with feedback vector
For interpreted functions, use the optimized code slot in the feedback vector
to store an optimization marker (optimize/in optimization queue) rather than
changing the JSFunction's code object. Then, adapt the self-healing mechanism
to also dispatch based on this optimization marker. Similarly, replace SFI
marking with optimization marker checks in CompileLazy.

This allows JSFunctions to share optimization information (replacing shared
function marking) without leaking this information across native contexts. Non
I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
generalises the old CompileOptimized/InOptimizationQueue builtins and also
checks the same optimization marker as CompileLazy and
InterpreterEntryTrampoline.

Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
Reviewed-on: https://chromium-review.googlesource.com/509716
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45901}
2017-06-13 12:27:40 +00:00
bmeurer
af76779aa3 [builtins] Start refactoring the Apply builtin.
This splits the monolithic Apply builtin into several smaller builtins,
namely CallVargargs and ConstructVarargs, which accept a length and a
FixedArray of elements and deal with the actual stack manipulation, and
CallWithArrayLike / ConstructWithArrayLike that deal with getting the
elements from the receiver (for Function.prototype.apply, Reflect.apply
and Reflect.construct), which can now be written using the CSA.

The idea is that these builtins can be reused by TurboFan directly in
the future when we optimize apply better, and that we can also reuse the
core logic in the handling of spread calls/constructs.

R=petermarshall@chromium.org
BUG=v8:4587,v8:5269

Review-Url: https://codereview.chromium.org/2930623002
Cr-Commit-Position: refs/heads/master@{#45794}
2017-06-08 18:31:59 +00:00
Adam Klein
ededfcd212 Skip hole initialization of lexical variables when possible
This patch expands scope analysis to skip hole initialization
when it can be determined statically that no hole checks will
be generated at runtime.

Two conditions must be met to safely eliminate hole initialization:
  - There must not exist a VariableProxy referencing this Variable
    whose HoleCheckMode is kRequired
  - The Variable must be stack allocated; any other allocation implies
    that it may be accessed from not-yet-analyzed scopes (other modules,
    inner functions, or eval code) and that code may require
    hole checks.

The new logic required removing debug code in full-codegen which is
now incorrect in some cases.

Also fixed Variable's bitfield helpers to take no more space than needed.

Bug: chromium:651637
Change-Id: Ie5ac326af4e05b7a5c3c37cd4d0afba6a51a504d
Reviewed-on: https://chromium-review.googlesource.com/494006
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45170}
2017-05-08 19:28:30 +00:00
jgruber
1a02b627b3 [regexp] Remove remainder of native RegExpExecStub
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Original-Commit-Position: refs/heads/master@{#44770}
Committed: 74f2497eae
Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Commit-Position: refs/heads/master@{#44775}
Committed: 9c0832eb1a
Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44779}
2017-04-21 14:03:34 +00:00
jgruber
b2aba7d768 Revert of [regexp] Remove remainder of native RegExpExecStub (patchset #10 id:180001 of https://codereview.chromium.org/2752143003/ )
Reason for revert:
More failures on ports:

https://build.chromium.org/p/client.v8.ports/builders/V8%20Android%20Arm64%20-%20builder/builds/9123/steps/compile/logs/stdio

https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/8966/steps/compile/logs/stdio

Original issue's description:
> [regexp] Remove remainder of native RegExpExecStub
>
> If we avoid throwing a stack overflow exception from Irregexp code during
> direct calls, there is no need to construct exit frames before the Irregexp
> call anymore. As that was the last remaining blocker, we can now implement the
> entire stub in CSA.
>
> BUG=v8:5339
>
> Review-Url: https://codereview.chromium.org/2752143003
> Cr-Original-Commit-Position: refs/heads/master@{#44770}
> Committed: 74f2497eae
> Review-Url: https://codereview.chromium.org/2752143003
> Cr-Commit-Position: refs/heads/master@{#44775}
> Committed: 9c0832eb1a

TBR=ishell@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5339

Review-Url: https://codereview.chromium.org/2832193002
Cr-Commit-Position: refs/heads/master@{#44776}
2017-04-21 13:16:37 +00:00
jgruber
9c0832eb1a [regexp] Remove remainder of native RegExpExecStub
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2752143003
Cr-Original-Commit-Position: refs/heads/master@{#44770}
Committed: 74f2497eae
Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44775}
2017-04-21 13:02:10 +00:00
machenbach
8c80595edf Revert of [regexp] Remove remainder of native RegExpExecStub (patchset #8 id:140001 of https://codereview.chromium.org/2752143003/ )
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Android%20Arm64%20-%20builder/builds/9118

Original issue's description:
> [regexp] Remove remainder of native RegExpExecStub
>
> If we avoid throwing a stack overflow exception from Irregexp code during
> direct calls, there is no need to construct exit frames before the Irregexp
> call anymore. As that was the last remaining blocker, we can now implement the
> entire stub in CSA.
>
> BUG=v8:5339
>
> Review-Url: https://codereview.chromium.org/2752143003
> Cr-Commit-Position: refs/heads/master@{#44770}
> Committed: 74f2497eae

TBR=ishell@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5339

Review-Url: https://codereview.chromium.org/2833083002
Cr-Commit-Position: refs/heads/master@{#44771}
2017-04-21 12:01:43 +00:00
jgruber
74f2497eae [regexp] Remove remainder of native RegExpExecStub
If we avoid throwing a stack overflow exception from Irregexp code during
direct calls, there is no need to construct exit frames before the Irregexp
call anymore. As that was the last remaining blocker, we can now implement the
entire stub in CSA.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2752143003
Cr-Commit-Position: refs/heads/master@{#44770}
2017-04-21 11:46:23 +00:00
gsathya
94283dcf44 [ESNext] Implement DynamicImportCall
This patch implements the runtime semantics of dynamic import.

We create a new ASTNode so that we can pass the JSFunction closure() to
the runtime function from which we get the script_url.

d8 implements the embedder logic required to load and evaluate the modules.

The API is mostly implemented as specified.

BUG=8:5785

Review-Url: https://codereview.chromium.org/2703563002
Cr-Commit-Position: refs/heads/master@{#44551}
2017-04-11 09:33:11 +00:00
neis
634537c66a [macro-assembler] Remove a bunch of unused functions.
BUG=

Review-Url: https://codereview.chromium.org/2762973004
Cr-Commit-Position: refs/heads/master@{#44031}
2017-03-22 15:46:44 +00:00
jgruber
5cc6189677 [regexp] Port RegExpExecStub to CSA (mostly)
This moves most of the logic contained in RegExpExecStub to CSA.  Benefits are
mostly easier readability and hackability, and removal of a large chunk of
platform-specific assembly.

Exit frame construction and the final call remain in RegExpExecStub.

BUG=v8:5339,v8:592

Review-Url: https://codereview.chromium.org/2738413002
Cr-Commit-Position: refs/heads/master@{#43844}
2017-03-16 07:54:53 +00:00
Ross McIlroy
3db32e064f [Interpreter / TurboFan] Add TestTypeof bytecode.
Adds a TestTypeof bytecode to deal with comparisons of the form:
  typeof(object) === 'string';

Also adds support to Turbofan to perform these comparisons without
inserting checkpoints.

BUG=v8:4280,v8:5267

Change-Id: Ib5cc1c6816dfe70a4120838d8eada2fc0267750f
Reviewed-on: https://chromium-review.googlesource.com/454837
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43832}
2017-03-15 14:05:51 +00:00
jkummerow
63b980f996 [stubs] Port LoadIndexedStringStub to CSA
BUG=v8:5269

Review-Url: https://codereview.chromium.org/2682153003
Cr-Commit-Position: refs/heads/master@{#43071}
2017-02-09 18:50:21 +00:00
yangguo
3f47c63ded [liveedit] reimplement frame restarting.
Previously, when restarting a frame, we would rewrite all frames
between the debugger activation and the frame to restart to squash
them, and replace the return address with that of a builtin to
leave that rewritten frame, and restart the function by calling it.

We now simply remember the frame to drop to, and upon returning
from the debugger, we check whether to drop the frame, load the
new FP, and restart the function.

R=jgruber@chromium.org, mstarzinger@chromium.org
BUG=v8:5587

Review-Url: https://codereview.chromium.org/2636913002
Cr-Commit-Position: refs/heads/master@{#42725}
2017-01-27 07:31:03 +00:00
petermarshall
96220730e6 [Ignition/turbo] Add a CallWithSpread bytecode.
Also, emit a NewWithSpread bytecode for CallNew AST nodes where possible, rather than desugaring in the parser.

BUG=v8:5511

Review-Url: https://codereview.chromium.org/2629363002
Cr-Original-Commit-Position: refs/heads/master@{#42455}
Committed: 4bae43471d
Review-Url: https://codereview.chromium.org/2629363002
Cr-Commit-Position: refs/heads/master@{#42590}
2017-01-23 09:03:35 +00:00
ofrobots
89b7a4d7d0 Revert I+TF for lexical variables
This reverts the following commits to fix a Node.js regression:
* 5529430dec "[compiler] Consistently use Ignition+TurboFan for lexical variables."
* 7869136716 "[compiler] Improve let+const decision in AstNumbering."

R=adamk@chromium.org, bmeurer@chromium.org, hablich@chromium.org
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/2647523002
Cr-Commit-Position: refs/heads/master@{#42484}
2017-01-19 00:39:25 +00:00
ofrobots
80234ee31f Revert remove dead hole check logic
This reverts commits
* 45c1188792 "[fullcodegen] Remove dead hole check logic"
* 2aaf217bd0 "[crankshaft] Remove dead Variable hole-checking code"
* f40a3817e1 "[crankshaft] Fix mips/mips64 build: remove unused variable"

BUG=
R=adamk@chromium.org,bmeurer@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2640793004
Cr-Commit-Position: refs/heads/master@{#42476}
2017-01-18 19:27:41 +00:00
petermarshall
75b861210f Revert of [Ignition/turbo] Add a CallWithSpread bytecode. (patchset #10 id:170001 of https://codereview.chromium.org/2629363002/ )
Reason for revert:
Causes a few bugs caught by clusterfuzz.

Original issue's description:
> [Ignition/turbo] Add a CallWithSpread bytecode.
>
> Also, emit a NewWithSpread bytecode for CallNew AST nodes where possible, rather than desugaring in the parser.
>
> BUG=v8:5511
>
> Review-Url: https://codereview.chromium.org/2629363002
> Cr-Commit-Position: refs/heads/master@{#42455}
> Committed: 4bae43471d

TBR=bmeurer@chromium.org,rmcilroy@chromium.org,verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5511

Review-Url: https://codereview.chromium.org/2642843002
Cr-Commit-Position: refs/heads/master@{#42470}
2017-01-18 17:06:17 +00:00
petermarshall
4bae43471d [Ignition/turbo] Add a CallWithSpread bytecode.
Also, emit a NewWithSpread bytecode for CallNew AST nodes where possible, rather than desugaring in the parser.

BUG=v8:5511

Review-Url: https://codereview.chromium.org/2629363002
Cr-Commit-Position: refs/heads/master@{#42455}
2017-01-18 12:58:58 +00:00
adamk
2aaf217bd0 [crankshaft] Remove dead Variable hole-checking code
This is a follow-up on 45c1188792, which
removed hole checks from full-codegen. Variables requiring hole checks
always go through Ignition.

R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2622783002
Cr-Commit-Position: refs/heads/master@{#42196}
2017-01-10 19:19:55 +00:00
ahaas
ca8d3ba718 [wasm] TrapIf and TrapUnless TurboFan operators implemented on arm.
Original commit message:
[wasm] Introduce the TrapIf and TrapUnless operators to generate trap code.

Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.

Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.

This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.

Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com

Review-Url: https://codereview.chromium.org/2584603002
Cr-Commit-Position: refs/heads/master@{#41774}
2016-12-16 17:16:44 +00:00
caitp
b5f146a02a [ignition] desugar GetIterator() via bytecode rather than via AST
Introduces:
- a new AST node representing the GetIterator() algorithm in the specification, to be used by ForOfStatement, YieldExpression (in the case of delegating yield*), and the future `for-await-of` loop proposed in http://tc39.github.io/proposal-async-iteration/#sec-async-iterator-value-unwrap-functions.
- a new opcode (JumpIfJSReceiver), which is useful for `if Type(object) is not Object` checks which are common throughout the specification. This node is easily eliminated by TurboFan.

The AST node is desugared specially in bytecode, rather than manually when building the AST. The benefit of this is that desugaring in the BytecodeGenerator is much simpler and easier to understand than desugaring the AST.

This also reduces parse time very slightly, and allows us to use LoadIC rather than KeyedLoadIC, which seems to have  better baseline performance. This results in a ~20% improvement in test/js-perf-test/Iterators micro-benchmarks, which I believe owes to the use of the slightly faster LoadIC as opposed to the KeyedLoadIC in the baseline case. Both produce identical optimized code via TurboFan when the type check can be eliminated, and the load can be replaced with a constant value.

BUG=v8:4280
R=bmeurer@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, neis@chromium.org, jarin@chromium.org
TBR=rossberg@chromium.org

Review-Url: https://codereview.chromium.org/2557593004
Cr-Commit-Position: refs/heads/master@{#41555}
2016-12-07 15:20:33 +00:00
bmeurer
5529430dec [compiler] Consistently use Ignition+TurboFan for lexical variables.
Crankshaft has this highly unpredictable performance cliff around the
"Unsupported phi use of const or let variable", which is due to the
fact that Crankshaft refuses to do hole checks (for a couple of
reasons). So ideally we should not even try to send any lexically bound
variables to fullcodegen+Crankshaft, but instead give them to Ignition
and TurboFan.

This CL only adds the appropriate check to the AstNumbering, but doesn't
remove the functionality from fullcodegen/Crankshaft yet. This would be
step two in case this CL sticks. If you see any major performance
regressions with this CL in the range, just revert it and ping me.

See Node.js issue https://github.com/nodejs/node/issues/9729 for
additional information.

BUG=v8:5666
R=hablich@chromium.org, mstarzinger@chromium.org, rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2525243002
Cr-Commit-Position: refs/heads/master@{#41445}
2016-12-02 07:53:59 +00:00
alph
9de556ecff [compiler] Bailout reason "Optimized too many times" -> "Deoptimized..."
Rename it to better represent the reason. Also makes the inspector sentence
"Not Optimized: Optimized too many times" look less confusing.

Review-Url: https://codereview.chromium.org/2530423003
Cr-Commit-Position: refs/heads/master@{#41369}
2016-11-29 17:18:44 +00:00
jkummerow
5ef05d8e2c [cleanup] Drop handwritten KeyedStoreIC code
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.

Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
2016-11-22 15:43:59 +00:00
mstarzinger
0925554111 [fullcodegen] Remove deprecated generator implementation.
This removes the deprecated generator support for resumable functions
from {FullCodeGenerator}. The existing {AstNumbering} heuristic already
triggers Ignition for most resumable functions, with this change we make
said heuristic a hard choice and remove the deprecated code. This also
has the advantage that any suspended {JSGeneratorObject} instance on the
heap is guaranteed to have code based on a bytecode array.

R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2504223002
Cr-Commit-Position: refs/heads/master@{#41135}
2016-11-21 12:25:38 +00:00