Add intrinsics for IsSmi, IsTypedArray, IsRegExp and IsJSProxy,
all of which are intrinsics in Full-Codegen.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2034493002
Cr-Commit-Position: refs/heads/master@{#36707}
These speculative binary operators are simplified operators and should
not need a frame state themselves. These eager bailout points can by now
be found via checkpoints in the graph, whereas frame states attached to
nodes directly should always represent lazy bailout points.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2037673002
Cr-Commit-Position: refs/heads/master@{#36705}
Introduce a dedicated Float64Log machine operator, that is either
implemented by a direct C call or by platform specific code, i.e.
using the FPU on x64 and ia32.
This operator is used to implement Math.log as a proper TurboFan
builtin on top of the CodeStubAssembler.
Also introduce a NumberLog simplified operator on top of Float64Log
and use that for the fast inline path of Math.log inside TurboFan
optimized code.
BUG=v8:5065
Review-Url: https://codereview.chromium.org/2029413005
Cr-Commit-Position: refs/heads/master@{#36703}
port 471893ccec (r36649)
original commit message:
GenerateSmiToDouble on ia32 assumes that it is called from a JSFrame and can restore
the context from the StandardFrameConstants::kContextObject. In the case of the
interpreter it is called from a interpreter handler stub frame which doesn't
push the context onto it's frame. Instead, push and pop esi to explicitly restore it
correctly.
BUG=
Review-Url: https://codereview.chromium.org/2036083003
Cr-Commit-Position: refs/heads/master@{#36702}
port 63ea3a5009 (r36599)
original commit message:
Previously, we used the lowest bit for something else.
BUG=
Review-Url: https://codereview.chromium.org/2032063003
Cr-Commit-Position: refs/heads/master@{#36701}
port 56d90782a5 (r36597)
original commit message:
In Crankshaft, we would install special ICs that didn't need a vector and slot
in the MEGAMORPHIC case. This optimization limits our hand against future
improvements.
BUG=
Review-Url: https://codereview.chromium.org/2030303002
Cr-Commit-Position: refs/heads/master@{#36700}
This removes the frame state input representing the before-state from
nodes performing property accesses. These frame states can by now be
found via checkpoints in the graph.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2034673002
Cr-Commit-Position: refs/heads/master@{#36699}
A value in unittests/Bytecodes.DecodeBytecodeAndOperands was 16 bit
instead of 8 bit. This was causing test to fail on big endian machines.
BUG=
Review-Url: https://codereview.chromium.org/2030063002
Cr-Commit-Position: refs/heads/master@{#36698}
x87 FPU converts the SNaN to QNaN automatically when loading SNaN from memmory. This function caused v8 x87 port can't distinguish the
Hole NaN (V8 used SNaN for it) from Javascript visible NaNs (V8 used QNaN for it).
Many test cases failed in this function for v8 x87 port. It's a big effort to refactor all code of x87 FPU loads value from memmory to
fix this issue.
So here's a temporary workaround for it, what's this CL does are:
1. Removed all previous x87 workaround of this issue.
2. Used SNaN of MIPS which is a not used QNaN in v8 x87 port as the Hole NaN for v8 x87 port.
3. This CL is only local to x87 port.
BUG=
Review-Url: https://codereview.chromium.org/2033133004
Cr-Commit-Position: refs/heads/master@{#36697}
VC++ complains about truncation of integer constants despite use of
static_cast. This isn't very helpful as it gives no way of suppressing
the warning in code, so this change suppresses it on the command line.
Additionally, the linker complains about importing of locally defined
functions in component builds. Until this is fixed the warnings should
be suppressed.
NOTRY=true
Review-Url: https://codereview.chromium.org/2028353004
Cr-Commit-Position: refs/heads/master@{#36695}
that do not support unaligned access.
This test fails because WasmGraphBuilder::BuildCFuncInstruction allocates
space for doubles using StackSlot turbofan operator, but this space is not
guaranteed to be 8 bytes aligned if SP itself is not 8 bytes aligned (which
is the case on 32-bit architectures).
BUG=mjsunit/wasm/embenchen/lua_binarytrees
Review-Url: https://codereview.chromium.org/2034523003
Cr-Commit-Position: refs/heads/master@{#36693}
Rolling v8/build to de44ba22d7b4cd7c4285be52a4491f19a9f6c864
Rolling v8/tools/clang to 749adbcdf8277f1b305ee55f921d9246d4aedd45
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2037593003
Cr-Commit-Position: refs/heads/master@{#36692}
Previously, CodeAssembler Variables declared in an explicit C++ scope would
continue to be merged into future labels beyond that scope, causing
asserts. This CL ensures that Variables are properly ignored when they go out of
scope.
Review-Url: https://codereview.chromium.org/2035683002
Cr-Commit-Position: refs/heads/master@{#36690}
Previously, turbofan selected the gap use from first predecessor block when
hinting a phi, unless that block was deferred, in which case the gap move from
the first non-deferred predecessor block was chosen.
This strategy didn't guarantee that an important invariant was maintained: the
predecessor blocks chosen for hinting phis must preceed the phi's block in the
rpo ordering. In most cases the strategy worked, since graphs generated by the
AstGraphBuilder and existing stubs just happened to always generate schedules
where this rpo ordering property for the first predecessor block, but it is
quite possible to generate a code stub by hand that doesn't have this property
(see included test case).
After this CL, the allocator chooses either the the first non-deferred
"rpo-preceeding" block to be the hinting block, or the first deferred
"rpo-preceeding" block if that doesn't exist. In all previously-existing code,
this behavior is the same as the original algorithm, but has the benefit of not
failing in the register allocator in hand-crafted stubs where all the
"rpo-preceeding" predecessors are all in deferred code.
Review-Url: https://codereview.chromium.org/2030463003
Cr-Commit-Position: refs/heads/master@{#36689}
The PromiseSet operation is called with two types of promises
1) A newly created promise object with no properties
2) Promise object with callbacks and other properties
PromiseSet is called with the first type of promise (with no
properties) from multiple call sites. PromiseSet is called with the
second type of promise object only from FulfillPromise. Furthermore,
this call only sets the value and status of the promise, the rest of
the values are reset to UNDEFINED (which isn't necessary).
This patch inlines the calls to set the value and status of the
promise in FulfillPromise, instead of calling out to PromiseSet.
This patch also reduces the number of symbol lookups, as we only set
the value and status of the promise, and don't change the callback or
deferred symbols.
This patch results in a performance improvement of 2.8% over 5 runs in
the bluebird benchmark.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2025073002
Cr-Commit-Position: refs/heads/master@{#36688}
... since CodeStubAssembler does not belong to v8::internal::compiler namespace anymore.
Review-Url: https://codereview.chromium.org/2035533003
Cr-Commit-Position: refs/heads/master@{#36683}
Some system header files on AIX include inttypes.h without
defining __STDC_FORMAT_MACROS and therefore the printf format
specifier macro (for eg. PRId64) doesn't get defined as they
are guarded with __STDC_FORMAT_MACROS macro on AIX.
This error showed up recently when the format specifier was used in
wasm-interpreter.cc, where a AIX system header file is included
which also includes inttypes.h without defining __STDC_FORMAT_MACROS.
R=ahaas@chromium.org, titzer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2033483002
Cr-Commit-Position: refs/heads/master@{#36682}
Most maps have a small code cache (often only one entry), so this patch
optimizes memory consumption of such cases by using plain FixedArrays,
only switching to CodeCacheHashTables when the number of cached entries
gets so large that linear-scan lookups get too slow.
On loading inbox.google.com, this gets the aggregate size of all maps'
code caches (there are about 13,600 of them) from 4300 KB to 970 KB.
Review-Url: https://codereview.chromium.org/2021373002
Cr-Commit-Position: refs/heads/master@{#36681}
This removes the frame state input representing the before-state from
nodes having the {JSCallRuntime} operator. These frame states can by now
be found via checkpoints in the graph. It also makes the predicate for
runtime function ids (i.e. {Linkage::NeedsFrameStateInput}) binary.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2018353004
Cr-Commit-Position: refs/heads/master@{#36679}
Object statistics were collected during the mark compact phase. If
an incremental marking happened before mark compact phase then most
of the objects are already visited and hence this phase does not collect
accurate statistics. This cl updates incremental marking pass to collect
object statistics along with mark compact phase.
BUG=
Review-Url: https://codereview.chromium.org/1943423002
Cr-Commit-Position: refs/heads/master@{#36678}
This CL introduces a DECLARE_DEFAULT_DESCRIPTOR macro that helps defining a CallInterfaceDescriptor in a cases where it is not important which registers to use for passing arguments. One can use such descriptors for new TurboFan stubs.
HasPropertyDescriptor now uses the new machinery.
Review-Url: https://codereview.chromium.org/2002143002
Cr-Commit-Position: refs/heads/master@{#36675}
This introduces optimized number operations based on type feedback.
Summary of changes:
1. Typed lowering produces SpeculativeNumberAdd/Subtract for JSAdd/Subtract if
there is suitable feedback. The speculative nodes are connected to both the
effect chain and the control chain and they retain the eager frame state.
2. Simplified lowering now executes in three phases:
a. Propagation phase computes truncations by traversing the graph from uses to
definitions until checkpoint is reached. It also records type-check decisions
for later typing phase, and computes representation.
b. The typing phase computes more precise types base on the speculative types (and recomputes
representation for affected nodes).
c. The lowering phase performs lowering and inserts representation changes and/or checks.
3. Effect-control linearization lowers the checks to machine graphs.
Notes:
- SimplifiedLowering will be refactored to have handling of each operation one place and
with clearer input/output protocol for each sub-phase. I would prefer to do this once
we have more operations implemented, and the pattern is clearer.
- The check operations (Checked<A>To<B>) should have some flags that would affect
the kind of truncations that they can handle. E.g., if we know that a node produces
a number, we can omit the oddball check in the CheckedTaggedToFloat64 lowering.
- In future, we want the typer to reuse the logic from OperationTyper.
BUG=v8:4583
LOG=n
Review-Url: https://codereview.chromium.org/1921563002
Cr-Commit-Position: refs/heads/master@{#36674}
It's not safe to look at the types after SimplifiedLowering runs,
as the types are unreliable by that time. So better make sure we
nuke the types first.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2032613006
Cr-Commit-Position: refs/heads/master@{#36671}
This removes the frame state input representing the before-state from
nodes having the {JSCallFunction} or {JSCallConstruct} operator. These
frame states can by now be found via checkpoints in the graph.
R=bmeurer@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2025573003
Cr-Commit-Position: refs/heads/master@{#36669}
We use StringFromCharCode to optimize calls to String.fromCharCode with
a single Number argument for now. We will use it to also implement the
charAt method on the String prototype.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2037453003
Cr-Commit-Position: refs/heads/master@{#36668}
This sets the default for the feature, as chromium expects
it: It is turned on for all platforms except ios.
Chromium's build_override can be removed after this.
This will also allow to override the value as a gn arg.
BUG=chromium:474921,chromium:616034
NOTRY=true
Review-Url: https://codereview.chromium.org/2025803003
Cr-Commit-Position: refs/heads/master@{#36666}
Reason for revert:
Also failing with the new implementation:
https://build.chromium.org/p/chromium.gpu/builders/Linux%20Debug%20%28NVIDIA%29/builds/62646
Will do a local repro now.
Original issue's description:
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> TEST=cctest/test-array-buffer-tracker/*
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/279e274eccf95fbb4bd41d908b9153acf6ec118a
> Cr-Commit-Position: refs/heads/master@{#36653}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2032973002
Cr-Commit-Position: refs/heads/master@{#36663}
Eliminating dead code in the bytecode array builder doesn't play nice
with the register elimination optimizer. We should move it to it's own
stage in the optimization pipeline, however doing so would require
refactoring of how we deal with jumps, so for now just remove the dead
code elimination optimization.
BUG=chromium:616064
Review-Url: https://codereview.chromium.org/2030583002
Cr-Commit-Position: refs/heads/master@{#36660}
Reason for revert:
There are crashes on Win32 and Win64 bots.
Original issue's description:
> Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
>
> This CL also replaces some Branch() usages with GotoIf/GotoUnless.
>
> BUG=v8:2743
> LOG=Y
>
> Committed: https://crrev.com/24066b6df4259b302edfa1db884c479008776a7e
> Cr-Commit-Position: refs/heads/master@{#36657}
TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2743
Review-Url: https://codereview.chromium.org/2028333002
Cr-Commit-Position: refs/heads/master@{#36659}
