Skip to content

V
V8
Switch branch/tag
  1. 15 Oct, 2018 1 commit
  3. 10 Oct, 2018 1 commit
  5. 25 Sep, 2018 1 commit
  7. 07 Sep, 2018 1 commit
  9. 03 Sep, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Improve typing of ToNumeric and ToNumber. · b8981122
      Benedikt Meurer authored 
      The previous typing rules for ToNumeric and ToNumber didn't match on the
NonBigIntPrimitive input set, which causes trouble when we morph ToNumeric
nodes into ToNumber nodes, and generally lead to worse typings in the
graph, and thus worse code generation. This change improves the existing
typing rules and turns ToNumber into a chokepoint again.

Bug: chromium:879898, v8:8015
Change-Id: I4a7ff0e9c420c5dcfdb2b96884e019a5943828a4
Reviewed-on: https://chromium-review.googlesource.com/1201522Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55595}
      b8981122
  11. 23 Jul, 2018 2 commits
  13. 19 Jul, 2018 1 commit
    • Sigurd Schneider's avatar
      Revert "[turbofan] Inline Number constructor in certain cases" · c7a9af61
      Sigurd Schneider authored 
      This reverts commit 9eca23e9.

Reason for revert: Clusterfuzz correctness issue

Original change's description:
> [turbofan] Inline Number constructor in certain cases
> 
> This CL adds inlining for the Number constructor if new.target is not
> present. The lowering is BigInt compatible, i.e. it converts BigInts to
> numbers.
> 
> Bug: v8:7904
> Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
> Reviewed-on: https://chromium-review.googlesource.com/1118557
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54454}

TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7904
Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86
Reviewed-on: https://chromium-review.googlesource.com/1142777Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54544}
      c7a9af61
  15. 16 Jul, 2018 1 commit
  17. 07 Jun, 2018 1 commit
  19. 08 May, 2018 1 commit
    • Jaroslav Sevcik's avatar
      [turbofan] Optimize array destructuring · 3fe7d698
      Jaroslav Sevcik authored 
      This CL introduces type narrowing and constant folding reducers
to constant fold code that comes out of inlined destructuring
of arrays. In particular, array iterator introduces code that
contains a phi of a temporary array that blocks escape analysis.
The phi comes from conditional that can be evaluated statically
(i.e., constant folded), so with better constant folding we
allow escape analysis to get rid of the temporary array.

On a quick micro-benchmark below, we see more than 6x improvement.
This is close to the hand-optimized version - if we replace
body of f with 'return b + a', we get 220ms (versus 218ms with
destructuring).

function f(a, b) {
  [b, a] = [a, b];
  return a + b;
}

function sum(count) {
  let s = 0;
  for (let i = 0; i < count; i++) {
    s += f(1, 2);
  }
  return s;
}

// Warm up
sum(1e5); sum(1e5);
console.time("destructure array");
sum(1e8);
console.timeEnd("destructure array");

console.timeEnd: destructure array, 213.526000

console.timeEnd: destructure array, 1503.537000

Bug: v8:7728
Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5
Reviewed-on: https://chromium-review.googlesource.com/1047672Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53048}
      3fe7d698
  21. 28 Apr, 2018 1 commit
  23. 17 Jan, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Introduce NumberToString operator. · 02dbef14
      Benedikt Meurer authored 
      This adds a new simplified operator NumberToString, which just lowers to
a call to the NumberToString builtin, and hooks that up to the typed
lowering (addressing a long-standing TODO).

Drive-by-fix: Also remove the %NumberToString runtime entry, and just
always use the %NumberToStringSkipCache entry from CSA, since we only
go there if the cache lookup already failed.

Bug: v8:5267, v8:7109
Change-Id: I5ca698c98679653813088a404f1fd38903a73c0e
Reviewed-on: https://chromium-review.googlesource.com/779099
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50636}
      02dbef14
  25. 21 Nov, 2017 1 commit
  27. 02 Nov, 2017 1 commit
  29. 27 Oct, 2017 2 commits
    • Benedikt Meurer's avatar
      [turbofan] Introduce SameValue operator. · c78a98bb
      Benedikt Meurer authored 
      We now represent the SameValue operation explicitly in TurboFan and the
operation can thus participate in all kinds of optimizations. Especially
we get rid of the JSCall node in the general case, which blocks several
optimizations across the call. The general, baseline performance is now
always on par with StrictEqual.

Once the StrictEqual operator is also a simplified operator, we should
start unifying the type based optimizations in SimplifiedLowering.

In the micro-benchmark we go from

  testStrictEqual: 1422 ms.
  testObjectIs: 1520 ms.
  testManualSameValue: 1759 ms.

to

  testStrictEqual: 1426 ms.
  testObjectIs: 1357 ms.
  testManualSameValue: 1766 ms.

which gives the expected result.

Bug: v8:7007
Change-Id: I0de3ff6ff6209ab4c3edb69de6a16e387295a9c8
Reviewed-on: https://chromium-review.googlesource.com/741228Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48994}
      c78a98bb
    • Jaroslav Sevcik's avatar
      [turbofan] Make ConvertReceiver a simplified operator. · 70b1f15e
      Jaroslav Sevcik authored 
      This enables proper wiring into ithe control flow chain.

Bug: v8:7002,chromium:777574
Change-Id: Idba59944ff6ab3c10c204bb74ace61d812e6297c
Reviewed-on: https://chromium-review.googlesource.com/738183Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48990}
      70b1f15e
  31. 29 Aug, 2017 1 commit
  33. 12 Apr, 2017 1 commit
    • bmeurer's avatar
      [turbofan] Properly represent the float64 hole. · 8c0c5e81
      bmeurer authored 
      The hole NaN should also have proper Type::Hole, and not silently hide
in the Type::Number. This way we can remove all the special casing for
the hole NaN, and we also finally get the CheckNumber right.

This also allows us to remove some ducktape from the Deoptimizer, as for
escape analyzed FixedDoubleArrays we always pass the hole value now to
represent the actual holes.

Also-By: jarin@chromium.org
BUG=chromium:684208,chromium:709753,v8:5267
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2814013003
Cr-Commit-Position: refs/heads/master@{#44603}
      8c0c5e81
  35. 07 Apr, 2017 1 commit
    • bmeurer's avatar
      [turbofan] Introduce a SpeculativeToNumber operator. · e6ca0146
      bmeurer authored 
      Add a dedicated operator for ToNumber(x) with feedback instead of
translating to SpeculativeNumberMultiply(x,1), which allows us to
treat the case where x is already a Number specially, ignoring the
feedback on the operator. This recovers most of the regression in
the crypto benchmark.

BUG=chromium:709398,v8:6214,v8:5267
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2802113003
Cr-Commit-Position: refs/heads/master@{#44484}
      e6ca0146
  37. 17 Mar, 2017 1 commit
  39. 05 Sep, 2016 1 commit
  41. 29 Aug, 2016 1 commit
    • bmeurer's avatar
      [turbofan] Remove the unused asm.js types from TypeCache. · f5a37d13
      bmeurer authored 
      For asm.js we now have a dedicated AsmTyper, that uses it's own type
system (which is tailored towards asm.js), and so we don't need the
special asm.js types anymore in the TypeCache. This also moves the
TypeCache into the src/compiler directory, because it doesn't make
sense to use outside anyways.

TBR=ahaas@chromium.org
R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2289573002
Cr-Commit-Position: refs/heads/master@{#38964}
      f5a37d13
  43. 08 Aug, 2016 2 commits
  45. 05 Aug, 2016 1 commit
  47. 03 Aug, 2016 2 commits
    • bmeurer's avatar
      [turbofan] Unify number operation typing rules. · 66e96fc9
      bmeurer authored 
      Move all the typing rules for unary and binary number operations to the
OperationTyper and use them for both the regular Typer as well as the
retyper that runs as part of SimplifiedLowering.

R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2202883005
Cr-Commit-Position: refs/heads/master@{#38283}
      66e96fc9
    • bmeurer's avatar
      [turbofan] Improve typing rule for modulus. · 17a7f583
      bmeurer authored 
      Infer a more precise type even in case where NaN and/or -0 is a possible
outcome of the operation, and use this more precise type to improve code
generation for the modulus itself by trying harder to stick to Word32
operations instead of going to Float64, and also optimize the pattern
where we compare the output of x % y to some non-zero integer constant
K, in which case we can truncate the output of x % y to Word32 if the
type of x % y is Signed32/Unsigned32 \/ NaN \/ MinusZero, as NaN and
MinusZero will both be truncated to zero, which cannot match the non
zero constant K.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2202413002
Cr-Commit-Position: refs/heads/master@{#38267}
      17a7f583
  49. 12 Jul, 2016 1 commit
    • bmeurer's avatar
      [turbofan] Allow non-speculative operators to consume feedback types. · b93cde37
      bmeurer authored 
      Turn the retyping pass of SimplifiedLowering into a proper phase, and
make it possible to propagate feedback types through non-speculative
operators. This defers the output representation selection to the
retyping phase, and checks that we don't mess up.

As a first user, we consume input type feedback for NumberAbs as well.
Long-term we can add all other operators to the mix.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2139203002
Cr-Commit-Position: refs/heads/master@{#37672}
      b93cde37
  51. 21 Jun, 2016 1 commit
  53. 19 Jun, 2016 1 commit
  55. 02 Jun, 2016 1 commit
    • jarin's avatar
      [turbofan] Initial version of number type feedback. · 216bcf9f
      jarin authored 
      This introduces optimized number operations based on type feedback.

Summary of changes:

1. Typed lowering produces SpeculativeNumberAdd/Subtract for JSAdd/Subtract if
   there is suitable feedback. The speculative nodes are connected to both the
   effect chain and the control chain and they retain the eager frame state.

2. Simplified lowering now executes in three phases:
  a. Propagation phase computes truncations by traversing the graph from uses to
     definitions until checkpoint is reached. It also records type-check decisions
     for later typing phase, and computes representation.
  b. The typing phase computes more precise types base on the speculative types (and recomputes
     representation for affected nodes).
  c. The lowering phase performs lowering and inserts representation changes and/or checks.

3. Effect-control linearization lowers the checks to machine graphs.

Notes:

- SimplifiedLowering will be refactored to have handling of each operation one place and
  with clearer input/output protocol for each sub-phase. I would prefer to do this once
  we have more operations implemented, and the pattern is clearer.

- The check operations (Checked<A>To<B>) should have some flags that would affect
  the kind of truncations that they can handle. E.g., if we know that a node produces
  a number, we can omit the oddball check in the CheckedTaggedToFloat64 lowering.

- In future, we want the typer to reuse the logic from OperationTyper.

BUG=v8:4583
LOG=n

Review-Url: https://codereview.chromium.org/1921563002
Cr-Commit-Position: refs/heads/master@{#36674}
      216bcf9f