1. 29 Apr, 2020 1 commit
    • Tobias Tebbi's avatar
      Reland "Reland "[turbofan][csa] optimize Smi untagging better"" · 9e9cd5df
      Tobias Tebbi authored
      This is a reland of 43b885a8
      This fixes another signed overflow in the unit test.
      
      Original change's description:
      > Reland "[turbofan][csa] optimize Smi untagging better"
      >
      > This is a reland of ff22ae80
      >
      > Original change's description:
      > > [turbofan][csa] optimize Smi untagging better
      > >
      > > - Introduce new operator variants for signed right-shifts with the
      > >   additional information that they always shift out zeros.
      > > - Use these new operators for Smi untagging.
      > > - Merge left-shifts with a preceding Smi-untagging shift.
      > > - Optimize comparisons of Smi-untagging shifts to operate on the
      > >   unshifted word.
      > > - Optimize 64bit comparisons of values expanded from 32bit to use
      > >   a 32bit comparison instead.
      > > - Change CodeStubAssembler::UntagSmi to first sign-extend and then
      > >   right-shift to enable better address computations for Smi indices.
      > >
      > > Bug: v8:9962
      > > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
      > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > > Reviewed-by: Georg Neis <neis@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#67378}
      >
      > Bug: v8:9962
      > Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Commit-Queue: Georg Neis <neis@chromium.org>
      > Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67430}
      
      Bug: v8:9962
      TBR: neis@chromium.org
      Change-Id: I79883db546bf37873b3727b8023ef688507091d9
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169103
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67464}
      9e9cd5df
  2. 28 Apr, 2020 2 commits
    • Clemens Backes's avatar
      Revert "Reland "[turbofan][csa] optimize Smi untagging better"" · bef5b85d
      Clemens Backes authored
      This reverts commit 43b885a8.
      
      Reason for revert: Still fails on UBSan: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10873
      
      Original change's description:
      > Reland "[turbofan][csa] optimize Smi untagging better"
      > 
      > This is a reland of ff22ae80
      > 
      > Original change's description:
      > > [turbofan][csa] optimize Smi untagging better
      > > 
      > > - Introduce new operator variants for signed right-shifts with the
      > >   additional information that they always shift out zeros.
      > > - Use these new operators for Smi untagging.
      > > - Merge left-shifts with a preceding Smi-untagging shift.
      > > - Optimize comparisons of Smi-untagging shifts to operate on the
      > >   unshifted word.
      > > - Optimize 64bit comparisons of values expanded from 32bit to use
      > >   a 32bit comparison instead.
      > > - Change CodeStubAssembler::UntagSmi to first sign-extend and then
      > >   right-shift to enable better address computations for Smi indices.
      > > 
      > > Bug: v8:9962
      > > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
      > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > > Reviewed-by: Georg Neis <neis@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#67378}
      > 
      > Bug: v8:9962
      > Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Commit-Queue: Georg Neis <neis@chromium.org>
      > Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67430}
      
      TBR=neis@chromium.org,tebbi@chromium.org
      
      Change-Id: I49e19811ebcecb846f61291bc0c4a0d8b0bc4cff
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9962
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168876Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67431}
      bef5b85d
    • Tobias Tebbi's avatar
      Reland "[turbofan][csa] optimize Smi untagging better" · 43b885a8
      Tobias Tebbi authored
      This is a reland of ff22ae80
      
      Original change's description:
      > [turbofan][csa] optimize Smi untagging better
      > 
      > - Introduce new operator variants for signed right-shifts with the
      >   additional information that they always shift out zeros.
      > - Use these new operators for Smi untagging.
      > - Merge left-shifts with a preceding Smi-untagging shift.
      > - Optimize comparisons of Smi-untagging shifts to operate on the
      >   unshifted word.
      > - Optimize 64bit comparisons of values expanded from 32bit to use
      >   a 32bit comparison instead.
      > - Change CodeStubAssembler::UntagSmi to first sign-extend and then
      >   right-shift to enable better address computations for Smi indices.
      > 
      > Bug: v8:9962
      > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67378}
      
      Bug: v8:9962
      Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Commit-Queue: Georg Neis <neis@chromium.org>
      Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67430}
      43b885a8
  3. 24 Apr, 2020 2 commits
    • Bill Budge's avatar
      Revert "[turbofan][csa] optimize Smi untagging better" · cdea7999
      Bill Budge authored
      This reverts commit ff22ae80.
      
      Reason for revert: new test fails on UBSAN
      https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10831
      
      Original change's description:
      > [turbofan][csa] optimize Smi untagging better
      > 
      > - Introduce new operator variants for signed right-shifts with the
      >   additional information that they always shift out zeros.
      > - Use these new operators for Smi untagging.
      > - Merge left-shifts with a preceding Smi-untagging shift.
      > - Optimize comparisons of Smi-untagging shifts to operate on the
      >   unshifted word.
      > - Optimize 64bit comparisons of values expanded from 32bit to use
      >   a 32bit comparison instead.
      > - Change CodeStubAssembler::UntagSmi to first sign-extend and then
      >   right-shift to enable better address computations for Smi indices.
      > 
      > Bug: v8:9962
      > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67378}
      
      TBR=neis@chromium.org,tebbi@chromium.org
      
      Change-Id: I2617d7a44e5ae33fd79322d37c8b722c00162d22
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9962
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165873Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Commit-Queue: Bill Budge <bbudge@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67380}
      cdea7999
    • Tobias Tebbi's avatar
      [turbofan][csa] optimize Smi untagging better · ff22ae80
      Tobias Tebbi authored
      - Introduce new operator variants for signed right-shifts with the
        additional information that they always shift out zeros.
      - Use these new operators for Smi untagging.
      - Merge left-shifts with a preceding Smi-untagging shift.
      - Optimize comparisons of Smi-untagging shifts to operate on the
        unshifted word.
      - Optimize 64bit comparisons of values expanded from 32bit to use
        a 32bit comparison instead.
      - Change CodeStubAssembler::UntagSmi to first sign-extend and then
        right-shift to enable better address computations for Smi indices.
      
      Bug: v8:9962
      Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67378}
      ff22ae80
  4. 03 Apr, 2020 1 commit
    • Ross McIlroy's avatar
      [TurboProp] Remove unreachable successor basic blocks from schedule. · 4a2ef63c
      Ross McIlroy authored
      Effect-control-linearizer will update a basic block to connect it
      directly to the end node if it has an Unreachable node. Usually the
      block would already have been connected directly to end (via a Throw
      node) already, however in some cases it can be connected indirectly
      (via a branch, where both end in a throw node).
      
      If this happens, and the Effect-control-linearizer is maintaining the
      schedule (e.g., for TurboProp), it will cause the end block to have
      unreachable predecessor blocks, which can cause issues with the
      register allocator.
      
      To fix this, have the BasicBlockUpdater remove all successor blocks
      from the schedule, when they become Unreachable. Also add some tests
      to cover this in effect-control-linearizer-unittests.
      
      BUG=v8:10332,v8:9684
      
      Change-Id: Ibce140e6d1f61751a86247e6f8c36075723a1e55
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120537
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66994}
      4a2ef63c
  5. 11 Nov, 2019 1 commit
  6. 19 Aug, 2019 2 commits
    • Santiago Aboy Solanes's avatar
      Reland "[CSA][cleanup] TNodify some methods related to prototype and property lookup" · 007cbd2c
      Santiago Aboy Solanes authored
      This is a reland of 82111e22
      
      Relanding since we now have more shards:
      https://chromium-review.googlesource.com/c/v8/v8/+/1760810
      
      Original change's description:
      > [CSA][cleanup] TNodify some methods related to prototype and property lookup
      >
      > This is a CL in a string of CLs that aims to TNodify CSA. In particular,
      > there were some loads that were done in AnyTagged instead of
      > TaggedPointer. TNode-ifying them brings improvement in pointer
      > compression since we are able to decompress using the Pointer
      > decompression.
      >
      > TNodified:
      >  * LoadJSFunctionPrototype
      >  * TryPrototypeChainLookup
      >  * OrdinaryHasInstance
      >
      > Also TNodified loads regarding:
      >  * FeedbackCell::kValueOffset
      >  * HeapObject::kMapOffset
      >  * JSFunction::kSharedFunctionInfoOffset
      >  * JSFunction::kFeedbackCellOffset
      >  * Map::kInstanceTypeOffset
      >  * Map::kInstanceDescriptorsOffset
      >  * Map::kPrototypeOffset
      >
      > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused.
      >
      > Bug: v8:6949, v8:9396
      > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844
      > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63216}
      
      Bug: v8:6949, v8:9396
      Change-Id: I040aefcf8af60611f7b3c24f3bd5c661e03b6ada
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760811Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63249}
      007cbd2c
    • Maya Lekova's avatar
      Revert "[CSA][cleanup] TNodify some methods related to prototype and property lookup" · 3a7a4a2f
      Maya Lekova authored
      This reverts commit 82111e22.
      
      Reason for revert: Speculative revert, could be causing timeouts - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/17567
      
      Original change's description:
      > [CSA][cleanup] TNodify some methods related to prototype and property lookup
      > 
      > This is a CL in a string of CLs that aims to TNodify CSA. In particular,
      > there were some loads that were done in AnyTagged instead of
      > TaggedPointer. TNode-ifying them brings improvement in pointer
      > compression since we are able to decompress using the Pointer
      > decompression.
      > 
      > TNodified:
      >  * LoadJSFunctionPrototype
      >  * TryPrototypeChainLookup
      >  * OrdinaryHasInstance
      > 
      > Also TNodified loads regarding:
      >  * FeedbackCell::kValueOffset
      >  * HeapObject::kMapOffset
      >  * JSFunction::kSharedFunctionInfoOffset
      >  * JSFunction::kFeedbackCellOffset
      >  * Map::kInstanceTypeOffset
      >  * Map::kInstanceDescriptorsOffset
      >  * Map::kPrototypeOffset
      > 
      > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused.
      > 
      > Bug: v8:6949, v8:9396
      > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844
      > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63216}
      
      TBR=rmcilroy@chromium.org,solanes@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:6949, v8:9396
      Change-Id: Ib6ae8fe86a598ed1066894595565e1162cf7dd1f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758310Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
      Commit-Queue: Maya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63233}
      3a7a4a2f
  7. 15 Aug, 2019 1 commit
    • Santiago Aboy Solanes's avatar
      [CSA][cleanup] TNodify some methods related to prototype and property lookup · 82111e22
      Santiago Aboy Solanes authored
      This is a CL in a string of CLs that aims to TNodify CSA. In particular,
      there were some loads that were done in AnyTagged instead of
      TaggedPointer. TNode-ifying them brings improvement in pointer
      compression since we are able to decompress using the Pointer
      decompression.
      
      TNodified:
       * LoadJSFunctionPrototype
       * TryPrototypeChainLookup
       * OrdinaryHasInstance
      
      Also TNodified loads regarding:
       * FeedbackCell::kValueOffset
       * HeapObject::kMapOffset
       * JSFunction::kSharedFunctionInfoOffset
       * JSFunction::kFeedbackCellOffset
       * Map::kInstanceTypeOffset
       * Map::kInstanceDescriptorsOffset
       * Map::kPrototypeOffset
      
      Drive-by cleanup: StoreJSArrayLength and StoreElements were unused.
      
      Bug: v8:6949, v8:9396
      Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844
      Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63216}
      82111e22
  8. 17 Jun, 2019 1 commit
  9. 14 Jun, 2019 2 commits
  10. 21 May, 2019 1 commit
  11. 16 Apr, 2019 1 commit
  12. 14 Feb, 2019 1 commit
  13. 13 Feb, 2019 1 commit
  14. 18 Oct, 2018 1 commit
  15. 07 Oct, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Eliminate redundant Smi checks around array accesses. · bcdede0c
      Benedikt Meurer authored
      As identified in the web-tooling-benchmark, there are specific code
      patterns involving array indexed property accesses and subsequent
      comparisons of those indices that lead to repeated Smi checks in the
      optimized code, which in turn leads to high register pressure and
      generally bad register allocation. An example of this pattern is
      code like this:
      
      ```js
      function f(a, n) {
        const i = a[n];
        if (n >= 1) return i;
      }
      ```
      
      The `a[n]` property access introduces a CheckBounds on `n`, which
      later lowers to a `CheckedTaggedToInt32[dont-check-minus-zero]`,
      however the `n >= 1` comparison has collected `SignedSmall` feedback
      and so it introduces a `CheckedTaggedToTaggedSigned` operation. This
      second Smi check is redundant and cannot easily be combined with the
      earlier tagged->int32 conversion, since that also deals with heap
      numbers and even truncates -0 to 0.
      
      So we teach the RedundancyElimination to look at the inputs of these
      speculative number comparisons and if there's a leading bounds check
      on either of these inputs, we change the input to the result of the
      bounds check. This avoids the redundant Smi checks later and generally
      allows the SimplifiedLowering to do a significantly better job on the
      number comparisons. We only do this in case of SignedSmall feedback
      and only for inputs that are not already known to be in UnsignedSmall
      range, to avoid doing too many (unnecessary) expensive lookups during
      RedundancyElimination.
      
      All of this is safe despite the fact that CheckBounds truncates -0
      to 0, since the regular number comparisons in JavaScript identify
      0 and -0 (unlike Object.is()). This also adds appropriate tests,
      especially for the interesting cases where -0 is used only after
      the code was optimized.
      
      Bug: v8:6936, v8:7094
      Change-Id: Ie37114fb6192e941ae1a4f0bfe00e9c0a8305c07
      Reviewed-on: https://chromium-review.googlesource.com/c/1246181Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#56428}
      bcdede0c
  16. 20 Sep, 2018 1 commit
  17. 07 Sep, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Introduce a pure StringConcat operator. · e56b6d24
      Benedikt Meurer authored
      This replaces the previous CheckStringAdd operator which deopts in case
      the combined length overflows with a dedicated pure StringConcat operator.
      This operator is similar to NewConsString in that it takes the resulting
      length plus the two input strings. The operator relies on the length
      being checked explicitly by the surrounding code instead of baking the
      check into the operator itself. This way TurboFan can eliminate
      redundant/unnecessary StringConcat operations, since they are pure now.
      
      This also unifies the treatment of string addition in JSTypedLowering,
      and generalizes the StringLength constant-folding to apply to more cases
      not just the JSAdd cases inside JSTypedLowering.
      
      Bug: v8:7902, v8:8015
      Change-Id: I987ec39815a9464fd5fd9c4f7b26b709f94f2b3f
      Reviewed-on: https://chromium-review.googlesource.com/1213205Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55725}
      e56b6d24
  18. 29 Aug, 2018 1 commit
    • Maya Lekova's avatar
      [turbofan] Introduce a CheckStringAdd node instead of cons string lowering · 6a7872b7
      Maya Lekova authored
      The new node is introduced for literal string addition and calling
      String.prototype.concat in the typed lowering phase. It later might get optimized
      away during redundancy elimination, keeping the performance of already existing
      benchmarks with string addition. In case the operation is about to throw
      (due to too long string being constructed) we just deoptimize, reusing
      the interpreter logic for creating the error.
      
      Modify relevant mjsunit and unit tests for string concatenation.
      
      Bug: v8:7902
      Change-Id: Ie97d39534df4480fa8d4fe3ba276d02ed5e750e3
      Reviewed-on: https://chromium-review.googlesource.com/1193342
      Commit-Queue: Maya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55482}
      6a7872b7
  19. 26 Apr, 2018 1 commit
  20. 23 Apr, 2018 1 commit
  21. 27 Mar, 2018 1 commit
    • Tobias Tebbi's avatar
      [turbofan] unify interpreter and JIT speculation poisoning · 1ef6c437
      Tobias Tebbi authored
      This CL changes the poisoning in the interpreter to use the
      infrastructure used in the JIT.
      
      This does not change the original flag semantics:
      
      --branch-load-poisoning enables JIT mitigations as before.
      
      --untrusted-code-mitigation enables the interpreter mitigations
        (now realized using the compiler back-end), but does not enable
        the back-end based mitigations for the Javascript JIT. So in effect
        --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
        use the same mechanics (including changed register allocation) that
        --branch-load-poisoning enables for the JIT.
      
      Bug: chromium:798964
      Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
      Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52243}
      1ef6c437
  22. 23 Mar, 2018 1 commit
  23. 21 Mar, 2018 1 commit
  24. 16 Mar, 2018 2 commits
  25. 08 Mar, 2018 1 commit
    • Tobias Tebbi's avatar
      [turbofan] [cleanup] remove UnalignedLoadRepresentation · 501f250c
      Tobias Tebbi authored
      UnalignedLoad is the only kind of load operation that defines its own
      UnalignedLoadRepresentation type alias and LoadRepresentationOf function.
      This is a problem because it means we cannot use the LOAD_MATCHER
      infrastructure without defining all of this boilerplate for all the other
      kinds of load operations. Since these aliases serve no real purpose,
      it is best to unify UnalignedLoad to how its peers are handled.
      
      Change-Id: I51a591eb82fb85edee66512136b23276e851f767
      Reviewed-on: https://chromium-review.googlesource.com/951683
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51802}
      501f250c
  26. 02 Mar, 2018 1 commit
  27. 23 Feb, 2018 1 commit
  28. 21 Feb, 2018 1 commit
  29. 12 Feb, 2018 1 commit
    • Ross McIlroy's avatar
      [Ignition] [TurboFan] Generate speculation poison in code generator. · a021b6c4
      Ross McIlroy authored
      Moves generation of speculation poison to be based on the PC target vs the
      actual PC being executed. The speculation poison is generated in the prologue
      of the generated code if CompilationInfo::kGenerateSpeculationPoison is set.
      The result is stored in a known register, which can then be read using the
      SpeculationPoison machine node.
      
      Currently we need to ensure the SpeculationPoison node is scheduled right after
      the code prologue so that the poison register doesn't get clobbered. This is
      currently not verified, however it's only use is in RawMachineAssembler where
      it is manually scheduled early.
      
      The Ignition bytecode handlers are updated to use this speculation poison
      rather than one generated by comparing the target bytecode.
      
      BUG=chromium:798964
      
      Change-Id: I2a3d0cfc694e88d7a8fe893282bd5082f693d5e2
      Reviewed-on: https://chromium-review.googlesource.com/893160
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51229}
      a021b6c4
  30. 29 Jan, 2018 1 commit
  31. 30 Nov, 2017 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Introduce a dedicated StringLength operator. · 500d7b93
      Benedikt Meurer authored
      Strings are immutable in JavaScript land (contrast with the runtime,
      where we can truncate strings that haven't escaped to JavaScript yet),
      so the length of a String is immutable. Thus loading the length of a
      String is a pure operation and should be expressed as such (i.e. doesn't
      depend on control or effect). The StringLength operator does exactly
      this and is hooked up to the effect chain in the EffectControlLinearizer.
      
      This will eventually allow us to simplify the optimization of string
      concatention and other operations that are a bit cumbersome in TurboFan
      currently, and it will also allow us to optimize string operations
      across effectful operations, for example combining multiple invocations
      to String#slice with the same inputs.
      
      Bug: v8:5269, v8:6936, v8:7109, v8:7137
      Change-Id: Iffcccbb0c7fc4cfe1281c10e7af24b40eba4c987
      Reviewed-on: https://chromium-review.googlesource.com/799690Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49731}
      500d7b93
  32. 12 Sep, 2017 1 commit
  33. 16 May, 2017 1 commit
  34. 03 Mar, 2017 1 commit
  35. 11 Jan, 2017 1 commit