- 15 Oct, 2018 1 commit
-
-
Georg Neis authored
There's no ambiguity and the shorter name makes things easier to read. Bug: v8:7790 Change-Id: Ibcf3fd7f38a91e26a83cd335fad0ec80a5fe9be1 Reviewed-on: https://chromium-review.googlesource.com/c/1278392 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#56623}
-
- 18 Sep, 2018 1 commit
-
-
Georg Neis authored
This removes the last unconditional read accesses to the heap, but required a significant refactoring. - Remove HeapObjectRef::type(). - Change HeapObjectData::Is* testers to look at the instance type in HeapObjectData::map(). - Remove ObjectRef::oddball_type() - Add MapRef::oddball_type() - Add MapRef::is_undetectable(). - Add MapRef::is_callable(). - Remove JSHeapBroker::HeapObjectTypeFromMap() - Remove Type::For(JSHeapBroker*, Handle<Map>) - Add BitsetType::Lub(MapRef). - Add Type::For(MapRef). - Add Type::For(HeapObjectType). - Add HeapObjectRef::GetHeapObjectType(). THIS IS TEMPORARY. As the last item suggests, I couldn't actually remove the HeapObjectType class yet. See the explanation in the code. Bug: v8:7790 Change-Id: I508e4bd5337277b0050f2204392fc36f41032fe9 Reviewed-on: https://chromium-review.googlesource.com/1228033Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#55994}
-
- 14 Sep, 2018 1 commit
-
-
Georg Neis authored
Additionally: - Remove partiality from ContextRef::previous as long as we don't need it. - Fix a nasty bug in serialization dispatch (the order of types was incorrect). Bug: v8:7790 Change-Id: I354a69cf37e1dcdd691aab8af668c5cef165cf1e Reviewed-on: https://chromium-review.googlesource.com/1224438Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#55889}
-
- 16 Aug, 2018 1 commit
-
-
Georg Neis authored
Bug: v8:7790 Change-Id: I18512b508127c48ab0a1dc5a6a221d0f491bb5fe Reviewed-on: https://chromium-review.googlesource.com/1175917 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55171}
-
- 23 Jul, 2018 1 commit
-
-
Georg Neis authored
We'll soon start collecting data from the JS heap prior to the typed lowering pass, and then refrain from reading the heap in that pass. This CL prepares the broker machinery by introducing a hash table that maps an object (handle) to the corresponding cached data. For the time being, that cached data is essentially just the handle itself. Bug: v8:7790 Change-Id: I830e9c72faafb7ae1d10e8a111636b3a3762bbc6 Reviewed-on: https://chromium-review.googlesource.com/1143405 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54618}
-
- 17 Jul, 2018 1 commit
-
-
Georg Neis authored
This makes it more convenient to work with brokerized data. Bug: v8:7790 Change-Id: I7ffb4054b809c10c67787b2fb89a05e8ce8f4575 Reviewed-on: https://chromium-review.googlesource.com/1138248 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54480}
-
- 10 Jul, 2018 1 commit
-
-
Georg Neis authored
R=jarin@chromium.org Bug: v8:7790 Change-Id: I79c6904a9969afc6aac7530c5d876da15018b3bc Reviewed-on: https://chromium-review.googlesource.com/1129142 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54344}
-
- 26 Jun, 2018 1 commit
-
-
Georg Neis authored
We decided not to use this. R=jarin@chromium.org Bug: v8:7790 Change-Id: I18413bb1a363477bd297a5e44aeff2623e2f1c8e Reviewed-on: https://chromium-review.googlesource.com/1113931Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54015}
-
- 20 Jun, 2018 1 commit
-
-
Georg Neis authored
Also fix an oversight in my previous CL. R=jarin@chromium.org Bug: v8:7790 Change-Id: I61c783392b7b7b38ea28dc44dc1e932d15b55bc6 Reviewed-on: https://chromium-review.googlesource.com/1106170Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#53862}
-
- 18 Jun, 2018 1 commit
-
-
Georg Neis authored
This adds an overload of JSGraph::Constant that takes an ObjectReference rather than a Handle<Object>. ObjectReference is a new superclass of HeapReference. Also several refactorings and renaming, e.g.: - Rename HeapReference to HeapObjectRef. - Rename ContextHeapReference to ContextRef. - ... - Rename HeapReferenceType to HeapObjectType. Bug: v8:7790 Change-Id: Id3e567cbaf7c326189b99b2fd4ced6bff02f9640 Reviewed-on: https://chromium-review.googlesource.com/1104337Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#53797}
-
- 15 Jun, 2018 1 commit
-
-
Georg Neis authored
No longer access the heap directly, as policed by Disallow* scopes in JSContextSpecialization::Reduce. Bug: v8:7790 Change-Id: I40f1c500b04b96152421fd5de631747ba386bca1 Reviewed-on: https://chromium-review.googlesource.com/1101322 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#53759}
-
- 05 Mar, 2018 2 commits
-
-
Sigurd Schneider authored
Bug: v8:7517, v8:7310 Change-Id: Ic9a1ac8f4a928e1d5d8f807a0875c7314a7777fb Reviewed-on: https://chromium-review.googlesource.com/946095 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51735}
-
Sigurd Schneider authored
This also introduces FrameStateInfoOf helper. Bug: v8:7517, v8:7310 Change-Id: If2dd1257fb9384fe957a980077a65154cc014d3b Reviewed-on: https://chromium-review.googlesource.com/946009 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51718}
-
- 15 Dec, 2017 1 commit
-
-
Georg Neis authored
In a generator containing loops, there are always certain control flow paths that are impossible, due to the way we represent generators at the bytecode level. Unfortunately, the graph builder can't tell that these paths are impossible. In combination with dead code, it can then happen that we build a subgraph (for unreachable code) whose incoming context is the undefined oddball. JSContextSpecialization did not expect that. Bug: chromium:794822 Change-Id: I259be5ae6c5f5adc8fca19c64bf71285ee922b7a Reviewed-on: https://chromium-review.googlesource.com/828954Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#50129}
-
- 13 Sep, 2017 1 commit
-
-
Michael Starzinger authored
R=clemensh@chromium.org Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I3df5d50f81909188ee0cb31d0f479aadeeabe20f Reviewed-on: https://chromium-review.googlesource.com/662780Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47991}
-
- 07 Sep, 2017 1 commit
-
-
Michael Starzinger authored
R=marja@chromium.org Change-Id: I7e1b471c425a28d77100ce3cda34511393b31365 Reviewed-on: https://chromium-review.googlesource.com/654901Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47892}
-
- 26 Jun, 2017 1 commit
-
-
Georg Neis authored
R=mstarzinger@chromium.org Bug: Change-Id: Ica169da6e095abb79967687ae9a18db5c833f72e Reviewed-on: https://chromium-review.googlesource.com/546356Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#46203}
-
- 04 May, 2017 1 commit
-
-
neis authored
1. Generalize context specialization such that the provided context can be any outer context of the function, not necessarily the immediate outer context. 2. Based on this: if function specialization is disabled, then specialize for the module context if there is one. 3. Extend typed lowering of module loads and stores such that if the operand is a Module constant, we constant-fold the cell load. That is, a JSLoadModule with a Module HeapConstant input becomes a LoadField with a Cell HeapConstant input, and similarly for JSStoreModule. BUG=v8:1569 Review-Url: https://codereview.chromium.org/2841613002 Cr-Commit-Position: refs/heads/master@{#45083}
-
- 31 Mar, 2017 1 commit
-
-
bmeurer authored
R=jarin@chromium.org BUG=v8:5267,v8:6181 Review-Url: https://codereview.chromium.org/2792553002 Cr-Commit-Position: refs/heads/master@{#44305}
-
- 13 Jan, 2017 1 commit
-
-
neis authored
With this CL, context loads and stores are "strengthened" by reducing the incoming context chain and decreasing the depth accordingly, whenever possible. This enables more opportunities for specialization and will let us easily add module context specialization later. BUG= Review-Url: https://codereview.chromium.org/2559173003 Cr-Commit-Position: refs/heads/master@{#42334}
-
- 30 Nov, 2016 1 commit
-
-
neis authored
JS operators always have an implicit context input, so just use that instead. BUG= Review-Url: https://codereview.chromium.org/2541813002 Cr-Commit-Position: refs/heads/master@{#41392}
-
- 06 Jun, 2016 1 commit
-
-
cbruni authored
Passing in the isolate and pointer compare the instnance against the corresponding constant is always faster than decoding the instance types. BUG= Review-Url: https://codereview.chromium.org/2028983002 Cr-Commit-Position: refs/heads/master@{#36744}
-
- 16 Dec, 2015 1 commit
-
-
bmeurer authored
Flatten ConsString objects in JSGraph, to make sure we consistently flatten all cons strings no matter which pass creates them. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1529053003 Cr-Commit-Position: refs/heads/master@{#32878}
-
- 18 Nov, 2015 1 commit
-
-
bmeurer authored
Retrieve the native context/global object from the Node being specialized in the JSNativeContextSpecialization and the JSGlobalObjectSpecialization classes. For this we introduce two new methods NodeProperties::GetSpecializationNativeContext and NodeProperties::GetSpecializationGlobalObject, which walk up the context chain and might in the end take the native context from the outermost activation (if native context specialization is enabled). This allows us to run the native context specialization pass as part of the inlining phase without hacking some of that into the JSInliner. Also refactor the NodeProperties::GetSpecializationContext method that was previously local to the JSContextSpecialization. Also refactor two other oddities in JSNativeContextSpecialization. R=jarin@chromium.org BUG=v8:4470, v8:4493 LOG=n Review URL: https://codereview.chromium.org/1451143005 Cr-Commit-Position: refs/heads/master@{#32076}
-
- 07 Oct, 2015 3 commits
-
-
bmeurer authored
Introduce a new JSGlobalSpecialization advanced reducer that runs during the initial inlining and context specialization, and specializes the graph to the globals of the native context. Currently we assume that we do not inline cross native context, but long-term we will grab the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the new global load/store ICs that are currently in the workings), and then this whole specialization will be fully compositional even across cross-context inlining. Note that we cannot really handle most of the stores to global object property cells because TurboFan doesn't have a mechanism to enforce certain representations. Also note that we cannot yet fully benefit from the type feedback collected on the global object property cells, because the type system cannot deal with maps in a reasonable way. CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel R=jarin@chromium.org BUG=v8:4470 LOG=n Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb Cr-Commit-Position: refs/heads/master@{#31139} Review URL: https://codereview.chromium.org/1387393002 Cr-Commit-Position: refs/heads/master@{#31148}
-
bmeurer authored
Revert of [turbofan] Add initial support for global specialization. (patchset #4 id:60001 of https://codereview.chromium.org/1387393002/ ) Reason for revert: Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960 Original issue's description: > [turbofan] Add initial support for global specialization. > > Introduce a new JSGlobalSpecialization advanced reducer that runs > during the initial inlining and context specialization, and specializes > the graph to the globals of the native context. Currently we assume > that we do not inline cross native context, but long-term we will grab > the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the > new global load/store ICs that are currently in the workings), and then > this whole specialization will be fully compositional even across > cross-context inlining. > > Note that we cannot really handle most of the stores to global object > property cells because TurboFan doesn't have a mechanism to enforce > certain representations. Also note that we cannot yet fully benefit > from the type feedback collected on the global object property cells, > because the type system cannot deal with maps in a reasonable way. > > CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel > R=jarin@chromium.org > BUG=v8:4470 > LOG=n > > Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb > Cr-Commit-Position: refs/heads/master@{#31139} TBR=jarin@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4470 Review URL: https://codereview.chromium.org/1390073004 Cr-Commit-Position: refs/heads/master@{#31144}
-
bmeurer authored
Introduce a new JSGlobalSpecialization advanced reducer that runs during the initial inlining and context specialization, and specializes the graph to the globals of the native context. Currently we assume that we do not inline cross native context, but long-term we will grab the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the new global load/store ICs that are currently in the workings), and then this whole specialization will be fully compositional even across cross-context inlining. Note that we cannot really handle most of the stores to global object property cells because TurboFan doesn't have a mechanism to enforce certain representations. Also note that we cannot yet fully benefit from the type feedback collected on the global object property cells, because the type system cannot deal with maps in a reasonable way. CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel R=jarin@chromium.org BUG=v8:4470 LOG=n Review URL: https://codereview.chromium.org/1387393002 Cr-Commit-Position: refs/heads/master@{#31139}
-
- 24 Sep, 2015 1 commit
-
-
mstarzinger authored
This introduces the NodeProperties::ChangeOp helper which guards node operator changes so that additional checking can be done without any additional dependencies being pulled into the Node class. For now only the input count is checked, but additional checking might follow. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1366753003 Cr-Commit-Position: refs/heads/master@{#30916}
-
- 01 Sep, 2015 1 commit
-
-
mstarzinger authored
Now that it is no longer needed, this also removes the invalid inclusion of "object-inl.h" within the "unique.h" header file. Note that this change still leaves 2 violations of that rule in the code, checked with the "tools/check-inline-includes.sh" tool. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1321223002 Cr-Commit-Position: refs/heads/master@{#30503}
-
- 31 Aug, 2015 1 commit
-
-
mstarzinger authored
The usage of Unique<T> throughout the TurboFan IR does not have any advantage. There is no single point in time when they are initialized and most use-sites looked through to the underlying Handle<T> anyways. Also there already was a mixture of Handle<T> versus Unique<T> in the graph and this unifies the situation to use Handle<T> everywhere. R=bmeurer@chromium.org,titzer@chromium.org Review URL: https://codereview.chromium.org/1314473007 Cr-Commit-Position: refs/heads/master@{#30458}
-
- 13 Jul, 2015 1 commit
-
-
bmeurer authored
The JSContextSpecialization should only care about loads from the context and stores to the context, where the context is either a HeapConstant or the special context Parameter (and a context for the outer most function is provided). This way we don't eagerly embed arbitrary context constants for no benefit, but we still specialize the loads and store which we actually care about. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1227963005 Cr-Commit-Position: refs/heads/master@{#29602}
-
- 06 Jul, 2015 1 commit
-
-
bmeurer authored
Remove the context specialization hack from the AstGraphBuilder, and properly specialize to the function context in the context specialization. And replace the correct context in the JSInliner. R=mstarzinger@chromium.org BUG=v8:4273 LOG=n Review URL: https://codereview.chromium.org/1218873005 Cr-Commit-Position: refs/heads/master@{#29493}
-
- 19 Jun, 2015 1 commit
-
-
bmeurer authored
BUG=v8:3809 LOG=n R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/1196623002 Cr-Commit-Position: refs/heads/master@{#29147}
-
- 08 Jun, 2015 1 commit
-
-
mstarzinger authored
This in turn allows usage of AdvancedReducer::ReplaceWithValue which has access to the underlying graph reducer. R=titzer@chromium.org Review URL: https://codereview.chromium.org/1162903006 Cr-Commit-Position: refs/heads/master@{#28838}
-
- 19 Feb, 2015 1 commit
-
-
titzer authored
AstGraphBuilder puts a constant context in from the beginning. Also fix bug in merging contexts in environment. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/934293002 Cr-Commit-Position: refs/heads/master@{#26745}
-
- 11 Feb, 2015 2 commits
-
-
titzer authored
R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/917583004 Cr-Commit-Position: refs/heads/master@{#26589}
-
svenpanne authored
A CompilationInfo constructed from just an Isolate* and a Zone* is in weird an inconsistent state (calling e.g. flags() on it will crash), so we need to avoid them. This CL removes almost all of them, the remaining 2 call sites in (for testing only) will be handled in a separate CL. Things which have been changed: * Linkage is basically a decorator for CallDescriptor now. * ChangeLowering doesn't need Linkage at all. * JSGenericLowering doesn't need a full CompilationInfo*, just a single flag. * JSContextSpecializer doesn't need the full CompilationInfo, just a Context. * Removed unused CompilationInfo from SimplifiedLoweringTester. This nicely decouples things already a bit more, but there's still work to do... Review URL: https://codereview.chromium.org/899803003 Cr-Commit-Position: refs/heads/master@{#26580}
-
- 29 Jan, 2015 1 commit
-
-
bmeurer authored
R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/883613006 Cr-Commit-Position: refs/heads/master@{#26316}
-
- 26 Jan, 2015 1 commit
-
-
titzer authored
R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/879583002 Cr-Commit-Position: refs/heads/master@{#26280}
-
- 23 Dec, 2014 1 commit
-
-
bmeurer authored
TEST=cctest,unittests R=jochen@chromium.org Review URL: https://codereview.chromium.org/821913002 Cr-Commit-Position: refs/heads/master@{#25935}
-