- 02 Jun, 2016 14 commits
-
-
jarin authored
This introduces optimized number operations based on type feedback. Summary of changes: 1. Typed lowering produces SpeculativeNumberAdd/Subtract for JSAdd/Subtract if there is suitable feedback. The speculative nodes are connected to both the effect chain and the control chain and they retain the eager frame state. 2. Simplified lowering now executes in three phases: a. Propagation phase computes truncations by traversing the graph from uses to definitions until checkpoint is reached. It also records type-check decisions for later typing phase, and computes representation. b. The typing phase computes more precise types base on the speculative types (and recomputes representation for affected nodes). c. The lowering phase performs lowering and inserts representation changes and/or checks. 3. Effect-control linearization lowers the checks to machine graphs. Notes: - SimplifiedLowering will be refactored to have handling of each operation one place and with clearer input/output protocol for each sub-phase. I would prefer to do this once we have more operations implemented, and the pattern is clearer. - The check operations (Checked<A>To<B>) should have some flags that would affect the kind of truncations that they can handle. E.g., if we know that a node produces a number, we can omit the oddball check in the CheckedTaggedToFloat64 lowering. - In future, we want the typer to reuse the logic from OperationTyper. BUG=v8:4583 LOG=n Review-Url: https://codereview.chromium.org/1921563002 Cr-Commit-Position: refs/heads/master@{#36674}
-
jochen authored
BUG=none R=machenbach@chromium.org NOTRY=true Review-Url: https://codereview.chromium.org/2034643002 Cr-Commit-Position: refs/heads/master@{#36673}
-
Benedikt Meurer authored
TBR=jarin@chromium.org Review URL: https://codereview.chromium.org/2038463003 . Cr-Commit-Position: refs/heads/master@{#36672}
-
bmeurer authored
It's not safe to look at the types after SimplifiedLowering runs, as the types are unreliable by that time. So better make sure we nuke the types first. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2032613006 Cr-Commit-Position: refs/heads/master@{#36671}
-
yangguo authored
R=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2032713003 Cr-Commit-Position: refs/heads/master@{#36670}
-
mstarzinger authored
This removes the frame state input representing the before-state from nodes having the {JSCallFunction} or {JSCallConstruct} operator. These frame states can by now be found via checkpoints in the graph. R=bmeurer@chromium.org BUG=v8:5021 Review-Url: https://codereview.chromium.org/2025573003 Cr-Commit-Position: refs/heads/master@{#36669}
-
bmeurer authored
We use StringFromCharCode to optimize calls to String.fromCharCode with a single Number argument for now. We will use it to also implement the charAt method on the String prototype. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2037453003 Cr-Commit-Position: refs/heads/master@{#36668}
-
v8-autoroll authored
Rolling v8/build to 2a6b3280927ceaff306473034f1f6c1b390c938b TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review-Url: https://codereview.chromium.org/2029403002 Cr-Commit-Position: refs/heads/master@{#36667}
-
machenbach authored
This sets the default for the feature, as chromium expects it: It is turned on for all platforms except ios. Chromium's build_override can be removed after this. This will also allow to override the value as a gn arg. BUG=chromium:474921,chromium:616034 NOTRY=true Review-Url: https://codereview.chromium.org/2025803003 Cr-Commit-Position: refs/heads/master@{#36666}
-
machenbach authored
Revert of Move (hopefully) remaining isolate related variables to toolchain.gypi (patchset #1 id:1 of https://codereview.chromium.org/2027213002/ ) Reason for revert: Fails: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7182/steps/gclient%20runhooks/logs/stdio Original issue's description: > Move (hopefully) remaining isolate related variables to toolchain.gypi > > BUG=chromium:609107 > R=machenbach@chromium.org > > Committed: https://crrev.com/a68a1eb38dda0a1eba3b7644a172d2f85e9c7abe > Cr-Commit-Position: refs/heads/master@{#36664} TBR=jochen@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:609107 Review-Url: https://codereview.chromium.org/2038463002 Cr-Commit-Position: refs/heads/master@{#36665}
-
jochen authored
BUG=chromium:609107 R=machenbach@chromium.org Review-Url: https://codereview.chromium.org/2027213002 Cr-Commit-Position: refs/heads/master@{#36664}
-
mlippautz authored
Revert of Reland "[heap] Fine-grained JSArrayBuffer tracking" (patchset #7 id:180001 of https://codereview.chromium.org/2026633003/ ) Reason for revert: Also failing with the new implementation: https://build.chromium.org/p/chromium.gpu/builders/Linux%20Debug%20%28NVIDIA%29/builds/62646 Will do a local repro now. Original issue's description: > Track based on JSArrayBuffer addresses on pages instead of the attached > backing store. > > Details of tracking: > - Scavenge: New space pages are processes in bulk on the main thread > - MC: Unswept pages are processed in bulk in parallel. All other pages > are processed by the sweeper concurrently. > > BUG=chromium:611688 > LOG=N > TEST=cctest/test-array-buffer-tracker/* > CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel > > Committed: https://crrev.com/279e274eccf95fbb4bd41d908b9153acf6ec118a > Cr-Commit-Position: refs/heads/master@{#36653} TBR=hpayer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:611688 Review-Url: https://codereview.chromium.org/2032973002 Cr-Commit-Position: refs/heads/master@{#36663}
-
jarin authored
Reland of https://codereview.chromium.org/2026173003 (reverted by https://codereview.chromium.org/2029563002). Additionally, we need to record environment markers even for the case of a.length, where a is aliased arguments (which crankshaft optimizes to constant for the inlined case or to HArgumentsLength when not inlined). BUG=chromium:612146 Review-Url: https://codereview.chromium.org/2028243002 Cr-Commit-Position: refs/heads/master@{#36662}
-
bjaideep authored
result is sign-extended on 64bit for functions LCodeGen::DoFlooringDivI and LCodeGen::DoDivI R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2029273002 Cr-Commit-Position: refs/heads/master@{#36661}
-
- 01 Jun, 2016 26 commits
-
-
rmcilroy authored
Eliminating dead code in the bytecode array builder doesn't play nice with the register elimination optimizer. We should move it to it's own stage in the optimization pipeline, however doing so would require refactoring of how we deal with jumps, so for now just remove the dead code elimination optimization. BUG=chromium:616064 Review-Url: https://codereview.chromium.org/2030583002 Cr-Commit-Position: refs/heads/master@{#36660}
-
ishell authored
Revert of Extend HasProperty stub with dictionary-mode and double-elements objects support. (patchset #8 id:280001 of https://codereview.chromium.org/1995453002/ ) Reason for revert: There are crashes on Win32 and Win64 bots. Original issue's description: > Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support. > > This CL also replaces some Branch() usages with GotoIf/GotoUnless. > > BUG=v8:2743 > LOG=Y > > Committed: https://crrev.com/24066b6df4259b302edfa1db884c479008776a7e > Cr-Commit-Position: refs/heads/master@{#36657} TBR=verwaest@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:2743 Review-Url: https://codereview.chromium.org/2028333002 Cr-Commit-Position: refs/heads/master@{#36659}
-
jarin authored
Review-Url: https://codereview.chromium.org/2031593002 Cr-Commit-Position: refs/heads/master@{#36658}
-
ishell authored
This CL also replaces some Branch() usages with GotoIf/GotoUnless. BUG=v8:2743 LOG=Y Review-Url: https://codereview.chromium.org/1995453002 Cr-Commit-Position: refs/heads/master@{#36657}
-
lpy authored
We already implemented CPU time for OS X and POSIX, this path is a follow up for the implementation on Windows. BUG=v8:5000 LOG=n Review-Url: https://codereview.chromium.org/1977983003 Cr-Commit-Position: refs/heads/master@{#36656}
-
gsathya authored
https://codereview.chromium.org/2001393004 makes TypedArray length property writable, which means we shouldn't depend on it. Instead, use %_TypedArrayGetLength% to get length. Attached regression test. BUG=chromium:615776 Review-Url: https://codereview.chromium.org/2020203006 Cr-Commit-Position: refs/heads/master@{#36655}
-
bbudge authored
Adds instructions for ARM to push floats. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2024443002 Cr-Commit-Position: refs/heads/master@{#36654}
-
mlippautz authored
backing store. Details of tracking: - Scavenge: New space pages are processes in bulk on the main thread - MC: Unswept pages are processed in bulk in parallel. All other pages are processed by the sweeper concurrently. BUG=chromium:611688 LOG=N TEST=cctest/test-array-buffer-tracker/* CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel Review-Url: https://codereview.chromium.org/2026633003 Cr-Commit-Position: refs/heads/master@{#36653}
-
ishell authored
This CL also updates the elements kind transition lookup logic: 1) First we go back to the root map, 2) Follow elements kind transitions, 3) Replay the property transitions. BUG=v8:5009 LOG=Y TBR=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2015513002 Cr-Commit-Position: refs/heads/master@{#36652}
-
ulan authored
BUG=chromium:414964 LOG=NO Review-Url: https://codereview.chromium.org/1975593004 Cr-Commit-Position: refs/heads/master@{#36651}
-
hpayer authored
BUG= Review-Url: https://codereview.chromium.org/2019333009 Cr-Commit-Position: refs/heads/master@{#36650}
-
rmcilroy authored
GenerateSmiToDouble on ia32 assumes that it is called from a JSFrame and can restore the context from the StandardFrameConstants::kContextObject. In the case of the interpreter it is called from a interpreter handler stub frame which doesn't push the context onto it's frame. Instead, push and pop esi to explicitly restore it correctly. BUG=chromium:612386 Review-Url: https://codereview.chromium.org/2011313003 Cr-Commit-Position: refs/heads/master@{#36649}
-
machenbach authored
BUG=chromium:474921 Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c Cr-Commit-Position: refs/heads/master@{#36517} Committed: https://crrev.com/65678bc67fc48dfe4dcab7fdd2c4b7e1d6e918f4 Cr-Commit-Position: refs/heads/master@{#36586} TBR=jochen@chromium.org Committed: https://crrev.com/eea9fbe1858df23dd832ed8ddd284f98120d9e21 Cr-Commit-Position: refs/heads/master@{#36607} Review-Url: https://codereview.chromium.org/2007143003 Cr-Commit-Position: refs/heads/master@{#36648}
-
machenbach authored
NOTRY=true TBR=hablich@chromium.org, rmcilroy@chromium.org Review-Url: https://codereview.chromium.org/2027183002 Cr-Commit-Position: refs/heads/master@{#36647}
-
bmeurer authored
The idea is to make it easier (cheaper) to call into C/C++ directly with C calling conventions, which require xmm0 to be used to pass and return floating point values in the future. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2023763010 Cr-Commit-Position: refs/heads/master@{#36646}
-
Miran.Karic authored
A few values were missing use of a macro causing test to fail on big endian machines. BUG= Review-Url: https://codereview.chromium.org/2024123002 Cr-Commit-Position: refs/heads/master@{#36645}
-
machenbach authored
Revert of [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis. (patchset #2 id:20001 of https://codereview.chromium.org/2026173003/ ) Reason for revert: Triggers crashes on the deopt fuzzer: https://build.chromium.org/p/client.v8/builders/V8%20Deopt%20Fuzzer/builds/10608 Repro: out/Release/d8 --test --random-seed=849179141 --deopt-every-n-times 149 --nohard-abort --nodead-code-elimination --nofold-constants --noconcurrent-recompilation test/webkit/resources/standalone-pre.js test/webkit/dfg-arguments-mixed-alias.js test/webkit/resources/standalone-post.js Original issue's description: > [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis. > > Currently, we do not emit EnvironmentMarkers if the hydrogen value > in the environment is arguments object. As the hydrogen value can change > for local variables, we emit only some environment markers. That can > cause environment liveness analysis to mark part of live range as live > and part as dead. The zapping phase then only inserts zaps in > live->dead transitions, potentially zapping a live value. > > With this CL, we only emit EnvironmentMarkers for 'this' and > 'arguments' local variables, disregarding the hydrogen value. > > BUG=chromium:612146 > LOG=n > > Committed: https://crrev.com/1428fbe224dc2df0cb6f59e4959430f7aa614064 > Cr-Commit-Position: refs/heads/master@{#36641} TBR=jkummerow@chromium.org,jarin@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:612146 Review-Url: https://codereview.chromium.org/2029563002 Cr-Commit-Position: refs/heads/master@{#36644}
-
hlopko authored
It happens that a scavenger runs during incremental marking. Currently scavenger does not care about MarkCompact's mark bits. When an object is alive and marked, and at least one scavenge happens during incremental marking, the object will be copied once to the other semispace in the new_space, and then once to the old_space. For surviving objects this is useless extra work. In our current attempts (https://codereview.chromium.org/1988623002) to ensure marked objects are scavenged, all marked objects will survive therefore there will be many objects which will be uselessly copied. This cl modifies our promotion logic so when incremental marking is in progress, and the object is marked, we promote it unconditionally. BUG= LOG=no Review-Url: https://codereview.chromium.org/2005173003 Cr-Commit-Position: refs/heads/master@{#36643}
-
machenbach authored
BUG=chromium:474921 NOTRY=true Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e Cr-Commit-Position: refs/heads/master@{#36510} Committed: https://crrev.com/143b3d167d7014525d049d3ab53c73cf2592243c Cr-Commit-Position: refs/heads/master@{#36582} Committed: https://crrev.com/378a26c03efc74bda401daa5accda223cb266177 Cr-Commit-Position: refs/heads/master@{#36606} Review-Url: https://codereview.chromium.org/2011853002 Cr-Commit-Position: refs/heads/master@{#36642}
-
jarin authored
Currently, we do not emit EnvironmentMarkers if the hydrogen value in the environment is arguments object. As the hydrogen value can change for local variables, we emit only some environment markers. That can cause environment liveness analysis to mark part of live range as live and part as dead. The zapping phase then only inserts zaps in live->dead transitions, potentially zapping a live value. With this CL, we only emit EnvironmentMarkers for 'this' and 'arguments' local variables, disregarding the hydrogen value. BUG=chromium:612146 LOG=n Review-Url: https://codereview.chromium.org/2026173003 Cr-Commit-Position: refs/heads/master@{#36641}
-
epertoso authored
Revert of Provide a tagged allocation top pointer. (patchset #4 id:60001 of https://codereview.chromium.org/2028633002/ ) Reason for revert: Seems to be causing flakiness in some wasm tests: https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/10598 https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/2528 Original issue's description: > Provide a tagged allocation top pointer. > > Taking over http://crrev.com/1924223002. > > BUG=chromium:606711 > LOG=N > > Committed: https://crrev.com/f42c9e93c80fdf57e8f92bb87f6ed927d0ae4028 > Cr-Commit-Position: refs/heads/master@{#36633} TBR=bmeurer@chromium.org,hpayer@chromium.org,machenbach@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:606711 Review-Url: https://codereview.chromium.org/2031493002 Cr-Commit-Position: refs/heads/master@{#36640}
-
littledan authored
Reland of [ESNext] Activate async/await for ClusterFuzz (patchset #2 id:40001 of https://codereview.chromium.org/2003503002/ ) Reason for revert: All known async/await issues are fixed; turn back on Clusterfuzz Original issue's description: > Revert of [ESNext] Activate async/await for ClusterFuzz (patchset #1 id:1 of https://codereview.chromium.org/1992173002/ ) > > Reason for revert: > First CF feedback is in, reverting for now until the know bugs are fixed. > > Original issue's description: > > [ESNext] Activate async/await for ClusterFuzz > > > > BUG=v8:4483 > > R=neis@chromium.org,littledan@chromium.org,caitpotter88@gmail.com > > LOG=N > > > > Committed: https://crrev.com/c57cadfa09fa493141bf43c1c7b898187a71da19 > > Cr-Commit-Position: refs/heads/master@{#36362} > > TBR=littledan@chromium.org,caitpotter88@gmail.com,neis@chromium.org > # Skipping CQ checks because original CL landed less than 1 days ago. > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=v8:4483 > > Committed: https://crrev.com/eb059498b2b2d05731b0dce648bdab801d3873fd > Cr-Commit-Position: refs/heads/master@{#36397} TBR=caitpotter88@gmail.com,neis@chromium.org,mstarzinger@chromium.org,hablich@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=v8:4483 Review-Url: https://codereview.chromium.org/2023003002 Cr-Commit-Position: refs/heads/master@{#36639}
-
mstarzinger authored
This is a first step towards explicit checkpoints in the graph. For now we still use the explicit eager bailout points in the AstGraphBuilder that are marked by the FrameStateBeforeAndAfter helper. Eventually these will be implicitly emitted by expression visits having a side-effect. R=bmeurer@chromium.org BUG=v8:5021 Review-Url: https://codereview.chromium.org/2018403002 Cr-Commit-Position: refs/heads/master@{#36638}
-
mstarzinger authored
R=bmeurer@chromium.org BUG=v8:5021 Review-Url: https://codereview.chromium.org/2022033004 Cr-Commit-Position: refs/heads/master@{#36637}
-
jacob.bramley authored
This mostly affects ARMv6, but also fixes some failures on ARMv7 when hardware integer division is not available. - Fix a case where a CodePatcher accumulates literal pool entries, but does not actually emit them. - Don't treat division as safe if we can't use the hardware instruction. Our fallback implementation returns the wrong result if the divisor is zero. - Support deoptimization tables bigger than 8 bits. (kMaxNumberOfEntries requires a 16-bit table index.) - Correct a TurboFan instruction encoding to encode the Operand2 mode. BUG= Review-Url: https://codereview.chromium.org/2021343002 Cr-Commit-Position: refs/heads/master@{#36636}
-
bmeurer authored
R=jarin@chromium.org, mstarzinger@chromium.org Review-Url: https://codereview.chromium.org/2025273002 Cr-Commit-Position: refs/heads/master@{#36635}
-