Skip to content

V
V8
Switch branch/tag
  1. 02 Feb, 2016 1 commit
  3. 27 Jan, 2016 2 commits
    • mvstanton's avatar
      Revert of Type Feedback Vector lives in the closure (patchset #2 id:20001 of... · a7027851
      mvstanton authored 
      Revert of Type Feedback Vector lives in the closure (patchset #2 id:20001 of https://codereview.chromium.org/1642613002/ )

Reason for revert:
Bug: failing to use write barrier when writing code entry into closure.

Original issue's description:
> Reland of Type Feedback Vector lives in the closure
>
> (Fixed a bug found by nosnap builds.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/d984b3b0ce91e55800f5323b4bb32a06f8a5aab1
> Cr-Commit-Position: refs/heads/master@{#33548}

TBR=bmeurer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1643533003

Cr-Commit-Position: refs/heads/master@{#33556}
      a7027851
    • mvstanton's avatar
      Reland of Type Feedback Vector lives in the closure · d984b3b0
      mvstanton authored 
      (Fixed a bug found by nosnap builds.)

We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.

We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.

This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.

The heap change is trivial so I TBR Hannes for it...

TBR=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1642613002

Cr-Commit-Position: refs/heads/master@{#33548}
      d984b3b0
  5. 26 Jan, 2016 3 commits
    • jarin's avatar
      Replace HeapType with a non-templated FieldType class. · cfaeb63b
      jarin authored 
      This replace HeapType with a dedicated class that implements just what we need for field type tracking. In the next CL, I plan to remove FieldType::Iterator because FieldType can iterate over at most one map.

The ultimate plan is to get rid of templates in types.(h|cc) and remove type-inl.h.

TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1636013002

Cr-Commit-Position: refs/heads/master@{#33521}
      cfaeb63b
    • mvstanton's avatar
      Revert of Type Feedback Vector lives in the closure (patchset #12 id:260001 of... · e2e7dc32
      mvstanton authored 
      Revert of Type Feedback Vector lives in the closure (patchset #12 id:260001 of https://codereview.chromium.org/1563213002/ )

Reason for revert:
FAilure on win32 bot, need to investigate webkit failures.

Original issue's description:
> Type Feedback Vector lives in the closure
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/a5200f7ed4d11c6b882fa667da7a1864226544b4
> Cr-Commit-Position: refs/heads/master@{#33518}

TBR=bmeurer@chromium.org,akos.palfi@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1632993003

Cr-Commit-Position: refs/heads/master@{#33520}
      e2e7dc32
    • mvstanton's avatar
      Type Feedback Vector lives in the closure · a5200f7e
      mvstanton authored 
      We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.

We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.

This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.

The heap change is trivial so I TBR Hannes for it...

TBR=hpayer@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1563213002

Cr-Commit-Position: refs/heads/master@{#33518}
      a5200f7e
  7. 22 Jan, 2016 1 commit
    • bmeurer's avatar
      [stubs] Introduce ToNameStub to implement %_ToName. · a0878333
      bmeurer authored 
      We already had hand-written optimized code for %_ToName in fullcodegen,
but the optimizing compilers always went to the runtime for %_ToName,
which is pretty bad for many of our builtins. So this CL moves the
existing native code to a ToNameStub (similar to the existing
ToStringStub), and uses the ToNameStub consistently in all compilers to
actually implement %_ToName.

Review URL: https://codereview.chromium.org/1622493002

Cr-Commit-Position: refs/heads/master@{#33460}
      a0878333
  9. 21 Jan, 2016 1 commit
  11. 20 Jan, 2016 1 commit
    • danno's avatar
      [compiler] Remove CodeStub from CompilationInfo · d1d01964
      danno authored 
      The motivation for this is that CompilationInfo really shouldn't
explicitly know anything about CodeStubs. This is evident in
the TurboFan stubs pipeline, which only needs to pass down
information about Code::Flags to the code generator and not
any of the CallInterfaceDescriptor silliness that Hydrogen has
to push around, since TF has the Linkage class that
encapsulates everything that is needed for the stub ABI. So,
instead of threading CodeStub machinery through the TF stub
pipeline, it is now removed from CompilationInfo and replaced
by only the explicit bits needed both by the Crankshaft and
TF pipelines in code generation.

Review URL: https://codereview.chromium.org/1604543002

Cr-Commit-Position: refs/heads/master@{#33410}
      d1d01964
  13. 18 Jan, 2016 1 commit
  15. 12 Jan, 2016 3 commits
  17. 11 Dec, 2015 1 commit
  19. 07 Dec, 2015 1 commit
  21. 01 Dec, 2015 1 commit
  23. 30 Nov, 2015 1 commit
  25. 26 Nov, 2015 1 commit
  27. 24 Nov, 2015 1 commit
  29. 05 Nov, 2015 5 commits
  31. 04 Nov, 2015 4 commits
  33. 23 Oct, 2015 1 commit
  35. 20 Oct, 2015 1 commit
  37. 19 Oct, 2015 1 commit
  39. 01 Oct, 2015 2 commits
    • bmeurer's avatar
      [es6] Fix missing bits for full @@toPrimitive support. · 2a0759d3
      bmeurer authored 
      Introduce %_ToNumber intrinsic, which just calls to the existing
ToNumberStub, and remove all uses of our custom JavaScript plus
intrinsics based ToNumber and friends.

Also replace the TO_NUMBER_INLINE macro with TO_NUMBER,
which is currently a wrapper for %_ToNumber. Newly written JS
code should use TO_NUMBER (similar to TO_STRING, TO_INT32,
and friends).

Also finally remove the DefaultString/DefaultNumber builtins, which
are basically the ES5 version of ToPrimitive. Now all code uses the
ES6 version, which is implemented in Object::ToPrimitive and
JSReceiver::ToPrimitive in C++.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1384443002

Cr-Commit-Position: refs/heads/master@{#31054}
      2a0759d3
    • ishell's avatar
      Distinction between FeedbackVectorICSlot and FeedbackVectorSlot eliminated. · 90998947
      ishell authored 
      This CL also allows to use arbitrary number of feedback vector elements for particular slot kind.

Review URL: https://codereview.chromium.org/1370303004

Cr-Commit-Position: refs/heads/master@{#31050}
      90998947
  41. 30 Sep, 2015 1 commit
  43. 29 Sep, 2015 1 commit
    • bmeurer's avatar
      [es6] Introduce %ToInteger and %ToLength. · 93b2b262
      bmeurer authored 
      This adds ES6 compliant Object::ToInteger, Object::ToInt32,
Object::ToUint32 and Object::ToLength, and replaces the old
Execution wrappers of those abstract operations (which were
not using the correct ToPrimitive).

This also introduces proper %ToInteger and %ToLength runtime
entries, with a fast path %_ToInteger supported in fullcodegen
and Crankshaft (for now). Internal JavaScript code should use
TO_INTEGER and TO_LENGTH respectively.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1378533002

Cr-Commit-Position: refs/heads/master@{#30993}
      93b2b262
  45. 28 Sep, 2015 1 commit
    • bmeurer's avatar
      [crankshaft] Add support for %_ToString. · 6266a9d6
      bmeurer authored 
      Also support %_ToString in Crankshaft utilizing the ToStringStub, which
is also used in TurboFan and fullcodegen. This is necessary to repair a
regression on Octane that was introduced when switching from the hand
crafted NonStringToString/ToString magic to %_ToString (which properly
supports @@toPrimitive).

BUG=chromium:535953,v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1373743002

Cr-Commit-Position: refs/heads/master@{#30955}
      6266a9d6
  47. 21 Sep, 2015 1 commit
  49. 18 Sep, 2015 1 commit
    • bmeurer's avatar
      [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare. · 593c655a
      bmeurer authored 
      This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
and replaces them with a proper C++ implementation in Object::Compare
and appropriate wrappers Object::LessThan, Object::GreaterThan, and
friends that are intended to be used by a true/false returning CompareIC
in the future, as well as the interpreter.  As a short-term solution we
provide %Compare and %Compare_Strong entry points for the current
CompareIC that return the appropriate integer values expected by
fullcodegen currently.

Now the Abstract Relational Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1350113002

Cr-Commit-Position: refs/heads/master@{#30816}
      593c655a
  51. 09 Sep, 2015 1 commit
    • bmeurer's avatar
      [calls] Consistent call protocol for calls. · b37907ff
      bmeurer authored 
      The number of actual arguments should always be available, there's no
point in trying to optimize away a simple assignment of an immediate to
a register before some calls.

The main motivation is to have a consistent state at the beginning of every
function. Currently the arguments register (i.e. rax or eax) either contains
the number of arguments or some random garbage depending on whether
the callsite decided that the callee might need the information or not.
This causes trouble with runtime implementations of functions that
do not set internal_formal_parameter_count to the DontAdaptArguments
sentinel (we don't have any of those yet), but also makes it impossible
to sanity check the arguments in the callee, because the callee doesn't
know whether the caller decided to pass the number of arguments or
random garbage.

BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1330033002

Cr-Commit-Position: refs/heads/master@{#30648}
      b37907ff
  53. 08 Sep, 2015 1 commit
    • bmeurer's avatar
      [runtime] Replace many buggy uses of %_CallFunction with %_Call. · db2ba190
      bmeurer authored 
      The semantics of the %_CallFunction intrinsic seem to be very unclear,
which resulted in a lot of bugs. Especially the combination with
%IsSloppyModeFunction is always a bug, because the receiver would be
wrapped in the wrong context. So the %IsSloppyModeFunction helper is
gone now, and many of the buggy uses of %_CallFunction are also
eliminated.

If you ever need to call something with a different receiver, then
%_Call is your friend now. It does what you want and implements the
call sequence fully (and correct).

BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1325573004

Cr-Commit-Position: refs/heads/master@{#30634}
      db2ba190