- 30 Mar, 2017 1 commit
-
-
bmeurer authored
Recognize the Boolean constructor calls in JSCallReducer and replace them with simple JSToBoolean nodes. R=yangguo@chromium.org BUG=v8:5267,v8:6169 Review-Url: https://codereview.chromium.org/2782143003 Cr-Commit-Position: refs/heads/master@{#44259}
-
- 29 Mar, 2017 1 commit
-
-
bmeurer authored
When we call from TurboFan to a CSA or C++ builtin, we can avoid the ArgumentsAdaptorFrame in case of a parameter arity mismatch by just filling up missing arguments with undefined or removing additional arguments on the call site already. This is safe for CSA/C++ builtins, since those that care about variable arguments are marked with the kDontAdaptArgumentsSentinel. R=danno@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2684963002 Cr-Commit-Position: refs/heads/master@{#44218}
-
- 15 Mar, 2017 1 commit
-
-
bmeurer authored
For the old asm.js pipeline, there's no point in running either the JSCallReducer or the JSNativeContextSpecialization, as both will not kick in for any asm.js relevant code. So remove the kDeoptimizationEnabled flag from both of them and just run them on regular JavaScript only. Drive-by-fix: Slightly rearrange keyed access to String receivers in the JSNativeContextSpecialization::ReduceKeyedAccess method to access constant characters independent of the IC mode (as long as the constant index is within the range of the receiver). BUG=v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2743253002 Cr-Commit-Position: refs/heads/master@{#43813}
-
- 06 Mar, 2017 1 commit
-
-
franzih authored
DataPropertyParameters are not specific to StoreDataProperty. Rename it to FeedbackParameter, so it can be used for similar ICs, e.g., future CollectTypeProfile. Also, the parameter for spread calls contains just one parameter, remove the plural s. BUG= Review-Url: https://codereview.chromium.org/2725263003 Cr-Commit-Position: refs/heads/master@{#43604}
-
- 03 Mar, 2017 1 commit
-
-
franzih authored
The parameters for ConstructWithSpread and CallWithSpread both contain the arity for JavaScript calls with a spread as the last parameter and have the same functionality. Simplify them as one parameter. BUG= Review-Url: https://codereview.chromium.org/2729143002 Cr-Commit-Position: refs/heads/master@{#43581}
-
- 28 Feb, 2017 1 commit
-
-
tebbi authored
The new NewUnmappedArgumentsElements node now takes two inputs: - the frame holding the arguments (current frame or arguments adaptor frame) - the length of the suffix of passed arguments to be copied into the backing store These inputs are computed with two new node types: ArgumentsFrame() ArgumentsLength[formal_parameter_count,is_rest_length](Node* arguments_frame) The node type NewRestParameterElements can now be expressed with NewUnmappedArgumentsElements and an appropriate length and is thus not needed anymore. In escape analysis, we lower loads from the length field of NewUnmappedArgumentsElements with its length input and if we find out that no write access to the arguments elements exists, we replace element loads with direct stack access and replace the NewUnmappedArgumentsElements node with a node of the new node type ArgumentsElementsState. This corresponds to an ObjectState node and gets translated into a deoptimizer instruction to allocate the backing store. Together with the already existing deoptimizer support for the actual arguments object/rest parameters, this allows to remove all allocations for arguments objects/rest parameters in this case. In the deoptimizer, we read the actual parameters from the stack while transforming the static deopt info into TranslatedValue objects. If escape analysis cannot remove the backing store allocation, NewUnmappedArgumentsElements gets lo BUG=v8:5726 Review-Url: https://codereview.chromium.org/2692753004 Cr-Commit-Position: refs/heads/master@{#43475}
-
- 27 Feb, 2017 1 commit
-
-
bmeurer authored
Don't just blindly bake in CallIC feedback in the JSCallReducer, but instead try to estimate first whether it makes sense to bake it in (and risk potential eager deoptimization exits). We already didn't use the CallIC feedback when the call target is a known constant, but we should also not use it if the target is a JSCreateClosure node or a Phi of known constants / JSCreateClosure nodes. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2721483003 Cr-Commit-Position: refs/heads/master@{#43443}
-
- 22 Feb, 2017 1 commit
-
-
Michael Starzinger authored
This fixes a corner-case where the call reduction of the aforementioned getter did not simulate the {ToObject} conversion of the receiver value as required by the spec. This caused the wrong prototype to be constant promoted (i.e. {null} instead of wrapper object prototype). R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-694709 BUG=chromium:694709 Change-Id: Idf3a37071949d9ddaf5ef43974570c06fd31c0c9 Reviewed-on: https://chromium-review.googlesource.com/445818Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43376}
-
- 20 Feb, 2017 1 commit
-
-
bmeurer authored
Unify the three different implementations of InferReceiverMaps, which were basically copy&paste with slightly different optimizations applied later into a single NodeProperties::InferReceiverMaps helper, which also returns a ZoneHandleSet of maps, rather than only a single map. BUG=v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2703133003 Cr-Commit-Position: refs/heads/master@{#43318}
-
- 08 Feb, 2017 1 commit
-
-
Peter Marshall authored
Where the arguments have already been inlined, we can replace these calls with a direct call. We have to make sure that the iteration over the arguments is not observable. Also factor out the large chunk of logic shared with ReduceJSConstructWithSpread. BUG=v8:5932 Change-Id: I6c4fac670028fbd8ca82c4474d4392231573bc49 Reviewed-on: https://chromium-review.googlesource.com/439329Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#43039}
-
- 07 Feb, 2017 1 commit
-
-
ishell@chromium.org authored
... and TypeFeedbackMetadata to FeedbackMetadata. BUG= Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c Reviewed-on: https://chromium-review.googlesource.com/439244 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#42999}
-
- 03 Feb, 2017 1 commit
-
-
tebbi authored
R=jarin@chromium.org BUG= Review-Url: https://codereview.chromium.org/2664423003 Cr-Commit-Position: refs/heads/master@{#42916}
-
- 02 Feb, 2017 1 commit
-
-
bmeurer authored
Rename the CallIC factory method to CallICTrampoline and the CallICInOptimizedCode to CallIC to match the naming of the stubs and better reflect their functionality. R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2670073002 Cr-Commit-Position: refs/heads/master@{#42876}
-
- 01 Feb, 2017 2 commits
-
-
petermarshall authored
Review-Url: https://codereview.chromium.org/2666783007 Cr-Commit-Position: refs/heads/master@{#42847}
-
petermarshall authored
Review-Url: https://codereview.chromium.org/2662263002 Cr-Commit-Position: refs/heads/master@{#42836}
-
- 30 Jan, 2017 1 commit
-
-
petermarshall authored
Where the arguments have already been inlined, we can replace these calls with a direct call to construct. We have to make sure that the iteration over the arguments is not observable. BUG=v8:5895 Review-Url: https://codereview.chromium.org/2659623002 Cr-Commit-Position: refs/heads/master@{#42765}
-
- 26 Jan, 2017 2 commits
-
-
bmeurer authored
BUG=chromium:685634 R=ishell@chromium.org Review-Url: https://codereview.chromium.org/2658853002 Cr-Commit-Position: refs/heads/master@{#42713}
-
bmeurer authored
We turn a JSCallFunction node for f.apply(receiver, arguments) into a JSCallForwardVarargs node, when the arguments refers to the arguments of the outermost optimized code object, i.e. not an inlined arguments, and the apply method refers to Function.prototype.apply, and there's no other user of arguments except in frame states. We also replace the arguments node in the graph with a marker for the Deoptimizer similar to Crankshaft to make sure we don't materialize unused arguments just for the sake of deoptimization. We plan to replace this with a saner EscapeAnalysis based solution soon. R=jarin@chromium.org BUG=v8:5267,v8:5726 Review-Url: https://codereview.chromium.org/2655233002 Cr-Commit-Position: refs/heads/master@{#42680}
-
- 25 Jan, 2017 1 commit
-
-
bmeurer authored
In the JSCallReducer we'd inline certain builtins like the Array constructor or Function builtins across native contexts, which at this point should be mostly safe, but might lead to cross context leaks in the future (as it's not obvious that the JSCallReducer) doesn't maintain this invariant. So better safe than sorry. R=yangguo@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2651133002 Cr-Commit-Position: refs/heads/master@{#42643}
-
- 18 Jan, 2017 1 commit
-
-
epertoso authored
BUG= Review-Url: https://codereview.chromium.org/2635243002 Cr-Commit-Position: refs/heads/master@{#42439}
-
- 09 Jan, 2017 1 commit
-
-
cbruni authored
The pattern IsNull(isolate) || IsUndefined(isolate) is used in many places all over the code base. Review-Url: https://codereview.chromium.org/2601503002 Cr-Commit-Position: refs/heads/master@{#42138}
-
- 22 Dec, 2016 1 commit
-
-
bmeurer authored
Similar to Crankshaft use the CallIC to continue gathering feedback for uninitialized call sites instead of inserting a soft deopt. R=mvstanton@chromium.org Review-Url: https://codereview.chromium.org/2597173002 Cr-Commit-Position: refs/heads/master@{#41927}
-
- 20 Dec, 2016 1 commit
-
-
jochen authored
BUG=none R=epertoso@chromium.org,mvstanton@chromium.org,cbruni@chromium.org Review-Url: https://codereview.chromium.org/2588363002 Cr-Commit-Position: refs/heads/master@{#41854}
-
- 08 Dec, 2016 1 commit
-
-
epertoso authored
BUG= Review-Url: https://codereview.chromium.org/2555223002 Cr-Commit-Position: refs/heads/master@{#41590}
-
- 29 Nov, 2016 1 commit
-
-
bmeurer authored
For bound functions on the right-hand side of instanceof we can constant-fold to the actual [[BoundTargetFunction]], actually instance OrdinaryHasInstance. Move the Function.prototype[@@hasInstance] reduction up to the JSCallReducer to allow this optimization to become effective (and also enable other optimizations). BUG=v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2537763002 Cr-Commit-Position: refs/heads/master@{#41352}
-
- 23 Nov, 2016 1 commit
-
-
mstarzinger authored
This fixes the message reported via the {TypeError} thrown when trying to call a non-constructable function as a constructor. Also adds some more related message tests for similar exceptions. R=bmeurer@chromium.org TEST=message/call-non-constructable BUG=chromium:661579 Review-Url: https://codereview.chromium.org/2523803003 Cr-Commit-Position: refs/heads/master@{#41220}
-
- 07 Nov, 2016 1 commit
-
-
bmeurer authored
We need to rename the receiver on CheckHeapObject, because we don't canonicalize numbers in SignedSmall range, and thus we the representation selection can hand out TaggedSigned values for receiver uses, even though we checked for TaggedPointerness first. Note that this is rather hacky and just intended to fix the bug ASAP. We need to think about how to deal with representations in earlier compilation stages. BUG=chromium:662410 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2485563002 Cr-Commit-Position: refs/heads/master@{#40792}
-
- 17 Oct, 2016 1 commit
-
-
bmeurer authored
In the JSCallReducer, recognize and inline calls to the __proto__ getter on the %ObjectPrototype%. R=yangguo@chromium.org BUG=chromium:655963 Review-Url: https://codereview.chromium.org/2421923002 Cr-Commit-Position: refs/heads/master@{#40335}
-
- 10 Oct, 2016 1 commit
-
-
bmeurer authored
There were once plans to generate cross-context code with TurboFan, however that doesn't fit into the model anymore, and so all of this is essentially dead untested code (and thus most likely already broken in subtle ways). With this mode still in place it would also be a lot harder to make inlining based on SharedFunctionInfo work. BUG=v8:2206,v8:5499 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2406803002 Cr-Commit-Position: refs/heads/master@{#40109}
-
- 22 Sep, 2016 1 commit
-
-
bmeurer authored
If a JSCallFunction node doesn't have any callee information, either from feedback taken on input nodes, i.e. on property loads, or from the CallIC, we insert a soft deoptimization exit instead. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2361773002 Cr-Commit-Position: refs/heads/master@{#39619}
-
- 14 Sep, 2016 2 commits
-
-
bmeurer authored
Extract the call counts from the type feedback vector during graph building (either via the AstGraphBuilder or the BytecodeGraphBuilder), and put them onto the JSCallFunction and JSCallConstruct operators, so that they work even across inlinine through .apply and .call (which was previously hacked by creating a temporary type feedback vector for those). The next logic step will be to make those call counts into real relative call frequencies (also during graph building), so that we can make inlining decisions that make sense for the function being optimized (where absolute values are misleading). R=jarin@chromium.org BUG=v8:5267,v8:5372 Review-Url: https://codereview.chromium.org/2330883002 Cr-Commit-Position: refs/heads/master@{#39400}
-
mvstanton authored
BUG= Review-Url: https://codereview.chromium.org/2333243004 Cr-Commit-Position: refs/heads/master@{#39398}
-
- 08 Aug, 2016 1 commit
-
-
bmeurer authored
This parameter was never used and doesn't seem like it would ever be useful, so it's gone now. R=epertoso@chromium.org Review-Url: https://codereview.chromium.org/2221043002 Cr-Commit-Position: refs/heads/master@{#38453}
-
- 03 Aug, 2016 1 commit
-
-
mstarzinger authored
This completely removes the ability from nodes to point directly to the frame state representing their eager bailout point. All nodes now either have zero or one frame state inputs. These frame states can by now be found via checkpoints in the graph. R=bmeurer@chromium.org BUG=v8:5021 Review-Url: https://codereview.chromium.org/2020323004 Cr-Commit-Position: refs/heads/master@{#38282}
-
- 30 Jun, 2016 1 commit
-
-
bmeurer authored
This adds a new CheckIf operator and changes all direct uses of DeoptimizeIf and DeoptimizeUnless on the JavaScript level to use CheckIf (or one of the more concrete check operators) instead. This way we do not depend on particular frame states, but the effect/control linearizer will assign an appropriate frame state instead. R=jarin@chromium.org BUG=v8:5141 Review-Url: https://codereview.chromium.org/2115513002 Cr-Commit-Position: refs/heads/master@{#37423}
-
- 16 Jun, 2016 1 commit
-
-
jarin authored
Review-Url: https://codereview.chromium.org/2035383003 Cr-Commit-Position: refs/heads/master@{#37024}
-
- 14 Jun, 2016 1 commit
-
-
cbruni authored
Reland of place all remaining Oddball checks with new function (patchset #1 id:1 of https://codereview.chromium.org/2060213002/ ) Reason for revert: Cannot reproduce gc-stress failures locally. Original issue's description: > Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ ) > > Reason for revert: > failing tests > > Original issue's description: > > Replace all remaining Oddball checks with new function > > > > This CL removes the IsUndefined() and Co. methods from Object and HeapObject. > > The new method all take the isolate as parameter. > > > > BUG= > > > > Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5 > > Cr-Commit-Position: refs/heads/master@{#36921} > > TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org > # Skipping CQ checks because original CL landed less than 1 days ago. > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG= > > Committed: https://crrev.com/33b8bc24a12fb062100c0be84456faeb0b9fa5d1 > Cr-Commit-Position: refs/heads/master@{#36923} TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org BUG= Review-Url: https://codereview.chromium.org/2059173002 Cr-Commit-Position: refs/heads/master@{#36957}
-
- 13 Jun, 2016 2 commits
-
-
cbruni authored
Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ ) Reason for revert: failing tests Original issue's description: > Replace all remaining Oddball checks with new function > > This CL removes the IsUndefined() and Co. methods from Object and HeapObject. > The new method all take the isolate as parameter. > > BUG= > > Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5 > Cr-Commit-Position: refs/heads/master@{#36921} TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2060213002 Cr-Commit-Position: refs/heads/master@{#36923}
-
cbruni authored
This CL removes the IsUndefined() and Co. methods from Object and HeapObject. The new method all take the isolate as parameter. BUG= Review-Url: https://codereview.chromium.org/2043183003 Cr-Commit-Position: refs/heads/master@{#36921}
-
- 06 Jun, 2016 1 commit
-
-
cbruni authored
Passing in the isolate and pointer compare the instnance against the corresponding constant is always faster than decoding the instance types. BUG= Review-Url: https://codereview.chromium.org/2028983002 Cr-Commit-Position: refs/heads/master@{#36744}
-