Skip to content

V
V8
Switch branch/tag
  1. 19 Nov, 2020 1 commit
  3. 11 Feb, 2020 1 commit
    • Nico Hartmann's avatar
      [torque] Reduce generated CSA variables and labels · 89b248b6
      Nico Hartmann authored 
      This CL significantly reduces the size of CSA files generated from
torque by introducing only those Phis at block entry that are
required and otherwise uses defined values directly.

To do so it does:
- Define a DefinitionLocation that represents where a value is
  defined.
- For each block compute all the definitions that reach that
  block and introduce a phi iff the reaching definitions for a value
  are not the same for all predecessor blocks.
- In CSAGenerator map all DefinitionLocations to variables, such that
  if the same value is used in multiple blocks, it is mapped to the
  same variable without the need to pass it along the jump. This
  reduces both the arguments passed to Goto, Branch, ... and the
  variables that need to be passed to Bind when the block's label is
  bound. This reduces the number of temporary variables
  significantly. Temporaries are declared outside of blocks now
  in order to be accessible from other blocks.

Drive-by changes:
- Sequences of SetSourcePosition calls are merged if no output is
  generated between them.
- Dead blocks are no longer generated in release builds.

Bug: v8:9861
Change-Id: I5c30e5376e93c424c3ebfc5144a08592d77ae61f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2037444
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66225}
      89b248b6
  5. 20 Dec, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] multiple arrays in one object · 59e8d45a
      Tobias Tebbi authored 
      This allows the definition of classes with several arrays and ports
SmallOrderedHashTable subclasses to Torque as an example, including
the existing CSA allocation functions for them.

Overview of changes:
- Introduce ResidueClass to encapsulate the modulo-arithmetic
  necessary to do alignment checks.
- Add MachineOperatorReducer to the CSA pipeline to address now
  missing CSA ad-hoc constant folding that got blocked by a
  temporary phi.
- Allow assignments to references to structs. This is needed to
  initialize the data_table part of SmallOrderedHashMap.
- Make the NumberLiteralExpression AST-node store a double instead
  of a string. This is necessary to detect arrays with constant size
  used for padding.
- Turn offsets into base::Optional<size_t> to ensure we don't use
  an invalid or statically unknown offset.
- Remove CreateFieldReferenceInstruction since it doesn't work for
  complex offset computations and the logic can be expressed better
  in ImplementationVisitor.
- Validate alignment of structs embedded in classes.

Bug: v8:10004 v8:7793
Change-Id: Ifa414b42278e572a0c577bf9da3d37f80771a258
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958011
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65538}
      59e8d45a
  7. 17 Dec, 2019 1 commit
    • Seth Brenith's avatar
      [torque] Load and store bitfields · d5f180b7
      Seth Brenith authored 
      This change implements support for reading and writing bitfields from
Torque code, and adds a couple of unit tests for this functionality. As
Tobias suggested, the LocationReference for a bitfield access contains
a nested LocationReference to where the bitfield struct is stored, so
that store operations can read the original value, update part of it,
and write it back.

Bug: v8:7793
Change-Id: I1004a5c7fcb6cf58df5ad50109b114bf89c80efc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1957841
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65487}
      d5f180b7
  9. 10 Dec, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] allow allocation of strings · 8ed9be48
      Tobias Tebbi authored 
      This CL generalizes and improves how we handle allocations in Torque.

Overview of the changes:
- Remove obsolete special handling for JSObject classes, since it was
  incomplete: It breaks as soon as slack tracking is active.
- Handle array initialization using slices.
- Properly align allocation sizes. This enabled allocating strings.
- Port AllocateSeq{One,Two}ByteString to Torque, which is much easier
  now than the old CSA code since allocation size alignment and
  large-object space allocation just happen out-of-the-box.
- Remove obsolete or unnecessary intrinsics, some of them turn into
  macros in the torque_internal namespace.
- Distinguish between header size and overall size for ClassType,
  make size optional and only defined when it is statically known.


Bug: v8:10004 v8:7793
Change-Id: I623db233e7fb4deed54e8039ae0c24705e9a44e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932356Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65397}
      8ed9be48
  11. 30 Aug, 2019 1 commit
    • Georg Schmid's avatar
      [torque] Add HeapSlice location references to Torque · cbf01502
      Georg Schmid authored 
      This CL adds a LocationReference specifically for slices to Torque. This allows us to safely reference arrays in objects and pass around such references. For an array of T-typed elements, referencing yields a Slice<T>. In addition, the traditional element access syntax ('o.array[i]') now internally produces a slice, indexes it at 'i' and dereferences the resulting HeapReference.

Bug: v8:7793
Change-Id: I4af58e4d2feac547c55a1f6f9350a6c510383df2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771782
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63479}
      cbf01502
  13. 26 Aug, 2019 1 commit
    • Tobias Tebbi's avatar
      Reland "[torque] introduce JSAny type for user-accessible JavaScript values" · 1ef99b93
      Tobias Tebbi authored 
      Changes in the reland: Rebased and added a check that JavaScript-linkage
builtins use JSAny in parameters and return type, plus the necessary
cleanups for this test to pass.

Design Doc: https://docs.google.com/document/d/1z6j0pWHnNIfId0v00uWN2HBrGRDJxJfYuCr5K7Kr1xA

This reverts commit 4418a7b9.

Original change's description:
> Revert "[torque] introduce JSAny type for user-accessible JavaScript values"
>
> This reverts commit 79b00555.
>
> Reason for revert: needs more discussion
>
> Original change's description:
> > [torque] introduce JSAny type for user-accessible JavaScript values
> >
> > This CL introduces a JSAny type for user-exposed JavaScript values and
> > a few new types to define it. Especially, it splits Symbol into
> > PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
> > symbols).
> >
> > The change is mostly mechanical, but a few things are interesting:
> > - PropertyKey and JSPrimitive were designed to coincide with the spec
> >   notions of IsPropertyKey() and primitive value, respectively.
> > - Since Name is an open type, we define AnyName to be the known
> >   subtypes of Name. This is not too elegant, but by using AnyName
> >   instead of Name, typeswitch can properly conclude something if a
> >   subtype of Name is excluded.
> >
> > Small drive-by changes, which were necessary:
> > - Allow subtyping on label parameters.
> > - Fix the formatting of typeswitch, it was broken with union types
> >   in case types.
> >
> > Bug: v8:7793
> > Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#63114}
>
> TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org
>
> Change-Id: Ifde7881d74afe407628f40047997339d54cb2424
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:7793
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63115}

TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7793
Change-Id: Icca34e3824f55009b984d9348fd21884400f0081
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1769316
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63395}
      1ef99b93
  15. 07 Aug, 2019 2 commits
    • Tobias Tebbi's avatar
      Revert "[torque] introduce JSAny type for user-accessible JavaScript values" · 4418a7b9
      Tobias Tebbi authored 
      This reverts commit 79b00555.

Reason for revert: needs more discussion

Original change's description:
> [torque] introduce JSAny type for user-accessible JavaScript values
> 
> This CL introduces a JSAny type for user-exposed JavaScript values and
> a few new types to define it. Especially, it splits Symbol into
> PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
> symbols).
> 
> The change is mostly mechanical, but a few things are interesting:
> - PropertyKey and JSPrimitive were designed to coincide with the spec
>   notions of IsPropertyKey() and primitive value, respectively.
> - Since Name is an open type, we define AnyName to be the known
>   subtypes of Name. This is not too elegant, but by using AnyName
>   instead of Name, typeswitch can properly conclude something if a
>   subtype of Name is excluded.
> 
> Small drive-by changes, which were necessary:
> - Allow subtyping on label parameters.
> - Fix the formatting of typeswitch, it was broken with union types
>   in case types.
> 
> Bug: v8:7793
> Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63114}

TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org

Change-Id: Ifde7881d74afe407628f40047997339d54cb2424
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63115}
      4418a7b9
    • Tobias Tebbi's avatar
      [torque] introduce JSAny type for user-accessible JavaScript values · 79b00555
      Tobias Tebbi authored 
      This CL introduces a JSAny type for user-exposed JavaScript values and
a few new types to define it. Especially, it splits Symbol into
PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
symbols).

The change is mostly mechanical, but a few things are interesting:
- PropertyKey and JSPrimitive were designed to coincide with the spec
  notions of IsPropertyKey() and primitive value, respectively.
- Since Name is an open type, we define AnyName to be the known
  subtypes of Name. This is not too elegant, but by using AnyName
  instead of Name, typeswitch can properly conclude something if a
  subtype of Name is excluded.

Small drive-by changes, which were necessary:
- Allow subtyping on label parameters.
- Fix the formatting of typeswitch, it was broken with union types
  in case types.

Bug: v8:7793
Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63114}
      79b00555
  17. 26 Jul, 2019 1 commit
  19. 11 Apr, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] add references to HeapObject fields. · a9a1a3bb
      Tobias Tebbi authored 
      This adds references to HeapObject fields to Torque.
The syntax is based on Rust (which is essentially C pointer syntax).

The type &T is a reference to T (which must be a scalar type for now).
We can create references from field access expressions, using the
addressof(&) operator:
  &obj.fieldname
To read or assign a reference, we use the dereference(*) operator:
  *someref = *otherref

This CL also uses references internally normal class field accesses,
but only if there is no overload for field accessor functions.
This allows to have overloaded field accessors for a subtype like
FastJSArray. However, there is a change in behavior in that an
operator ".fieldname" will stop reference creation and will therefore
also stop write access to a class field of the same name. That's why
this CL had to add a write overload ".length=" for FastJSArray.

References desugar to a pair of a tagged HeapObject pointer and an
untagged offset into this HeapObject. On the CSA-side, they are
represented by the C++ struct

struct TorqueReference {
  TNode<HeapObject> object;
  TNode<IntPtrT> offset;
};

Bug: v8:7793
Change-Id: Ica6468d47847bd68fb6b85f731cf8fbe142fa401
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557151
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60780}
      a9a1a3bb
  21. 10 Jan, 2019 1 commit
    • Daniel Clifford's avatar
      [torque]: Class declarations · d0e95c7a
      Daniel Clifford authored 
      Class declarations support structured heap data that is a subtype of
HeapObject. Only fields of Object subtypes (both strong and weak)
are currently supported (no scalar fields yet).

With this CL, both the field list macro used with the C++
DEFINE_FIELD_OFFSET_CONSTANTS macro (to make field offset constants) as
well as the Torque "operator '.field'" macros are generated for the
classes declared in Torque. This is a first step to removing the
substantial amount of duplication and boilerplate code
needed to declare heap object classes.

As a proof of concept, and handful of class field definitions,
including those for non trivial classes like JSFunction, have been
moved to Torque.

Bug: v8:7793
Change-Id: I2fa0b53db65fa6f5fe078fb94e1db3418f908753
Reviewed-on: https://chromium-review.googlesource.com/c/1373971
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58704}
      d0e95c7a
  23. 17 Dec, 2018 1 commit
    • Jakob Gruber's avatar
      [nojit] Add a kCallBuiltinPointer call kind · f323a5f4
      Jakob Gruber authored 
      Currently, Torque's builtin pointers store a Code target underneath and
callsites generate a kArchCallCodeObject opcode. When embedded builtins
are enabled, the call thus first calls the on-heap trampoline, which
finally jumps to the target off-heap builtin code.

This will no longer be possible in jitless mode, since on-heap code must
not be executable.

As a step towards changing the way builtin pointers are called
(function pointers will hold the builtin index as a Smi, and callsites
look up the off-heap target address and jump there), this CL adds a
dedicated opcode for builtin pointer calls to the compiler pipeline.

The calling mechanism itself is unchanged, changes there will happen
in a follow-up.

Drive-by: rename 'FunctionPointer' in torque/ to 'BuiltinPointer'.

Bug: v8:7777
Change-Id: Ic999a1cd7c3172425dd4a1513ae2f50c774faddb
Reviewed-on: https://chromium-review.googlesource.com/c/1378175Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58281}
      f323a5f4
  25. 22 Nov, 2018 1 commit
  27. 21 Nov, 2018 2 commits
  29. 13 Nov, 2018 1 commit
  31. 05 Nov, 2018 1 commit
    • Tobias Tebbi's avatar
      [torque] cleanup generics and scopes · 06c8ce59
      Tobias Tebbi authored 
      - Name lookup in module scopes has namespace semantics now: All
  overloads from all parent modules are combined before overload
  resolution.
- Allow overloads of different callables: runtime-functions,
  macros, builtins, and generics.
- The duplication between the DeclarationVisitor and the
  ImplementationVisitor is removed: The DeclarationVisitor creates
  declarables for everything except for implicit generic specializations.
  The ImplementationVisitor iterates over declarables.
  The DeclarationVisitor only looks at the header of declarations, not
  at the body.
- Modules become Declarable's, which will enable them to be nested.
- Modules replace the existing Scope chain mechanism, which will make it
  easier to inline macros.
- The DeclarationVisitor and Declarations become stateless. All state is
  moved to contextual variables and the GlobalContext.
- Implicit specializations are created directly from the
  ImplementationVisitor. This will enable template parameter inference.
- As a consequence, the list of all builtins is only available after the
  ImplementationVisitor has run. Thus GenerateBuiltinDefinitions has to
  move to the ImplementationVisitor. Also, this makes it necessary to
  resolve the link from function pointer types to example builtins only
  at this point.


Bug: v8:7793
Change-Id: I61cef2fd3e954ab148c252974344a6e38ee2d01d
Reviewed-on: https://chromium-review.googlesource.com/c/1304294
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarDaniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57231}
      06c8ce59
  33. 02 Nov, 2018 1 commit
  35. 31 Oct, 2018 3 commits
  37. 29 Oct, 2018 1 commit
  39. 16 Oct, 2018 1 commit
  41. 04 Oct, 2018 1 commit