- 13 Jul, 2017 1 commit
-
-
Adam Klein authored
The tail call implementation is hidden behind the --harmony-tailcalls flag, which is off-by-default (and has been unstaged since February). It is known to be broken in a variety of cases, including clusterfuzz security issues (see sample Chromium issues below). To avoid letting the implementation bitrot further on trunk, this patch removes it. Bug: v8:4698, chromium:636914, chromium:724746 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I9cb547101456a582374fdf7b1a3f044a9ef33e5c Reviewed-on: https://chromium-review.googlesource.com/569069 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46651}
-
- 30 Jun, 2017 1 commit
-
-
Leszek Swirski authored
With FCG no longer able to deoptimize, we can remove the "push" version of output frame state combine, as deoptimisation to bytecode is always the PokeAt variant. Bug: v8:6409 Change-Id: I9b6d38a7441ca834835615c238228fa8a75a027b Reviewed-on: https://chromium-review.googlesource.com/557866 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#46355}
-
- 22 Jun, 2017 1 commit
-
-
danno authored
This CL leverages and extends the deopt-to-stub mechanisms previously introduced to support deopting from CSA-built builtins (e.g. Array.prototype.forEach). BUG=v8:6373 LOG=N Review-Url: https://codereview.chromium.org/2890363002 Cr-Commit-Position: refs/heads/master@{#46144}
-
- 14 Jun, 2017 1 commit
-
-
Michael Starzinger authored
This removes support for reconstructing stack frames for full-codegen from the deoptimizer. We no longer deoptimize to such code. This also allows us to remove the {DeoptimizationOutputData} data structure. R=jarin@chromium.org BUG=v8:6409 Change-Id: Id28ef05aa985b6877b5c91926a7d7d0d6d6e661d Reviewed-on: https://chromium-review.googlesource.com/535537Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45943}
-
- 07 Jun, 2017 1 commit
-
-
danno authored
This CL contains a few pieces: - A new mechanism to create "BuiltinContinuation" checkpoints in TurboFan graphs, which--when triggered--swizzle the values in the the FrameState to be parameters to a typically TF-generated builtin that resumes execution to finish the slow-case functionality. - Continuation builtins that have special handling in the deoptimizer and their own new frame type to ensure that the values they need to begin executing can be stashed away and restored immediately before the builtin is called via a trampoline that runs when the continuation builtin's frame execution resumes. - An implementation of Array.prototype.forEach in TurboFan that can be used to inline it. The inlined forEach implementation uses the checkpoints mechanism described above to deopt in the middle of the forEach in the cases that optimization invariants are violated. There is a slightly different continuation stub for each deopt point in the forEach implementation to ensure the correct side-effects, i.e. that the deopt of the builtin isn't programmatically observable. Review-Url: https://codereview.chromium.org/2803853005 Cr-Commit-Position: refs/heads/master@{#45764}
-
- 22 May, 2017 1 commit
-
-
Wiktor Garbacz authored
Change-Id: I20ed35a7fb5104a9cc66bb54fa8966589c43d7f9 Reviewed-on: https://chromium-review.googlesource.com/507287Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Daniel Clifford <danno@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Jochen Eisinger <jochen@chromium.org> Commit-Queue: Wiktor Garbacz <wiktorg@google.com> Cr-Commit-Position: refs/heads/master@{#45458}
-
- 09 Jan, 2017 1 commit
-
-
marja authored
Downside: this adds all kinds of weird includes in the .cc files. (See design doc linked in the bug.) BUG=v8:5402 Review-Url: https://codereview.chromium.org/2622503002 Cr-Commit-Position: refs/heads/master@{#42140}
-
- 01 Aug, 2016 1 commit
-
-
bmeurer authored
Allow inlining of getters and setters into TurboFan optimized code. This just adds the basic machinery required to essentially inline the setter and getter dispatch code for the (keyed) load/store ICs. There'll be follow up CLs to also actually inline some of the interesting accessor functions itself, like the byteLength and friends for the TypedArrays. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2198473002 Cr-Commit-Position: refs/heads/master@{#38192}
-
- 09 Mar, 2016 1 commit
-
-
ishell authored
In case when F was called with incompatible number of arguments (and therefore the arguments adator frame was created), F inlines a tail call of G which then deopts the deoptimizer should also remove the arguments adaptor frame for F. This CL adds required machinery to the deoptimizer. BUG=v8:4698 LOG=N Review URL: https://codereview.chromium.org/1768263004 Cr-Commit-Position: refs/heads/master@{#34610}
-
- 05 Jan, 2016 1 commit
-
-
sigurds authored
Deopt support is added on two levels. On the IR level, a new ObjectState node is added, which represenents an object to be materialized. ObjectState nodes appear as inputs of FrameState and StateValues nodes. On the instruction select/code-generation level, the FrameStateDescriptor class handles the nesting introduced by ObjectState, and ensures that deopt code with CAPTURED_OBJECT/DUPLICATED_OBJECT entries are generated similarly to what crankshaft's escape analysis does. Two unittests test correctness of the IR level implementation. Correctness for instruction selection / code generation is tested by mjsunit tests. R=jarin@chromium.org,mstarzinger@chromium.org BUG=v8:4586 LOG=n Review URL: https://codereview.chromium.org/1485183002 Cr-Commit-Position: refs/heads/master@{#33115}
-
- 18 Dec, 2015 1 commit
-
-
rmcilroy authored
Adds FrameState nodes to graphs built by the Bytecode Graph Builder, in preparation for adding deopt support. Also adds a new FrameStateType::kInterpretedFunction to allow for specialized deopt stack translation for interpreted frames. Finally adds support for disabling typed lowering of binary ops, since the current approach relies on a FrameState hack which does not apply to interpreted frames BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1514413002 Cr-Commit-Position: refs/heads/master@{#32964}
-
- 12 Nov, 2015 1 commit
-
-
mstarzinger authored
This implements a first version of support for constructor call inlining in the inlining machinery. For now we can only inline calls where the actual constructor and the original constructor coincide (i.e. no super constructor calls). Note that the target of a super constructor call is loaded with a runtime call, so there is no way for it to be constant promoted at the moment. R=bmeurer@chromium.org BUG=v8:4544 LOG=n Review URL: https://codereview.chromium.org/1435873002 Cr-Commit-Position: refs/heads/master@{#31954}
-
- 12 Aug, 2015 1 commit
-
-
mstarzinger authored
This tries to remove includes of "-inl.h" headers from normal ".h" headers, thereby reducing the chance of any cyclic dependencies and decreasing the average size of our compilation units. Note that this change still leaves 7 violations of that rule in the code. However there now is the "tools/check-inline-includes.sh" tool detecting such violations. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1283033003 Cr-Commit-Position: refs/heads/master@{#30125}
-
- 23 Jun, 2015 1 commit
-
-
jarin authored
This also threads through the parameter count and local count to the instruction selector. This will be later used to allow merging of various StateValues vector (and prepare for differential encoding which will not distinguish between parameters, locals and expression stack). BUG= Review URL: https://codereview.chromium.org/1191243003 Cr-Commit-Position: refs/heads/master@{#29214}
-
- 28 May, 2015 1 commit
-
-
bmeurer authored
We need the shared function info of inlined functions to prevent code flushing for their unoptimized code, and also to make sure that liveedit can find the proper functions to deoptimize. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1156403002 Cr-Commit-Position: refs/heads/master@{#28677}
-
- 15 May, 2015 1 commit
-
-
bmeurer authored
First step towards support for inlining based on SharedFunctionInfo instead of JSFunction. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1134713004 Cr-Commit-Position: refs/heads/master@{#28419}
-
- 11 May, 2015 1 commit
-
-
titzer authored
R=jarin@chromium.org BUG= Review URL: https://codereview.chromium.org/1131853002 Cr-Commit-Position: refs/heads/master@{#28330}
-