1. 17 Sep, 2018 2 commits
  2. 13 Sep, 2018 1 commit
  3. 07 Sep, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Introduce a pure StringConcat operator. · e56b6d24
      Benedikt Meurer authored
      This replaces the previous CheckStringAdd operator which deopts in case
      the combined length overflows with a dedicated pure StringConcat operator.
      This operator is similar to NewConsString in that it takes the resulting
      length plus the two input strings. The operator relies on the length
      being checked explicitly by the surrounding code instead of baking the
      check into the operator itself. This way TurboFan can eliminate
      redundant/unnecessary StringConcat operations, since they are pure now.
      
      This also unifies the treatment of string addition in JSTypedLowering,
      and generalizes the StringLength constant-folding to apply to more cases
      not just the JSAdd cases inside JSTypedLowering.
      
      Bug: v8:7902, v8:8015
      Change-Id: I987ec39815a9464fd5fd9c4f7b26b709f94f2b3f
      Reviewed-on: https://chromium-review.googlesource.com/1213205Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55725}
      e56b6d24
  4. 23 Jul, 2018 1 commit
  5. 17 Jul, 2018 2 commits
  6. 10 Jul, 2018 1 commit
  7. 09 Jul, 2018 1 commit
  8. 06 Jul, 2018 2 commits
    • Georg Neis's avatar
      Move CompilationDependencies into compiler. · cf87e94c
      Georg Neis authored
      - Move the CompilationDependencies member of OptimizedCompilationInfo
        to Turbofan's PipelineData (and thus into the compiler namespace).
      - Move compilation-dependencies.{cc,h} to the compiler directory.
      
      Bug: v8:7902
      Change-Id: I5471d0923daf83abe975357325db5bc5ad0a8571
      Reviewed-on: https://chromium-review.googlesource.com/1127793
      Commit-Queue: Georg Neis <neis@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54295}
      cf87e94c
    • Georg Neis's avatar
      Reland^2 "[turbofan] Rewrite CompilationDependencies" · a1cb1eb9
      Georg Neis authored
      This is a reland of 4b9b9b68, which
      accidentally disabled optimization after dependency changes (instead
      of retrying).
      
      TBR=jarin@chromium.org
      TBR=mstarzinger@chromium.org
      
      Original change's description:
      > Reland "[turbofan] Rewrite CompilationDependencies"
      >
      > This is a reland of 52a10e50, after
      > eliminating an invalid assumption about maps.
      >
      > TBR=jarin@chromium.org
      > TBR=mstarzinger@chromium.org
      >
      > Original change's description:
      > > [turbofan] Rewrite CompilationDependencies
      > >
      > > Instead of installing code dependencies during graph reduction,
      > > install them after code generation.
      > >
      > > Bug: v8:7902, v8:7790
      > > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
      > > Reviewed-on: https://chromium-review.googlesource.com/1119913
      > > Commit-Queue: Georg Neis <neis@chromium.org>
      > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#54170}
      >
      > Bug: v8:7902, v8:7790
      > Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
      > Reviewed-on: https://chromium-review.googlesource.com/1126999
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Commit-Queue: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54254}
      
      Bug: v8:7902, v8:7790
      Change-Id: I2b7a7d186e03990350e375470569177e3309683c
      Reviewed-on: https://chromium-review.googlesource.com/1127579
      Commit-Queue: Georg Neis <neis@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54280}
      a1cb1eb9
  9. 05 Jul, 2018 2 commits
    • Georg Neis's avatar
      Revert "Reland "[turbofan] Rewrite CompilationDependencies"" · 9d8d074d
      Georg Neis authored
      This reverts commit 4b9b9b68.
      
      Reason for revert: Regresses Octane.
      
      Original change's description:
      > Reland "[turbofan] Rewrite CompilationDependencies"
      > 
      > This is a reland of 52a10e50, after
      > eliminating an invalid assumption about maps.
      > 
      > TBR=jarin@chromium.org
      > TBR=mstarzinger@chromium.org
      > 
      > Original change's description:
      > > [turbofan] Rewrite CompilationDependencies
      > >
      > > Instead of installing code dependencies during graph reduction,
      > > install them after code generation.
      > >
      > > Bug: v8:7902, v8:7790
      > > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
      > > Reviewed-on: https://chromium-review.googlesource.com/1119913
      > > Commit-Queue: Georg Neis <neis@chromium.org>
      > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#54170}
      > 
      > Bug: v8:7902, v8:7790
      > Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
      > Reviewed-on: https://chromium-review.googlesource.com/1126999
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Commit-Queue: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54254}
      
      TBR=mstarzinger@chromium.org,jarin@chromium.org,neis@chromium.org
      
      Change-Id: Iece193046c48ee96ab7952d2b3bd7ad05f39b190
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7902, v8:7790
      Reviewed-on: https://chromium-review.googlesource.com/1127119Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Georg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54260}
      9d8d074d
    • Georg Neis's avatar
      Reland "[turbofan] Rewrite CompilationDependencies" · 4b9b9b68
      Georg Neis authored
      This is a reland of 52a10e50, after
      eliminating an invalid assumption about maps.
      
      TBR=jarin@chromium.org
      TBR=mstarzinger@chromium.org
      
      Original change's description:
      > [turbofan] Rewrite CompilationDependencies
      >
      > Instead of installing code dependencies during graph reduction,
      > install them after code generation.
      >
      > Bug: v8:7902, v8:7790
      > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
      > Reviewed-on: https://chromium-review.googlesource.com/1119913
      > Commit-Queue: Georg Neis <neis@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54170}
      
      Bug: v8:7902, v8:7790
      Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
      Reviewed-on: https://chromium-review.googlesource.com/1126999Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Georg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54254}
      4b9b9b68
  10. 04 Jul, 2018 1 commit
    • Yang Guo's avatar
      Revert "[turbofan] Rewrite CompilationDependencies" · b1cf1e1e
      Yang Guo authored
      This reverts commit 52a10e50.
      
      Reason for revert: https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64__dbg_/12434/layout-test-results/results.html
      
      Crash e.g. in http/tests/devtools/oopif/oopif-performance-cpu-profiles.js
      
      crash log for devtools (pid <unknown>):
      STDOUT: <empty>
      STDERR: 
      STDERR: 
      STDERR: #
      STDERR: # Fatal error in ../../v8/src/compilation-dependencies.cc, line 281
      STDERR: # Debug check failed: descriptor == owner->LastAdded() (10 vs. 22).
      STDERR: #
      STDERR: #
      STDERR: #
      STDERR: #FailureMessage Object: 0x7fff86878630#0 0x0000031c642c base::debug::StackTrace::StackTrace()
      STDERR: #1 0x0000046a56bb gin::(anonymous namespace)::PrintStackTrace()
      STDERR: #2 0x00000469c528 V8_Fatal()
      STDERR: #3 0x00000469c285 v8::base::(anonymous namespace)::DefaultDcheckHandler()
      STDERR: #4 0x000001cc5253 v8::internal::CompilationDependencies::DependOnFieldType()
      STDERR: #5 0x000001cdcc46 v8::internal::compiler::AccessInfoFactory::ComputePropertyAccessInfo()
      STDERR: #6 0x000001cde661 v8::internal::compiler::AccessInfoFactory::ComputePropertyAccessInfos()
      STDERR: #7 0x000001dd982b v8::internal::compiler::JSNativeContextSpecialization::ReduceNamedAccess()
      STDERR: #8 0x000001ddb715 v8::internal::compiler::JSNativeContextSpecialization::ReduceNamedAccessFromNexus()
      STDERR: #9 0x000001dd656d v8::internal::compiler::JSNativeContextSpecialization::ReduceJSLoadNamed()
      STDERR: #10 0x000001d53872 v8::internal::compiler::GraphReducer::Reduce()
      STDERR: #11 0x000001d534a5 v8::internal::compiler::GraphReducer::ReduceTop()
      STDERR: #12 0x000001d52e58 v8::internal::compiler::GraphReducer::ReduceNode()
      STDERR: #13 0x000001e4c201 v8::internal::compiler::InliningPhase::Run()
      STDERR: #14 0x000001e44f79 v8::internal::compiler::PipelineImpl::Run<>()
      STDERR: #15 0x000001e41058 v8::internal::compiler::PipelineImpl::CreateGraph()
      STDERR: #16 0x000001e40c75 v8::internal::compiler::PipelineCompilationJob::PrepareJobImpl()
      STDERR: #17 0x000001ccd437 v8::internal::OptimizedCompilationJob::PrepareJob()
      STDERR: #18 0x000001cd071e v8::internal::(anonymous namespace)::GetOptimizedCode()
      STDERR: #19 0x000001cd0c6f v8::internal::Compiler::CompileOptimized()
      STDERR: #20 0x00000231fb62 v8::internal::__RT_impl_Runtime_CompileOptimized_Concurrent()
      STDERR: #21 0x00000288e535 <unknown>
      
      Original change's description:
      > [turbofan] Rewrite CompilationDependencies
      > 
      > Instead of installing code dependencies during graph reduction,
      > install them after code generation.
      > 
      > Bug: v8:7902, v8:7790
      > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
      > Reviewed-on: https://chromium-review.googlesource.com/1119913
      > Commit-Queue: Georg Neis <neis@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54170}
      
      TBR=mstarzinger@chromium.org,jarin@chromium.org,neis@chromium.org
      
      Change-Id: Ic58c2bfadbd34bb6ba7dc0d2b74871cc90b0a74f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7902, v8:7790
      Reviewed-on: https://chromium-review.googlesource.com/1125680Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Yang Guo <yangguo@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54192}
      b1cf1e1e
  11. 03 Jul, 2018 1 commit
  12. 26 Jun, 2018 1 commit
  13. 12 Jun, 2018 1 commit
  14. 07 Jun, 2018 1 commit
  15. 25 May, 2018 1 commit
  16. 09 May, 2018 1 commit
  17. 08 May, 2018 1 commit
    • Jaroslav Sevcik's avatar
      [turbofan] Optimize array destructuring · 3fe7d698
      Jaroslav Sevcik authored
      This CL introduces type narrowing and constant folding reducers
      to constant fold code that comes out of inlined destructuring
      of arrays. In particular, array iterator introduces code that
      contains a phi of a temporary array that blocks escape analysis.
      The phi comes from conditional that can be evaluated statically
      (i.e., constant folded), so with better constant folding we
      allow escape analysis to get rid of the temporary array.
      
      On a quick micro-benchmark below, we see more than 6x improvement.
      This is close to the hand-optimized version - if we replace
      body of f with 'return b + a', we get 220ms (versus 218ms with
      destructuring).
      
      function f(a, b) {
        [b, a] = [a, b];
        return a + b;
      }
      
      function sum(count) {
        let s = 0;
        for (let i = 0; i < count; i++) {
          s += f(1, 2);
        }
        return s;
      }
      
      // Warm up
      sum(1e5); sum(1e5);
      console.time("destructure array");
      sum(1e8);
      console.timeEnd("destructure array");
      
      console.timeEnd: destructure array, 213.526000
      
      console.timeEnd: destructure array, 1503.537000
      
      Bug: v8:7728
      Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5
      Reviewed-on: https://chromium-review.googlesource.com/1047672Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#53048}
      3fe7d698
  18. 30 Apr, 2018 1 commit
  19. 28 Apr, 2018 1 commit
  20. 26 Mar, 2018 1 commit
  21. 23 Mar, 2018 1 commit
  22. 22 Mar, 2018 1 commit
  23. 16 Mar, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Remove unsound SeqString types. · 36426ab7
      Benedikt Meurer authored
      A value of type OtherSeqString can change its type to OtherNonSeqString
      via inplace internalization (and redirection via a ThinString). This can
      lead to out of bounds memory accesses and generally correctness bugs, as
      seen with crbug.com/822284.
      
      This change might affect performance in some cases, and we'll need to
      evaluate whether it's worth spending cycles on adding another mechanism
      that leverages the sequential string information in a safe way on a case
      by case basis.
      
      Bug: chromium:822284
      Change-Id: I0de77ec089a774236555f38c365f7548f454edfe
      Reviewed-on: https://chromium-review.googlesource.com/966021Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51975}
      36426ab7
  24. 14 Mar, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Fix inconsistent treatment of SpeculativeToNumber. · c54d93d6
      Benedikt Meurer authored
      This is a partial revert of e583fc83.
      The reasoning here is that the treatment of SpeculativeToNumber[hint]
      was not consistent (which led to the original bug that caused the
      performance regression): The semantics of the operator is that it turns
      its input into a number, and might bailout if the input is too complex
      to accomplish that within optimized code. It can use the hint to handle
      even fewer cases without the risk of a deoptimization loop. However it
      cannot rely on the hint influencing the output, especially not before
      SimplifiedLowering ran. The code for the OOB element access however
      relied on the hint being enforced, which caused the original bug.
      
      This CL repairs that and instead uses CheckSmi for the OOB element
      access guard.
      
      Also-By: tebbi@chromium.org
      Bug: chromium:819298, chromium:820729
      Change-Id: I9b2170ccf9b5561d698c0108e93e538cac1e708c
      Reviewed-on: https://chromium-review.googlesource.com/961066Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51924}
      c54d93d6
  25. 13 Mar, 2018 1 commit
  26. 08 Mar, 2018 1 commit
  27. 20 Nov, 2017 1 commit
  28. 08 Nov, 2017 1 commit
  29. 27 Oct, 2017 2 commits
    • Benedikt Meurer's avatar
      [turbofan] Introduce SameValue operator. · c78a98bb
      Benedikt Meurer authored
      We now represent the SameValue operation explicitly in TurboFan and the
      operation can thus participate in all kinds of optimizations. Especially
      we get rid of the JSCall node in the general case, which blocks several
      optimizations across the call. The general, baseline performance is now
      always on par with StrictEqual.
      
      Once the StrictEqual operator is also a simplified operator, we should
      start unifying the type based optimizations in SimplifiedLowering.
      
      In the micro-benchmark we go from
      
        testStrictEqual: 1422 ms.
        testObjectIs: 1520 ms.
        testManualSameValue: 1759 ms.
      
      to
      
        testStrictEqual: 1426 ms.
        testObjectIs: 1357 ms.
        testManualSameValue: 1766 ms.
      
      which gives the expected result.
      
      Bug: v8:7007
      Change-Id: I0de3ff6ff6209ab4c3edb69de6a16e387295a9c8
      Reviewed-on: https://chromium-review.googlesource.com/741228Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48994}
      c78a98bb
    • Jaroslav Sevcik's avatar
      [turbofan] Make ConvertReceiver a simplified operator. · 70b1f15e
      Jaroslav Sevcik authored
      This enables proper wiring into ithe control flow chain.
      
      Bug: v8:7002,chromium:777574
      Change-Id: Idba59944ff6ab3c10c204bb74ace61d812e6297c
      Reviewed-on: https://chromium-review.googlesource.com/738183Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48990}
      70b1f15e
  30. 20 Oct, 2017 1 commit
    • Benedikt Meurer's avatar
      [ic] Ensure that we make progress on KeyedLoadIC polymorphic name. · d5c19aa9
      Benedikt Meurer authored
      In the special case of KeyedLoadIC, where the key that is passed in is a
      Name that is always the same we only checked for identity in both the
      stub and the TurboFan case, which works fine for symbols and internalized
      strings, but doesn't really work with non-internalized strings, where
      the identity check will fail, the runtime will internalize the string,
      and the IC will then see the original internalized string again and not
      progress in the feedback lattice. This leads to tricky deoptimization
      loops in TurboFan and constantly missing ICs.
      
      This adds fixes the stub to always try to internalize strings first
      when the identity check fails and then doing the check again. If the
      name is not found in the string table we miss, since in that case the
      string cannot match the previously recorded feedback name (which is
      always a unique name).
      
      In TurboFan we represent this checks with new CheckEqualsSymbol and
      CheckEqualsInternalizedString operators, which validate the previously
      recorded feedback, and the CheckEqualsInternalizedString operator does
      the attempt to internalize the input.
      
      Bug: v8:6936, v8:6948, v8:6969
      Change-Id: I3f3b4a587c67f00f7c4b60d239eb98a9626fe04a
      Reviewed-on: https://chromium-review.googlesource.com/730224Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48784}
      d5c19aa9
  31. 19 Oct, 2017 1 commit
    • Mike Stanton's avatar
      [Turbofan] Model JSToBoolean as a simplified operator · 78fc6668
      Mike Stanton authored
      Because the toboolean operator may lower to a builtin call (which is
      effectful in turbofan parlance after effect control linearization),
      it really should be encoded as a simplified operator, which can
      be optimized with respect for the effect chain in linearization.
      
      No new functionality here, rather a furniture rearrangement in
      the TurboFan node structure.
      
      Bug: v8:6929
      Change-Id: I371fd22941397d5c28d13bded2738161d8da8275
      Reviewed-on: https://chromium-review.googlesource.com/725721Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48727}
      78fc6668
  32. 16 Oct, 2017 1 commit
    • Mike Stanton's avatar
      [TurboFan] Model TypeOf as a simplified operator · 9b2a8c22
      Mike Stanton authored
      Because the typeof operator may lower to a builtin call (which is
      effectful in turbofan parlance after effect control linearization),
      it really should be encoded as a simplified operator, which can
      be optimized with respect for the effect chain in linearization.
      
      No new functionality here, rather a furniture rearrangement in
      the TurboFan node structure.
      
      BUG=v8:6929
      
      Change-Id: I38593e10956ebd57cecdd606c35f3f73efb1327e
      Reviewed-on: https://chromium-review.googlesource.com/718745Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48613}
      9b2a8c22
  33. 23 Aug, 2017 1 commit
  34. 10 Aug, 2017 1 commit
  35. 19 Jul, 2017 1 commit