- 12 Aug, 2021 1 commit
-
-
Ross McIlroy authored
These are no longer enabled, so remove the code mitigation logic from the codebase. BUG=chromium:1003890 Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76256}
-
- 23 Mar, 2021 1 commit
-
-
Manos Koukoutos authored
LoadImmutable represents a load from a position in memory that is known to be immutable, e.g. an immutable IsolateRoot or an immutable field of a WasmInstanceObject. Because the returned value cannot change through the execution of a function, LoadImmutable is a pure operator and does not have effect or control edges. This will allow more aggressive optimizations of loads of fields of the Isolate and Instance that are known to be immutable. Requires that the memory in question has been initialized at function start even through inlining. Note: We may reconsider this approach once we have escape analysis for wasm, and replace it with immutable load/initialize operators that live inside the effect chain and are less restriced. Bug: v8:11510 Change-Id: I5e8e4f27d7008f39f01175ffa95a9c531ba63e66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2775568Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#73594}
-
- 08 Mar, 2021 1 commit
-
-
Manos Koukoutos authored
This CL enables full csa optimization for wasm code. To take advantage of csa load elimination, it switches from Load/Store to LoadFromObject/ StoreToObject operators in the wasm compiler (where possible). Bug: v8:11510 Change-Id: Ibecd8ba81e89a76553b12ad2671ecad520e9e066 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727407Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#73268}
-
- 26 Feb, 2021 1 commit
-
-
Manos Koukoutos authored
We experimentally globally enable loop unrolling for wasm code. This might be reverted based on the results of perf bots. Additional change: Add LoopExitValue to Int64Lowering, plus a small simplification. Bug: v8:11298 Change-Id: Iaf2829e80f948d70c5fb6ed7c974db7f59265fa3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718611Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#73072}
-
- 29 Apr, 2020 1 commit
-
-
Tobias Tebbi authored
This is a reland of 43b885a8 This fixes another signed overflow in the unit test. Original change's description: > Reland "[turbofan][csa] optimize Smi untagging better" > > This is a reland of ff22ae80 > > Original change's description: > > [turbofan][csa] optimize Smi untagging better > > > > - Introduce new operator variants for signed right-shifts with the > > additional information that they always shift out zeros. > > - Use these new operators for Smi untagging. > > - Merge left-shifts with a preceding Smi-untagging shift. > > - Optimize comparisons of Smi-untagging shifts to operate on the > > unshifted word. > > - Optimize 64bit comparisons of values expanded from 32bit to use > > a 32bit comparison instead. > > - Change CodeStubAssembler::UntagSmi to first sign-extend and then > > right-shift to enable better address computations for Smi indices. > > > > Bug: v8:9962 > > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734 > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Georg Neis <neis@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#67378} > > Bug: v8:9962 > Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Auto-Submit: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67430} Bug: v8:9962 TBR: neis@chromium.org Change-Id: I79883db546bf37873b3727b8023ef688507091d9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169103 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#67464}
-
- 28 Apr, 2020 2 commits
-
-
Clemens Backes authored
This reverts commit 43b885a8. Reason for revert: Still fails on UBSan: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10873 Original change's description: > Reland "[turbofan][csa] optimize Smi untagging better" > > This is a reland of ff22ae80 > > Original change's description: > > [turbofan][csa] optimize Smi untagging better > > > > - Introduce new operator variants for signed right-shifts with the > > additional information that they always shift out zeros. > > - Use these new operators for Smi untagging. > > - Merge left-shifts with a preceding Smi-untagging shift. > > - Optimize comparisons of Smi-untagging shifts to operate on the > > unshifted word. > > - Optimize 64bit comparisons of values expanded from 32bit to use > > a 32bit comparison instead. > > - Change CodeStubAssembler::UntagSmi to first sign-extend and then > > right-shift to enable better address computations for Smi indices. > > > > Bug: v8:9962 > > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734 > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Georg Neis <neis@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#67378} > > Bug: v8:9962 > Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Auto-Submit: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67430} TBR=neis@chromium.org,tebbi@chromium.org Change-Id: I49e19811ebcecb846f61291bc0c4a0d8b0bc4cff No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9962 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168876Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67431}
-
Tobias Tebbi authored
This is a reland of ff22ae80 Original change's description: > [turbofan][csa] optimize Smi untagging better > > - Introduce new operator variants for signed right-shifts with the > additional information that they always shift out zeros. > - Use these new operators for Smi untagging. > - Merge left-shifts with a preceding Smi-untagging shift. > - Optimize comparisons of Smi-untagging shifts to operate on the > unshifted word. > - Optimize 64bit comparisons of values expanded from 32bit to use > a 32bit comparison instead. > - Change CodeStubAssembler::UntagSmi to first sign-extend and then > right-shift to enable better address computations for Smi indices. > > Bug: v8:9962 > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67378} Bug: v8:9962 Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#67430}
-
- 24 Apr, 2020 2 commits
-
-
Bill Budge authored
This reverts commit ff22ae80. Reason for revert: new test fails on UBSAN https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10831 Original change's description: > [turbofan][csa] optimize Smi untagging better > > - Introduce new operator variants for signed right-shifts with the > additional information that they always shift out zeros. > - Use these new operators for Smi untagging. > - Merge left-shifts with a preceding Smi-untagging shift. > - Optimize comparisons of Smi-untagging shifts to operate on the > unshifted word. > - Optimize 64bit comparisons of values expanded from 32bit to use > a 32bit comparison instead. > - Change CodeStubAssembler::UntagSmi to first sign-extend and then > right-shift to enable better address computations for Smi indices. > > Bug: v8:9962 > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67378} TBR=neis@chromium.org,tebbi@chromium.org Change-Id: I2617d7a44e5ae33fd79322d37c8b722c00162d22 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9962 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165873Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#67380}
-
Tobias Tebbi authored
- Introduce new operator variants for signed right-shifts with the additional information that they always shift out zeros. - Use these new operators for Smi untagging. - Merge left-shifts with a preceding Smi-untagging shift. - Optimize comparisons of Smi-untagging shifts to operate on the unshifted word. - Optimize 64bit comparisons of values expanded from 32bit to use a 32bit comparison instead. - Change CodeStubAssembler::UntagSmi to first sign-extend and then right-shift to enable better address computations for Smi indices. Bug: v8:9962 Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#67378}
-
- 03 Apr, 2020 1 commit
-
-
Ross McIlroy authored
Effect-control-linearizer will update a basic block to connect it directly to the end node if it has an Unreachable node. Usually the block would already have been connected directly to end (via a Throw node) already, however in some cases it can be connected indirectly (via a branch, where both end in a throw node). If this happens, and the Effect-control-linearizer is maintaining the schedule (e.g., for TurboProp), it will cause the end block to have unreachable predecessor blocks, which can cause issues with the register allocator. To fix this, have the BasicBlockUpdater remove all successor blocks from the schedule, when they become Unreachable. Also add some tests to cover this in effect-control-linearizer-unittests. BUG=v8:10332,v8:9684 Change-Id: Ibce140e6d1f61751a86247e6f8c36075723a1e55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120537 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66994}
-
- 11 Nov, 2019 1 commit
-
-
Santiago Aboy Solanes authored
Including but not limiting to removing: * BitcastCompressedXXX * CheckedCompressedXXX * ChangeXXXToCompressedYYY * ChangeCompressedXXX As a note, ChangeTaggedToCompressed can't be removed just yet as it is still in use. Bug: v8:7703 Change-Id: I98cf88a32adfa976d419e69702d1cac4d3e811a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903435 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#64880}
-
- 19 Aug, 2019 2 commits
-
-
Santiago Aboy Solanes authored
This is a reland of 82111e22 Relanding since we now have more shards: https://chromium-review.googlesource.com/c/v8/v8/+/1760810 Original change's description: > [CSA][cleanup] TNodify some methods related to prototype and property lookup > > This is a CL in a string of CLs that aims to TNodify CSA. In particular, > there were some loads that were done in AnyTagged instead of > TaggedPointer. TNode-ifying them brings improvement in pointer > compression since we are able to decompress using the Pointer > decompression. > > TNodified: > * LoadJSFunctionPrototype > * TryPrototypeChainLookup > * OrdinaryHasInstance > > Also TNodified loads regarding: > * FeedbackCell::kValueOffset > * HeapObject::kMapOffset > * JSFunction::kSharedFunctionInfoOffset > * JSFunction::kFeedbackCellOffset > * Map::kInstanceTypeOffset > * Map::kInstanceDescriptorsOffset > * Map::kPrototypeOffset > > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. > > Bug: v8:6949, v8:9396 > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63216} Bug: v8:6949, v8:9396 Change-Id: I040aefcf8af60611f7b3c24f3bd5c661e03b6ada Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760811Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63249}
-
Maya Lekova authored
This reverts commit 82111e22. Reason for revert: Speculative revert, could be causing timeouts - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/17567 Original change's description: > [CSA][cleanup] TNodify some methods related to prototype and property lookup > > This is a CL in a string of CLs that aims to TNodify CSA. In particular, > there were some loads that were done in AnyTagged instead of > TaggedPointer. TNode-ifying them brings improvement in pointer > compression since we are able to decompress using the Pointer > decompression. > > TNodified: > * LoadJSFunctionPrototype > * TryPrototypeChainLookup > * OrdinaryHasInstance > > Also TNodified loads regarding: > * FeedbackCell::kValueOffset > * HeapObject::kMapOffset > * JSFunction::kSharedFunctionInfoOffset > * JSFunction::kFeedbackCellOffset > * Map::kInstanceTypeOffset > * Map::kInstanceDescriptorsOffset > * Map::kPrototypeOffset > > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. > > Bug: v8:6949, v8:9396 > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63216} TBR=rmcilroy@chromium.org,solanes@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:6949, v8:9396 Change-Id: Ib6ae8fe86a598ed1066894595565e1162cf7dd1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758310Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63233}
-
- 15 Aug, 2019 1 commit
-
-
Santiago Aboy Solanes authored
This is a CL in a string of CLs that aims to TNodify CSA. In particular, there were some loads that were done in AnyTagged instead of TaggedPointer. TNode-ifying them brings improvement in pointer compression since we are able to decompress using the Pointer decompression. TNodified: * LoadJSFunctionPrototype * TryPrototypeChainLookup * OrdinaryHasInstance Also TNodified loads regarding: * FeedbackCell::kValueOffset * HeapObject::kMapOffset * JSFunction::kSharedFunctionInfoOffset * JSFunction::kFeedbackCellOffset * Map::kInstanceTypeOffset * Map::kInstanceDescriptorsOffset * Map::kPrototypeOffset Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. Bug: v8:6949, v8:9396 Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63216}
-
- 17 Jun, 2019 1 commit
-
-
Georg Schmid authored
This is a reland of a66e3e57 Original change's description: > [csa] Tweak CSA pipeline to eliminate more redundant checks > > - Lower LoadObjectField to LoadFromObject > - Mark LoadFromObject and StoreToObject as non-allocating > - Use optimizable BitcastTaggedSignedToWord in TaggedIsNotSmi check > > R=jarin@chromium.org, tebbi@chromium.org > > Change-Id: I42992d46597be795aee3702018f7efd93fcc6ebf > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657926 > Commit-Queue: Georg Schmid <gsps@google.com> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62173} R=tebbi@chromium.org Change-Id: Id7ae13ba17a2083fd4109f34ce026030716ececb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660622 Commit-Queue: Georg Schmid <gsps@google.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#62202}
-
- 14 Jun, 2019 2 commits
-
-
Yang Guo authored
This reverts commit a66e3e57. Reason for revert: Likely to have caused UBSAN issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/6671 Original change's description: > [csa] Tweak CSA pipeline to eliminate more redundant checks > > - Lower LoadObjectField to LoadFromObject > - Mark LoadFromObject and StoreToObject as non-allocating > - Use optimizable BitcastTaggedSignedToWord in TaggedIsNotSmi check > > R=jarin@chromium.org, tebbi@chromium.org > > Change-Id: I42992d46597be795aee3702018f7efd93fcc6ebf > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657926 > Commit-Queue: Georg Schmid <gsps@google.com> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62173} TBR=jarin@chromium.org,tebbi@chromium.org,gsps@google.com Change-Id: I0a1c0515a8a61d32f77a392f1efc0751b6aae2a1 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660485Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62179}
-
Georg Schmid authored
- Lower LoadObjectField to LoadFromObject - Mark LoadFromObject and StoreToObject as non-allocating - Use optimizable BitcastTaggedSignedToWord in TaggedIsNotSmi check R=jarin@chromium.org, tebbi@chromium.org Change-Id: I42992d46597be795aee3702018f7efd93fcc6ebf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657926 Commit-Queue: Georg Schmid <gsps@google.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#62173}
-
- 23 May, 2019 2 commits
-
-
Yang Guo authored
TBR=bmeurer@chromium.org,leszeks@chromium.org Bug: v8:9247 Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61769}
-
Yang Guo authored
Bug: v8:9247 Change-Id: I0023200c54fa6499ae4e2cf5e4c89407cc35f187 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624218Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61762}
-
- 16 Apr, 2019 1 commit
-
-
Santiago Aboy Solanes authored
We translate loads with TaggedXXX (XXX in {"", "Signed", "Pointer"}) representation in CSA into loads of CompressedXXX + ChangeCompressedXXXToTaggedXXX in the raw-machine-assembler. This way, CSA doesn't need to know about Compressed values since we are introducing an explicit "decompress" node. Also updating tests that were checking for the load nodes. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:8977, v8:7703 Change-Id: Ie22ca8123a25ef005c1ff7383776f9355020fa42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565897Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#60873}
-
- 13 Feb, 2019 1 commit
-
-
Nico Weber authored
For macros expanding to function definitions, I removed the spurious ; after macro invocations. For macros expandign to function declarations, I made the ; required and consistently inserted it. No behavior change. Bug: chromium:926235 Change-Id: Ib8085d85d913d74307e3481f7fee4b7dc78c7549 Reviewed-on: https://chromium-review.googlesource.com/c/1467545Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Nico Weber <thakis@chromium.org> Cr-Commit-Position: refs/heads/master@{#59558}
-
- 12 Dec, 2018 1 commit
-
-
Tobias Tebbi authored
Bug: v8:8490 Change-Id: Id9b1b1d8a994b6f1fdd6d93355d3f9555710f6ac Reviewed-on: https://chromium-review.googlesource.com/c/1370030Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#58192}
-
- 13 Nov, 2018 1 commit
-
-
Tobias Tebbi authored
This CL is an experiment to get more performance data from the perf-bots and will likely lead to regressions. The try-bots (see patcheset 9) indicate some regressions, but it doesn't seem too bad. Change-Id: Ia173ab20ee2a4904663db0f4ca2ffb196b203c77 Reviewed-on: https://chromium-review.googlesource.com/c/1319763 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#57483}
-
- 19 Oct, 2018 1 commit
-
-
Sigurd Schneider authored
Drive-by: Eliminate unnecessary includes to src/assembler.h. Bug: v8:8238 Change-Id: Ia0408b993b8b1c21a76c947f406f96b63fe41994 Reviewed-on: https://chromium-review.googlesource.com/c/1288810Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#56817}
-
- 18 Oct, 2018 1 commit
-
-
peterwmwong authored
Additionally, introduce IntPtrDiv to CodeAssembler. Change-Id: I9396f77b90a2fadb0179028d44475e616be3d081 Reviewed-on: https://chromium-review.googlesource.com/c/1285400 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#56776}
-
- 07 Oct, 2018 1 commit
-
-
Benedikt Meurer authored
As identified in the web-tooling-benchmark, there are specific code patterns involving array indexed property accesses and subsequent comparisons of those indices that lead to repeated Smi checks in the optimized code, which in turn leads to high register pressure and generally bad register allocation. An example of this pattern is code like this: ```js function f(a, n) { const i = a[n]; if (n >= 1) return i; } ``` The `a[n]` property access introduces a CheckBounds on `n`, which later lowers to a `CheckedTaggedToInt32[dont-check-minus-zero]`, however the `n >= 1` comparison has collected `SignedSmall` feedback and so it introduces a `CheckedTaggedToTaggedSigned` operation. This second Smi check is redundant and cannot easily be combined with the earlier tagged->int32 conversion, since that also deals with heap numbers and even truncates -0 to 0. So we teach the RedundancyElimination to look at the inputs of these speculative number comparisons and if there's a leading bounds check on either of these inputs, we change the input to the result of the bounds check. This avoids the redundant Smi checks later and generally allows the SimplifiedLowering to do a significantly better job on the number comparisons. We only do this in case of SignedSmall feedback and only for inputs that are not already known to be in UnsignedSmall range, to avoid doing too many (unnecessary) expensive lookups during RedundancyElimination. All of this is safe despite the fact that CheckBounds truncates -0 to 0, since the regular number comparisons in JavaScript identify 0 and -0 (unlike Object.is()). This also adds appropriate tests, especially for the interesting cases where -0 is used only after the code was optimized. Bug: v8:6936, v8:7094 Change-Id: Ie37114fb6192e941ae1a4f0bfe00e9c0a8305c07 Reviewed-on: https://chromium-review.googlesource.com/c/1246181Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56428}
-
- 20 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
Remove the NumberConstant right hand side limitation for the speculative number operation optimization, and extend the logic to also deal with SpeculativeToNumber, which is common when dealing with postfix increment and array operations. Also add appropriate tests for all the relevant cases, specifically we mjsunit tests to increase the general coverage for the various cases here (in addition to dedicated unittests). Bug: v8:8015 Change-Id: I8c92f98490c63b07eb19686efd404322979e57c4 Reviewed-on: https://chromium-review.googlesource.com/1235919Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56072}
-
- 14 Sep, 2018 1 commit
-
-
Florian Sattler authored
Fixing clang-tidy warning. Bug: v8:8015 Change-Id: I20fd23b5370d15dddc913f6bdb05e649d71c2059 Reviewed-on: https://chromium-review.googlesource.com/1224373Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#55919}
-
- 07 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
This replaces the previous CheckStringAdd operator which deopts in case the combined length overflows with a dedicated pure StringConcat operator. This operator is similar to NewConsString in that it takes the resulting length plus the two input strings. The operator relies on the length being checked explicitly by the surrounding code instead of baking the check into the operator itself. This way TurboFan can eliminate redundant/unnecessary StringConcat operations, since they are pure now. This also unifies the treatment of string addition in JSTypedLowering, and generalizes the StringLength constant-folding to apply to more cases not just the JSAdd cases inside JSTypedLowering. Bug: v8:7902, v8:8015 Change-Id: I987ec39815a9464fd5fd9c4f7b26b709f94f2b3f Reviewed-on: https://chromium-review.googlesource.com/1213205Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55725}
-
- 29 Aug, 2018 1 commit
-
-
Maya Lekova authored
The new node is introduced for literal string addition and calling String.prototype.concat in the typed lowering phase. It later might get optimized away during redundancy elimination, keeping the performance of already existing benchmarks with string addition. In case the operation is about to throw (due to too long string being constructed) we just deoptimize, reusing the interpreter logic for creating the error. Modify relevant mjsunit and unit tests for string concatenation. Bug: v8:7902 Change-Id: Ie97d39534df4480fa8d4fe3ba276d02ed5e750e3 Reviewed-on: https://chromium-review.googlesource.com/1193342 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55482}
-
- 30 Apr, 2018 1 commit
-
-
Jaroslav Sevcik authored
The idea is to mark all the branches and loads participating in array bounds checks, and let them contribute-to/use the poisoning register. In the code, the marks for array indexing operations now contain "Critical" in their name. By default (--untrusted-code-mitigations), we only instrument the "critical" operations with poisoning. With that in place, we also remove the array masking approach based on arithmetic. Since we do not propagate the poison through function calls, we introduce a node for poisoning an index that is passed through function call - the typical example is the bounds-checked index that is passed to the CharCodeAt builtin. Most of the code in this CL is threads through the three levels of protection (safe, critical, unsafe) for loads, branches and flags. Bug: chromium:798964 Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b Reviewed-on: https://chromium-review.googlesource.com/995413 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52883}
-
- 28 Apr, 2018 1 commit
-
-
Jaroslav Sevcik authored
This is part of the effort to decrease the amount of undefined behavior. that v8 relies on. The main change here is to represent types with class Type rather than with pointer Type*. To make the CL smaller, I used an operator overload hack to separate the change from `->` to `.`. I am working on a CL that will remove the operator and change all those arrows to dots. Bug: v8:3770 Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22 Reviewed-on: https://chromium-review.googlesource.com/1032551 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52872}
-
- 26 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
This CL also removes the JSBuiltinReducer, which is no longer needed. Bug: v8:7340, v8:7250 Change-Id: I28896f6ce0d352047ea1cb7ea6de490818840faf Reviewed-on: https://chromium-review.googlesource.com/1027853 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52799}
-
- 23 Apr, 2018 1 commit
-
-
Sigurd Schneider authored
This CL also adds the simplified operator NumberIsNaN. Bug: v8:7340, v8:7250 Change-Id: Ifa44cf59b30ee700f7df61f8d58782a43fd0f3c5 Reviewed-on: https://chromium-review.googlesource.com/1023391Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52726}
-
- 27 Mar, 2018 1 commit
-
-
Tobias Tebbi authored
This CL changes the poisoning in the interpreter to use the infrastructure used in the JIT. This does not change the original flag semantics: --branch-load-poisoning enables JIT mitigations as before. --untrusted-code-mitigation enables the interpreter mitigations (now realized using the compiler back-end), but does not enable the back-end based mitigations for the Javascript JIT. So in effect --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers use the same mechanics (including changed register allocation) that --branch-load-poisoning enables for the JIT. Bug: chromium:798964 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27 Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#52243}
-
- 23 Mar, 2018 1 commit
-
-
Sigurd Schneider authored
This CL also cleans up some related naming in typed-optimization. R=neis@chromium.org Bug: v8:7531, v8:7570 Change-Id: If80e0e9642aaf6c58b164db2e1e0632cd5b0d051 Reviewed-on: https://chromium-review.googlesource.com/978066 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#52182}
-
- 21 Mar, 2018 2 commits
-
-
Sigurd Schneider authored
Bug: v8:7570, v8:7517 Change-Id: Ia62a9afeec0d0df1596198deec6165a3f02edeaa Reviewed-on: https://chromium-review.googlesource.com/973606Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52120}
-
Sigurd Schneider authored
This also introduces two new simplified operators, ObjectIsSafeInteger and NumberIsSafeInteger. Bug: v8:7340, v8:7250 Change-Id: I9a3028d844e6614ed248a03fe24b431fb54938f0 Reviewed-on: https://chromium-review.googlesource.com/973221Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52112}
-
- 16 Mar, 2018 2 commits
-
-
Sigurd Schneider authored
This also adds ObjectIsInteger and NumberIsInteger operators. Bug: v8:7340, v8:7250 Change-Id: I8067276d12c8532931f90e6397f8435362c2f9af Reviewed-on: https://chromium-review.googlesource.com/951602Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51991}
-
Sigurd Schneider authored
This also introduces two new simplified operators, NumberIsFinite and ObjectIsFiniteNumber; the latter handles all values, and the former is a fast-path of the fast-path that is inserted by typed optimization if we know the input has Type::Number. Bug: v8:7340, v8:7250 Change-Id: I1b4812c01bf470bbff40fb3da6e11da543a22cd2 Reviewed-on: https://chromium-review.googlesource.com/951244 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51980}
-