- 09 Feb, 2017 1 commit
-
-
bmeurer authored
Since the empty string is canonical HeapObject now, we can use this fact to optimize - strict equality comparisons with the empty string to a simple ReferenceEqual operation, and - optimize ToBoolean to avoid instance type checks completely. Drive-by-fix: Allow InternalizedString for Type::HeapConstant in the type system. This is safe, since InternalizedStrings can be compared to other heap constants by reference (except for non-InternalizedStrings, which are excluded from the HeapConstant type). BUG=v8:5267 R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2681273002 Cr-Commit-Position: refs/heads/master@{#43050}
-
- 01 Feb, 2017 2 commits
-
-
petermarshall authored
Review-Url: https://codereview.chromium.org/2666783007 Cr-Commit-Position: refs/heads/master@{#42847}
-
petermarshall authored
Review-Url: https://codereview.chromium.org/2662263002 Cr-Commit-Position: refs/heads/master@{#42836}
-
- 30 Jan, 2017 1 commit
-
-
bmeurer authored
Update type of JSForInNext to say String\/Undefined. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2660543003 Cr-Commit-Position: refs/heads/master@{#42768}
-
- 27 Jan, 2017 2 commits
-
-
bmeurer authored
The StringIndexOf operation is pure on the JS level, but the actual stub call must be in the effect chain later so that the Scheduler doesn't place it inside some allocation region (The %StringIndexOf runtime function may trigger a GC for string flattening). BUG=chromium:685580 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2657243002 Cr-Commit-Position: refs/heads/master@{#42736}
-
yangguo authored
Previously, when restarting a frame, we would rewrite all frames between the debugger activation and the frame to restart to squash them, and replace the return address with that of a builtin to leave that rewritten frame, and restart the function by calling it. We now simply remember the frame to drop to, and upon returning from the debugger, we check whether to drop the frame, load the new FP, and restart the function. R=jgruber@chromium.org, mstarzinger@chromium.org BUG=v8:5587 Review-Url: https://codereview.chromium.org/2636913002 Cr-Commit-Position: refs/heads/master@{#42725}
-
- 26 Jan, 2017 2 commits
-
-
bmeurer authored
BUG=v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2652273003 Cr-Commit-Position: refs/heads/master@{#42691}
-
bmeurer authored
We turn a JSCallFunction node for f.apply(receiver, arguments) into a JSCallForwardVarargs node, when the arguments refers to the arguments of the outermost optimized code object, i.e. not an inlined arguments, and the apply method refers to Function.prototype.apply, and there's no other user of arguments except in frame states. We also replace the arguments node in the graph with a marker for the Deoptimizer similar to Crankshaft to make sure we don't materialize unused arguments just for the sake of deoptimization. We plan to replace this with a saner EscapeAnalysis based solution soon. R=jarin@chromium.org BUG=v8:5267,v8:5726 Review-Url: https://codereview.chromium.org/2655233002 Cr-Commit-Position: refs/heads/master@{#42680}
-
- 23 Jan, 2017 1 commit
-
-
petermarshall authored
Add the operator in preparation for actual perf work. The operator is replaced by the same runtime call as before, during lowering. BUG=v8:5511 Review-Url: https://codereview.chromium.org/2639233002 Cr-Commit-Position: refs/heads/master@{#42593}
-
- 20 Jan, 2017 2 commits
-
-
bmeurer authored
Let the Typer assign proper types to Map, Set, WeakMap and WeakSet builtins. Also assign a proper type to Array.isArray, Object.assign and Object.create. R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2640783006 Cr-Commit-Position: refs/heads/master@{#42535}
-
bmeurer authored
The %_ClassOf intrinsic roughly corresponds to the deprecated ES5 [[Class]] internal property, and should not be used anymore ideally. However since we still have quite a couple of uses of this intrinsic in the self hosted JavaScript builtins, we would tank some builtins like Map, Set, WeakMap, WeakSet, etc. quite significantly unless we also support this intrinsic until the builtins are all migrated to C++/CSA builtins. R=yangguo@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2647833004 Cr-Commit-Position: refs/heads/master@{#42530}
-
- 19 Jan, 2017 2 commits
-
-
bmeurer authored
The %ClassOf runtime function and %_ClassOf intrinsics always produce an internalized string, or Null for primitive inputs. BUG=v8:5267 R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2646523004 Cr-Commit-Position: refs/heads/master@{#42522}
-
bmeurer authored
Properly recognize and optimize typeof in a strict/abstract equality comparison with the string literal "object" to a check for Null or a check of the map for Receiver instance type and non-callable. Drive-by-fix: Also optimize typeof o === "function" somewhat, now that we have the new types for Callable and NonCallable. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2646763003 Cr-Commit-Position: refs/heads/master@{#42501}
-
- 18 Jan, 2017 1 commit
-
-
bmeurer authored
Collect Receiver feedback for abstract/strict equality in Ignition and use it in TurboFan to optimize JSEqual and JSStrictEqual operations to pointer equality instead of having to call Equal/StrictEqual builtins. R=jarin@chromium.org BUG=v8:5267,v8:5400 Review-Url: https://codereview.chromium.org/2639883002 Cr-Commit-Position: refs/heads/master@{#42435}
-
- 02 Jan, 2017 1 commit
-
-
bmeurer authored
Add machinery to Ignition and TurboFan to collect and consume InternalizedString feedback for abstract and strict equality comparisons. Here we can turn the comparison into a simple pointer equality check. R=jarin@chromium.org BUG=v8:5786 Review-Url: https://codereview.chromium.org/2609013002 Cr-Commit-Position: refs/heads/master@{#42008}
-
- 22 Dec, 2016 1 commit
-
-
bmeurer authored
Previously String element access and String.prototype.charAt were lowered to a subgraph StringFromCharCode(StringCharCodeAt(s, k)), however that can be fairly expensive both runtime and compile time wise. The dedicated StringCharAt operator is implemented via a call to a builtin that does exactly this. R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2599683002 Cr-Commit-Position: refs/heads/master@{#41909}
-
- 19 Dec, 2016 1 commit
-
-
henrique.ferreiro authored
This is so that a NotSuperConstructor error is thrown before evaluating the arguments to the super constructor. Besides updating the runtime function, a new bytecode GetSuperConstructor is introduced. BUG=v8:5336 Review-Url: https://codereview.chromium.org/2504553003 Cr-Commit-Position: refs/heads/master@{#41788}
-
- 15 Dec, 2016 1 commit
-
-
ahaas authored
Some instructions in WebAssembly trap for some inputs, which means that the execution is terminated and (at least at the moment) a JavaScript exception is thrown. Examples for traps are out-of-bounds memory accesses, or integer divisions by zero. Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5 TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position constant), in addition to the trap condition itself. Additionally, each WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose number of inputs is linear to the number of trap checks in the function. Especially for functions with high numbers of trap checks we observe a significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing a TrapIf common operator only a single node is necessary per trap check, in addition to the trap condition. Also the nodes which are shared between trap checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a speedup of 30-50% on average. This CL only implements TrapIf and TrapUnless on x64. The implementation is also hidden behind the --wasm-trap-if flag. Please take a special look at how the source position is transfered from the instruction selector to the code generator, and at the context that is used for the runtime call. R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2562393002 Cr-Commit-Position: refs/heads/master@{#41720}
-
- 12 Dec, 2016 1 commit
-
-
petermarshall authored
Add the operator in preparation for actual perf work. The operator is replaced by the same runtime call as before, during lowering. The CallConstructWithSpreadParameters is a bit silly at the moment, but will hold more once we add feedback. BUG=v8:5659 Review-Url: https://codereview.chromium.org/2561103003 Cr-Commit-Position: refs/heads/master@{#41636}
-
- 08 Dec, 2016 1 commit
-
-
bmeurer authored
First step towards making arguments and rest parameters optimizable by splitting the allocations for the actual object and the elements. The object allocations can already be escape analyzed this way, the elements would need special support in the deoptimizer and the escape analysis, but that can be done as a second separate step. R=jarin@chromium.org BUG=v8:5726 Review-Url: https://codereview.chromium.org/2557283002 Cr-Commit-Position: refs/heads/master@{#41573}
-
- 29 Nov, 2016 1 commit
-
-
bmeurer authored
This introduces three new types OtherCallable, CallableProxy (and OtherProxy), and BoundFunction to make it possible to express Callable in the Type system. It also forces all undetectable receivers to be Callable, which matches the use case for undetectable, namely document.all (guarded by proper checks and tests). It also uses these new types to properly optimize instanceof (indirectly via OrdinaryHasInstance) based on the type of the constructor and the object. So we are able to constant-fold certain instanceof expressions based on types and completely avoid the builtin call. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2535753004 Cr-Commit-Position: refs/heads/master@{#41345}
-
- 28 Nov, 2016 1 commit
-
-
bmeurer authored
For a couple of those Array builtins we can specify a useful type that will help us to eliminate a couple of checks on their outputs. R=yangguo@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2529233002 Cr-Commit-Position: refs/heads/master@{#41295}
-
- 27 Nov, 2016 1 commit
-
-
bmeurer authored
Assign types to the remaining builtins on the String.prototype where we know a meaningful type, i.e. where the type is not dependent on some callable function that is pass or loaded. BUG=v8:5267 R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2532463002 Cr-Commit-Position: refs/heads/master@{#41294}
-
- 24 Nov, 2016 2 commits
-
-
bmeurer authored
Recognize Date.now() calls in the Typer and assign the proper integer type to them. See Node issue https://github.com/nodejs/node/issues/9729 for more information. R=yangguo@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2528853003 Cr-Commit-Position: refs/heads/master@{#41242}
-
bmeurer authored
Recognize a couple of builtins on the RegExp.prototype in the Typer and assign useful types to them, so we can optimize various checks on their results. R=yangguo@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2531463002 Cr-Commit-Position: refs/heads/master@{#41240}
-
- 21 Nov, 2016 2 commits
-
-
hablich authored
Revert of [turbofan] Introduce LoadFunctionPrototype simplified operator. (patchset #1 id:1 of https://codereview.chromium.org/2517913002/ ) Reason for revert: Blocks roll https://codereview.chromium.org/2517963002/ Original issue's description: > [turbofan] Introduce LoadFunctionPrototype simplified operator. > > Add a LoadFunctionPrototype simplified operator, similar to what > Crankshaft has, that loads the prototype property of a constructor > function. > > R=jarin@chromium.org > BUG=v8:5267 > > Committed: https://crrev.com/1737b2c74b50168e96ef1263def0eb43505fa80c > Cr-Commit-Position: refs/heads/master@{#41127} TBR=jarin@chromium.org,bmeurer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5267 Review-Url: https://codereview.chromium.org/2514363002 Cr-Commit-Position: refs/heads/master@{#41141}
-
bmeurer authored
Add a LoadFunctionPrototype simplified operator, similar to what Crankshaft has, that loads the prototype property of a constructor function. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2517913002 Cr-Commit-Position: refs/heads/master@{#41127}
-
- 18 Nov, 2016 2 commits
-
-
franzih authored
BUG=v8:5624 Review-Url: https://codereview.chromium.org/2518513002 Cr-Commit-Position: refs/heads/master@{#41119}
-
bmeurer authored
This is the TurboFan counterpart of http://crrev.com/2504263004, but it is a bit more involved, since in TurboFan we always inline the appropriate call to the @@hasInstance handler, and by that we can optimize a lot more patterns of instanceof than Crankshaft, and even yield fast instanceof for custom @@hasInstance handlers (which we can now properly inline as well). Also we now properly optimize Function.prototype[@@hasInstance], even if the right hand side of an instanceof doesn't have the Function.prototype as its direct prototype. For the baseline case, we still rely on the global protector cell, but we can address that in a follow-up as well, and make it more robust in general. TEST=mjsunit/compiler/instanceof BUG=v8:5640 R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2511223003 Cr-Commit-Position: refs/heads/master@{#41092}
-
- 14 Nov, 2016 1 commit
-
-
caitp authored
Adds a protector cell to prevent inlining (which will likely lead to deopt loops) when a JSArrayIterator's array transitions from a fast JSArray to a slow JSArray (such as, when the array is touched during iteration in a way which triggers a map transition). Also adds TODO comments relating to the spec update proposed by Dan at https://github.com/tc39/ecma262/pull/724 BUG=v8:5388 R=bmeurer@chromium.org, mstarzinger@chromium.org TBR=hpayer@chromium.org, ulan@chromium.org Review-Url: https://codereview.chromium.org/2484003002 Cr-Commit-Position: refs/heads/master@{#40970}
-
- 11 Nov, 2016 1 commit
-
-
bmeurer authored
This adds a new ExternalPointer type, which is an Internal type that is used for ExternalReferences and other pointer values, like the pointers into the asm.js heap. It also adds a PointerConstant operator, which we use to represents these raw constants (we can probably remove that particular operator again once WebAssembly ships with the validator). R=mvstanton@chromium.org BUG=v8:5267,v8:5270 Review-Url: https://codereview.chromium.org/2494753003 Cr-Commit-Position: refs/heads/master@{#40923}
-
- 10 Nov, 2016 2 commits
-
-
neis authored
With this CL, the bytecode graph builder no longer translates module loads/stores as runtime calls but in terms of two new JS operators. These are lowered in typed-lowering to a sequence of LoadField's. R=bmeurer@chromium.org CC=adamk@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2489863003 Cr-Commit-Position: refs/heads/master@{#40881}
-
bmeurer authored
This cleans up a few Type related TODOs, i.e. removing the now useless kSmi and kHeapNumber members from TypeCache. R=yangguo@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2488183002 Cr-Commit-Position: refs/heads/master@{#40874}
-
- 08 Nov, 2016 1 commit
-
-
bmeurer authored
This adds a new TypedObjectState operator, which is a version of ObjectState that carries along MachineTypes for the inputs, so we can tell the deoptimizer how to interpret the inputs, instead of having to force everything to Tagged. Drive-by-fix: Remove the unused id parameter from ObjectState. R=tebbi@chromium.org BUG=v8:5609 Review-Url: https://codereview.chromium.org/2488623002 Cr-Commit-Position: refs/heads/master@{#40832}
-
- 02 Nov, 2016 1 commit
-
-
bmeurer authored
R=epertoso@chromium.org Review-Url: https://codereview.chromium.org/2223873002 Cr-Commit-Position: refs/heads/master@{#40695}
-
- 25 Oct, 2016 1 commit
-
-
jgruber authored
This CL removes code that is now unused since the port of regexp.js has been completed. Removed functions / classes are: * regexp.js (GetSubstitution moved to string.js) * RegExpConstructResult stub * RegExpFlags intrinsic * RegExpSource intrinsic * RegExpInitializeAndCompile runtime function BUG=v8:5339 Review-Url: https://codereview.chromium.org/2448463002 Cr-Commit-Position: refs/heads/master@{#40547}
-
- 18 Oct, 2016 2 commits
-
-
jwolfe authored
BUG=v8:5388 Review-Url: https://codereview.chromium.org/2422383002 Cr-Commit-Position: refs/heads/master@{#40406}
-
bmeurer authored
The inlined version of Array.prototype.push returned the value that was pushed instead of the new "length" property value. R=jarin@chromium.org BUG=chromium:656037 Review-Url: https://codereview.chromium.org/2425903002 Cr-Commit-Position: refs/heads/master@{#40384}
-
- 13 Oct, 2016 1 commit
-
-
mvstanton authored
BUG= Review-Url: https://codereview.chromium.org/2402313003 Cr-Commit-Position: refs/heads/master@{#40245}
-
- 11 Oct, 2016 1 commit
-
-
mvstanton authored
We'll take expressions like typeof 'hello' and reduce it to 'string'. Neat! This CL moves the optimization to an explicit reduction in typed lowering that inserts a constant string, instead of relying on type matching. BUG= Review-Url: https://codereview.chromium.org/2411703002 Cr-Commit-Position: refs/heads/master@{#40175}
-