1. 16 Mar, 2018 4 commits
  2. 15 Mar, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Teach TurboFan about the TypedArray constructor. · 0875778f
      Benedikt Meurer authored
      This introduces a new JSCreateTypedArray operator, backed by a dedicated
      CreateTypedArray builtin, and adds support to lowering new TypedArray
      calls to this operator. This way we avoid the overhead of going through
      the generic construct stub machinery for hot code. This not only
      recovers the performance regression on the typed array constructor
      benchmarks, but even improves slightly beyond what we had in 6.6.
      
      We might in the future try to fully inline the TypedArray constructor
      into optimized code for certain cases.
      
      Bug: chromium:820726, v8:7503, v8:7518
      Change-Id: Ied465924d5695db576d533792f1db68456b9b5ea
      Reviewed-on: https://chromium-review.googlesource.com/959010
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51973}
      0875778f
  3. 12 Mar, 2018 1 commit
  4. 05 Mar, 2018 2 commits
    • Vaclav Brozek's avatar
      TF stubs out of ArrayIndexOf and ArrayInclude builtins · 44bed6a8
      Vaclav Brozek authored
      ArrayIndexOf is a monolithic builtin which does some checking and then handles
      three groups of fast arrays: those with holey doubles, compacted doubles and
      SMIs+objects. TF cannot reuse this efficiently, because calling the TFJ
      ArrayIndexOf duplicates some checks and also does not allow passing arguments
      through registers. Similarly for ArrayInclude.
      
      This CL splits the three different types of fast array handling into a separate
      TF stubs, and makes the parent TFJ as well as TurboFan itself use them where
      appropriate.
      
      The TODOs not tackled in this CL inculde:
      * passing an empty context to spare a register when possible
      * inlining the search loop if there is any performance gain to it
      
      (This is the contiunation of http://crrev.com/2757853002, moved due to Rietveld
      deprecation.)
      
      BUG=v8:5985
      
      Change-Id: I00c97b71be4892f8bc7e1ed6d72e02087618a9a6
      Reviewed-on: https://chromium-review.googlesource.com/573020
      Commit-Queue: Vaclav Brozek <vabr@chromium.org>
      Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51729}
      44bed6a8
    • Benedikt Meurer's avatar
      [es2015] Refactor the JSArrayIterator. · 06ee127b
      Benedikt Meurer authored
      This changes the JSArrayIterator to always have only a single instance
      type, instead of the zoo of instance types that we had before, and
      which became less useful with the specification update to when "next"
      is loaded from the iterator now. This greatly simplifies the baseline
      implementation of the array iterator, which now only looks at the
      iterated object during %ArrayIteratorPrototype%.next invocations.
      
      In TurboFan we introduce a new JSCreateArrayIterator operator, that
      holds the IterationKind and get's the iterated object as input. When
      optimizing %ArrayIteratorPrototype%.next in the JSCallReducer, we
      check whether the receiver is a JSCreateArrayIterator, and if so,
      we try to infer maps for the iterated object from there. If we find
      any, we speculatively assume that these won't have changed during
      iteration (as we did before with the previous approach), and generate
      fast code for both JSArray and JSTypedArray iteration.
      
      Drive-by-fix: Drop the fast_array_iteration protector, it's not
      necessary anymore since we have the deoptimization guard bit in
      the JSCallReducer now.
      
      This addresses the performance cliff noticed in webpack 4. The minimal
      repro on the tracking bug goes from
      
        console.timeEnd: mono, 124.773000
        console.timeEnd: poly, 670.353000
      
      to
      
        console.timeEnd: mono, 118.709000
        console.timeEnd: poly, 141.393000
      
      so that's a 4.7x improvement.
      
      Also make presubmit happy by adding the missing #undef's.
      
      Bug: v8:7510, v7:7514
      Change-Id: I79a46bfa2cd0f0710e09365ef72519b1bbb667b5
      Reviewed-on: https://chromium-review.googlesource.com/946098Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51725}
      06ee127b
  5. 02 Mar, 2018 1 commit
  6. 01 Mar, 2018 1 commit
  7. 28 Feb, 2018 2 commits
  8. 23 Feb, 2018 5 commits
  9. 21 Feb, 2018 1 commit
  10. 20 Feb, 2018 3 commits
    • Benedikt Meurer's avatar
      [turbofan] Support inlining of builtins based on SharedFunctionInfo. · e465a4f3
      Benedikt Meurer authored
      This makes the inlining of the default resolve/reject closures generated
      by the Promise constructor effective. To be really useful we still need
      to have the Promise constructor inlined (work-in-progress) and eventually
      track SharedFunctionInfo feedback in the CALL_IC.
      
      Bug: v8:2206, v8:7253
      Change-Id: I08fa8ca72754f459ae36027a55377ef57d411cdc
      Reviewed-on: https://chromium-review.googlesource.com/926103
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51390}
      e465a4f3
    • Peter Marshall's avatar
      [turbofan] Inline promise constructor in turbofan. · 46c199a5
      Peter Marshall authored
      Inline the promise constructor when we have one argument and target
      matches new_target.
      
      This is not complete, and is sitting behind an experimental flag for
      now. We need to fix deoptimization by providing proper frame states.
      
      Create a unittest class for JSCallReducer - just assert whether there
      was a change or not, rather than specify the exact graph that should be
      produced.
      
      Bug: v8:7253
      Change-Id: Ib6886a8feb2799f47cd647853cabcf12a189bc25
      Reviewed-on: https://chromium-review.googlesource.com/919282
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51389}
      46c199a5
    • Benedikt Meurer's avatar
      [turbofan] Optimize promise resolution. · be6d1292
      Benedikt Meurer authored
      This CL introduces new operators JSFulfillPromise and JSPromiseResolve,
      corresponding to the specification operations with the same name, and
      uses that to lower calls to Promise.resolve() builtin to JSPromiseResolve.
      
      We also optimize JSPromiseResolve and JSResolvePromise further based on
      information found about the value/resolution in the graph. This applies
      to both Promise.resolve() builtin calls and implicit resolve operations
      in async functions and async generators.
      
      On a very simple microbenchmark like
      
        console.time('resolve');
        for (let i = 0; i < 1e8; ++i) Promise.resolve({i});
        console.timeEnd('resolve');
      
      this CL reduces the execution time from around 3049ms to around 947ms,
      which is a pretty significant 3x improvement. On the wikipedia benchmark
      we observe an improvement around 2% with this CL.
      
      Bug: v8:7253
      Change-Id: Ic69086cdc1b724f35dbe83305795539c562ab817
      Reviewed-on: https://chromium-review.googlesource.com/913488Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51387}
      be6d1292
  11. 16 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Properly optimize calls to promise extras. · 13ca9a0f
      Benedikt Meurer authored
      Add TurboFan inlining support for the following V8 Extras:
      
       - v8.createPromise
       - v8.rejectPromise
       - v8.resolvePromise
      
      These are used by the streams implementation in Chrome currently, and
      were previously not inlined into TurboFan, although TurboFan already
      had all the necessary functionality (namely the JSCreatePromise,
      JSRejectPromise and JSResolvePromise operators). We might eventually
      want to use these functions in Node core as well (at least short-term
      for Node 10), to replace the C++ internal API functions with the same
      name that are currently being used by parts of Node core.
      
      For this to work, the rejectPromise and resolvePromise builtins had
      to be moved back to CSA, as for JavaScript builtins we still have the
      policy that the optimizing compiler must not inline them. But that's
      straight-forward since the CSA has all the necessary functionality
      available anyways.
      
      Bug: v8:7253
      Change-Id: I39ab015c379956cd58ace866e17f8ec23b2257b2
      Reviewed-on: https://chromium-review.googlesource.com/924146Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51332}
      13ca9a0f
  12. 13 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Refactor the promise resolution and rejection logic. · c0412961
      Benedikt Meurer authored
      This introduces dedicated builtins
      
        - FulfillPromise,
        - RejectPromise, and
        - ResolvePromise,
      
      which perform the corresponding operations from the language
      specification, and removes the redundant entry points and the
      excessive inlining of these operations into other builtins. We
      also add the same logic on the C++ side, so that we don't need
      to go into JavaScript land when resolving/rejecting from the
      API.
      
      The C++ side has a complete implementation, including full support
      for the debugger and the current PromiseHook machinery. This is to
      avoid constantly crossing the boundary for those cases, and to also
      simplify the CSA side (and soon the TurboFan side), where we only
      do the fast-path and bail out to the runtime for the general handling.
      
      On top of this we introduce %_RejectPromise and %_ResolvePromise,
      which are entry points used by the bytecode and parser desugarings
      for async functions, and also used by the V8 Extras API. Thanks to
      this we can uniformly optimize these in TurboFan, where we have
      corresponding operators JSRejectPromise and JSResolvePromise, which
      currently just call into the builtins, but middle-term can be further
      optimized, i.e. to skip the "then" lookup for JSResolvePromise when
      we know something about the resolution.
      
      In TurboFan we can also already inline the default PromiseCapability
      [[Reject]] and [[Resolve]] functions, although this is not as effective
      as it can be right now, until we have inlining support for the Promise
      constructor (being worked on by petermarshall@ right now) and/or SFI
      based CALL_IC feedback.
      
      Overall this change is meant as a refactoring without significant
      performance impact anywhere; it seems to improve performance of
      simple async functions a bit, but otherwise is neutral.
      
      Bug: v8:7253
      Change-Id: Id0b979f9b2843560e38cd8df4b02627dad4b6d8c
      Reviewed-on: https://chromium-review.googlesource.com/911632Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51260}
      c0412961
  13. 08 Feb, 2018 1 commit
    • Adam Klein's avatar
      Revert "[builtins] Mega-revert to address the Dev blocker in crbug.com/808911." · 3916401e
      Adam Klein authored
      This reverts commit 14108f4c.
      
      Reason for revert: Not the culprit for Canary microtask crashes
      
      Original change's description:
      > [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
      > 
      > - Revert "[builtins] Save one word in contexts for Promise.all."
      >   This reverts commit 7632da06.
      > - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
      >   This reverts commit d4f072ce.
      > - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
      >   This reverts commit 6703dacd.
      > - Revert "[debugger] Properly deal with settled promises in catch prediction."
      >   This reverts commit 40dd0658.
      > - Revert "[builtins] Widen the fast-path for Promise builtins."
      >   This reverts commit db0556b7.
      > - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
      >   This reverts commit a582199c.
      > - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
      >   This reverts commit 6bf88852.
      > - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
      >   This reverts commit 313b490d.
      > - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
      >   This reverts commit f7bd6a2f.
      > - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
      >   This reverts commit b23b098f.
      > - Revert "[promise] Remove incorrect fast path"
      >   This reverts commit 0f6eafe8.
      > - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
      >   This reverts commit 8a677a28.
      > - Revert "[builtins] Refactor promises to reduce GC overhead."
      >   This reverts commit 8e7737cb.
      > 
      > Tbr: hpayer@chromium.org
      > Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      > Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
      > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      > Reviewed-on: https://chromium-review.googlesource.com/906991
      > Commit-Queue: Yang Guo <yangguo@chromium.org>
      > Commit-Queue: Adam Klein <adamk@chromium.org>
      > Reviewed-by: Adam Klein <adamk@chromium.org>
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#51158}
      
      Change-Id: I09d958cbebd635a325809072a290f2f53df8c5d4
      Tbr: adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
      Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/908988Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51181}
      3916401e
  14. 07 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Mega-revert to address the Dev blocker in crbug.com/808911. · 14108f4c
      Benedikt Meurer authored
      - Revert "[builtins] Save one word in contexts for Promise.all."
        This reverts commit 7632da06.
      - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
        This reverts commit d4f072ce.
      - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
        This reverts commit 6703dacd.
      - Revert "[debugger] Properly deal with settled promises in catch prediction."
        This reverts commit 40dd0658.
      - Revert "[builtins] Widen the fast-path for Promise builtins."
        This reverts commit db0556b7.
      - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
        This reverts commit a582199c.
      - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
        This reverts commit 6bf88852.
      - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
        This reverts commit 313b490d.
      - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
        This reverts commit f7bd6a2f.
      - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
        This reverts commit b23b098f.
      - Revert "[promise] Remove incorrect fast path"
        This reverts commit 0f6eafe8.
      - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
        This reverts commit 8a677a28.
      - Revert "[builtins] Refactor promises to reduce GC overhead."
        This reverts commit 8e7737cb.
      
      Tbr: hpayer@chromium.org
      Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
      Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/906991
      Commit-Queue: Yang Guo <yangguo@chromium.org>
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51158}
      14108f4c
  15. 06 Feb, 2018 1 commit
  16. 02 Feb, 2018 1 commit
    • Benedikt Meurer's avatar
      [builtins] Unify PerformPromiseThen and optimize it with TurboFan. · a582199c
      Benedikt Meurer authored
      This creates a uniform PerformPromiseThen builtin, which performs the
      operation with the same name from the spec, except that it expects the
      handlers to be either undefined or callable already, since this is only
      relevant for a single callsite (namely Promise.prototype.then).
      
      Introduce a matching operator JSPerformPromiseThen into TurboFan, which
      represents this operation and removes the additional checks in case of
      Promise.prototype.then based on the information we can derived from the
      receiver maps.
      
      This yields a nice 20-25% improvement on Promise.prototype.then, as
      illustrated by the following micro-benchmark
      
      ```js
      const N = 1e7;
      function inc(x) { return x + 1; }
      function chain(promise) {
        return promise.then(inc).then(value => {
            if (value < N) chain(Promise.resolve(value));
          });
      }
      console.time('total');
      chain(Promise.resolve(0));
      setTimeout(console.timeEnd.bind(console, 'total'));
      ```
      
      which goes from around 1230ms to 930ms with this patch.
      
      Bug: v8:7253
      Change-Id: I5712a863acdbe7da3bb8e621887c7b952148c51a
      Reviewed-on: https://chromium-review.googlesource.com/899064Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51071}
      a582199c
  17. 31 Jan, 2018 1 commit
  18. 26 Jan, 2018 1 commit
    • Sigurd Schneider's avatar
      [turbofan] Speculate on bounds checks for String#char[Code]At · ee2d85a3
      Sigurd Schneider authored
      With the new builtin optimization guard we can just speculatively assume
      that the index passed to String#charAt and String#charCodeAt (in
      optimized
      code) is going to be within the valid range for the receiver. This is
      what Crankshaft used to do, and it avoids Smi checks on the result for
      String#charCodeAt, since it can no longer return NaN.
      
      This gives rise to further optimizations of these builtins (i.e. to
      completely avoid the tagging of char codes), and by itself already
      improves the regression test originally reported from 650ms to
      610ms.
      
      Bug: v8:7127, v8:7326
      Change-Id: I6c160540a1e002a37e44fa7f920e5e8f8c2c4210
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/873382
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50888}
      ee2d85a3
  19. 24 Jan, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Reduce promise creation overhead in async functions · 18d02b4f
      Benedikt Meurer authored
      This adds a new operator JSCreatePromise, which currently allocates
      a native JSPromise instance and initializes it to pending state.
      
      In addition to that we introduce a new PromiseHookProtector, which
      get's invalidated the first time someone enables the debugger or
      installs a PromiseHook (via async_hooks for example). As long as
      the protector is intact we lower AsyncFunctionPromiseCreate to
      JSCreatePromise and AsyncFunctionPromiseRelease to a no-op in
      optimized code.
      
      This yields a speedup of roughly 33% on the benchmark mentioned
      in the bug.
      
      Bug: v8:7271, v8:7253
      Change-Id: Ib5d219f2b6e052a7cc5e6ed5aa66dd3c8885a859
      Reviewed-on: https://chromium-review.googlesource.com/883124
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50849}
      18d02b4f
  20. 22 Jan, 2018 1 commit
  21. 19 Jan, 2018 1 commit
  22. 04 Jan, 2018 1 commit
  23. 03 Jan, 2018 3 commits
  24. 29 Dec, 2017 1 commit
  25. 22 Dec, 2017 1 commit
  26. 21 Dec, 2017 2 commits