- 24 Jun, 2020 1 commit
-
-
Maya Lekova authored
Bug: v8:10619 Change-Id: I9097e203404ca36301a08665a7383c9585301a67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264359 Commit-Queue: Maya Lekova <mslekova@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#68518}
-
- 28 May, 2020 1 commit
-
-
Nico Hartmann authored
This is a reland of 6204768b The original issue exposed the problem that NumberEqual performs implicit conversion of oddballs to numbers, which is incorrect for abstract equality comparison (i.e. 0 == null must not be true). This reland fixes this by applying the following steps: * Introduced a new kNumberOrBoolean value for CompareOperationFeedback, CompareOperationHint, TypeCheckKind and CheckedTaggedInputMode. * In CodeStubAssembler::Equal: Further distinguish between boolean and non-boolean oddballs and set feedback accoringly. * In JSTypedLowering: Construct [Speculative]NumberEqual operator with CompareOperationHint::kNumberOrBoolean, when this feedback is present. JSOperatorBuilder and operator cache are extended accordingly. * In SimplifiedLowering: Propagate a UseInfo with new TypeCheckKind::kNumberOrBoolean. * This leads to the generation of CheckedTaggedToFloat64 in RepresentationChanger with new CheckedTaggedInputMode::kNumberOrBoolean. * In EffectControlLinearizer: Handle this new mode. Accept and convert number and boolean and deopt for rest. Original change's description: > [turbofan] Improve equality on NumberOrOddball > > This CL cleans up CompareOperationFeedback by replacing it with a > composable set of flags. The interpreter is changed to collect > more specific feedback for abstract equality, especially if oddballs > are involved. > > TurboFan is changed to construct SpeculativeNumberEqual operator > instead of the generic JSEqual in many more cases. This change has > shown a local speedup of a factor of 3-10, because the specific > operator is way faster than calling into the generic builtin, but > it also enables additional optimizations, further improving > runtime performance. > > Bug: v8:5660 > Change-Id: I856752caa707e9a4f742c6e7a9c75552fb431d28 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162854 > Reviewed-by: Mythri Alle <mythria@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67645} TBR: tebbi@chromium.org Bug: v8:5660 Change-Id: I12e733149a1d2773cafb781a1d4b10aa1eb242a7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193713 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68037}
-
- 21 Feb, 2020 1 commit
-
-
Mike Stanton authored
Relanding the Fast C API code with fix for UBSan undefined behavior issue. Design doc: http://doc/1SAHn7d8M7CoazTd1laVF8gduFC_ikZWiYuytrR9c4Oc/ This CL implements basic API with integer and pointer types marshaling. What is not supported yet: - sequences - annotations - floating point arguments - 64-bit arguments - exception handling - InstanceOf checks for the pointer types - functions with non-void return type Bug: chromium:1052746 TBR=yangguo@chromium.org,mvstanton@chromium.org,neis@chromium.org,leszeks@chromium.org,verwaest@chromium.org,mslekova@chromium.org Change-Id: Ifca9de3156cf18c9dac0d14c19f8d6a7004cad83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2066971Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#66391}
-
- 19 Feb, 2020 2 commits
-
-
Shu-yu Guo authored
This reverts commit 4e11ad92. Reason for revert: Signed int overflow in TestFastApiCalls in UBSan https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/9976 Original change's description: > [turbofan] Fast API calls from TurboFan > > Relanding the Fast C API code with fix for arm sim lite build. > > Design doc: > http://doc/1SAHn7d8M7CoazTd1laVF8gduFC_ikZWiYuytrR9c4Oc/ > > This CL implements basic API with integer and pointer types marshaling. > > What is not supported yet: > - sequences > - annotations > - floating point arguments > - 64-bit arguments > - exception handling > - InstanceOf checks for the pointer types > - functions with non-void return type > > Bug: chromium:1052746 > > TBR=yangguo@chromium.org,mvstanton@chromium.org,neis@chromium.org,leszeks@chromium.org,verwaest@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org > > Change-Id: I4421ce817e3b6159a38d2cb39fb97847f128e648 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064223 > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Commit-Queue: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66344} TBR=mvstanton@chromium.org Change-Id: I63bde3e0b7f92506fd8ec6d39683524bc9811aa6 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1052746 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2062739Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66347}
-
Mike Stanton authored
Relanding the Fast C API code with fix for arm sim lite build. Design doc: http://doc/1SAHn7d8M7CoazTd1laVF8gduFC_ikZWiYuytrR9c4Oc/ This CL implements basic API with integer and pointer types marshaling. What is not supported yet: - sequences - annotations - floating point arguments - 64-bit arguments - exception handling - InstanceOf checks for the pointer types - functions with non-void return type Bug: chromium:1052746 TBR=yangguo@chromium.org,mvstanton@chromium.org,neis@chromium.org,leszeks@chromium.org,verwaest@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org Change-Id: I4421ce817e3b6159a38d2cb39fb97847f128e648 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064223Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#66344}
-
- 18 Feb, 2020 2 commits
-
-
Shu-yu Guo authored
This reverts commit 50790c0b. Reason for revert: Arm sim compile breakage: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/8657 Original change's description: > [turbofan] Fast API calls from TurboFan > > Design doc: > http://doc/1SAHn7d8M7CoazTd1laVF8gduFC_ikZWiYuytrR9c4Oc/ > > This CL implements basic API with integer and pointer types marshaling. > > What is not supported yet: > - sequences > - annotations > - floating point arguments > - 64-bit arguments > - exception handling > - InstanceOf checks for the pointer types > - functions with non-void return type > > Bug: chromium:1052746 > > Change-Id: Idbbf6dd50f43dfc9f8d707fe3333e5da3da84a13 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030740 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66322} TBR=yangguo@chromium.org,mvstanton@chromium.org,neis@chromium.org,leszeks@chromium.org,verwaest@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org Change-Id: Id4301f46618d92fc1f65f1db8e1961793a91a09c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1052746 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2062570Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66323}
-
Maya Lekova authored
Design doc: http://doc/1SAHn7d8M7CoazTd1laVF8gduFC_ikZWiYuytrR9c4Oc/ This CL implements basic API with integer and pointer types marshaling. What is not supported yet: - sequences - annotations - floating point arguments - 64-bit arguments - exception handling - InstanceOf checks for the pointer types - functions with non-void return type Bug: chromium:1052746 Change-Id: Idbbf6dd50f43dfc9f8d707fe3333e5da3da84a13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030740 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#66322}
-
- 20 Nov, 2019 1 commit
-
-
Jakob Kummerow authored
They have to be in sync, so this patch updates both systems. Bug: v8:4153 Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65078}
-
- 11 Nov, 2019 1 commit
-
-
Santiago Aboy Solanes authored
Including but not limiting to removing: * BitcastCompressedXXX * CheckedCompressedXXX * ChangeXXXToCompressedYYY * ChangeCompressedXXX As a note, ChangeTaggedToCompressed can't be removed just yet as it is still in use. Bug: v8:7703 Change-Id: I98cf88a32adfa976d419e69702d1cac4d3e811a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903435 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#64880}
-
- 16 Oct, 2019 1 commit
-
-
Sathya Gunasekaran authored
Updates CSA::TryToIntptr to handle array indices that are less than INT_MAX which allows to handle string keys in the ICs. Updates ICs to go monomorphic for string keys that are array indices. Updates Turbofan to handle array indices when lowering element access. Change-Id: Ibdde20130e075d0d645ab4a8266a968335eaad84 Bug: v8:9449 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813018Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64320}
-
- 19 Sep, 2019 1 commit
-
-
Clemens Hammacher authored
This reverts commit 6f9b2bd4. Reason for revert: Fails on nvidia bots, blocking LKGR: https://ci.chromium.org/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/5005 Original change's description: > [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly > > On-heap typed arrays contain HeapObject value in |base_pointer| field > and an offset in |external_pointer| field. When pointer compression is > enabled we want to combine decompression with the offset addition. > In order to do that we add an isolate root to the external_pointer value > and therefore the data pointer computation can is a simple addition of > a (potentially sign-extended) |base_pointer| loaded as Tagged_t value > and an |external_pointer| value. > > Bug: v8:9706 > Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63874} TBR=ulan@chromium.org,neis@chromium.org,jgruber@chromium.org,ishell@chromium.org,verwaest@chromium.org Change-Id: I901280dd191e78d02969600f775c4f0da796921f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9706 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813027Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63886}
-
- 18 Sep, 2019 1 commit
-
-
Igor Sheludko authored
On-heap typed arrays contain HeapObject value in |base_pointer| field and an offset in |external_pointer| field. When pointer compression is enabled we want to combine decompression with the offset addition. In order to do that we add an isolate root to the external_pointer value and therefore the data pointer computation can is a simple addition of a (potentially sign-extended) |base_pointer| loaded as Tagged_t value and an |external_pointer| value. Bug: v8:9706 Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63874}
-
- 26 Aug, 2019 1 commit
-
-
Maya Lekova authored
This is a reland of 8ff8ddba Original change's description: > [turbofan] Further brokerize BytecodeGraphBuilder > > Replace all usages of VectorSlotPair with FeedbackSource. > > Bug: v8:7790 > Change-Id: I0ac6e9cd8f5730154cc1842e267ca1ebfdebc874 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763536 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63378} Bug: v8:7790 Change-Id: I54fbf4433a65681780fda4ded09ec2d145d36ec1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768361Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63391}
-
- 23 Aug, 2019 2 commits
-
-
Bill Budge authored
This reverts commit 8ff8ddba. Reason for revert: Causes failures on GC Stress and TSan: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24138 https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/27969 Original change's description: > [turbofan] Further brokerize BytecodeGraphBuilder > > Replace all usages of VectorSlotPair with FeedbackSource. > > Bug: v8:7790 > Change-Id: I0ac6e9cd8f5730154cc1842e267ca1ebfdebc874 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763536 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63378} TBR=neis@chromium.org,mslekova@chromium.org Change-Id: Ieb6fb24dd0626fd9eb2183844614ac5b3c8084e8 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1769287Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#63387}
-
Maya Lekova authored
Replace all usages of VectorSlotPair with FeedbackSource. Bug: v8:7790 Change-Id: I0ac6e9cd8f5730154cc1842e267ca1ebfdebc874 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763536 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63378}
-
- 12 Aug, 2019 1 commit
-
-
Santiago Aboy Solanes authored
We weren't fully using InsertChangeCompressedToTagged and similar, which in turn made it so that we were using more NewNode. This CL unifies the way that we generate the insertion of Change nodes regarding decompressions. Dribe-by fix: make InsertChangeCompressedPointerToTaggedPointer actually use Pointer. Bug: v8:7703 Change-Id: I1d8835a54914cdab93f652ff17e39e8271a585df Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741661Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63154}
-
- 09 Aug, 2019 1 commit
-
-
Santiago Aboy Solanes authored
Some of the Float(32|64) to CompressedSigned cases had their functions defined already so they are virtually free to implement. We are still missing the unsigned case so I am keeping the TODO. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:7703 Change-Id: Ibf40d5948226fd48aebe7f8e257c117d6a5ad478 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708483Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63143}
-
- 24 Jul, 2019 1 commit
-
-
Santiago Aboy Solanes authored
If we already know it has CompressedPointer representation, let's use that information to decompress more efficiently. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:7703 Change-Id: I3591bf67a7c0369c40ca6e7af16183530f8cd269 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709049Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#62887}
-
- 12 Jul, 2019 1 commit
-
-
Nico Hartmann authored
This change implements lowering of speculative BigInt addition as well as BigInt heap constants to corresponding int64 versions, if they are used in a context where the result is truncated to the least significant 64 bits (e.g. using asUintN). The JSHeapBroker is extended to provide access to the BigInt's least significant digit during concurrent compilation. The BigInt context (required to introduce correct conversions) is recognized in the RepresentationChanger by either the output type propagated downward or the TypeCheckKind propagated upward. This is necessary, because the TypeCheckKind may only be set by nodes that may potentially deopt (and sit in the effect chain). This is the case for SpeculativeBigIntAdd, but not for BigIntAsUintN. This CL contains a simple fix to prevent int64-lowered BigInts to flow into state values as the deoptimizer cannot handle them yet. A more sophisticated solution to allow the deoptimizer to materialize truncated BigInts will be added in a following CL. Bug: v8:9407 Change-Id: I96a293e9077962f53e5f199857644f004e3ae56e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684183 Commit-Queue: Nico Hartmann <nicohartmann@google.com> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62665}
-
- 02 Jul, 2019 1 commit
-
-
Nico Hartmann authored
Operations on BigInts, for which TurboFan statically knows that they are no larger than 2^64, can be lowered to efficient machine code in TurboFan. This is the first step in doing so by generating efficient code for asUintN and the required checks and conversions. Bug: v8:9407 Change-Id: I51f6505f6c4567434fa369fcf870a09871487f51 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1680548 Commit-Queue: Nico Hartmann <nicohartmann@google.com> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62488}
-
- 26 Jun, 2019 1 commit
-
-
Nico Hartmann authored
This is a reland of 5ff38bae Original change's description: > [TurboFan] Fast path for JSAdd with BigInt feedback > > This CL introduces the necessary infrastructure to generate speculative > BigInt operations in case of BigInt feedback. In particular, the JSAdd > operator is lowered to a speculative call to the BigIntAdd builtin, > with a deopt bailout in case of exceptions or violated assumptions. > > Bug: v8:9213 > Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916 > Commit-Queue: Nico Hartmann <nicohartmann@google.com> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62362} Bug: v8:9213 Change-Id: Ic0caf7aab2103b8f5e22a504427e8604cc894d75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677209Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@google.com> Cr-Commit-Position: refs/heads/master@{#62381}
-
- 25 Jun, 2019 2 commits
-
-
Francis McCabe authored
This reverts commit 5ff38bae. Reason for revert: flaky test that is not normally flaky failed. See: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20nosnap%20-%20debug/24531 Original change's description: > [TurboFan] Fast path for JSAdd with BigInt feedback > > This CL introduces the necessary infrastructure to generate speculative > BigInt operations in case of BigInt feedback. In particular, the JSAdd > operator is lowered to a speculative call to the BigIntAdd builtin, > with a deopt bailout in case of exceptions or violated assumptions. > > Bug: v8:9213 > Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916 > Commit-Queue: Nico Hartmann <nicohartmann@google.com> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62362} TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,nicohartmann@google.com Change-Id: I5ae63a0183283894b6d1130792ab37a95b014550 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9213 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676607Reviewed-by: Francis McCabe <fgm@chromium.org> Commit-Queue: Francis McCabe <fgm@chromium.org> Cr-Commit-Position: refs/heads/master@{#62364}
-
Nico Hartmann authored
This CL introduces the necessary infrastructure to generate speculative BigInt operations in case of BigInt feedback. In particular, the JSAdd operator is lowered to a speculative call to the BigIntAdd builtin, with a deopt bailout in case of exceptions or violated assumptions. Bug: v8:9213 Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916 Commit-Queue: Nico Hartmann <nicohartmann@google.com> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62362}
-
- 31 May, 2019 1 commit
-
-
Jaroslav Sevcik authored
Truncation::Float64 is confusing; in reality, we mean that oddballs and big-ints are identified with their ToNumber counterparts. Bug: v8:9183 Change-Id: Ibcce990327ac7e01e36a2237ad39c374ac9922aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632224 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#61937}
-
- 22 May, 2019 1 commit
-
-
Tobias Tebbi authored
Bug: chromium:965513 Change-Id: I18ff91c98ad6106c5d4df260e6ead6a9e2425dbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622119 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61730}
-
- 12 Apr, 2019 1 commit
-
-
Santiago Aboy Solanes authored
This CL can be used as a base for specialising CompressedSigned and CompressedPointer. B Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:8977, v8:7703 Change-Id: I43c8e7f57021ac506822aba5bbd4bdf6cc3159ba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543731 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#60827}
-
- 03 Apr, 2019 1 commit
-
-
Santiago Aboy Solanes authored
Includes both changing from compressed pointers and to compressed pointers. Also added tests to the representation changer test B Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:8977 Change-Id: I8a13f6b7ec2208442aa354949173cc9061bce168 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533866Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#60587}
-
- 01 Apr, 2019 1 commit
-
-
Sigurd Schneider authored
Bug: v8:9020 Change-Id: If32de05a48bddf5f746b2a3ea810ee350f6a7dda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541051 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#60540}
-
- 26 Feb, 2019 1 commit
-
-
Benedikt Meurer authored
We somehow forgot to thread through the VectorSlotPair for the CALL_IC based speculation feedback to CheckedTaggedToTaggedPointer. This was showing for example with `String#concat()` where we ended up with an endless deoptimization loop if the parameter was a Smi. Bug: v8:8913 Change-Id: I84d90403f6fada9b435d4eb71c689edc3c34dc86 Reviewed-on: https://chromium-review.googlesource.com/c/1488770 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#59871}
-
- 02 Jan, 2019 1 commit
-
-
Clemens Hammacher authored
Apart from being more in-line with the style guide, this allows to use DEFINE_LAZY_LEAKY_OBJECT_GETTER for defining {TypeCache::Get}. R=tebbi@chromium.org Bug: v8:8562 Change-Id: I016b28624950ce9404180fc1ca1a232551f75cd0 Reviewed-on: https://chromium-review.googlesource.com/c/1392201Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58500}
-
- 29 Oct, 2018 1 commit
-
-
Benedikt Meurer authored
This introduces Word64 support for the CheckBounds operator, which now lowers to either CheckedUint32Bounds or CheckedUint64Bounds after the representation selection. The right hand side of CheckBounds can now be any positive safe integer on 64-bit architectures, whereas it remains Unsigned31 for 32-bit architectures. We only use the extended Word64 support when the right hand side is outside the Unsigned31 range, so for everything except DataViews this means that the performance should remain the same. The typing rule for the CheckBounds operator was updated to reflect this new behavior. The CheckBounds with a right hand side outside the Unsigned31 range will pass a new Signed64 feedback kind, which is handled with newly introduced CheckedFloat64ToInt64 and CheckedTaggedToInt64 operators in representation selection. The JSCallReducer lowering for DataView getType()/setType() methods was updated to not smi-check the [[ByteLength]] and [[ByteOffset]] anymore, but instead just use the raw uintptr_t values and operate on any value (for 64-bit architectures these fields can hold any positive safe integer, for 32-bit architectures it's limited to Unsigned31 range as before). This means that V8 can now handle huge DataViews fully, without falling off a performance cliff. This refactoring even gave us some performance improvements, on a simple micro-benchmark just exercising different DataView accesses we go from testDataViewGetUint8: 796 ms. testDataViewGetUint16: 997 ms. testDataViewGetInt32: 994 ms. testDataViewGetFloat64: 997 ms. to testDataViewGetUint8: 895 ms. testDataViewGetUint16: 889 ms. testDataViewGetInt32: 888 ms. testDataViewGetFloat64: 890 ms. meaning we lost around 10% on the single byte case, but gained 10% across the board for all the other element sizes. Design-Document: http://bit.ly/turbofan-word64 Bug: chromium:225811, v8:4153, v8:7881, v8:8171, v8:8383 Change-Id: Ic9d1bf152e47802c04dcfd679372e5c85e4abc83 Reviewed-on: https://chromium-review.googlesource.com/c/1303732Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#57095}
-
- 01 Oct, 2018 1 commit
-
-
Benedikt Meurer authored
Following up on the earlier work regarding redundant Smi checks in https://chromium-review.googlesource.com/c/v8/v8/+/1246181, it was noticed that the handling of the 0 and -0 and how some operations identify these is not really consistent, but was still rather ad-hoc. This change tries to unify the handling a bit by making sure that all number comparisons generally pass truncations that identify zeros, since for the number comparisons in JavaScript there's no difference between 0 and -0. In the same spirit NumberAbs and NumberToBoolean should also pass these truncations, since they also don't care about the differences between 0 and -0. Adjust NumberCeil, NumberFloor, NumberTrunc, NumberMin and NumberMax to pass along any incoming kIdentifiesZeros truncation, since these operations also don't really care whether the inputs can be -0 if the use nodes don't care. Also utilize the kIdentifiesZeros truncation for NumberModulus with Signed32 inputs, because it's kind of common to do something like `x % 2 === 0`, where it doesn't really matter whether `x % 2` would eventually produce a negative zero (since that would still be considered true for the sake of the comparison). This also adds a whole lot of tests to ensure that not only are these optimizations correct, but also that we do indeed perform them. Drive-by-fix: The `NumberAbs(x)` would incorrectly lower to just `x` for PositiveIntegerOrMinusZeroOrNaN inputs, which was obviously wrong in case of -0. This was fixed as well, and an appropriate test was added. The reason for the unification is that with the introduction of Word64 for CheckBounds (which is necessary to support large TypedArrays and DataViews) we can no longer safely pass Word32 truncations for the interesting cases, since the index might be outside the Signed32 or Unsigned32 ranges, but we still identify 0 and -0 for the sake of the bounds check, and so it's important that this is handled consistently to not regress performance on TypedArrays and DataViews accesses. Bug: v8:8015, v8:8178 Change-Id: Ia1d32f1b726754cea1e5793105d9423d84a6393a Reviewed-on: https://chromium-review.googlesource.com/1246172Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56325}
-
- 17 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
This change introduces the necessary conversion operators to convert from Word64 to other representations (Tagged, Word32, Float64, etc.), and plugs in the Word64 representation for NumberAdd/NumberSubtract, such that TurboFan will go to Int64Add/Sub on 64-bit architectures when the inputs and the output of the operation is in safe integer range. This includes the necessary changes to the Deoptimizer to be able to rematerialize Int64 values as Smi/HeapNumber when going back to Ignition later. This change might affect performance, although measurements indicate that there should be no noticable performance impact. The goal is to have TurboFan support Word64 representation to a degree that changing the TypedArray length to an uint64_t (for 64-bit archs) becomes viable and doesn't have any negative performance implications. Independent of that we might get performance improvements in other areas such as for crypto code later. Bug: v8:4153, v8:7881, v8:8171, v8:8178 Design-Document: bit.ly/turbofan-word64 Change-Id: I29d56e2a31c1bae61d04a89d29ea73f21fd49c59 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel Reviewed-on: https://chromium-review.googlesource.com/1225709 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55937}
-
- 14 Sep, 2018 2 commits
-
-
Benedikt Meurer authored
This adds support to TurboFan's representation selection for the Word64 representation, and makes use of that to handle indices for memory access and allocation instructions (i.e. LoadElement, StoreElement, Allocate, etc.). These instructions had previously used Word32 as representation for the indices / sizes, and then internally converted it to the correct representation (aka Word64 on 64-bit architectures) later on, but that was kind of brittle, and sometimes led to weird generated code. The change thus only adds support to convert integer values in the safe integer range from all kinds of representations to Word64 (on 64-bit architectures). We don't yet handle the opposite direction and none of the representation selection heuristics for the numeric operations were changed so far. This will be done in follow-up CLs. This CL itself is supposed to be neutral wrt. functionality, and only serves as a starting point, and a cleanup for the (weird) implicit Word64 index/size handling. Bug: v8:7881, v8:8015, v8:8171 Design-Document: http://bit.ly/turbofan-word64 Change-Id: I3c6961a0e96cbc3fb8ac9d3e1be8f2e5c89bfd25 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel Reviewed-on: https://chromium-review.googlesource.com/1224932 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55886}
-
Benedikt Meurer authored
This truncation doesn't have a proper meaning anyways and has never been used inside the representation selection. For pointer fields we also don't need to pass on a truncation anyways. Bug: v8:8015 Change-Id: I5ff49e20b70fa70d6bcf7401a357cd7ad9f1a938 Reviewed-on: https://chromium-review.googlesource.com/1226870 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55885}
-
- 11 Sep, 2018 1 commit
-
-
Jaroslav Sevcik authored
This inserts unreachable node after uncoditional deopt in bit-to-word conversion and wires it as an input to the dead-value. This fixes a problem, where a floating dead-value was inserted by a change of bit-to-word (which always fails because bit cannot be converted to word). Without the unrachable node (which this CL inserts in the effect chain after deopt), the dead value was scheduled before the uncoditional deoptimization and crash at runtime. Unfortunately, I do not know how to construct a test that does not end up in an infinite loop. Bug: chromium:878805 Change-Id: Ia03060949f6a9b914807f5614fadcf2271911998 Reviewed-on: https://chromium-review.googlesource.com/1196663Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#55770}
-
- 14 May, 2018 1 commit
-
-
Georg Neis authored
We must not accept something of kBit representation as of kWord32 representation (unless it's truncated accordingly). Deopt instead. Bug: v8:7740 Change-Id: Ib4f73600d66f8762a6e22f7ea1ce79e8ef451b34 Reviewed-on: https://chromium-review.googlesource.com/1054670 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#53144}
-
- 28 Apr, 2018 1 commit
-
-
Jaroslav Sevcik authored
This is part of the effort to decrease the amount of undefined behavior. that v8 relies on. The main change here is to represent types with class Type rather than with pointer Type*. To make the CL smaller, I used an operator overload hack to separate the change from `->` to `.`. I am working on a CL that will remove the operator and change all those arrows to dots. Bug: v8:3770 Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22 Reviewed-on: https://chromium-review.googlesource.com/1032551 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52872}
-
- 08 Feb, 2018 1 commit
-
-
Sigurd Schneider authored
Bug: v8:7250 Change-Id: If4c9d0b32939a06993d3ffb39ac4b19edbad422f Reviewed-on: https://chromium-review.googlesource.com/906731Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51184}
-
- 23 Jan, 2018 1 commit
-
-
Sigurd Schneider authored
Simplified lowering may loose feedback by inserting Checked conversions for BoundsChecks in case the bounds check gets optimized away later on. Bug: v8:7127 Change-Id: I254a29ba4e578d653d1dee2d70582ce0a4b57789 Reviewed-on: https://chromium-review.googlesource.com/878743Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#50783}
-