Skip to content

V
V8
Switch branch/tag
  1. 18 Nov, 2015 1 commit
  3. 13 Nov, 2015 2 commits
    • ishell's avatar
      Object's body descriptors refactoring. · 138eb324
      ishell authored 
      1) Body descriptors moved to their own header files.
2) Missing body descriptors added.
3) Template versions of HeapObject::Iterate*() methods added.
4) Body descriptors support new kind of queries: IsValidSlot(offset) which can be used for invalid slots filtering.

This is a first step towards virtual and static visitors unification and support in-object properties in built-in (sub-)classes.

Review URL: https://codereview.chromium.org/1440243002

Cr-Commit-Position: refs/heads/master@{#31980}
      138eb324
    • bmeurer's avatar
      [turbofan] Introduce JSCallReducer to strength reduce JSCallFunction nodes. · 55c07a8b
      bmeurer authored 
      The JSCallReducer runs together with inlining and tries to strength
reduce JSCallFunction nodes; currently it can fold
Function.prototype.call and Function.prototype.apply (with arguments),
and make it possible to inline across them.

In the case of Function.prototype.apply with arguments we still have to
leave the JSCreateArguments node in the graph because there might be
other (frame state) uses. Once escape analysis is ready, it will take
care of removing these nodes and adding appropriate transitions for the
deoptimizer.

R=jarin@chromium.org
BUG=v8:4551
LOG=n

Review URL: https://codereview.chromium.org/1445513002

Cr-Commit-Position: refs/heads/master@{#31979}
      55c07a8b
  5. 09 Nov, 2015 1 commit
    • fedor's avatar
      binary-operator-reducer: reduce mul+div(shift) · 461e5b49
      fedor authored 
      Reduction Input:

    ChangeInt32ToFloat64=>          TruncateFloat64ToInt32
                         Float64Mul=>
    ChangeInt32ToFloat64=>          Float64Div=>TruncateFloat64ToInt32

Output:

         =>  TruncateInt64ToInt32
Int64Mul
         =>  Int64Shr => TruncateInt64ToInt32

Test code:

    function mul(a, b) {
      var l = a & 0x3ffffff;
      var h = b & 0x3ffffff;
      var m = l * h;

      var rl = m & 0x3ffffff;
      var rh = (m / 0x4000000) | 0;

      return rl | rh;
    }

    mul(1, 2);
    var a0 = mul(0x3ffffff, 0x3ffffff);
    mul(0x0, 0x0);
    %OptimizeFunctionOnNextCall(mul);
    var a1 = mul(0x3ffffff, 0x3ffffff);

    print(a0 + ' == ' + a1);

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1350223006

Cr-Commit-Position: refs/heads/master@{#31899}
      461e5b49
  7. 04 Nov, 2015 2 commits
  9. 03 Nov, 2015 1 commit
    • bmeurer's avatar
      [turbofan] Split JSGlobalObjectSpecialization into separate class. · 4eb41ba7
      bmeurer authored 
      The JSNativeContextSpecialization class is getting rather huge with all
the stuff related to property and element access going in. Splitting off
the global object related stuff into JSGlobalObjectSpecialization seems
like a natural separation, especially since the global object
specialization is sort of separate issue anyway.  This is neutral
functionality- and performance-wise.

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1417043006

Cr-Commit-Position: refs/heads/master@{#31748}
      4eb41ba7
  11. 02 Nov, 2015 2 commits
  13. 30 Oct, 2015 1 commit
  15. 28 Oct, 2015 2 commits
  17. 23 Oct, 2015 1 commit
  19. 22 Oct, 2015 1 commit
  21. 21 Oct, 2015 1 commit
    • adamk's avatar
      [es6] Fix scoping for default parameters in arrow functions · 02e4d21f
      adamk authored 
      When eagerly parsing arrow functions, expressions in default
parameter initializers are parsed in the enclosing scope,
rather than in the function's scope (since that scope does not
yet exist). This leads to VariableProxies being added to the
wrong scope, and scope chains for FunctionLiterals being incorrect.

This patch addresses these problems by adding a subclass of
AstExpressionVisitor that moves VariableProxies to the proper
scope and fixes up scope chains of FunctionLiterals.

This is a revert of the revert https://crrev.com/e41614a058426fb6102e4ab2dd4f98997f00c0fc
with a much-improved (though not yet perfect) Scope::ResetOuterScope
method which properly fixes not only the outer_scope_ pointer but also
fixes the inner_scope_ list in the relevant outer_scopes.

More work likely still needs to be done to make this work completely,
but it's very close to correct.

BUG=v8:4395
LOG=y

Review URL: https://codereview.chromium.org/1414283002

Cr-Commit-Position: refs/heads/master@{#31435}
      02e4d21f
  23. 20 Oct, 2015 3 commits
  25. 19 Oct, 2015 1 commit
  27. 17 Oct, 2015 1 commit
    • jarin's avatar
      [turbofan] Redundant branch elimination. · 106aecf2
      jarin authored 
      Removes a branch that checks for a condition that has been checked on dominators of the branch.

This introduces a new reducer that propagates the list of checked conditions (and their boolean values) through the control flow graph. If it encounters a branch checking a condition with a known value, the branch is eliminated.

The analysis relies on loops being reducible: if a condition has been checked on all paths to loop entry, then it is checked in the loop (regardless what of the conditions checked inside the loop).

The implementation is fairly naive and could be improved:

- all the operation on the condition lists could be made allocation-free when revisited.

- we could try to use a map structure rather than a linked list (to make
lookups faster).

- the merging of control flow could be changed to take into account
  conditions from non-dominating paths (as long as all paths check
  the condition).

Review URL: https://codereview.chromium.org/1376293005

Cr-Commit-Position: refs/heads/master@{#31347}
      106aecf2
  29. 13 Oct, 2015 2 commits
  31. 07 Oct, 2015 4 commits
    • mstarzinger's avatar
      [turbofan] Separate JSInliningHeuristic into own class. · 0a6863f0
      mstarzinger authored 
      This separates the core machinery and the heuristics involved with
inlining functions calls. So far the heuristic only respects our
%SetForceInlineFlag hint, but it will the place where general inlining
heuristics can live without impeding clarity of the core machinery.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1391903002

Cr-Commit-Position: refs/heads/master@{#31150}
      0a6863f0
    • bmeurer's avatar
      [turbofan] Add initial support for global specialization. · e16dd13d
      bmeurer authored 
      Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context.  Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.

Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations.  Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n

Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
Cr-Commit-Position: refs/heads/master@{#31139}

Review URL: https://codereview.chromium.org/1387393002

Cr-Commit-Position: refs/heads/master@{#31148}
      e16dd13d
    • bmeurer's avatar
      Revert of [turbofan] Add initial support for global specialization. (patchset... · 84065c5f
      bmeurer authored 
      Revert of [turbofan] Add initial support for global specialization. (patchset #4 id:60001 of https://codereview.chromium.org/1387393002/ )

Reason for revert:
Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960

Original issue's description:
> [turbofan] Add initial support for global specialization.
>
> Introduce a new JSGlobalSpecialization advanced reducer that runs
> during the initial inlining and context specialization, and specializes
> the graph to the globals of the native context.  Currently we assume
> that we do not inline cross native context, but long-term we will grab
> the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
> new global load/store ICs that are currently in the workings), and then
> this whole specialization will be fully compositional even across
> cross-context inlining.
>
> Note that we cannot really handle most of the stores to global object
> property cells because TurboFan doesn't have a mechanism to enforce
> certain representations.  Also note that we cannot yet fully benefit
> from the type feedback collected on the global object property cells,
> because the type system cannot deal with maps in a reasonable way.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
> Cr-Commit-Position: refs/heads/master@{#31139}

TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470

Review URL: https://codereview.chromium.org/1390073004

Cr-Commit-Position: refs/heads/master@{#31144}
      84065c5f
    • bmeurer's avatar
      [turbofan] Add initial support for global specialization. · 6fbf7903
      bmeurer authored 
      Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context.  Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.

Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations.  Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1387393002

Cr-Commit-Position: refs/heads/master@{#31139}
      6fbf7903
  33. 05 Oct, 2015 1 commit
  35. 02 Oct, 2015 3 commits
    • danno's avatar
      Re-reland: Remove register index/code indirection · 5cf1c0bc
      danno authored 
      Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}

Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#31087}
      5cf1c0bc
    • danno's avatar
      Revert of Reland: Remove register index/code indirection (patchset #20... · 00e07b00
      danno authored 
      Revert of Reland: Remove register index/code indirection (patchset #20 id:380001 of https://codereview.chromium.org/1287383003/ )

Reason for revert:
Failures on MIPS

Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
>   so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
>   different platforms is now shared.
> * The list of allocatable registers on each platform is declared
>   as a list rather than implicitly via the register index <->
>   code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}

TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1380863004

Cr-Commit-Position: refs/heads/master@{#31083}
      00e07b00
    • danno's avatar
      Remove register index/code indirection · 7b7a8205
      danno authored 
      Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#31075}
      7b7a8205
  37. 01 Oct, 2015 3 commits
  39. 29 Sep, 2015 1 commit
  41. 28 Sep, 2015 2 commits
  43. 25 Sep, 2015 1 commit
  45. 24 Sep, 2015 2 commits
    • danno's avatar
      Revert of Remove register index/code indirection (patchset #17 id:320001 of... · 3ac27431
      danno authored 
      Revert of Remove register index/code indirection (patchset #17 id:320001 of https://codereview.chromium.org/1287383003/ )

Reason for revert:
Failures on greedy RegAlloc, Fuzzer

Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
>   so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
>   different platforms is now shared.
> * The list of allocatable registers on each platform is declared
>   as a list rather than implicitly via the register index <->
>   code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}

TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1365073002

Cr-Commit-Position: refs/heads/master@{#30914}
      3ac27431
    • danno's avatar
      Remove register index/code indirection · 80bc6f6e
      danno authored 
      Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#30913}
      80bc6f6e
  47. 18 Sep, 2015 1 commit