1. 19 Mar, 2019 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Significantly improve ConsString creation performance. · d6a60a0e
      Benedikt Meurer authored
      This change significantly improves the performance of string
      concatenation in optimized code for the case where the resulting string
      is represented as a ConsString. On the relevant test cases we go from
      
        serializeNaive: 10762 ms.
        serializeClever: 7813 ms.
        serializeConcat: 10271 ms.
      
      to
      
        serializeNaive: 10278 ms.
        serializeClever: 5533 ms.
        serializeConcat: 10310 ms.
      
      which represents a 30% improvement on the "clever" benchmark, which
      tests specifically the ConsString creation performance.
      
      This was accomplished via a couple of different steps, which are briefly
      outlined here:
      
        1. The empty_string gets its own map, so that we can easily recognize
           and handle it appropriately in the TurboFan type system. This
           allows us to express (and assert) that the inputs to NewConsString
           are non-empty strings, making sure that TurboFan no longer creates
           "crippled ConsStrings" with empty left or right hand sides.
        2. Further split the existing String types in TurboFan to be able to
           distinguish between OneByte and TwoByte strings on the type system
           level. This allows us to avoid having to dynamically lookup the
           resulting ConsString map in case of ConsString creation (i.e. when
           we know that both input strings are OneByte strings or at least
           one of the input strings is TwoByte).
        3. We also introduced more finegrained feedback for the Add bytecode
           in the interpreter, having it collect feedback about ConsStrings,
           specifically ConsOneByteString and ConsTwoByteString. This feedback
           can be used by TurboFan to only inline the relevant code for what
           was seen so far. This allows us to remove the Octane/Splay specific
           magic in JSTypedLowering to detect ConsString creation, and instead
           purely rely on the feedback of what was seen so far (also making it
           possible to change the semantics of NewConsString to be a low-level
           operator, which is only introduced in SimplifiedLowering by looking
           at the input types of StringConcat).
        4. On top of the before mentioned type and interpreter changes we added
           new operators CheckNonEmptyString, CheckNonEmptyOneByteString, and
           CheckNonEmptyTwoByteString, which perform the appropriate (dynamic)
           checks.
      
      There are several more improvements that are possible based on this, but
      since the change was already quite big, we decided not to put everything
      into the first change, but do some follow up tweaks to the type system,
      and builtin optimizations later.
      
      Tbr: mstarzinger@chromium.org
      Bug: v8:8834, v8:8931, v8:8939, v8:8951
      Change-Id: Ia24e17c6048bf2b04df966d3cd441f0edda05c93
      Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
      Doc: https://bit.ly/fast-string-concatenation-in-javascript
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499497
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#60318}
      d6a60a0e
  2. 02 Jan, 2019 1 commit
  3. 11 Dec, 2018 1 commit
  4. 21 Nov, 2018 1 commit
  5. 19 Nov, 2018 1 commit
    • Georg Neis's avatar
      Revert "[turbofan] Improve NumberMultiply typing rule." · 858fc3f6
      Georg Neis authored
      This reverts commit 585b4eef.
      
      Reason for revert: Speculative, crbug 906567.
      
      Original change's description:
      > [turbofan] Improve NumberMultiply typing rule.
      > 
      > The NumberMultiply typing rule gave up in the presence of NaN inputs,
      > but we can still infer useful ranges here and just union the result
      > of that with the NaN propagation (similar for MinusZero propagation).
      > This way we can still makes sense of these ranges at the uses.
      > 
      > Bug: v8:8015
      > Change-Id: Ic4c5e8edc6c68776ff3baca9628ad7de0f8e2a92
      > Reviewed-on: https://chromium-review.googlesource.com/c/1261143
      > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#56539}
      
      TBR=sigurds@chromium.org,bmeurer@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:8015
      Change-Id: I3c652bafbbc0e5d1ad4ff288264fd4f4cbf71330
      Reviewed-on: https://chromium-review.googlesource.com/c/1340253Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Georg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#57602}
      858fc3f6
  6. 29 Oct, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Add support for huge DataViews. · 15c31fe4
      Benedikt Meurer authored
      This introduces Word64 support for the CheckBounds operator, which now
      lowers to either CheckedUint32Bounds or CheckedUint64Bounds after the
      representation selection. The right hand side of CheckBounds can now
      be any positive safe integer on 64-bit architectures, whereas it remains
      Unsigned31 for 32-bit architectures. We only use the extended Word64
      support when the right hand side is outside the Unsigned31 range, so
      for everything except DataViews this means that the performance should
      remain the same. The typing rule for the CheckBounds operator was
      updated to reflect this new behavior.
      
      The CheckBounds with a right hand side outside the Unsigned31 range will
      pass a new Signed64 feedback kind, which is handled with newly introduced
      CheckedFloat64ToInt64 and CheckedTaggedToInt64 operators in representation
      selection.
      
      The JSCallReducer lowering for DataView getType()/setType() methods was
      updated to not smi-check the [[ByteLength]] and [[ByteOffset]] anymore,
      but instead just use the raw uintptr_t values and operate on any value
      (for 64-bit architectures these fields can hold any positive safe
      integer, for 32-bit architectures it's limited to Unsigned31 range as
      before). This means that V8 can now handle huge DataViews fully, without
      falling off a performance cliff.
      
      This refactoring even gave us some performance improvements, on a simple
      micro-benchmark just exercising different DataView accesses we go from
      
        testDataViewGetUint8: 796 ms.
        testDataViewGetUint16: 997 ms.
        testDataViewGetInt32: 994 ms.
        testDataViewGetFloat64: 997 ms.
      
      to
      
        testDataViewGetUint8: 895 ms.
        testDataViewGetUint16: 889 ms.
        testDataViewGetInt32: 888 ms.
        testDataViewGetFloat64: 890 ms.
      
      meaning we lost around 10% on the single byte case, but gained 10% across
      the board for all the other element sizes.
      
      Design-Document: http://bit.ly/turbofan-word64
      Bug: chromium:225811, v8:4153, v8:7881, v8:8171, v8:8383
      Change-Id: Ic9d1bf152e47802c04dcfd679372e5c85e4abc83
      Reviewed-on: https://chromium-review.googlesource.com/c/1303732Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#57095}
      15c31fe4
  7. 15 Oct, 2018 1 commit
  8. 10 Oct, 2018 1 commit
  9. 25 Sep, 2018 2 commits
  10. 07 Sep, 2018 1 commit
  11. 05 Sep, 2018 1 commit
  12. 03 Sep, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Improve typing of ToNumeric and ToNumber. · b8981122
      Benedikt Meurer authored
      The previous typing rules for ToNumeric and ToNumber didn't match on the
      NonBigIntPrimitive input set, which causes trouble when we morph ToNumeric
      nodes into ToNumber nodes, and generally lead to worse typings in the
      graph, and thus worse code generation. This change improves the existing
      typing rules and turns ToNumber into a chokepoint again.
      
      Bug: chromium:879898, v8:8015
      Change-Id: I4a7ff0e9c420c5dcfdb2b96884e019a5943828a4
      Reviewed-on: https://chromium-review.googlesource.com/1201522Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55595}
      b8981122
  13. 02 Sep, 2018 1 commit
  14. 23 Jul, 2018 2 commits
  15. 19 Jul, 2018 1 commit
    • Sigurd Schneider's avatar
      Revert "[turbofan] Inline Number constructor in certain cases" · c7a9af61
      Sigurd Schneider authored
      This reverts commit 9eca23e9.
      
      Reason for revert: Clusterfuzz correctness issue
      
      Original change's description:
      > [turbofan] Inline Number constructor in certain cases
      > 
      > This CL adds inlining for the Number constructor if new.target is not
      > present. The lowering is BigInt compatible, i.e. it converts BigInts to
      > numbers.
      > 
      > Bug: v8:7904
      > Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
      > Reviewed-on: https://chromium-review.googlesource.com/1118557
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54454}
      
      TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:7904
      Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86
      Reviewed-on: https://chromium-review.googlesource.com/1142777Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54544}
      c7a9af61
  16. 16 Jul, 2018 1 commit
  17. 07 Jun, 2018 1 commit
  18. 25 May, 2018 1 commit
  19. 08 May, 2018 1 commit
    • Jaroslav Sevcik's avatar
      [turbofan] Optimize array destructuring · 3fe7d698
      Jaroslav Sevcik authored
      This CL introduces type narrowing and constant folding reducers
      to constant fold code that comes out of inlined destructuring
      of arrays. In particular, array iterator introduces code that
      contains a phi of a temporary array that blocks escape analysis.
      The phi comes from conditional that can be evaluated statically
      (i.e., constant folded), so with better constant folding we
      allow escape analysis to get rid of the temporary array.
      
      On a quick micro-benchmark below, we see more than 6x improvement.
      This is close to the hand-optimized version - if we replace
      body of f with 'return b + a', we get 220ms (versus 218ms with
      destructuring).
      
      function f(a, b) {
        [b, a] = [a, b];
        return a + b;
      }
      
      function sum(count) {
        let s = 0;
        for (let i = 0; i < count; i++) {
          s += f(1, 2);
        }
        return s;
      }
      
      // Warm up
      sum(1e5); sum(1e5);
      console.time("destructure array");
      sum(1e8);
      console.timeEnd("destructure array");
      
      console.timeEnd: destructure array, 213.526000
      
      console.timeEnd: destructure array, 1503.537000
      
      Bug: v8:7728
      Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5
      Reviewed-on: https://chromium-review.googlesource.com/1047672Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#53048}
      3fe7d698
  20. 30 Apr, 2018 1 commit
  21. 28 Apr, 2018 1 commit
  22. 09 Apr, 2018 1 commit
  23. 06 Apr, 2018 2 commits
    • Michael Achenbach's avatar
      Revert "[cleanup] Refactor the Factory" · 503e07c3
      Michael Achenbach authored
      This reverts commit f9a2e24b.
      
      Reason for revert: gc stress failures not all fixed by follow up.
      
      Original change's description:
      > [cleanup] Refactor the Factory
      > 
      > There is no good reason to have the meat of most objects' initialization
      > logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
      > this CL changes the protocol between Heap and Factory to be AllocateRaw,
      > and all object initialization work after (possibly retried) successful
      > raw allocation happens in the Factory.
      > 
      > This saves about 20KB of binary size on x64.
      > 
      > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      > Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
      > Reviewed-on: https://chromium-review.googlesource.com/959533
      > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52416}
      
      TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
      
      Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/999414Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52420}
      503e07c3
    • Jakob Kummerow's avatar
      [cleanup] Refactor the Factory · f9a2e24b
      Jakob Kummerow authored
      There is no good reason to have the meat of most objects' initialization
      logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
      this CL changes the protocol between Heap and Factory to be AllocateRaw,
      and all object initialization work after (possibly retried) successful
      raw allocation happens in the Factory.
      
      This saves about 20KB of binary size on x64.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
      Reviewed-on: https://chromium-review.googlesource.com/959533
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52416}
      f9a2e24b
  24. 15 Mar, 2018 1 commit
  25. 23 Jan, 2018 1 commit
  26. 17 Jan, 2018 1 commit
    • Benedikt Meurer's avatar
      [turbofan] Introduce NumberToString operator. · 02dbef14
      Benedikt Meurer authored
      This adds a new simplified operator NumberToString, which just lowers to
      a call to the NumberToString builtin, and hooks that up to the typed
      lowering (addressing a long-standing TODO).
      
      Drive-by-fix: Also remove the %NumberToString runtime entry, and just
      always use the %NumberToStringSkipCache entry from CSA, since we only
      go there if the cache lookup already failed.
      
      Bug: v8:5267, v8:7109
      Change-Id: I5ca698c98679653813088a404f1fd38903a73c0e
      Reviewed-on: https://chromium-review.googlesource.com/779099
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#50636}
      02dbef14
  27. 28 Nov, 2017 3 commits
  28. 23 Nov, 2017 1 commit
  29. 21 Nov, 2017 1 commit
  30. 16 Nov, 2017 1 commit
  31. 15 Nov, 2017 1 commit
  32. 14 Nov, 2017 1 commit
  33. 10 Nov, 2017 1 commit
  34. 09 Nov, 2017 1 commit
  35. 08 Nov, 2017 1 commit