- 19 Mar, 2019 1 commit
-
-
Benedikt Meurer authored
This change significantly improves the performance of string concatenation in optimized code for the case where the resulting string is represented as a ConsString. On the relevant test cases we go from serializeNaive: 10762 ms. serializeClever: 7813 ms. serializeConcat: 10271 ms. to serializeNaive: 10278 ms. serializeClever: 5533 ms. serializeConcat: 10310 ms. which represents a 30% improvement on the "clever" benchmark, which tests specifically the ConsString creation performance. This was accomplished via a couple of different steps, which are briefly outlined here: 1. The empty_string gets its own map, so that we can easily recognize and handle it appropriately in the TurboFan type system. This allows us to express (and assert) that the inputs to NewConsString are non-empty strings, making sure that TurboFan no longer creates "crippled ConsStrings" with empty left or right hand sides. 2. Further split the existing String types in TurboFan to be able to distinguish between OneByte and TwoByte strings on the type system level. This allows us to avoid having to dynamically lookup the resulting ConsString map in case of ConsString creation (i.e. when we know that both input strings are OneByte strings or at least one of the input strings is TwoByte). 3. We also introduced more finegrained feedback for the Add bytecode in the interpreter, having it collect feedback about ConsStrings, specifically ConsOneByteString and ConsTwoByteString. This feedback can be used by TurboFan to only inline the relevant code for what was seen so far. This allows us to remove the Octane/Splay specific magic in JSTypedLowering to detect ConsString creation, and instead purely rely on the feedback of what was seen so far (also making it possible to change the semantics of NewConsString to be a low-level operator, which is only introduced in SimplifiedLowering by looking at the input types of StringConcat). 4. On top of the before mentioned type and interpreter changes we added new operators CheckNonEmptyString, CheckNonEmptyOneByteString, and CheckNonEmptyTwoByteString, which perform the appropriate (dynamic) checks. There are several more improvements that are possible based on this, but since the change was already quite big, we decided not to put everything into the first change, but do some follow up tweaks to the type system, and builtin optimizations later. Tbr: mstarzinger@chromium.org Bug: v8:8834, v8:8931, v8:8939, v8:8951 Change-Id: Ia24e17c6048bf2b04df966d3cd441f0edda05c93 Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Doc: https://bit.ly/fast-string-concatenation-in-javascript Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499497 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#60318}
-
- 02 Jan, 2019 1 commit
-
-
Clemens Hammacher authored
Apart from being more in-line with the style guide, this allows to use DEFINE_LAZY_LEAKY_OBJECT_GETTER for defining {TypeCache::Get}. R=tebbi@chromium.org Bug: v8:8562 Change-Id: I016b28624950ce9404180fc1ca1a232551f75cd0 Reviewed-on: https://chromium-review.googlesource.com/c/1392201Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58500}
-
- 11 Dec, 2018 1 commit
-
-
Benedikt Meurer authored
The typing of SpeculativeSafeIntegerSubtract didn't include -0, and the SimplifiedLowering rules for SpeculativeSafeIntegerSubtract didn't properly handle the case of `-0 - 0`, but would always pass Word32 truncations. Bug: chromium:913296 Change-Id: I0e5a401f075db8b349a5579e1e294df97378ea49 Reviewed-on: https://chromium-review.googlesource.com/c/1370042Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#58147}
-
- 21 Nov, 2018 1 commit
-
-
Benedikt Meurer authored
This is a reland of 585b4eef without any changes. Original change's description: > [turbofan] Improve NumberMultiply typing rule. > > The NumberMultiply typing rule gave up in the presence of NaN inputs, > but we can still infer useful ranges here and just union the result > of that with the NaN propagation (similar for MinusZero propagation). > This way we can still makes sense of these ranges at the uses. > > Bug: v8:8015 > Change-Id: Ic4c5e8edc6c68776ff3baca9628ad7de0f8e2a92 > Reviewed-on: https://chromium-review.googlesource.com/c/1261143 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#56539} Tbr: bmeurer@chromium.org Bug: v8:8015 Change-Id: I32e5c2f439a1186891ca3393ee53a2a766585839 Reviewed-on: https://chromium-review.googlesource.com/c/1345993Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#57664}
-
- 19 Nov, 2018 1 commit
-
-
Georg Neis authored
This reverts commit 585b4eef. Reason for revert: Speculative, crbug 906567. Original change's description: > [turbofan] Improve NumberMultiply typing rule. > > The NumberMultiply typing rule gave up in the presence of NaN inputs, > but we can still infer useful ranges here and just union the result > of that with the NaN propagation (similar for MinusZero propagation). > This way we can still makes sense of these ranges at the uses. > > Bug: v8:8015 > Change-Id: Ic4c5e8edc6c68776ff3baca9628ad7de0f8e2a92 > Reviewed-on: https://chromium-review.googlesource.com/c/1261143 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#56539} TBR=sigurds@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:8015 Change-Id: I3c652bafbbc0e5d1ad4ff288264fd4f4cbf71330 Reviewed-on: https://chromium-review.googlesource.com/c/1340253Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#57602}
-
- 29 Oct, 2018 1 commit
-
-
Benedikt Meurer authored
This introduces Word64 support for the CheckBounds operator, which now lowers to either CheckedUint32Bounds or CheckedUint64Bounds after the representation selection. The right hand side of CheckBounds can now be any positive safe integer on 64-bit architectures, whereas it remains Unsigned31 for 32-bit architectures. We only use the extended Word64 support when the right hand side is outside the Unsigned31 range, so for everything except DataViews this means that the performance should remain the same. The typing rule for the CheckBounds operator was updated to reflect this new behavior. The CheckBounds with a right hand side outside the Unsigned31 range will pass a new Signed64 feedback kind, which is handled with newly introduced CheckedFloat64ToInt64 and CheckedTaggedToInt64 operators in representation selection. The JSCallReducer lowering for DataView getType()/setType() methods was updated to not smi-check the [[ByteLength]] and [[ByteOffset]] anymore, but instead just use the raw uintptr_t values and operate on any value (for 64-bit architectures these fields can hold any positive safe integer, for 32-bit architectures it's limited to Unsigned31 range as before). This means that V8 can now handle huge DataViews fully, without falling off a performance cliff. This refactoring even gave us some performance improvements, on a simple micro-benchmark just exercising different DataView accesses we go from testDataViewGetUint8: 796 ms. testDataViewGetUint16: 997 ms. testDataViewGetInt32: 994 ms. testDataViewGetFloat64: 997 ms. to testDataViewGetUint8: 895 ms. testDataViewGetUint16: 889 ms. testDataViewGetInt32: 888 ms. testDataViewGetFloat64: 890 ms. meaning we lost around 10% on the single byte case, but gained 10% across the board for all the other element sizes. Design-Document: http://bit.ly/turbofan-word64 Bug: chromium:225811, v8:4153, v8:7881, v8:8171, v8:8383 Change-Id: Ic9d1bf152e47802c04dcfd679372e5c85e4abc83 Reviewed-on: https://chromium-review.googlesource.com/c/1303732Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#57095}
-
- 15 Oct, 2018 1 commit
-
-
Georg Neis authored
There's no ambiguity and the shorter name makes things easier to read. Bug: v8:7790 Change-Id: Ibcf3fd7f38a91e26a83cd335fad0ec80a5fe9be1 Reviewed-on: https://chromium-review.googlesource.com/c/1278392 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#56623}
-
- 10 Oct, 2018 1 commit
-
-
Benedikt Meurer authored
The NumberMultiply typing rule gave up in the presence of NaN inputs, but we can still infer useful ranges here and just union the result of that with the NaN propagation (similar for MinusZero propagation). This way we can still makes sense of these ranges at the uses. Bug: v8:8015 Change-Id: Ic4c5e8edc6c68776ff3baca9628ad7de0f8e2a92 Reviewed-on: https://chromium-review.googlesource.com/c/1261143 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#56539}
-
- 25 Sep, 2018 2 commits
-
-
Georg Neis authored
This is just a cleanup. Bug: v8:7790 Change-Id: Ic0114451159b8c504f527f3cf3bdaed6a8cc8741 Reviewed-on: https://chromium-review.googlesource.com/1243103 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#56206}
-
Georg Neis authored
... if FLAG_concurrent_compiler_frontend is enabled. Bug: v8:7790 Change-Id: I448560b21d54c8907e8cbf68bdaf8bbdf2b034df Reviewed-on: https://chromium-review.googlesource.com/1241959Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56205}
-
- 07 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
The CheckBounds operator was missing from the re-typing phase during representation selection, meaning that even if better type information was available on the inputs (i.e. due to taking feedback), this new type information was not propagated through CheckBounds properly. Bug: v8:8015 Change-Id: I503555e041c9fa2b9b27a28d223202d17b27a92e Reviewed-on: https://chromium-review.googlesource.com/1212963Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55706}
-
- 05 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
The Math.expm1() function can actually return -0, for example in the case that -0 is passed to it. Bug: chromium:880207 Change-Id: If3a7a3a1fb6a18075ba0d7816687dfd831ebe293 Reviewed-on: https://chromium-review.googlesource.com/1205072Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55657}
-
- 03 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
The previous typing rules for ToNumeric and ToNumber didn't match on the NonBigIntPrimitive input set, which causes trouble when we morph ToNumeric nodes into ToNumber nodes, and generally lead to worse typings in the graph, and thus worse code generation. This change improves the existing typing rules and turns ToNumber into a chokepoint again. Bug: chromium:879898, v8:8015 Change-Id: I4a7ff0e9c420c5dcfdb2b96884e019a5943828a4 Reviewed-on: https://chromium-review.googlesource.com/1201522Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55595}
-
- 02 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
The typing rules for NumberMax and NumberMin didn't properly deal with -0 up until now, leading to suboptimal typing, i.e. for a simple case like Math.max(Math.round(x), 1) TurboFan was unable to figure out that the result is definitely going to be a positive integer in the range [1,inf] or NaN (assuming that NumberOrOddball feedback is used for the value x). Bug: v8:8015 Change-Id: I06e14a9c9b0b813eb214ace7749fcc6ab36bb66a Reviewed-on: https://chromium-review.googlesource.com/1199304 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#55570}
-
- 23 Jul, 2018 2 commits
-
-
Georg Neis authored
We'll soon start collecting data from the JS heap prior to the typed lowering pass, and then refrain from reading the heap in that pass. This CL prepares the broker machinery by introducing a hash table that maps an object (handle) to the corresponding cached data. For the time being, that cached data is essentially just the handle itself. Bug: v8:7790 Change-Id: I830e9c72faafb7ae1d10e8a111636b3a3762bbc6 Reviewed-on: https://chromium-review.googlesource.com/1143405 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54618}
-
Sigurd Schneider authored
This is a reland of 9eca23e9 Adds a deopt continuation, which fixes JavaScript stack traces to contain the number constructor after inlining. Original change's description: > [turbofan] Inline Number constructor in certain cases > > This CL adds inlining for the Number constructor if new.target is not > present. The lowering is BigInt compatible, i.e. it converts BigInts to > numbers. > > Bug: v8:7904 > Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82 > Reviewed-on: https://chromium-review.googlesource.com/1118557 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54454} Bug: v8:7904 Change-Id: Ic416e5ba81fa3a0f59ae4afa80df83c46a759487 Reviewed-on: https://chromium-review.googlesource.com/1146581 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#54609}
-
- 19 Jul, 2018 1 commit
-
-
Sigurd Schneider authored
This reverts commit 9eca23e9. Reason for revert: Clusterfuzz correctness issue Original change's description: > [turbofan] Inline Number constructor in certain cases > > This CL adds inlining for the Number constructor if new.target is not > present. The lowering is BigInt compatible, i.e. it converts BigInts to > numbers. > > Bug: v8:7904 > Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82 > Reviewed-on: https://chromium-review.googlesource.com/1118557 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54454} TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7904 Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86 Reviewed-on: https://chromium-review.googlesource.com/1142777Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#54544}
-
- 16 Jul, 2018 1 commit
-
-
Sigurd Schneider authored
This CL adds inlining for the Number constructor if new.target is not present. The lowering is BigInt compatible, i.e. it converts BigInts to numbers. Bug: v8:7904 Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82 Reviewed-on: https://chromium-review.googlesource.com/1118557 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54454}
-
- 07 Jun, 2018 1 commit
-
-
Jaroslav Sevcik authored
As a first step towards moving accesses to the broker, this moves heap accesses from BitsetType::Lub to the broker. Bug: v8:7790 Change-Id: Ie240b84b979717caae42cb8aa06ee8d9877a446d Reviewed-on: https://chromium-review.googlesource.com/1088695 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53571}
-
- 25 May, 2018 1 commit
-
-
Dan Elphick authored
Modifies several Type:: methods to take an Isolate to pass through to BitSetType::Lub as well as their call sites. Bug: v8:7786 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I9ac769c4c658995421fd28b9b1d77d6f84627116 Reviewed-on: https://chromium-review.googlesource.com/1071515 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#53362}
-
- 08 May, 2018 1 commit
-
-
Jaroslav Sevcik authored
This CL introduces type narrowing and constant folding reducers to constant fold code that comes out of inlined destructuring of arrays. In particular, array iterator introduces code that contains a phi of a temporary array that blocks escape analysis. The phi comes from conditional that can be evaluated statically (i.e., constant folded), so with better constant folding we allow escape analysis to get rid of the temporary array. On a quick micro-benchmark below, we see more than 6x improvement. This is close to the hand-optimized version - if we replace body of f with 'return b + a', we get 220ms (versus 218ms with destructuring). function f(a, b) { [b, a] = [a, b]; return a + b; } function sum(count) { let s = 0; for (let i = 0; i < count; i++) { s += f(1, 2); } return s; } // Warm up sum(1e5); sum(1e5); console.time("destructure array"); sum(1e8); console.timeEnd("destructure array"); console.timeEnd: destructure array, 213.526000 console.timeEnd: destructure array, 1503.537000 Bug: v8:7728 Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5 Reviewed-on: https://chromium-review.googlesource.com/1047672Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53048}
-
- 30 Apr, 2018 1 commit
-
-
Jaroslav Sevcik authored
This removes Type::operator-> which was used to split the change that removed undefined misuse of Type* to represent integers. Bug: v8:3770 Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99 Reviewed-on: https://chromium-review.googlesource.com/1033736Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#52878}
-
- 28 Apr, 2018 1 commit
-
-
Jaroslav Sevcik authored
This is part of the effort to decrease the amount of undefined behavior. that v8 relies on. The main change here is to represent types with class Type rather than with pointer Type*. To make the CL smaller, I used an operator overload hack to separate the change from `->` to `.`. I am working on a CL that will remove the operator and change all those arrows to dots. Bug: v8:3770 Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22 Reviewed-on: https://chromium-review.googlesource.com/1032551 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52872}
-
- 09 Apr, 2018 1 commit
-
-
Jakob Kummerow authored
There is no good reason to have the meat of most objects' initialization logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead, this CL changes the protocol between Heap and Factory to be AllocateRaw, and all object initialization work after (possibly retried) successful raw allocation happens in the Factory. This saves about 20KB of binary size on x64. Original review: https://chromium-review.googlesource.com/c/v8/v8/+/959533 Originally landed as r52416 / f9a2e24b Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Id072cbe6b3ed30afd339c7e502844b99ca12a647 Reviewed-on: https://chromium-review.googlesource.com/1000540 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52492}
-
- 06 Apr, 2018 2 commits
-
-
Michael Achenbach authored
This reverts commit f9a2e24b. Reason for revert: gc stress failures not all fixed by follow up. Original change's description: > [cleanup] Refactor the Factory > > There is no good reason to have the meat of most objects' initialization > logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead, > this CL changes the protocol between Heap and Factory to be AllocateRaw, > and all object initialization work after (possibly retried) successful > raw allocation happens in the Factory. > > This saves about 20KB of binary size on x64. > > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca > Reviewed-on: https://chromium-review.googlesource.com/959533 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52416} TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f No-Presubmit: true No-Tree-Checks: true No-Try: true Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Reviewed-on: https://chromium-review.googlesource.com/999414Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52420}
-
Jakob Kummerow authored
There is no good reason to have the meat of most objects' initialization logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead, this CL changes the protocol between Heap and Factory to be AllocateRaw, and all object initialization work after (possibly retried) successful raw allocation happens in the Factory. This saves about 20KB of binary size on x64. Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca Reviewed-on: https://chromium-review.googlesource.com/959533 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52416}
-
- 15 Mar, 2018 1 commit
-
-
Benedikt Meurer authored
TurboFan assumed that the output of NumberToString is always a sequential string, since that's what we put into the number to string table. However we might eventually morph these strings into ThinStrings when we need to internalize them, in which case the type in TurboFan will be wrong, and we read out of bounds. Also-By: tebbi@chromium.org Bug: chromium:822284 Change-Id: I5aebe73028b95849fff72bba262c517677112353 Reviewed-on: https://chromium-review.googlesource.com/964523 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#51970}
-
- 23 Jan, 2018 1 commit
-
-
Georg Neis authored
It must be monotone. R=bmeurer@chromium.org Bug: v8:7354 Change-Id: I08dcd3333518029eef08c074c2b91b5c20ad699e Reviewed-on: https://chromium-review.googlesource.com/880982Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#50801}
-
- 17 Jan, 2018 1 commit
-
-
Benedikt Meurer authored
This adds a new simplified operator NumberToString, which just lowers to a call to the NumberToString builtin, and hooks that up to the typed lowering (addressing a long-standing TODO). Drive-by-fix: Also remove the %NumberToString runtime entry, and just always use the %NumberToStringSkipCache entry from CSA, since we only go there if the cache lookup already failed. Bug: v8:5267, v8:7109 Change-Id: I5ca698c98679653813088a404f1fd38903a73c0e Reviewed-on: https://chromium-review.googlesource.com/779099 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#50636}
-
- 28 Nov, 2017 3 commits
-
-
Benedikt Meurer authored
This extends the typing rule for NumberTrunc to deal with general number inputs properly, thus addressing a long-standing TODO. We also add test cases to ensure that the typing rule gets the corner cases for NaN and -0 right. Bug: v8:5267, v8:7109 Change-Id: Iedc541a0f4619f37da37ea36940f92472034cdf2 Reviewed-on: https://chromium-review.googlesource.com/792932Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49652}
-
Benedikt Meurer authored
This extends the typing rule for NumberRound to deal with general number inputs properly, thus addressing a long-standing TODO. We also add test cases to ensure that the typing rule gets the corner cases for NaN and -0 right. Bug: v8:5267, v8:7109 Change-Id: Ia865ec1d6f8d96f20641bee96891740a9fc6e627 Reviewed-on: https://chromium-review.googlesource.com/792931Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49651}
-
Benedikt Meurer authored
This extends the typing rule for NumberCeil to deal with general number inputs properly, thus addressing a long-standing TODO. We also add test cases to ensure that the typing rule gets the corner cases for NaN and -0 right. Bug: v8:5267, v8:7109 Change-Id: I9154e47e58ad106791613db0030051f2a802a981 Reviewed-on: https://chromium-review.googlesource.com/792930Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49650}
-
- 23 Nov, 2017 1 commit
-
-
Georg Neis authored
The typer's ToNumber (and thus ToInteger etc.) returns type None when the input type is BigInt, but we weren't quite ready for that in a few places. R=jarin@chromium.org Bug: v8:7121 Change-Id: Ib12c726338f1ec3dfb9ba5cf54b00cc8d1351a89 Reviewed-on: https://chromium-review.googlesource.com/785130 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49604}
-
- 21 Nov, 2017 1 commit
-
-
Georg Neis authored
TBR: rmcilroy@chromium.org Bug: v8:6791 Change-Id: I4ac2bdce353d987a2fe45149d8556b6591569a01 Reviewed-on: https://chromium-review.googlesource.com/771191 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49528}
-
- 16 Nov, 2017 1 commit
-
-
Tobias Tebbi authored
Bug: Change-Id: Ibd7c17b4ace25237c3d35466280aff27c44016f0 Reviewed-on: https://chromium-review.googlesource.com/774461Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#49427}
-
- 15 Nov, 2017 1 commit
-
-
Georg Neis authored
They can no longer return nan. They basically intersect their argument type with Type::OrderedNumber before analysing it. Never call them on Type::NaN. Bug: Change-Id: I7e7b46aa9fcde4f2644b81b3a34e76b092f633a4 Reviewed-on: https://chromium-review.googlesource.com/763410 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49375}
-
- 14 Nov, 2017 1 commit
-
-
Georg Neis authored
R=jarin@chromium.org Bug: v8:6791 Change-Id: I8519d0a9afdb457398ff428d0d3ec0734306052b Reviewed-on: https://chromium-review.googlesource.com/765947Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#49342}
-
- 10 Nov, 2017 1 commit
-
-
Georg Neis authored
There were some places left where that could happen. Bug: chromium:782754 Change-Id: I1db1f5b361cdf443b730a220c0e569ad48dd298d Reviewed-on: https://chromium-review.googlesource.com/758841Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#49283}
-
- 09 Nov, 2017 1 commit
-
-
Georg Neis authored
I made a mistake in yesterday's cleanup. R=jarin@chromium.org Bug: chromium:783051 Change-Id: Iabd7403096197ce8e54d46e079bc9a70aa98578d Reviewed-on: https://chromium-review.googlesource.com/758765 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49266}
-
- 08 Nov, 2017 1 commit
-
-
Georg Neis authored
They have been meaning the same thing for a while now. R=jarin@chromium.org Bug: Change-Id: Ie5988e6429b795babfa1e1f79841a9f03b8362dc Reviewed-on: https://chromium-review.googlesource.com/758268 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49228}
-