Change-Id: I8ae417b5f3bd2e19bbddc841bcd99044b8d14467
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485090
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70727}
This reverts commit 757f043130.
Reason for revert: Suspected for a roll failure at https://chromium-review.googlesource.com/c/chromium/src/+/2490026
Original change's description:
> [wasm] Enable --wasm-opt
>
> This CL enables basic optimizations in TurboFan for WebAssembly code,
> like dead code elimination (DeadCodeElimination), constant folding
> (MachineOperatorReducer), and control flow optimizations
> (CommonOperatorReducer).
>
> These optimizations were disabled originally to improve startup time,
> at the expense of slower generated code. However, with Liftoff as the
> baseline compiler, startup time is not so important anymore for
> TurboFan.
>
> R=clemensb@chromium.org
> CC=manoskouk@chromium.org
>
> Change-Id: I2a81f66929c43fbbdfc3625359772c8ea0f2235f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488684
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70691}
TBR=ahaas@chromium.org,clemensb@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: If4cc504cec6bdc4a4cc1d7178003199e99bb66c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494700
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70725}
This CL can improve the performance of below microbench by ~40%.
// touch worker.js in shell is needed
let json_obj = ${content of v8_trace.json};
let worker = new Worker("worker.js");
let start = performance.now();
for (let i = 0; i < 1e5; i++) {
worker.postMessage(json_obj);
}
console.log(performance.now() - start;
Change-Id: I69b40e4d7e0b49ab90c01c21c5d03b02e292d246
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489329
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/master@{#70723}
The register that holds the {new_value} for the AtomicCompareExchange8U
has to be a byte register on ia32. There was code to guarantee that, but
after that code there was code that frees the {eax} register, and that
code moved the {new_value} to a different register again. With this CL
we first free {eax}, and then find a byte register for the {new_value}.
R=clemensb@chromium.org
Bug: chromium:1140549
Change-Id: I1679f3f9ab26c5416ea251c7925366ff43336d85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491031
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70721}
Port ba5646046b
Original Commit Message:
The uint32_t type can easily be confused with the memory offsets that
are currently 32 bit and will become 64 bit with the memory64 proposal.
Since the offsets into the instance are always small anyway, the type of
the integer does not really matter, and we should stick to the default
'int'.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Icfc3b4172984c81355ca4b69b67433892cca7408
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491107
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70720}
This reverts half of commit 8f0ab47101.
Reason for revert: some performance regressions, possibly due
to 'leave' needing MSROM on some microarchitectures.
The half that is not reverted is the removal of 'enter'.
Original change's description:
> [ia32,x64] Make more use of the 'leave' instruction
>
> It is a little shorter and cheaper[1] than the equivalent
> "mov sp,bp; pop bp".
>
> Also remove support for the 'enter' instruction, since
> - it is unused,
> - it is neither shorter nor cheaper than the corresponding
> push and mov (in fact more expensive[1]), and
> - our disassembler doesn't support it.
>
> [1] See https://www.agner.org/optimize/instruction_tables.pdf
>
> Change-Id: I6c99c2f3e53081aea55445a54e18eaf45baa79c2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482822
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70660}
TBR=neis@chromium.org,victorgomes@chromium.org
Bug: chromium:1141069
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I5c9ad64ee06b71c93eff256044ce49d1523737fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492327
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70718}
This reverts commit 90ea9b35cb.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20-%20debug/31274?
Original change's description:
> cppgc: Port backing store compaction.
>
> This CL ports the existing backing store compaction algorithm from
> blink. It does not attempt to improve on the existing algorithm.
>
> Currently only unified heap uses the compaction implementation. It is
> never triggered through standalone GCs.
>
> The compaction implementation resides within an internal "subtle" namespace.
>
> Bug: v8:10990
> Change-Id: I4aa781db1b711e7aafc34234c4fb142de84394d7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485228
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70714}
TBR=mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
Change-Id: Iadae1ee0c6c0400f0e1a0a3805be5316a1d4b979
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10990
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492330
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70716}
This CL ports the existing backing store compaction algorithm from
blink. It does not attempt to improve on the existing algorithm.
Currently only unified heap uses the compaction implementation. It is
never triggered through standalone GCs.
The compaction implementation resides within an internal "subtle" namespace.
Bug: v8:10990
Change-Id: I4aa781db1b711e7aafc34234c4fb142de84394d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485228
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70714}
The uint32_t type can easily be confused with the memory offsets that
are currently 32 bit and will become 64 bit with the memory64 proposal.
Since the offsets into the instance are always small anyway, the type of
the integer does not really matter, and we should stick to the default
'int'.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I742334483bbc80c4cc03f40f046b5d2d3b17d1d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489691
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70712}
This CL adds TraceWeakContainer and VisitWeakContainer to the Visitor
api. It also introduces the weak_container_worklist_ used to force
re-tracing of weak containers that are reachable from stack.
Bug: chromium:1056170
Change-Id: I4ba75bd64939b8df9ece7422828a5ac647b03fd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491022
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70708}
Measure time from requesting GC on background thread until the main
thread starts the collection. Also add trace event for the GC on the
background thread.
Bug: v8:10315
Change-Id: I765ce0df8a1c31e4f64661ea8dc0b6a4685a3132
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489681
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70707}
Since JS arguments are always reversed now (https://crrev.com/c/2466116), the logic for skipping the arguments adapter is dead.
It has been subsumed by the complete removal of the adaptor frame (https://crrev.com/c/2440098).
Doc: bit.ly/v8-faster-calls-with-arguments-mismatch
Change-Id: Ia02e0807b7d23a9de371650fa6357113e409d338
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489684
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70704}
This is a reland of 517a306933
Original change's description:
> [ic] Append deprecated maps after appending new map
>
> Previously, we would append the deprecated maps and then append the
> new valid map causing minimorphic map checks to miss this new map in
> the case that we exceeded the FLAG_max_minimorphic_map_checks size.
>
> Bug: v8:10582
> Change-Id: Ie3d7da73f7bdbdd822241fae7879817889a72b43
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484513
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70676}
Bug: v8:10582
Change-Id: Ie951f364406063becb659a0151093e6c9f69e0f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491283
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70703}
The Cobalt project has its own Starboard equivalent of libc APIs like
`malloc` and `free`. This CL introduces the wrappers for some libc
functions. In followup CLs, for example occurences of malloc will all
be replaced by base::Malloc in V8.
See b/156155426 for more information.
Bug: v8:10927
Change-Id: Ida3d161a1da56755b681e18b4827e277e6cb4c4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416150
Commit-Queue: John Xu <johnx@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: John Xu <johnx@google.com>
Cr-Commit-Position: refs/heads/master@{#70702}
No major functional changes in this CL, mostly it moves code around
to make follow-up CLs less messy.
- Document Code layout.
- New concepts: 'body' and 'metadata' areas of Code objects. The
metadata area contains metadata tables, the body area includes
both instructions and metadata (this is currently the 'instructions'
area). Add accessors for these new areas.
- An interesting detail: embedded builtins will have non-adjacent
instruction and metadata areas, thus a concept of 'body' doesn't
make sense there.
- Also add raw_instruction_X_future accessors; these are used where
we are actually interested in the instructions range, not the entire
body. In a follow-up, current raw_instruction_X accessors will be
replaced by raw_body_X, and raw_instruction_X_future by
raw_instruction_X.
Bug: v8:11036
Change-Id: I1d85146b652e0c097c3602d4db1862d5d3898a7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491023
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70701}
The offset (also called "address") passed to the atomic builtins was
32-bit until now. With memory64, we will have to also accept 64-bit
values there, or at least values within the allocatable memory range.
This CL thus changes the builtins to receive uintptr values instead of
uint32, and pass them on to the runtime functions as double (as before).
The runtime then casts them back to uintptr_t instead of uint32_t.
Liftoff is extended to zero-extend the uint32 value if needed. TurboFan
already passed a machine-word sized integer before.
Drive-by: Rename some "address" to "offset" to make the semantics more
clear.
R=ahaas@chromium.org
CC=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I66968cc99a908775156c952da46d2f26219ffb58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489685
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70700}
Originally, the Torque-generated verifier for a field with type
Undefined|Zero|NonNullForeign would check `f.IsUndefined() || f.IsZero()
|| f.IsNonNullForeign()`. At some point, we changed Torque so that it
now generates the much weaker `f.IsOddball() || f.IsSmi() ||
f.IsForeign()`. This change returns the verifiers to their initial
precision. Mostly we can use the names of abstract types to build up the
correct type check expression, but a few abstract types like
PodArrayOfWasmValueType have no way that we can tell them apart from
their parent type at runtime. It would be confusing to have a function
Object::IsPodArrayOfWasmValueType which actually just checks whether the
object is a ByteArray, so this change introduces a new annotation which
allows abstract type declarations to state that they should use their
parent type during verification.
This change also adds new test cases to help avoid future regressions of
this logic.
Bug: v8:7793
Change-Id: Ie5046d742fd45e0e0f6c2ba387d909e9f2ac6df1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469960
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70698}
This reverts commit 517a306933.
Reason for revert: regresses perf
Original change's description:
> [ic] Append deprecated maps after appending new map
>
> Previously, we would append the deprecated maps and then append the
> new valid map causing minimorphic map checks to miss this new map in
> the case that we exceeded the FLAG_max_minimorphic_map_checks size.
>
> Bug: v8:10582
> Change-Id: Ie3d7da73f7bdbdd822241fae7879817889a72b43
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484513
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70676}
TBR=mythria@chromium.org,gsathya@chromium.org
Change-Id: Ifcb45e2cca16929f9f43f0116994f913bfb34730
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491281
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70697}
Implements https://github.com/tc39/ecma262/pull/2154, which allows
module export names to be string literals.
Semantics highlights:
- It is a SyntaxError for string literal export names to have unpaired
UTF16 surrogates.
- It is a SyntaxError for string literal export names to be used as
the local name without being followed by a 'from' clause. For example,
`export { "foo" }` and `export { "foo" as "bar" }` are errors, but
`export { "foo" } from "./module.js"` is allowed.
The remaining failing test262 test is wrong:
https://github.com/tc39/test262/issues/2866
Bug: v8:10964
Change-Id: Ib3e06e1ee6b3f1b60ed7f24e21902e17ddfc0351
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482335
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70692}
This CL enables basic optimizations in TurboFan for WebAssembly code,
like dead code elimination (DeadCodeElimination), constant folding
(MachineOperatorReducer), and control flow optimizations
(CommonOperatorReducer).
These optimizations were disabled originally to improve startup time,
at the expense of slower generated code. However, with Liftoff as the
baseline compiler, startup time is not so important anymore for
TurboFan.
R=clemensb@chromium.orgCC=manoskouk@chromium.org
Change-Id: I2a81f66929c43fbbdfc3625359772c8ea0f2235f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488684
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70691}
XMM registers/operands can be mixed with normal operands. We introduce 4
new enums to handle this case:
- xmmreg, oper
- oper, xmmreg
- xmmreg, xmmoper
- xmmoper, xmmreg
The different between op and xmmop is what type of register to print if
the modrm byte ends up decoding into a register.
The only difference between the output of the DisasmX64 test is pinsrd,
pinsrq, and pshuflw which had extras spaces. This is fixed with this
patch.
Test: cctest test-disasm-x64/DisasmX64 --random-seed=-1547905187
Bug: v8:10933
Change-Id: I2904c0fe83579e8df83ff2f304409278f1874c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480619
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70690}
cmpi only takes in a 16 bit signed integer. For larger
inputs we must use cmp with a register input.
Change-Id: I318d714930553fbad4c34097c7530055308f331a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2490460
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70689}
Liftoff can currently run out of registers when compiling an atomic
compare-exchange instruction. In order to see this crash, the following
conditions must be met:
- The offset in the instruction doesn't fit in a 12-bit immediate
- Either FLAG_untrusted_code_mitigations is false, or trap handlers are
enabled, so that AddMemoryMasking decides to do nothing
The fix proposed in this CL is just to defer allocation of a temporary
register until after CalculateActualAddress has finished, because it
might have also needed a temporary register.
Change-Id: I28225614dcdbe2bcc9e52208f1e806baac89c5f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488840
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70687}
Using the GraphAssembler instead of creating nodes "manually" results in
much smaller code. This allows us then to use ternary operators to make
the implementation even more concise.
R=ahaas@chromium.org
Bug: v8:10123
Change-Id: I154ffb436f414da14e932138911f35d251363083
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489686
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70686}
There were some cleanups to be done after crrev.com/c/v8/v8/+/2472000/
was merged.
Bug: v8:10799
Change-Id: I09bc2d123f89b88c74c3aecfa97c82d1925a1f2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488686
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70685}
This trap now used for all runtime type errors thrown when interfacing
with JS. Its name and message have been changed to reflect this.
Additional change: Remove the trap from the list of traps used
exclusively for RuntimeError (as opposed to TypeError) in
wasm-module-builder.js.
Change-Id: I517766837a60d94b562d4c0de922d52db786b635
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488688
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70682}
Follow the marker pattern where actual logic is moved into a dedicated
state class and the visitors merely forward to that class.
Change-Id: Id3c6b7414343da82759bdba3dbb8286adee44cf4
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480502
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70680}
Previously, we would append the deprecated maps and then append the
new valid map causing minimorphic map checks to miss this new map in
the case that we exceeded the FLAG_max_minimorphic_map_checks size.
Bug: v8:10582
Change-Id: Ie3d7da73f7bdbdd822241fae7879817889a72b43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484513
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70676}
This commit increases the number of backtracks before we fall back to
the experimental engine. The previous limit was reached just before
irregexp finished in sunspider/string-tagcloud and
web-tooling-benchmark/coffeescript. This meant that we aborted
execution and started over with a slower (but asymptotically faster)
engine just before we would've finished, causing a performance
regression.
Bug: chromium:1138975,v8:10765
Change-Id: I10a4b149300f88680084604310730ee91758bfa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479010
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70673}
This is a reland of fbfa9bf4ec
The arm64 was missing proper codegen for CFI, thus sizes were off.
Original change's description:
> Reland "[deoptimizer] Change deopt entries into builtins"
>
> This is a reland of 7f58ced72e
>
> It fixes the different exit size emitted on x64/Atom CPUs due to
> performance tuning in TurboAssembler::Call. Additionally, add
> cctests to verify the fixed size exits.
>
> Original change's description:
> > [deoptimizer] Change deopt entries into builtins
> >
> > While the overall goal of this commit is to change deoptimization
> > entries into builtins, there are multiple related things happening:
> >
> > - Deoptimization entries, formerly stubs (i.e. Code objects generated
> > at runtime, guaranteed to be immovable), have been converted into
> > builtins. The major restriction is that we now need to preserve the
> > kRootRegister, which was formerly used on most architectures to pass
> > the deoptimization id. The solution differs based on platform.
> > - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
> > - Removed heap/ support for immovable Code generation.
> > - Removed the DeserializerData class (no longer needed).
> > - arm64: to preserve 4-byte deopt exits, introduced a new optimization
> > in which the final jump to the deoptimization entry is generated
> > once per Code object, and deopt exits can continue to emit a
> > near-call.
> > - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
> > sizes by 4/8, 5, and 5 bytes, respectively.
> >
> > On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
> > by using the same strategy as on arm64 (recalc deopt id from return
> > address). Before:
> >
> > e300a002 movw r10, <id>
> > e59fc024 ldr ip, [pc, <entry offset>]
> > e12fff3c blx ip
> >
> > After:
> >
> > e59acb35 ldr ip, [r10, <entry offset>]
> > e12fff3c blx ip
> >
> > On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
> > with CFI). Additionally, up to 4 builtin jumps are emitted per Code
> > object (max 32 bytes added overhead per Code object). Before:
> >
> > 9401cdae bl <entry offset>
> >
> > After:
> >
> > # eager deoptimization entry jump.
> > f95b1f50 ldr x16, [x26, <eager entry offset>]
> > d61f0200 br x16
> > # lazy deoptimization entry jump.
> > f95b2b50 ldr x16, [x26, <lazy entry offset>]
> > d61f0200 br x16
> > # the deopt exit.
> > 97fffffc bl <eager deoptimization entry jump offset>
> >
> > On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
> >
> > bb00000000 mov ebx,<id>
> > e825f5372b call <entry>
> >
> > After:
> >
> > e8ea2256ba call <entry>
> >
> > On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
> >
> > 49c7c511000000 REX.W movq r13,<id>
> > e8ea2f0700 call <entry>
> >
> > After:
> >
> > 41ff9560360000 call [r13+<entry offset>]
> >
> > Bug: v8:8661,v8:8768
> > Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#70597}
>
> Tbr: ulan@chromium.org, tebbi@chromium.org, rmcilroy@chromium.org
> Bug: v8:8661,v8:8768,chromium:1140165
> Change-Id: Ibcd5c39c58a70bf2b2ac221aa375fc68d495e144
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485506
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70655}
Tbr: ulan@chromium.org, tebbi@chromium.org, rmcilroy@chromium.org
Bug: v8:8661
Bug: v8:8768
Bug: chromium:1140165
Change-Id: I471cc94fc085e527dc9bfb5a84b96bd907c2333f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488682
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70672}
This is a reland of 403390ec60
Original change's description:
> [ia32] Remove arguments adaptor frame
>
> Change-Id: Id66d2c57fc92c00b033bc53231313f477cceca75
> Bug: v8:10201
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448463
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70652}
Bug: v8:10201
Change-Id: I2c50b22fbe565e8ad6a510c02bfbd79c145d284e
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485225
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70663}
It is a little shorter and cheaper[1] than the equivalent
"mov sp,bp; pop bp".
Also remove support for the 'enter' instruction, since
- it is unused,
- it is neither shorter nor cheaper than the corresponding
push and mov (in fact more expensive[1]), and
- our disassembler doesn't support it.
[1] See https://www.agner.org/optimize/instruction_tables.pdf
Change-Id: I6c99c2f3e53081aea55445a54e18eaf45baa79c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482822
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70660}
