This CL introduces an initial implementation of code flushing, which
can be triggered from JavaScript with an explicit runtime call. The
runtime call allows easier testing. So far all Liftoff code gets
deallocated at a code flushing event. Experiments will show if this is
a good strategy.
Bug: chromium:1407659
Change-Id: I2c19a25ab5da1cf3b6d027d14cc6e719f33e300b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171627
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85365}
With this new mechanism, all operations in the input graph are passed
through the reducer stack's ReduceInputGraphXyz operations that have
direct access to the original operation and index. This allows for
analysis results (computed for the input graph) to be used in a simple
way. At the bottom of the stack, all ReduceInputGraphXyz calls are
forwarded to AssembleOutputGraphXyz in the OptimizationPhase, which
calls through the stack's ReduceXyz methods as before.
Bug: v8:12783
Change-Id: Ib5662d1fa72284bd1dd763a4a6c01e590fea945f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165600
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85361}
NOOP_UNLESS_DEBUG_CODE conditionally either declares or defines as
empty, a debug-only method in assemblers (predominantly AssertFoo
methods). The macro confuses clang-format though, which doesn't know
that the macro terminates the member function declaration, and the
indentation after it gets weird.
This can be fixed by adding a semi-colon after the macro (so that it
looks like a trailing function annotation to clang-format), but doing
this naively causes "Extra ';' in class definition" errors for the
case where the method is defined inline. These can be resolved by
swallowing that semicolon using a dummy `static_assert(true)` after
the function body.
Change-Id: I2032e68eafeca29524da2fe7ba7873c11f63d5e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4176735
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85360}
Make mark@ and mseaborn@ owners of the trap-handler directory.
R=ahaas@chromium.orgCC=mark@chromium.org, mseaborn@chromium.org
Change-Id: I0de583218895245527e8da4c2b6a8506dd007266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171632
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Mark Seaborn <mseaborn@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85357}
There is another place where the {is_in_debug_state} flag has precedence
over {lazy_module}. This should be the other way around: For lazy
modules, we should not eagerly compile Liftoff code.
R=ahaas@chromium.org
Bug: v8:13224
Change-Id: I8da8280bd2e2ea08f83cb1bc5697b8f76795f403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4168412
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85356}
Changes to the trap-handler directory need special security review. Add
a WATCHLIST to make it less likely that security review is ignored.
The watch list has ahaas and clemensb as V8-side owners and mark and
mseaborn as security reviewers.
R=ahaas@chromium.org, mark@chromium.org, mseaborn@chromium.org
Change-Id: I3af3eee5797d20353c39a33de009f39df85e98a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165617
Reviewed-by: Mark Seaborn <mseaborn@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85355}
This completes the big Code/CodeDataContainer name shuffle.
Bug: v8:13654
Change-Id: If033e9153e751ab0d2a38572da2ce2f7029bc359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173569
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85354}
The runtime function took two parameters, the instance and the function
index. The function index, however, seems to be unnatural information,
as the function index is a value that only has meaning with the binary
format of a wasm module, and not for the embedder of a wasm module.
This CL changes the signature of the runtime function to a single
parameter, the wasm function that should be optimized.
R=manoskouk@chromium.org
Bug: v8:12926
Change-Id: I6802cb6c8ffc586f4997a4a069735785ce59583d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171625
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85352}
functions from the TurboAssembler class
JumpTableAssembler inherits from TurboAssembler class instead of
MacroAssembler class, so its function cannot directly use
JumpToOffHeapInstructionStream.
Change-Id: Id87901157202443440cc8ff658b098d1db1a6865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173347
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85351}
Rolling v8/build: 8eddf35..e831815
Rolling v8/buildtools: a1adda9..d843e69
Rolling v8/buildtools/clang_format/script: 8b525d2..f97059d
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a4c8178..7a311fe
Rolling v8/third_party/depot_tools: 1757677..86cfa62
Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230112.1.1..version:11.20230114.0.1
Rolling v8/third_party/ninja: version:2@1.8.2.chromium.3..version:2@1.11.1.chromium.6
Change-Id: I0f3f07dadc4a8d82737e147bd0ff7b1836f5e0d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174855
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85350}
Liftoff will only be called on valid functions, but does not validate
itself. So we should not set the function to "validated" after executing
Liftoff compilation. Instead, we can DCHECK that the function was
validated before.
This requires a few changes to tests and fuzzers to correctly set the
{function_was_validated} bit.
R=ahaas@chromium.org
Change-Id: I669fca77724189c83d78bdfda9f08df9f7fd63f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4168411
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85349}
This is a followup to crrev.com/c/4165084.
Using relaxed atomic is not sufficient since the tasks are still running
and thus are not synced with the main thread.
This CL switches to using acquire-release semantics instead.
Bug: v8:13668
Change-Id: I613e56d423926d990aa22b3bd762a51af34737b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174078
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85348}
We used to optimize the pattern of a {WasmTypeCast} followed by an
{AssertNotNull} in the wasm typer, by moving the latter before the
former. This has caused multiple bugs in the past.
Now that we have null-trapping casts, we can simplify the optimization
by changing the return type of the type cast to non-nullable, thus
making it trap on null, and removing the explicit null assertion. We
also move it to the WasmGCOperatorReducer, which is more appropriate.
Bug: v8:7748
Change-Id: I756543090145c71e998042607437a5bad3fd19da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4172731
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85346}
Tests with shared memory are non-deterministic and shall not be
run with --predictable.
Bug: v8:13267, v8:13669
Change-Id: I65c9e1b273ff96ea73acd817a297c08f83ba615f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174076
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85345}
SmallVectors are assumed to be small most of the time. Hence the {Grow}
method and others will most of the time not be called. So mark them
{V8_PRESERVE_MOST} to make caller code slimmer and faster.
R=dlehmann@chromium.org
Bug: v8:13565
Change-Id: Ia2bdcdff7e415b1d8a2717849c74604677a9dade
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4168413
Reviewed-by: Daniel Lehmann <dlehmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85344}
We sometimes validate functions in the background, e.g. when inlining in
TurboFan. This had a slight chance of triggering a DCHECK when we were
validating the same function explicitly in another thread.
This would only happen in non-default configurations, if some functions
get eagerly compiled with TurboFan and other functions get lazily
compiled, and therefore validated explicitly.
Since listing all such conditions is tricky, we just return early if we
detect that a function was already validated.
R=ahaas@chromium.org
Bug: v8:13659
Change-Id: Ie75b2638e86e263406edfbc41cc4f404b3b98e68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171623
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85343}
This does:
- Move gcmole runs to bots with matching arch.
- Update mb_configs to enable gcmole on the bots that run it.
- Add a GN target that extracts some compiler flags from a
ninja file of one of V8's other targets.
- Use the extracted flags in the gcmole script and remove other
hard-coded arch-specific flags.
This is done for DEFINES and includes for now. Other compiler flags
are still a TODO.
Bug: v8:9287
Change-Id: Icba9ce59e0bfffd138d9207b1c2ad64d42bf6a91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055629
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85341}
KindField seems to be a 2 byte value (rather than 4).
Loading 32 bits would read an incorrect value on BE and fails
runtime assertions.
Behaviour does not change on little endian as only the low-order
4 bits are used.
Change-Id: I0933a00e6fb5259785f894a838933791d411edba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4168418
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#85339}
SeqStrings are now zero padded. This allows us to check equality in
chunks of 32, or 64 bytes. Makes StringEqual about 2x as fast for
strings larger than 4-8 bytes.
Bug: v8:13664
Change-Id: Ic5e21bbef97b401a6d28a76bcb164a88739a68a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156058
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85338}
.. as part of the big Code/CodeDataContainer name shuffle. In the
next step, CodeDataContainer will be renamed to Code.
Bug: v8:13654
Change-Id: Ia80ac984d46dd6c2a108098055a5cd60e22a837c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171628
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85337}
Add a map check for the RHS of instanceof checks (i.e. the class) when
loading its hasInstance method. We were previously confirming the value
of the RHS, to make sure that it's a constant, but not considering the
case that the map of that class could change (e.g. because of a
prototype change or field definition).
Bug: v8:7700
Change-Id: Ia2923b99dd0524670bebcc57e4c0c209f8835d04
Fixed: chromium:1407959
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173568
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85336}
Matches were transmitted in a JSArray, although a FixedArray is
enough.
Change-Id: I71145c6b55d57a15e330a3865f00d038e613dde3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171631
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85332}
The RegisterInput (NewTarget) was not correctly visited by the GC.
This:
- Creates a sentinel safepoint to indicate that the stack is not
fully created (we are in the stack guard call).
- Generalises RegisterInputs (we assumed only NewTarget before) and
save them in the graph.
- Pass the register input count via tagged_register_indexes in
this case.
Fixed: chromium:1407606
Bug: v8:7700
Change-Id: I8f599f8c1a992ee6fd886eec1e289454649dfec8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171626
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85331}
Actual worklist segment capacity may vary depending on allocator
internals. Varying capacity can result in different push/pop order
even in single-threaded execution which is incompatible with
--predictable.
As a fix, rely on minimum capacity for --predictable.
Bug: v8:13614
Change-Id: Icbf093b31c32f4eb20476954572b3731f5c8ef88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171641
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85330}
Split tagged and double element loads (LoadTagged/DoubleElement) into
loads of the elements array, and a load from the Fixed[Double]Array.
This will allow us to potentially re-use elements array loads, as well
as use the more generic FixedArray load for other FixedArrays.
Bug: v8:7700
Change-Id: I382132585a709ab1351666fd820156148b35bc42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4168414
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85328}
.. now that it unconditionally refers to CodeDataContainer. All
previous references to 'CodeT' (the type and as part of names) are
now updated to 'CodeDataContainer', including 'codet', 'CODET', etc.
Bug: v8:13654
Change-Id: I7abbba040091eddf3ef09028a891aed460363929
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165619
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85325}
Use the static root pointers to generate better code for C++ builtins.
First, comparisons like `IsUndefined` should only consider the
compressed pointer. The change ensures that comparisons compile to:
```
; IsUndefined
cmp DWORD PTR [rbx+r14*1],0x22e1
```
Further, storing into a tagged field should be just one instruction as
well. To avoid complicating stores we opt for ensuring clang can
optimize `compress(decompress(cage_base, 0x42)) -> 0x42`. To that end
`DecompressTaggedPointer` has to be slightly rewritten, as
using the base as `Address` makes clang ignore the specified alignment
(see https://godbolt.org/z/f1ajneW1P).
With this optimization also stores are compiled to one instruction:
```
; map.set_prototype(roots.null()):
DWORD PTR [rax+0x13],0x22c5
```
Bug: v8:13466
Change-Id: I5355dc21cf7cb459f5dc3718f8facefc1d04e229
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4130075
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85323}
In some cases, a declaration of a function may be covered by
variables with a same name and thus bound to one parameter. This
CL records variables which should not be bound to the parameter,
are skipped when inserting shadowing variable binding initilizers.
Bug: v8:13459
Change-Id: Id7d147392450b177d219bfd04245b47d9e58c20e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4130416
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85321}
Use the bottleneck for right-trimming of objects also for BigInts.
Change-Id: I82fcb38143f939fdd3d7763c9c60d2e9003196eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165614
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85319}
