We track untagged values through the InterpreterFrameState, that allows
us to re-use already emitted CheckedSmiUntag and elide CheckedSmiTag
whenever the next node wants the untagged value as input.
It uses LoadRegisterTaggedValue, LoadRegisterSmiUntaggedValue and
accumulator variants as helper in the graph builder.
Spilled values can now be untagged, since we currently do not
support stack slot re-use, we use a ZoneVector to keep track of
the stack slot representation.
We tag (lazily) any value that will be passed as input to a Phi node.
Bug: v8:7700
Change-Id: I34cb69c8f1fbeb6a8158a251a4dd2e114e894ea0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574559
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79939}
Method GCTracer::UpdateStatistics was responsible for copying
incremental and background scopes to the current event, before
reporting. It was called, however, at the end of the atomic pause and,
as a result, some of these scopes would be prematurely copied to the
current event (e.g., incremental and background sweeping scopes) and
misreported.
This CL fixes this by splitting the update of statistics and the
copying of incremental and background scopes. It introduces the
method GCTracer::FinalizeCurrentEvent which does the latter, which
is called from GCTracer::StopCycle. It also introduces methods for
correctly accessing and updating scopes, before the current event is
finalized, and eliminates the distinction between
GCTracer::AddScopeSample and GCTracer::AddScopeSampleBackground.
Bug: chromium:1154636
Change-Id: I2a6d9abb3daa2c48b2dce12dc2685cfc84130abf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576792
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79938}
For strict equal boolean literal like "a===true"
or "a===false", we could generate TestReferenceEqual
rather than TestStrictEqual. And in `execution_result()->IsTest()`
case, we could directly emit JumpIfTrue/JumpIfFalse.
E.g.
```
a === true
```
Generated Bytecode From:
```
LdaGlobal
Star1
LdaTrue
TestEqualStrict
```
To:
```
LdaGlobal
Star1
LdaTrue
TestReferenceEqual
```
E.g.
```
if (a === true)
```
Generated Bytecode From:
```
LdaGlobal
Star1
LdaTrue
TestEqualStrict
JumpIfFalse
```
To
```
LdaGlobal
JumpIfTrue
Jump
```
Bug: v8:6403
Change-Id: Ieaca147acd2d523ac0d2466e7861afb2d29a1310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568923
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#79935}
This patch makes sure that NearHeapLimitCallback can invoke
operations that trigger garbage collections. In addition
this adds code to make the tracers aware of NearHeapLimitCallback.
Bug: v8:12777
Change-Id: I959a23a3e0224ba536cb18b14933813e56fc5292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3575468
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79934}
For stack-switching, we create a callable object from the
WasmResume builtin and pass that as the onFulfilled argument
of Promise#then. We don't need to create this callable object each time
we suspend. Instead, create it when we initialize the Suspender object
and store it there.
R=jkummerow@chromium.orgCC=fgm@chromium.org
Bug: v8:12191
Change-Id: If8495493a71794cddc81b21a17a821fed8f4ede7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579162
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79930}
Simulator needs a way to check if a fp input is
a signalling NaN and `issignaling` doesn't seem to be
supported on the latest gclient update and causes link errors.
Change-Id: Id2a7200b6cf13bb6174b052728fc5a0d5436321c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3581768
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79929}
The barrier is published in the atomic pause following the final step.
Bug: v8:12775
Change-Id: Ia77e1d213cc02a086d7a557999481b633e6b4df4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3582039
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79928}
We need to make sure that a node doesn't think it's still allocated in a
register (and doesn't need spilling) when it is freed to make space for
another allocation.
Bug: v8:7700
Change-Id: I6e35cd467bb7f17bb20dc6f4ab0a1df9efe78ffa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3582220
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79926}
We were doing this for synchronous compiles, but not for asynchronous
ones.
Bug: v8:7700
Change-Id: I10173ddc34bd8750051272c0ec065e21bbd20082
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3581767
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79925}
The external code space is required for the sandbox, so enable it on
Android to be able to enable the sandbox there as well in the future.
Bug: v8:11880
Change-Id: Ic7ba29c77affc3e0e83c8a93f2f6f53b3c72b8e8
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578799
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79924}
1. Added `generateWebDriverValue` flag to `Runtime.evaluate` and `Runtime.callFunctionOn`.
2. Added `webDriverValue` field to `RemoteObject`, and set it in case of the `generateWebDriverValue` flag was set.
3. Added virtual method `bidiSerialize` to allow embedder-implemented serialization (like in https://crrev.com/c/3472491).
4. Implemented V8 serialization in a separate class `V8WebDriverSerializer`.
5. Hardcode `max_depth=1`.
6. Added tests.
Not implemented yet:
1. `objectId`.
2. Test of embedder-implemented serialization.
Tested automatically by:
```
python3 tools/run-tests.py --outdir out/foo inspector/runtime/add-web-driver-value
```
Naming to be discussed. Suggestions are very welcome.
Design doc: http://go/bidi-serialization
Change-Id: Ib35ed8ff58e40b3304423cc2139050136d844e2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472077
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maksim Sadym <sadym@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79922}
This is a reland of commit 1f0d7d2072
The fix merges concurrent marking tasks when marking in the atomic
pause. Without the fix, Oilpan markers would continue running
concurrently, possibly discovering new V8 objects. This violates the
assumption that the final transitive closure runs on a single thread.
Original change's description:
> cppgc-js: Concurrently process v8::TracedReference
>
> Adds concurrent marking for reaching through v8::TracedReference.
> Before this CL, a v8::TracedReference would always be processed on the
> main thread by pushing a callback for each encountered reference.
>
> This CL now wires up concurrent handling for such references. In particular:
> - Global handles are already marked as well and not repurposed during
> the same GC cycle.
> - Since global handles are not repurposed, it is enough to
> double-deref to the V8 object, checking for possible null pointers.
> - The bitmap for global handle flags is mostly non-atomic, with the
> markbit being the exception.
> - Finally, all state is wired up in CppHeap. Concurrent markers keep
> their own local worklist while the mutator marker directly pushes to
> the worklist owned by V8.
>
> Bug: v8:12600
> Change-Id: Ia67dbd18a57dbcccf4dfb9ccfdb9ee438d27fe71
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516255
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79736}
Bug: v8:12600
Change-Id: I8545041b2c7b3daf7ecea7e3a100e27534e9b8b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571887
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79919}
The roundss / vroundss instruction is only available on AVX or SSE4_1
hardware. Thus bring back the old code path with much longer code for
such old hardware.
R=tebbi@chromium.org
Bug: chromium:1314363
Change-Id: I79a58627c8b406817330e9f9601234cea28182c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578642
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79914}
This particular branch in CompileOptimizedOSR relies on a precise
invocation count at counts 0 and 1. The invocation count is unreliable
not only in the previously described situation (--always-opt), but also
e.g. when forcing optimization on the first execution through other
means like %OptimizeFunctionOnNextCall. Let's simply rewrite the
condition to explicitly exclude kIsInProgress.
Fixed: chromium:1314536
Change-Id: I27432f689c866bad3b407df7bbf276ec32c25c0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578644
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79913}
1: Clear cache entry 0 before overwriting it to maintain bookkeeping of
the SharedFunctionInfo's OSR code cache state, which tracks how many
cache entries there are for this particular SFI.
2: When inserting into the code cache, we don't know in advance whether
the entry is already present or not (this could happen with multiple
simultaneous compile jobs from different closures of the same SFI).
Fixed: chromium:1314644
Bug: v8:12161
Change-Id: I0085a3a6e0c1879c3d483853220e654aa03660ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578643
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79912}
This is a reland of commit 51b99213e7
Fixed in reland:
- bytecode_age was incorrectly still accessed as an int8 (instead
of int16).
- age and osr state were incorrectly reset on ia32 (16-bit write
instead of 32-bit).
Original change's description:
> [osr] Add an install-by-offset mechanism
>
> .. for concurrent OSR. There, the challenge is to hit the correct
> JumpLoop bytecode once compilation completes, since execution has
> moved on in the meantime.
>
> This CL adds a new mechanism to request installation at a specific
> bytecode offset. We add a new `osr_install_target` field to the
> BytecodeArray:
>
> bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
> osr_urgency: uint32: 3 bit;
> osr_install_target: uint32: 13 bit;
> }
>
> // [...]
> osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
> bytecode_age: uint16; // Only 3 bits used.
> // [...]
>
> Note urgency and install target are packed into one 16 bit field,
> we can thus merge both checks into one comparison within JumpLoop.
> Note also that these fields are adjacent to the bytecode age; we
> still reset both OSR state and age with a single (now 32-bit)
> store.
>
> The install target is the lowest 13 bits of the bytecode offset.
> When set, every reached JumpLoop will check `is this my offset?`,
> and if yes, jump into runtime to tier up.
>
> Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.
>
> Bug: v8:12161
> Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79853}
Bug: v8:12161
Change-Id: I7c59b2a2aacb1d7d40fdf39396ec9d8d48b0b9ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578543
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79911}
Join instead of cancel to make use of the the main thread.
Also make the Join() call explicit instead of implicitly finishing
concurrency on advancing tracing form the main thread.
Bug: v8:12600
Change-Id: I60d3e82bfc2e8a3ccc2dda761a5d3eb3ac7694d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578855
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79910}
To make the existing mechanism for printing JSON for turbolizer able to
print types other than the ones stored in the nodes (so the verifier can
print its own types here), this CL restructures the printing mechanism
into a single non-private class that can be inherited to override
certain parts of the printing. In this CL only GetType is made virtual
to allow verifier to override it, but additional parts can be made
overridable whenever necessary.
Bug: v8:12619
Change-Id: Idf31f8cdb49eb6c3204c6abfbb74fc981330d6d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571818
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79909}
Bring back raw SetAccumulator, instead of the separate
SetAccumulatorToNew/ExistingNode. SetAccumulator (and StoreRegister) are
now expected to only ever be called on new Nodes, with some DCHECKs
tracking which nodes are new guaranteeing this.
Bug: v8:7700
Change-Id: I5657fa85dc05445bc3d6956ebcd5541ec1cedfad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579362
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79908}
Map space can get disabled with --no-use-map-space.
Bug: v8:12578, chromium:1314307
Change-Id: I0f25e4e10c0baa0e9785d80c189dfe86c2bc6aec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579302
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79907}
port 49c95bd95b
Change-Id: I69baf80d85e172014f4037fd4d345f0f0a634684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578101
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79906}
API logging has not been used in a while and we have valid alternatives:
- Runtime call stats
- Profiling
- Timer events
Together they make --log-api superfluous and we can remove it and reduce
the number of branches when calling into the V8 API.
Change-Id: Ie10f70b61ebdb82166270e7630ebcf20a27c4902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574549
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79904}
Instead of using cipd for dsymutil (which is updated via the autoroller),
chromium/src downloads the dependency directly from a storage bucket
(https://crrev.com/c/3564507).
This rolls the approach into v8's DEPS. Additionally, it manually rolls
the deps changes from https://crrev.com/c/3577241 to validate the fix for
chromium:1314724 in a led run referencing this commit in
https://chromium-swarm.appspot.com/task?id=5a235a3429884411.
Bug: chromium:1314724
Change-Id: I6eb0e954bd17a390cbc79d929f82793e877db7b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579304
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79903}
FPUCanonalizeOperation will output standard qNaN when the lvalue is nan
in simulator, and this implementation is inconsistent with physical
machine.
Besides, fix a wrong register request in i64_add on mips32.
Change-Id: Icddb1fc6d0e03a51d4fb4ba13ecb39f11a645af0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3580103
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#79902}
- Parse the condensed source position info support for jitted code
- Add progress bar/circle to loader
- Use temporary Array instead of concatenated strings in escapeField to
reduce gc pressure
- Use bound functions as event handlers in more places
- Various timeline legend fixes:
- Fix columns alignment when duration is present
- Use fixed width to avoid breaking the UI
- Correctly show total/percents for 'All' and 'Selection' entries
- Improve usability of filtering buttons: added tooltips and fixed
redrawing on filtering
Bug: v8:10644
Change-Id: I1275b31b7b13a05d9d6283d3067c1032d2d4819c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574544
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79897}
The tier up check in br_if is only executed conditionally, so it is
not allowed to update any cache state. Later code would work with that
updated state, even though the corresponding code would not have
executed.
There was a partial implementation for this by passing in a scratch
register for {TierupCheck}, but {TierupCheckOnExit} has the same
problem, and needs up to three scratch registers.
Until we come up with a better solution, just snapshot the cache state
before doing the tier up check, and restore it later. This has some
performance cost, but it's an effective fix.
R=jkummerow@chromium.org
Bug: chromium:1314184
Change-Id: I1272010cc247b755e2f4d40615284a03ff8dadb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579363
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79896}
This is a reland of commit c482a66bd7
Original change's description:
> Enable PAC and BTI for runtime generated code.
>
> This patch enables PAC and BTI for runtime generated code when PAC
> is enabled. Additional BTI landing pads will resolve to NOOP when
> running on non BTI device and will not cause functional problems.
>
> Change-Id: I3993481df2c3c47e3e81bfb76a8c355f642cd572
> Bug: chromium:919548, v8:10026
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548457
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Andre Kempe <andre.kempe@arm.com>
> Cr-Commit-Position: refs/heads/main@{#79630}
Bug: chromium:919548, chromium:1310642, v8:10026
Change-Id: I5f76705a222b5f4fbc07cf472c02e9b58b5171fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579164
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Andre Kempe <andre.kempe@arm.com>
Cr-Commit-Position: refs/heads/main@{#79895}
Opportunistically specializing the inlined function's signature
based on statically available type information in the caller is
currently important for performance, but can make inlining fail
if parts of the inlinee relied on the more generic types.
This patch addresses that problem by retrying with the original
signature in such cases.
Long-term, check elimination should be based on typed IR nodes
instead.
Bug: v8:12166
Change-Id: I4b68d0b056daec25844f6386da11b933cc343d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579144
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79894}
Similar to full GCs, the GC defers metric reporting until sweeping is
finished.
Bug: chromium:1029379
Change-Id: Ib06adb3be691c1ad2bd530eb77fc01cc22537338
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576130
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79891}
