This CL optimizes ByteReverse 16/32/64 ops on PPC<10 as
well as PPC_10_PLUS.
A 32bit sign extension is also added to `ByteRev32` in codegen.
Change-Id: I6379ac4222f3574ab226971546238142039fe977
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3298308
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78048}
With dynamic tiering, caching is triggered multiple times as there is
no single event anymore that triggers when the module should be cached.
This CL adds a counter for the number of times caching is triggered.
This counter can indicate whether our current caching heuristics are
good or should get adjusted.
R=thibaudm@chromium.org
Bug: v8:12281
Change-Id: I8ed9ed73a556d11df643c31ec6d20760a257e0d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295578
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78045}
This CL adds `can_use_compiled_module` parameter to
WasmStreaming::Finish() that is used by Chromium
https://chromium-review.googlesource.com/c/chromium/src/+/3282643
to invalidate compiled module bytes after SetCompiledModuleBytes().
Bug: chromium:1260939
Change-Id: Iebf0e8615c27c8622721777c664b06a53fb9ee91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297548
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78044}
Private methods use a property with symbol name that stores a context.
This is then loaded to perform the brand check. Since this uses
JSLoadProperty in Turbofan, we should not type JSLoadProperty as
NonInternal.
Bug: chromium:1269063, v8:12359
Change-Id: I920ccf46e939ab0477ff2fdb3cda6d7d94bab0af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293089
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78042}
The macro may be defined but the value to it may not be assigned. The
compiler can complain about (reproduced when compiling chromium on
Windows).
Bug: chromium:1249550
Change-Id: I684997ccda7122f56c01391e7a1339fadf6589e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297888
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78040}
The list of to-be-finalized objects can grow significantly. While
running Speedometer2, the metadata that stores to-be-finalized objects
can be the second largest contributor to heap consumption (overall
taking up 2.6MB, checked with heaptrack).
The CL changes the list to be stored inlined in HoH, if cage-heap is
enabled, rather than in a separate vector.
Bug: chromium:1249550
Change-Id: I04a0c84d118655fa6ff8e2440423e802cd722842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295448
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78038}
Bug: v8:12228
Change-Id: I21b2ee1e640ba75227a03d765bb1552eff68e3fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293415
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#78033}
It is possible to inline a JSToWasm wrapper that directly calls a
WasmToJS wrapper. In this case we need to make sure that the instance
we pass is a WasmApiFunctionRef, not a WasmInstanceObject.
Bug: chromium:1271456
Change-Id: I684a769922895860a43c73ba43c2598c9bda4b64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293423
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78031}
For large working set, the sweeper metadata can significantly increase.
Currently, the backing of swept_unfinalized_pages never gets freed,
which causes about 300KB of memory be occupied (checked on
Speedometer2). The CL makes sure to shrink (actually free) the backing
after each GC cycle.
Bug: chromium:1249550
Change-Id: I7c7e5248983960a498afc252a344fa71cb1444c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295347
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78029}
No implementation needed, since relaxed swizzle is already handled in
wasm-compiler, and is visited by VisitI8x16Swizzle, and on arm64 we
generate the same code (TBL).
Bug: v8:12284
Change-Id: I446632101de26bb2f28c3f3ed60f209e81600dec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272643
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78026}
Many safepoint tables do not contain any deoptimization info and/or no
callee-saved registers. Do not emit empty fields for all entries in this
case.
This often shrinks the size of the encoded safepoint table by more than
50%.
Drive-by cleanups:
- Rename fields of the safepoint table entries to clarify their meaning
("tagged slots" instead of "bits", "tagged register indexes" instead of
"register bits").
- Include the PC in the decoded {SafepointEntry} to make it the single
source of truth.
R=jkummerow@chromium.org
Bug: v8:12401
Change-Id: If5c24a688a434842ed3b6427f5f1f3ea9232173a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289173
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78021}
With dynamic tiering, not all functions get compiled with TurboFan,
and not all functions can therefore get cached. With this metric we
want to keep track of the time needed to compile missing functions with
Liftoff.
R=jkummerow@chromium.org
Bug: v8:12281
Change-Id: I1f2de3e1f6b004477985df5d2116f69371528c3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289178
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78020}
This reverts commit d7c3f1cd8a.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Android%20Arm64%20-%20debug%20builder/22043/overview
Original change's description:
> Reland "[fastcall] Enable float support on arm64 simulator"
>
> This is a reland of b9ddcbc86f
>
> The original CL was reverted due to an MSAN issue, that is fixed by
> moving the signature mapping onto the Isolate (instead of having
> per-thread storage, which got invalid on multithreaded compilation).
>
> This CL also contains fixes for the Bazel config and for a data race
> when obtaining the PerIsolateSimulatorData.
>
> Original change's description:
> > [fastcall] Enable float support on arm64 simulator
> >
> > This CL adds support for handling calls to C functions with arbitrary
> > signatures on the arm64 simulator. It adds infrastructure for
> > encoding the signature data from CallDescriptor and FunctionInfo
> > classes into a compact representation, stored in the simulator and
> > called EncodedCSignature.
> >
> > Design doc:
> > https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
> >
> > This CL is a follow up on the native support added in
> > https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> > and is partially based on the previous attempt:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2343072
> >
> > Bug: chromium:1052746
> > Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> > Commit-Queue: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#77744}
>
> Bug: chromium:1052746, chromium:1267854
> Change-Id: I89bbd01e33fb1080543d98bcfd4c2d17b5c76861
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270541
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78018}
Bug: chromium:1052746, chromium:1267854
Change-Id: Ia8f10d085d13990b331f306957f95ecf3e003cfd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295453
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78019}
This is a reland of b9ddcbc86f
The original CL was reverted due to an MSAN issue, that is fixed by
moving the signature mapping onto the Isolate (instead of having
per-thread storage, which got invalid on multithreaded compilation).
This CL also contains fixes for the Bazel config and for a data race
when obtaining the PerIsolateSimulatorData.
Original change's description:
> [fastcall] Enable float support on arm64 simulator
>
> This CL adds support for handling calls to C functions with arbitrary
> signatures on the arm64 simulator. It adds infrastructure for
> encoding the signature data from CallDescriptor and FunctionInfo
> classes into a compact representation, stored in the simulator and
> called EncodedCSignature.
>
> Design doc:
> https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
>
> This CL is a follow up on the native support added in
> https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> and is partially based on the previous attempt:
> https://chromium-review.googlesource.com/c/v8/v8/+/2343072
>
> Bug: chromium:1052746
> Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77744}
Bug: chromium:1052746, chromium:1267854
Change-Id: I89bbd01e33fb1080543d98bcfd4c2d17b5c76861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270541
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78018}
There are cases where DeclareEvalVar can fail to create a variable, in
particular when the declaration scope is not extensible. Throw an error
in such cases.
Fixed: chromium:1145119
Change-Id: I6260f570570c4d7801231bdb5f6724f3734444fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295348
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78017}
Once CppHeap moves away from EmbedderHeapTracer, it can no longer be
returned by Isolate::GetEmbedderHeapTracer. Blink currently uses
GetEmbedderHeapTracer to trigger GCs. This CL introduces a variant of
Isolate::RequestGarbageCollectionForTesting to replace that.
Bug: v8:12407
Change-Id: I099989f55291a0daab7d2051072dedddef58dd40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293413
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78015}
Instead of just DCHECKing that we are in a safepoint in
Snapshot::Create, pass the GlobalSafepointScope as argument.
Bug: v8:11708, v8:12377
Change-Id: Ia856c27b92223bf3a96fe6946b86e4625f3a1e0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295342
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78014}
This is a reland of 90a9d6cb13
The original CL got reverted because of two different issues:
* The DCHECK failure on AllowGarbageCollection::IsAllowed() got fixed
in https://crrev.com/c/3289625.
* The crash with the incremental marking job were because of a nested
GC started from a SafepointScope. This CL adds IgnoreLocalGCRequests
scopes to SafepointScopes in src/heap.
In addition this CL prevents shared GCs during isolate deserialization
by locking the clients_mutex_ until the isolate is fully deserialized.
The original GC used a DisallowSafepoints scope to prevent shared GCs
from interrupting isolate deserialization.
Original change's description:
> [heap] Support multiple clients in shared GC
>
> Add support for safepointing multiple isolates as described in the
> design doc (link is below). A safepoint across multiple isolates is
> considered a global safepoint to distinguish it from regular safepoints.
>
> The basic idea behind the implementation is that we reach a
> safepoint for each client. What's new is that now also main threads
> need to participate in the safepointing protocol and need to give up
> control in time. The slow paths of Park(), Unpark() and Safepoint() on
> the main thread need to be adjusted for this reason as well.
>
> This CL introduces GlobalSafepoint and GlobalSafepointScope to mirror
> IsolateSafepoint and IsolateSafepointScope.
>
> This CL adds the type IgnoreLocalGCRequests, it is used to prevent
> Park() and Unpark() from honoring the request from background threads
> to perform a local GC. This is used heap-internally to not have GCs
> (or even nested GCs) in certain locations. E.g. when initiating a
> safepoint to perform a GC we don't want a "recursive" GC to occur.
>
> Design doc: https://docs.google.com/document/d/1y6C9zAACEr0sBYMIYk3YpXosnkF3Ak4CEuWJu1-3zXs/edit?usp=sharing
>
> Bug: v8:11708
> Change-Id: I5aca8f5f24873279271a53be3bb093fc92a1a1eb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009224
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77812}
Bug: v8:11708, v8:12375, v8:12377
Change-Id: I9d1af6fbc06a3a8b6f216ec5e9027665ad071809
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283067
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78013}
Starting an incremental GC when it is not supported is not allowed but
trying to finalize one when it might be unknown whether it's supported
or not should be legal.
In such cases, finalization would immediately bail out since there is no
active gc.
Bug: chromium:1272076
Change-Id: If5aaaa130dc55474d3fc3afcd7039880a2c11333
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293411
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78010}
This is a partial revert of https://crrev.com/c/2033171 to bring back
WasmModuleObject::Compile, that compiles Wasm bytes into a Wasm module.
Also adding a simple test to make sure the compile works.
There are some users, e.g. Cloudflare, Halide, see bug for more details.
Bug: v8:10461
Change-Id: I199abea108311025decad793d2232a08bba05d38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3292088
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78003}
PPC and S390 implement vsel slightly differently which
is also reflected on the simulator.
Change-Id: Iec5e49bfae09d8bf15149e5ab149b82971271b24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293409
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78002}
