This CL:
- stops tracking transitions for fast maps that are known to be detached
- reuses descriptor arrays when transitioning detached maps to avoid O(n^2) performance and garbage creation
Fix2 in reland: constructor_or_backpointer can be a smi since it can also hold a user-provided function.prototype
Fix in reland: check whether the map of the back pointer is the metamap rather than reading the map of the constructor-or-backpointer slot. If the slot contains a constructor, it's possible that the object transitions while the concurrent marker is reading the map (from which it's reading the instance type); and it's possible that the transitioned map isn't set up yet fully when we read the instance type. An acquire load for the constructor-or-backpointer map would also fix it by serializing stores, but is more expensive. Checking the metamap is faster.
Original commit message:
> This avoids an O(n^2) algorithm that creates an equal amount of garbage.
> Even though the actual final descriptor array might be a little bigger,
> it reduces peak memory usage by allocating less.
Change-Id: Id99dc76a369057e5c4d76a31163605cb38a66867
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172080
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67501}
This reverts commit 656308502e.
Reason for revert: due to failures
Original change's description:
> Reland^3 "[runtime] Amortize descriptor array growing for fast-mode prototypes"
>
> This CL:
> - stops tracking transitions for fast maps that are known to be detached
> - reuses descriptor arrays when transitioning detached maps to avoid O(n^2) performance and garbage creation
>
> Fix in reland: check whether the map of the back pointer is the metamap rather than reading the map of the constructor-or-backpointer slot. If the slot contains a constructor, it's possible that the object transitions while the concurrent marker is reading the map (from which it's reading the instance type); and it's possible that the transitioned map isn't set up yet fully when we read the instance type. An acquire load for the constructor-or-backpointer map would also fix it by serializing stores, but is more expensive. Checking the metamap is faster.
>
> Original commit message:
> > This avoids an O(n^2) algorithm that creates an equal amount of garbage.
> > Even though the actual final descriptor array might be a little bigger,
> > it reduces peak memory usage by allocating less.
>
> TBR=ulan@chromium.org,ishell@chromium.org
>
> Change-Id: I57000949debdee2b69dd41e0c5975b3e8a34c6f4
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: b:148346655, v8:10339
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173363
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67499}
TBR=ulan@chromium.org,clemensb@chromium.org,ishell@chromium.org,verwaest@chromium.org
Change-Id: Ie7018912f591d397c8acede9b31fbf269d225fe4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: b:148346655, v8:10339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2174299
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67500}
This CL:
- stops tracking transitions for fast maps that are known to be detached
- reuses descriptor arrays when transitioning detached maps to avoid O(n^2) performance and garbage creation
Fix in reland: check whether the map of the back pointer is the metamap rather than reading the map of the constructor-or-backpointer slot. If the slot contains a constructor, it's possible that the object transitions while the concurrent marker is reading the map (from which it's reading the instance type); and it's possible that the transitioned map isn't set up yet fully when we read the instance type. An acquire load for the constructor-or-backpointer map would also fix it by serializing stores, but is more expensive. Checking the metamap is faster.
Original commit message:
> This avoids an O(n^2) algorithm that creates an equal amount of garbage.
> Even though the actual final descriptor array might be a little bigger,
> it reduces peak memory usage by allocating less.
TBR=ulan@chromium.org,ishell@chromium.org
Change-Id: I57000949debdee2b69dd41e0c5975b3e8a34c6f4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: b:148346655, v8:10339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173363
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67499}
Forced GCs can either be invoked internally or communicate the fact that
they are forced externally via API. Before this CL, all uses were
passing kGCCallbackFlagForced to indicate that the GC was forced.
This flag is used by embedders though to trigger followup actions. E.g.,
it can be used to trigger a follow up call to
GarbageCollectionForTesting() call which requires --expose-gc.
This patch changes the semantics as follows:
- Internal forced GCs use a Heap GC flag (kForcedGC)
- External forced GCs and GC extension use kGCCallbackFlagForced
Bug: chromium:1074061
Change-Id: Ide7ea0ccdf88b8c8cac002289aef5b7eb0f9748c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172747
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67498}
This reverts commit d29b2f815b.
Reason for revert: accidental reland without fix
Original change's description:
> Reland^2 "[runtime] Amortize descriptor array growing for fast-mode prototypes"
>
> Fix: check whether the map of the back pointer is the metamap rather than reading the map of the constructor-or-backpointer slot. If the slot contains a constructor, it's possible that the object transitions while the concurrent marker is reading the map (from which it's reading the instance type); and it's possible that the transitioned map isn't set up yet fully when we read the instance type. An acquire load for the constructor-or-backpointer map would also fix it by serializing stores, but is more expensive. Checking the metamap is faster.
>
> In case of false negatives (it is a map but we read the field before it was properly initialized) we'll simply mark too many descriptors in the worst case.
>
> Original change's description:
> > Revert "Reland "[runtime] Amortize descriptor array growing for fast-mode prototypes""
> >
> > This reverts commit 71f9c1179a.
> >
> > Reason for revert: Seems to cause several TSan flakes, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20concurrent%20marking/12926
> >
> > Original change's description:
> > > Reland "[runtime] Amortize descriptor array growing for fast-mode prototypes"
> > >
> > > This is a reland of 2de2d3dcdc
> > >
> > > Original change's description:
> > > > [runtime] Amortize descriptor array growing for fast-mode prototypes
> > > >
> > > > This avoids an O(n^2) algorithm that creates an equal amount of garbage.
> > > > Even though the actual final descriptor array might be a little bigger,
> > > > it reduces peak memory usage by allocating less.
> > > >
> > > > Bug: b:148346655
> > > > Change-Id: I984159d36e9e0b37c19bc81afc90c94c9a9d168a
> > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135728
> > > > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#67031}
> > >
> > > Bug: b:148346655, v8:10339
> > > Change-Id: I24436d8f49dc1fe527c4f6558db1abcba323b6f8
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139215
> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> > > Commit-Queue: Igor Sheludko <ishell@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#67475}
> >
> > TBR=ulan@chromium.org,ishell@chromium.org,verwaest@chromium.org
> >
> > Change-Id: I6fa02d0c89557eae33b792c1fe62c9c15eb0f7c7
> > No-Presubmit: true
> > No-Tree-Checks: true
> > No-Try: true
> > Bug: b:148346655, v8:10339
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172749
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Commit-Queue: Clemens Backes <clemensb@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67478}
>
> TBR=ulan@chromium.org,clemensb@chromium.org,ishell@chromium.org,verwaest@chromium.org
>
> Change-Id: Ib86e039374e721919cd5b02495c252ee7af283bd
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: b:148346655, v8:10339
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173359
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67495}
TBR=ulan@chromium.org,clemensb@chromium.org,ishell@chromium.org,verwaest@chromium.org
Change-Id: Ia624ac774c021146b9b3b7e60372113c50a1ec61
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: b:148346655, v8:10339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173361
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67497}
When a background thread fails to allocate, it requests a GC and
retries the allocation afterwards. Make second allocation more likely
to succeed by allowing those allocations to expand the old space.
TLABs of LocalHeaps also need to be invalidated before the GC.
Bug: v8:10315
Change-Id: Idaea2c4ee25642d508c72ae274b06d60c6e225e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154193
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67496}
Fix: check whether the map of the back pointer is the metamap rather than reading the map of the constructor-or-backpointer slot. If the slot contains a constructor, it's possible that the object transitions while the concurrent marker is reading the map (from which it's reading the instance type); and it's possible that the transitioned map isn't set up yet fully when we read the instance type. An acquire load for the constructor-or-backpointer map would also fix it by serializing stores, but is more expensive. Checking the metamap is faster.
In case of false negatives (it is a map but we read the field before it was properly initialized) we'll simply mark too many descriptors in the worst case.
Original change's description:
> Revert "Reland "[runtime] Amortize descriptor array growing for fast-mode prototypes""
>
> This reverts commit 71f9c1179a.
>
> Reason for revert: Seems to cause several TSan flakes, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20concurrent%20marking/12926
>
> Original change's description:
> > Reland "[runtime] Amortize descriptor array growing for fast-mode prototypes"
> >
> > This is a reland of 2de2d3dcdc
> >
> > Original change's description:
> > > [runtime] Amortize descriptor array growing for fast-mode prototypes
> > >
> > > This avoids an O(n^2) algorithm that creates an equal amount of garbage.
> > > Even though the actual final descriptor array might be a little bigger,
> > > it reduces peak memory usage by allocating less.
> > >
> > > Bug: b:148346655
> > > Change-Id: I984159d36e9e0b37c19bc81afc90c94c9a9d168a
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135728
> > > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#67031}
> >
> > Bug: b:148346655, v8:10339
> > Change-Id: I24436d8f49dc1fe527c4f6558db1abcba323b6f8
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139215
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Igor Sheludko <ishell@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67475}
>
> TBR=ulan@chromium.org,ishell@chromium.org,verwaest@chromium.org
>
> Change-Id: I6fa02d0c89557eae33b792c1fe62c9c15eb0f7c7
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: b:148346655, v8:10339
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172749
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67478}
TBR=ulan@chromium.org,clemensb@chromium.org,ishell@chromium.org,verwaest@chromium.org
Change-Id: Ib86e039374e721919cd5b02495c252ee7af283bd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: b:148346655, v8:10339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173359
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67495}
Spilling a register in Liftoff require a scratch register when the
offset of the stack slot from fp is greater than 2^12. This CL adds
a check to LiftoffAssembler::Spill on arm to check that a scratch
register is available. It also fixes one case where the scratch register
was not available.
R=clemensb@chromium.orgCC=zhin@chromium.org
Bug: chromium:1075953
Change-Id: Idb2bc7e26e3d4fbd6bb0eb6c9a9b8cfd8b3c569e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172424
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67494}
Rolling to chrome/src is in
https://chromium-review.googlesource.com/c/chromium/src/+/2155530
Since auto rolling stop after 3/24/2020 and the rolling will cause
change of test status, I get this cl ready (but not running trybot due
to 1074260) and plan to hand roll after the submission of 2155530.
Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
Change-Id: I19554f68cfdc5b717dfc7fc4b1222e9dc25b8d69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158486
Auto-Submit: Frank Tang <ftang@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67493}
The interpreter will be un-shipped soon, hence we cannot have a
compilation hint for interpreted execution.
This CL removes the respective enum value, removes a test which
specifically tested this one option, and adapts other code to use one of
the remaining hints.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: Ia754f7de95be271000a9e4e10ef2a3ee171da627
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172748
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67491}
Supporting WebAssembly evaluator modules requires support for passing
binary data as a parameter to CDP methods. Currently, the required base64
conversions are not implemented.
Bug: chromium:1020120
Change-Id: Ie74f93ee5accfa369aac428e5c5b5f882c921c52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2152645
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67490}
The UnicodePropertyEscapeCodeSize test set the max code size as 150KB,
which is too strict for mips64. This CL loosen the limit to 200KB.
Bug: v8:10441
Change-Id: I8532d4d51eedd7713075d86e84c52a58d2412861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172927
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#67489}
Previously, we fixed the decoding of SIMD opcodes >= 0x80 that reads an
immediate. However, we left behind a TODO for SIMD opcodes <= 0x80. This
fixes it.
Given a byte sequence such as [0xfd, 0x80, 0x80, 0x0], it decodes to the
SIMD opcode S128LoadMem (the last 3 bytes decode to 0, it is not the
most efficient encoding, but is still valid). Then, when we are decoding
the immediate memarg that follows this, we need to skip ahead 3 bytes
(opcode_length). We were not doing that previously.
This patch changes the signature of SimdLaneImmediate and
Simd8x16ShuffleImmediate to make this requirement clearer. It takes a
new argument opcode_length, which is the number of bytes the LEB encoded
opcode takes up. The pc should then be passed in unchanged.
In function-body-decoder-impl.h, we also consistently pass down
opcode_length into the various helpers, and use that value to decode
immediates.
Changes have been made to wasm-interpreter to record the opcode_length
to be passed down to helpers.
Bug: chromium:1075719
Bug: v8:10258
Change-Id: I502c9ef47d4da2abadf14218bf0da19b291ec55c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2171460
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67483}
Tweak the register allocation logic in liftoff-compiler.cc. If we reuse
src1 or src2 for dst, it complicates the logic in the codegen
significantly. We will need to check which operand dst is equals to,
back it up, then make sure the mask ends up in dst (since thats how vbsl
and bsl works, the first operand holds the mask and is overwritten). By
tweaking the allocation logic, no code gen is required for the other
backends.
Bug: v8:9909
Change-Id: I17843322508b18247c91e5959cf1b996b7f6a61d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2171468
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67481}
This reverts commit 908f08e43f.
Reason for revert: Seems like it may be causing v8-fuzzer failures: https://ci.chromium.org/p/v8/builders/ci/V8%20Fuzzer/36017
Original change's description:
> [ast] Remove literal allocation from CallPrinter
>
> Access literal data directly in CallPrinter, rather than allocating
> their values. This allows us to remove the isolate member from
> CallPrinter entirely.
>
> Change-Id: Ib4203009c86b6778ee843e8956fc7cee2214841e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2122019
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67471}
TBR=leszeks@chromium.org,verwaest@chromium.org
Change-Id: Ia7e0c95ee6ec58e5067d92c7517269fd334041a1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2171929
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67480}
Add a test to stop at a trap, inspect values, and step from there.
For inspection, we need to spill all registers, which we usually don't
do because the trap never returns, so the values won't be used
afterwards.
R=thibaudm@chromium.org
Bug: v8:10235
Change-Id: Ia1c21aa0faa3ca656e40aae626e8e912eaf2c233
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169890
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67477}
The output generated by --wasm-fuzzer-gen-test did not pass the
presubmit check:
* There was a trailing whitespace after "body";
* There was a trailing newline at the end;
Additionally the signature of addElementSegment changed at some point
and now also takes a table-index parameter.
R=thibaudm@chromium.org
Bug: v8:10155
Change-Id: I77481b0ac810a0e3ff06df24afa3ae22beaebb77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172744
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67476}
This is a reland of 2de2d3dcdc
Original change's description:
> [runtime] Amortize descriptor array growing for fast-mode prototypes
>
> This avoids an O(n^2) algorithm that creates an equal amount of garbage.
> Even though the actual final descriptor array might be a little bigger,
> it reduces peak memory usage by allocating less.
>
> Bug: b:148346655
> Change-Id: I984159d36e9e0b37c19bc81afc90c94c9a9d168a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135728
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67031}
Bug: b:148346655, v8:10339
Change-Id: I24436d8f49dc1fe527c4f6558db1abcba323b6f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139215
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67475}
With this CL the registers in a register pair get ordered such that the
low word register always has a lower register code than the high word
register. This should allow easier reasoning about the register
allocation, and prevent some register allocation bugs.
Background: for many operations in Liftoff, input registers are reused
as output registers. With register pairs, input register pairs are
reused as output register pairs. Additional reasoning, and sometimes
even additional code is needed when the registers of the output register
pair are swapped, i.e. when the high word register of the input becomes
the low word register of the output. With this CL the additional
reasoning is not necessary anymore, as the high word and low word
registers would get swapped during register allocation.
Additionally this CL fixes the logic of the last_spilled_regs list. This
list stored the last spilled registers, but recorded only one of the two
registers of a register pair. With this CL, both registers get recorded.
This CL does not have a regression test. The regression test was more
than 9000 lines long, and quite slow. I was not able to minimize it
substantially. The test would be fragile by nature, as it has to create
a special register configuration or otherwise does not test anything
meaningful. All in all I think it's better not to add the test.
R=clemensb@chromium.org
Bug: chromium:1074586
Change-Id: I4b2475b0c6537c7ce2e51fee281388cdd85f2953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168875
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67473}
Motivation:
Improve code efficiency by replacing runtime calls with manually
written turbofan code where possible.
Changes:
- Remove the runtime functions `Runtime_WasmNewMultiReturnFixedArray`
and `Runtime_WasmNewMultiReturnJSArray` and replace them with
turbofan code.
- Introduce the builtin function `WasmAllocateJSArray`.
R=clemensb@chromium.orgR=ecmziegler@chromium.orgR=jkummerow@chromium.org
Change-Id: Idc0db39286c4242392c0422919bbc8fd7bedf2af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143816
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67472}
Access literal data directly in CallPrinter, rather than allocating
their values. This allows us to remove the isolate member from
CallPrinter entirely.
Change-Id: Ib4203009c86b6778ee843e8956fc7cee2214841e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2122019
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67471}
The original motivation of the test case is long outdated, and it
has been repurposed. Making some cosmetic changes to clarify.
R=szuend@chromium.org
Fixed: v8:10455
Change-Id: I02c2e6f83d3475478efd37dbe834fca5d415b829
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172419
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67470}
To reduce the number of deoptimizations in TurboProp use call feedback
only when we know the call target is a builtin. Given that we don't
inline in TurboProp, call feedback isn't really useful and using Generic
lowering doesn't impact performance much. TurboProp still inlines
builtins, so it is important to use this feedback for generating better
optimized code.
BUG: v8:10431
Change-Id: I24d51e43728f9aea3099767deb7800119fea40e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2116033
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67468}
arguments[i] already returns undefined if arguments is not large
enough.
BUG=v8:10468
Change-Id: I0755014d0f1b61d5e3e2069ef4d14a9b51f2ebee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170092
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67467}
We don't have mips32 CPU or 32-bits OS, so we are not going to implement
these functions on mips32.
Change-Id: Ie37e5cea360526a82bbbc52ec3933d74c32fea6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167741
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#67465}
This is a reland of 43b885a842
This fixes another signed overflow in the unit test.
Original change's description:
> Reland "[turbofan][csa] optimize Smi untagging better"
>
> This is a reland of ff22ae80e2
>
> Original change's description:
> > [turbofan][csa] optimize Smi untagging better
> >
> > - Introduce new operator variants for signed right-shifts with the
> > additional information that they always shift out zeros.
> > - Use these new operators for Smi untagging.
> > - Merge left-shifts with a preceding Smi-untagging shift.
> > - Optimize comparisons of Smi-untagging shifts to operate on the
> > unshifted word.
> > - Optimize 64bit comparisons of values expanded from 32bit to use
> > a 32bit comparison instead.
> > - Change CodeStubAssembler::UntagSmi to first sign-extend and then
> > right-shift to enable better address computations for Smi indices.
> >
> > Bug: v8:9962
> > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67378}
>
> Bug: v8:9962
> Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67430}
Bug: v8:9962
TBR: neis@chromium.org
Change-Id: I79883db546bf37873b3727b8023ef688507091d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169103
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67464}
Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/1947688,
which unhid the third_party/jsoncpp directory, but the source subdir is
still synced via gclient so needs hiding.
Change-Id: Ica6f7e63e92dd9fa5a460e844a7d273f2ebe109c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169102
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67463}
This is a reland of 6a0e7224f3
Original change's description:
> [regexp] Limit the size of inlined choice nodes
>
> Codegen for unicode property escapes (e.g.: /\p{L}/u) can produce huge
> code objects. This effect can be further magnified through inlining,
> leading to exponential code growth in the size of the pattern.
>
> This CL is a (fairly hacky) way to avoid exponential growth. We
> recognize choice nodes with 'many' choices and disable inlining for
> them. In the future we should fix this properly, either by using the
> code size budget correctly, or by improving codegen for property
> escapes.
>
> Bug: v8:10441
> Change-Id: I817f145251ec8b1b9906cc735c9e9bdb004c98ed
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170229
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67433}
Tbr: yangguo@chromium.org
Bug: v8:10441
Change-Id: I9a16cc9e8248cb46d3d16a4e2d250968cc1b7b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172679
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67462}
The worklist in this CL is a merge of the worklists of Oilpan and V8. This implementation supports both use cases and should serve as the shared worklist once we start merging the codebase.
Bug: chromium:1056170
Change-Id: I4ecdb475f3900c33eced9249efa112a69c1b2707
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170828
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67459}
HeapVisitor is a simple visitor implementing both visitation and accept
interfaces. HeapVisitor is aimed to replace functions that traverse the
heap in Blink: PrepareForSweep, Sweep, FinalizeSweep, MakeConsistentForGC,
ObjectPayloadSize, VerifyObjectStartBitmap, CollectStatistics, etc.
This CL also introduces a Heap::ObjectPayloadSize function.
Bug: chromium:1056170
Change-Id: I85a2b8b572486bea29704fc436b002d8f7405201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165733
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67458}
Creates a new large-spaces.h and large-spaces.cc to contain
LargeObjectSpace and subclasses.
Bug: v8:10473
Change-Id: Ifdb4eac9df5c8213f992d549e04b612b62f6df0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170826
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67456}
Since ES6, optional arguments are treated the same as undefined. This
was recently cleaned up in https://github.com/tc39/ecma262/pull/1411.
The current Torque implementation of %TypedArray%.from incorrectly
interpreted the old (and confusing) language of a parameter being "not
present" as testing using arguments.length instead of testing directly
for undefined.
Bug: v8:10458
Change-Id: I055f1fa3be570a31a4f7369ba5b51b7d6b022f0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168674
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67454}
When creating a filler, we pass through whether we need to clear slots
in the old to new remembered set.
This patch adds a verification check that, when we claim we don't need
to clear slots, checks that no slots are set in the remembered set for
the range of the filler. Effectively, this is a range counterpart to
VerifyClearedSlot.
Change-Id: Id994c56d941988cc282463304bc7307a51943e99
Bug: chromium:1075999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139572
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67453}
