port edd50adhttps://crrev.com/c/1924355
Original Commit Message:
In both ChangeIntPtrToSmi and ChangeInt32ToSmi we can use bitcasts
instead of change nodes for Smi Tagging, when we are using 31 bit
smis in 64 bit architectures with pointer compression enabled.
In ChangeIntPtrToSmi we can ignore the truncation as well.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I309e6c7ba671499f721149e1ea1c8e153fe3b2ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939028
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65215}
This removes the marking worklist draining loop from IncrementalMarking
and makes it use the one of MarkCompactCollector.
Bug: chromium:973627
Change-Id: I226b4b45be7d542a82bba20162ad210dfb419c39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940250
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65212}
In order to implement {dlsym} like functionality, toolchains might
generate code that grows the table by one element at a time (e.g.
Emscripten currently does that). To improve performance in such a case,
we over-allocate the backing store of the {WasmTableObject}. Whenever
the backing store grows, it grows at least by the old size of the table.
This ensures exponentially growth, avoiding too many re-allocations.
R=mstarzinger@chromium.org
CC=ecmziegler@chromium.org
Bug: v8:10018
Change-Id: I502d590a89f7804363938a157b7ed2189283227a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939051
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65210}
ObjectRefs either use the serialized data or access the heap depending
on whether broker mode is disabled or not. This cl changes it to use
the mode of the data and accesses heap for UnserializedHeapObject. This
allows us to access heap for some of the objects (ex: readonly object)
instead of serializing them.
This change shouldn't change any behaviour. In a followup cl, we will
mark readonly objects as UnserializedHeapObjects even when broker mode
is serialized.
Bug: v8:9684
Change-Id: I8775e60ed480957b485c39df254827dd69c655a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937148
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65206}
This reverts commit 347092ac2b.
Not a clean revert, since other changes got baked on top, but rather
a manual removal of LoadLazyICParameters.
Reason for revert: Seems to actually regress bindings perf tests (see
bugs and https://chromeperf.appspot.com/group_report?rev=62539), doesn't
seem to improve performance elsewhere, and increases complexity.
Original change's description:
> [ic] Load name/context lazily in LdaNamedProperty
>
> Introduces LazyLoadICParameters which allow a LazyNode for context and
> name. These aren't used on the fast path, so we want to avoid reading
> them for both performance and register pressure reasons.
>
> Change-Id: Ifb637cf4782ce984feee9af503998e7539beb823
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1686665
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62539}
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:981797
Bug: chromium:982630
Change-Id: I88af764d17afb76d6e64b95a3d1e4aaa1c6c8978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934327
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65205}
Deprecated in 79.
Change-Id: If0e2b95b4b66328858b33a533454a469c80fad63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940147
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65204}
Enabling concurrent inlining builds the graph on background thread
reducing the time spent on main thread.
Bug: v8:9684
Change-Id: Iee00aa991ab8e14fad76b0d9c0b0fd9f8d1eecde
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937149
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65202}
We want to grow the table entries exponentially, so the entries length
will not reflect the actual size of the table any more. Hence, introduce
another field on {WasmTableObject} to store the actual length.
R=mstarzinger@chromium.orgCC=ecmziegler@chromium.org
Bug: v8:10018
Change-Id: Ie8252f33fddda3ae60dd24bd8db148fd67262226
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939050
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65200}
To indicate that the Isolate* in getters might not be a "real" isolate,
but rather a calculated one from GetIsolateForPtrCompr only used for
calculating the isolate root, make that function return a const Isolate*
and change field getters, Object::IsFoo predicates, and related
functions to all take a const Isolate* instead of an Isolate*
With this change, we can slightly more confidently use Objects that are
in OffThreadSpace, without having to worry too much about having an
Isolate* floating around that could accidentally be used.
This is a slight abuse of const semantics, but it allows implicit
conversion from Isolate* arguments to the const Isolate* parameter.
Bug: v8:7703
Bug: chromium:1011762
Change-Id: I54d4a65d2299477195f4d754cabe64ce34fdaa4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939455
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65199}
This was added in 2d889aa9a4 but all consumers of it have since been
removed.
Bug: v8:10021
Change-Id: I13aa12853e1720b2f919ca8b29737fedb96bc145
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1938462
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65198}
This enum defined three modes of doing inlining:
kGeneralInlining, kRestrictedInlining, kStressInlining.
kStressInlining was unused. kRestrictedInlining meant
that JSInliningHeuristic::Reduce would return NoChange,
but only after wasting some time inspecting calls. This
is now replaced by simply not installing JSInliningHeuristic
as a reducer when inlining is disabled.
Note: There is still a --stress-inline flag, which sets
(through flag implications) a bunch of parameters that affect
inlining.
Change-Id: I05bafbe3f1f35610d7035a2c71c5ac17bdb80758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936473
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65196}
All builtins are now guaranteed to be in the embedded blob. Setup of
the builtins entry table can be simplified to directly fetch
instruction starts from the embedded blob.
Additionally, this CL adds a sanity check for the builtin Code
object's builtin_index (to verify the Code object is uncorrupted). The
CHECK can be removed or changed to a DCHECK once the linked bug is
resolved.
Bug: chromium:1020986
Change-Id: I38832790132e284c7fc23251a5dc2eefb8456de6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939048
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65194}
After landing a few relatively simple ports in preceding work, this CL
ports the more involved Array.prototype.forEach reduction, containing
checkpoints, JS and runtime calls, loops, and exceptions. With the
mechanisms introduced in this change, I'd expect a large chunk of
js-call reductions to be trivially portable.
Newly introduced:
- IfBuilder0 for if-then-else statements (with optional else).
- ForBuilder for for-loop statements.
- MayThrow() for exceptional control flow. Exceptional edges are
automatically merged and wired into the outer graph if necessary.
Bug: v8:9972
Change-Id: I835bf90c5871fbd94a1d12721d44b500fbef75e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921798
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65193}
https://v8.dev/blog/tags/release is the new ChangeLog!
This also removes an unused file push_to_candidate.py which wasn't deleted
earlier as it's intertwined a lot in test cases. This CL also cleans that
up.
Furthermore, logic for selecting CLs for the ChangeLog (using LOG= lines)
is removed as well. Nobody has used this feature for more than 5 release
cycles.
We'll delete the ChangeLog file in a separate CL.
Bug: v8:10010
No-Try: true
Change-Id: Idee551dc0600c3df9f784cc543897e3e18517ca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930616
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65191}
This adds a few tests that test that the output of Liftoff is
deterministic.
These tests will be extended to test the debug side table in follow-up
CLs.
R=mstarzinger@chromium.org
Bug: v8:10019
Change-Id: Ia7992e7a889bf6dad963e5abe5b50507735996a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932371
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65190}
The ShlPair function has two out of order instructions, this patch
reorder them and add some checks to prevent the dst register from
conflicting with the src register.
Change-Id: I2dd4b20a5c55fbbe75b126162302997acec5a6bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936647
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65188}
This should help reduce the number of false positives detected
by dead variable analysis.
Bug: v8:9680, chromium:1000635
Change-Id: Id2893dd5f26cad230dede96930a5caacc0272b64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924359
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65186}
Now since we also encode KeyedAccessStoreMode information in the slow
handler for some cases, the DCheck can result in failure.The Check can
result in failures for other cases of StoreSlow. Removing the DCHECK
altogether, now verifying the correctness of the behavior using the
Kind Bits of the Handler in the method GetKeyedAccessStoreMode.
Bug: chromium:1027025, chromium:1028085
Change-Id: I59acedbb499930e67ae5999d4bfd0f040a34b46e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929408
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65185}
Make WasmFeatures a proper class which uses an EnumSet under the hood.
This way, it inherits all behaviour of EnumSet like comparison, merge,
etc.
Accesses change from being simple field access into the struct to
actually bit tests in the EnumSet.
R=mstarzinger@chromium.org
Bug: v8:10019
Change-Id: I768f92b90ac0294156f4482defba5ce00bc70165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934334
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65184}
Until now, the in-object properties on JSObject have been invisible to
tools using the postmortem debugging library. With this change, those
tools will get enough information to show a flat list of property
values. This is still less powerful than the runtime printers, which can
show the corresponding key for each value, but it's a big step up from
manually inspecting memory.
This change basically requires a reimplementation of
Map::GetInObjectProperties for postmortem debugging. I'm not
enthusiastic about duplicating this logic, but it's pretty small and I
don't see any good alternatives.
As a drive-by cleanup, I moved some inline string literals into a batch
of constexpr char arrays.
Bug: v8:9376
Change-Id: Ia24c05f6e823086babaa07882d0d320ab9a225db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930174
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65183}
Significantly reduces the number of blocks in CSA code generated by
Torque by merging blocks along a straight-line path into a single
block.
Bug: v8:9861
Change-Id: I592cc1ed5b1ca0ad12c907d5cce7dcf7fec5f141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917157
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65181}
We were abusing of ChangeInt32ToIntPtr since we were using it with Smis
as inputs. The new ChangeTaggedInt32ToSmi takes a smi value in 32 bits
and extends it (if necessary) to 64 bits.
Knowing it's a smi lets us skip the ChangeInt32ToInt64 when we are
using 31 bit smis.
Change-Id: Ibd88127fa8122d4b9f683151469cd37320515b5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921985
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65180}
This fixes a simple error in the parser fuzzer, where we accessed the
{parentheses} vector without checking that it is non-empty.
Drive-by: Some formatting cleanup, and switch to {vector} for
performance.
R=mstarzinger@chromium.org
Bug: chromium:1027132
Change-Id: I5faa39885801953f2fb698b1131eab1f138a524d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936472
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65179}
This renames the macro parameter {index} to {sig_index} to make clear
that this should be the index of a signature.
It also fixes some tests that wrongly passed a function index here (with
no observable difference in the test outcome unfortunately).
It also renames some {f[0-3]} variables to {sig[0-3]} to make it clear
that they refer to signatures.
R=mstarzinger@chromium.org
Bug: v8:10021
Change-Id: Ia4f697acd5d6a2e6f2fb45b680dac20f24ea1b08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936471
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65178}
(1) One more place in ic.cc must guard against "lookup->name()" calls
when the LookupIterator might be in indexed mode.
(2) Rather than burdening LookupIterator users with specifying
"kGuaranteedNoTypedArray", we can do the corresponding calculation in
the LookupIterator itself, which makes it robust towards any callers
that haven't been updated (specifically, in Object.values).
Bug: chromium:1027461,chromium:1028213
Change-Id: I76b5d08e309fc2a694955b537adbeb5a30e681f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936474
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65177}
This CL ensures we care only about our internal pointer types and not
about raw C++ pointers, because normally special care is taken when
storing raw pointers to the managed heap. Furthermore, checking for raw
pointers produces too many false positives in the dead variable
analysis.
Bug: v8:9680, chromium:1000635
Change-Id: Ica9ea1fe09b7456c011910a6886149b6dfdda1f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924357
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65174}
This flag has had no effect since mid 2017 when its use-site was
accidentally removed (in https://codereview.chromium.org/2902533003).
Change-Id: I81436b064c2664deff781ad6d75ad47937e3fdc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934333
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65172}
after c968607e12 aka r65078.
CheckedTaggedToArrayIndex is the function that's in sync with the
ICs. It does both more (string-to-index conversion) and less (limit
to kMaxSafeInteger) than CheckedTaggedToInt64.
Bug: chromium:1028021
Change-Id: I992b11b8d4c58b4d3f5385b21998f53dd4b235d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934338
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65170}
In both ChangeIntPtrToSmi and ChangeInt32ToSmi we can use bitcasts
instead of change nodes for Smi Tagging, when we are using 31 bit
smis in 64 bit architectures with pointer compression enabled.
In ChangeIntPtrToSmi we can ignore the truncation as well.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I4487ba40ba9fda7b1ab31da95ff7bd144407d02d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924355
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65168}
When running with --deopt-every-n-times, it's possible to hit the
deopt point in reduceRight where we fail to find an initial element.
There was a bug in this code: the deopt point failed to begin walking
the array at {length - 1} in search of the first non-holey element.
With the flag, incorrect results would be produced. Without the flag,
it's not possible to get an incorrect result because normally the
deopt point fires only when the array (of whatever length) contains
only holes.
Bug: v8:9984
Change-Id: I654c702fca67c0f9a982f5bb8a5d9569e907ccf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934328
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65167}
... after executing their action.
This allows to search for a regex, click "hide unselected nodes", and
then immediately using graph view's keyboard shortcuts (e.g i, o, r).
Bug: v8:7327
Change-Id: Ieb7dbb3f1e32a78131500f8fb8b7805417c60e4e
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930906
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65166}
