This adds support to the deoptimizer to materialize ContextExtension
objects that have been de-materialized by escape analysis. This is
follow-up to the inline allocation of such objects during the create
lowering phase (i.e. JSCreateWithContext and JSCreateCatchContext).
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-644245
BUG=chromium:644245
Review-Url: https://codereview.chromium.org/2317353003
Cr-Commit-Position: refs/heads/master@{#39270}
This clears the context register by setting it to Smi(0) before calling
the Runtime::kNotifyDeoptimized helper. The deoptimizer must be able to
materialize all heap objects without any context available. The context
itself might be dematerialized.
With this change we make sure that invariant is maintained even without
escape analysis kicking in. We also satisfy the check that the context
register is either Smi(0) or a valid context. It might have been the
special {arguments_marker} in this particular case.
R=bmeurer@chromium.org
BUG=chromium:644245
Review-Url: https://codereview.chromium.org/2320673002
Cr-Commit-Position: refs/heads/master@{#39267}
This adds support for dematerialized context values as part of an
interpreted frame (similar to an FCG frame). Both frame translations
should be kept in sync as much as possible.
R=rmcilroy@chromium.org
BUG=chromium:644728
Review-Url: https://codereview.chromium.org/2313343002
Cr-Commit-Position: refs/heads/master@{#39256}
After we landed the tracing runtime call stats, which gave
us a lot of V8 insight in tracing, we noticed that there is
some arising issues and discrepancies.
Issues include:
Missing trace events, that happened due to
transforming those trace events into runtime calls
Discrepancies include:
Missing categories in Runtime call stats like GC,
because we are not handling the Scoped runtime calls
properly in the tracing version.
To reduce/eliminate those issue, we are taking a small
step back. We are unifying the RuntimeStats code and
using the original one. That would allow us to use all
the original probes but emit trace events from them.
We are also putting back the trace-events in their place.
The output from both system should be intact (Except of
the addition of the missing trace-events).
Also as a byproduct, we are reducing the number of context
scopes by half since we are using the same scope as
runtime call stats.
As a follow up to this CL, we will address the non-scoped
Runtime Call Stats (mainly in GC).
BUG=642373
Review-Url: https://codereview.chromium.org/2296243002
Cr-Commit-Position: refs/heads/master@{#39180}
We removed some TRACE_EVENT0 instrumentation when we landed runtime call stats
tracing, however some of them are used in metrics, this patch adds these
TRACE_EVENT0 back.
BUG=642373
LOG=N
Review-Url: https://codereview.chromium.org/2301743002
Cr-Commit-Position: refs/heads/master@{#39104}
The accumulator is always part of the translation for every interpreted
frame. The assumption is that all frames are in {TOS_REGISTER} state.
This however is not supported for non-topmost frames and we need to
avoid pushing the accumulator onto the machine stack.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2271153003
Cr-Commit-Position: refs/heads/master@{#38945}
This makes sure the deoptimizer picks bytecode prepared for debugging
when materializing an interpreted frame if one is available. This is
normally done by the interpreter entry trampoline and hence needs to be
replicated by the deoptimizer.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2271443003
Cr-Commit-Position: refs/heads/master@{#38815}
With --ignition-preserve-bytecode, we don't have the guarantee that
SharedFunctionInfo::abstract_code() returns the code we deopt to.
R=mstarzinger@chromium.org
BUG=v8:5265
Review-Url: https://codereview.chromium.org/2239773003
Cr-Commit-Position: refs/heads/master@{#38614}
Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.
This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.
BUG=v8:5089
Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
Committed: https://crrev.com/3f936a5b17754783e92d2146eaf66c88a78ee45b
Review-Url: https://codereview.chromium.org/2187693002
Cr-Original-Original-Original-Commit-Position: refs/heads/master@{#38270}
Cr-Original-Original-Commit-Position: refs/heads/master@{#38314}
Cr-Original-Commit-Position: refs/heads/master@{#38403}
Cr-Commit-Position: refs/heads/master@{#38510}
Reason for revert:
Leaks block chromium roll:
https://codereview.chromium.org/2219083003/
Example build:
https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_asan_rel_ng/builds/205435
You can add the trybot from tryserver.chromium.linux, linux_chromium_asan_rel_ng, on reland.
Original issue's description:
> [Reland][Tracing] Embed V8 runtime call stats into tracing.
>
> Currently we have V8 RuntimeCallStats that is independently from tracing when
> running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
> stats into tracing, by having a global table of runtime call counters each
> isolate, resetting the table each time we enter a top level trace event, and
> dumping the table for each top level trace event. This will make trace file more
> compat, as well as enable runtime call stats in tracing system.
>
> This patch adds ~5% overhead to V8 when the category is enabled, we measure the
> overhead by running a script when category is enabled.
>
> BUG=v8:5089
>
> Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
> Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
> Committed: https://crrev.com/3f936a5b17754783e92d2146eaf66c88a78ee45b
> Cr-Original-Original-Commit-Position: refs/heads/master@{#38270}
> Cr-Original-Commit-Position: refs/heads/master@{#38314}
> Cr-Commit-Position: refs/heads/master@{#38403}
TBR=cbruni@chromium.org,fmeawad@chromium.org,bmeurer@chromium.org,adamk@chromium.org,rmcilroy@chromium.org,lpy@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5089
NOTRY=true
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2221853002
Cr-Commit-Position: refs/heads/master@{#38412}
Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.
This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.
BUG=v8:5089
Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
Review-Url: https://codereview.chromium.org/2187693002
Cr-Original-Original-Commit-Position: refs/heads/master@{#38270}
Cr-Original-Commit-Position: refs/heads/master@{#38314}
Cr-Commit-Position: refs/heads/master@{#38403}
Reason for revert:
Mac64 ASAN failure. https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7810/steps/Check/logs/Threading4
Original issue's description:
> [Reland][Tracing] Embed V8 runtime call stats into tracing.
>
> Currently we have V8 RuntimeCallStats that is independently from tracing when
> running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
> stats into tracing, by having a global table of runtime call counters each
> isolate, resetting the table each time we enter a top level trace event, and
> dumping the table for each top level trace event. This will make trace file more
> compat, as well as enable runtime call stats in tracing system.
>
> This patch adds ~5% overhead to V8 when the category is enabled, we measure the
> overhead by running a script when category is enabled.
>
> BUG=v8:5089
>
> Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
> Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
> Cr-Original-Commit-Position: refs/heads/master@{#38270}
> Cr-Commit-Position: refs/heads/master@{#38314}
TBR=cbruni@chromium.org,fmeawad@chromium.org,machenbach@chromium.org,bmeurer@chromium.org,adamk@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5089
Review-Url: https://codereview.chromium.org/2200373003
Cr-Commit-Position: refs/heads/master@{#38315}
Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.
This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.
BUG=v8:5089
Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
Review-Url: https://codereview.chromium.org/2187693002
Cr-Original-Commit-Position: refs/heads/master@{#38270}
Cr-Commit-Position: refs/heads/master@{#38314}
Reason for revert:
Sanitizer failures:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/10989/https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7786/
Original issue's description:
> [Tracing] Embed V8 runtime call stats into tracing.
>
> Currently we have V8 RuntimeCallStats that is independently from tracing when
> running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
> stats into tracing, by having a global table of runtime call counters each
> isolate, resetting the table each time we enter a top level trace event, and
> dumping the table for each top level trace event. This will make trace file more
> compat, as well as enable runtime call stats in tracing system.
>
> This patch adds ~5% overhead to V8 when the category is enabled, we measure the
> overhead by running a script when category is enabled.
>
> BUG=v8:5089
>
> Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
> Cr-Commit-Position: refs/heads/master@{#38270}
TBR=cbruni@chromium.org,fmeawad@chromium.org,machenbach@chromium.org,bmeurer@chromium.org,adamk@chromium.org,rmcilroy@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5089
Review-Url: https://codereview.chromium.org/2203913004
Cr-Commit-Position: refs/heads/master@{#38275}
Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.
This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.
BUG=5089
Review-Url: https://codereview.chromium.org/2187693002
Cr-Commit-Position: refs/heads/master@{#38270}
This allows to pass deoptimization reasons to the profiler without the
requirement of always providing a source position. The absence of deopt
reasons is now communicated via a sentinel as the deopt id value. The
deoptimization reasons recently added to TurboFan are now passed to the
profiler.
R=bmeurer@chromium.org
TEST=cctest/test-cpu-profiler
Review-Url: https://codereview.chromium.org/2159793002
Cr-Commit-Position: refs/heads/master@{#37852}
So far TurboFan wasn't adding the deoptimization reasons for eager/soft
deoptimization exits that can be used by either the DevTools profiler or
the --trace-deopt flag. This adds basic support for deopt reasons on
Deoptimize, DeoptimizeIf and DeoptimizeUnless nodes and threads through
the reasons to the code generation.
Also moves the DeoptReason to it's own file (to resolve include cycles)
and drops unused reasons.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2161543002
Cr-Commit-Position: refs/heads/master@{#37823}
Now we can turn it into a turbofan stub.
Create new instance types JS_ARGUMENTS_TYPE and JS_ERROR_TYPE.
Review-Url: https://codereview.chromium.org/2080243003
Cr-Commit-Position: refs/heads/master@{#37219}
The patch introduces a dedicated dispatching class for JIT code events. It is
set as a helper on the isolate.
This allows classes across v8 to break their dependency on Logger and CpuProfiler.
These two became just regular clients of the dispatcher.
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2061623002
Cr-Commit-Position: refs/heads/master@{#37005}
Passing in the isolate and pointer compare the instnance against the
corresponding constant is always faster than decoding the instance types.
BUG=
Review-Url: https://codereview.chromium.org/2028983002
Cr-Commit-Position: refs/heads/master@{#36744}
This allows sloppy arguments objects to be allocated by the generic
Heap::AllocateJSObjectFromMap allocation function. An empty elements
backing store for such objects is provided. This is needed in order to
materialize such objects without access to a specific native context.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-613919
BUG=chromium:613919
Review-Url: https://codereview.chromium.org/2014343004
Cr-Commit-Position: refs/heads/master@{#36547}
This makes sure the deoptimizer can materialize sloppy arguments objects
with the FAST_SLOPPY_ARGUMENTS_ELEMENTS elements kind. TurboFan's escape
analysis treates those as normal JSObject types and hence materializes
them differently than Crankshaft does.
R=verwaest@chromium.org
TEST=mjsunit/regress/regress-crbug-613919
BUG=chromium:613919
Review-Url: https://codereview.chromium.org/2001133002
Cr-Commit-Position: refs/heads/master@{#36440}
This adds support to materialize JSFunction objects from deoptimization
information. By now we need to support this because TurboFan's escape
analysis can produce virtual (i.e. non-escaping) closures.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1998143002
Cr-Commit-Position: refs/heads/master@{#36400}
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.
This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/34c9626e2ee56fe805de549697ca5323aed7cb66
Cr-Commit-Position: refs/heads/master@{#36288}
Review-Url: https://codereview.chromium.org/1969423002
Cr-Commit-Position: refs/heads/master@{#36310}
Reason for revert:
Breaks
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim/builds/619
Might only affect pure release builds?
Original issue's description:
> [Interpreter] Remove InterpreterExitTrampoline and replace with returning to the entry trampoline.
>
> In order to support compiling to baseline on return we need to be able to
> return to the actual return address. With this change this is what the
> Return bytecode now does, removing the need for the
> InterpreterExitTrampoline.
>
> This change also removes the InterpreterNotifyDeoptXXX builtins and
> unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
> change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/34c9626e2ee56fe805de549697ca5323aed7cb66
> Cr-Commit-Position: refs/heads/master@{#36288}
TBR=mstarzinger@chromium.org,oth@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1986353002
Cr-Commit-Position: refs/heads/master@{#36294}
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.
This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1969423002
Cr-Commit-Position: refs/heads/master@{#36288}
By fully annotating the API with runtime counters we can properly measure
how much time we spend in total in v8. When --runtime-call-stats is specified
we now disable the fast-paths for callbacks to properly measure them.
As a drive-by-fix this CL unifies the LOG messages in api.cc.
Additionally we added missing timers to gain better resolution in the parser
and callbacks.
BUG=
Review-Url: https://codereview.chromium.org/1923893002
Cr-Commit-Position: refs/heads/master@{#36248}
This makes the profiler reconstruct inlined function frames at eager
deopt points from the deoptimization data. The main goal of this is to
remove the last side-channel where Crankshaft communicates directly to
the profiler. This is the last preparatory step towards deprecating the
side-channel in question.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1973993002
Cr-Commit-Position: refs/heads/master@{#36229}
Currently we do not check for @@isConcatSpreadable properly. If the Symbol is
set on the Array.prototype or Object.prototype the current fast paths fail.
This CL adds a fix to globally invalidate a isConcatSpreadable_protector.
Drive-by-fix: use named accessors for context variables
LOG=N
BUG=chromium:542504, v8:903
Review-Url: https://codereview.chromium.org/1409123003
Cr-Commit-Position: refs/heads/master@{#36201}
This passes the inlining_id of deoptimization points via the relocation
info instead of via a side-channel to the CPU profiler. This is one step
towards deprecating the side-channel in question and avoid the need for
performing a lookup of the return address of the deopt point.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1956693002
Cr-Commit-Position: refs/heads/master@{#36177}
- Move the concurrent unmapping to MemoryAllocator
- Hide (private) members where possible
- MemoryAllocator:Free is now the bottleneck for freeing
- Pooled pages are either allocated from a set of pooled pages are obtained
through work stealing from the concurrent unmapper
BUG=chromium:605866, chromium:581412
LOG=N
This reverts commit 25ff296c4c.
Review-Url: https://codereview.chromium.org/1929503002
Cr-Commit-Position: refs/heads/master@{#35910}
Reason for revert:
Creates a spike of OOM(v8) crashers on Win32.
Original issue's description:
> [heap] Uncommit pooled pages concurrently
>
> - Move the concurrent unmapping to MemoryAllocator
> - Hide (private) members where possible
> - MemoryAllocator:Free is now the bottleneck for freeing
> - Pooled pages are either allocated from a set of pooled pages are obtained
> through work stealing from the concurrent unmapper
>
> BUG=chromium:605866, chromium:581412
> LOG=N
>
> Committed: https://crrev.com/2158df87116906160cebc3ad20c97f454822da03
> Cr-Commit-Position: refs/heads/master@{#35797}
TBR=hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:605866, chromium:581412
Review URL: https://codereview.chromium.org/1925563003
Cr-Commit-Position: refs/heads/master@{#35819}
- Move the concurrent unmapping to MemoryAllocator
- Hide (private) members where possible
- MemoryAllocator:Free is now the bottleneck for freeing
- Pooled pages are either allocated from a set of pooled pages are obtained
through work stealing from the concurrent unmapper
BUG=chromium:605866, chromium:581412
LOG=N
Review URL: https://codereview.chromium.org/1913083002
Cr-Commit-Position: refs/heads/master@{#35797}
The approximate mode enables taking an approximate stack trace from GC,
where the top frames might be missing if inlined. Note that in that case,
the frame summary will refer to optimized code, so it will not be possible
to take source position. (The user of the summary will have to handle the
case frame_summary.abstract_code()->kind() == AbstractCode::OPTIMIZED_CODE
specially.)
Review URL: https://codereview.chromium.org/1907443002
Cr-Commit-Position: refs/heads/master@{#35728}
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
R=mstarzinger@chromium.org, neis@chromium.orgTBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n
Review URL: https://codereview.chromium.org/1865833002
Cr-Commit-Position: refs/heads/master@{#35283}
We expect that the majority of malloc'd memory held by V8 is allocated
in Zone objects. Introduce an Allocator class that is used by Zones to
manage memory, and allows for querying the current usage.
BUG=none
R=titzer@chromium.org,bmeurer@chromium.org,jarin@chromium.org
LOG=n
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1847543002
Cr-Commit-Position: refs/heads/master@{#35196}
These checks can fail if there bottommost function is a tail caller and the next function has different number of arguments than the bottommost one.
BUG=chromium:593697,v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1785253003
Cr-Commit-Position: refs/heads/master@{#34718}
In case when F was called with incompatible number of arguments (and therefore
the arguments adator frame was created), F inlines a tail call of G which then
deopts the deoptimizer should also remove the arguments adaptor frame for F.
This CL adds required machinery to the deoptimizer.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1768263004
Cr-Commit-Position: refs/heads/master@{#34610}
BailoutId points to the next bytecode in the bytecode array. Code offset
is set to one less than the bail out id. This would point to the end of the
current instruction. Since we use it only for summarizing the frame and to
compute the source position, it should be safe to set it to the end of current
instruction.
BUG=v8:4280, v8:4689
LOG=N
Review URL: https://codereview.chromium.org/1763783003
Cr-Commit-Position: refs/heads/master@{#34580}
Before this CL, various code stubs used different techniques
for marking their frames to enable stack-crawling and other
access to data in the frame. All of them were based on a abuse
of the "standard" frame representation, e.g. storing the a
context pointer immediately below the frame's fp, and a
function pointer after that. Although functional, this approach
tends to make stubs and builtins do an awkward, unnecessary
dance to appear like standard frames, even if they have
nothing to do with JavaScript execution.
This CL attempts to improve this by:
* Ensuring that there are only two fundamentally different
types of frames, a "standard" frame and a "typed" frame.
Standard frames, as before, contain both a context and
function pointer. Typed frames contain only a minimum
of a smi marker in the position immediately below the fp
where the context is in standard frames.
* Only interpreted, full codegen, and optimized Crankshaft and
TurboFan JavaScript frames use the "standard" format. All
other frames use the type frame format with an explicit
marker.
* Typed frames can contain one or more values below the
type marker. There is new magic macro machinery in
frames.h that simplifies defining the offsets of these fields
in typed frames.
* A new flag in the CallDescriptor enables specifying whether
a frame is a standard frame or a typed frame. Secondary
register location spilling is now only enabled for standard
frames.
* A zillion places in the code have been updated to deal with
the fact that most code stubs and internal frames use the
typed frame format. This includes changes in the
deoptimizer, debugger, and liveedit.
* StandardFrameConstants::kMarkerOffset is deprecated,
(CommonFrameConstants::kContextOrFrameTypeOffset
and StandardFrameConstants::kFrameOffset are now used
in its stead).
LOG=N
Review URL: https://codereview.chromium.org/1696043002
Cr-Commit-Position: refs/heads/master@{#34571}
This is a prerequisite for teaching deoptimizer to drop possible arguments adapter frame below current input frame which is needed to support tail call inlining.
Review URL: https://codereview.chromium.org/1761303002
Cr-Commit-Position: refs/heads/master@{#34533}
The support was already removed from the Crankshaft and this CL removes the last piece.
Review URL: https://codereview.chromium.org/1764593002
Cr-Commit-Position: refs/heads/master@{#34456}
Frame slots indexes numbers are used more consistently for
computation in both TurboFan and Crankshaft. Specifically,
Crankshaft now uses frame slot indexes in LChunk, removing
the need for some special-case maths when building the
deoptimization translation table.
LOG=N
R=mstarzinger@chromium.org
Committed: https://crrev.com/81423b84dbb2eaf7e1a57b0f6029fc8e643b4755
Cr-Commit-Position: refs/heads/master@{#34078}
Review URL: https://codereview.chromium.org/1702593002
Cr-Commit-Position: refs/heads/master@{#34114}
Moves the accumulator value on-heap to be restored in the
InterpreterNotifyDeopt handler rather than explicitly
setting the accumulator register. This allows it to be
materialized correctly if required.
BUG=v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1707133003
Cr-Commit-Position: refs/heads/master@{#34113}
This CL adds a TRACE_EVENT where there is an isolated LOG, a HistogramTimer
or a TimerEvent.
Once we have a d8 tracing controller, all TimerEvents will be removed since
they do not provide an added value over TRACE_EVENTs. HistogramTimers will
remain, but their functionality will be limited to Histograms only.
BUG=v8:4562
LOG=N
Review URL: https://codereview.chromium.org/1707563002
Cr-Commit-Position: refs/heads/master@{#34099}
Replaces the push of the dispatch table on the interpreted stack frame with a
push of the bytecode array. This enables the debugger to replace the bytecode
array with a patched version containing breakpoints.
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1699013002
Cr-Commit-Position: refs/heads/master@{#34032}
Before this CL, the context of the parent frame was used when deoptimizing a
stub failure rather than the context value passed to the stub itself. In order
to guarantee that the right context is passed to the runtime upon stub failure,
this CL adds the context explicitly to the stub's environment that's used to
compute the failure deoptimizing translations. The context can then be extracted
during deoptimization translation to ensure that the precise context that was
passed to the stub is also passed to the runtime.
R=jarin@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1694183003
Cr-Commit-Position: refs/heads/master@{#34030}
V8 tracks already most useful information, but lacks proper tracing scopes
that make it possible to distinguish certain events from each other.
- add trace-scope to track lazy-parsing due to optimization
- add trace-scope to track code optimization
BUG=
Review URL: https://codereview.chromium.org/1661883003
Cr-Commit-Position: refs/heads/master@{#34002}
This is mostly preparation for allowing the function closure to be materialized.
As a drive-by fix, I have added ignition source position support to the frame inspector (this fixed some ignition test failures).
Review URL: https://codereview.chromium.org/1698743002
Cr-Commit-Position: refs/heads/master@{#33975}
The idea here is to perform the handler lookup in the deoptimizer, and then take the information from the handler table to build the catch handler frame in the deoptimizer. Specifically, we use the pc offset, context location and stack height (in full-code) to tweak the output frame.
Sadly, this still requires nasty voodoo for the liveness analyzer so that it keeps variables alive if they are used in the catch handler.
Review URL: https://codereview.chromium.org/1416543006
Cr-Commit-Position: refs/heads/master@{#33936}
Saves and restores the dispatch pointer during calls to enable the debugger to
switch the dispatch table used by a function during it's execution.
Also moves the accumulator and context nodes to be Variables so that they will
be properly merged across branches.
BUG=v8:4280,v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1684073002
Cr-Commit-Position: refs/heads/master@{#33894}
This removes uses of JSFunction by the (proper) deoptimizer. This will be useful
when we escape analyze JSFunction away. Unfortunately, the debugger still needs
JSFunction, so escape analysis would not work yet.
Review URL: https://codereview.chromium.org/1686183003
Cr-Commit-Position: refs/heads/master@{#33891}
JS_FRAME_FUNCTION can be expressed using the STACK_SLOT translation.
Review URL: https://codereview.chromium.org/1688023003
Cr-Commit-Position: refs/heads/master@{#33882}
There are a bunch of places in our builtins where we use %_Arguments and
%_ArgumentsLength for no good reason, as arguments object and/or rest
parameter is as good and performant in these cases. Now the only uses
of %_Arguments and %_ArgumentsLength left are in string.js, which
requires dedicated investigation.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=yangguo@chromium.org
Committed: https://crrev.com/2160429fd458e3c095475e718c97f77ac90d906f
Cr-Commit-Position: refs/heads/master@{#33834}
Review URL: https://codereview.chromium.org/1678953004
Cr-Commit-Position: refs/heads/master@{#33881}
This change adds AbstractCode, which can be either Code or
BytecodeArray, and adds methods to calculate source position based
on that. Also cleans up to use code offsets instead of raw PC
where possible, and consistently uses the offset from instruction
start (as opposed to code object start).
R=rmcilroy@chromium.org, vogelheim@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1618343002
Cr-Commit-Position: refs/heads/master@{#33579}
Rename IntepreterExceptionEntryHandler builtin to InterpreterEnterBytecodeDispatch
and use it as the return address when building interpreter frames during deopt.
This ensures that we restart execution of the outer frame at the correct
bytecode.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1633633002
Cr-Commit-Position: refs/heads/master@{#33512}
Escape analysis will eliminate the context, if possible. Materialization
must then ensure that the materialized object has the right map, and that
the context register is set accordingly.
R=jarin@chromium.org
BUG=569530,v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1572293002
Cr-Commit-Position: refs/heads/master@{#33201}
Deopt support is added on two levels. On the IR level,
a new ObjectState node is added, which represenents an
object to be materialized. ObjectState nodes appear as
inputs of FrameState and StateValues nodes. On the
instruction select/code-generation level, the
FrameStateDescriptor class handles the nesting
introduced by ObjectState, and ensures that deopt code
with CAPTURED_OBJECT/DUPLICATED_OBJECT entries are
generated similarly to what crankshaft's escape
analysis does.
Two unittests test correctness of the IR level implementation.
Correctness for instruction selection / code generation
is tested by mjsunit tests.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1485183002
Cr-Commit-Position: refs/heads/master@{#33115}
Adds support for generating deoptimization translations for interpreter
stack frames, and building interpreter frames for these translations
when a function deopts. Also adds builtins for
InterpreterNotifyDeoptimized which resume the function's continuation at
the correct point in the interpreter after deopt.
MIPS patch contributed by balazs.kilvady@igmtec.com
BUG=v8:4280
LOG=N
TEST=test-deoptimization.cc with --ignition and --turbo
Review URL: https://codereview.chromium.org/1528913003
Cr-Commit-Position: refs/heads/master@{#32971}
This drops the specific slot containing the new.target value from our
construct stub frames. This side-channel has been deprecated and will
no longer be accessed by any consumers.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1489353004
Cr-Commit-Position: refs/heads/master@{#32550}
Moves all files related to AST and scopes into ast/,
and all files related to scanner & parser to parsing/.
Also eliminates a couple of spurious dependencies.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1481613002
Cr-Commit-Position: refs/heads/master@{#32351}
Currently we still (mis)used some machine operators in typed lowering
(namely Word32Or, Word32Xor and Word32And). But these operators are
"polymorphic" in the signedness of their inputs and output, hence the
representation selection (and thereby simplified lowering) was unable to
figure out whether a bitwise operation that was seen would produce an
unsigned or a signed result. If such nodes also have frame state uses,
the only safe choice was float64, which was not only a lot less ideal,
but also the main cause of the for-in related deoptimizer loops.
Adding dedicated NumberBitwiseOr, NumberBitwiseAnd and NumberBitwiseXor
simplified operators not only gives us precise (and correct) typing for
the bitwise operations, but also allows us to actually verify the graph
properly after typed lowering.
Drive-by-fix: Remove the double-to-smi magic from the Deoptimizer, which
is responsible for various deopt-loops in TurboFan, and is no longer
needed with the addition of the NumberBitwise operators.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1422213002
Cr-Commit-Position: refs/heads/master@{#31594}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31087}
Reason for revert:
Failures on MIPS
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1380863004
Cr-Commit-Position: refs/heads/master@{#31083}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31075}
Reason for revert:
Failures on greedy RegAlloc, Fuzzer
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1365073002
Cr-Commit-Position: refs/heads/master@{#30914}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#30913}
This makes it clear that only components within the "heap" directory
should be friends with the Heap class. The two notable exceptions are
Factory and Isolate which represent external interfaces into the heap.
R=mlippautz@chromium.org
Review URL: https://codereview.chromium.org/1320843002
Cr-Commit-Position: refs/heads/master@{#30408}
Replaces all instances of the code which computed the debug
name of a stub or function with calls to CompileInfo::GetDebugName instead.
Also:
- Removes useless parameter on CodeStub::GetMajorName
- Removes FakeStubForTesting since it is no longer required
- Adds CompileInfo::ShouldEnsureSpaceForLazyDeopt() to replace unclear calls to IsStub().
Review URL: https://codereview.chromium.org/1297203002
Cr-Commit-Position: refs/heads/master@{#30324}
Previously, it was not possible to specify StackSlotOperands for all
slots in both the caller and callee stacks. Specifically, the region
of the callee's stack including the saved return address, frame
pointer, function pointer and context pointer could not be addressed
by the register allocator/gap resolver.
In preparation for better tail call support, which will use the gap
resolver to reconcile outgoing parameters, this change makes it
possible to address all slots on the stack, because slots in the
previously inaccessible dead zone may become parameter slots for
outgoing tail calls. All caller stack slots are accessible as they
were before, with slot -1 corresponding to the last stack
parameter. Stack slot indices >= 0 access the callee stack, with slot
0 corresponding to the callee's saved return address, 1 corresponding
to the saved frame pointer, 2 corresponding to the current function
context, 3 corresponding to the frame marker/JSFunction, and slots 4
and above corresponding to spill slots.
The following changes were specifically needed:
* Frame has been changed to explicitly manage three areas of the
callee frame, the fixed header, the spill slot area, and the
callee-saved register area.
* Conversions from stack slot indices to fp offsets all now go through
a common bottleneck: OptimizedFrame::StackSlotOffsetRelativeToFp
* The generation of deoptimization translation tables has been changed
to support the new stack slot indexing scheme. Crankshaft, which
doesn't support the new slot numbering in its register allocator,
must adapt the indexes when creating translation tables.
* Callee-saved parameters are now kept below spill slots, not above,
to support saving only the optimal set of used registers, which is
only known after register allocation is finished and spill slots
have been allocated.
Review URL: https://codereview.chromium.org/1261923007
Cr-Commit-Position: refs/heads/master@{#30224}
The calculation now takes into account the size of the arguments object
if it is present in the optimized frame.
(Yang, many thanks for the awesome repro!)
BUG=chromium:514362
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1264483008
Cr-Commit-Position: refs/heads/master@{#29973}
This fixes a bug introduced by r28826 (Unify decoding of deoptimization
translations, https://codereview.chromium.org/1136223004), where we
started leaking arguments marker sentinel to the debugger, which would
then cause crashes. This change replaces the sentinel with the undefined
value in the debugger-inspectable frame.
BUG=chromium:514362
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1263333002
Cr-Commit-Position: refs/heads/master@{#29971}
All of this is controlled by the CallDescriptor. It's simply the case
that if you specify less registers than the function arity calls for,
the rest are assumed to be on the stack.
Bailout handlers accept these constant stack arguments too.
BUG=
Review URL: https://codereview.chromium.org/1250563004
Cr-Commit-Position: refs/heads/master@{#29813}
This reverts commit 80b3f16951.
Revert "Record code slots that may point to evacuation candidate objects after deoptimizing them."
This reverts commit 4621210cfe.
BUG=chromium:507840
LOG=n
Review URL: https://codereview.chromium.org/1239383004
Cr-Commit-Position: refs/heads/master@{#29778}
Additionally, push the allocation site or undefined independently of creating a memento to preserve a fixed size for the construct frames.
BUG=
Review URL: https://codereview.chromium.org/1239593003
Cr-Commit-Position: refs/heads/master@{#29719}
Note that there are currently no objects that require a pre-allocated
properties backing store, all such slots are in-object properties from
the begining. Hence {unused + pre_allocated - inobject == 0} holds.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1226203011
Cr-Commit-Position: refs/heads/master@{#29590}
The only right way to enable access checks is to install access check callbacks on an object template via v8::ObjectTemplate::SetAccessCheckCallbacks(). It does not make sense to enable access checks on an arbitrary object.
Review URL: https://codereview.chromium.org/1217893012
Cr-Commit-Position: refs/heads/master@{#29439}
Up until now the context register was listed explicitly in each stub's
CallInterfaceDescriptor. This was problematic, because it was listed
first in the list of register parameters--which is fine for Crankshaft,
which is more or less built to handle the context as the first
parameter-- but not ideal for TurboFan, which adds the context at
the end of all function parameters. Now the context register is no
longer in the register list and can be handled appropriately by both
compilers. Specifically, this allows the FunctionType specified for
each CallInterfaceDescriptor to exactly match the parameter register
list.
Review URL: https://codereview.chromium.org/1211333003
Cr-Commit-Position: refs/heads/master@{#29402}
On MIPS32 we can't read a 8 bytes long data from a not 8 bytes aligned memory address.
BUG=
TEST=mjsunit/debug-backtrace
Review URL: https://codereview.chromium.org/1193433002
Cr-Commit-Position: refs/heads/master@{#29100}
Up until now we can only inline based on JSFunction, because of the way
the deoptimization works. With this change we will be able to inline
based on the SharedFunctionInfo and materialize the JSFunction from a
literal or a stack slot when necessary.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1169103004
Cr-Commit-Position: refs/heads/master@{#28906}
Use the new TranslatedState and friends, which work at a higher level
than the TranslationIterator, which will make it easier to change the
deoptimization commands in subsequent CLs.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1166353004
Cr-Commit-Position: refs/heads/master@{#28862}
This unifies methods Deoptimizer::DoTranslateCommand, Deotpimizer::DoTranslateObject and the arguments object materializer.
To unify these, we have to separate reading of the input frame from writing to the output frame because the argument materializer does not write to output frames.
Instead, we now deoptimize in following stages:
1. Read out the input frame/registers, decode them using the translations from the deoptimizer and store them in the deoptimizer (Deoptimizer::translated_state_). This is done in TranslatedState::Init.
2. Write out into the output frame buffer all the values that do not require allocation. We also remember references to the values that require materialization. As before, this is done in Deoptimizer::DoCompute*Frame method, but instead calling to DoTranslateCommand, we use the translated frame to obtain the values and write them to the output frames.
3. The platform specific code then sets up the output frames and calls into the deoptimization notification. This has not been changed at all.
4. Once the stack is setup, we handlify all the references in the saved translated values (TranslatedState::Prepare).
5. Finally, we materialize all the values we remembered in step (1) and write them to their frames on the stack (using the TranslatedValue::GetValue method).
BUG=
Review URL: https://codereview.chromium.org/1136223004
Cr-Commit-Position: refs/heads/master@{#28826}
Embed constant pools within their corresponding Code
objects.
This removes support for out-of-line constant pools in favor
of the new approach -- the main advantage being that it
eliminates the need to allocate and manage separate constant
pool array objects.
Currently supported on PPC and ARM. Enabled by default on
PPC only.
This yields a 6% improvment in Octane on PPC64.
R=bmeurer@chromium.org, rmcilroy@chromium.org, michael_dawson@ca.ibm.com
BUG=chromium:478811
LOG=Y
Review URL: https://codereview.chromium.org/1162993006
Cr-Commit-Position: refs/heads/master@{#28801}
When compiling on a laptop I like to concatenate the small test files.
This makes a big difference to compile times. These changes make that
easier.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1163803002
Cr-Commit-Position: refs/heads/master@{#28742}
Replace the --turbo-deoptimization flag with --turbo-asm-deoptimization
and enable deoptimization for non-asm.js TurboFan code unconditionally.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1153483002
Cr-Commit-Position: refs/heads/master@{#28543}
TurboFan compilation was committing dependencies long before the
optimized function made it's way into the optimized code list for
the native context. The problem is that once the code pointer is out
there in dependency arrays, it is eligible for deopt. But the deopt
logic needs the code to be in the optimized code list to fully do it's
job.
BUG=
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1136693003
Cr-Commit-Position: refs/heads/master@{#28312}
AFAICT none of these can actually be triggered currently; but it's still good to harden the code a little.
Review URL: https://codereview.chromium.org/1058533007
Cr-Commit-Position: refs/heads/master@{#27848}
Deoptimization infrastructure already handles it correctly.
This change fixes repetitive deoptimizations in the code like this:
var u32 = new Uint32Array(1);
u32[0] = -1;
function tr(x) { return x|0; }
function ld() { return tr(u32[0]); }
while (true) ld();
Currently inlined tr will contain HArgumentsObject that is considered uint32-unsafe use and prevents u32[0] from becoming uint32 load - instead a speculative int32 load is generated which just deopts.
BUG=
Review URL: https://codereview.chromium.org/1077113002
Cr-Commit-Position: refs/heads/master@{#27781}
The original code always returned the first entry from RelocInfo that matched with
bailout_id. But we may have a few different deopt reasons for one bailout_id.
So we need to get the one which matches with a particular call from JumpTable.
We can do this by checking not 'target_address' (it maps to bailout_id)
but 'from' address which maps to a particular JumpTable entry.
The test was reworked so it tests identical functions against different reasons.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/984773003
Cr-Commit-Position: refs/heads/master@{#27076}
Save Unknown position as zero in RelocInfo.
Remove copy constructor of SourcePosition because it is trivial.
Mechanical replace int raw_position with SourcePosition position.
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/959203002
Cr-Commit-Position: refs/heads/master@{#26916}
We accessed to cpu_profiler for tracking SharedFunctionInfo objects movements and used their addresses for generating function_id. Actually we could replace the manually generated shared_id by the pair script_id + position. In this case we can drop SharedFunctionInfo events support from cpu_profiler and remove the dependency.
BTW GetCallUid was used as an unique identifier of the function on the front-end side. Actually it is a hash which might not be unique. So I renamed GetCallUid with GetHash and implemented GetFunctionId method.
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/941973002
Cr-Commit-Position: refs/heads/master@{#26775}
1) Deoptimizer::Reason was replaced with Deoptimizer::DeoptInfo
because it also has raw position. Also the old name clashes with DeoptReason enum.
2) c_entry_fp assignment call was added to EntryGenerator::Generate
So we can calculate sp and have a chance to record the stack for the deopting function.
btw it makes the test stable.
3) new kind of CodeEvents was added to cpu-profiler
4) GetDeoptInfo method was extracted from PrintDeoptLocation.
So it could be reused in cpu profiler.
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/910773002
Cr-Commit-Position: refs/heads/master@{#26545}
1) The hardcoded strings were converted into DeoptReason enum.
2) Deopt comment were converted into a pair location and deopt reason entries so
the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
BUG=452067
LOG=n
Committed: https://crrev.com/c49820e45b57f128a98690940875c049f612dde6
Cr-Commit-Position: refs/heads/master@{#26434}
Committed: https://crrev.com/ec42e002da03adb2db968dd5b7453341ddc59a5c
Cr-Commit-Position: refs/heads/master@{#26448}
Review URL: https://codereview.chromium.org/874323003
Cr-Commit-Position: refs/heads/master@{#26463}
Reason for revert:
This CL breaks RelocInfo::INTERNAL_REFERENCE (and maybe others that come after DEOPT_REASON), which is currently (mostly) unused on tip-of-tree, but will be used for jump tables soon(ish) and should therefore work. It seems to be a problem with implicitly assumptions about the number of reloc info modes. Needs further investigation.
Original issue's description:
> Externalize deoptimization reasons.
>
> 1) The hardcoded strings were converted into DeoptReason enum.
>
> 2) Deopt comment were converted into a pair location and deopt reason entries so
> the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
>
> 3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
>
> BUG=452067
> LOG=n
>
> Committed: https://crrev.com/c49820e45b57f128a98690940875c049f612dde6
> Cr-Commit-Position: refs/heads/master@{#26434}
>
> Committed: https://crrev.com/ec42e002da03adb2db968dd5b7453341ddc59a5c
> Cr-Commit-Position: refs/heads/master@{#26448}
TBR=alph@chromium.org,mstarzinger@chromium.org,svenpanne@chromium.org,yurys@chromium.org,loislo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=452067
Review URL: https://codereview.chromium.org/900223002
Cr-Commit-Position: refs/heads/master@{#26457}
1) The hardcoded strings were converted into DeoptReason enum.
2) Deopt comment were converted into a pair location and deopt reason entries so
the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
BUG=452067
LOG=n
Committed: https://crrev.com/c49820e45b57f128a98690940875c049f612dde6
Cr-Commit-Position: refs/heads/master@{#26434}
Review URL: https://codereview.chromium.org/874323003
Cr-Commit-Position: refs/heads/master@{#26448}
Reason for revert:
it broke the build
Original issue's description:
> Externalize deoptimization reasons.
>
> 1) The hardcoded strings were converted into DeoptReason enum.
>
> 2) Deopt comment were converted into a pair location and deopt reason entries so
> the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
>
> 3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
>
> BUG=452067
> LOG=n
>
> Committed: https://crrev.com/c49820e45b57f128a98690940875c049f612dde6
> Cr-Commit-Position: refs/heads/master@{#26434}
TBR=alph@chromium.org,mstarzinger@chromium.org,svenpanne@chromium.org,yurys@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=452067
Review URL: https://codereview.chromium.org/892843007
Cr-Commit-Position: refs/heads/master@{#26435}
1) The hardcoded strings were converted into DeoptReason enum.
2) Deopt comment were converted into a pair location and deopt reason entries so
the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/874323003
Cr-Commit-Position: refs/heads/master@{#26434}
Along the way:
- Thread isolate parameter explicitly through code that used to
rely on getting it from the zone.
- Canonicalize the parameter position of isolate and zone for
affected code
- Change Hydrogen New<> instruction templates to automatically
pass isolate
R=mstarzinger@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/868883002
Cr-Commit-Position: refs/heads/master@{#26252}
We go back to patching the code for lazy deoptimization because ICs need the on-stack return address to read/update the IC address/state.
The change also fixes bunch of tests, mostly by adding more deoptimization points.
(We still need to add code to ensure lazy deopt patching does not overwrite ICs and other lazy deopts; this is coming next.)
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/568783002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Since the deopt patch address needs to be available during GC to
resolve safepoints, we need to move it to the code object (instead of
the deoptimization input data) - accessing a separate fixed array
is not safe during GC. This CL adds a deoptimization_pc field to
each safepoint. The fields points to the deoptimization block.
The CL also fixes wrong register allocator constraints for
frame states on calls. These should always live on the stack
because registers are not preserved during a call.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/504493002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23334 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Centralize a register definition in an IC that provides:
1) symbolic names for the register (like, edx == receiver)
2) defines ordering when passed on the stack
Code that implements or uses the IC should use this definition instead of "knowing" what the registers are. Or at least have the definition to validate it's assumptions.
As a side effect of avoiding runtime static initializers (enforced by tools/check-static-initializers.sh, neat), I gave ownership of the registers array to CodeStubInterfaceDescriptor. This prompted a cleanup of that struct.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/352583002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
I have fixed skipping of the receiver object to materialize captured
objects. This is done with a new DoTranslateSkip method.
We should consider unifying DoTranslateSkip, DoTranslateObject and
DoTranslateCommand as they do the almost the same thing - they only
differ in where they store the result.
The change also turns bunch of ASSERTs into CHECKs.
R=mstarzinger@chromium.org
BUG=359441
TEST=test/mjsunit/regress/regress-359441.js
LOG=N
Review URL: https://codereview.chromium.org/225283006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is a purely mechanical change, adding an Isolate* to the CodeStub
constructor and a corresponding field plus a getter. A few methods in
CodeStub and its subclasses can be simplified now, but this is done in
a separate CL.
The underlying reason apart from simplicity is that deep down in the
call chain we need to detect if the serializer is active or not. This
information will be part of the Isolate, not a global variable with
funky synchronization primitives around it (which is fundamentally
wrong and the underlying cause for race conditions and a catch-22
during initialization).
BUG=359977
LOG=y
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/246643014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is an initial step towards tracking the exact types instead of just
the representations of fields. It adds support to track up to one map of
heap object field values, eliminating various map checks on values
loaded from such fields, at the cost of making stores to such fields
slightly more expensive.
Issues with transitioning stores and fast object literals in Crankshaft
fixed.
TEST=mjsunit/field-type-tracking
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/238773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is an initial step towards tracking the exact types instead of just the representations of fields. It adds support to track up to one map of heap object field values, eliminating various map checks on values loaded from such fields, at the cost of making stores to such fields slightly more expensive.
TEST=mjsunit/field-type-tracking
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/167303005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The escape analysis calculates the number of slots in an object as
no-of-slots = object-size / pointer-size. This gives 3 slots for
heap numbers on 32-bit architectures (one slot for the map, two for
the double value); however, my argument materialization code assumed
just two slots (map + value). Since Hydrogen allocates heap numbers
quite rarely, it is hard to produce a more meaningful repro than the
one provided by Clusterfuzz. Any suggestions are welcome.
The fix is simple - we just read out all extra slots (beyond the map
and the double) for heap numbers.
R=mstarzinger@chromium.org
BUG=351315
LOG=N
Review URL: https://codereview.chromium.org/196283004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This adds a pointer to the shared function info into deoptimization data of an optimized code. Whenever the code is deoptimized, it clears the cache in the shared function info.
This fixes the problem when the optimized function dies in new space GC before the code is deoptimized due to code dependency and before the optimized code cache is cleared in old space GC (see mjsunit/regress/regress-343609.js).
This partially reverts r19603 because we need to be able to evict specific code from the optimized code cache.
BUG=343609
LOG=Y
TEST=mjsunit/regress/regress-343609.js
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/184923002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Instead of tracking simple absolute offset from the start of the script like other places do, track a pair of (inlining id, offset from the start of inlined function).
This enables us to pinpoint with inlining path an instruction came from. Previously in multi-script environments we emitted positions that made very little sense because inside a single optimized function they would point to different scripts without a way to distinguish them.
Start dumping the source of every inlined function to make possible IR viewing tools with integrated source views as there was previously no way to acquire this information from IR dumps. We also dump source position at which each inlining occured.
Tracked positions are written into hydrogen.cfg as pos:<inlining-id>_<offset>.
Flag --emit-opt-code-positions is renamed by this change into --hydrogen-track-positions to better convey it's meaning.
In addition this change assigned global unique identifier to each optimization performed inside isolate. This allows to precisely match compilation artifacts (e.g. IR and disassembly) and deoptimizations.
BUG=
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/140683011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).
The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.
Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function. This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).
We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once. The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address. Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones. Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).
Concerns:
- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)
- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.
- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer. However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.
Thanks for any feedback.
R=danno@chromium.org, mstarzinger@chromium.org
LOG=N
BUG=
Committed: https://code.google.com/p/v8/source/detail?r=18918
Review URL: https://codereview.chromium.org/103243005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
mostly to make sure that it is going in the right direction. The current
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).
The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.
Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function. This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).
We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once. The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address. Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones. Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).
Concerns:
- Is there a simpler/more correct way to store the already-materialized
objects? (At the moment there is a custom root reference to JSArray
containing frames' FixedArrays with their captured objects.)
- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)
- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.
- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer. However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.
Thanks for any feedback.
R=mstarzinger@chromium.org, danno@chromium.org
LOG=N
BUG=
Review URL: https://codereview.chromium.org/103243005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Made operator* return reference to the raw type, not pointer. New method 'get()' should be used when raw pointer is needed.
Also removed useless inline modifier from the SmaprtPointer methods and added const modifier to the methods that don't change smart pointer.
Made ~SmartPointerBase protected to avoid accidental calls of the non-virtual base class's destructor.
drive-by: fixed use after free in src/factory.cc
BUG=None
LOG=N
R=alph@chromium.org, svenpanne@chromium.org
Review URL: https://codereview.chromium.org/101763003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is controlled by two flags:
--redirect_code_traces
--redirect_code_traces_to=<filename>
When redirection is enabled but --redirect_code_traces_to is not specified traces are written to a file code-<pid>-<isolate>.asm. This mangling scheme matches hydrogen.cfg and allows easy discovery of compilation artifacts in a multi-V8 environment (e.g. when compilation is traced from inside Chromium).
D8 defines --redirect_code_traces_to=code.asm similar to hydrogen.cfg redirection.
BUG=
R=danno@chromium.org
Review URL: https://codereview.chromium.org/43273004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17571 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Original descriptions were:
- "Refactor and cleanup VirtualMemory."
- "Fix typo."
- "Deuglify V8_INLINE and V8_NOINLINE."
- "Don't align size on allocation granularity for unaligned ReserveRegion calls."
Reasons for the revert are:
- Our mjsunit test suite slower by a factor of 5(!) in release mode.
- Flaky cctest/test-alloc/CodeRange on all architectures and platforms.
- Tankage of Sunspider by about 6% overall (unverified).
TBR=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/23970004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Remove a lot of platform duplication, and simplify the virtual
memory implementation. Also improve readability by avoiding bool
parameters for executability (use a dedicated Executability type
instead).
Get rid of the Isolate::UncheckedCurrent() call in the platform
code, as part of the Isolate TLS cleanup.
Use a dedicated random number generator for the address
randomization, instead of messing with the per-isolate random
number generators.
TEST=cctest/test-virtual-memory
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/23641009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
These classes are meant to replace OS::Ticks() and OS::TimeCurrentMillis(),
which are broken in several ways. The ElapsedTimer class implements a
stopwatch using TimeTicks::HighResNow() for high resolution, monotonic
timing.
Also fix the CpuProfile::GetStartTime() and CpuProfile::GetEndTime()
methods to actually return the time relative to the unix epoch as stated
in the documentation (previously that was relative to some arbitrary
point in time, i.e. boot time).
The previous Windows issues have been resolved, and we now use GetTickCount64()
on Windows Vista and later, falling back to timeGetTime() with rollover
protection for earlier Windows versions.
BUG=v8:2853
R=machenbach@chromium.org, yurys@chromium.org
Review URL: https://codereview.chromium.org/23490015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16413 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
These classes are meant to replace OS::Ticks() and OS::TimeCurrentMillis(),
which are broken in several ways. The ElapsedTimer class implements a
stopwatch using TimeTicks::HighResNow() for high resolution, monotonic
timing.
Also fix the CpuProfile::GetStartTime() and CpuProfile::GetEndTime()
methods to actually return the time relative to the unix epoch as stated
in the documentation (previously that was relative to some arbitrary
point in time, i.e. boot time).
BUG=v8:2853
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/23469013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16398 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
These classes are meant to replace OS::Ticks() and OS::TimeCurrentMillis(),
which are broken in several ways. The ElapsedTimer class implements a
stopwatch using TimeTicks::HighResNow() for high resolution, monotonic
timing.
Also fix the CpuProfile::GetStartTime() and CpuProfile::GetEndTime()
methods to actually return the time relative to the unix epoch as stated
in the documentation (previously that was relative to some arbitrary
point in time, i.e. boot time).
BUG=v8:2853
R=machenbach@chromium.org, yurys@chromium.org
Review URL: https://codereview.chromium.org/23295034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change implements a simple data-flow analysis pass over captured
objects to the existing escape analysis. It tracks the state of values
in the Hydrogen graph through CapturedObject marker instructions that
are used to construct an appropriate translation for the deoptimizer to
be able to materialize these objects again.
This can be considered a combination of scalar replacement of loads and
stores on captured objects and sinking of unused allocations.
R=titzer@chromium.org
TEST=mjsunit/compiler/escape-analysis
Review URL: https://codereview.chromium.org/21055011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
