In preparation for Code objects that aren't executable and can be in
RO_SPACE, pass an Isolate into Code::Disassemble.
Bug: v8:7464
Change-Id: I99f5faf23dd4709a48925e1ae44d1ce595ea6f5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822043
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63962}
After https://crrev.com/c/1800575 and https://crrev.com/c/1803343,
which tried to fix this on occuring compile errors, this CL
systematically adds the <memory> include to each header that uses
{std::unique_ptr}.
R=sigurds@chromium.orgTBR=mlippautz@chromium.org,alph@chromium.org,rmcilroy@chromium.org,verwaest@chromium.org
Bug: v8:9396
Change-Id: If7f9c3140842f9543135dddd7344c0f357999da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803349
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63767}
It is not recommended to define type alias in C++ header file. cctest defines
type alias `using Label=CodeAssemblerLabel` in anonymous namespace under
namespace `v8::internal::compiler` in test-code-assembler.cc. This is fine
because this type alias is expected to take effect only in this .cc file. But in
jumbo build, multiple source files are combined as a single one, and the
previous `Label` type alias could shadow definition of `Label` from other header
file (for example, v8/src/codegen/label.h which is included by another .cc file)
This is totally unexpected and triggers bad class layout and accessing in the
latter .cc file for the places where `Label` is referenced.
This change fixes cctest from Windows ARM64 jumbo build, but it applies to
other architectures too.
Bug: chromium:893460
Change-Id: Ib2e9df76f6e3371b3940649668c5d13e6b36f028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1788537
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tom Tan <Tom.Tan@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63605}
The maximal unoptimized frame size is calculated during instruction
selection and will be needed during code generation (it will be
applied as an offset to the stack check). Pass the information along
to the code generator through PipelineData.
Bug: v8:9534
Change-Id: Ia72cd70d57c3de2db9fe43d91b9378d8e2ab8a0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762302
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63451}
Replace all usages of VectorSlotPair with FeedbackSource.
Bug: v8:7790
Change-Id: I0ac6e9cd8f5730154cc1842e267ca1ebfdebc874
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763536
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63378}
Automated cleanup which finds patterns of `Node* a = foo` where `foo` is
a TNode expression, and replaces Node* with the appropriate TNode.
Bug: v8:9396
Change-Id: I8b0cd9baf10e74d6e2e336eae62eca6cfe6a9c11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762515
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63335}
This removes the explicit {kCallWithCallerSavedRegisters} opcode which
is just a regular call node with special handling for saving/restoring
caller saved registers before/after the call. This is now handled via
the {CallDescriptor::kCallerSavedRegisters} flag.
R=neis@chromium.org
BUG=v8:9396
Change-Id: Ie6421085eb2be8a067040222cd5215a9b1013048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728611
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63021}
This allows to return bool values from Torque macros and branch on them
without performance penalty, reconstructing good control flow.
Drive-by cleanup: Delete EnsureDeferredCodeSingleEntryPoint(), since
it's no longer needed. Constructing a graph and then re-inferring
deferred blocks based on branch hints achieves this effect
automatically.
Bug: v8:7793
Change-Id: Idb6802372b407549e4760f290933d5b8f1e9d952
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1681132
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62979}
... mostly by turning them into pointer arguments.
After this CL, all remaining non-const reference arguments in
the compiler directory are in the backend.
Bug: v8:9429
Change-Id: I6a546da0fe93179e1a0b12296632591cbf209808
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719185
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62930}
This adds a simple counter to Turbofan that's incremented throughout the compilation, hopefully
frequently enough so we can use it to detect divergence and performance bugs.
In addition, we assert that this counter never gets too high. That's the equivalent of a simple
timeout, just more deterministic. The limitations on Turbofan input size should guarantee that
we never exceed this limit. Since we probably do exceed it rarely, this check is only a DCHECK and
intended to detect performance and divergence issues, but not supposed to be performed in release
builds.
In addition, this CL adds UMA stats to observe the real world distribution of the tick measurement.
Bug: v8:9444
Change-Id: I182dac6ecac64715e3f5885ff5c7c17549351cd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695475
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62754}
This change implements lowering of speculative BigInt addition as well as
BigInt heap constants to corresponding int64 versions, if they are used in
a context where the result is truncated to the least significant 64 bits
(e.g. using asUintN). The JSHeapBroker is extended to provide access to the
BigInt's least significant digit during concurrent compilation. The BigInt
context (required to introduce correct conversions) is recognized in the
RepresentationChanger by either the output type propagated downward or the
TypeCheckKind propagated upward. This is necessary, because the TypeCheckKind
may only be set by nodes that may potentially deopt (and sit in the effect
chain). This is the case for SpeculativeBigIntAdd, but not for BigIntAsUintN.
This CL contains a simple fix to prevent int64-lowered BigInts to flow into
state values as the deoptimizer cannot handle them yet. A more sophisticated
solution to allow the deoptimizer to materialize truncated BigInts will be
added in a following CL.
Bug: v8:9407
Change-Id: I96a293e9077962f53e5f199857644f004e3ae56e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684183
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62665}
Reverse specialization of https://chromium-review.googlesource.com/c/v8/v8/+/1684075.
Again, it skips over Tagged to save some instructions.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I7fc50e0d8eebfef7a1ba02ce3d687ff808f30680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1693007
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62645}
Cpplint usually checks for non-const reference arguments. They are
forbidden in the style guide, and v8 does not explicitly make an
exception here.
This CL re-enables that warning, and fixes all current violations by
adding an explicit "NOLINT(runtime/references)" comment. In follow-up
CLs, we should aim to remove as many of them as possible.
TBR=mlippautz@chromium.org
Bug: v8:9429
Change-Id: If7054d0b366138b731972ed5d4e304b5ac8423bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687891
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62551}
Got rid of the following circular header dependency chains:
compilation-dependencies <-> js-heap-broker <-> access-info
types <-> js-heap-broker <-> access-info
Extracted former CompilationDependencies::Dependency class into its own header.
Extracted *Ref classes into their own header.
This should enable building on older GCC versions, e.g. 5.4.0.
Bug: v8:9440
Change-Id: Ia345bc227d8f7806d0b8622b706346a7ce6d01ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687415
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62541}
In native context specialization, reducing a JSResolvePromise
node requires us to know that there are no "then" properties on
the resolution object's maps. This work must be done at serialization
time.
Bug: v8:7790
Change-Id: If905513a028bc3d71379e2a31e86fff1d3383141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666988
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62519}
powered by a new function Execution::CallWasm and a corresponding,
Turbofan-generated CWasmEntry stub. This entirely sidesteps the
traditional Execution::Invoke -> JSEntryStub path.
Change-Id: If2b97825cca4ce927eecbddc248c64782d903287
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660618
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62424}
In TurboFan, context specialization is an optimization that tries to
either replace the load of a value from the context with a constant,
or if that can't be achieved, at least reduce the hops up the
context chain by starting a walk to the required depth from the
first constant context that it can reach.
Currently, this optimization is performed by looking into the
heap during a reducer pass. With fully concurrent TurboFan, we
need to instead gather information about contexts we may want
to perform this optimization on during serialization.
This CL adds functionality to the serializer to recognize and
model operations that affect the context register. We add to the
hinting structure already used by the serializer. There is
a new type of hint: a VirtualContext. This is a tuple consisting
of a handle to a Context, and a distance field that indicates how
far away in a to-be-realized chain this VirtualContext sits from
the context in the handle. For example:
bytecode stream:
...
CreateBlockContext
...
After a block context is created, the accumulator now contains
a VirtualContext Hint with a distance of 1 from any context hints
that we are keeping track of in the current context register.
More details in the design doc here:
https://docs.google.com/document/d/1Y0LKKCEenLWyAZTetoAIpKTZRCxaNdkYV8X1GaCax2A/edit?usp=sharing
Change-Id: I63732ebd106cc138fb1e9789d0676ece63e15d27
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605941
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62370}
This adds missing support when converting a Word32 value (either in
Signed32 or Unsigned32 range) to Word64 representation, for which the
type also includes MinusZero. This conversion is fine as long as the
difference between 0 and -0 is not observable (in other words, as long
as the truncation identifies zeros).
Bug: chromium:971782, chromium:225811, v8:4153, v8:7881, v8:8171, v8:8383
Change-Id: I9d350a25f57b1342eb7fd1279d55a8610bdaf7cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664062
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62235}
As a component of the wider Turbofan logging scheme, it makes sense
for JSHeapBroker logging to come through flags specified in the
OptimizedCompilationInfo class, which uses --trace-turbo-filter
to control which functions are logged.
Bug: v8:7790
Change-Id: I3b068d8be78867ab0bd9607dda9eca4123b9d7b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655297
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62111}
Truncation::Float64 is confusing; in reality, we mean that oddballs
and big-ints are identified with their ToNumber counterparts.
Bug: v8:9183
Change-Id: Ibcce990327ac7e01e36a2237ad39c374ac9922aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632224
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61937}
A given target offset may already have an environment associated with
it (there can be multiple jumps to the same target). In that case we
used to throw away the previous environment. With this CL we merge the
environments instead.
Bug: v8:7790
Change-Id: I0c22182436fc48e29675e49627729a33cbeaaf4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631603
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61905}
This replaces all typedefs that define types and not functions by the
equivalent "using" declaration.
This was done mostly automatically using this command:
ag -l '\btypedef\b' src test | xargs -L1 \
perl -i -p0e 's/typedef ([^*;{}]+) (\w+);/using \2 = \1;/sg'
Patchset 2 then adds some manual changes for typedefs for pointer types,
where the regular expression did not match.
R=mstarzinger@chromium.orgTBR=yangguo@chromium.org, jarin@chromium.org
Bug: v8:9183
Change-Id: I6f6ee28d1793b7ac34a58f980b94babc21874b78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631409
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61849}
This CL was generated by an automatic clang AST rewriter using this
matcher expression:
callExpr(
callee(
cxxMethodDecl(
hasName("operator->"),
ofClass(isSameOrDerivedFrom("v8::internal::Object"))
)
),
argumentCountIs(1)
)
The "->" at the expression location was then rewritten to ".".
R=jkummerow@chromium.orgTBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org
Bug: v8:9183, v8:3770
No-Try: true
No-Tree-Checks: true
Change-Id: I0a7ecabdeafe51d0cf427f5280af0c7cab96869e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624209
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61764}
This method is rarely used, and has several problems:
1) It CHECKs that the value is not undefined, then creates a
{Handle<T>} which again DCHECKs that the value is of type {T}.
2) It is called on a raw {FixedArray} but returns a handle.
3) It is often used when no handle is actually needed, adding
unnecessary overhead.
4) It adds complexity and hides actual checks and handlification.
This CL removes that method, replacing some uses by explicit CHECKs (in
tests) and relying on the DCHECKs in the casts otherwise.
R=mstarzinger@chromium.org
Bug: v8:9183
Change-Id: I90ff59e8b78c909a9a207029d8cc9ab16c0c7b56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621939
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61710}
Code that is being moved primarily deal with layout of a JSObject,
accessing properties and elements, and map transitions.
NOTREECHECKS=true
NOTRY=true
Bug: v8:9247
Change-Id: Ibce5d5926ac4021c8d40c4dd109948775ce1da58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613994
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61638}
This reverts commit 5f28539599.
Reason for revert: presubmit failure
Original change's description:
> Move logging and diagnostics related source files
>
> This also introduces a COMMON_OWNERS file, which is derived from the
> current top-level OWNERS file. It is to be used for parts of the
> codebase that is not sensitive to domain-specific expertise.
>
> NOPRESUBMIT=true
> TBR=verwaest@chromium.org
>
> Bug: v8:9247
> Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61600}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org
Change-Id: I3827c3af4fd63b18aa48c49617f318a01746e813
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617247
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61601}
This also introduces a COMMON_OWNERS file, which is derived from the
current top-level OWNERS file. It is to be used for parts of the
codebase that is not sensitive to domain-specific expertise.
NOPRESUBMIT=true
TBR=verwaest@chromium.org
Bug: v8:9247
Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61600}
With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.
Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).
Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.
Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
(for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
but in CSA.
Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).
Reland Change: Support pointer compression operands.
R=jarin@chromium.orgTBR=mvstanton@chromium.org
Bug: v8:7793
Change-Id: I84e1831eb6bf9be14f36db3f8b485ee4fab6b22e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612904
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61522}
TurboFan truncated null to +0 even in contexts such as -0 == null
because it was not handling the TypeCheck correctly. This restricts
the type conversion case to not apply truncation in this case (see
comment in patch).
Change-Id: Ia38ace9608800c8d61988de402a31dd863d9160a
Bug: chromium:961237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609538
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61446}
FATAL() calls with more than one argument are preserved.
The rest of chrome does this as well. Stack traces and minidumps should
be sufficient for analyzing the reason for crashes.
This saves 110kb for Android arm32.
Bug: chromium:958807
Change-Id: I88a1ec82f1ed7bd5e7dbccf6d645d5584f16de82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598159
Commit-Queue: Andrew Grieve <agrieve@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61426}
Everything after UNREACHABLE is dead code, so it makes sense to remove them.
Bug: v8:9183
Change-Id: If76468a73b926d74717cc2348fd5b36d30f680c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605727
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61411}
This is the last string of CLs! We eliminated all Tagged loads and stores.
That's why I also cleaned up that TODO in machine-type.h
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: Icb23b396d0cbb6ee914637e34e26b52435f0000c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593085
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61300}
GraphBuilderTester was introduced at a time where RawMachineAssembler
was going to be deprecated (https://codereview.chromium.org/1423923003/).
Now we know that it's not going to happen any time soon.
Since GraphBuilderTester it's only used in one test which can use
RawMachineAssembler, I updated it and removed the class.
Now the .h file had another class, which is now the only class in the file.
Therefore, I renamed it and updated the include calls to it.
Also updated the include commands: some were not necessary, and some others
could be moved to more aptly places.
Bug: v8:9183
Change-Id: I44bf16090c0515b1b9ff6cbded1bdb0adb4e44e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594563
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61269}
FNMUL is efficient arm64 instruction, which can save 1 cycle
by optimizing FNEG(FMUL x y)) to FNMUL x y and
FMUL((FNEG x) y) to FNMUL x y
Change-Id: If25d9de1253098b17033a9d8736ff6a1c06601f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1572681
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61230}
This fixes a memory leak.
Bug: v8:9191, v8:7790
Change-Id: I0df49cd3a6791600638a67b4b7ad9687562e500b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588426
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61166}
Our {Vector} template provides both {start} and {begin} methods. They
return exactly the same value. Since the {begin} method is needed for
iteration, and is also what standard containers provide, this CL
switches all uses of the {start} method to use {begin} instead.
Patchset 1 was auto-generated by using this clang AST matcher:
callExpr(
callee(
cxxMethodDecl(
hasName("start"),
ofClass(hasName("v8::internal::Vector")))
),
argumentCountIs(0))
Patchset 2 was created by running clang-format. Patchset 3 then
removes the now unused {Vector::start} method.
R=jkummerow@chromium.orgTBR=mstarzinger@chromium.org,yangguo@chromium.org,verwaest@chromium.org
Bug: v8:9183
Change-Id: Id9f01c92870872556e2bb3f6d5667463b0e3e5c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587381
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61081}
This reverts commit da7322c05f.
Reason for revert: Breaking the pointer compression bots, e.g.:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20pointer%20compression/3047
Original change's description:
> [csa] verify skipped write-barriers in MemoryOptimizer
>
> With very few exceptions, this verifies all skipped write-barriers in
> CSA and Torque, showing that the MemoryOptimizer together with some
> type information on the stored value are enough to avoid unsafe skipped
> write-barriers.
>
> Changes to CSA:
> SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
> MemoryOptimizer by default.
> Type information about the stored values (TNode<Smi>) is exploited to
> safely skip write barriers for stored Smi values.
> In some cases, the code is re-structured to make it easier to consume
> for the MemoryOptimizer (manual branch and load elimination).
>
> Changes to the MemoryOptimizer:
> Improve the MemoryOptimizer to remove write barriers:
> - When the store happens to a CSA-generated InnerAllocate, by ignoring
> Bitcasts and additions.
> - When the stored value is the HeapConstant of an immortal immovable root.
> - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
> - Fast C-calls are treated as non-allocating.
> - Runtime calls can be white-listed as non-allocating.
>
> Remaining missing cases:
> - C++-style iterator loops with inner pointers.
> - Inner allocates that are reloaded from a field where they were just stored
> (for example an elements backing store). Load elimination would fix that.
> - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
> We could handle that in Torque.
> - Double-aligned allocations, which are not lowered in the MemoryOptimizer
> but in CSA.
>
> Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
> can be handled by overload resolution (in Torque and C++).
>
> R=jarin@chromium.org
> TBR=mvstanton@chromium.org
>
> Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61016}
TBR=mvstanton@chromium.org,jarin@chromium.org,tebbi@chromium.org
Change-Id: I36877cd6d08761726ef8dce8a3e3f2ce3eebe6cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585732
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61038}
With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.
Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).
Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.
Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
(for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
but in CSA.
Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).
R=jarin@chromium.orgTBR=mvstanton@chromium.org
Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61016}
This change aims to simplify RawMachineAssembler::CallCFunction
interface by use of variadic templates.
Change-Id: Ie7081f692f62674f891f09abfd7149e8d95eeb81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526015
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60710}
Includes both changing from compressed pointers and to compressed pointers.
Also added tests to the representation changer test
B
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977
Change-Id: I8a13f6b7ec2208442aa354949173cc9061bce168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533866
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60587}
This CL adds all the necessary {WasmCodeRefScope}s in the code base, or
at least a good approximation. A follow-up CL will enable a check that
a {WasmCodeRefScope} exists whenever a pointer to a {WasmCode} object
is returned from the {NativeModule}. This should flush out any missing
scopes.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: I54c7eb39aeb1acde38273c399396e6b1390a4cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533860
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60566}
Drive-by: also add support for trivial bytecodes such as LdaFalse.
Bug: v8:7790
Change-Id: I72626500096310899d37d57e3d0dd3bd54fddff4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532066
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60460}
Said instructions look like ChangeTaggedXXXToCompressedXXX and
ChangeCompressedXXXToTaggedXXX for XXX in ("", "Pointer", "Signed").
This change only affects 64 bit architectures (both for x64 and arm64).
Also added tests for the machine operators.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977
Change-Id: I239d9de7f214424852e75b5d56996e8dfdacd400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526009
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60393}
We need to ensure that the NativeModule stays alive while any
{BackgroundCompileScope} exists, because during that time we hold
shared ownership of the mutex in the {BackgroundCompileToken}. If the
{NativeModule} dies during that period, we would need to get exclusive
ownership of the mutex and deadlock.
This change requires holding a {std::weak_ptr<NativeModule>} in the
BackgroundCompileToken instead of a raw pointer, hence it can only be
initialized after the NativeModule was created. This is done via a
separate {InitCompilationState} method.
R=ahaas@chromium.org
Bug: v8:8979
Change-Id: Ia14bd272ea0bc47aec547024da6020608418c9d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518178
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60203}
... when pointer compression is enabled and some number of cleanups.
Bug: v8:7703
Change-Id: If7344abf68a1c4d54e4a79d066dc185f25055d7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477737
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60056}
Implemented branching and merging of Environments to facilitate handling of
conditional and unconditional jumps in the SerializerForBackgroundCompilation.
Added tests and printing helpers for the Environment. The internal structure
of the hints was changed to ZoneSet to support avoiding of duplicates.
Alternative implementation considerations were documented here:
https://docs.google.com/document/d/1vCQYhtFPqXafSMweSnGD8l0TKEIB6cPV5UGMHJtpy8k/edit?ts=5bf7d341#heading=h.jx4br0df5qzmR=neis@chromium.org
Bug: v8:7790
Change-Id: Ib929c75ddb7f7fb290a5ca28d4422680a1514a4f
Reviewed-on: https://chromium-review.googlesource.com/c/1451847
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59534}
This avoids confusion with the code that is being generated.
R=sigurds@chromium.org
Change-Id: Icb5bd417ca8502553af201654cca1419b9eac87d
Reviewed-on: https://chromium-review.googlesource.com/c/1462001
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59522}
This basically adjusts reality to match our expectations. Methods based
on Code::kConstantPoolOffset expected the constant pool to be located
immediately following the handler table and before the code comments
section, while it was actually emitted before the jump table. We did
not notice earlier since this is only relevant on ppc.
Bug: v8:8758
Change-Id: I189af491fe133a7dc480ff4056372ba7a27faa81
Reviewed-on: https://chromium-review.googlesource.com/c/1445880
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59299}
This CL changes the usage pattern from
FOR_XXX_VALUES(i) { Use(*i); }
to
FOR_XXX_VALUES(i) { Use(i); }
which is way more intuitive.
Note that the replacement in the uses was done via regular expression,
so it's purely mechanical. In two locations I removed unneeded braces
around the macro, because they confused clang-format.
I plan to do more cleanups (remove redundant assignments within the
FOR_XXX_VALUES body) in a follow-up CL.
R=mstarzinger@chromium.org
Bug: v8:8562
Change-Id: I4329bfcf34e5b077d19b50f4204ceb3b4340fe61
Reviewed-on: https://chromium-review.googlesource.com/c/1449615
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59287}
Also use the feedback as a hint for the target, because target and
new.target are often the same and we have no way of checking that
in the serializer.
Bug: v8:7790
Change-Id: I9647bf9ab830a76657de400f413fc1cb798a2ade
Reviewed-on: https://chromium-review.googlesource.com/c/1445988
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59230}
Numeric conversions are defined behavior iff the value is in the
range of what the target type can represent.
Bug: v8:3770
Change-Id: Ic6f2276c64cb39345a45d8e37e604c28ecca34c2
Reviewed-on: https://chromium-review.googlesource.com/c/1436216
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59144}
The WasmCodeManager held a list of all Isolates that use the
WasmEngine/WasmCodeManager (those two are 1:1).
Since we want to move all isolate-specific tasks (like code logging and
compilation callbacks) to the WasmEngine, this CL moves this management
from the WasmCodeManager to the WasmEngine. We now have a bidirectional
mapping from NativeModules to the Isolates that use them, and from an
Isolate to all the NativeModules it uses (n:n).
The IsolateData struct will be extended in follow-up CLs to hold things
like the ForegroundTaskRunner. The Isolate* in the NativeModule /
CompilationState will eventually be removed.
R=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: Ic2c003c3949f73ce3264dd9dac96884a5c0b9896
Reviewed-on: https://chromium-review.googlesource.com/c/1433793
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59092}
As far as I can tell these were unused; their only callers were arm
and ppc simulators, but codegen explicitly returned nullptr if in a
simulator build, falling back to std::sqrt.
There's more potential cleanup to be done here for other functions
defined in codegen-*.cc files.
Tbr: clemensh@chromium.org
Bug: v8:7777, v8:8675
Change-Id: I4b9d6062c6724a810ab094d09e3cd04a0b733d9b
Reviewed-on: https://chromium-review.googlesource.com/c/1405851
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58740}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
Bug: v8:3770
Change-Id: I8007987594ff534ca697c1c3247215a72a001343
Reviewed-on: https://chromium-review.googlesource.com/c/1403132
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58693}
The two names refer to the same thing by now, so this patch is
entirely mechanical.
Bug: v8:3770
Change-Id: Ia360c06c89af6b3da27fd21bbcaeb2bdaa28ce22
Reviewed-on: https://chromium-review.googlesource.com/c/1397705
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58615}
Apart from being more in-line with the style guide, this allows to use
DEFINE_LAZY_LEAKY_OBJECT_GETTER for defining {TypeCache::Get}.
R=tebbi@chromium.org
Bug: v8:8562
Change-Id: I016b28624950ce9404180fc1ca1a232551f75cd0
Reviewed-on: https://chromium-review.googlesource.com/c/1392201
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58500}
Merging the temporary HeapObjectPtr back into HeapObject.
Bug: v8:3770
Change-Id: I5bcd23ca2f5ba862cf5b52955dca143e531c637b
Reviewed-on: https://chromium-review.googlesource.com/c/1386492
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58410}
C++ introduces the {alignas} keyword, which can be used with types or
integral constant expressions. Use this instead of the V8_ALIGNAS (for
types) or V8_ALIGNED (for integral constants) macros.
R=ulan@chromium.org
Bug: v8:8562
Change-Id: I54999b56a5715237f88c63d8543ef728a5b2eff5
Reviewed-on: https://chromium-review.googlesource.com/c/1379935
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58290}
This is a reland of 9c0a48580b
Original change's description:
> Reland "Reland "[code-comments] Put code comments into the code object""
>
> This is a reland of ed3d647284
>
> This reland fixes that padding at the end of Wasm instruction streams
> triggered asserts in the code printer.
>
> Original change's description:
> > Reland "[code-comments] Put code comments into the code object"
> >
> > This is a reland of e774cffe2b
> >
> > This reland disables a test as v8:8548 is blocking it, which was
> > broken by a recent CL. CQ did not catch this because the merge-base
> > CQ used did not yet contain the CL that caused v8:8548.
> >
> > Original change's description:
> > > [code-comments] Put code comments into the code object
> > >
> > > Code comments in the snapshot can now be enabled with gn
> > > arg 'v8_enable_snapshot_code_comments'
> > >
> > > Bug: v8:7989
> > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#58020}
> >
> > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
> >
> > Bug: v8:7989, v8:8548
> > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
> > Reviewed-on: https://chromium-review.googlesource.com/c/1361166
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58028}
>
> Bug: v8:7989, v8:8548
> Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
> Reviewed-on: https://chromium-review.googlesource.com/c/1371784
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58221}
TBR=jgruber@chromium.org,mstarzinger@chromium.org
Bug: v8:7989, v8:8548, v8:8593
Change-Id: I4f7ffc98e0281c7b744eb4a04ba0763896c7b59b
Reviewed-on: https://chromium-review.googlesource.com/c/1375919
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58232}
This reverts commit 9c0a48580b.
Reason for revert: Seems to break nosnap debug: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22228
Original change's description:
> Reland "Reland "[code-comments] Put code comments into the code object""
>
> This is a reland of ed3d647284
>
> This reland fixes that padding at the end of Wasm instruction streams
> triggered asserts in the code printer.
>
> Original change's description:
> > Reland "[code-comments] Put code comments into the code object"
> >
> > This is a reland of e774cffe2b
> >
> > This reland disables a test as v8:8548 is blocking it, which was
> > broken by a recent CL. CQ did not catch this because the merge-base
> > CQ used did not yet contain the CL that caused v8:8548.
> >
> > Original change's description:
> > > [code-comments] Put code comments into the code object
> > >
> > > Code comments in the snapshot can now be enabled with gn
> > > arg 'v8_enable_snapshot_code_comments'
> > >
> > > Bug: v8:7989
> > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#58020}
> >
> > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
> >
> > Bug: v8:7989, v8:8548
> > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
> > Reviewed-on: https://chromium-review.googlesource.com/c/1361166
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58028}
>
> Bug: v8:7989, v8:8548
> Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
> Reviewed-on: https://chromium-review.googlesource.com/c/1371784
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58221}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org
Change-Id: I681a3c63120c6ab953bfe9cd2b07bcf560ebfdee
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7989, v8:8548
Reviewed-on: https://chromium-review.googlesource.com/c/1375916
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58228}
This is a reland of ed3d647284
This reland fixes that padding at the end of Wasm instruction streams
triggered asserts in the code printer.
Original change's description:
> Reland "[code-comments] Put code comments into the code object"
>
> This is a reland of e774cffe2b
>
> This reland disables a test as v8:8548 is blocking it, which was
> broken by a recent CL. CQ did not catch this because the merge-base
> CQ used did not yet contain the CL that caused v8:8548.
>
> Original change's description:
> > [code-comments] Put code comments into the code object
> >
> > Code comments in the snapshot can now be enabled with gn
> > arg 'v8_enable_snapshot_code_comments'
> >
> > Bug: v8:7989
> > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58020}
>
> TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
>
> Bug: v8:7989, v8:8548
> Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
> Reviewed-on: https://chromium-review.googlesource.com/c/1361166
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58028}
Bug: v8:7989, v8:8548
Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
Reviewed-on: https://chromium-review.googlesource.com/c/1371784
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58221}
This is a reland of f849396c3a
Original change's description:
> [nojit] Remove code stubs
>
> All stubs have been migrated to builtins. This CL removes most related
> code.
>
> Bug: v8:7777, v8:5784
> Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad
> Reviewed-on: https://chromium-review.googlesource.com/c/1365284
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58093}
Tbr: mstarzinger@chromium.org,yangguo@chromium.org,jkummerow@chromium.org,bmeurer@chromium.org
Bug: v8:7777, v8:5784
Change-Id: I005ee2a820d49a75a90481d262a310e4ccfd1391
Reviewed-on: https://chromium-review.googlesource.com/c/1367746
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58101}
All stubs have been migrated to builtins. This CL removes most related
code.
Bug: v8:7777, v8:5784
Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad
Reviewed-on: https://chromium-review.googlesource.com/c/1365284
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58093}
which will require different handling for compressed pointers case.
Bug: v8:8518
Change-Id: I99cb103bad57b134ecb8d7dd7018cf16ed3d8f25
Reviewed-on: https://chromium-review.googlesource.com/c/1365272
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58073}
This reverts commit ed3d647284.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20noi18n%20-%20debug/24178
Original change's description:
> Reland "[code-comments] Put code comments into the code object"
>
> This is a reland of e774cffe2b
>
> This reland disables a test as v8:8548 is blocking it, which was
> broken by a recent CL. CQ did not catch this because the merge-base
> CQ used did not yet contain the CL that caused v8:8548.
>
> Original change's description:
> > [code-comments] Put code comments into the code object
> >
> > Code comments in the snapshot can now be enabled with gn
> > arg 'v8_enable_snapshot_code_comments'
> >
> > Bug: v8:7989
> > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58020}
>
> TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
>
> Bug: v8:7989, v8:8548
> Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
> Reviewed-on: https://chromium-review.googlesource.com/c/1361166
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58028}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org
Change-Id: I1075bb09de7cb8dad71e31ff51a4e7bb6a200a8b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7989, v8:8548
Reviewed-on: https://chromium-review.googlesource.com/c/1362043
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58029}
This is a reland of e774cffe2b
This reland disables a test as v8:8548 is blocking it, which was
broken by a recent CL. CQ did not catch this because the merge-base
CQ used did not yet contain the CL that caused v8:8548.
Original change's description:
> [code-comments] Put code comments into the code object
>
> Code comments in the snapshot can now be enabled with gn
> arg 'v8_enable_snapshot_code_comments'
>
> Bug: v8:7989
> Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58020}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
Bug: v8:7989, v8:8548
Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
Reviewed-on: https://chromium-review.googlesource.com/c/1361166
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58028}
Code comments in the snapshot can now be enabled with gn
arg 'v8_enable_snapshot_code_comments'
Bug: v8:7989
Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
Reviewed-on: https://chromium-review.googlesource.com/c/1329173
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58020}
This is a reland of 10ea3f8a1d
Original change's description:
> [Compiler] Introduce IsCompiledScope which prevents flushing of compiled code
>
> Introduces a IsCompiledScope object which can be used to check whether a
> function is compiled, and ensure it remains compiled for the lifetime
> of the scope without being uncompiled by bytecode flushing. The Compile
> functions are modified to take a scope so that calling code can ensure
> the function remains compiled for the lifetime they require.
>
> Also, don't allocate a feedback vector for asm-wasm code as this
> is never used, and will be reallocated if the asm-wasm code fails to
> instantiate the module and we fallback to regular JavaScript.
>
> Also restructure Compiler::PostInstantiation() to allocate the feedback
> vector once, and do the optimized code check before optimizing for
> always opt.
>
> BUG=v8:8395
>
> Change-Id: I3f1a71143fcae3d1a0c01eefe91ebb4b8594221a
> Reviewed-on: https://chromium-review.googlesource.com/c/1352295
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57971}
TBR=jgruber@chromium.org,mstarzinger@chromium.org
Bug: v8:8395
Change-Id: I8dc00798a5680997990c879c3380fe4febd47297
Reviewed-on: https://chromium-review.googlesource.com/c/1357045
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57982}
This reverts commit 10ea3f8a1d.
Reason for revert: Causing failure on gc_stress bot:
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8928421099411850688/+/steps/Bisect_10ea3f8a/0/steps/Retry/0/logs/collections-construct../0
Original change's description:
> [Compiler] Introduce IsCompiledScope which prevents flushing of compiled code
>
> Introduces a IsCompiledScope object which can be used to check whether a
> function is compiled, and ensure it remains compiled for the lifetime
> of the scope without being uncompiled by bytecode flushing. The Compile
> functions are modified to take a scope so that calling code can ensure
> the function remains compiled for the lifetime they require.
>
> Also, don't allocate a feedback vector for asm-wasm code as this
> is never used, and will be reallocated if the asm-wasm code fails to
> instantiate the module and we fallback to regular JavaScript.
>
> Also restructure Compiler::PostInstantiation() to allocate the feedback
> vector once, and do the optimized code check before optimizing for
> always opt.
>
> BUG=v8:8395
>
> Change-Id: I3f1a71143fcae3d1a0c01eefe91ebb4b8594221a
> Reviewed-on: https://chromium-review.googlesource.com/c/1352295
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57971}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: I1449a02a0aceb9757440757628e586df33972a40
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8395
Reviewed-on: https://chromium-review.googlesource.com/c/1357042
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57974}
Introduces a IsCompiledScope object which can be used to check whether a
function is compiled, and ensure it remains compiled for the lifetime
of the scope without being uncompiled by bytecode flushing. The Compile
functions are modified to take a scope so that calling code can ensure
the function remains compiled for the lifetime they require.
Also, don't allocate a feedback vector for asm-wasm code as this
is never used, and will be reallocated if the asm-wasm code fails to
instantiate the module and we fallback to regular JavaScript.
Also restructure Compiler::PostInstantiation() to allocate the feedback
vector once, and do the optimized code check before optimizing for
always opt.
BUG=v8:8395
Change-Id: I3f1a71143fcae3d1a0c01eefe91ebb4b8594221a
Reviewed-on: https://chromium-review.googlesource.com/c/1352295
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57971}
to the new design.
Bug: v8:3770
Change-Id: I3cd0a66eefefedc98a641494302fc79d897a153a
Reviewed-on: https://chromium-review.googlesource.com/c/1345910
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57801}
Previosly, LoadArrayElement assumed that the array is a FixedArray.
The PropertyArray and WeakFixedArray pretended to be a FixedArray and
had static asserts about length offsets.
This patch make LoadArrayElement generic and uses a new LoadArrayLength
function to fetch the length of the array without hard-coding the length
offset.
Bug: v8:8486
Change-Id: Ib27132bf3fcecc135ad632c4227c57ca0a05036f
Reviewed-on: https://chromium-review.googlesource.com/c/1346498
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57723}
Remove PrintableInstructionSequence and friends, just overload
operator<< directly for the respective types.
R=herhut@chromium.org
Bug: v8:8238
Change-Id: I67713978ab06f7ec5309e52b4090256480f362b1
Reviewed-on: https://chromium-review.googlesource.com/c/1346113
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57722}
Register names are static, so we do not need to access them via
RegisterConfiguration. This saves a lot of RegisterConfiguration
object creations.
R=mstarzinger@chromium.org
Bug: v8:8238
Change-Id: I295ad4d4b13fe948c70490687b7e3e9b48e70af9
Reviewed-on: https://chromium-review.googlesource.com/c/1342517
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57668}
This change ensures that we do not try to check the conversion of a floating
point constant, but insert the floating point constant instead.
Change-Id: I1c65e3a69acaea2ff805ba10317f64c0ac0ba098
Reviewed-on: https://chromium-review.googlesource.com/c/1340257
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57630}
This CL implements an assembly order optimization that moves blocks
that end a loop with an unconditional backedge to the beginning of
the loop, saving a branch.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:8423
Change-Id: I8a5d25f5472d71227af0f623277ea8d0a8d69867
Reviewed-on: https://chromium-review.googlesource.com/c/1335944
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57572}
With Bytecode flushing, the a SharedFunctionInfo's bytecode might be flushed
while the compiler is expecting it to still exist. Rather than continually
getting the bytecode from the SFI, instead bottleneck the points where we get
BytecodeArray from SFIs and maintain an explicit strong reference to the
BytecodeArray from that point onwards to prevent flushing.
BUG=v8:8395
Change-Id: I6a18adec99402838690971eb37ee0617cdc15920
Reviewed-on: https://chromium-review.googlesource.com/c/1309763
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57536}
Moves the unicode predicate cache tables out of the unicode cache,
and turns them into generic predicates in char-predicates.h which
use static constexpr tables.
This drops the per-isolate cost of unicode caches, and removes the
need for accessing the unicode cache from most files. It does remove
the mutability of the cache, which means that there may be regressions
when parsing non-ASCII identifiers. Most likely the benefits to ASCII
identifiers/keywords will outweigh any non-ASCII costs.
Change-Id: I9a7a8b7c9b22d3e9ede824ab4e27f133ce20a399
Reviewed-on: https://chromium-review.googlesource.com/c/1335564
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57506}
This CL is an experiment to get more performance data from the perf-bots
and will likely lead to regressions. The try-bots (see patcheset 9)
indicate some regressions, but it doesn't seem too bad.
Change-Id: Ia173ab20ee2a4904663db0f4ca2ffb196b203c77
Reviewed-on: https://chromium-review.googlesource.com/c/1319763
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57483}
In the process, move the rest of the implementation PLabels into the
CodeAssembler for consistency.
Change-Id: I56872d9fc756db066f0d13d87aeb55ec04de2495
Reviewed-on: https://chromium-review.googlesource.com/c/1329687
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57474}
This CL splits the backend of TurboFan off into its own directory,
without changing namespaces. This makes ownership management a bit
more fine-grained with a logical separation.
R=mstarzinger@chromium.org,jarin@chromium.org,adamk@chromium.org
Change-Id: I2ac40d6ca2c4f04b8474b630aae0286ecf79ef42
Reviewed-on: https://chromium-review.googlesource.com/c/1308333
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57437}
This is a reland of b8e8b0de4f
Original change's description:
> [ptr-compr] Fix incorrectly used machine types
>
> in TurboFan, CSA, Wasm and compiler tests. Tagged values decompression
> logic will depend on the machine type of the value being loaded so it must
> be correct.
>
> Bug: v8:7703
> Change-Id: Ia9e7cc1e273e5a458d9de8aaa4adb0c970413b8b
> Reviewed-on: https://chromium-review.googlesource.com/c/1319573
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57280}
Bug: v8:7703
Change-Id: I2c740bab9a800520ebfb83334345bd5641b7e408
Reviewed-on: https://chromium-review.googlesource.com/c/1320850
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57314}
This reverts commit b8e8b0de4f.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm%20-%20debug/8276
Original change's description:
> [ptr-compr] Fix incorrectly used machine types
>
> in TurboFan, CSA, Wasm and compiler tests. Tagged values decompression
> logic will depend on the machine type of the value being loaded so it must
> be correct.
>
> Bug: v8:7703
> Change-Id: Ia9e7cc1e273e5a458d9de8aaa4adb0c970413b8b
> Reviewed-on: https://chromium-review.googlesource.com/c/1319573
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57280}
TBR=mstarzinger@chromium.org,ishell@chromium.org
Change-Id: Ia97d5bfebf8d8fe1b2b7607f63024b60cf2c584f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/1320349
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57294}
in TurboFan, CSA, Wasm and compiler tests. Tagged values decompression
logic will depend on the machine type of the value being loaded so it must
be correct.
Bug: v8:7703
Change-Id: Ia9e7cc1e273e5a458d9de8aaa4adb0c970413b8b
Reviewed-on: https://chromium-review.googlesource.com/c/1319573
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57280}
This introduces Word64 support for the CheckBounds operator, which now
lowers to either CheckedUint32Bounds or CheckedUint64Bounds after the
representation selection. The right hand side of CheckBounds can now
be any positive safe integer on 64-bit architectures, whereas it remains
Unsigned31 for 32-bit architectures. We only use the extended Word64
support when the right hand side is outside the Unsigned31 range, so
for everything except DataViews this means that the performance should
remain the same. The typing rule for the CheckBounds operator was
updated to reflect this new behavior.
The CheckBounds with a right hand side outside the Unsigned31 range will
pass a new Signed64 feedback kind, which is handled with newly introduced
CheckedFloat64ToInt64 and CheckedTaggedToInt64 operators in representation
selection.
The JSCallReducer lowering for DataView getType()/setType() methods was
updated to not smi-check the [[ByteLength]] and [[ByteOffset]] anymore,
but instead just use the raw uintptr_t values and operate on any value
(for 64-bit architectures these fields can hold any positive safe
integer, for 32-bit architectures it's limited to Unsigned31 range as
before). This means that V8 can now handle huge DataViews fully, without
falling off a performance cliff.
This refactoring even gave us some performance improvements, on a simple
micro-benchmark just exercising different DataView accesses we go from
testDataViewGetUint8: 796 ms.
testDataViewGetUint16: 997 ms.
testDataViewGetInt32: 994 ms.
testDataViewGetFloat64: 997 ms.
to
testDataViewGetUint8: 895 ms.
testDataViewGetUint16: 889 ms.
testDataViewGetInt32: 888 ms.
testDataViewGetFloat64: 890 ms.
meaning we lost around 10% on the single byte case, but gained 10% across
the board for all the other element sizes.
Design-Document: http://bit.ly/turbofan-word64
Bug: chromium:225811, v8:4153, v8:7881, v8:8171, v8:8383
Change-Id: Ic9d1bf152e47802c04dcfd679372e5c85e4abc83
Reviewed-on: https://chromium-review.googlesource.com/c/1303732
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57095}
This CL restores consistency with other platforms. ebx is now the
kRootRegister on ia32, and thus not an allocatable register any more.
The PreserveRootIA32 register configuration can be removed since it is
now identical to the Default configuration.
Bug: v8:6666
Change-Id: If4e2b4c52aa8b5db40bcd3b4469004b29c0e3d99
Reviewed-on: https://chromium-review.googlesource.com/c/1299078
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57018}
This is a reland of a31a623047
Original change's description:
> [ia32] Remove poisoning logic on ia32
>
> Poisoning has been disabled by default on ia32 a while ago. This CL
> removes its logic from ia32 code generation, which will let us move
> towards fuller (and unconditional) root register support.
>
> Bug: chromium:860429, v8:8254
> Change-Id: I8f672cf48a6ffc7bf21e7794c1b7463d7f8b9594
> Reviewed-on: https://chromium-review.googlesource.com/c/1296131
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56978}
Tbr: mstarzinger@chromium.org,jarin@chromium.org
Bug: chromium:860429, v8:8254
Change-Id: Ia65ac57fdc6b9a0f59cc64455d6a000005e9be3b
Reviewed-on: https://chromium-review.googlesource.com/c/1299080
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56984}
Instead, create it when needed and pass it down to the actual
compilation.
This saves memory by making the WasmCompilationUnit smaller and will
eventually allow us to implement the trap handler fallback correctly by
using an updated ModuleEnv in background compilation and tier up.
R=mstarzinger@chromium.org
Bug: v8:5277, v8:8343
Change-Id: I0dc3a37fb88e54eb4822dc99d58ff024f4b2a367
Reviewed-on: https://chromium-review.googlesource.com/c/1293953
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56896}
For now, all it does is control when the heap broker starts
serializing. Eventually it will do what its name suggests.
I'm also renaming --concurrent-compiler-frontend to the more
accurate --concurrent-typed-lowering. Note that it's forceably
implied by --concurrent-inlining.
Bug: v8:7790
Change-Id: I55c1d8f1538146e89f3e166cb9165f6f38447146
Reviewed-on: https://chromium-review.googlesource.com/c/1270839
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56557}
For each intrinsic/runtime function we define in runtime.h, an inline
version is automatically declared. We only ever use 24 of the inline
functions. Even though we don't call the other ones, macro magic means
they still take up space by existing in various arrays and tables like
kIntrinsicFunctions. They also create code in switch statements.
Some drive-by cleanups:
- Remove the switch in NameForRuntimeId() and just use the table of
runtime functions to lookup the name directly.
- Remove tests for IsFunction, ClassOf and StringAdd intrinsics as
they are the last users of the inline versions of these.
- Remove the MaxSmi inline version as it is only used in tests.
Saves 64 KiB binary size.
Change-Id: I4c870ddacd2655ffcffa97d93200ed8f853752f5
Reviewed-on: https://chromium-review.googlesource.com/c/1261939
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56412}
When converting a Signed32\/MinusZero value from Word32 to Float64
representation or just passing it through as Word32 (with potential
type checks on it) we don't need to worry about -0 as long as the uses
identify 0 and -0.
Drive-by-fix: Fix the CheckChange() helper in the representation
changer test to pass Truncation::Any() by default.
Bug: chromium:891639, chromium:891612, chromium:891627, v8:8015, v8:8178
Change-Id: I06948ec0cdb8e778cb3678124ef927277a5f40ee
Reviewed-on: https://chromium-review.googlesource.com/c/1258902
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56369}
test/cctest/compiler/value-helper.h: fix due to a GCC bug affecting padding
of aggregate data types on Aix.
GCC bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61976
Change-Id: I303b09a9a84b372033c16cbf157d5fc2bf25f93a
Reviewed-on: https://chromium-review.googlesource.com/1244616
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56274}
This is just a cleanup.
Bug: v8:7790
Change-Id: Ic0114451159b8c504f527f3cf3bdaed6a8cc8741
Reviewed-on: https://chromium-review.googlesource.com/1243103
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56206}
This also makes the {AddCodeCopy} method more specific to only apply to
import wrappers, otherwise the use of {set_code} would be unprotected.
R=clemensh@chromium.org
BUG=v8:8015
Change-Id: I62561560f57e4cc235a338c0e769e50ff55ec42d
Reviewed-on: https://chromium-review.googlesource.com/1238477
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56137}
Remove %ToPrimitive, %ToPrimitive_Number, %SameValue and %SameValueZero,
as these runtime functions were only used from tests. For the %SameValue
we use Object.is() to test the internal algorithm (the actual one even),
and for %SameValueZero we use Set#has() - this was already the case for
most uses anyways.
Also drop %IsDate and %ValueOf, which didn't have uses at all.
Bug: v8:8015
Change-Id: Ice26d25e68aed4d5d8adac0547c56aedf9826b13
Reviewed-on: https://chromium-review.googlesource.com/1237677
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56127}
Teach TurboFan about representation changes from Float64 to Word64 where
the input value is already known to be within the Int64 or Uint64 range.
While not all of these values have representations in Float64, those
that do can be converted to Word64 without loss of precision.
Same is true for Tagged to Word64 conversions, although here we don't
(currently) need the case for Uint64 ranges, so we can skip adding an
operator for that until it becomes necessary (there's a hard check in
the code so it'll not silently cause trouble).
Bug: v8:8178
Change-Id: Ie99b0bc9af096bd927f63b26b0a61e66454bc4ae
Reviewed-on: https://chromium-review.googlesource.com/1231593
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56022}
Word8 and Word16 representation is treated like Word32 for the sake of
TurboFan's representation selection, but this was missing from the
Word64 conversions.
Bug: chromium:884933, v8:4153, v8:7881, v8:8171, v8:8178
Change-Id: If7b69cdd02b12546d87bba0643e9ee9cb35cb299
Reviewed-on: https://chromium-review.googlesource.com/1229953
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55983}
This change introduces the necessary conversion operators to convert
from Word64 to other representations (Tagged, Word32, Float64, etc.),
and plugs in the Word64 representation for NumberAdd/NumberSubtract,
such that TurboFan will go to Int64Add/Sub on 64-bit architectures
when the inputs and the output of the operation is in safe integer
range. This includes the necessary changes to the Deoptimizer to be
able to rematerialize Int64 values as Smi/HeapNumber when going back
to Ignition later.
This change might affect performance, although measurements indicate
that there should be no noticable performance impact.
The goal is to have TurboFan support Word64 representation to a degree
that changing the TypedArray length to an uint64_t (for 64-bit archs)
becomes viable and doesn't have any negative performance implications.
Independent of that we might get performance improvements in other areas
such as for crypto code later.
Bug: v8:4153, v8:7881, v8:8171, v8:8178
Design-Document: bit.ly/turbofan-word64
Change-Id: I29d56e2a31c1bae61d04a89d29ea73f21fd49c59
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel
Reviewed-on: https://chromium-review.googlesource.com/1225709
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55937}
This adds support to TurboFan's representation selection for the Word64
representation, and makes use of that to handle indices for memory access
and allocation instructions (i.e. LoadElement, StoreElement, Allocate,
etc.). These instructions had previously used Word32 as representation
for the indices / sizes, and then internally converted it to the correct
representation (aka Word64 on 64-bit architectures) later on, but that
was kind of brittle, and sometimes led to weird generated code.
The change thus only adds support to convert integer values in the safe
integer range from all kinds of representations to Word64 (on 64-bit
architectures). We don't yet handle the opposite direction and none of
the representation selection heuristics for the numeric operations were
changed so far. This will be done in follow-up CLs.
This CL itself is supposed to be neutral wrt. functionality, and only
serves as a starting point, and a cleanup for the (weird) implicit
Word64 index/size handling.
Bug: v8:7881, v8:8015, v8:8171
Design-Document: http://bit.ly/turbofan-word64
Change-Id: I3c6961a0e96cbc3fb8ac9d3e1be8f2e5c89bfd25
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel
Reviewed-on: https://chromium-review.googlesource.com/1224932
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55886}
In the CHECK_FLOAT_EQ and CHECK_DOUBLE_EQ wrappers, do also print hex
representations on failure. Otherwise, single bit flips might not be
visible in the output, like here:
Check failed: DoubleWrapper(x) == y (-2e+66 vs. -2e+66).
R=titzer@chromium.org
Change-Id: I2521706aedc6ff81c0dbb25259230f8e29ce9a3e
Reviewed-on: https://chromium-review.googlesource.com/1219630
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55799}
The first: we allocated within the argument list of a function call on
a handlified receiver. The allocation may trigger GC which leaves us
with a stale receiver reference.
The second: in generated code we triggered further allocations while
an uninitialized fixed array was live.
Bug: v8:8145
Change-Id: If59cab6274277534b2ff6463daa5863b8feae22c
Reviewed-on: https://chromium-review.googlesource.com/1213162
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55717}
- Removes workarounds in test-run-native_calls for ARM and
adds ARM 32-bit aliasing-aware register allocation.
- Uses wasm::LinkageAllocator instead of custom allocator to avoid
duplication of this logic.
- Fixes a problem in wasm::LinkageAllocator with high 16 VFP regs,
and makes member variable naming consistent.
Bug: v8:8015
Change-Id: Ie8bb8bad06bebce2cef3da0f6ad5c59d5f3b3b36
Reviewed-on: https://chromium-review.googlesource.com/1199907
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55696}
The WasmCompilationData was a struct that served as an input/output
mechanism for communicating with the code generator. In particular,
it contained a flag for enabling runtime exception for WASM in the code
generator and it also gathered the protected instruction info from
the code generator to be communicated to the WasmCodeManager.
This CL inlines the exception support flag into OptimizedCompilationInfo
and the protected instruction information into the code generator,
along the lines of other flags and data structures created by the
code generator.
R=mstarzinger@chromium.org
Change-Id: If436636067f1a829a095310a73045fe3301cb694
Reviewed-on: https://chromium-review.googlesource.com/1186409
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55358}
This adds support for unaligned load/store access to the DataView
backing store and uses byteswap operations to fix up the endianess
when necessary. This changes the Word32ReverseBytes operator to be
a required operator and adds the missing support on the Intel and
ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
is also mandatory now).
This further improves the performance on the dataviewperf.js test
mentioned in the tracking bug by up to 40%, and at the same time
reduces the code complexity in the EffectControlLinearizer.
Bug: chromium:225811
Change-Id: I7c1ec826faf46a144a5a9068f8f815a5fd040997
Reviewed-on: https://chromium-review.googlesource.com/1174252
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55111}
This reverts commit c46915b931.
Reason for revert: Disasm failures https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/21727
Original change's description:
> [turbofan] Further optimize DataView accesses.
>
> This adds support for unaligned load/store access to the DataView
> backing store and uses byteswap operations to fix up the endianess
> when necessary. This changes the Word32ReverseBytes operator to be
> a required operator and adds the missing support on the Intel and
> ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
> is also mandatory now).
>
> This further improves the performance on the dataviewperf.js test
> mentioned in the tracking bug by up to 40%, and at the same time
> reduces the code complexity in the EffectControlLinearizer.
>
> Bug: chromium:225811
> Change-Id: I296170b828c2ccc1c317ed37840b564aa14cdec2
> Reviewed-on: https://chromium-review.googlesource.com/1172777
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55099}
TBR=sigurds@chromium.org,bmeurer@chromium.org
Change-Id: If7a62e3a1a4ad26823fcbd2ab6eb4c053ad11c49
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:225811
Reviewed-on: https://chromium-review.googlesource.com/1174171
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55107}
This adds support for unaligned load/store access to the DataView
backing store and uses byteswap operations to fix up the endianess
when necessary. This changes the Word32ReverseBytes operator to be
a required operator and adds the missing support on the Intel and
ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
is also mandatory now).
This further improves the performance on the dataviewperf.js test
mentioned in the tracking bug by up to 40%, and at the same time
reduces the code complexity in the EffectControlLinearizer.
Bug: chromium:225811
Change-Id: I296170b828c2ccc1c317ed37840b564aa14cdec2
Reviewed-on: https://chromium-review.googlesource.com/1172777
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55099}
This should make the uses of binary vs. bitwise not very clear:
- Word32BinaryNot for logical negation
- Word32BitwiseNot for bitwise negation
Change-Id: I3345913111da0dbdae6fdf285f090b67eb3f3afc
Reviewed-on: https://chromium-review.googlesource.com/1169205
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55091}
This CL introduces a set of configuration options implemented as
a struct of booleans that together comprise the set of enabled
or detected features. The configuration options replace command-line
flags that were checked deep in the implementation. As such, it is
necessary to plumb them through multiple levels of abstraction.
R=ahaas@chromium.orgCC=mstarzinger@chromium.org
BUG=chromium:868844
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1b82f5826e4fd263f68e8cafcd923bac5818a637
Reviewed-on: https://chromium-review.googlesource.com/1163670
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55018}
This adds two tests that generate calls to embedded builtins, one test
inlines the trampoline, and the other uses an indirect load from the
roots array.
Bug: v8:6666, v8:7997
Change-Id: I077f4e9ed311021edb8ee74db625ebb048fdf66b
Reviewed-on: https://chromium-review.googlesource.com/1160237
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54869}
The test uses an incomplete native context, so the broker fails during
serialization.
Bug: v8:7790
Change-Id: I33e9e37df4e4acce62829123a8d16087d4fdc76d
Reviewed-on: https://chromium-review.googlesource.com/1156693
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54825}
The heap broker expects that handles get canonicalized.
R=jarin@chromium.org
Bug: v8:7790
Change-Id: If6162316bb2a256e783a8175ac7d4172d040b28b
Reviewed-on: https://chromium-review.googlesource.com/1155123
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54823}
This is a first step to make basic block profiling work in wasm. More
is needed, including eventually making the profiler thread safe.
Change-Id: Ic216c881a4ab5a633e147e5538bb405c32e687cd
Reviewed-on: https://chromium-review.googlesource.com/1150234
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54728}
Stack parameters on arm64 require padding. Since the stack areas for
parameters and returns should not overlap, we have to pad the parameters
already during the construction of the CallDescriptor so that we can set
the correct stack offset for returns.
R=mstarzinger@chromium.org
Bug: chromium:838098
Change-Id: I23389dc35037054b750e61ea6b1bfdfc4c5bc868
Reviewed-on: https://chromium-review.googlesource.com/1150178
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54716}
We'll soon start collecting data from the JS heap prior to the typed
lowering pass, and then refrain from reading the heap in that pass.
This CL prepares the broker machinery by introducing a hash table that
maps an object (handle) to the corresponding cached data. For the time
being, that cached data is essentially just the handle itself.
Bug: v8:7790
Change-Id: I830e9c72faafb7ae1d10e8a111636b3a3762bbc6
Reviewed-on: https://chromium-review.googlesource.com/1143405
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54618}
This is a reland of 9eca23e9ed
Adds a deopt continuation, which fixes JavaScript stack traces
to contain the number constructor after inlining.
Original change's description:
> [turbofan] Inline Number constructor in certain cases
>
> This CL adds inlining for the Number constructor if new.target is not
> present. The lowering is BigInt compatible, i.e. it converts BigInts to
> numbers.
>
> Bug: v8:7904
> Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
> Reviewed-on: https://chromium-review.googlesource.com/1118557
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54454}
Bug: v8:7904
Change-Id: Ic416e5ba81fa3a0f59ae4afa80df83c46a759487
Reviewed-on: https://chromium-review.googlesource.com/1146581
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54609}
This reverts commit 9eca23e9ed.
Reason for revert: Clusterfuzz correctness issue
Original change's description:
> [turbofan] Inline Number constructor in certain cases
>
> This CL adds inlining for the Number constructor if new.target is not
> present. The lowering is BigInt compatible, i.e. it converts BigInts to
> numbers.
>
> Bug: v8:7904
> Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
> Reviewed-on: https://chromium-review.googlesource.com/1118557
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54454}
TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7904
Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86
Reviewed-on: https://chromium-review.googlesource.com/1142777
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54544}
ReadOnlyRoots means that some added Isolate parameters are no longer
needed. So, we can remove them.
This patch was generated mostly automatically with a bespoke tool.
Bug: v8:7786
Bug: v8:7754
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia44fd2a66652253f780e3674bf7fb431caef0493
Reviewed-on: https://chromium-review.googlesource.com/1136305
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54526}
Strictly speaking there are some left in api.cc, but they are in
deprecated functions with non-deprecated alternatives.
Apart from changes made using tooling, this also modifies
FieldType::AsClass to return Map* rather than Handle<Map> and converts
its call sites to create the Handle when they need it - currently
several sites immediately dereference the Handle.
Also marks WasmDebugInfo as NeverReadOnlySpaceObject so GetIsolate and
GetHeap remain usable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I7ea5048f97f140c757f651712b8c33a5c7e0ebc1
Reviewed-on: https://chromium-review.googlesource.com/1140302
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54513}
Ran GetIsolate/GetHeap removal script over all the header files included
into objects.cc. Affected classes include: ScriptContextTable
RuntimeCallTimerScope GlobalDictionaryShape Map LookupIterator
PrototypeIterator FixedArrayBuilder
Manually fixed up Map to mark its write operations as safe for
GetIsolate since they modify the object as so can't be done in RO_SPACE.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2fd0960f085d1bcb4cf54b3418899ac0217917ca
Reviewed-on: https://chromium-review.googlesource.com/1138076
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54488}
This CL adds inlining for the Number constructor if new.target is not
present. The lowering is BigInt compatible, i.e. it converts BigInts to
numbers.
Bug: v8:7904
Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
Reviewed-on: https://chromium-review.googlesource.com/1118557
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54454}
With ReadOnlyRoots and GetIsolate on JSReceiver, we can remove almost
every isolate parameter from <Object>::Print. The remaining ones, like
Map, are special-caseable for read-only maps, and as a result we can
remove isolate parameters from <Object>::Print entirely.
This patch also opportunistically cleans up a few places where isolates
were only needed for Object::Print, such as TransitionAccessors and
DescriptorArrays.
TBR=yangguo@chromium.org,mstarzinger@chromium.org
Bug: v8:7786
Change-Id: Id44bd53b9893e679eea5f37b9548257595a1bfd9
Reviewed-on: https://chromium-review.googlesource.com/1133385
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54401}
- Move the CompilationDependencies member of OptimizedCompilationInfo
to Turbofan's PipelineData (and thus into the compiler namespace).
- Move compilation-dependencies.{cc,h} to the compiler directory.
Bug: v8:7902
Change-Id: I5471d0923daf83abe975357325db5bc5ad0a8571
Reviewed-on: https://chromium-review.googlesource.com/1127793
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54295}
This CL surfaces AssemblerOptions to CodeAssembler::GenerateCode and
to pipeline methods. To allow forward declaring AssemblerOptions,
AssemblerBase::Options was moved out of the AssemblerBase class.
Bug: v8:6666
Change-Id: If9fc50d3d4767bb5dd39a0c3b6e094021f4cae2b
Reviewed-on: https://chromium-review.googlesource.com/1127039
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54286}
This is a reland of 4b9b9b6845, which
accidentally disabled optimization after dependency changes (instead
of retrying).
TBR=jarin@chromium.orgTBR=mstarzinger@chromium.org
Original change's description:
> Reland "[turbofan] Rewrite CompilationDependencies"
>
> This is a reland of 52a10e5081, after
> eliminating an invalid assumption about maps.
>
> TBR=jarin@chromium.org
> TBR=mstarzinger@chromium.org
>
> Original change's description:
> > [turbofan] Rewrite CompilationDependencies
> >
> > Instead of installing code dependencies during graph reduction,
> > install them after code generation.
> >
> > Bug: v8:7902, v8:7790
> > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> > Reviewed-on: https://chromium-review.googlesource.com/1119913
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#54170}
>
> Bug: v8:7902, v8:7790
> Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
> Reviewed-on: https://chromium-review.googlesource.com/1126999
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54254}
Bug: v8:7902, v8:7790
Change-Id: I2b7a7d186e03990350e375470569177e3309683c
Reviewed-on: https://chromium-review.googlesource.com/1127579
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54280}
This is a reland of 52a10e5081, after
eliminating an invalid assumption about maps.
TBR=jarin@chromium.orgTBR=mstarzinger@chromium.org
Original change's description:
> [turbofan] Rewrite CompilationDependencies
>
> Instead of installing code dependencies during graph reduction,
> install them after code generation.
>
> Bug: v8:7902, v8:7790
> Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> Reviewed-on: https://chromium-review.googlesource.com/1119913
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54170}
Bug: v8:7902, v8:7790
Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
Reviewed-on: https://chromium-review.googlesource.com/1126999
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54254}
Instead of installing code dependencies during graph reduction,
install them after code generation.
Bug: v8:7902, v8:7790
Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
Reviewed-on: https://chromium-review.googlesource.com/1119913
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54170}
Instead of storing both the {NativeModule} and the {WasmModule} in a
{Managed} object, just store the {WasmModule} in the {NativeModule}
directly. This fixes crashes that happen if the {Managed<WasmModule>}
dies before the {Managed<NativeModule>}.
R=mstarzinger@chromium.org
Bug: chromium:854794, v8:7879, v8:7889
Change-Id: I6b11729943fe7a03d225138782655ee5dafd26a6
Reviewed-on: https://chromium-review.googlesource.com/1118171
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54090}
This fixes include violations where normal "foo.h" headers included
inline "bar-inl.h" headers. It also removes two (almost) dead methods.
R=clemensh@chromium.org
BUG=v8:7754
Change-Id: I11c6ce71650db22f3c1d7cf5ca50529c94b94839
Reviewed-on: https://chromium-review.googlesource.com/1117076
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54060}
All Object::Print functions now take an Isolate* parameter. Various
XX::XXPrint functions now take an Isolate if it's needed rather than
calling GetIsolate(). Such method use DECL_PRINTER_WITH_ISOLATE rather
than DECL_PRINTER.
The _v8_internal_Print_ function (intended for use in gdb) now uses
Isolate::Current() to get hold of an Isolate.
Reduces the GetIsolate and GetHeap count by 9 and 5 respectively.
Also removes unneeded gdb/lldb macros (along with their support
functions), jfv, jfm, jda and jta, since job does the same thing.
Bug: v8:7786
Change-Id: Ib93ebca6ca47c4db9c85cc6d9ff8004da5942dec
Reviewed-on: https://chromium-review.googlesource.com/1112001
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54029}
