Various behaviour preserving changes that make it easier to switch on
callee-saved registers without having to land refactoring code at the
same time.
- Use MaybeStoreRegisters / MaybeRestoreRegisters
- Use CallRecordWriteStubSaveRegisters everywhere for now. Eventually
this will be replaced by CallRecordWriteStub in places with fixed
registers.
- Use WriteBarrierDescriptor::ComputeSavedRegisters, which for now
returns the same as allocatable_registers
Full x64 implementation: https://crrev.com/c/2922604
Bug: v8:11420
Change-Id: I04e6ac2f6333edc91cb1030a0217f59ad441a1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922250
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74876}
Limit tests to release, linux and macos since they are mostly for
checking whether the tools work correctly rather than JS correctness.
Change-Id: I26e49fbda33a4dac8d774b2e03fa07ae1f2f142a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930156
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74875}
This CL would finish adding TSAN support for the generated tagged
stores.
Bug: v8:7790, v8:11600
Change-Id: Icaadc06ea740089dadf3d9f86da56d84dad1d4b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922113
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74872}
So far, units compiled with TurboFan were published one-by-one as soon
as they were ready, which reduces the latency until the faster code is
available. However, especially when write-protecting code with mprotect,
this yielded a lot of page protection switches, which incurs syscall and
lock contention overhead. Thus, https://crrev.com/c/2922114 already
introduced TurboFan batching when using write-protection.
During experiments, we found this could even be beneficial in the
default configuration, i.e., without write-protection enabled. This CL
changes to always do the publishing in batches. This choice should be
revisited once the tier-up strategy changes, e.g., with lazy compilation
or dynamic tier-up.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Change-Id: I0ba792c969f7e017ac57103d2bbfe9a142cf302d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928186
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#74871}
This is a reland of 17915002fc with an
added fix for TurboAssembler::CallTSANRelaxedStoreStub.
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: Ibac3e6f0360d35579ee0b0dc5d698f8cdab93260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922604
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74870}
All our Simd load/store opcodes are using MRR format.
Added DCHECKs will make sure the passed MemOperands are using
2 registers and not an Immediate value.
Change-Id: Ife470d3c80a10853bbb8365f8c00350ebdc98b2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2927208
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74868}
This will be thrown during array allocations if the requested size is
larger than kV8MaxWasmArrayLength.
Additional changes:
- In test-gc.cc, add the possibility to check against the trap message
in CheckHasThrown.
- Small reorganization of WasmGCTester in test-gc.cc.
Bug: v8:7748
Change-Id: I6f74b525bd7087fcc66f43c451ef130df022b0f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922247
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74867}
AllocationSites are strongly rooted in various places.
AllocationMementos, small heap objects immediately behind the
objects which AllocationSites tracks, are purposely left
unrooted. They do however, point to AllocationSites.
This leads to a situation where an AllocationSite may no longer
be seen to have strong roots at gc time, and yet new space is
still repleat with AllocationMementos which point to it.
The GC recognizes this, and marks the AllocationSite as a
"zombie," that is, an object which should be kept alive for
one more GC cycle because of the existence of those mementos
which point to it.
Change-Id: Ifa720c28f216dee2eaf7edd6f489b5c7427d4353
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928500
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74866}
Bug: chromium:1212583
Change-Id: I6cce7e419b108a0d30cf4d9d9bb0ba304fb0803e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922249
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74864}
Prior to this patch, regular expression objects with a monkeypatched
`toString` were printed using the `toString` result value, rather than
actually representing the regular expression’s contents.
const re = /./;
re.toString = () => 'whoops!';
console.log(re);
// → logs 'whoops!'
Now that `v8::RegExp::GetSource` properly escapes special characters in
the source pattern [1], just like `RegExp#toString`, there is no longer
any reason to avoid it.
[1]: https://chromium-review.googlesource.com/c/v8/v8/+/2900737
Bug: v8:11693
Change-Id: I9a69cdb6813f76b669bdc24e4823c6d261f2ae73
Fixed: v8:11836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928188
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74862}
This adds a first crude version of displaying a flamechart in the
system-analyzer.
- Basic function types are distinguishable by colors.
- Tooltip information is available as well
Bug: v8:11835
Change-Id: I87e092f749d4c16aa5017af39df8d2f7bd7e2edd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928179
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74860}
We must ensure that the sweeper is not running or has already swept
mutable_double_buffer. Otherwise the GC can add it to the free list.
Bug: v8:11837
Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928181
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74859}
When this flag is enabled, allocation folding behaviour depends
on the --turbo-allocation-folding runtime flag.
When it's disabled, --turbo-allocation-folding is ignored.
This flag will be used later to control the
CodeStubAssembler::InlineAllocate behaviour.
Change-Id: Iea7bbafd8454571dda7d56349b3dc63d3b54ba99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878754
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Cr-Commit-Position: refs/heads/master@{#74858}
This CL enhances the interface of the fast C API with constants and
structs necessary for supporting JSArrays, TypedArrays and ArrayBuffers.
It also adds checks for incompatible combinations of argument type/flags.
Bug: chromium:1052746
Change-Id: I032167d0739d33f8151f78574c89d565cb9bd821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903147
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74857}
The delegate instruction is executed when an exception is thrown, not
after the last instruction of the block. Handle reachability
accordingly.
R=ahaas@chromium.org
Bug: chromium:1212396
Change-Id: I55e342cd73da44142cfbad7e16ab65ef513e6a60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928499
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74855}
Change API RegExp::GetSource to return a string identical to ToString()
and RegExp.prototype.source.
Bug: v8:11693
Change-Id: I3d148883fe6f8a3ff49e552ddd72b1e92f52baf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900737
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74854}
This CL refactors mjsunit tests, so that the common core of all tests is
abstracted away.
Bug: v8:11525, v8:11706
Change-Id: I24a1af4298380e21a64e4d17149422c32fbf8a4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914882
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74853}
Removing some additional complexity that is not frequently used.
Change-Id: I10195971d872d710ba3a87170fb62c1948e7716e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2923502
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74851}
Use Relaxed_Memcpy when making a new TypedArray that copies from a
SharedArrayBuffer.
Bug: chromium:1209639
Change-Id: Iaa1f069552f0aa42a1f423e5ee0a913b3330153c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2923274
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74842}
And add s10 to scratch_register_list. Clean up t* register used in macroassembler
Bug: v8:7703
Change-Id: Ib8477cd7528b8c2a2297da3f46659f30af45286e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914246
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#74841}
The refactoring makes it explicit that a v8::Array results in a
protocol::ListValue, and a v8::Object in a protocol::DictionaryValue,
which will be useful in a follow-up.
Bug: chromium:1213393
Change-Id: I0d6e5b013a828e12cb3200672d4fd9b14a14a807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919831
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74839}
To support Fast API calls with overloads, implement compile-time
function resolution based on the number of arguments passed to the JS
function.
Bug: v8:11739
Change-Id: I96839dc0b6fc540eff94573ac9e77f678908fc3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901249
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74837}
The counter as size_t can legitimately overflow on 32-bit systems, since
decreasing the counters is performed after all backing stores were
freed on a background thread. Before sweeping is finished a new backing
store could already be allocated which then leads to the overflow.
Bug: v8:11788, chromium:1211437
Change-Id: Id9f3e58b0e84e831fe47109f7deb3a05ae7e489c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922242
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74836}
This reverts commit 17915002fc.
Reason for revert: Breaks TSAN builds (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20builder/19166/overview)
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: I20f239e64ec2834acd651341634974291992add5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922316
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74832}
Calls to the record write stub are quite frequent and the caller has to
save all registers used by the builtin.
This CL moves the register saving to the builtin itself, reducing the
call-site code size significantly in many cases and thus improving
compilation speed of sparkplug.
Follow-up CLs with introduce the same behaviour to other platforms.
- CallRecordWriteStubSaveRegisters preserves the existing behaviour and
saves clobbered registers.
- CallRecordWriteStub expects the registers to match the ones specified
in the WriteBarrierDescriptor for more compact code.
Bug: v8:11420
Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74831}
This CL does 2 things:
1) Implements forwarding of histogram reporting from cppgc to v8 via
CppHeap.
2) Establishes the pipeline in GCTracer for sending the histograms to
the embedder.
Currently only cppgc histograms are populated.
See crrev.com/c/2916956 for usage.
Bug: chromium:1154636
Change-Id: I8150116f757e105d0dfac96a3f6e7dd95717f5bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917033
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74830}
With mprotect-based write protection of the WebAssembly code space,
we switch page protection flags each time (at least) one compilation
thread needs write access. Two such switches happen when TurboFan
compilation results are available in {ExecuteCompilationUnits}: One
switch happens when calling {NativeModule::AddCompiledCode} and one more
when calling {NativeModule::PublishCode} via
{SchedulePublishCompilationResults} and {PublishCompilationResults}.
So far, each TurboFan result was published eagerly, i.e., as soon as it
became available. This has the benefit that faster code is available
immediately, and had no large cost or downside without write protection.
However, with write protection switching permissions is expensive (an
mprotect syscall) and needs to lock the
{WasmCodeAllocator::allocation_mutex_} (which causes lock contention and
under Linux many futex syscalls). Thus, immediately publishing each
TurboFan result when using write protection can cause up to 10x slower
compilation compared with not using write protection. In terms of
syscalls we measured (non scientifically) with
{sudo perf stat -e 'syscalls:sys_enter*' d8 ...} on the Unity benchmark:
- mprotect: 10k vs. 44k syscalls (baseline vs. write protection)
- futex: 31k vs. 112k syscalls (baseline vs. write protection)
- sys time: 1.6s vs. 10s (baseline vs. write protection)
All of those are clearly to high.
The fix here is simply to batch togther multiple TurboFan functions into
one publishing step when using write protection. The batching logic
already exists for Liftoff, so we can just disable eager publishing for
TurboFan when using write protection. Additionally, we publish once when
all Liftoff results are available (even if the batch is not complete),
such that time-to-execute is not regressed.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Bug: v8:11663, chromium:932033
Change-Id: Ibf6f28ecf4733b40322e62761e66046dec60a125
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922114
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74829}
This reverts commit 5fd3858258.
Reason for revert: Failures on the predictable bot: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20predictable/36749/overview
Original change's description:
> [flags] Predictable should not imply single-threaded
>
> The --predictable flag is often used to reproduce issues, and having it
> imply --single-threaded can change decisions like which compiler(s) to
> use. This is because --single-threaded is meant to be set by embedders
> (hence we do our best to support single-threaded execution), whereas
> --predictable is a testing-only flag which should not change semantics
> too much. The fact that --predictable executes everything in a single
> thread is already implied by the PredictablePlatform.
>
> R=ahaas@chromium.org, machenbach@chromium.org
> CC=jkummerow@chromium.org
>
> Change-Id: Ic174dd59dfdbd6aa1a410f983db05db26c944cd5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919828
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74822}
Change-Id: Id312cd2b3a150fa3e61daf6550651dc252264ca2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922248
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74828}
When 'beforeScriptExecution' is enabled, a pause event may be generated
with a reason of 'instrumentation' rather than 'other.' This patch
ensures that in the case of a schedule-break, both an 'instrumentation'
and 'other' pause event is generated.
This is important for debuggers that rely on getting 'other' breakpoints
to determine if they should actually break, or continue executation.
Change-Id: I73613f4df6fa7942e7ca2be58853e5420589ba0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2915680
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74827}
