The {AddOutOfLineTrap} method shows up with several percent of runtime
in performance profiles. The majority of that was spent copying entries
when growing the underlying vector.
Pre-reserving space in that vector removes most of that overhead.
R=thibaudm@chromium.org
Change-Id: I1befb75b070d4f803770c2afcc5c82ffb9bfb522
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688511
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80943}
Applying the set of unittest changes from
https://crrev.com/c/3678208 to BE.
Change-Id: I02d0f2f388720e3acc35660042d5c2c76fa589e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687474
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80942}
As the {CompilationTimeCallback} does not react to
{kFinishedCompilationChunk}, it does not need to stay alive after a
"final" compilation event.
Drive-by: Make the enum a boolean enum.
R=jkummerow@chromium.org
Bug: v8:12899
Change-Id: Iffacd6e3d9a0f2474a51f07cf01419b2badf98c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667083
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80940}
There are two flag updates from the Wasm C-API. Both are unnecessary:
FLAG_expose_gc is not needed because we call the internal API for
garbage collection; this is always allowed.
FLAG_experimental_wasm_eh is enabled by default, so does not need to be
set to true in that test.
R=jkummerow@chromium.org
Bug: v8:12887
Change-Id: If56506228cd89d5452e71376e4c2f6a4ec636979
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687690
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80939}
Extend the effect of --freeze-flags-after-init to also protect updates
of individual flags instead of only the API.
For this, we wrap each flag in a {FlagValue} class which implicitly
converts to the value of the flag. Some cases still require the explicit
{value()} accessor though. That accessor is {constexpr}, in contrast to
the implicit conversion, because otherwise clang emits a lot of warnings
about dead code within "if (FLAG...)" scopes.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: I87d3457e49ceb317d34d6a21cf09c520d4171eb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683321
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80938}
... as a pair of Code and CodeDataContainer.
In order to stop creating and using trampoline Code objects for
builtins we need a different way to represent an "embedded builtin"
code lookup result of builtin trampoline Code objects.
We can't switch to CodeT for this purpose because GC still needs to
be able to locate not yet evacuated Code objects in order to update
old code pointers on the stack once Code objects are moved.
Bug: v8:11880
Change-Id: I296636a6728a11c8e3220b3fee43fd12ff633c1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3684813
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80937}
It mostly worked out of the box. Only the dictionary mode prototype
chain walk code paths had to be updated.
Bug: v8:11111
Change-Id: Ia8336964d29304916a34e305f32bb33bb06e211a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683340
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80935}
This makes some checks a bit stricter to avoid accepting illegal relaxed
SIMD opcodes.
1) The default case in the Liftoff compiler should be UNREACHABLE,
such that the switch case is required to cover all defined opcodes.
2) The {WasmOpcodes::IsRelaxedSimdOpcode} wrongly also returned {true}
for opcodes like 0xfd300. We should really check nibbles 3-5 for the
exact value 0xfd1.
3) {WasmOpcodes::Signature} was returning a non-null signatures for
illegal opcodes like 0xfd200, because {IsRelaxedSimdOpcode} returned
false, and then we would just use the lower bytes for the lookup in
the SIMD signature table.
R=thibaudm@chromium.orgCC=gdeepti@chromium.org
Bug: chromium:1324081
Change-Id: Idbfde570ccd782e59b47b96e7ca8cc28fa7fae98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687309
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80934}
We need to make sure that a fallthrough merge state immediately after an
unconditional deopt is also marked dead. This means rotating the loop so
that we do a first MergeDeadIntoFrameState pass on the current bytecode,
before advancing.
Bug: v8:7700
Change-Id: Ib00294a8ab7645427f1c120d4938b38719391586
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3672414
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80932}
The value of the counter is never used, so remove it. This not only
cleans up code, but also makes triggering tier-up a little bit faster
because we do not need to take a mutex any more.
R=ahaas@chromium.org
Bug: v8:12899
Change-Id: I09f7df4d49b0d94567cd84ccb2aaa6fd86b96c37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667645
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80931}
This fully removes the kFinishedTopTierCompilation event, and any
handling of it. In a dynamic tiering world, that event has no meaning
any more.
R=ahaas@chromium.org
Bug: v8:12899
Change-Id: I36484e36f7c36f2ac4fcb111e67a14509c2eefef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667081
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80930}
We introduce a Turbofan pass which optimizes wasm-gc nodes based on
the types of their inputs.
Bug: v8:7748
Change-Id: I281eb0785e9e4201ef925ec201d76dc3d274ad05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3679198
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80929}
This CL adds the serialization and deserialization for
properties in class.
TODO: we could use serialized start_position and length
in function to add ClassPositions property to class.
Bug: v8:11525
Change-Id: I065039932b3c10c6b757b331aba0ced36eba84e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3682878
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80927}
Prototype the instruction on the interpreter, and Arm64. Details of
instruction lowerings on all relevant architectures can be found at:
https://github.com/WebAssembly/relaxed-simd/issues/52
Bug: v8:12908
Change-Id: If8ffb82c38042191c67c9b5c23a231877d4f2159
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3679848
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80924}
Smis are represented in feedback by the heap number map. Turns out the
megamorphic load IC always just missed instead of using the map. Fixing this
improves a microbenchmark by ~6x.
Change-Id: I4c6d0ec1abb88ae34b212cfc69cc6b020060753b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683318
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80923}
This reverts commit c443858fa9.
Reason for revert: Several UBSan failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/21547/overview
Original change's description:
> Allow lookup of matching scripts in Isolate compilation cache
>
> Currently, if the same script text is compiled multiple times with
> differing details (such as name, line number, or host-defined options),
> then multiple copies of that script are added to the Isolate's
> compilation cache. However, any attempt to look up those scripts can
> find only the first instance. This change makes the script compilation
> cache behave more consistently by checking the details while searching
> the hash table for a match, rather than after a potential match has been
> found.
>
> Bug: v8:12808
> Change-Id: Ic9da0bf74f359d4f1c88af89d585404f173056ee
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3671615
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#80919}
Bug: v8:12808
Change-Id: I6d007374fb607a2670ca260c6bd0d6774d7f51d7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687311
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80922}
- moved test data closer to tests
- removed the coverage related code
- refactored to remove boilerplate from test code
Bug: v8:12785
Change-Id: I1013d29d8ff2c3ecb786c294ae3b3ab6decdca20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683610
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80921}
Code ageing too early can have a bad impact on performance. Let's
evaluate keeping code alive a little longer. Later we can look at more
elaborate heuristics.
Change-Id: Ib220c4dcd24165d6b6e5020cb1829c669ed3e736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3686416
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80920}
Currently, if the same script text is compiled multiple times with
differing details (such as name, line number, or host-defined options),
then multiple copies of that script are added to the Isolate's
compilation cache. However, any attempt to look up those scripts can
find only the first instance. This change makes the script compilation
cache behave more consistently by checking the details while searching
the hash table for a match, rather than after a potential match has been
found.
Bug: v8:12808
Change-Id: Ic9da0bf74f359d4f1c88af89d585404f173056ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3671615
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80919}
This reverts commit c7aef55208.
Reason for revert: Merged the wrong CL for the fix.
Original change's description:
> [maglev] Fix dead fallthrough merging
>
> Add a method which optionally merges dead fallthrough paths, in case the
> iteration in EmitUnconditionalDeopt reaches a merge point that is live
> from another jump but dead on the fallthrough.
>
> Bug: v8:7700
> Change-Id: Ie505cd5356fcf70208f2f6d3e52b805956485f74
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663086
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80878}
Bug: v8:7700
Change-Id: I75a21777aecfa08138fcc25a882ae109f3409159
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687649
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80917}
Use the existing {base::Optional} instead of the extra {MaybeBoolFlag}
struct. This makes writing to a maybe-flag simpler because you just
write a boolean value and that automatically initializes the optional.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: I940d20286d65ba4355dc04b4b6068a306706f295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3686412
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80915}
This adds a new flag to freeze all flag values after initializing V8.
For now, the only effect is that future calls to {SetFlagsFromString},
{SetFlagsFromCommandLine} or {EnforceFlagImplications} will fail.
In the future (once tests and embedders are fixed to not change flags
after initialization) we plan to actually protect flag values via memory
protection.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: I7974bb9b86715694122f788e08952f7dcc3acdbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3679099
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80914}
We should not use kSimd, which has already shipped. Instead, use a new
kRelaxedSimd bailout reason.
R=thibaudm@chromium.org
Bug: chromium:1324081
Change-Id: I394e288014245ed9ae69e20f811f8cf7555e6149
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3686413
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80913}
We introduce a typing phase into the Turbofan compilation pipeline for
wasm-gc. It has two functionalities: (1) to type nodes that were not
typed during code generation (mainly phi nodes) and (2) to narrow types
as much as possible.
The following nodes are handled, which should be enough for our
purposes: TypeGuard, WasmTypeCast, AssertNotNull, Phi, LoadFromObject,
and LoadImmutableFromObject.
Loop phi types are computed by first assigning the type of the
non-recursive input, and updating once we have the type of the recursive
inputs, and repeating this process to a fixed point.
Drive-by: Remove the narrowing of function signatures during wasm
inlining, as it created some issues and should not be needed after this
series of changes.
Bug: v8:7748
Change-Id: I8a72488d5c221c4ae8257fc5abf6f0368cf10e96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3678208
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80912}
code cache logic
Previous break condition is meeting JumpLoop to loop nesting level 0,
this is probably a JumpLoop getting removed if it's dead code. Add out
of bytecode array to break condition for avoiding dead loop in the case
of the JumpLoop to loop nesting level 0 getting removed.
Bug: v8:12927
Change-Id: I854187a6e226c4537981ffbbb7e88f1584cf70e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3686589
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#80909}
Previously if we had no bytecode the SFI wasn't removed. This was a bug
introduced after replacing Fullcodegen ageing (where we checked the code
object, which could have been the lazycompilestub).
Change-Id: I13add56a2c62fffddb11abdc35019272abc72c30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3686409
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80908}
In https://crrev.com/c/3522896 we changed the last_id_ to be a member
variable. This subtly changed how profile id's were generated.
This CL changes this part back to a static variable that guarantees
process-wide unique profile ids.
Bug: chromium:1330726, chromium:1297283
Change-Id: I5f3dddcbbc156d0dee7d1eedde8a731c53d080dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3684289
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80902}
Currently getting the following error with gcc 8.4,
including on x64 linux:
```
error: ':InterpreterState::scratch_' is used uninitialized in this function
```
Change-Id: I95ae848bf2503f6a0dac30254b19b08047b73cce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683104
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80901}
The fuzzer instantiates the module twice: Once for reference
interpretation / execution, and once for the actual execution of
Liftoff/TurboFan code.
For some reason, the two code paths for interpretation and Liftoff
reference execution used different patterns: Interpretation was using
the first instance, and then creating a second instance for actual
execution, whereas the Liftoff path used a second instance for the
reference execution and used the first one for the actual execution.
This CL refactors this to always create a "reference instance" first,
use that for either the interpreter or Liftoff, and then create a second
instance for the actual execution.
R=thibaudm@chromium.org
Bug: v8:12425
Change-Id: I19754264240d8570f00161abb7aecba1cc2b2ae0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683323
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80900}
This is a partial reland of https://crrev.com/c/3597106 including fixes
from https://crrev.com/c/3654413
Before this change, a script cache key is the same format as an eval
cache key, which is a FixedArray containing:
- The SharedFunctionInfo of the containing function
- The source text
- The language mode in which the code was parsed
- The position in the source where eval was called
After this change, a script cache key is a WeakFixedArray containing:
- A weak pointer to the Script
- The hash value of the source text
This sets up for a subsequent change which can cause these keys to
outlive their corresponding values (top-level SharedFunctionInfos)
without leaking any memory beyond the key itself.
Bug: v8:12808
Change-Id: Ibdfe5d10eafe5b7392e554c500af47975baf45c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3668304
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80899}
The OOB check belongs in ValidateIntegerTypedArray according to the
spec.
This also fixes the error types for OOB TypedArrays when doing Atomics:
OOB TypedArrays should get a TypeError, not RangeError.
Bug: v8:11111
Change-Id: Ice2e5695d69d84b2c20a4cf8f06880673d901a91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3676859
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80898}
This CL addresses a TODO left from implementing Wasm entry to fast C
calls in https://chromium-review.googlesource.com/c/v8/v8/+/3440694/
and avoids generating a branch in case it's not needed (either because
the embedder isn't providing an options object, which is the case
for Wasm, or because we're not generating overloads).
Bug: chromium:1052746
Change-Id: I7323f85801c034f0c47877ea15f677a53d3acea3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650923
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80897}
IsCompiledScope retains code to protect against code flushing. The
current API is easily misused by forgetting to initialize
IsCompiledScope with a SFI's current state.
Change-Id: Ie8ab60acc4fb85c4b8b76c52040976e2e34f9d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3674117
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80896}
Some parses are actually re-parses of an already parsed function; things
like source position collection, CallPrinter AST walks, debugger, etc.
These may want slightly different parse behaviour -- in particular, we
likely don't want to post parallel compile tasks for them. So, keep
track externally of which parses are reparses, and suppress parallel
compile tasks for them.
Change-Id: I8b38caad1a385e08231bd247774e9804a409de0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3291317
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80895}
