Optimize ia32 code sequences. This is the same sequences as x64, which
have been optimized based on supported extensions.
Bug: v8:11464
Change-Id: I10396a928a431cdd2de9b22bb8a395bc0adb4694
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704897
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72926}
Extract code sequence into macro-assembler for reuse between Liftoff and
TurboFan.
Similar to x64, there is a bit of register-aliasing checking due to the
rather strict requirements for the code sequence depending on the
CpuFetures that are supported.
Bug: v8:11415
Change-Id: I3f855da25493941d158383020fbcafee8d18095f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2698066
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72925}
Extract code sequence into macro-assembler for reuse between Liftoff and
TurboFan.
Small tweaks to macro-assembler functions Pmaddwd and Pmaddubsw to move
src1 to dst on SSE when src != dst. TurboFan codegen won't be affected
by this since it sets the right restrictions in instruction-selector.
Bug: v8:11086
Change-Id: I6c206dec332c8195a6a4d419d11a28e7058c905a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707253
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72924}
These appear to be consistent with the pow implementation in ieee754.cc.
Bug: v8:11371
Change-Id: I1b695facb5ba7dc1a7bd28914bdb535966e080c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710432
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72922}
This is a partial reland of https://crrev.com/c/v8/v8/+/2601880 .
This change improves readability and helps prepare for when ScopeInfo
will not be convertible to FixedArrayBase.
Change-Id: I8de453c2b72ced51e98161e3d9e6426cd6ff7267
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707250
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#72920}
Now that we create a full frame for interrupts during the baseline
out-of-line prologue, we shouldn't consider the out-of-line prologue
builtin's frames as BASELINE, but rather have the frame above be the
baseline frame.
Change-Id: Icf96a6be4cf4bff0e482964bece12d397a26c268
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712789
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72919}
Port a3776a6382
Original Commit Message:
Backends do not care about the concrete type, they only need to know the
"kind" (e.g. "ref" or "i32").
In order to prepare Liftoff to use the value kind instead of the
value type for all stored data, this CL moves the kind out of the
ValueType and makes it a top-level enum.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ia4111941313037aa1a77f2a0a1536d492ae9dc0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712392
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72915}
This problem was found by Mathieu Schroeter <gamesover.ch@gmail.com>, who
also suggested this fix. Kudos!
R=cbruni@chromium.org
Change-Id: I8865d1ea6dea29514c69296145cf72958ea8acb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712566
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72913}
Also add v8_config_headers dependency to cctest_headers. This reduces
the number of gn check failures from 194 to 178.
Bug: v8:7330
Change-Id: I6453b9789503c9d8ca3ed6bbe94bce3e2a69653f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712564
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72912}
This method used to be defined on Object and handled Strings and
JSObjects; but only the object hierarchy rooted at JSObject has
'elements', and Strings are handled slightly differently. Thus it
makes sense to split up into
JSObject::GetOwnConstantElement
String::GetCharAsString
This way, we can also separate future work on making JSObjects and
Strings never-serialized.
Bug: v8:7790
Change-Id: I8e0f142fbd9cbf8e8abe1e9a189bcd948c2f1fa8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704080
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72911}
Using StackFrame::MANUAL was a bit of a hack to avoid frame markers to
be pushed, but manual in FrameScope means Enter/LeaveFrame aren't
called at all. This decouples those things.
Bug: v8:11429
Change-Id: Ie1603bb3c6858f0b97a75e4bb0b9bd1244de6cce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707205
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72909}
Currently if gn check is enabled (with v8/third_party ignored), there
are many errors due to headers being used without adding the proper
dependency in BUILD.gn (or because it's being used transitively without
a public_deps chain).
This makes the number of errors go from 2114 to 195.
Apart from adding dependencies, it also moves _v8_internal_Node_Print
from objects-printer.cc to node.cc so it can see the Node::Print method
which wouldn't otherwise be possible without a circular dependency. Also
removes the previously deleted compiler/graph-builder-tester.h file.
Bug: v8:7330
Change-Id: Icb34585fbef621588265cf4267cfc88ecbcf0a72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2702331
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72908}
Earlier we used the same interrupt budget always and waited for higher
number of ticks when tiering up from Turboprop to TurboFan. On some of
the real world pages this adds a reasonable overhead for processing
these interrupts. This cl sets the interrupt budget to a higher value so
there are fewer interrupts. This cl:
1. Sets the interrupt budget on feedback cell to
FLAG_interrupt_budget * scale factor when we install optimized code.
2. Resets the budget to FLAG_interrupt_budget when there is a
deoptimization.
3. Updates the runtime profiler to remove the scaling of number of ticks
needed for optimization when tiering up from TP to TF.
On sheets benchmark, we spend 40-50ms when servicing interrupts from
Turboprop code. This change brings it down to ~7ms. We also see
improvements on other pages.
Bug: v8:9684
Change-Id: Ia3e5e998d1fff44f2e08a240a8769b7ebe794da2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2696661
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72906}
If webassembly is disabled via a gn arg, we will not be able to enable
it via command-line switch. Hence make this flag read-only in that
configuration.
R=ecmziegler@chromium.org
Bug: v8:11238
Change-Id: Ib93a55f74d4f018477f110b8b52aa9b645e86553
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710426
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72905}
This is a reland of 76a2ab06a1
Changes since the original CL:
- Handle unserialized elements (optional result in getter).
- Merge should_access_heap and --turbo-direct-heap-access paths.
- Slightly update the serialized path in GetOwnCowElement.
- Fix the cctest, add a regression test.
Atomic JSObject::elements/JSArray::length setters are addressed
in this CL: crrev.com/c/2704076.
Original change's description:
> [compiler] Direct heap reads for JSArrayRef
>
> There are two aspects to the non-JSObject parts of JSArrayRef:
>
> - JSArrayRef::length. Relevant only in two spots, 1. when reading
> (immutable) array boilerplates and 2. for GetOwnCowElement.
>
> - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing
> store. Relies on the invariant that cow backing stores are immutable.
>
> This CL renames the length accessor to length_unsafe to make the
> danger explicit at callsites.
>
> For GetOwnCowElement the refactor is slightly larger, since we now
> need to read into the backing store while keeping full control of
> object reads (e.g. JSArray::length and JSArray::elements_kind). We
> make all reads explicit at the call site by requiring that elements,
> elements kind, and length are passed in as arguments to
> GetOwnCowElement. Inside GetOwnCowElement, consistency between these
> is *not* guaranteed due to concurrency. At runtime, consistency *is*
> guaranteed through the reference-equality check on the elements seen
> during compilation. The actual elements read is implemented in
> ConcurrentLookupIterator::GetOwnCowElement.
>
> Bug: v8:7790
> Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72834}
Bug: v8:7790
Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72904}
There is no need for write barriers if the stored value is known to be a
Smi.
R=thibaudm@chromium.org
Bug: v8:11453
Change-Id: Id1cf306b246686c245d1be5f72c46b54ba9829ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707172
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72903}
The section might be the first EH-related part being found, and then it
makes sense to include the hint about the flag in the error message.
R=thibaudm@chromium.org
Bug: v8:8091
Change-Id: I1680090f6ff3d9496a11db51f45d990d34f234ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707204
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72902}
This moves all asm.js tests (tests that use "%IsAsmWasmCode") into a
separate directory. This will make it easier to skip them all in the
v8_enable_webassembly=false configuration.
R=ahaas@chromium.org
Bug: v8:11238
Change-Id: I805f222b7977f5508f7dbee1f1bd61a88ccd34aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710427
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72900}
Both fields are accessed during background compilation and thus need
to be written atomically.
This CL changes the default setters `set_foo(value, mode)` to use
relaxed stores underneath.
Bug: v8:7790
Change-Id: I49161a548cb0ef6797bd3e5592dc5bf0c9a27a15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704076
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72899}
This CL introduces a test runner flag to detect if webassembly has been
disabled. Since all tests that require wasm are alrady skipped in
lite mode, we introduce a has_webassembly flag for the test runner which
checks for v8_enable_webassembly=true and v8_enable_lite_mode=false.
As a drive-by, we also do not set the V8_ENABLE_WEBASSEMBLY
preprocessor flag if lite mode is enabled.
The status files are updated by splitting wasm tests from the
"lite_mode" section and checking for "not has_webassembly" instead.
Note that the v8_enable_webassembly=false configuration is not tested
on any bot currently, but I will make sure that all tests keep passing
on further changes in this configuration.
R=machenbach@chromium.org
Bug: v8:11238
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Change-Id: I1841eb1f1633cb47e0c079f4a4a4d769ca3a9cbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710425
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72898}
Whenever we destroy an object that contains a
(Weak)(CrossThread)Persistent, we call the Persistent's dtor which frees
the relevant PersistentNode. To get the PersistentRegion for the node,
we get the value, then get the the relevant page which holds a reference
to the heap which holds the regions.
During a termination GC there is no marking and no weak callback
processing. That means that, when destroying a Persistent, the page on
which the object referenced by the Persistent resides may have already
been swept and destroyed. Then when we try to get the page we cleared or
unallocated memory and crash.
This issue presented as a sweeper crash in the web tests and
content_browsertests.
This issue affects only Weak(CrossThread)Persistent since the region for
their strong counterparts are already cleared at the start of a
termination GC.
This is not an issue in the Blink impl because (1) Blink finds the
elevant regions through ThreadState without going through pages, and
(2) Blink runs a full GC on termination that includes executing weak
callbacks.
Alternatively we could trace the Weak(CrossThread)Persistent region
which will run the weakness callbacks and clear all WeakPersistents.
The cost and outcome is equivalent.
Bug: chromium:1056170
Change-Id: I3db5b01424500eb695f9876247ef0c787d0d9ef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2708645
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72897}
Backends do not care about the concrete type, they only need to know the
"kind" (e.g. "ref" or "i32").
In order to prepare Liftoff to use the value kind instead of the
value type for all stored data, this CL moves the kind out of the
ValueType and makes it a top-level enum.
R=manoskouk@chromium.org
Bug: v8:11477
Change-Id: I489d6c5207e6ff1b66e2afbe78a156d66df27eb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707169
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72896}
Constant reloading of the null reference impacted some wasm-gc
benchmarks. This CL speeds some benchmarks by >5%.
Note: This solution is not ideal as it technically generates invalid
turbofan graphs. It is temporary until a proper optimization eliminating
excessive loads is implemented.
Change-Id: I7afa6fb8857f5dba3dde715bd30fe868ad06d92c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704668
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72894}
The criteria is:
1) Regular method before Unsafe one
2) int index before non-int index
3) TNode<Object> before TNode<Smi>
Bug: v8:6949, v8:11384
Change-Id: I499c835b956f6c92df26882ea37cb48e8fe737c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690592
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72893}
If a StackOverflow is caught, reload the pc and the limit from the
catching frame, not from the target.
R=clemensb@chromium.org
Bug: chromium:1180339
Change-Id: I41bf94e6c7525106e990306913e446f2c4269df1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710436
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72891}
On 64-bit platforms we reserve the maximum size of a WebAssembly memory.
Thereby the memory can grow in-place. On 32-bit platforms, however, we
allocate only the initial size, and grow the memory by reallocating the
memory. Due to memory fragmentation the memory therefore cannot grow
big. With this CL we allow to reserve 1GB of memory even on 32-bit
platforms. Thereby the memory can grow to at least 1GB.
R=gdeepti@chromium.orgCC=ulan@chromium.org
Bug: chromium:1175564
Change-Id: Iba44bb64ffa47322a205e8da3b7088e3edfeee62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707163
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72888}
This patch fixes a segmentation fault which occurs when using `--prof` flag on a Darwin ARM64 architecture.
See https://github.com/nodejs/node/issues/36656
Change-Id: Idc3ce6c8fd8a24f76f1b356f629e37340045b51e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2609413
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72886}
code to keep the RSB balanced
Besides, extract common code to
MaybeOptimizeCodeOrTailCallOptimizedCode
and cache the instance in a register,
Port: af3c5307f0
Port: 89ea44bf41
Port: adf035fb41
Change-Id: I3fde5b0995ea8aa51faeb3fd743cebef748ba745
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710212
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72884}
This reverts commit ed225df70c.
Reason for revert: Blocks the roll, causing compile failures in Chromium:
https://ci.chromium.org/p/chromium/builders/try/win_chromium_compile_dbg_ng/800868?
Original change's description:
> [objects] Cache the ExternalString's data in its resource
>
> For external uncached strings (also called "Small External Strings")
> with cacheable resources, we can cache its resource's data at the
> string's creation time. This allows us to safely read the data from the
> background as we wouldn't trigger a data() callback.
>
> For more information regarding the investigation and possible proposals
> see
> https://docs.google.com/document/d/101eAQqFpBPWFGNJicxtdlwYShJkTOUsEuxkVVeu5Hrk/edit?usp=sharing
>
> Bug: v8:7790, v8:11463
> Change-Id: I6164092b01a6ccb525a9516f476e066b35fb1f96
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685177
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72862}
Bug: v8:7790
Bug: v8:11463
Change-Id: I1d14c2f9872d156d43d5d95c8a032a37ba9379cb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2708824
Auto-Submit: Bill Budge <bbudge@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72880}
Use a slightly different instruction sequence for AVX, these
instructions issue to different ports, resulting in less resource
pressure. Full details in the bug.
Bug: v8:11464
Change-Id: Ie915a532f7453bab5c458038e8da725aa0e5d55b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2703451
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72879}
