This reverts commit d368dcf4ae.
Reason for revert: https://crbug.com/1312188
Original change's description:
> Refactor OSROptimizedCodeCache
>
> Tweak a few names, remove a few GetIsolate calls, other minor
> usability refactors.
>
> It may be worth taking a closer look at the impl in the future,
> currently the design choices don't seem ideal (see the added TODO
> on top of the class).
>
> Bug: v8:12161
> Change-Id: Ib34e372aa58a30c68c9c5cdd0d1da0ec3e86717c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560447
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79687}
Bug: v8:12161, chromium:1312188
Change-Id: Ieb3a91682845a23536fdfdf3208af74b3c6585f8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3564989
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79700}
These tests are too slow to be generally run.
Bug: v8:12741
Change-Id: I142a81a90558942a61b8582756b9227e6d8d634e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3558558
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79697}
In JSCallReducer::ReduceArrayPrototypeShift, when disable
FLAG_turbo_loop_variable, typer cannot infer loop phi variable
is in [1, kMaxCopyElements-1], and will break in representing
kRepFloat64 (Range(1, inf)) to kRepWord64 when converting
input for kLoadElement. So we need to add type guard for loop
variable. And we need to use loop phi variable when using
NumberLessThan to check terminate and updating phi loop variable,
otherwise which will break inducing variables in LoopVariableOptimizer.
Bug: v8:12632, chromium:1308241, chromium:1308029, chromium:1308087
Change-Id: I9f96e696f1103f39e633890b17b87bfb28b1dbc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3546577
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79695}
As a follow-up of
https://chromium-review.googlesource.com/c/v8/v8/+/3481475,
this renames a few more operations related to property stores to keep
them consistent and adds comments to explain about what they do.
Summary of the renamed identifiers:
- SetPropertyInLiteral -> CreateDataProperty: this implements
[[CreateDataProperty]] in the spec which does [[DefineOwnProperty]]
instead of [[Set]], so rename for clarity.
- IsStoreIC(), IsStoreICKind() -> IsSetNamedIC(), IsSetNamedICKind():
these only check whether the feedback kind is kSetNamedSloppy or
kSetNamedStrict, so the scope can be narrowed.
- StoreMode::kOrdinary -> StoreMode::kSet: this implements [[Set]]
in the spec and is used by both KeyedStoreIC and
StoreIC to set the properties when there is no feedback.
- StoreMode::kInLiteral -> StoreMode::kDefineKeyedOwnInLiteral:
this implements [[CreateDataProperty]] while expecting the receiver
to be a JSObject created by us (the `InLiteral` part). Prepend
`DefineKeyedOwn` to it so that it's more aligned with other
StoreModes - it should be possible to just merge this into the
more generic StoreMode::kDefineKeyedOwn later.
- KeyedStoreGenericAssembler::SetProperty ->
KeyedStoreGenericAssembler::StoreProperty: these helpers are used by
both define and set operations, distinguished with the StoreMode,
so rename it to the more generic StoreProperty.
Bug: v8:12548
Change-Id: Iccef673c1dc707bbdbf010f02f7db1e9ec32b3e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557690
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79694}
This is a reland of commit e76ad5c6d9
Changes compared to original:
- Move invocation of LAZY_INSTANCE_INITIALIZER to a static global
variable, as some builds were failing with a function-level static.
- Drive-by: Improve documentation a bit.
Original change's description:
> [wasm-gc] Implement isorecursive canonicalization
>
> This implements isorecursive canonicalization for static types.
>
> Not implemented in this CL:
> - Runtime type canonicalization.
> - Cross-module signature canonicalization for purposes of call_indirect.
>
> Bug: v8:7748
> Change-Id: I6214f947444eea8d7b15a29b35c94c3d07ddb525
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541925
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79665}
Bug: v8:7748
Change-Id: I493fba1906491762f7d8bae50108e3e4a743391d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560480
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79692}
Deprecate signature checks in
* Template::SetNativeDataProperty
* ObjectTemplate::SetAccessor
These are not used in Chrome and require some complicated check in the IC code, which we want to remove.
Change-Id: I413fafc8658e922fd590e7fe200600a624f019a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557253
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#79689}
Nodes can now hold a LazyDeoptSafepoint which stores the frame state in
case they trigger a lazy deopt. OpProperties have a new CanLazyDeopt
bit, and codegen emits a safepoint table entry + lazy deopt for all
nodes with this bit. Also, we now check the deoptimized code bit on
entry into the maglev compiled function.
An example use of these lazy deopts is added as a PropertyCell fast path
for LdaGlobal, which adds a code dependency on the property cell.
Bug: v8:7700
Change-Id: I663db38dfa7325d38fc6d5f079d263a958074e36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557251
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79688}
Tweak a few names, remove a few GetIsolate calls, other minor
usability refactors.
It may be worth taking a closer look at the impl in the future,
currently the design choices don't seem ideal (see the added TODO
on top of the class).
Bug: v8:12161
Change-Id: Ib34e372aa58a30c68c9c5cdd0d1da0ec3e86717c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560447
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79687}
This CL adds basic support behind --concurrent-osr,
disabled by default.
When enabled:
1) the first OSR request starts a concurrent OSR compile job.
2) on completion, the code object is inserted into the OSR cache.
3) the next OSR request picks up the cached code (assuming the request
came from the same JumpLoop bytecode).
We add a new osr optimization marker on the feedback vector to
track whether an OSR compile is currently in progress.
One fundamental issue remains: step 3) above is not guaranteed to
hit the same JumpLoop, and a mismatch means the OSR'd code cannot
be installed. This will be addressed in a followup by targeting
specific bytecode offsets for the install request.
This change is based on fanchen.kong@intel.com's earlier
change crrev.com/c/3369361, thank you!
Bug: v8:12161
Change-Id: Ib162906dd4b6ba056f62870aea2990f1369df235
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548820
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79685}
When starting a global safepoint, it could happen that one isolate is
waiting/blocking in the event loop, which prevents this isolate from
reaching a safepoint. As a consequence we therefore deadlock when
performing the safepoint. We can solve this by simply posting a task
for each isolate that when run performs a safepoint check.
This CL also renames IncludeMainThreadUnlessInitiator to
ShouldIncludeMainThread.
Bug: v8:11708, v8:12645
Change-Id: Ide956b3c39b350c2bb0279a7dd94ff79cb9d771b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555771
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79675}
This allows us to store per-eager-deopt site information.
Bug: v8:7700
Change-Id: I86c29aec28220fb96fcf09984e6665f650f22708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3550275
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79674}
This introduces a `V8InspectorClient::dispatchError()` callback that
embedders can use to dispatch errors from scripts injected by DevTools
(via debug evaluate). The idea here being that while these errors are
technically caught by the inspector logic, the DevTools UX presents them
just like other uncaught errors, with the exception that they don't
trigger error handlers installed by the page. The latter can be quite
confusing to developers, and surprising when for example testing these
error handlers from DevTools. So this adds the foundations on the V8
side to enable triggering error handlers for these technically caught,
but morally uncaught, exceptions.
On the Chromium side https://crrev.com/c/3560458 will implement and
use the hook. And that CL also adds a web tests to check the behavior.
Bug: chromium:1295750
Change-Id: I945c8a9e9b4ec5705fc7f1891dcda185b04c8310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557234
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79673}
Take 1:
https://chromium-review.googlesource.com/c/v8/v8/+/3557331
Undefined node needs to be constructed before Call in
BuildCallFromRegisterList as well.
Bug: v8:7700
Change-Id: I58bc647a3b34437a0a143e1f252c2fa2a01df3d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557235
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79672}
.. with readability and simplicity in mind.
- Rename OptimizationMarker to the (shorter) TieringState. 'Tiering'
also matches 'TieringManager' terminology.
- Rename the values:
kNone -> kNone
kInOptimizationQueue -> kInProgress
kCompileFoo_NotConcurrent -> kRequestFoo_Synchronous
kCompileFoo_Concurrent -> kRequestFoo_Concurrent
- Likewise rename ConcurrencyMode::kNotConcurrent to kSynchronous.
- Add predicates to test enum values.
- Consistent lower case names for accessors on JSFunction and
FeedbackVector.
- Instead of having to call HasOptimizationMarker() before using any
other accessor, simply have optimization_marker() return kNone if
no feedback vector exists.
- Drive-by: Enable the Unreachable() in MaybeOptimizeCode()
unconditionally - this should never happen, there's no reason not
to protect against this in release builds as well.
Bug: v8:12161
Change-Id: I67c03e2b7bd0a6b86d0c64f504ad8cb47e9e26ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555774
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79669}
- For y = x & 0xFF, we could use movzxbq y, x.
- For y = x & 0xFFFF, we could use movzxwq y, x.
- For y = x & 0xFFFFFFFF, we could use movl y, x.
- For y = x & immediate and immediate fits into uint32,
we could use andl x, immediate.
Bug: v8:12337
Change-Id: I31f04fa9058c6acabb210f0fce61ac713ed1a382
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3518913
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79668}
Port 0a110021d2
Change-Id: I922cde72d100b8d1ef006a7752400c568b675532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3559629
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79666}
This implements isorecursive canonicalization for static types.
Not implemented in this CL:
- Runtime type canonicalization.
- Cross-module signature canonicalization for purposes of call_indirect.
Bug: v8:7748
Change-Id: I6214f947444eea8d7b15a29b35c94c3d07ddb525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541925
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79665}
There are two kinds of method to get native context of JSFunction
object, directly calling to native_context() and calling
context().native_context(). Replace all context().native_context()
with native_context().
Change-Id: Ia7a7e64648446002717d38fafecd2420f622325e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541468
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#79663}
The "undefined" node has to be in the CFG graph before the "Call" node.
Bug: v8:7700
Change-Id: I137cde1d884e87e72fd4d6a22d5105168c8fb6cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557331
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79658}
Change the NodeBase bitfield to be initialised by NodeBase::Allocate,
and threaded through Node constructors as a complete bitfield instead of
the input_count.
This means that we can centralise changes to the bitfield, as well as
the setting of the opcode.
Bug: v8:7700
Change-Id: I848369339f3e43ba85d435c14d525d63907181e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555773
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79656}
All architectures have kSupportsFixedDeoptExitSizes = true, so we can
remove kSupportsFixedDeoptExitSizes entirely and always have fixed-size
deopts.
Change-Id: Ib696f6d2431f60677cc7fa2193ee27b9b0f80bc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3550268
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79654}
- Always show the navigation buttons
- Format code with fixed-width font
- Limit the property-table height for more compact tooltips
Bug: v8:10644
Change-Id: I0a0f30056455371bad12b2c679d184948c5b52de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555772
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79652}