Add a --deopt-to-baseline flag, on by default, which allows returning to
sparkplug code when deoptimizing.
However when we turn this off, no longer deoptimizing to baseline code
means we can omit marking most bytecodes as valid jump targets. Leaving
just OSR and exception handling entry points.
This reduces the baseline code size by ~18% on Arm64.
Bug: v8:13082
Change-Id: I5b5a6679465807d7fe812cb977464167efffa7ab
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_cfi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3785006
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#82266}
In https://crrev.com/c/3811502 metrics for lazy compilation were
introduced that get recorded 5 seconds and 20 seconds after
instantiation. With this CL we record these metrics also 60 seconds and
120 seconds after instantiation.
R=clemensb@chromium.org
Bug: v8:12852
Change-Id: If95a3453f6a8510b567d291158d4119b022c1c9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810248
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82265}
This reverts commit 5965c90b3c.
Reason for revert: breaks tree
Original change's description:
> Move some string allocation functions from Factory to FactoryBase
>
> In a subsequent CL, I'll need to do String allocations in Turbofan (in
> the background), where only a LocalFactory is available. By moving
> those string allocation functions to FactoryBase, they will also be
> available in the LocalFactory.
>
> Change-Id: I066bbd4b5016645de183633ef237986e0ae50f5d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811581
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82262}
Change-Id: I27b4dd06286562ec67e5e6e681e6bcebbff08980
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816662
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82264}
... - a code range size agnostic version of InterpreterEntryTrampoline
builtin. The new builtin is fully compatible with the default version
and used as a template for creating interpreter entry trampoline
Code objects when --interpreted-frames-native-stack is enabled.
This CL introduces a new assembler option "position_independent_code"
which affects the way builtin calls are generated.
This mode is enabled only for InterpreterEntryTrampolineForProfiling.
Motivation:
* InterpreterEntryTrampoline uses RelocInfo::CODE_TARGET for calling
other builtins which requires the code range to be small enough to
allow PC-relative jumps/calls between Code objects. This is the
reason why --interpreted-frames-native-stack was not supported on
arm and might not work on arm64 because the code range is bigger
than the max PC-relative distance for call/jump instructions.
The new builtin calls other builtins via builtins entry table which
makes the code fully relocatable and usable for any code range size.
* RelocInfo::CODE_TARGET requires a target code to be materialized
as a Code object which contradicts the Code-less builtins goal.
* The --interpreted-frames-native-stack is rarely used in the wild but
we have to pay the price of deserializing InterpreterEntryTrampoline
builtin as a Code object which consumes address space in the code
range and thus limits the number of V8 isolates that can be created
because of code range exhaustion. Now the pointer compression cage
becomes the limiting factor instead of the code range.
* We can remove complicated logic of Factory::CopyCode() and respective
support on GC side.
Bug: v8:11880, v8:8713, v8:12592
Change-Id: Ib72e28c03496c43db42f6fe46622def12e102f31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811287
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82263}
In a subsequent CL, I'll need to do String allocations in Turbofan (in
the background), where only a LocalFactory is available. By moving
those string allocation functions to FactoryBase, they will also be
available in the LocalFactory.
Change-Id: I066bbd4b5016645de183633ef237986e0ae50f5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811581
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82262}
So far there was no support for allocating large objects in the
shared heap.
Bug: v8:11708
Change-Id: Ie4ec8244fee2e75fc0e2265847fe5976da2645ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811579
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82261}
All the known issues (GPU bot failures) have been fixed.
Original change's description:
> cppgc: Enable pointer compression by default on Desktop
>
> The CL enables pointer compression in Oilpan.
>
> For sherrifs: the CL may cause some slight perf regressions (likely
> blink_perf.*), due to slightly higher cost of compression and
> decomrpession.
>
> Speedometer2 is not expected to regress, as was checked locally. Such a
> slight performance degradation is compensated by memory savings that are
> expected to be around 10-20% of Oilpan committed size (~2.5-5% of Renderer
> PMF).
Bug: chromium:1325007
Change-Id: I52572ba30459dcdfd6219cfdc9e8f2f836fb95ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791061
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82260}
The `num_functions_` counter got incremented at the exit of
`ProcessFunctionBody`, and for some exits it did not get incremented
at all. This was incorrect, it has to get incremented for each call to
`ProcessFunctionBody`. With this CL, `num_functions_` gets called at
the beginning of the function.
R=clemensb@chromium.org
Bug: v8:12852
Change-Id: I554916a7217533234a82ba397c301b926ce86b99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811587
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82259}
This allows arm64 to produce an extending load from ChangeInt32ToInt64(Load(x)) more frequently.
Reduces embedded code size by 0.66% for arm64.
This change gives 0.3% for Speedometer on an A55 machine.
Change-Id: Ie27a134cea3dfc8a26b87553f27ca01bf9f00f1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803227
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: George Wort <george.wort@arm.com>
Cr-Commit-Position: refs/heads/main@{#82258}
Many messages already do not end in a ".", which makes sense for
embedders that format location and message in one line, like Chrome.
Before:
V8 error: Empty MaybeLocal. (v8::ToLocalChecked).
After:
V8 error: Empty MaybeLocal (v8::ToLocalChecked).
R=mlippautz@chromium.org
Change-Id: Ibfb226c50ae8dce4057cdf0012e58fa1f27faa2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811586
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82257}
In release builds, FLAG_debug_code is statically false. Without LTO,
this information is not available to callers of the various Assert
functions though.
This CL defines the methods as empty if V8_ENABLE_DEBUG_CODE is not set.
This removes some calls from non-LTO builds, and might even slightly
improve LTO builds if we enable more optimizations earlier in the
pipeline.
R=tebbi@chromium.org
Change-Id: I93a8f2f6322053e56f3d0fd8aae73cc3dd62d6ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805887
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82255}
JSTypedArray needs the base_pointer ByteArray immediately
if it's on heap. JSTypedArray's base_pointer was initialized
to Smi::uninitialized_deserialization_value at first when
deserializing, and if base_pointer was deferred, we will
mistakenly check JSTypedArray not on heap.
Bug: v8:13149
Change-Id: I104c83ff9a2017de1c8071a9e116baa602f6977d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813068
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#82254}
This CL adds three metrics for lazy compilation: the number of functions
compiled lazily, the total time spent on compiling functions lazily,
and the maximum time spent on compiling a single function. All three
metrics get recorded twice, once 5 seconds after instantiation, and once
20 seconds after instantiation.
R=clemensb@chromium.org
Bug: v8:12852
Change-Id: Ib9e5e12921fb1ec7aefd53af604cbb389bee79b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811502
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82248}
This CL enables Myers algorithm introduced with
https://crrev.com/c/3804860.
Note that Myers finds slightly different diffs in some cases compared
to the current approach so this CL has to rebaseline one test.
R=kimanh@chromium.org
Bug: chromium:1205288
Change-Id: Ife4708a9edf543db938024a5e14c34a589d6a22a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810244
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82247}
Wasm counters were accidentally changed to use NestedTimedHistograms in
https://crrev.com/c/3080566.
Revert that, and fix a comment in the NESTED_TIMED_HISTOGRAM_LIST macro
list.
R=cbruni@chromium.org
Change-Id: Ib28fbf50781026fe28c22af6108c88c3634d92c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811584
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82246}
This CL adds a new diffing implementation based on Myers algorithm
to live editing. We straight-up implement the algorithm presented in
"Myers, E.W. An O(ND) difference algorithm and its variations (1986)"
particularly the "Linear space refinement" presented in section 4b.
Note that the CL does not enable the new algorithm straight-away.
We'll land a separate CL for easier revertability.
Myers algorithm is a great improvement over the current dynamic
programming approach. Local benchmarking with a 130kB script
has shown drastic improvements both for time and space:
Live editing script (Old line count 10236 vs New 10240)
Dynamic Programming: 65701.931 ms
Myers: 11.735 ms
Bug: chromium:1205288
Change-Id: I136f176f4a0d3c9a5dcd7a157c72c49c475bea19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804860
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82243}
Some wasm interpreter tests are failing since instructions generated
by gcc such as *multiply and and* (fmadds) create intermediate
results bigger than 8 bytes which doesn't match other architectures,
hence the resulting output differs.
Port commit 13314a207e
co-authors: Jun Yuan Tan <junyuan.tan@starfivetech.com>
Change-Id: I18c0b659f30df84bb30daa176368a7e81b51063e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811139
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82240}
This CL refactors WasmContinuationObject to have a direct
ExternalPointer to the jmpbuf structure instead of using a Foreign.
This in turn makes it possible to use a unique pointer tag for that
external pointer when the sandbox is enabled.
Bug: v8:10391, v8:12949
Change-Id: I25528bd8aaffb32dd617440d3ccb77d319894a38
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805061
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82238}
This bit may not get cleared automatically and could show
results from older executed instructions.
Change-Id: I5976f9a6c5bf87b1a63ef0f35493b222729e20f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812037
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82237}
The compiler is free to spill intermediate results of
compression|decompression on stack. With our scheme, the only
intermediate result can be a truncated but non-shifted pointer.
Bug: chromium:1325007
Change-Id: Ibec1f80b9d214d1c1e7cb8368c094fc262237642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793615
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82236}
This is a reland of commit ccde420538
Added a test case for terminating optimized bigint multiply and attached frame_state to the runtime call to provide deopt information to determine the throw location
Original change's description:
> [TurboFan] Support BigIntMultiply
>
> Bug: v8:9407
> Change-Id: Iab0a4ca8dd5d83444d1addd6043a5c8e3a8577a7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773773
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82140}
Bug: v8:9407
Change-Id: Ia691d758265148da1de291365d41c7c1d1f98ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810391
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82232}
The infrastructure runs everything already in Python3, so this is
mostly a clean-up.
For MB, a python2 holdover was removed and new lint errors were
fixed.
The renames were automated with:
git grep -e "/usr/bin/python$" |
cut -d':' -f1 |
xargs
sed -i 's/#!\/usr\/bin\/python$/#!\/usr\/bin\/python3/1'
and
git grep -e "/usr/bin/env python$" |
cut -d':' -f1 |
xargs
sed -i 's/#!\/usr\/bin\/env python$/#!\/usr\/bin\/env python3/1'
Bug: v8:13148
Change-Id: If4f3c7635e72fa134798d55314ac1aa92ddd01bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811499
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82231}
Move the translation array building to the "compile" rather than
"generate code" phase of maglev compilation, as a graph processor after
register allocation. This allows it to be done on a background thread.
Drive-by: Use the new OptimizedOut functionality of the translation
array builder.
Bug: v8:7700
Change-Id: If4202737f1eeb38281f306c23f408105c5fb0ef1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811501
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82228}
Several small optimisations for TranslationArray:
a) Store opcodes and register codes as unsigned values (no need to
shift in the sign bit when encoding/decoding). Note that skips over
register codes will decode them as if they were signed -- this is
ok since we don't use the skipped value.
b) Use the static knowledge that opcodes and register codes need 7
bits to avoid the VLQEncode loop when building (still use a
VLQDecode when decoding since decode time matters less).
c) Add a special opcode for "optimized out", instead of using a
literal, since this will be a common case.
Change-Id: I9758e5b889ecc3f1a3fa4d840867f2a3d481e75f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812040
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82227}
This is a reland of commit 2055c3b482
Original change's description:
> [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
>
> Bug: v8:13058
> Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82213}
Bug: v8:13058
Change-Id: I315fd1cd5c36464b1a15c635c8f31825769c3eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812042
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82221}
The "Deoptimized function count" displayed in profview tool
should be the sum of deopt-eager, deopt-lazy and deopt-soft.
Change-Id: I42252930c3685f1ca721691f983abb8adeb492e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793469
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#82220}
Introduces a CheckSymbol to guard a reference equality for values in an
equality comparison with Symbol feedback.
Bug: v8:7700
Change-Id: Ieb012b292f2d955faf76e485e6636a2d293fa007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811500
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82219}
If the same WebAssembly module gets compiled multiple times, the
compilation result of the first compilation gets reused for later
compilations. With streaming compilation functions get compiled before
the whole module got downloaded, so it cannot be determined if the
currently compiled module has already been compiled or not. Therefore,
to check if the WebAssembly module has already been compiled, we compare
if the hash of the header section matches the hash of any of the already
compiled modules. If so, no function gets compiled until all bytes were
received. Then a full module check can be done, and either an existing
module can be reused, or the whole module gets compiled.
While compilation is avoided after a prefix_cache_hit, decoding still has
to happen. In the existing implementation, validation for lazy
compilation also happened in addition to decoding. This lead to the
problem that validation of lazy compilation could post a foreground task
when an error was detected, and later another foreground task got posted
when all bytes were received to do the full module check. Having two
foreground tasks at the same time violates an invariant in the
AsyncCompileJob.
With this CL we avoid the initial function validation after a
prefix_cache_hit to avoid the task for the error handling. Validation
will anyways happen again if the full module check fails later, or
validation is unnecessary if the full module check succeeds, as the
module has already been validated before.
R=clemensb@chromium.org
Bug: v8:13147, v8:12852
Change-Id: Iae24c056057f3a5dfd2f61accd1f9f0d35412996
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812038
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82218}
In the previous CL
(https://chromium-review.googlesource.com/c/v8/v8/+/3778969), we
executed i::Compiler::Compile regardless of the function has been
compiled or not. That caused DCHECK failures in the Compile function,
which allows to compile only once.
Bug: chromium:1347319
Change-Id: I240591cbec46dc4fac4028a80a8ba5ab2f05c450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3806929
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82217}
