- 09 Feb, 2021 20 commits
-
-
Bill Budge authored
- Fixes a problem when constructing Wasm CallDescriptors, where the allocation tries to treat parameters and returns as if they are in the same frame. This doesn't work when slots may be aligned in their frame. Instead, allocate parameters and returns separately and offset return slots by the number of parameter slots. - Adds argument slot padding in the CallDescriptor lowering case, to prepare for when 32 bit targets align stack frames and require padding. - Adds a regression test. Bug: chromium:1174500 Change-Id: I60d96a94b171a0d27ff61cbab35623976b0c6da8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2683024 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#72588}
-
Georg Neis authored
Bug: v8:7790 Change-Id: Iabfbb36c18935b04ee4c67129accd3a9b4729b3a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2681942 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#72587}
-
Georg Neis authored
Main changes: - Introduce a new broker data kind kBackgroundSerialized for objects that can be serialized in the background (when direct reads are on). (I'm planning to remove kPossiblyBackgroundSerialized in a followup, in favor of a dynamic choice of kSerialized or kBackgroundSerialized). - Make PropertyCell use that new kind. - Introduce a bottleneck in runtime code for changes to PropertyCells and make sure that a certain protocol is followed that allows concurrent reads from the background thread. - Improve interface of PropertyCell in various ways. Bug: v8:7790 Change-Id: If3d7926c3b894808811348b4b2bed153f5c06897 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2661462Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72586}
-
Clemens Backes authored
Those dynamic allocations are responsible for 5-10% of execution time in wasm code publishing, which again is the biggest contributor to deserialization time. The allocations are used for patching the jump table. This CL avoids dynamic memory allocation by having some thread-local space that is re-used for allocations of ExternalAssemblerBufferImpl. Since those objects are small, memory usage is not a concern here. R=jkummerow@chromium.org Bug: v8:11164 Cq-Include-Trybots: luci.v8.try:v8_linux64_asan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng Change-Id: I44aad86fa821a1ccb59b539da861a346f62a9813 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667859 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#72585}
-
Milad Fa authored
WasmCompileLazy needs to save the content of vector parameter registers. If Simd is not enabled or the hardware does not support Simd operations then we need to saves the value of Double registers instead, therefore we need a way to retrieve the value of "CpuFeatures::SupportsWasmSimd128()" in builtins during runtime. Bug: v8:11377 Change-Id: I74a5f870d7077166548472adb25c3fb06d0ebdb9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679682Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Junliang Yan <junyan@redhat.com> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#72584}
-
Jakob Gruber authored
This reverts commit da785659. Reason for revert: Investigating regressions https://chromeperf.appspot.com/group_report?rev=72572 Original change's description: > [compiler] Don't serialize JSTypedArray fields > > This CL removes serialization of JSTypedArray fields when direct heap > reads are enabled. Invariants we rely on: > > - Of the underlying interesting fields, > - base_pointer and external_pointer are set either during > initialization, or in a one-time on-to-off-heap transition in > GetBuffer. > - length and buffer are immutable after initialization. > - is_on_heap and DataPtr derive from base_pointer and > external_pointer s.t. is_on_heap == (base_pointer != 0) and > DataPtr == external_pointer in the off-heap case. > > In this CL we add one new invariant: > > - For all base_pointer and external_pointer mutations after > initialization, base_pointer is guaranteed to be release-stored > after external_pointer has been written. > > With these invariants, concurrent access to off-heap typed arrays is > trivial as long as is_on_heap (= base_pointer) is read before other > relevant fields. > > Note that JSTypedArray remains a kSerializedHeapObject due to the > serialized superclass JSObject. > > Drive-by: Remove unused Torque operators and empty TODOs. > > Bug: v8:7790 > Change-Id: I3c4327318f94e4e6083d4e87476069aad2649386 > Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng > Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679689 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72572} TBR=neis@chromium.org,jgruber@chromium.org Change-Id: I5a7e6bacb7b7a3e3510c778837679e6822f26339 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2681948Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72583}
-
Frank Emrich authored
This CL is part of a series that adds the C++ implementation of SwissNameDictionary, a deterministic property backing store based on Swiss Tables. This CL contains most of the boilerplate code for introducing a new instance type. Bug: v8:11388 Change-Id: Id263b8138a8ce4b465fb28d968223d2e1aaf05a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2672030Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Frank Emrich <emrich@google.com> Cr-Commit-Position: refs/heads/master@{#72582}
-
Clemens Backes authored
The interpreter frame is only used for testing now (see linked issue). This CL removes some remnants in messages.{h,cc}. R=bmeurer@chromium.org Bug: v8:10389 Change-Id: I369057ed02dbb68ba40ef9b4aa9a84799d3db528 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2681944 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Clemens Backes <clemensb@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#72581}
-
Paolo Severini authored
Bug: v8:11092 Change-Id: I62fe079a67a4643d2e42cbdeabf26b5c7d8bc148 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2677813Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#72580}
-
Michael Lippautz authored
The detached CppHeap allows for allocation without invoking garbage collections. Allocated bytes are reported on the first allocation after the CppHeap has been attached to an Isolate. States: - Detached: Allow only allocation; - Attached: Unified heap GCs; - Termination GC: Require detached state; Destruction: - Heap::TearDown: Detach if attached; - ~CppHeap: Detach if attached; Bug: chromium:1056170 Change-Id: I95ce029f36a7f10392257080b6e23e13cc0fc7b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2672940 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72579}
-
Ulan Degenbaev authored
This fixes a false positive TSAN report where an object transitions to a new map in StoreIC. The scenario: 1) Object a transitions from map1 to a newly created map2 in runtime. The map is installed with a release-store. 2) Object b transitions from map1 to map2 in StoreIC in generated code that is not visible to TSAN. 3) Concurrent marker visits object b and loads it map with an acquire load. Since TSAN does not see the store in step (2) it thinks that the map loaded in (3) is freshly allocated and is not guarded by a release store. Bug: v8:11353 Change-Id: Ifcace9edff987761a4098d3fdfb98c6190f1ee1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682641Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72578}
-
Shu-yu Guo authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/b2e9dff28..fd27d1f5d Bug: v8:7834 Change-Id: Ieb652612285d809a0a6dbfc610ff1ab36e79b763 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2681314 Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#72577}
-
Michael Achenbach authored
This reverts commit 72464122. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/32046 Original change's description: > [regexp] Ship RegExp match indices > > I2S: > https://groups.google.com/a/chromium.org/g/blink-dev/c/RR_dw_ZXtT0/m/xtgu5jjyAQAJ > > Bug: v8:9548 > Change-Id: I8ccf2f4c38f9b9204ae47162303f21d2d44498e8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682508 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Auto-Submit: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72571} TBR=jgruber@chromium.org,syg@chromium.org Change-Id: I1173389082928aa5c9895ca4fb360c7ab8ec073b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9548 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2681943Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#72576}
-
Santiago Aboy Solanes authored
Bug: v8:11384 Change-Id: I00754c295cd7b0de11f7ae039b423abfb9db5716 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682643 Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#72575}
-
Gus Caplan authored
This adds support for kBool, kInt32, and kUint32 types. Bug: chromium:1052746 Change-Id: I54641eb036eea30113c44eab2c08626176ecc40a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2629463 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#72574}
-
Michael Lippautz authored
Embedders may use cppgc (or v8::CppHeap) earlier than V8's Isolate and platform are initialized. Require explicit initialization of cppgc to avoid recurring init calls with potentially conflicting parameters. Bug: chromium:1056170 Change-Id: I613452954b322c9a5bf074eefd25107b4579958c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682648Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72573}
-
Jakob Gruber authored
This CL removes serialization of JSTypedArray fields when direct heap reads are enabled. Invariants we rely on: - Of the underlying interesting fields, - base_pointer and external_pointer are set either during initialization, or in a one-time on-to-off-heap transition in GetBuffer. - length and buffer are immutable after initialization. - is_on_heap and DataPtr derive from base_pointer and external_pointer s.t. is_on_heap == (base_pointer != 0) and DataPtr == external_pointer in the off-heap case. In this CL we add one new invariant: - For all base_pointer and external_pointer mutations after initialization, base_pointer is guaranteed to be release-stored after external_pointer has been written. With these invariants, concurrent access to off-heap typed arrays is trivial as long as is_on_heap (= base_pointer) is read before other relevant fields. Note that JSTypedArray remains a kSerializedHeapObject due to the serialized superclass JSObject. Drive-by: Remove unused Torque operators and empty TODOs. Bug: v8:7790 Change-Id: I3c4327318f94e4e6083d4e87476069aad2649386 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679689 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72572}
-
Shu-yu Guo authored
I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/RR_dw_ZXtT0/m/xtgu5jjyAQAJ Bug: v8:9548 Change-Id: I8ccf2f4c38f9b9204ae47162303f21d2d44498e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682508 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72571}
-
Benedikt Meurer authored
BREAKING CHANGE: The values of Wasm locals, stack, and globals are now represented as objects instead of holding the (primitive) values directly, and SIMD128 values are no longer represented as Uint8Arrays. The DWARF extension has been prepared for this breaking change. The new `WasmValue` comes with `type` and `value` properties that hold its contents. The motivation here is that this is a more extensible approach. In case of SIMD128, the `value` property holds the canonical string representation, which has the additional advantage that these values can be compared with `===` (and `==`). This partially reverts https://crrev.com/c/2614428, the main difference here being that WasmValue is now a proper JSObject that can be exposed on the DebugEvaluate proxy API. Screenshot: https://imgur.com/rcahNKM.png Bug: chromium:1170282, chromium:1071432, chromium:1159402 Change-Id: Iea304e3680775123c41deb4c3d172ac949da1b98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643384Reviewed-by: Philip Pfaffe <pfaffe@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#72570}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a2a1340..6408b07 Rolling v8/third_party/aemu-linux-x64: wSpywIGELAWo-KIDF77NMsedbTxiUN7DZUJS-hXiT1UC..BJKsuvEy1d1R4k1qe_4WGn47cAA9BDUVDaMnfbyiH-cC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ab8a40f..e6e7c93 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ac34821..79f916a Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/fae3adc..5798a76 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I79b3255135b8ac21ba92bbd4d0b92818045390e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2683244Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#72569}
-
- 08 Feb, 2021 12 commits
-
-
Michael Lippautz authored
Those references would be passed over to Blink via buffer and dropped after a virtual call. Bug: chromium:1056170 Change-Id: Idd02acce7a2d5c927dd9dc2415fe507b00ff3e58 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682646 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72568}
-
Ng Zhi An authored
Prototype these 6 instructions on arm: - f64x2.convert_low_i32x4_s - f64x2.convert_low_i32x4_u - i32x4.trunc_sat_f64x2_s_zero - i32x4.trunc_sat_f64x2_u_zero - f32x4.demote_f64x2_zero - f64x2.promote_low_f32x4 For all these instructions we rely on having Q registers that map to S registers, which means we can only use q0 to q7. We fix the src/dst to q0 arbitrarily. Bug: v8:11265 Change-Id: Ied95f2dde9859a60fc216ed67615f80e9d795bb7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679842Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72567}
-
Zhi An Ng authored
This reverts commit 00babf07. Reason for revert: Broke mac64 https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64/38510/overview Original change's description: > [wasm-simd][x64][liftoff] Implement i8x16.popcnt > > Extract i8x16.popcnt implementation into a macro-assembler function, and > reuse it in Liftoff. > > Bug: v8:11002 > Change-Id: I86b2f5322c799d44f584cac28c70e0e393bf114f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676280 > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72565} TBR=gdeepti@chromium.org,clemensb@chromium.org,zhin@chromium.org Change-Id: I5795b71f65d59237db59907d40c34e4fa7779fe1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11002 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682505Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72566}
-
Ng Zhi An authored
Extract i8x16.popcnt implementation into a macro-assembler function, and reuse it in Liftoff. Bug: v8:11002 Change-Id: I86b2f5322c799d44f584cac28c70e0e393bf114f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676280Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72565}
-
Junliang Yan authored
Change-Id: Ic973b6342a6b91fe9068ee1ffe4e83a138fb2fa4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679269Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#72564}
-
Santiago Aboy Solanes authored
Change-Id: Icd1d9fa59fac714673a264839006e74fc4dfeac3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676147Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#72563}
-
Camillo Bruni authored
CSV Support: - Add import merged CSV from results.html - Aggregate multiple runs and calculate stddev on them Charts: - Defer rendering charts for responsive UI - Clean up chart rendering in general - Sort charts based on raw chart data for speedups - Show chart annotations - Add chart total, displaying the total value for the currently selected categories - Fix sorting by chart total - Add average row for all charts Change-Id: I1e542f319172ecf158dcb44f8da7ad6e81aafe41 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2675934Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#72562}
-
Clemens Backes authored
Update the wasm spec tests to include the memory64 proposal. Some tests are failing currently because of broken spec tests or missing v8 support. This will be addressed in follow-up CLs. R=ahaas@chromium.org CC=zhin@chromium.org Bug: v8:11401 Change-Id: I1a8f75e70f9d0828ad32c960c113f5e4c0d1a44b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679683 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#72561}
-
Michael Lippautz authored
This change avoid dispatching a write barrier during the atomic pause. The dispatch can generally be triggered through pre-finalizers. In future, further checks may be added to avoid mis-use of pre-finalizers. Bug: chromium:1056170, chromium:1175560 Change-Id: I119e18372633b2375f60e17b4c881f68bb20bf66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679685Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72560}
-
Jakob Kummerow authored
MacOS 11.2 refuses to set "no access" permissions on memory that we previously used for JIT-compiled code. It is still unclear whether this is WAI on the part of the kernel. In the meantime, as a workaround, we use madvise(..., MADV_FREE_REUSABLE) instead of mprotect(..., NONE) when discarding code pages. This is inspired by what Chromium's gin platform does. Fixed: v8:11389 Change-Id: I866586932573b4253002436ae5eee4e0411c45fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679688 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72559}
-
Clemens Backes authored
For functions with a very large stack, the debug side table repeats a lot of information: Most values will be spilled to the stack, still every single entry in the debug side table repeats information about them (type, stack offset). This leads to the size of the debug side table to be quadratic in the size of the function. In the linked bug, the generation of the debug side table took ~400ms, whereas Liftoff compilation alone just took 16ms. This CL optimized the debug side table by delta-encoding the entries, i.e. only storing stack slots that changed. This reduces the size of the table significantly, at the cost of making lookup slower, since that now has to search the table backwards for the last entry that had information about a specific slot. For now, this seems like a good compromise. If it turns out to be a problem, we could speed up the lookup by either forcing a full dump of the stack state after N entries, or by dynamically inserting new entries during lookup, whenever we find that we had to search backwards more than N entries. That would speed up subsequent lookups then. On the reproducer in the linked bug, this change reduces the time to generate the debug side table from ~400ms to ~120ms. Before this CL, the debug side table has 13,314 entries with a total of 38,599,606 stack value entries. After this CL, it shrinks to 20,037 stack value entries in the 13,314 entries (average of ~1.5 instead of ~2,899). R=thibaudm@chromium.org Bug: chromium:1172299 Change-Id: Ie726bb82d4c6648cc9ebd130115ee7ab3d1d551b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676636Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#72558}
-
Iain Ireland authored
Some of the DCHECK_LT assertions in GenerateBranches were generating signed-vs-unsigned comparisons in SM. While I was looking at this code, it seemed reasonable to just fix the whole thing to use uc32/uint32_t where appropriate. Bug: v8:11380 Change-Id: I7e27fb7e34ce962349d7204d6306217292746e33 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666986Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72557}
-
- 07 Feb, 2021 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/aemu-linux-x64: UT48xoBffYP6u1cAu_aL71Lh18Z3xtRc7BJSyc_1csMC..wSpywIGELAWo-KIDF77NMsedbTxiUN7DZUJS-hXiT1UC Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/70dd9a6..12825ed TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I94b61291f41c646cd414b550131a2ef326869350 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2681316Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#72556}
-
- 06 Feb, 2021 2 commits
-
-
Manos Koukoutos authored
In preparation of loop unrolling, we move some loop analysis infrastructure out of loop-peeling.{h, cc}, and implement some additional required functionality. Changes: - Implement inner_loops() in loop-analysis.h. Change some parameters in other functions from Loop* to (const Loop*) to accommodate this change. - Move Peeling class into loop-analysis, rename it to NodeCopier. - Simplify NodeCopier::CopyNodes(). - Allow NodeCopier to produce multiple copies of the targeted Nodes. - Introduce LoopFinder::HasMarkedExits(). Move the implementation of LoopPeeling::CanPeel() there. CanPeel() is now an alias for HasMarkedExits(). Bug: v8:11298 Change-Id: I245b2e937393e4a78ce4d355e1290aaf6e617114 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2672019 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72555}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ee7e404..a2a1340 Rolling v8/third_party/aemu-linux-x64: rNvRFA3R0THFzCnDKyJfVyqZysmcZ_To-ZfvXMhYKw8C..UT48xoBffYP6u1cAu_aL71Lh18Z3xtRc7BJSyc_1csMC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c8f9f36..ab8a40f Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/e342fb1..ac34821 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f18ba70..fae3adc TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Iefb23fa4349bb8a4e4aaaa9f0335b4c2c7ff479d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2680328Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#72554}
-
- 05 Feb, 2021 5 commits
-
-
Bill Budge authored
- Reworks the code structure to break out 3 major cases: Immediate, MemoryOperand, and LocationOperand. - InstructionSelector passes an additional immediate operand, the push size in bytes, so we can generate correct code for the Immediate case. Bug: v8:9198 Change-Id: I86cd41826150aa84b158fdbb1d3e8f3e93755119 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2673273 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#72553}
-
Clemens Backes authored
Those counters were interesting during the development of Liftoff, but they were never reported to UMA. Now that we have precise tracking of the Liftoff bailout reason in UMA, those counters are redundant. R=ahaas@chromium.org Bug: v8:11387 Change-Id: I4595414a0e3ff8bf9c954baa2317aa39af65b372 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2678163Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#72552}
-
Bill Budge authored
- Removes DCHECKs that will be incorrect when SIMD operands are intermixed. - Reworks the code structure to break out 3 major cases: Immediate, MemoryOperand, and LocationOperand. Bug: v8:9198 Change-Id: I1be426bc450dda0fd670a2483aae9afd2c96ce17 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2673271 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72551}
-
Michael Lippautz authored
Some types of supported low-level write barrier only requires passing a slot, which may not be even part of a heap object but stack. This complicates the situation, as even with caged heap, there's no way to distinguish a stack and heap slot. Solve this by passing an optional callback that can lazy be used to get the heap. This can be used by the embedder to retrieve the heap from e.g. TLS if needed. This aligns the barrier with Oilpan in Blink. Bug: chromium:1056170 Change-Id: I1e5d022ab17a2614a67b6ef39ed12691bcbd0ac6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2675924Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72550}
-
Santiago Aboy Solanes authored
Also access the DescriptorArray through GetStrongValue concurrently if the FLAG_turbo_direct_heap_access is on. Bug: v8:7790 Change-Id: I7a36789b44e84988d498339312bf9fe92eab8e66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2653233Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#72549}
-