1. 25 Feb, 2021 1 commit
  2. 22 Feb, 2021 3 commits
    • Bill Budge's avatar
      Revert "[codegen][frames] Generalize argument padding slot code" · 396c2635
      Bill Budge authored
      This reverts commit 8cf4eec7.
      
      Reason for revert: Rolling back to previous greedy slot allocator.
      
      tbr=neis@chromium.org,jgruber@chromium.org
      
      Original change's description:
      > [codegen][frames] Generalize argument padding slot code
      >
      > - Removes kPadArguments boolean.
      > - Changes ShouldPadArguments to ArgumentPaddingSlots to reflect
      >   that on some architectures more than 1 padding slot may be needed.
      > - Adds AddArgumentPaddingSlots and ShouldPadArguments convenience
      >   functions.
      >
      > Bug: v8:9198
      >
      > Change-Id: Iba87518e071a75fb951b490d3f75a87ca715cc23
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679109
      > Commit-Queue: Bill Budge <bbudge@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#72605}
      
      Bug: v8:9198
      Change-Id: Ie93d32d4b93c67840e4792acb017f28a826bd030
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2713205
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Commit-Queue: Bill Budge <bbudge@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72931}
      396c2635
    • Mythri A's avatar
      [turboprop] Reduce BytecodeBudgetInterrupt overhead from Turboprop · 5b783479
      Mythri A authored
      Earlier we used the same interrupt budget always and waited for higher
      number of ticks when tiering up from Turboprop to TurboFan. On some of
      the real world pages this adds a reasonable overhead for processing
      these interrupts. This cl sets the interrupt budget to a higher value so
      there are fewer interrupts. This cl:
      1. Sets the interrupt budget on feedback cell to
      FLAG_interrupt_budget * scale factor when we install optimized code.
      2. Resets the budget to FLAG_interrupt_budget when there is a
      deoptimization.
      3. Updates the runtime profiler to remove the scaling of number of ticks
      needed for optimization when tiering up from TP to TF.
      
      On sheets benchmark, we spend 40-50ms when servicing interrupts from
      Turboprop code. This change brings it down to ~7ms. We also see
      improvements on other pages.
      
      
      Bug: v8:9684
      Change-Id: Ia3e5e998d1fff44f2e08a240a8769b7ebe794da2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2696661
      Commit-Queue: Mythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72906}
      5b783479
    • Clemens Backes's avatar
      [wasm] Move ValueKind out of ValueType · a3776a63
      Clemens Backes authored
      Backends do not care about the concrete type, they only need to know the
      "kind" (e.g. "ref" or "i32").
      In order to prepare Liftoff to use the value kind instead of the
      value type for all stored data, this CL moves the kind out of the
      ValueType and makes it a top-level enum.
      
      R=manoskouk@chromium.org
      
      Bug: v8:11477
      Change-Id: I489d6c5207e6ff1b66e2afbe78a156d66df27eb3
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707169
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarManos Koukoutos <manoskouk@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72896}
      a3776a63
  3. 15 Feb, 2021 2 commits
  4. 12 Feb, 2021 2 commits
  5. 11 Feb, 2021 1 commit
  6. 09 Feb, 2021 2 commits
  7. 05 Feb, 2021 1 commit
    • Paolo Severini's avatar
      [compiler] Re-reland "Faster JS-to-Wasm calls" · 831fa62b
      Paolo Severini authored
      This is a reland of 6ada6a90
      
      - Fixed a GC issue
        https://bugs.chromium.org/p/v8/issues/detail?id=11335:
        GC expected all arguments on the stack from code with
        CodeKind::TURBOFAN to be tagged objects. This is not the case now with
        inlined Wasm calls, and this information can be passed in
        SafepointEntry for each call site.
      
      - Disabled JS-to-Wasm inlining for calls inside try/catch.
      
      For more details, see updated doc:
      https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
      
      Bug: v8:11092
      
      
      Original change's description:
      > Reland "Faster JS-to-Wasm calls"
      >
      > This is a reland of 860fcb1b
      >
      > - Disabled the tests for this feature in V8-lite mode (the original
      > change broke V8-lite tests).
      > - Also modified test console-profile-wasm.js that was brittle with this
      > change because it assumed that there was always a JS-to-Wasm wrapper
      > but this is not the case when the TurboFan compilation completes before
      > the Liftoff-compiled code starts to run.
      >
      > More changes in Patchset 8:
      >
      > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering,
      > into a new phase, wasm-inlining that reuses the JSInliner reducer.
      > The doc
      > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
      > describes the new logic.
      >
      > - Fixed a couple of small issues in wasm_compiler.cc to make sure that
      > the graph "JSToWasm Wrapper" subgraph has a valid Control chain;
      > this should solve the problem we had inlining the calls in functions
      > that can throw exception.
      
      
      Original change's description:
      > Faster JS-to-Wasm calls
      >
      > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
      >
      > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
      > the basis of the signature of a Wasm function to call, and whose task
      > is to:
      > - set "thread_in_wasm_flag" to true
      > - convert the arguments from tagged types into Wasm native types
      > - calculate the address of the Wasm function to call and call it
      > - convert back the result from Wasm native types into tagged types
      > - reset "thread_in_wasm_flag" to false.
      >
      > This CL tries to improve the performance of JS-to-Wasm calls by
      > inlining the code of the JS-to-Wasm wrappers in the call site.
      >
      > It introduces a new IR operand, JSWasmCall, which replaces JSCall for
      > this kind of calls. A 'JSWasmCall' node is associated to
      > WasmCallParameters, which contain information about the signature of
      > the Wasm function to call.
      >
      > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid
      > generating code to convert the types for the arguments
      > of the Wasm function, when the conversion is not necessary.
      > The actual inlining of the graph generated for this wrapper happens in
      > the simplified-lowering phase.
      >
      > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
      > lazy deoptimizations that can happen if the Wasm function callee calls
      > back some JS code that invalidates the compiled JS caller function.
      >
      
      Bug: v8:11092
      Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
      Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777
      Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72541}
      831fa62b
  8. 04 Feb, 2021 2 commits
    • Jakob Gruber's avatar
      [deoptimizer] Add translation array compression behind a flag · b62bbd16
      Jakob Gruber authored
      TranslationArrays (TA) are large and rarely used, thus could benefit
      from compression. This CL adds a --turbo-compress-translation-arrays
      flag (off by default) to experiment with that.
      
      Each optimized Code object has an associated translation array
      (Code->DeoptimizationData->TranslationArray). These translation arrays
      have roughly the same size as the Code object itself. They are
      used only rarely: when deoptimizing, and when traversing the stack and
      looking into optimized frames. Neither of these code paths are
      especially performance critical. TA's contain only immutable, untagged
      data. They are thus good candidates for compression.
      
      The trade-off is between TA memory consumption and time spent
      in decompression/compression. This CL keeps everything on the main
      thread, but it would also be possible to move compression (the more
      expensive operation by a factor of 5 to 10) to a worker thread.
      
      Numbers from a local Octane2 run:
      
      Sum of Code instructions sizes: 4.6MB
      Sum of uncompressed TA sizes:   4.1MB
      Sum of compressed TA sizes:     0.6MB
      
      Compression times depend on the selected compression quality, but
      roughly:
      
      Compression:   50ms (40us avg per compilation)
      Decompression:        7us avg per compilation
      
      Drive-by: Translation arrays currently use run-length encoding;
      I disabled this for when --turbo-compress-translation-arrays is
      enabled (no need to compress twice).
      
      Bug: v8:11354
      Change-Id: I7828d7d91eb074816b383b02f883c5d7b7e318b7
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2652497
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72533}
      b62bbd16
    • Sathya Gunasekaran's avatar
      [compiler] Use vector to hold translation array · a9eff909
      Sathya Gunasekaran authored
      ZoneChunkList has more overhead than a simple ZoneVector for storing
      uint8_t bytes.
      
      Bug: v8:9684
      Change-Id: I5e22286f2628ae2010086e9d82cadbebb176dbee
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2661459Reviewed-by: 's avatarSathya Gunasekaran  <gsathya@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72525}
      a9eff909
  9. 25 Jan, 2021 1 commit
  10. 22 Jan, 2021 2 commits
    • Paolo Severini's avatar
      Revert "Reland "Faster JS-to-Wasm calls"" · 51ecfaec
      Paolo Severini authored
      This reverts commit 6ada6a90.
      
      Reason for revert: Revert for link issue:
      https://bugs.chromium.org/p/v8/issues/detail?id=11335
      
      Original change's description:
      > Reland "Faster JS-to-Wasm calls"
      >
      > This is a reland of 860fcb1b
      >
      > - Disabled the tests for this feature in V8-lite mode (the original
      > change broke V8-lite tests)
      > - Also modified test console-profile-wasm.js that was brittle with this
      > change because it assumed that there was always a JS-to-Wasm wrapper
      > but this is not the case when the TurboFan compilation completes before
      > the Liftoff-compiled code starts to run.
      >
      > More changes in Patchset 8:
      >
      > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering,
      > into a new phase, wasm-inlining that reuses the JSInliner reducer.
      > The doc
      > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
      > describes the new logic.
      >
      > - Fixed a couple of small issues in wasm_compiler.cc to make sure that
      > the graph "JSToWasm Wrapper" subgraph has a valid Control chain;
      > this should solve the problem we had inlining the calls in functions
      > that can throw exception.
      >
      >
      > Original change's description:
      > > Faster JS-to-Wasm calls
      > >
      > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
      > >
      > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
      > > the basis of the signature of a Wasm function to call, and whose task
      > > is to:
      > > - set "thread_in_wasm_flag" to true
      > > - convert the arguments from tagged types into Wasm native types
      > > - calculate the address of the Wasm function to call and call it
      > > - convert back the result from Wasm native types into tagged types
      > > - reset "thread_in_wasm_flag" to false.
      > >
      > > This CL tries to improve the performance of JS-to-Wasm calls by
      > > inlining the code of the JS-to-Wasm wrappers in the call site.
      > >
      > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for
      > > this kind of calls. A 'JSWasmCall' node is associated to
      > > WasmCallParameters, which contain information about the signature of
      > > the Wasm function to call.
      > >
      > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
      > > of the Wasm function, when the conversion is not necessary.
      > > The actual inlining of the graph generated for this wrapper happens in
      > > the simplified-lowering phase.
      > >
      > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
      > > lazy deoptimizations that can happen if the Wasm function callee calls
      > > back some JS code that invalidates the compiled JS caller function.
      > >
      > > Bug: v8:11092
      > > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538
      > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
      > > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
      > > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
      > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > > Reviewed-by: Maya Lekova <mslekova@chromium.org>
      > > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > > Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      > > Cr-Commit-Position: refs/heads/master@{#71824}
      >
      > Bug: v8:11092
      > Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
      > Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
      > Reviewed-by: Maya Lekova <mslekova@chromium.org>
      > Reviewed-by: Igor Sheludko <ishell@chromium.org>
      > Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      > Cr-Commit-Position: refs/heads/master@{#72147}
      
      Tbr: ahaas@chromium.org, jgruber@chromium.org
      Bug: v8:11092, v8:11335
      Change-Id: Iab2908928dfe7ea353f70cb5d3bf2de4d3074db6
      Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644758
      Commit-Queue: Georg Neis <neis@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72253}
      51ecfaec
    • Liu Yu's avatar
      [mips] Change kSpeculationPoisonRegister from a7 to t3 · 3f1177c5
      Liu Yu authored
      When kSpeculationPoisonRegister is a7, the test
      TestFastJSWasmCall_MultipleArgs failed.
      
      Besides, delete an unuse member named table_entry_size_.
      
      Change-Id: Ic2c8b68d50c02dca7c41520ceb217fec33fe8cc4
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644539Reviewed-by: 's avatarZhao Jiazhong <zhaojiazhong-hf@loongson.cn>
      Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
      Auto-Submit: Liu yu <liuyu@loongson.cn>
      Cr-Commit-Position: refs/heads/master@{#72245}
      3f1177c5
  11. 21 Jan, 2021 3 commits
  12. 20 Jan, 2021 3 commits
  13. 19 Jan, 2021 1 commit
    • Paolo Severini's avatar
      Reland "Faster JS-to-Wasm calls" · 6ada6a90
      Paolo Severini authored
      This is a reland of 860fcb1b
      
      - Disabled the tests for this feature in V8-lite mode (the original
      change broke V8-lite tests)
      - Also modified test console-profile-wasm.js that was brittle with this
      change because it assumed that there was always a JS-to-Wasm wrapper
      but this is not the case when the TurboFan compilation completes before
      the Liftoff-compiled code starts to run.
      
      More changes in Patchset 8:
      
      - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering,
      into a new phase, wasm-inlining that reuses the JSInliner reducer.
      The doc
      https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
      describes the new logic.
      
      - Fixed a couple of small issues in wasm_compiler.cc to make sure that
      the graph "JSToWasm Wrapper" subgraph has a valid Control chain;
      this should solve the problem we had inlining the calls in functions
      that can throw exception.
      
      
      Original change's description:
      > Faster JS-to-Wasm calls
      >
      > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
      >
      > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
      > the basis of the signature of a Wasm function to call, and whose task
      > is to:
      > - set "thread_in_wasm_flag" to true
      > - convert the arguments from tagged types into Wasm native types
      > - calculate the address of the Wasm function to call and call it
      > - convert back the result from Wasm native types into tagged types
      > - reset "thread_in_wasm_flag" to false.
      >
      > This CL tries to improve the performance of JS-to-Wasm calls by
      > inlining the code of the JS-to-Wasm wrappers in the call site.
      >
      > It introduces a new IR operand, JSWasmCall, which replaces JSCall for
      > this kind of calls. A 'JSWasmCall' node is associated to
      > WasmCallParameters, which contain information about the signature of
      > the Wasm function to call.
      >
      > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
      > of the Wasm function, when the conversion is not necessary.
      > The actual inlining of the graph generated for this wrapper happens in
      > the simplified-lowering phase.
      >
      > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
      > lazy deoptimizations that can happen if the Wasm function callee calls
      > back some JS code that invalidates the compiled JS caller function.
      >
      > Bug: v8:11092
      > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538
      > Reviewed-by: Igor Sheludko <ishell@chromium.org>
      > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
      > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Maya Lekova <mslekova@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      > Cr-Commit-Position: refs/heads/master@{#71824}
      
      Bug: v8:11092
      Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
      Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      Cr-Commit-Position: refs/heads/master@{#72147}
      6ada6a90
  14. 18 Jan, 2021 1 commit
  15. 12 Jan, 2021 1 commit
  16. 31 Dec, 2020 1 commit
  17. 19 Dec, 2020 1 commit
  18. 17 Dec, 2020 3 commits
    • Nico Hartmann's avatar
      [TurboFan] Templatize GetBytecodeArray · d1226086
      Nico Hartmann authored
      This CL changes SharedFunctionInfo::GetBytecodeArray to a function
      template, which is specialized for Isolate and LocalIsolate arguments.
      This allows main thread only uses to avoid taking a lock.
      
      Bug: v8:7790, chromium:1154603
      Change-Id: I3462c4e36b66073e09393c01c765dd8a018a98f0
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595307
      Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71833}
      d1226086
    • Nico Hartmann's avatar
      Revert "Faster JS-to-Wasm calls" · de50785e
      Nico Hartmann authored
      This reverts commit 860fcb1b.
      
      Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/13831/overview
      
      Original change's description:
      > Faster JS-to-Wasm calls
      >
      > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
      >
      > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
      > the basis of the signature of a Wasm function to call, and whose task
      > is to:
      > - set "thread_in_wasm_flag" to true
      > - convert the arguments from tagged types into Wasm native types
      > - calculate the address of the Wasm function to call and call it
      > - convert back the result from Wasm native types into tagged types
      > - reset "thread_in_wasm_flag" to false.
      >
      > This CL tries to improve the performance of JS-to-Wasm calls by
      > inlining the code of the JS-to-Wasm wrappers in the call site.
      >
      > It introduces a new IR operand, JSWasmCall, which replaces JSCall for
      > this kind of calls. A 'JSWasmCall' node is associated to
      > WasmCallParameters, which contain information about the signature of
      > the Wasm function to call.
      >
      > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
      > of the Wasm function, when the conversion is not necessary.
      > The actual inlining of the graph generated for this wrapper happens in
      > the simplified-lowering phase.
      >
      > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
      > lazy deoptimizations that can happen if the Wasm function callee calls
      > back some JS code that invalidates the compiled JS caller function.
      >
      > Bug: v8:11092
      > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538
      > Reviewed-by: Igor Sheludko <ishell@chromium.org>
      > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
      > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Maya Lekova <mslekova@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      > Cr-Commit-Position: refs/heads/master@{#71824}
      
      TBR=neis@chromium.org,ahaas@chromium.org,jgruber@chromium.org,tebbi@chromium.org,ishell@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org,paolosev@microsoft.com
      
      Change-Id: I214cbdee74c1a2aaad907ffc84662ed25631983e
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:11092
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595438Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71825}
      de50785e
    • Paolo Severini's avatar
      Faster JS-to-Wasm calls · 860fcb1b
      Paolo Severini authored
      This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
      
      Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
      the basis of the signature of a Wasm function to call, and whose task
      is to:
      - set "thread_in_wasm_flag" to true
      - convert the arguments from tagged types into Wasm native types
      - calculate the address of the Wasm function to call and call it
      - convert back the result from Wasm native types into tagged types
      - reset "thread_in_wasm_flag" to false.
      
      This CL tries to improve the performance of JS-to-Wasm calls by
      inlining the code of the JS-to-Wasm wrappers in the call site.
      
      It introduces a new IR operand, JSWasmCall, which replaces JSCall for
      this kind of calls. A 'JSWasmCall' node is associated to
      WasmCallParameters, which contain information about the signature of
      the Wasm function to call.
      
      WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
      of the Wasm function, when the conversion is not necessary.
      The actual inlining of the graph generated for this wrapper happens in
      the simplified-lowering phase.
      
      A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
      lazy deoptimizations that can happen if the Wasm function callee calls
      back some JS code that invalidates the compiled JS caller function.
      
      Bug: v8:11092
      Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarGeorg Neis (ooo until January 5) <neis@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      Cr-Commit-Position: refs/heads/master@{#71824}
      860fcb1b
  19. 16 Dec, 2020 4 commits
  20. 07 Dec, 2020 1 commit
  21. 02 Dec, 2020 4 commits
    • Milad Fa's avatar
      PPC/s390: [Turboprop] Move deoptimizations for dynamic map checks into builtin. · 2bc979aa
      Milad Fa authored
      Port b6643320
      
      Original Commit Message:
      
          In order to reduce the codegen size of dynamic map checks, add the
          ability to have an eager with resume deopt point, which can call
          a given builitin to perform a more detailed check than can be done
          in codegen, and then either deoptimizes itself (as if the calling
          code had performed an eager deopt) or resumes execution in the
          calling code after the check.
      
          In addition, support for adding extra arguments to a
          deoptimization continuation is added to enable us to pass the
          necessary arguments to the DynamicMapChecks builtin.
      
          Finally, a trampoline is added to the DynamicMapChecks which saves
          the registers that might be clobbered by that builtin, to avoid
          having to save them in the generated code. This trampoline also
          performs the deoptimization based on the result of the
          DynamicMapChecks builtin.
      
          In order to ensure both the trampoline and DynamicMapChecks
          builtin have the same call interface, and to limit the number
          of registers that need saving in the trampoline, the
          DynamicMapChecks builtin is moved to be a CSA builtin with a
          custom CallInterfaceDescriptor, that calls an exported Torque
          macro that implements the actual functionality.
      
          All told, this changes the codegen for a monomorphic dynamic
          map check from:
              movl rbx,<expected_map>
              cmpl [<object>-0x1],rbx
              jnz <deferred_call>
             resume_point:
              ...
             deferred_call:
              <spill registers>
              movl rax,<slot>
              movq rbx,<object>
              movq rcx,<handler>
              movq r10,<DynamicMapChecks>
              call r10
              cmpq rax,0x0
              jz <restore_regs>
              cmpq rax,0x1
              jz <deopt_point_1>
              cmpq rax,0x2
              jz <deopt_point_2>
              int3l
             restore_regs:
              <restore_regs>
              jmp <resume_point>
              ...
             deopt_point_1:
              call Deoptimization_Eager
             deopt_point_2:
              call Deoptimization_Bailout
      
              movl rcx,<expected_map>
              movq rdx,<handler>
              cmpl [<object>-0x1],rcx
              jnz <deopt_point>
             resume_point:
              ...
             deopt_point:
              call DynamicMapChecksTrampoline
              jmp <resume_point>
      
      R=rmcilroy@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
      BUG=v8:10582
      LOG=N
      
      Change-Id: I0739c1b40ed06bb22b73ebe1833ea648b540882a
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569359Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
      Commit-Queue: Milad Fa <mfarazma@redhat.com>
      Cr-Commit-Position: refs/heads/master@{#71571}
      2bc979aa
    • Liu Yu's avatar
      [mips][Turboprop] Move deoptimizations for dynamic map checks into builtin. · 059c5fa4
      Liu Yu authored
      Port: b6643320
      
      Bug: v8:10582
      
      Change-Id: I3efdd840a4f3f2eeb6156f8b446478311a2ccd26
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568569Reviewed-by: 's avatarZhao Jiazhong <zhaojiazhong-hf@loongson.cn>
      Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
      Auto-Submit: Liu yu <liuyu@loongson.cn>
      Cr-Commit-Position: refs/heads/master@{#71560}
      059c5fa4
    • Ross McIlroy's avatar
      [cleanup][TurboProp] Unify DynamicMapChecks names. · 7730fd94
      Ross McIlroy authored
      Unifies various operators for dynamic map checks with the naming
      scheme of DynamicCheckMaps (to be similar to CheckMaps.
      
      BUG=v8:10582
      
      Change-Id: I8ac842f55fe31cdc7b84968d077017a86ddf4442
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567952
      Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71559}
      7730fd94
    • Jakob Gruber's avatar
      Revert "[nci] Share smi feedback and enable related optimizations" · ab4a540c
      Jakob Gruber authored
      This reverts commit 3599cce1.
      
      Originally landed in
      https://chromium-review.googlesource.com/c/v8/v8/+/2531775
      
      Work on NCI is suspended, remove unused complexity. We may want to share
      native-context-independent feedback in the future, but probably through other
      means.
      
      Bug: v8:8888
      Change-Id: I23dfb67f6f01b4891af87bc42a9e62f99d0bf044
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567701Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71553}
      ab4a540c