1. 13 May, 2022 1 commit
  2. 27 Apr, 2022 1 commit
  3. 12 Apr, 2022 1 commit
  4. 11 Apr, 2022 1 commit
    • Jakob Gruber's avatar
      Reland "[osr] Add an install-by-offset mechanism" · b8473c52
      Jakob Gruber authored
      This is a reland of commit 51b99213
      
      Fixed in reland:
      - bytecode_age was incorrectly still accessed as an int8 (instead
        of int16).
      - age and osr state were incorrectly reset on ia32 (16-bit write
        instead of 32-bit).
      
      Original change's description:
      > [osr] Add an install-by-offset mechanism
      >
      > .. for concurrent OSR. There, the challenge is to hit the correct
      > JumpLoop bytecode once compilation completes, since execution has
      > moved on in the meantime.
      >
      > This CL adds a new mechanism to request installation at a specific
      > bytecode offset. We add a new `osr_install_target` field to the
      > BytecodeArray:
      >
      >   bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
      >     osr_urgency: uint32: 3 bit;
      >     osr_install_target: uint32: 13 bit;
      >   }
      >
      >   // [...]
      >   osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
      >   bytecode_age: uint16;  // Only 3 bits used.
      >   // [...]
      >
      > Note urgency and install target are packed into one 16 bit field,
      > we can thus merge both checks into one comparison within JumpLoop.
      > Note also that these fields are adjacent to the bytecode age; we
      > still reset both OSR state and age with a single (now 32-bit)
      > store.
      >
      > The install target is the lowest 13 bits of the bytecode offset.
      > When set, every reached JumpLoop will check `is this my offset?`,
      > and if yes, jump into runtime to tier up.
      >
      > Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.
      >
      > Bug: v8:12161
      > Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Commit-Queue: Jakob Linke <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#79853}
      
      Bug: v8:12161
      Change-Id: I7c59b2a2aacb1d7d40fdf39396ec9d8d48b0b9ac
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578543Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Jakob Linke <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#79911}
      b8473c52
  5. 07 Apr, 2022 2 commits
    • Leszek Swirski's avatar
      Revert "[osr] Add an install-by-offset mechanism" · bb5cc0d5
      Leszek Swirski authored
      This reverts commit 51b99213.
      
      Reason for revert: Speculative revert for MSAN failure  https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/43080/overview
      
      Original change's description:
      > [osr] Add an install-by-offset mechanism
      >
      > .. for concurrent OSR. There, the challenge is to hit the correct
      > JumpLoop bytecode once compilation completes, since execution has
      > moved on in the meantime.
      >
      > This CL adds a new mechanism to request installation at a specific
      > bytecode offset. We add a new `osr_install_target` field to the
      > BytecodeArray:
      >
      >   bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
      >     osr_urgency: uint32: 3 bit;
      >     osr_install_target: uint32: 13 bit;
      >   }
      >
      >   // [...]
      >   osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
      >   bytecode_age: uint16;  // Only 3 bits used.
      >   // [...]
      >
      > Note urgency and install target are packed into one 16 bit field,
      > we can thus merge both checks into one comparison within JumpLoop.
      > Note also that these fields are adjacent to the bytecode age; we
      > still reset both OSR state and age with a single (now 32-bit)
      > store.
      >
      > The install target is the lowest 13 bits of the bytecode offset.
      > When set, every reached JumpLoop will check `is this my offset?`,
      > and if yes, jump into runtime to tier up.
      >
      > Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.
      >
      > Bug: v8:12161
      > Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Commit-Queue: Jakob Linke <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#79853}
      
      Bug: v8:12161
      Change-Id: I0c47499544465c80b5b23a492c00ec1c62815caa
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576121
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Owners-Override: Leszek Swirski <leszeks@chromium.org>
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/main@{#79855}
      bb5cc0d5
    • Jakob Gruber's avatar
      [osr] Add an install-by-offset mechanism · 51b99213
      Jakob Gruber authored
      .. for concurrent OSR. There, the challenge is to hit the correct
      JumpLoop bytecode once compilation completes, since execution has
      moved on in the meantime.
      
      This CL adds a new mechanism to request installation at a specific
      bytecode offset. We add a new `osr_install_target` field to the
      BytecodeArray:
      
        bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
          osr_urgency: uint32: 3 bit;
          osr_install_target: uint32: 13 bit;
        }
      
        // [...]
        osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
        bytecode_age: uint16;  // Only 3 bits used.
        // [...]
      
      Note urgency and install target are packed into one 16 bit field,
      we can thus merge both checks into one comparison within JumpLoop.
      Note also that these fields are adjacent to the bytecode age; we
      still reset both OSR state and age with a single (now 32-bit)
      store.
      
      The install target is the lowest 13 bits of the bytecode offset.
      When set, every reached JumpLoop will check `is this my offset?`,
      and if yes, jump into runtime to tier up.
      
      Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.
      
      Bug: v8:12161
      Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Jakob Linke <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#79853}
      51b99213
  6. 14 Mar, 2022 1 commit
  7. 03 Mar, 2022 1 commit
  8. 23 Feb, 2022 1 commit
  9. 18 Jan, 2022 1 commit
  10. 09 Nov, 2021 1 commit
  11. 12 Oct, 2021 1 commit
  12. 02 Sep, 2021 1 commit
  13. 30 Aug, 2021 1 commit
  14. 16 Aug, 2021 1 commit
  15. 07 Jul, 2021 1 commit
  16. 24 Jun, 2021 1 commit
  17. 21 Jun, 2021 2 commits
  18. 11 Jun, 2021 1 commit
  19. 10 Jun, 2021 2 commits
  20. 08 Jun, 2021 2 commits
  21. 07 Jun, 2021 1 commit
  22. 11 May, 2021 1 commit
  23. 21 Apr, 2021 2 commits
  24. 20 Apr, 2021 1 commit
  25. 29 Mar, 2021 1 commit
  26. 25 Mar, 2021 1 commit
    • Patrick Thier's avatar
      Reland "Reland "[sparkplug][deoptimizer] Deoptimize to baseline."" · e438ae2d
      Patrick Thier authored
      This is a reland of e3ccb538
      
      No changes for the reland.
      This CL was speculatively reverted, but was not the cause of the problem.
      
      TBR=jgruber@chromium.org
      
      Original change's description:
      > Reland "[sparkplug][deoptimizer] Deoptimize to baseline."
      >
      > This is a reland of bdcd7d79
      >
      > Handle lazy deopts when the current bytecode is JumpLoop.
      > Instead of advancing to the next bytecode, re-execute the JumpLoop.
      >
      > TBR=jgruber@chromium.org, neis@chromium.org
      >
      > Original change's description:
      > > [sparkplug][deoptimizer] Deoptimize to baseline.
      > >
      > > If we have baseline code, deoptimize to baseline instead of the
      > > interpreter. The process is similar to deopting to the interpreter.
      > > We just use different builtins
      > > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
      > > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
      > > patch an interpreter frame to a baseline frame and continue execution in
      > > baseline code (based on the deopt type, at the current or next
      > > bytecode).
      > >
      > > Bug: v8:11420
      > > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
      > > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Georg Neis <neis@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#73609}
      >
      > Bug: v8:11420
      > Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
      > Reviewed-by: Patrick Thier <pthier@chromium.org>
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73636}
      
      Bug: v8:11420
      Change-Id: I7fbbb73a4fdaeab8b294862ee6ae952928c57994
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2784695
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Auto-Submit: Patrick Thier <pthier@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73656}
      e438ae2d
  27. 24 Mar, 2021 3 commits
    • Deepti Gandluri's avatar
      Revert "Reland "[sparkplug][deoptimizer] Deoptimize to baseline."" · ebc9f39f
      Deepti Gandluri authored
      This reverts commit e3ccb538.
      
      Reason for revert: Speculative revert for ARM 64 CFI fails - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/5174?
      
      Original change's description:
      > Reland "[sparkplug][deoptimizer] Deoptimize to baseline."
      >
      > This is a reland of bdcd7d79
      >
      > Handle lazy deopts when the current bytecode is JumpLoop.
      > Instead of advancing to the next bytecode, re-execute the JumpLoop.
      >
      > TBR=jgruber@chromium.org, neis@chromium.org
      >
      > Original change's description:
      > > [sparkplug][deoptimizer] Deoptimize to baseline.
      > >
      > > If we have baseline code, deoptimize to baseline instead of the
      > > interpreter. The process is similar to deopting to the interpreter.
      > > We just use different builtins
      > > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
      > > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
      > > patch an interpreter frame to a baseline frame and continue execution in
      > > baseline code (based on the deopt type, at the current or next
      > > bytecode).
      > >
      > > Bug: v8:11420
      > > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
      > > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Georg Neis <neis@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#73609}
      >
      > Bug: v8:11420
      > Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
      > Reviewed-by: Patrick Thier <pthier@chromium.org>
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73636}
      
      Bug: v8:11420
      Change-Id: Icd797b4979a114a2a627e12c8bb7d2215df03182
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2785074Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
      Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73643}
      ebc9f39f
    • Patrick Thier's avatar
      Reland "[sparkplug][deoptimizer] Deoptimize to baseline." · e3ccb538
      Patrick Thier authored
      This is a reland of bdcd7d79
      
      Handle lazy deopts when the current bytecode is JumpLoop.
      Instead of advancing to the next bytecode, re-execute the JumpLoop.
      
      TBR=jgruber@chromium.org, neis@chromium.org
      
      Original change's description:
      > [sparkplug][deoptimizer] Deoptimize to baseline.
      >
      > If we have baseline code, deoptimize to baseline instead of the
      > interpreter. The process is similar to deopting to the interpreter.
      > We just use different builtins
      > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
      > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
      > patch an interpreter frame to a baseline frame and continue execution in
      > baseline code (based on the deopt type, at the current or next
      > bytecode).
      >
      > Bug: v8:11420
      > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
      > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73609}
      
      Bug: v8:11420
      Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035Reviewed-by: 's avatarPatrick Thier <pthier@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Patrick Thier <pthier@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73636}
      e3ccb538
    • Sathya Gunasekaran's avatar
      Revert "[sparkplug][deoptimizer] Deoptimize to baseline." · 6fc861e4
      Sathya Gunasekaran authored
      This reverts commit bdcd7d79.
      
      Reason for revert: 
      https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Future/7996/blamelist
      
      Original change's description:
      > [sparkplug][deoptimizer] Deoptimize to baseline.
      >
      > If we have baseline code, deoptimize to baseline instead of the
      > interpreter. The process is similar to deopting to the interpreter.
      > We just use different builtins
      > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
      > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
      > patch an interpreter frame to a baseline frame and continue execution in
      > baseline code (based on the deopt type, at the current or next
      > bytecode).
      >
      > Bug: v8:11420
      > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
      > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73609}
      
      Bug: v8:11420
      Change-Id: Ie8b936df343b9194c0a6e50e0c44b67c0d9a012d
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783030
      Auto-Submit: Sathya Gunasekaran  <gsathya@chromium.org>
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/master@{#73621}
      6fc861e4
  28. 23 Mar, 2021 1 commit
  29. 17 Mar, 2021 2 commits
  30. 24 Feb, 2021 1 commit
    • Leszek Swirski's avatar
      [sparkplug] Fix instance type checks · e708bf69
      Leszek Swirski authored
      We were using CmpInstanceType instead of CmpObjectType in some places,
      which meant that we were reading the value at the instance type field
      offset within objects directly, rather than first loading their map and
      reading the instance type there.
      
      Bug: chromium:1180434
      Change-Id: I4771b4f8f9a32bdc35944c6e6cd30c54e4ac8b6c
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2716292
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Commit-Queue: Toon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73003}
      e708bf69
  31. 22 Feb, 2021 2 commits