- 29 Jul, 2020 1 commit
-
-
Victor Gomes authored
Change-Id: I41be2c5b0867739dbbe3667144bf6b479c609e53 Bug: chromium:1107221 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2322628 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69122}
-
- 28 Jul, 2020 1 commit
-
-
Mythri A authored
This cl also 1. Fixes a bug in effect-control-linearizer where we should have converted fixed array length from Smi to integer 2. Also prints deopt location for the new "bailout" deopt type on --trace-deopt. Bug: v8:10582, v8:9684 Change-Id: Iafc5e8abbca5252a8783a5a1184a1667a7f708a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297460 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#69115}
-
- 23 Jul, 2020 1 commit
-
-
Jakob Gruber authored
A small step for a JSFunction, one giant leap for V8. Tbr: clemensb@chromium.org Bug: v8:8888 Change-Id: I968bb819763994ec611cde7e502adea30339a387 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315979 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69018}
-
- 22 Jul, 2020 1 commit
-
-
Sathya Gunasekaran authored
This is used by the DynamicCheckMaps operator to indicate that the optimized code should not be thrown away, but instead should be re-run again, after healing the feedback. Bug: v8:10582, v8:9684 Change-Id: Ib2408ba0d1d1a6bf50b2031a5312c7a8cca08730 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2308334 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68997}
-
- 20 Jul, 2020 2 commits
-
-
Victor Gomes authored
This adapts the deoptimizer to create a correct stack frame when the JS arguments are reversed. Change-Id: Ifc216116ce1e5e469316a22deb8679347e847f4f Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297382 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#68940}
-
Sathya Gunasekaran authored
This CL introduces a new operator that loads the feedback vector and checks against maps at runtime, rather than embedding the map directly in the generated code. A follow on CL will use this operator when generating code for named property access. Bug: v8:10582, v8:9684 Change-Id: I372a01586d3048427760f0cb27619a59afc3f59e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241518Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#68930}
-
- 07 Jul, 2020 1 commit
-
-
Mythri A authored
In turboprop, we reuse the code on a soft deopt. It will be good to differentiate between a deopt that reuses the optimized code on the next run and the deopt that discards the code. The deopt that reuses the code is called a "bailout" because it is just bails out for one execution to the unoptimized code. Change-Id: I9a300201e9b327415e94c2817065d6a561f8ece5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2277807 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#68722}
-
- 02 Jul, 2020 1 commit
-
-
Georgia Kouveli authored
Using x16/x17 for tail calls allows us to use a "BTI c" instead of "BTI jc" landing pad. This means that we cannot enter functions with a jump to a register other than x16/x17 anymore. Bug: v8:10026 Change-Id: If5af1af861acc19f9e0dfc19c38d6a57a6fb6b6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2276049Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#68655}
-
- 01 Jul, 2020 2 commits
-
-
Georg Neis authored
Also fix a typo in a log message. Change-Id: I247e5347b7f7d71b08630489896da463dd76b8a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2277885 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#68635}
-
Salome Thirot authored
Modify the output of --trace-deopt to specify which version of the caller's pc (signed with PAC or unsigned) is shown when CFI is enabled. Change-Id: I77006839997a5f50d37d65facbba24d8a86a1509 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2274867 Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68629}
-
- 16 Jun, 2020 1 commit
-
-
Georgia Kouveli authored
The C++ code uses the A instruction key for return address signing, which is the default for Clang and GCC when the -mbranch-protection option is used (although this can be configured to use the B key). Using the B key for JS means that it's not possible to use an A key signing gadget to replace a return address signed with the B key and vice-versa. This should offer a degree of separation from the C++ side. Bug: v8:10026 Change-Id: Ia9dcc7ae7096c96b4a271efbe25fc02940f6fc8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2242953Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#68360}
-
- 12 Jun, 2020 1 commit
-
-
Georg Neis authored
The condition was too strong since we never store Smis into {previously_materialized_objects}. Bug: chromium:1094132 Change-Id: I680eb7f175f12d3c44882fd8a9eff0d062eda55f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241517 Commit-Queue: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68317}
-
- 09 Jun, 2020 1 commit
-
-
Georg Neis authored
This caused a CHECK failure after my recent CL. Bug: chromium:1084820, chromium:1092650 Change-Id: Icdc2a755c6b30ad01dccc908e0e5e137fedf8918 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237145Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68263}
-
- 08 Jun, 2020 1 commit
-
-
Georg Neis authored
Object materialization did not correctly deal with a mismatch between current representation of a field value and expected representation. This is an attempt to repair the situation. Bug: chromium:1084820 Change-Id: Ib337cbaf5e36a5a616b6a6cb0ddf51018d49b96a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228330 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#68231}
-
- 04 Jun, 2020 3 commits
-
-
Nico Hartmann authored
Speculative BigInt addition fails to throw the expected exception when called with non-BigInt inputs when the result of the computation is unused. In paricular, this CL does: - Remove kNoThrow on speculative BigInt operators - Fix AddWithFeedback to not lose type feedback if builtin throws to elide existing deopt loops - Add handling of TypeCheckKind in RepresentationChanger where this was previously ignored Bug: chromium:1073440 Change-Id: I953a5b790fc3b37a6824f0b6546a0488c51fbb3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228493Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#68181}
-
Victor Gomes authored
Change-Id: I14632106886f78286034a2624f77cab9dac14b41 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219927Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68179}
-
Jakob Gruber authored
Change-Id: Iba745cae7f5b90654839abefb42b21fd9c49064f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228650 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#68171}
-
- 03 Jun, 2020 1 commit
-
-
Georg Neis authored
Also change the component from Runtime to Compiler. Change-Id: Ifb19e0d584b279b5f9bc6bc60531e64d4fecb4ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218285 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#68126}
-
- 28 May, 2020 1 commit
-
-
Nico Hartmann authored
This is a reland of 6204768b The original issue exposed the problem that NumberEqual performs implicit conversion of oddballs to numbers, which is incorrect for abstract equality comparison (i.e. 0 == null must not be true). This reland fixes this by applying the following steps: * Introduced a new kNumberOrBoolean value for CompareOperationFeedback, CompareOperationHint, TypeCheckKind and CheckedTaggedInputMode. * In CodeStubAssembler::Equal: Further distinguish between boolean and non-boolean oddballs and set feedback accoringly. * In JSTypedLowering: Construct [Speculative]NumberEqual operator with CompareOperationHint::kNumberOrBoolean, when this feedback is present. JSOperatorBuilder and operator cache are extended accordingly. * In SimplifiedLowering: Propagate a UseInfo with new TypeCheckKind::kNumberOrBoolean. * This leads to the generation of CheckedTaggedToFloat64 in RepresentationChanger with new CheckedTaggedInputMode::kNumberOrBoolean. * In EffectControlLinearizer: Handle this new mode. Accept and convert number and boolean and deopt for rest. Original change's description: > [turbofan] Improve equality on NumberOrOddball > > This CL cleans up CompareOperationFeedback by replacing it with a > composable set of flags. The interpreter is changed to collect > more specific feedback for abstract equality, especially if oddballs > are involved. > > TurboFan is changed to construct SpeculativeNumberEqual operator > instead of the generic JSEqual in many more cases. This change has > shown a local speedup of a factor of 3-10, because the specific > operator is way faster than calling into the generic builtin, but > it also enables additional optimizations, further improving > runtime performance. > > Bug: v8:5660 > Change-Id: I856752caa707e9a4f742c6e7a9c75552fb431d28 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162854 > Reviewed-by: Mythri Alle <mythria@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67645} TBR: tebbi@chromium.org Bug: v8:5660 Change-Id: I12e733149a1d2773cafb781a1d4b10aa1eb242a7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193713 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68037}
-
- 25 May, 2020 1 commit
-
-
Daniel Clifford authored
Change-Id: I092c0d70bf517b4c714f5958b188d54030dd9774 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932838 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#67954}
-
- 28 Apr, 2020 1 commit
-
-
Junliang Yan authored
Prepare for pointer compression changes Change-Id: I8ec56ac65194f1f89f2803af155d5bec520a569f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2171036 Auto-Submit: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#67455}
-
- 17 Mar, 2020 1 commit
-
-
Georgia Kouveli authored
Generate a BTI instruction at each target of an indirect branch (BR/BLR). An indirect branch that doesn't jump to a BTI instruction will generate an exception on a BTI-enabled core. On cores that do not support the BTI extension, the BTI instruction is a NOP. Targets of indirect branch instructions include, among other things, function entrypoints, exception handlers and jump tables. Lazy deopt exits can potentially be reached through an indirect branch when an exception is thrown, so they also get an additional BTI instruction. Bug: v8:10026 Change-Id: I0ebf51071f1b604f60f524096e013dfd64fcd7ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967315 Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66751}
-
- 16 Mar, 2020 1 commit
-
-
Mythri A authored
With the current flow, it is difficult to easily get the output of --trace-opt, --trace-deopt and --trace-osr from Android devices. These flags log to stdout and on Android it is difficult to get this output that preserves the formatting. This cl redirects them to a file when --redirect-code-traces is specified. Change-Id: I8ea1f083d0ee4577f9d70cfd2d7cb2823fd1a6c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089931 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66722}
-
- 29 Feb, 2020 1 commit
-
-
Mike Stanton authored
We can make better inlining decisions in TurboFan if the CallIC will provide the feedback that it's seen multiple closures that share the same SharedFunctionInfo. This is not difficult to do, and it fixes some frustrating performance cliffs. Thanks to Bmeurer@chromium.org for the prototype CL, rebased from his project a year ago. Bug: v8:2206, v8:10100 Change-Id: I4248145ea67216f9a23efa175bbe90e7a9ee0ec4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054100 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66512}
-
- 25 Feb, 2020 1 commit
-
-
Victor Gomes authored
Context: This is part of a bigger CL: https://chromium-review.googlesource.com/c/v8/v8/+/2043840 In order to get rid of the arguments adaptor frame, we will reverse the JS arguments in the stack. Some macros will need to reverse its arguments as well, we will do that using helper macros in another CL (see src/builtins/builtins-descriptors.h in 2043840). For that we need to stringify the name kDontAdaptArgumentsSentinel, which cannot be done if '::' is in its name. This CL should not have any impact performace/memory on V8. Bug: v8:10201 Change-Id: If76b7f457c179fbddddfe1a0ae038d2f1210ad2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2066969Reviewed-by: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66432}
-
- 13 Feb, 2020 1 commit
-
-
Georgia Kouveli authored
This is a reland of 137bfe47 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} Bug: v8:10026 Change-Id: Id1adfa2e6c713f6977d69aa467986e48fe67b3c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051958Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66254}
-
- 12 Feb, 2020 2 commits
-
-
Nico Hartmann authored
This reverts commit 137bfe47. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/13072 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,neis@chromium.org,georgia.kouveli@arm.com Change-Id: I57d5928949b0d403774550b9bf7dc0b08ce4e703 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10026 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051952Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#66242}
-
Georgia Kouveli authored
This change uses the Arm v8.3 pointer authentication instructions in order to protect return addresses stored on the stack. The generated code signs the return address before storing on the stack and authenticates it after loading it. This also changes the stack frame iterator in order to authenticate stored return addresses and re-sign them when needed, as well as the deoptimizer in order to sign saved return addresses when creating new frames. This offers a level of protection against ROP attacks. This functionality is enabled with the v8_control_flow_integrity flag that this CL introduces. The code size effect of this change is small for Octane (up to 2% in some cases but mostly much lower) and negligible for larger benchmarks, however code size measurements are rather noisy. The performance impact on current cores (where the instructions are NOPs) is single digit, around 1-2% for ARES-6 and Octane, and tends to be smaller for big cores than for little cores. Bug: v8:10026 Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66239}
-
- 02 Jan, 2020 1 commit
-
-
Peter Marshall authored
Just a cleanup, should not change behavior, although we will allocate more handles in some cases. Also re-orders some of the implementations of the interface to try and keep things consistent. Included cleanup: Change CodeEventDispatcher so that it now implements CodeEventListener, given that it had that exact interface already. Also remove the macro dispatch to try and make things a bit easier to read. Bug: chromium:1033407 Change-Id: Id943b10c49f102d9783d8f4cf3a8c43e04364c77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1976390Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#65571}
-
- 13 Dec, 2019 1 commit
-
-
Michael Starzinger authored
R=hpayer@chromium.org Change-Id: I2b9a77317cd4dcf8502c237b7f8f167b80859859 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962866Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#65443}
-
- 19 Nov, 2019 1 commit
-
-
Jakob Gruber authored
We recently extended function-entry stack checks by an offset representing the difference in optimized and unoptimized frame sizes, with the intent of avoiding stack overflows during deopts. Although the generated code is very efficient (just a single additional register subtraction, executed exactly once per call), perf impact is measurable. To avoid the overhead in most cases, this CL adds a stack slack, currently set to 256 bytes, by which deopts are allowed to exceed the real V8 stack limit. For function-entry stack checks with an offset less than stack slack, the offset is not applied and the more efficient version of the stack check is emitted. The V8 limit is chosen to be smaller than OS stack size (assumed to be at least 1 MB). This guarantee is upheld even with slack. Bug: chromium:1020989,v8:9534 Change-Id: Idee2e7ad1fa7810bf086a9f72ce00a9717010310 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910099Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65025}
-
- 30 Oct, 2019 1 commit
-
-
Jakob Gruber authored
This is a reland of 4a16305b The original CL adjust only one part of the stack check, namely the comparison of the stack pointer against the stack limit in generated code. There is a second part: Runtime::kStackGuard repeats this check to distinguish between a stack overflow and an interrupt request. This second part in runtime must apply the offset just like in generated code. It is implemented in this reland by the StackCheckOffset operator and a new StackGuardWithGap runtime function. Original change's description: > [compiler] Optionally apply an offset to stack checks > > The motivation behind this change is that the frame size of an optimized > function and its unoptimized version may differ, and deoptimization > may thus trigger a stack overflow. The solution implemented in this CL > is to optionally apply an offset to the stack check s.t. the check > becomes 'sp - offset > limit'. The offset is applied to stack checks at > function-entry, and is set to the difference between the optimized and > unoptimized frame size. > > A caveat: OSR may not be fully handled by this fix since we've already > passed the function-entry stack check. A possible solution would be to > *not* skip creation of function-entry stack checks for inlinees. > > This CL: 1. annotates stack check nodes with the stack check kind, where > kind is one of {function-entry,iteration-body,unknown}. 2. potentially > allocates a temporary register to store the result of the 'sp - offset' > in instruction selection (and switches input registers to 'unique' > mode). 3. Applies the offset in code generation. > > Drive-by: Add src/compiler/globals.h for compiler-specific globals. > > Bug: v8:9534,chromium:1000887 > Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63701} Bug: v8:9534, chromium:1000887 Change-Id: I71771c281afd7d57c09aa48ea1b182d01e6dee2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822037Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#64634}
-
- 25 Oct, 2019 1 commit
-
-
Michael Starzinger authored
This class used to describe unoptimized but compiled frames. All such frames are by now covered via the architecture-independent description in the {StandardFrameConstants} class (or one of its subclasses). R=clemensb@chromium.org BUG=v8:9810 Change-Id: I294cc6eec7d4a05e88e7aa336f1ebedfa0eb6e98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1878708Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#64556}
-
- 16 Oct, 2019 1 commit
-
-
Sathya Gunasekaran authored
Updates CSA::TryToIntptr to handle array indices that are less than INT_MAX which allows to handle string keys in the ICs. Updates ICs to go monomorphic for string keys that are array indices. Updates Turbofan to handle array indices when lowering element access. Change-Id: Ibdde20130e075d0d645ab4a8266a968335eaad84 Bug: v8:9449 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813018Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64320}
-
- 11 Oct, 2019 1 commit
-
-
Jakob Kummerow authored
This is for consistency and compiler-enforced type safety. No change in behavior intended. Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#64244}
-
- 30 Sep, 2019 2 commits
-
-
Vasili Skurydzin authored
prepare for ptr compression Change-Id: Ia459ad18a30fbfd8e51bd99735f0d63644d30b8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1831788Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#64051}
-
Milad Farazmand authored
Port 559a0034 Original Commit Message: We didn't think this affected arm but it turns out it does. This is a port of https://chromium-review.googlesource.com/c/v8/v8/+/1688049 R=petermarshall@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Id081736420a20216cef5c5f483acd987785c4d97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829899Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#64044}
-
- 27 Sep, 2019 3 commits
-
-
Peter Marshall authored
We didn't think this affected arm but it turns out it does. This is a port of https://chromium-review.googlesource.com/c/v8/v8/+/1688049 Bug: v8:9057 Change-Id: I671737107e589673fc32c5fa1760d887d1bcc240 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826665Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#64024}
-
Mythri A authored
This is a reland of cfb10028 with a fix for failures in lite mode. Original change's description: > [compiler] Cache OSR optimized code > > With lazy feedback allocation, for functions that get OSRed we may > not have feedback for the initial part of the functions since feedback > vectors might be allocated after the function started executing. Hence > we would not be able to optimize the function on the next call. This > means we may have to OSR twice before we actually optimize function. > This cl introduces OSR cache, so we could reuse the optimized code. One > side effect of this cl is that the OSRed code won't be function context > specialized anymore. > > Bug: chromium:987523 > Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64014} Bug: chromium:987523 Change-Id: I9c782242b07b24d15247533ab4ee044334b429ff TBR: rmcilroy@chromium.org Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826898 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64023}
-
Michael Achenbach authored
This reverts commit cfb10028. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/6483 Original change's description: > [compiler] Cache OSR optimized code > > With lazy feedback allocation, for functions that get OSRed we may > not have feedback for the initial part of the functions since feedback > vectors might be allocated after the function started executing. Hence > we would not be able to optimize the function on the next call. This > means we may have to OSR twice before we actually optimize function. > This cl introduces OSR cache, so we could reuse the optimized code. One > side effect of this cl is that the OSRed code won't be function context > specialized anymore. > > Bug: chromium:987523 > Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64014} TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org Change-Id: Ib3692e7570bed5d3e88ca8a0247b185d70497a04 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:987523 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826668Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#64015}
-