1. 22 Mar, 2021 1 commit
  2. 05 Feb, 2021 1 commit
  3. 27 Jan, 2021 1 commit
  4. 24 Nov, 2020 1 commit
  5. 21 Oct, 2020 1 commit
    • Jakob Gruber's avatar
      Reland "Reland "[deoptimizer] Change deopt entries into builtins"" · c7cb9bec
      Jakob Gruber authored
      This is a reland of fbfa9bf4
      
      The arm64 was missing proper codegen for CFI, thus sizes were off.
      
      Original change's description:
      > Reland "[deoptimizer] Change deopt entries into builtins"
      >
      > This is a reland of 7f58ced7
      >
      > It fixes the different exit size emitted on x64/Atom CPUs due to
      > performance tuning in TurboAssembler::Call. Additionally, add
      > cctests to verify the fixed size exits.
      >
      > Original change's description:
      > > [deoptimizer] Change deopt entries into builtins
      > >
      > > While the overall goal of this commit is to change deoptimization
      > > entries into builtins, there are multiple related things happening:
      > >
      > > - Deoptimization entries, formerly stubs (i.e. Code objects generated
      > >   at runtime, guaranteed to be immovable), have been converted into
      > >   builtins. The major restriction is that we now need to preserve the
      > >   kRootRegister, which was formerly used on most architectures to pass
      > >   the deoptimization id. The solution differs based on platform.
      > > - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
      > > - Removed heap/ support for immovable Code generation.
      > > - Removed the DeserializerData class (no longer needed).
      > > - arm64: to preserve 4-byte deopt exits, introduced a new optimization
      > >   in which the final jump to the deoptimization entry is generated
      > >   once per Code object, and deopt exits can continue to emit a
      > >   near-call.
      > > - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
      > >   sizes by 4/8, 5, and 5 bytes, respectively.
      > >
      > > On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
      > > by using the same strategy as on arm64 (recalc deopt id from return
      > > address). Before:
      > >
      > >  e300a002       movw r10, <id>
      > >  e59fc024       ldr ip, [pc, <entry offset>]
      > >  e12fff3c       blx ip
      > >
      > > After:
      > >
      > >  e59acb35       ldr ip, [r10, <entry offset>]
      > >  e12fff3c       blx ip
      > >
      > > On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
      > > with CFI). Additionally, up to 4 builtin jumps are emitted per Code
      > > object (max 32 bytes added overhead per Code object). Before:
      > >
      > >  9401cdae       bl <entry offset>
      > >
      > > After:
      > >
      > >  # eager deoptimization entry jump.
      > >  f95b1f50       ldr x16, [x26, <eager entry offset>]
      > >  d61f0200       br x16
      > >  # lazy deoptimization entry jump.
      > >  f95b2b50       ldr x16, [x26, <lazy entry offset>]
      > >  d61f0200       br x16
      > >  # the deopt exit.
      > >  97fffffc       bl <eager deoptimization entry jump offset>
      > >
      > > On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
      > >
      > >  bb00000000     mov ebx,<id>
      > >  e825f5372b     call <entry>
      > >
      > > After:
      > >
      > >  e8ea2256ba     call <entry>
      > >
      > > On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
      > >
      > >  49c7c511000000 REX.W movq r13,<id>
      > >  e8ea2f0700     call <entry>
      > >
      > > After:
      > >
      > >  41ff9560360000 call [r13+<entry offset>]
      > >
      > > Bug: v8:8661,v8:8768
      > > Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
      > > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#70597}
      >
      > Tbr: ulan@chromium.org, tebbi@chromium.org, rmcilroy@chromium.org
      > Bug: v8:8661,v8:8768,chromium:1140165
      > Change-Id: Ibcd5c39c58a70bf2b2ac221aa375fc68d495e144
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485506
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70655}
      
      Tbr: ulan@chromium.org, tebbi@chromium.org, rmcilroy@chromium.org
      Bug: v8:8661
      Bug: v8:8768
      Bug: chromium:1140165
      Change-Id: I471cc94fc085e527dc9bfb5a84b96bd907c2333f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488682Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70672}
      c7cb9bec
  6. 20 Oct, 2020 3 commits
    • Maya Lekova's avatar
      Revert "Reland "[deoptimizer] Change deopt entries into builtins"" · 7c7aa4fa
      Maya Lekova authored
      This reverts commit fbfa9bf4.
      
      Reason for revert: Seems to break arm64 sim CFI build (please see DeoptExitSizeIfFixed) - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/2808
      
      Original change's description:
      > Reland "[deoptimizer] Change deopt entries into builtins"
      >
      > This is a reland of 7f58ced7
      >
      > It fixes the different exit size emitted on x64/Atom CPUs due to
      > performance tuning in TurboAssembler::Call. Additionally, add
      > cctests to verify the fixed size exits.
      >
      > Original change's description:
      > > [deoptimizer] Change deopt entries into builtins
      > >
      > > While the overall goal of this commit is to change deoptimization
      > > entries into builtins, there are multiple related things happening:
      > >
      > > - Deoptimization entries, formerly stubs (i.e. Code objects generated
      > >   at runtime, guaranteed to be immovable), have been converted into
      > >   builtins. The major restriction is that we now need to preserve the
      > >   kRootRegister, which was formerly used on most architectures to pass
      > >   the deoptimization id. The solution differs based on platform.
      > > - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
      > > - Removed heap/ support for immovable Code generation.
      > > - Removed the DeserializerData class (no longer needed).
      > > - arm64: to preserve 4-byte deopt exits, introduced a new optimization
      > >   in which the final jump to the deoptimization entry is generated
      > >   once per Code object, and deopt exits can continue to emit a
      > >   near-call.
      > > - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
      > >   sizes by 4/8, 5, and 5 bytes, respectively.
      > >
      > > On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
      > > by using the same strategy as on arm64 (recalc deopt id from return
      > > address). Before:
      > >
      > >  e300a002       movw r10, <id>
      > >  e59fc024       ldr ip, [pc, <entry offset>]
      > >  e12fff3c       blx ip
      > >
      > > After:
      > >
      > >  e59acb35       ldr ip, [r10, <entry offset>]
      > >  e12fff3c       blx ip
      > >
      > > On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
      > > with CFI). Additionally, up to 4 builtin jumps are emitted per Code
      > > object (max 32 bytes added overhead per Code object). Before:
      > >
      > >  9401cdae       bl <entry offset>
      > >
      > > After:
      > >
      > >  # eager deoptimization entry jump.
      > >  f95b1f50       ldr x16, [x26, <eager entry offset>]
      > >  d61f0200       br x16
      > >  # lazy deoptimization entry jump.
      > >  f95b2b50       ldr x16, [x26, <lazy entry offset>]
      > >  d61f0200       br x16
      > >  # the deopt exit.
      > >  97fffffc       bl <eager deoptimization entry jump offset>
      > >
      > > On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
      > >
      > >  bb00000000     mov ebx,<id>
      > >  e825f5372b     call <entry>
      > >
      > > After:
      > >
      > >  e8ea2256ba     call <entry>
      > >
      > > On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
      > >
      > >  49c7c511000000 REX.W movq r13,<id>
      > >  e8ea2f0700     call <entry>
      > >
      > > After:
      > >
      > >  41ff9560360000 call [r13+<entry offset>]
      > >
      > > Bug: v8:8661,v8:8768
      > > Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
      > > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#70597}
      >
      > Tbr: ulan@chromium.org, tebbi@chromium.org, rmcilroy@chromium.org
      > Bug: v8:8661,v8:8768,chromium:1140165
      > Change-Id: Ibcd5c39c58a70bf2b2ac221aa375fc68d495e144
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485506
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70655}
      
      TBR=ulan@chromium.org,rmcilroy@chromium.org,jgruber@chromium.org,tebbi@chromium.org
      
      Change-Id: I4739a3475bfd8ee0cfbe4b9a20382f91a6ef1bf0
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8661
      Bug: v8:8768
      Bug: chromium:1140165
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485223Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Commit-Queue: Maya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70658}
      7c7aa4fa
    • Jakob Gruber's avatar
      Reland "[deoptimizer] Change deopt entries into builtins" · fbfa9bf4
      Jakob Gruber authored
      This is a reland of 7f58ced7
      
      It fixes the different exit size emitted on x64/Atom CPUs due to
      performance tuning in TurboAssembler::Call. Additionally, add
      cctests to verify the fixed size exits.
      
      Original change's description:
      > [deoptimizer] Change deopt entries into builtins
      >
      > While the overall goal of this commit is to change deoptimization
      > entries into builtins, there are multiple related things happening:
      >
      > - Deoptimization entries, formerly stubs (i.e. Code objects generated
      >   at runtime, guaranteed to be immovable), have been converted into
      >   builtins. The major restriction is that we now need to preserve the
      >   kRootRegister, which was formerly used on most architectures to pass
      >   the deoptimization id. The solution differs based on platform.
      > - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
      > - Removed heap/ support for immovable Code generation.
      > - Removed the DeserializerData class (no longer needed).
      > - arm64: to preserve 4-byte deopt exits, introduced a new optimization
      >   in which the final jump to the deoptimization entry is generated
      >   once per Code object, and deopt exits can continue to emit a
      >   near-call.
      > - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
      >   sizes by 4/8, 5, and 5 bytes, respectively.
      >
      > On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
      > by using the same strategy as on arm64 (recalc deopt id from return
      > address). Before:
      >
      >  e300a002       movw r10, <id>
      >  e59fc024       ldr ip, [pc, <entry offset>]
      >  e12fff3c       blx ip
      >
      > After:
      >
      >  e59acb35       ldr ip, [r10, <entry offset>]
      >  e12fff3c       blx ip
      >
      > On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
      > with CFI). Additionally, up to 4 builtin jumps are emitted per Code
      > object (max 32 bytes added overhead per Code object). Before:
      >
      >  9401cdae       bl <entry offset>
      >
      > After:
      >
      >  # eager deoptimization entry jump.
      >  f95b1f50       ldr x16, [x26, <eager entry offset>]
      >  d61f0200       br x16
      >  # lazy deoptimization entry jump.
      >  f95b2b50       ldr x16, [x26, <lazy entry offset>]
      >  d61f0200       br x16
      >  # the deopt exit.
      >  97fffffc       bl <eager deoptimization entry jump offset>
      >
      > On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
      >
      >  bb00000000     mov ebx,<id>
      >  e825f5372b     call <entry>
      >
      > After:
      >
      >  e8ea2256ba     call <entry>
      >
      > On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
      >
      >  49c7c511000000 REX.W movq r13,<id>
      >  e8ea2f0700     call <entry>
      >
      > After:
      >
      >  41ff9560360000 call [r13+<entry offset>]
      >
      > Bug: v8:8661,v8:8768
      > Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70597}
      
      Tbr: ulan@chromium.org, tebbi@chromium.org, rmcilroy@chromium.org
      Bug: v8:8661,v8:8768,chromium:1140165
      Change-Id: Ibcd5c39c58a70bf2b2ac221aa375fc68d495e144
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485506Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70655}
      fbfa9bf4
    • Jakob Gruber's avatar
      Revert "[deoptimizer] Change deopt entries into builtins" · 8bc9a794
      Jakob Gruber authored
      This reverts commit 7f58ced7.
      
      Reason for revert: Segfaults on Atom_x64 https://ci.chromium.org/p/v8-internal/builders/ci/v8_linux64_atom_perf/5686?
      
      Original change's description:
      > [deoptimizer] Change deopt entries into builtins
      >
      > While the overall goal of this commit is to change deoptimization
      > entries into builtins, there are multiple related things happening:
      >
      > - Deoptimization entries, formerly stubs (i.e. Code objects generated
      >   at runtime, guaranteed to be immovable), have been converted into
      >   builtins. The major restriction is that we now need to preserve the
      >   kRootRegister, which was formerly used on most architectures to pass
      >   the deoptimization id. The solution differs based on platform.
      > - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
      > - Removed heap/ support for immovable Code generation.
      > - Removed the DeserializerData class (no longer needed).
      > - arm64: to preserve 4-byte deopt exits, introduced a new optimization
      >   in which the final jump to the deoptimization entry is generated
      >   once per Code object, and deopt exits can continue to emit a
      >   near-call.
      > - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
      >   sizes by 4/8, 5, and 5 bytes, respectively.
      >
      > On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
      > by using the same strategy as on arm64 (recalc deopt id from return
      > address). Before:
      >
      >  e300a002       movw r10, <id>
      >  e59fc024       ldr ip, [pc, <entry offset>]
      >  e12fff3c       blx ip
      >
      > After:
      >
      >  e59acb35       ldr ip, [r10, <entry offset>]
      >  e12fff3c       blx ip
      >
      > On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
      > with CFI). Additionally, up to 4 builtin jumps are emitted per Code
      > object (max 32 bytes added overhead per Code object). Before:
      >
      >  9401cdae       bl <entry offset>
      >
      > After:
      >
      >  # eager deoptimization entry jump.
      >  f95b1f50       ldr x16, [x26, <eager entry offset>]
      >  d61f0200       br x16
      >  # lazy deoptimization entry jump.
      >  f95b2b50       ldr x16, [x26, <lazy entry offset>]
      >  d61f0200       br x16
      >  # the deopt exit.
      >  97fffffc       bl <eager deoptimization entry jump offset>
      >
      > On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
      >
      >  bb00000000     mov ebx,<id>
      >  e825f5372b     call <entry>
      >
      > After:
      >
      >  e8ea2256ba     call <entry>
      >
      > On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
      >
      >  49c7c511000000 REX.W movq r13,<id>
      >  e8ea2f0700     call <entry>
      >
      > After:
      >
      >  41ff9560360000 call [r13+<entry offset>]
      >
      > Bug: v8:8661,v8:8768
      > Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70597}
      
      TBR=ulan@chromium.org,rmcilroy@chromium.org,jgruber@chromium.org,tebbi@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:8661,v8:8768,chromium:1140165
      Change-Id: I3df02ab42f6e02233d9f6fb80e8bb18f76870d91
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485504Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70649}
      8bc9a794
  7. 19 Oct, 2020 2 commits
    • Salome Thirot's avatar
      [arm64] Fixed authentication bug in liftoff PrepareTailCall · 39758cdf
      Salome Thirot authored
      This fixes a bug that made a test fail in mjsunit/wasm/return-call.js
      (the CFI bot does not run the tests with --variants=extra, hence why
      it didn't catch it).
      It also introduces --sim-abort-on-bad-auth, a debug flag for the arm64
      simulator that stops a program as soon as an authentication error
      appears, to make debugging easier.
      
      Change-Id: Ibee731ab788aff45301d268ef05256b82f5e4613
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473833
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70601}
      39758cdf
    • Jakob Gruber's avatar
      [deoptimizer] Change deopt entries into builtins · 7f58ced7
      Jakob Gruber authored
      While the overall goal of this commit is to change deoptimization
      entries into builtins, there are multiple related things happening:
      
      - Deoptimization entries, formerly stubs (i.e. Code objects generated
        at runtime, guaranteed to be immovable), have been converted into
        builtins. The major restriction is that we now need to preserve the
        kRootRegister, which was formerly used on most architectures to pass
        the deoptimization id. The solution differs based on platform.
      - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
      - Removed heap/ support for immovable Code generation.
      - Removed the DeserializerData class (no longer needed).
      - arm64: to preserve 4-byte deopt exits, introduced a new optimization
        in which the final jump to the deoptimization entry is generated
        once per Code object, and deopt exits can continue to emit a
        near-call.
      - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
        sizes by 4/8, 5, and 5 bytes, respectively.
      
      On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
      by using the same strategy as on arm64 (recalc deopt id from return
      address). Before:
      
       e300a002       movw r10, <id>
       e59fc024       ldr ip, [pc, <entry offset>]
       e12fff3c       blx ip
      
      After:
      
       e59acb35       ldr ip, [r10, <entry offset>]
       e12fff3c       blx ip
      
      On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
      with CFI). Additionally, up to 4 builtin jumps are emitted per Code
      object (max 32 bytes added overhead per Code object). Before:
      
       9401cdae       bl <entry offset>
      
      After:
      
       # eager deoptimization entry jump.
       f95b1f50       ldr x16, [x26, <eager entry offset>]
       d61f0200       br x16
       # lazy deoptimization entry jump.
       f95b2b50       ldr x16, [x26, <lazy entry offset>]
       d61f0200       br x16
       # the deopt exit.
       97fffffc       bl <eager deoptimization entry jump offset>
      
      On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
      
       bb00000000     mov ebx,<id>
       e825f5372b     call <entry>
      
      After:
      
       e8ea2256ba     call <entry>
      
      On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
      
       49c7c511000000 REX.W movq r13,<id>
       e8ea2f0700     call <entry>
      
      After:
      
       41ff9560360000 call [r13+<entry offset>]
      
      Bug: v8:8661,v8:8768
      Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70597}
      7f58ced7
  8. 30 Sep, 2020 1 commit
    • Jakob Gruber's avatar
      Rename legacy code kinds · 29bcdaad
      Jakob Gruber authored
      CodeKind::OPTIMIZED_CODE -> TURBOFAN
      
      Kinds are now more fine-grained and distinguish between TF, TP, NCI.
      
      CodeKind::STUB -> DEOPT_ENTRIES_OR_FOR_TESTING
      
      Code stubs (like builtins, but generated at runtime) were removed from
      the codebase years ago, this is the last remnant. This kind is used
      only for deopt entries (which should be converted into builtins) and
      for tests.
      
      Change-Id: I67beb15377cb60f395e9b051b25f3e5764982e93
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440335
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Commit-Queue: Mythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70234}
      29bcdaad
  9. 09 Sep, 2020 1 commit
  10. 05 Aug, 2020 1 commit
    • Jakob Gruber's avatar
      [nci] Replace CompilationTarget with a new Code::Kind value · c51041f4
      Jakob Gruber authored
      With the new Turbofan variants (NCI and Turboprop), we need a way to
      distinguish between them both during and after compilation. We
      initially introduced CompilationTarget to track the variant during
      compilation, but decided to reuse the code kind as the canonical spot to
      store this information instead.
      
      Why? Because it is an established mechanism, already available in most
      of the necessary spots (inside the pipeline, on Code objects, in
      profiling traces).
      
      This CL removes CompilationTarget and adds a new
      NATIVE_CONTEXT_INDEPENDENT kind, plus helper functions to determine
      various things about a given code kind (e.g.: does this code kind
      deopt?).
      
      As a (very large) drive-by, refactor both Code::Kind and
      AbstractCode::Kind into a new CodeKind enum class.
      
      Bug: v8:8888
      Change-Id: Ie858b9a53311b0731630be35cf5cd108dee95b39
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336793
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69244}
      c51041f4
  11. 16 Jun, 2020 2 commits
  12. 09 Jun, 2020 1 commit
  13. 17 Mar, 2020 1 commit
  14. 24 Feb, 2020 1 commit
  15. 19 Feb, 2020 1 commit
  16. 13 Feb, 2020 1 commit
    • Georgia Kouveli's avatar
      Reland "[arm64] Protect return addresses stored on stack" · 73f88b5f
      Georgia Kouveli authored
      This is a reland of 137bfe47
      
      Original change's description:
      > [arm64] Protect return addresses stored on stack
      > 
      > This change uses the Arm v8.3 pointer authentication instructions in
      > order to protect return addresses stored on the stack.  The generated
      > code signs the return address before storing on the stack and
      > authenticates it after loading it. This also changes the stack frame
      > iterator in order to authenticate stored return addresses and re-sign
      > them when needed, as well as the deoptimizer in order to sign saved
      > return addresses when creating new frames. This offers a level of
      > protection against ROP attacks.
      > 
      > This functionality is enabled with the v8_control_flow_integrity flag
      > that this CL introduces.
      > 
      > The code size effect of this change is small for Octane (up to 2% in
      > some cases but mostly much lower) and negligible for larger benchmarks,
      > however code size measurements are rather noisy. The performance impact
      > on current cores (where the instructions are NOPs) is single digit,
      > around 1-2% for ARES-6 and Octane, and tends to be smaller for big
      > cores than for little cores.
      > 
      > Bug: v8:10026
      > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782
      > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#66239}
      
      Bug: v8:10026
      Change-Id: Id1adfa2e6c713f6977d69aa467986e48fe67b3c2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051958Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
      Cr-Commit-Position: refs/heads/master@{#66254}
      73f88b5f
  17. 12 Feb, 2020 2 commits
    • Nico Hartmann's avatar
      Revert "[arm64] Protect return addresses stored on stack" · 6a9a67d9
      Nico Hartmann authored
      This reverts commit 137bfe47.
      
      Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/13072
      
      Original change's description:
      > [arm64] Protect return addresses stored on stack
      > 
      > This change uses the Arm v8.3 pointer authentication instructions in
      > order to protect return addresses stored on the stack.  The generated
      > code signs the return address before storing on the stack and
      > authenticates it after loading it. This also changes the stack frame
      > iterator in order to authenticate stored return addresses and re-sign
      > them when needed, as well as the deoptimizer in order to sign saved
      > return addresses when creating new frames. This offers a level of
      > protection against ROP attacks.
      > 
      > This functionality is enabled with the v8_control_flow_integrity flag
      > that this CL introduces.
      > 
      > The code size effect of this change is small for Octane (up to 2% in
      > some cases but mostly much lower) and negligible for larger benchmarks,
      > however code size measurements are rather noisy. The performance impact
      > on current cores (where the instructions are NOPs) is single digit,
      > around 1-2% for ARES-6 and Octane, and tends to be smaller for big
      > cores than for little cores.
      > 
      > Bug: v8:10026
      > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782
      > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#66239}
      
      TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,neis@chromium.org,georgia.kouveli@arm.com
      
      Change-Id: I57d5928949b0d403774550b9bf7dc0b08ce4e703
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:10026
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051952Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66242}
      6a9a67d9
    • Georgia Kouveli's avatar
      [arm64] Protect return addresses stored on stack · 137bfe47
      Georgia Kouveli authored
      This change uses the Arm v8.3 pointer authentication instructions in
      order to protect return addresses stored on the stack.  The generated
      code signs the return address before storing on the stack and
      authenticates it after loading it. This also changes the stack frame
      iterator in order to authenticate stored return addresses and re-sign
      them when needed, as well as the deoptimizer in order to sign saved
      return addresses when creating new frames. This offers a level of
      protection against ROP attacks.
      
      This functionality is enabled with the v8_control_flow_integrity flag
      that this CL introduces.
      
      The code size effect of this change is small for Octane (up to 2% in
      some cases but mostly much lower) and negligible for larger benchmarks,
      however code size measurements are rather noisy. The performance impact
      on current cores (where the instructions are NOPs) is single digit,
      around 1-2% for ARES-6 and Octane, and tends to be smaller for big
      cores than for little cores.
      
      Bug: v8:10026
      Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782
      Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66239}
      137bfe47
  18. 03 Feb, 2020 1 commit
  19. 14 Nov, 2019 2 commits
  20. 04 Sep, 2019 1 commit
  21. 03 Sep, 2019 1 commit
    • Pierre Langlois's avatar
      [arm64] Fix backwards branch ranges. · ffffed90
      Pierre Langlois authored
      The `Instruction::IsValidImmPCOffset()` method was taking an `offset` argument
      in numbers of *instructions* while we were passing it numbers of *bytes*. See
      `Instruction::IsTargetInImmPCOffsetRange()` and
      `MacroAssembler::NeedExtraInstructionsOrRegisterBranch()`.
      
      As a result, we were 4 times too conservative when computing branch ranges going
      backwards, forcing us to generate the following sequence for TBZ more often than
      needed:
      
      ```
        TBNZ <skip>
        B <target>
      skip:
      ```
      
      This happened rarely for loops, but a lot when doing an early return from
      out-of-line calls to write barriers. Since out-of-line code is easily out of
      range of 8K, although the real range of TBZ is 32K.
      
      This fixes it by changing this method to take a byte offset instead of
      instructions, as this is more intuitive and in line with similar methods. For
      instance, `Instruction::ImmPcOffset()` returns an offset in bytes.
      
      The tests are adapted so that they would have caught such a bug:
      
      * TEST(far_branch_backward):
      
        This test used to only check the code worked if the branch was very far away,
        but it didn't test the range was correct. So this test was changed to check
        each branch type separately, and test in-range and out-of-range cases
        separately too.
      
      * TEST(far_branch_veneer_broken_link_chain):
      
        Because of the backwards range bug, this test wasn't actually testing what it
        should. The idea of the test is to make sure the MacroAssembler can still cope
        when the chain of links is broken after a veneer was emitted. But no veneers
        were ever emitted.
      
      Change-Id: Iddb5c683a71147455175f38fa7ae57da0a3e7337
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781058Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63518}
      ffffed90
  22. 24 Jul, 2019 1 commit
  23. 18 Jun, 2019 1 commit
    • Sigurd Schneider's avatar
      Reland "[arm64] Refactor constant pool implementation" · e93d244f
      Sigurd Schneider authored
      This is a reland of ac79b539
      
      This CL adds a missing BlockPoolsScope to guard a RequestHeapObject
      call. This fixes a latend bug that the original land flushed out.
      
      Original change's description:
      > [arm64] Refactor constant pool implementation
      >
      > This refactors the constant pool handling for arm64. The immediate goal
      > is to allow 32bit compressed pointers in the pool. The mediate goal is
      > to unify the implementation with the arm constant pool, which will be
      > done in a follow-up CL.
      >
      > Bug: v8:8054
      > Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62209}
      
      TBR=mstarzinger@chromium.org,jgruber@chromium.org,georgia.kouveli@arm.com
      
      Bug: v8:8054
      Change-Id: I1e3ab13619a48caad33d77ed8bed86782f9d9674
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664054Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62237}
      e93d244f
  24. 17 Jun, 2019 2 commits
  25. 12 Jun, 2019 1 commit
    • Sigurd Schneider's avatar
      [arm64,test] Generate code object in assembler tests · 4c0bf17e
      Sigurd Schneider authored
      This is pre-work for a refactoring that changes how heap objects
      are handled in the assembler: Currently, we put the handle location in
      the constant pool, and replace these with the actual heap object when
      we copy the code from the assembler's buffer to the heap.
      
      In the future, we will put a small index in the constant pool, which
      will ultimately enable 32bit constant pool slots for compressed heap
      objects. This small index will be fixed up when we copy the code to
      the heap.
      
      This CL makes the assembler tests copy the code to the heap, which
      ensures that the fix-up phase is actually run.
      
      Change-Id: I80cd69dc57414a3bd0a27f8d558616aadcae05a2
      Bug: v8:7703
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647166
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62112}
      4c0bf17e
  26. 04 Jun, 2019 1 commit
  27. 28 May, 2019 1 commit
  28. 27 May, 2019 1 commit
  29. 24 May, 2019 1 commit
  30. 21 May, 2019 1 commit
  31. 02 May, 2019 1 commit
  32. 30 Apr, 2019 1 commit
    • Mike Stanton's avatar
      Reland "[ptr-compr] New RelocInfo for compressed pointers." · ed319e84
      Mike Stanton authored
      Failure addressed by not exposing the new test to the jitless environment.
      (jgruber@ on TBR).
      
      New enum RelocInfo::COMPRESSED_EMBEDDED_OBJECT created to support
      compressed pointers in generated code. Enum name EMBEDDED_OBJECT
      changed to FULL_EMBEDDED_OBJECT.
      
      RelocInfo::[set_]target_object() abstract away the difference between
      FULL_EMBEDDED_OBJECT and COMPRESSED_EMBEDDED_OBJECT.
      
      Compressed embedded objects can only be created at this time on
      x64 with pointer compression turned on. Arm64 constant pools don't
      support compressed objects at this time.
      
      NOPRESUBMIT=true
      
      Bug: v8:7703
      TBR: jgruber@chromium.org
      Change-Id: Ifff53b041bab09b4b8c3e16085e5df4aa2b99f4f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588461Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61104}
      ed319e84
  33. 29 Apr, 2019 1 commit