Skip to content

V
V8
Switch branch/tag
  1. 28 Oct, 2021 1 commit
    • Tobias Tebbi's avatar
      Reland "[turbofan] extend type asserts to cover all JS types" · 392078fb
      Tobias Tebbi authored 
      This is a reland of 45227ffd
Differences:
- Handle one more flags conflict in variants.py.
- Disallow %VerifyType without --concurrent-recompilation.

Original change's description:
> [turbofan] extend type asserts to cover all JS types
>
> Extend type assertions to all types covering JavaScript values.
> This is achieved by allocating type representations on the heap using
> newly defined HeapObject subclasses. To allocate these in the compiler,
> we disable concurrent compilation for the --assert-types flag for now.
>
> Fix two type errors that came up with the existing tests:
> 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
>    OtherObject.
> 2. OperationTyper::NumberToString(Type) can type the result as the
>    HeapConstant Factory::zero_string(). However, NumberToString does
>    not always produce this string. To avoid regressions, the CL keeps
>    the HeapConstant type and changes the runtime and builtin code to
>    always produce the canonical "0" string.
>
> A few tests were failing because they check for truncations to work
> and prevent deoptimization. However, AssertType nodes destroy all
> truncations (which is by design), so these tests are incompatible
> and now disabled for the assert_types variant.
>
> Drive-by fix: a few minor Torque issues that came up.
>
> Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77565}

Change-Id: I5b3c6745c6ad349ff8c2b199d9afdf0a9b5a7392
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247035
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77596}
      392078fb
  3. 27 Oct, 2021 2 commits
    • Maya Lekova's avatar
      Revert "[turbofan] extend type asserts to cover all JS types" · 54f90462
      Maya Lekova authored 
      This reverts commit 45227ffd.

Reason for revert: Breaks on gc_stress mode, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/35988/overview

Original change's description:
> [turbofan] extend type asserts to cover all JS types
>
> Extend type assertions to all types covering JavaScript values.
> This is achieved by allocating type representations on the heap using
> newly defined HeapObject subclasses. To allocate these in the compiler,
> we disable concurrent compilation for the --assert-types flag for now.
>
> Fix two type errors that came up with the existing tests:
> 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
>    OtherObject.
> 2. OperationTyper::NumberToString(Type) can type the result as the
>    HeapConstant Factory::zero_string(). However, NumberToString does
>    not always produce this string. To avoid regressions, the CL keeps
>    the HeapConstant type and changes the runtime and builtin code to
>    always produce the canonical "0" string.
>
> A few tests were failing because they check for truncations to work
> and prevent deoptimization. However, AssertType nodes destroy all
> truncations (which is by design), so these tests are incompatible
> and now disabled for the assert_types variant.
>
> Drive-by fix: a few minor Torque issues that came up.
>
> Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77565}

Change-Id: Ia779a11fc811846194c7a8d1e40b372b265e7ea4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247034
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77566}
      54f90462
    • Tobias Tebbi's avatar
      [turbofan] extend type asserts to cover all JS types · 45227ffd
      Tobias Tebbi authored 
      Extend type assertions to all types covering JavaScript values.
This is achieved by allocating type representations on the heap using
newly defined HeapObject subclasses. To allocate these in the compiler,
we disable concurrent compilation for the --assert-types flag for now.

Fix two type errors that came up with the existing tests:
1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
   OtherObject.
2. OperationTyper::NumberToString(Type) can type the result as the
   HeapConstant Factory::zero_string(). However, NumberToString does
   not always produce this string. To avoid regressions, the CL keeps
   the HeapConstant type and changes the runtime and builtin code to
   always produce the canonical "0" string.

A few tests were failing because they check for truncations to work
and prevent deoptimization. However, AssertType nodes destroy all
truncations (which is by design), so these tests are incompatible
and now disabled for the assert_types variant.

Drive-by fix: a few minor Torque issues that came up.

Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77565}
      45227ffd
  5. 30 Sep, 2021 2 commits
  7. 21 Jul, 2021 1 commit
  9. 20 Jul, 2021 1 commit
    • Seth Brenith's avatar
      [cleanup] Use @generateCppClass on more classes · 334b94e1
      Seth Brenith authored 
      Most Torque-defined extern classes already use @generateCppClass. As
Nico pointed out in [1], it would be nice to convert the remaining
classes and remove this option. This change converts most of those
remaining classes. I know that the future of Torque-defined classes is a
subject of some debate right now, but I think that it's worth doing a
few mechanical changes to reduce the existing variety of options.

Changes that don't exactly follow the usual pattern:
1. BigIntBase, MutableBigInt: we can define these without a body, and
   then Torque treats them as "really external" rather than "kind of
   external, but with some Torque-generated parts".
2. RegExpMatchInfo: moved its inline functions into a separate file,
   which the generated -tq.cc file requires.

[1] https://docs.google.com/document/d/1q_gZLnXd4bGnCx3IUfbln46K3bSs9UHBGasy9McQtHI/edit#

Bug: v8:8952
Change-Id: I84c7958a295caa0bab847683c05022e18c921cad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027742Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75817}
      334b94e1
  11. 01 Feb, 2021 1 commit
    • Peter Wong's avatar
      [torque] Port String.prototype.includes/indexOf and StringIndexOf · 5a2c53f9
      Peter Wong authored 
      - Removed no longer used StringBuiltinAssembler methods (DispatchOnStringEncodings, PointerToStringDataAtIndex)
- Removed no longer used Runtime functions (StringIncludes, StringIndexOf, StringIndexOfUnchecked).
- Overall builtin code size is reduced (652 bytes on Mac x64.release build), builtin size breakdown:

BEFORE
======
TFS Builtin, StringIndexOf, 1092
TFJ Builtin, StringPrototypeIncludes, 1784
TFJ Builtin, StringPrototypeIndexOf, 1536
Total = 4412

AFTER
=====
TFC Builtin, StringIndexOf, 2036 (+944)
TFJ Builtin, StringPrototypeIncludes, 1072 (-712)
TFJ Builtin, StringPrototypeIndexOf, 652 (-884)
Total = 3760 (-652)


Bug: v8:8996
Change-Id: I9a88c095e2097f7d570e58e744d6692dc524ddf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2660995
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72456}
      5a2c53f9
  13. 17 Dec, 2020 1 commit
  15. 04 Dec, 2020 1 commit
    • Tobias Tebbi's avatar
      [torque] uniform flattening and string access in Torque · 65d2c4b4
      Tobias Tebbi authored 
      Port String::Flatten to Torque (using a fast C call for the
non-allocating part) and provide fast and easy access to sequential
string data in Torque: GetStringData() flattens if necessary and
computes slices that allow direct access.

Applications: String.prototype.replaceAll, String.prototype.endsWith,
  and String.prototype.beginsWith now use GetStringData() and direct
  slice access instead of the slow StringCharCodeAt and they no
  longer bail out to the runtime for flattening.

Drive-by changes:
  - Expose String instance type bits as bitfields and enums in Torque.
  - Fix method lookup in Torque to include superclass methods.
  - Use char8 and char16 types in more places.
  - Allow fast C calls with void return type.
  - Add Torque macros to create subslices.
  - Add no-GC scopes to runtime functions loading external string data.


Bug: v8:7793
Change-Id: I763b9b24212770307c9b2fe9f070f21f65d68d58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565515
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71611}
      65d2c4b4
  17. 30 Nov, 2020 1 commit
  19. 11 Nov, 2020 2 commits
  21. 29 Sep, 2020 1 commit
  23. 17 Aug, 2020 1 commit
    • Z Nguyen-Huu's avatar
      Reland "Improve NumberToString when cache miss and Smi" · 22874998
      Z Nguyen-Huu authored 
      This is a reland of 1b35c0fa

Reason for revert: Seems to reliably break a numerics test:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/31516

It was really slow and timeout with debug build run this test
mjsunit/math-exp-precision with --optimize-for-size because we resize
cache in CSA. Default this to runtime would avoid the timeout.

Also with --optimize-for-size, we don't have enough space to allocate
full-size cache so avoid to resize cache in this case.

In my local PC, time for this test decreases as follows.
Before: 52s
After: 3s

Original change's description:
> Improve NumberToString when cache miss and Smi
>
> Cache miss was handled in runtime before. This change add fast path for
> Smi in this case.
>
> Perf show 30% improvement for the following example.
> Before 67 ms
> After 42 ms
>
> const start = new Date();
> const MAX = 1000000;
> for (var i = 0; i < MAX; i++) {
>     i.toString();
> }
> const end = new Date();
> console.log("Time :"+ (end-start));
>
> Change-Id: I162e9c35f58551ca6a5a0efe79fb7c7b482a8594
> Bug: v8:10477
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332866
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69362}

Bug: v8:10477
Change-Id: I892a9007210032640d0bf22e61c8e7ad1a4377c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351398Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69413}
      22874998
  25. 12 Aug, 2020 2 commits
  27. 23 Jun, 2020 1 commit
    • Daniel Clifford's avatar
      [torque] generate Cast<> macros from Torque-defined classes · 1052dfb3
      Daniel Clifford authored 
      This change enables automatic generation of Cast<> operators for
classes that are defined in Torque.

* Cast<> macros are generated for all classes that are defined in
  Torque code that are neither shapes nor marked with a new
  @doNotGenerateCast annotation.

* Implicitly generated Cast macros simply call through to an
  internally-defined "DownCastForTorqueClass" macro that implements
  the cast using one of three strategies for efficiency. If the class
  has subclasses (i.e. a range of instance types including subtypes),
  the DownCastForTorqueClass checks for inclusion in the instance type
  range. If the class has a single instance type (i.e. no subclasses),
  then either 1) a map check is used if the class has a globally-
  defined map constant or 2) an equality check for the instance type
  is used.

* Added new intrinsics to introspect class information, e.g. fetching
  instance type ranges for a class, accessing the globally-defined map
  for a class.

* Removed a whole pile of existing explicit Cast<> operators that are
  no longer needed because of the implicitly generated Cast<> macros.

* Added tests for the new Cast<> implementations.

Bug: v8:7793
Change-Id: I3aadb0c62b720e9de4e7978b9ec4f05075771b8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250239
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68478}
      1052dfb3
  29. 06 May, 2020 2 commits
  31. 04 May, 2020 1 commit
    • Tobias Tebbi's avatar
      [torque] improve GC visitors · f1400e43
      Tobias Tebbi authored 
      Summary of changes:

- GC visitors no longer rely on superclass visitors, but instead visit
  everything themselves. This enables generating better code.
- Try to match simple body descriptors to reduce the amount of generated
  code.
- Turn SizeFor(instance) into an AllocatedSize() method.
- Remove the special handling of resizable object sizes from Torque
  and instead overwrite AllocatedSize in classes that need special
  handling in C++.
- Split the visitor id lists depending on whether the class has pointer
  fields.
- Turn Torque-generated body descriptors into an .inc file to
  simplify includes.
- Fix generated size functions to properly align the size.
- Generate GC visitors (and C++ class definitions) for all string
  classes and FixedArray, WeakFixedArray, and WeakArrayList.
- Store generated instance types in Torque class types. This is only
  used to determine if a type has a single instance type in this CL.

Bug: v8:7793
Change-Id: I4d362e96b047c305bd6d065247734957b8958c42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2110014
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67542}
      f1400e43
  33. 18 Mar, 2020 1 commit
  35. 10 Dec, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] allow allocation of strings · 8ed9be48
      Tobias Tebbi authored 
      This CL generalizes and improves how we handle allocations in Torque.

Overview of the changes:
- Remove obsolete special handling for JSObject classes, since it was
  incomplete: It breaks as soon as slack tracking is active.
- Handle array initialization using slices.
- Properly align allocation sizes. This enabled allocating strings.
- Port AllocateSeq{One,Two}ByteString to Torque, which is much easier
  now than the old CSA code since allocation size alignment and
  large-object space allocation just happen out-of-the-box.
- Remove obsolete or unnecessary intrinsics, some of them turn into
  macros in the torque_internal namespace.
- Distinguish between header size and overall size for ClassType,
  make size optional and only defined when it is statically known.


Bug: v8:10004 v8:7793
Change-Id: I623db233e7fb4deed54e8039ae0c24705e9a44e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932356Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65397}
      8ed9be48
  37. 11 Nov, 2019 1 commit