- 11 Aug, 2022 1 commit
-
-
Darius M authored
StringConstantXXX were introduced when we switched to concurrent compilation, as a way to build strings in Turbofan in a background thread, without having to actually allocate them on the main heap from the background. See https://crrev.com/c/1221807. Now that we have local heaps, we can actually allocate strings from the background, making StringConstantXXX useless. Moreover, we would fold constant string concatenations into ConsString, which sounds a bit dubious for performance. Now, small constant string concatenations will be folded into SeqStrings, while larger ones will remain ConsString, just to avoid the quadratic worst-case. Change-Id: I0479d16aa5691c9d774187c4cc0d03ff4fe2b4f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811291Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#82381}
-
- 07 Jul, 2022 1 commit
-
-
Manos Koukoutos authored
Mostly src/codegen, src/compiler, src/snapshot, src/utils. Bug: v8:13006 Change-Id: I2fb31acc749a7376e6f2a7424ed2e67ff479d971 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749178 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#81575}
-
- 13 May, 2022 1 commit
-
-
Clemens Backes authored
Now that we require C++17 support, we can just use the standard static_assert without message, instead of our STATIC_ASSERT macro. R=leszeks@chromium.org Bug: v8:12425 Change-Id: I1d4e39c310b533bcd3a4af33d027827e6c083afe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647353Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80524}
-
- 09 May, 2022 1 commit
-
-
Peter Kasting authored
Many uses of "volatile" are deprecated in C++20 because they don't actually do anything. Remove "volatile" in these cases. Bug: chromium:1284275 Change-Id: I64a3989d73f25e0cd933375dd6fa0b3f2b3acb54 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630343 Auto-Submit: Peter Kasting <pkasting@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#80428}
-
- 29 Apr, 2022 1 commit
-
-
George Wort authored
Introduce get_hints.py and combine_hints.py in order to make the interpretation of basic block counts into hints more configurable and explicit, as well as allowing more accurate and consistent methods of combining multiple profiles. get_hints.py allows for the minimum count and threshold ratio values to be easily altered for different profiles, while combine_hints.py allows the hints produced from different benchmarks and threshold values to be easily and sensibly combined. Simply summing together basic block counts from different benchmarks could previously lead to a longer running benchmark overshadowing multiple shorter benchmarks with conflicting hints. Allowing alteration of the current threshold values gives a doubling of performance, while the new method of combining distinct profiles can double the performance improvement of the secondary benchmark while losing as little as 4% of the improvement gained in the primary benchmark. Design doc: https://docs.google.com/document/d/1OhwZnIZom47IX0lyceyt-S9i8AApDB0UqJdvQD6NuKQ/edit?usp=sharing Bug: v8:10470 Change-Id: I1c09d1eabfdda5ed6794592e2c13ff8b461be361 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545181Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: George Wort <george.wort@arm.com> Cr-Commit-Position: refs/heads/main@{#80282}
-
- 25 Apr, 2022 1 commit
-
-
Tobias Tebbi authored
TurboShaft is a new, CFG-based IR for TurboFan. This CL adds the basic IR and bidirectional translation from/to TurboFan's sea-of-nodes-based IR for some common operators (still incomplete even for JS). Bug: v8:12783 Change-Id: I162fdf10d583a9275a9f655f5b44b888faf813f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563562Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#80136}
-
- 06 Apr, 2022 1 commit
-
-
Jakob Gruber authored
With kLazy deopts gone, we can remove the stored DeoptimizeKind from Deoptimize nodes and all related spots - all Deoptimize nodes are eager deopts. Bug: v8:12765 Change-Id: I8e727e046c498198e50d9b7dba25442fb54f5da9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568456 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#79830}
-
- 23 Mar, 2022 1 commit
-
-
Nico Hartmann authored
This reverts commit aaedd8b7. Changes in the reland: The inital problem was caused by nodes that were removed during SL because they are no-ops but have an effect on typing (in the repro, this was e.g. PlainPrimitiveToNumber). The reland introdocues a new operator SLVerifierHint that is used exclusively in SL to provide hints to the verifier and that solves this problem. SLVerifierHint also replaces the previous use of TypeGuard to type constant nodes for the verifier. Bug: v8:12619, chromium:1302572 Change-Id: I0957645c03d8b7c26cd6d630a1ecbd0a6a8223ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512574Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#79564}
-
- 22 Mar, 2022 1 commit
-
-
Darius M authored
This is a reland of 6b690a6b. The previous version of this CL was a bit too aggressive in the duplication of branch conditions. This caused an increase in register pressure in some cases, thus reducing performance. In fact, duplicating branch conditions that require an "== 0" to be added provides no benefits. We are thus now a bit less aggressive, and only duplicate comparisons. Original change's description: > Reland [compiler] Simplify "==0" branches in MachineOperatorReducer > > This is a reland of 48b443f6. > > While fixing the initial CL, we stumbled upon a few bugs that > we had to fix: > > - CommonOperatorReducer and SimplifiedOperatorReducer were applied > before and after SimplifiedLowering, but always assumed that it > was before SimplifiedLowering, and thus had the wrong semantics > for branches in some cases. They now have an added parameter to > know which semantics of branch they should use. > > - The lowering of StaticAssert was wrong and could leave kHeapConstant > in the assert (instead of machine Booleans). > > Original change's description: > > [compiler] Simplify "==0" branches in MachineOperatorReducer > > > > Bug: v8:12484 > > Change-Id: I0667c7464c0dd71338bc199a24a69248a7a0a525 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497303 > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Owners-Override: Tobias Tebbi <tebbi@chromium.org> > > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#79379} > > Bug: v8:12484 > Change-Id: Ibbf5df96fce5ccb04868dc517539479bf69f5703 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516869 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79528} Bug: v8:12484 Change-Id: I31f575a59811a83c7c1acb4c14bf5ded63a8f536 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540102Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/heads/main@{#79560}
-
- 21 Mar, 2022 2 commits
-
-
Darius Mercadier authored
This reverts commit 6b690a6b. Reason for revert: causes a few regressions here https://chromeperf.appspot.com/group_report?rev=79528 Original change's description: > Reland [compiler] Simplify "==0" branches in MachineOperatorReducer > > This is a reland of 48b443f6. > > While fixing the initial CL, we stumbled upon a few bugs that > we had to fix: > > - CommonOperatorReducer and SimplifiedOperatorReducer were applied > before and after SimplifiedLowering, but always assumed that it > was before SimplifiedLowering, and thus had the wrong semantics > for branches in some cases. They now have an added parameter to > know which semantics of branch they should use. > > - The lowering of StaticAssert was wrong and could leave kHeapConstant > in the assert (instead of machine Booleans). > > Original change's description: > > [compiler] Simplify "==0" branches in MachineOperatorReducer > > > > Bug: v8:12484 > > Change-Id: I0667c7464c0dd71338bc199a24a69248a7a0a525 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497303 > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Owners-Override: Tobias Tebbi <tebbi@chromium.org> > > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#79379} > > Bug: v8:12484 > Change-Id: Ibbf5df96fce5ccb04868dc517539479bf69f5703 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516869 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79528} Bug: v8:12484 Change-Id: I457464d793e9c5af8448564aa3b46be863b96fbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540148 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/heads/main@{#79552}
-
Jakob Gruber authored
This CL removes: - Dynamic map checks aka minimorphic property loads (TF support, builtins). - "Bailout" deopts (= drop to the interpreter once, but don't throw out optimized code). - "EagerWithResume" deopts (= part of dynamic map check functionality, we call a builtin for the deopt check and deopt or resume based on the result). Fixed: v8:12552 Change-Id: I492cf1667e0f54586690b2f72a65ea804224b840 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401585 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#79544}
-
- 18 Mar, 2022 1 commit
-
-
Darius M authored
This is a reland of 48b443f6. While fixing the initial CL, we stumbled upon a few bugs that we had to fix: - CommonOperatorReducer and SimplifiedOperatorReducer were applied before and after SimplifiedLowering, but always assumed that it was before SimplifiedLowering, and thus had the wrong semantics for branches in some cases. They now have an added parameter to know which semantics of branch they should use. - The lowering of StaticAssert was wrong and could leave kHeapConstant in the assert (instead of machine Booleans). Original change's description: > [compiler] Simplify "==0" branches in MachineOperatorReducer > > Bug: v8:12484 > Change-Id: I0667c7464c0dd71338bc199a24a69248a7a0a525 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497303 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Owners-Override: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79379} Bug: v8:12484 Change-Id: Ibbf5df96fce5ccb04868dc517539479bf69f5703 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516869Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/heads/main@{#79528}
-
- 12 Aug, 2021 1 commit
-
-
Ross McIlroy authored
These are no longer enabled, so remove the code mitigation logic from the codebase. BUG=chromium:1003890 Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76256}
-
- 15 Jul, 2021 1 commit
-
-
Georg Neis authored
Bug: chromium:1228233 Change-Id: I7868cefd2123261f144d61e322a233ed460100ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026717 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#75732}
-
- 05 Jul, 2021 1 commit
-
-
Georg Neis authored
A frame state's outer frame state input can be kDeadValue. A DCHECK did not take that into account. In release builds there was no issue because we branch on the opcode anyways. While fixing this bug, I'm strengthening the FrameState class such that a FrameState node must have a kFrameState operator. I'm also - changing the result type of outer_frame_state() from FrameState to Node* since it may in fact not be a kFrameState; - removing has_outer_frame_state() because I find it unintuitive to have outer_frame_state() return non-NULL even when has_outer_frame_state() would return true. Bug: chromium:1224758 Change-Id: I8ebed75c62e31f7eef71e2941fd18869d8a56af3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001356Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75553}
-
- 30 Jun, 2021 1 commit
-
-
Ross McIlroy authored
Adds support for a seperate dynamic map checks trampoline that takes the feedback vector as an argument rather than reading it from the stack frame, to enable it to work for inlined functions. Plumbs the logic through the compiler to select between these trampolines based on the framestate. BUG=v8:9684,chromium:1224367 Change-Id: Ibc7facdc78930aedec4a102693a926f64f6de7e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992724 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#75461}
-
- 21 May, 2021 1 commit
-
-
Nico Hartmann authored
Register allocator experienced some issues with multiple nodes for the same parameter, which occurred in a few cases running turboprop. This CL adds caching of Parameter nodes in BytecodeGraphBuilder such that there exists only one node for each parameter index. Bug: v8:11796 Change-Id: I90be5438f43368510ec4c317fa532c92a446e76a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910314 Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#74715}
-
- 10 May, 2021 1 commit
-
-
Clemens Backes authored
After updating our bots to use GCC 7.4, we do not need to support incomplete C++14 support any more. In particular, we can assume complete c++14 constexpr support now. This CL removes the V8_HAS_CXX14_CONSTEXPR and CONSTEXPR_DCHECK macros. The CONSTEXPR_DCHECKs are replaced by DCHECK and friend, or STATIC_ASSERT where possible. R=jgruber@chromium.org, leszeks@chromium.org, mlippautz@chromium.org Bug: v8:9686, v8:11384 Change-Id: I3a8769a0f54da7eb2cacc37ee23e5c97092e3051 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876847Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74486}
-
- 04 Mar, 2021 1 commit
-
-
Clemens Backes authored
This removes many wasm-specific code paths from codegen, such that includes from src/wasm can be removed. After src/wasm is fully excluded from no-wasm builds, we can also clean up unused enum values, but for now they are still being referenced. R=mslekova@chromium.org Bug: v8:11238 Change-Id: I526ac931f023a57f70b5248befa2733ad10ce9ce Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732011 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#73189}
-
- 05 Feb, 2021 1 commit
-
-
Paolo Severini authored
This is a reland of 6ada6a90 - Fixed a GC issue https://bugs.chromium.org/p/v8/issues/detail?id=11335: GC expected all arguments on the stack from code with CodeKind::TURBOFAN to be tagged objects. This is not the case now with inlined Wasm calls, and this information can be passed in SafepointEntry for each call site. - Disabled JS-to-Wasm inlining for calls inside try/catch. For more details, see updated doc: https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# Bug: v8:11092 Original change's description: > Reland "Faster JS-to-Wasm calls" > > This is a reland of 860fcb1b > > - Disabled the tests for this feature in V8-lite mode (the original > change broke V8-lite tests). > - Also modified test console-profile-wasm.js that was brittle with this > change because it assumed that there was always a JS-to-Wasm wrapper > but this is not the case when the TurboFan compilation completes before > the Liftoff-compiled code starts to run. > > More changes in Patchset 8: > > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, > into a new phase, wasm-inlining that reuses the JSInliner reducer. > The doc > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# > describes the new logic. > > - Fixed a couple of small issues in wasm_compiler.cc to make sure that > the graph "JSToWasm Wrapper" subgraph has a valid Control chain; > this should solve the problem we had inlining the calls in functions > that can throw exception. Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid > generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > Bug: v8:11092 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72541}
-
- 27 Jan, 2021 1 commit
-
-
Jakob Gruber authored
Start nodes for JS functions have the following Parameter node value outputs: closure, ...args_including_receiver, new_target, argc, context This CL adds helper functions for these. There's two interesting gotcha's: - Each Parameter node is associated with an index, starting at -1. Value output indices obviously start at 0, so there's an off-by-one between the value output of the Parameter node, and the Parameter node's associated index. - CSA/Torque graphs use different Start node layouts, yet these are not reflected in compiler logic. There's potential for confusion here. The two layouts should be unified or made explicit. Finally, tests create Start nodes with arbitrary layouts. This blocks removal of methods marked _MaybeNonStandardLayout. In an ideal world, the parameter index would equal the start node output index, and the layout of all Start nodes would be equal. Future work.. Change-Id: I908909880817979062d459b7a80ed4fede40e2ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649035 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#72352}
-
- 22 Jan, 2021 1 commit
-
-
Paolo Severini authored
This reverts commit 6ada6a90. Reason for revert: Revert for link issue: https://bugs.chromium.org/p/v8/issues/detail?id=11335 Original change's description: > Reland "Faster JS-to-Wasm calls" > > This is a reland of 860fcb1b > > - Disabled the tests for this feature in V8-lite mode (the original > change broke V8-lite tests) > - Also modified test console-profile-wasm.js that was brittle with this > change because it assumed that there was always a JS-to-Wasm wrapper > but this is not the case when the TurboFan compilation completes before > the Liftoff-compiled code starts to run. > > More changes in Patchset 8: > > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, > into a new phase, wasm-inlining that reuses the JSInliner reducer. > The doc > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# > describes the new logic. > > - Fixed a couple of small issues in wasm_compiler.cc to make sure that > the graph "JSToWasm Wrapper" subgraph has a valid Control chain; > this should solve the problem we had inlining the calls in functions > that can throw exception. > > > Original change's description: > > Faster JS-to-Wasm calls > > > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > > the basis of the signature of a Wasm function to call, and whose task > > is to: > > - set "thread_in_wasm_flag" to true > > - convert the arguments from tagged types into Wasm native types > > - calculate the address of the Wasm function to call and call it > > - convert back the result from Wasm native types into tagged types > > - reset "thread_in_wasm_flag" to false. > > > > This CL tries to improve the performance of JS-to-Wasm calls by > > inlining the code of the JS-to-Wasm wrappers in the call site. > > > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > > this kind of calls. A 'JSWasmCall' node is associated to > > WasmCallParameters, which contain information about the signature of > > the Wasm function to call. > > > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > > of the Wasm function, when the conversion is not necessary. > > The actual inlining of the graph generated for this wrapper happens in > > the simplified-lowering phase. > > > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > > lazy deoptimizations that can happen if the Wasm function callee calls > > back some JS code that invalidates the compiled JS caller function. > > > > Bug: v8:11092 > > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Maya Lekova <mslekova@chromium.org> > > Reviewed-by: Andreas Haas <ahaas@chromium.org> > > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > > Cr-Commit-Position: refs/heads/master@{#71824} > > Bug: v8:11092 > Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng > Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#72147} Tbr: ahaas@chromium.org, jgruber@chromium.org Bug: v8:11092, v8:11335 Change-Id: Iab2908928dfe7ea353f70cb5d3bf2de4d3074db6 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644758 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72253}
-
- 20 Jan, 2021 2 commits
-
-
Jakob Gruber authored
Move index constants into the wrapper, add getters, and use the wrapper in more spots. Bug: v8:1166136 Change-Id: I3f37a541482fd6b7c604719c759952a72d58bad2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637218 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#72198}
-
Jakob Gruber authored
This reflects the actual contents of the type, which is an offset into the bytecode (or certain marker values). Historically, in the days of FCG the bailout id used to refer to node ids - this is why certain tracing output still calls the bailout id 'node id' and 'ast id'. These spots will be fixed in a follow-up CL. This change is mechanical: git grep -l BailoutId | while read f; do \ sed -i 's/BailoutId/BytecodeOffset/g' $f; done With a manual component of updating the DeoptimizationData method name from 'BytecodeOffset' to 'GetBytecodeOffset'. Bug: v8:11332 Change-Id: I956b947a480bf52263159c0eb1e895360bcbe6d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639754 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#72189}
-
- 19 Jan, 2021 1 commit
-
-
Paolo Severini authored
This is a reland of 860fcb1b - Disabled the tests for this feature in V8-lite mode (the original change broke V8-lite tests) - Also modified test console-profile-wasm.js that was brittle with this change because it assumed that there was always a JS-to-Wasm wrapper but this is not the case when the TurboFan compilation completes before the Liftoff-compiled code starts to run. More changes in Patchset 8: - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, into a new phase, wasm-inlining that reuses the JSInliner reducer. The doc https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# describes the new logic. - Fixed a couple of small issues in wasm_compiler.cc to make sure that the graph "JSToWasm Wrapper" subgraph has a valid Control chain; this should solve the problem we had inlining the calls in functions that can throw exception. Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > > Bug: v8:11092 > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#71824} Bug: v8:11092 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#72147}
-
- 17 Dec, 2020 2 commits
-
-
Nico Hartmann authored
This reverts commit 860fcb1b. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/13831/overview Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > > Bug: v8:11092 > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#71824} TBR=neis@chromium.org,ahaas@chromium.org,jgruber@chromium.org,tebbi@chromium.org,ishell@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org,paolosev@microsoft.com Change-Id: I214cbdee74c1a2aaad907ffc84662ed25631983e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11092 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595438Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71825}
-
Paolo Severini authored
This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. Currently JS-to-Wasm calls go through a wrapper/trampoline, built on the basis of the signature of a Wasm function to call, and whose task is to: - set "thread_in_wasm_flag" to true - convert the arguments from tagged types into Wasm native types - calculate the address of the Wasm function to call and call it - convert back the result from Wasm native types into tagged types - reset "thread_in_wasm_flag" to false. This CL tries to improve the performance of JS-to-Wasm calls by inlining the code of the JS-to-Wasm wrappers in the call site. It introduces a new IR operand, JSWasmCall, which replaces JSCall for this kind of calls. A 'JSWasmCall' node is associated to WasmCallParameters, which contain information about the signature of the Wasm function to call. WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments of the Wasm function, when the conversion is not necessary. The actual inlining of the graph generated for this wrapper happens in the simplified-lowering phase. A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage lazy deoptimizations that can happen if the Wasm function callee calls back some JS code that invalidates the compiled JS caller function. Bug: v8:11092 Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Georg Neis (ooo until January 5) <neis@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#71824}
-
- 16 Dec, 2020 1 commit
-
-
Manos Koukoutos authored
LoopExitValue nodes can be used as inputs to Phis in loop optimizations. To do this, we need to know the machine representation that needs to be passed to the new Phi node. This CL adds a MachineRepresentation argument to LoopExitValue nodes, as well as a helper to extract it. Since the MachineRepresentation is not used by JS compilation, nodes generated during JS compilation are passed kTagged as a default value. Change-Id: I925f382d5e6988d8fad3de7a6db231e871d6ed36 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578983 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Georg Neis (ooo until January 5) <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71798}
-
- 02 Dec, 2020 1 commit
-
-
Ross McIlroy authored
Unifies various operators for dynamic map checks with the naming scheme of DynamicCheckMaps (to be similar to CheckMaps. BUG=v8:10582 Change-Id: I8ac842f55fe31cdc7b84968d077017a86ddf4442 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567952 Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71559}
-
- 01 Dec, 2020 1 commit
-
-
Ross McIlroy authored
In order to reduce the codegen size of dynamic map checks, add the ability to have an eager with resume deopt point, which can call a given builitin to perform a more detailed check than can be done in codegen, and then either deoptimizes itself (as if the calling code had performed an eager deopt) or resumes execution in the calling code after the check. In addition, support for adding extra arguments to a deoptimization continuation is added to enable us to pass the necessary arguments to the DynamicMapChecks builtin. Finally, a trampoline is added to the DynamicMapChecks which saves the registers that might be clobbered by that builtin, to avoid having to save them in the generated code. This trampoline also performs the deoptimization based on the result of the DynamicMapChecks builtin. In order to ensure both the trampoline and DynamicMapChecks builtin have the same call interface, and to limit the number of registers that need saving in the trampoline, the DynamicMapChecks builtin is moved to be a CSA builtin with a custom CallInterfaceDescriptor, that calls an exported Torque macro that implements the actual functionality. All told, this changes the codegen for a monomorphic dynamic map check from: movl rbx,<expected_map> cmpl [<object>-0x1],rbx jnz <deferred_call> resume_point: ... deferred_call: <spill registers> movl rax,<slot> movq rbx,<object> movq rcx,<handler> movq r10,<DynamicMapChecks> call r10 cmpq rax,0x0 jz <restore_regs> cmpq rax,0x1 jz <deopt_point_1> cmpq rax,0x2 jz <deopt_point_2> int3l restore_regs: <restore_regs> jmp <resume_point> ... deopt_point_1: call Deoptimization_Eager deopt_point_2: call Deoptimization_Bailout To: movl rax,<slot> movl rcx,<expected_map> movq rdx,<handler> cmpl [<object>-0x1],rcx jnz <deopt_point> resume_point: ... deopt_point: call DynamicMapChecksTrampoline jmp <resume_point> BUG=v8:10582 Change-Id: Ica4927b9acc963b9b73dc62d9379a7815335650f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560197 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71545}
-
- 06 Nov, 2020 1 commit
-
-
Nico Hartmann authored
Bug: v8:11074 Change-Id: I6d58d523254915a6b0d6542d8f80ddc6cee71dee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520907Reviewed-by:
Zhi An Ng <zhin@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71003}
-
- 03 Sep, 2020 1 commit
-
-
Jakob Gruber authored
This is a reland of 453cf219 Original change's description: > [compiler] Add a StartNode wrapper class > > .. to make implicit semantics of output nodes explicit. > > Bug: v8:8888 > Change-Id: I2ea5f5fa02f3d1f51196ea1e1e46b526dd9dc7d6 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388117 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69681} Tbr: tebbi@chromium.org Bug: v8:8888 Change-Id: I7ff3fc64c607a5289981a0762ad3a2b1de5a284d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2392241 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69690}
-
- 02 Sep, 2020 2 commits
-
-
Clemens Backes authored
This reverts commit 453cf219. Reason for revert: Multiple compile errors, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug%20builder/45301 Original change's description: > [compiler] Add a StartNode wrapper class > > .. to make implicit semantics of output nodes explicit. > > Bug: v8:8888 > Change-Id: I2ea5f5fa02f3d1f51196ea1e1e46b526dd9dc7d6 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388117 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69681} TBR=jgruber@chromium.org,tebbi@chromium.org Change-Id: Ic81321960da36e8ddcdc8e0072b2e9cd41206478 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8888 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390646Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69682}
-
Jakob Gruber authored
.. to make implicit semantics of output nodes explicit. Bug: v8:8888 Change-Id: I2ea5f5fa02f3d1f51196ea1e1e46b526dd9dc7d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388117 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69681}
-
- 29 Jul, 2020 1 commit
-
-
Victor Gomes authored
Change-Id: I41be2c5b0867739dbbe3667144bf6b479c609e53 Bug: chromium:1107221 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2322628 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69122}
-
- 27 Jul, 2020 1 commit
-
-
Tobias Tebbi authored
When mksnapshot fails on a static assert in Torque, print the statement and position from the Torque source. To enable special treatment, change the syntax of static asserts in Torque from StaticAssert() to static_assert() to align with assert() and check() statements. Bug: v8:7793 Change-Id: Idda8e3c342bdcefc893ff297f8d7727d2734c221 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317314 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#69069}
-
- 17 Mar, 2020 1 commit
-
-
Georg Neis authored
To avoid that constant folding makes some type assertions hold vacuously, we don't constant-fold directly but instead introduce a new FoldConstant operator that remembers the original node and gets lowered to an equality assertion by the EffectControlLinearizer. Change-Id: I7aedbe6d4fe47461856723c0c40ba3313a376bd8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2100992 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66746}
-
- 05 Mar, 2020 1 commit
-
-
Dan Elphick authored
Optimizes InstructionSelector::AddInputsToFrameStateDescriptor by taking advantage of SparseInputMask data structure to more quickly handle empty inputs and insert all the OptimizedOut entries in one go. The number of empty inputs is now determined using CountTrailingZeros rather than iterating over them one at a time. Gives a 9% improvement to SelectInstructions runtime call stat for Octane in turboprop. Bug: v8:10051 Change-Id: Ib13d6f9644b4c89ba0546a19fe0ed623d69fec99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2037443 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66591}
-
- 04 Mar, 2020 1 commit
-
-
Igor Sheludko authored
This CL simplifies IC code since we no longer need to keep feedback slot indices in both Smi and IntPtr form and as a result it should improve overall performance of --no-opt mode on Octane by ~1%. Bug: v8:10047 Change-Id: Ib717697cdb805c9f93286e9c62ee8a63361d3560 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1965586 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#66585}
-
- 02 Mar, 2020 1 commit
-
-
Georg Neis authored
Change-Id: Ibba52fe0c94dbb95ec66bc88d0a1e9a254094013 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2080364 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66532}
-