- 14 Sep, 2021 1 commit
-
-
Georg Neis authored
1) Code in JSCallReducer read a FeedbackCell twice and expected the result to be the same. 2) JSInliningHeuristics, in the CheckClosure case, assumed that the FeedbackCell contains a FeedbackVector. Bug: chromium:1248743, v8:7790 Change-Id: I66d6dd5f7a879c2479572e1896dd78aeedd2fa27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160200Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/main@{#76815}
-
- 09 Sep, 2021 1 commit
-
-
Georg Neis authored
It could happen that the information about the feedback vector cached in a JSFunctionData disagreed with the current value of the function's feedback cell. The inlining code wasn't prepared for that and a CHECK could fail. The CL fixes this by removing the caching of has_feedback_vector and feedback_vector and by getting hold of the bytecode array before fetching the feedback vector in inlining. Bug: v8:12172, v8:7790 Change-Id: Ife3ab8872085d9496e6d1f34514114a086f653ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3148010 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#76751}
-
- 01 Sep, 2021 1 commit
-
-
Jakob Gruber authored
JSFunctionData has a fairly heavy serialized payload, and likewise consistency validation validates many fields and thus has many opportunities to fail. We therefore want to avoid or reduce validation whenever possible. This CL adds tracking s.t. we know which fields were actually used, and we limit validation to used fields. Drive-by: Make serialized_ debug-only. Drive-by: Don't create deps for context/native_context/shared. Bug: v8:7790 Change-Id: Ic32c9919f0c75a76d9c36e4396b6bce383151b62 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132962 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/main@{#76614}
-
- 05 Aug, 2021 1 commit
-
-
Jakob Gruber authored
Bug: v8:7790 Change-Id: Ia5903364a774bd49db1a646b3066b9972deac725 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074465 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76119}
-
- 03 Aug, 2021 1 commit
-
-
Jakob Gruber authored
Based on a CL by mvstanton@. Bug: v8:7790,v8:12030,v8:12031,v8:12041 Change-Id: I58b75bd96c724a99133bec7d3bd6cf4e0c9be6d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059683Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#76055}
-
- 19 Jul, 2021 1 commit
-
-
Jakob Gruber authored
This wraps up the transition away from kSerialized ref kinds. Since JSFunctionRef is a complex type, we don't attempt full consistency on the background thread. Instead, we serialize functions on the background in a partially-racy manner, in which consistency between different JSFunction fields is *not* guaranteed. Consistency is later verified through a new compilation dependency kind during finalization. Bug: v8:7790, v8:12004 Change-Id: Ic2b78af9c9fe183c8769d323132bb304b151dc75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968404 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#75789}
-
- 24 Jun, 2021 1 commit
-
-
Ross McIlroy authored
Adds support for Turboprop, limiting the amount of bytecode that can be inlined into a function compared with TurboFan using a scaling factor, currently set to 1/4. To enable inlining, we make sure to only emit the tierup check for the main (non-inlined) function and skip it for any inlined functions. BUG=v8:9684 Change-Id: I1399e2b275f797a5d3fd49c89f23296f75439eee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982337Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#75352}
-
- 05 May, 2021 2 commits
-
-
Jakob Gruber authored
This is part of a CL series that establishes MakeRef/TryMakeRef as the bottleneck for Ref construction. We do this by converting direct constructor uses to (Try)MakeRef calls, and then marking the ctor as protected. Bug: v8:7790 Change-Id: I26faa6bc1934662c81ae127dee64bddffa428de9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874165Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74371}
-
Jakob Gruber authored
This is part of a CL series that establishes MakeRef/TryMakeRef as the bottleneck for Ref construction. We do this by converting direct constructor uses to (Try)MakeRef calls, and then marking the ctor as protected. Bug: v8:7790 Change-Id: I36c07f69378f3a630462c216ef5da284cfd3972f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871449 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74367}
-
- 19 Mar, 2021 1 commit
-
-
Jakob Gruber authored
When making inlining decisions in the JSInliningHeuristic, it's possible that a Node is not a candidate on the first visit, but becomes a candidate in later visits due to other node reductions. These later visits should also result in the inlining decision being made. Until now this was prevented by the visit aborting early since the Node was added to the seen_ list on the first (unsuccessful) visit. This CL changes the seen_ insertion to happen only once a positive inlining decision was made. Change-Id: Ide7f6abd3c1d9759d7422fcd5ad9c7daff825795 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764759 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#73533}
-
- 11 Mar, 2021 3 commits
-
-
Clemens Backes authored
This is a reland of 80f5dfda. A condition in pipeline.cc was inverted, which lead to a CSA verifier error. Original change's description: > [no-wasm] Exclude src/wasm from compilation > > This is the biggest chunk, including > - all of src/wasm, > - torque file for wasm objects, > - torque file for wasm builtins, > - wasm builtins, > - wasm runtime functions, > - int64 lowering, > - simd scala lowering, > - WasmGraphBuilder (TF graph construction for wasm), > - wasm frame types, > - wasm interrupts, > - the JSWasmCall opcode, > - wasm backing store allocation. > > Those components are all recursively entangled, so I found no way to > split this change up further. > > Some includes that were recursively included by wasm headers needed to > be added explicitly now. > > backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc > because it only tests wasm backing stores. This file is excluded from > no-wasm builds then. > > R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org > > Bug: v8:11238 > Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b > Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73344} TBR=jgruber@chromium.org Bug: v8:11238 Change-Id: I20bd2847a59c68738b5a336cd42582b7b1499585 Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Cq-Include-Trybots: luci.v8.try:v8_linux_verify_csa_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_verify_csa_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752867Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73348}
-
Clemens Backes authored
This reverts commit 80f5dfda. Reason for revert: Fails CSA verification: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20verify%20csa/21766/overview Original change's description: > [no-wasm] Exclude src/wasm from compilation > > This is the biggest chunk, including > - all of src/wasm, > - torque file for wasm objects, > - torque file for wasm builtins, > - wasm builtins, > - wasm runtime functions, > - int64 lowering, > - simd scala lowering, > - WasmGraphBuilder (TF graph construction for wasm), > - wasm frame types, > - wasm interrupts, > - the JSWasmCall opcode, > - wasm backing store allocation. > > Those components are all recursively entangled, so I found no way to > split this change up further. > > Some includes that were recursively included by wasm headers needed to > be added explicitly now. > > backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc > because it only tests wasm backing stores. This file is excluded from > no-wasm builds then. > > R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org > > Bug: v8:11238 > Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b > Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73344} Bug: v8:11238 Change-Id: I93672002c1faa36bb0bb5b4a9cc2032ee2ccd814 Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752866 Auto-Submit: Clemens Backes <clemensb@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#73346}
-
Clemens Backes authored
This is the biggest chunk, including - all of src/wasm, - torque file for wasm objects, - torque file for wasm builtins, - wasm builtins, - wasm runtime functions, - int64 lowering, - simd scala lowering, - WasmGraphBuilder (TF graph construction for wasm), - wasm frame types, - wasm interrupts, - the JSWasmCall opcode, - wasm backing store allocation. Those components are all recursively entangled, so I found no way to split this change up further. Some includes that were recursively included by wasm headers needed to be added explicitly now. backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc because it only tests wasm backing stores. This file is excluded from no-wasm builds then. R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org Bug: v8:11238 Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#73344}
-
- 04 Mar, 2021 1 commit
-
-
Clemens Backes authored
This removes many wasm-specific code paths from codegen, such that includes from src/wasm can be removed. After src/wasm is fully excluded from no-wasm builds, we can also clean up unused enum values, but for now they are still being referenced. R=mslekova@chromium.org Bug: v8:11238 Change-Id: I526ac931f023a57f70b5248befa2733ad10ce9ce Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732011 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#73189}
-
- 23 Feb, 2021 1 commit
-
-
Mike Stanton authored
When making inlining decisions, we are interested in CodeRef::inlined_bytecode_size(). Previously, we gated a check of this value on predicate JSFunctionRef::HasAttachedOptimizedCode(), but we removed this predicate because it only recorded a value seen at serialization time. Now, we look at attached CodeRefs "live," which means we might discover that the code is now optimized, where it wasn't at serialization time. This affects the inlining decision. This CL adds an additional check before returning a non-zero inlined_bytecode_size that the code object hasn't (already) been deoptimized. It's logical to do this, because the inlined_bytecode_size is actually a stale value at this point. Bug: chromium:1180749 Change-Id: I4d55132c5b47083413d3c6b1d934bfce6b550709 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712565 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72960}
-
- 19 Feb, 2021 1 commit
-
-
Mike Stanton authored
Code objects are exposed through JSFunction and SharedFunctionInfo. If they are builtins, we don't have to worry about background threads seeing partially initialized code objects. If they are optimized code objects, we may. Background threads read the code fields with AcquireLoad semantics. The fields are set on the main thread with ReleaseStore semantics when appropriate. Special care is taken when setting an optimized code object in a closure in the interpreter entry stub. Since the MacroAssembler doesn't support ReleaseStore semantics, this CL ensures that the optimized code object is stored with those semantics in the feedback vector, where the interpreter entry stub finds it. Bug: v8:7790 Change-Id: I41ecedfe0e9d1ad5091cbe9a97f66c66ca9e07dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676633 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72869}
-
- 05 Feb, 2021 1 commit
-
-
Paolo Severini authored
This is a reland of 6ada6a90 - Fixed a GC issue https://bugs.chromium.org/p/v8/issues/detail?id=11335: GC expected all arguments on the stack from code with CodeKind::TURBOFAN to be tagged objects. This is not the case now with inlined Wasm calls, and this information can be passed in SafepointEntry for each call site. - Disabled JS-to-Wasm inlining for calls inside try/catch. For more details, see updated doc: https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# Bug: v8:11092 Original change's description: > Reland "Faster JS-to-Wasm calls" > > This is a reland of 860fcb1b > > - Disabled the tests for this feature in V8-lite mode (the original > change broke V8-lite tests). > - Also modified test console-profile-wasm.js that was brittle with this > change because it assumed that there was always a JS-to-Wasm wrapper > but this is not the case when the TurboFan compilation completes before > the Liftoff-compiled code starts to run. > > More changes in Patchset 8: > > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, > into a new phase, wasm-inlining that reuses the JSInliner reducer. > The doc > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# > describes the new logic. > > - Fixed a couple of small issues in wasm_compiler.cc to make sure that > the graph "JSToWasm Wrapper" subgraph has a valid Control chain; > this should solve the problem we had inlining the calls in functions > that can throw exception. Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid > generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > Bug: v8:11092 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72541}
-
- 22 Jan, 2021 2 commits
-
-
Mike Stanton authored
The compiler is only interested in the contents if it contains a FeedbackVector. If one is discovered, it is serialized, and we ensure we'll either return it or nothing if the contents of the cell changed on the main thread. FeedbackCells can be reset if the bytecode for the associated function is flushed. We have guarantees only for functions we choose to inline that this doesn't happen (by holding a strong handle to the SharedFunctionInfo). Bug: v8:7790 Change-Id: I9ecff3f4aef39169d84501feae9e47f2d118054e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434324 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#72260}
-
Paolo Severini authored
This reverts commit 6ada6a90. Reason for revert: Revert for link issue: https://bugs.chromium.org/p/v8/issues/detail?id=11335 Original change's description: > Reland "Faster JS-to-Wasm calls" > > This is a reland of 860fcb1b > > - Disabled the tests for this feature in V8-lite mode (the original > change broke V8-lite tests) > - Also modified test console-profile-wasm.js that was brittle with this > change because it assumed that there was always a JS-to-Wasm wrapper > but this is not the case when the TurboFan compilation completes before > the Liftoff-compiled code starts to run. > > More changes in Patchset 8: > > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, > into a new phase, wasm-inlining that reuses the JSInliner reducer. > The doc > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# > describes the new logic. > > - Fixed a couple of small issues in wasm_compiler.cc to make sure that > the graph "JSToWasm Wrapper" subgraph has a valid Control chain; > this should solve the problem we had inlining the calls in functions > that can throw exception. > > > Original change's description: > > Faster JS-to-Wasm calls > > > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > > the basis of the signature of a Wasm function to call, and whose task > > is to: > > - set "thread_in_wasm_flag" to true > > - convert the arguments from tagged types into Wasm native types > > - calculate the address of the Wasm function to call and call it > > - convert back the result from Wasm native types into tagged types > > - reset "thread_in_wasm_flag" to false. > > > > This CL tries to improve the performance of JS-to-Wasm calls by > > inlining the code of the JS-to-Wasm wrappers in the call site. > > > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > > this kind of calls. A 'JSWasmCall' node is associated to > > WasmCallParameters, which contain information about the signature of > > the Wasm function to call. > > > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > > of the Wasm function, when the conversion is not necessary. > > The actual inlining of the graph generated for this wrapper happens in > > the simplified-lowering phase. > > > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > > lazy deoptimizations that can happen if the Wasm function callee calls > > back some JS code that invalidates the compiled JS caller function. > > > > Bug: v8:11092 > > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Maya Lekova <mslekova@chromium.org> > > Reviewed-by: Andreas Haas <ahaas@chromium.org> > > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > > Cr-Commit-Position: refs/heads/master@{#71824} > > Bug: v8:11092 > Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng > Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#72147} Tbr: ahaas@chromium.org, jgruber@chromium.org Bug: v8:11092, v8:11335 Change-Id: Iab2908928dfe7ea353f70cb5d3bf2de4d3074db6 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644758 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72253}
-
- 20 Jan, 2021 1 commit
-
-
Jakob Gruber authored
Move index constants into the wrapper, add getters, and use the wrapper in more spots. Bug: v8:1166136 Change-Id: I3f37a541482fd6b7c604719c759952a72d58bad2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637218 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#72198}
-
- 19 Jan, 2021 1 commit
-
-
Paolo Severini authored
This is a reland of 860fcb1b - Disabled the tests for this feature in V8-lite mode (the original change broke V8-lite tests) - Also modified test console-profile-wasm.js that was brittle with this change because it assumed that there was always a JS-to-Wasm wrapper but this is not the case when the TurboFan compilation completes before the Liftoff-compiled code starts to run. More changes in Patchset 8: - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, into a new phase, wasm-inlining that reuses the JSInliner reducer. The doc https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# describes the new logic. - Fixed a couple of small issues in wasm_compiler.cc to make sure that the graph "JSToWasm Wrapper" subgraph has a valid Control chain; this should solve the problem we had inlining the calls in functions that can throw exception. Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > > Bug: v8:11092 > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#71824} Bug: v8:11092 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#72147}
-
- 18 Jan, 2021 1 commit
-
-
Ross McIlroy authored
The feedback_vector/cell and code fields of a JSFunctionRef are only used when generating code for the function (e.g., for the function being optimized or inlined functions). This CL explicitly serializes these fields only when the function will be used for codegen, otherwise avoiding their serialization. BUG=v8:7790,v8:9684 Change-Id: If76bc0b77e51aa10517699e0a9198358fe77f009 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2617083Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#72129}
-
- 03 Dec, 2020 1 commit
-
-
Leszek Swirski authored
TurboFan creates DisallowHeapAccess scopes, to prevent heap access in the concurrent parts of the compiler. Then, for parts of the compiler that do want to access the heap, it either creates Allow* scopes (which should be avoided since they "punch a hole" in the Disallow* scopes), or relies on a weakening of Handle::IsDereferenceAllowed which allows handles owned by a LocalHeap to be dereferenced even if there is a DisallowHeapDereference scope. This patch: a) Strengthens the implicit requirements around handle dereferencing to require a running heap on this thread (either main-thread heap or an un-parked, un-safepointed LocalHeap). b) Removes the overly strict Disallow scopes in TurboFan, relying instead on implicit requirements for allocation/handle dereferencing in off-thread code. c) Cleans up the "should_disallow_heap_access" predicate to be more explicit about what should be disallowed (e.g. property accesses can't be computed concurrently) Change-Id: Icb56b7764913ac17e2db197a70bb189af88a6978 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554617 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#71600}
-
- 28 Oct, 2020 1 commit
-
-
Shu-yu Guo authored
Change-Id: I4ab54dac771bb551c2435a98f9e53194a6f27853 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2495494 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70851}
-
- 14 Sep, 2020 1 commit
-
-
Georg Neis authored
JSInliningHeuristic::Finalize did not take into account that by the time it gets called some of the candidate nodes may have changed to non-call operators. Bug: chromium:1127319 Change-Id: I180ed36de98455be6b55790ba7bdb4391ff5fd5c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409273Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69874}
-
- 11 Aug, 2020 1 commit
-
-
Jakob Gruber authored
Updated: IsOptimized -> HasAttachedOptimizedCode HasOptimizedCode -> HasAvailableOptimizedCode IsInterpreted -> ActiveTierIsIgnition Bug: v8:8888 Change-Id: I96363622b67b53371a974f1c17cef387093f053c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346404 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69326}
-
- 07 Jul, 2020 1 commit
-
-
Jakob Gruber authored
HasProperty and InstanceOf now both have a feedback vector input, and collect feedback in generic lowering. CreateClosure loads the feedback cell (in nci mode) instead of embedding a heap constant. Bug: v8:8888 Change-Id: Id479cda344684aeb5054f687b087c4fedeac05d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282530Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68711}
-
- 06 Jul, 2020 2 commits
-
-
Jakob Gruber authored
Prior to this CL, the construct node layout was: {target, args..., new_target} The new layout is: {target, new_target, args..., feedback_vector} Having new_target at index 1 brings it closer to call node layout, which is now identical except that it has receiver at index 1. The new feedback vector input will be needed for NCI code. Affected node kinds are: - JSConstruct - JSConstructWithArrayLike - JSConstructWithSpread - JSConstructForwardVarargs (just the new_target position change) Bug: v8:8888 Change-Id: I4c68a0901d01e8862fd276c8a858799d5f4ff024 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2278475 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#68692}
-
Jakob Gruber authored
... in preparation for upcoming changes to 1. make construct node layout more consistent with call nodes by placing new_target (construct) in the same spot as receiver (call); and 2. adding the feedback vector input. Bug: v8:8888 Change-Id: I6cd7f50ed0b029de53af5cd82e7ecf4ba514ef65 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2275963 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#68689}
-
- 12 May, 2020 1 commit
-
-
Pan, Tao authored
Add inlined bytecode size to candidate print, both bytecode size and inlined bytecode size decide whether candidate to be inlined. Change-Id: I6d659bb59819b0e9daad5289f47f329aa3ce9f7e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191631Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#67730}
-
- 20 Apr, 2020 1 commit
-
-
Georg Neis authored
is not enough This CL records the inlined bytecode size in code objects and take it into consideration when calculating inline candidate's size. It can improve Speedometer2 by ~1% and JetStream2 by ~3% on 9900K platform. Contributted by tao.pan@intel.com Change-Id: Icf31ca52ed5013d62a9c8d5dd550944ef3a4fbda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089021Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#67237}
-
- 29 Feb, 2020 1 commit
-
-
Mike Stanton authored
We can make better inlining decisions in TurboFan if the CallIC will provide the feedback that it's seen multiple closures that share the same SharedFunctionInfo. This is not difficult to do, and it fixes some frustrating performance cliffs. Thanks to Bmeurer@chromium.org for the prototype CL, rebased from his project a year ago. Bug: v8:2206, v8:10100 Change-Id: I4248145ea67216f9a23efa175bbe90e7a9ee0ec4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054100 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66512}
-
- 22 Jan, 2020 1 commit
-
-
Georg Neis authored
... and consult it there from the various reducers. The flag makes no sense without the broker and the reducers already have access to the broker, so we can avoid an additional flag per reducer. Bug: v8:7790 Change-Id: I448050a55951b94d5313c1a79a502be906b98b25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013108 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#65918}
-
- 09 Jan, 2020 1 commit
-
-
Maya Lekova authored
Bug: v8:7790 Change-Id: Idf066adcd5c3dca3004e2eaa0d8fa389755720af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991490Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#65671}
-
- 27 Nov, 2019 1 commit
-
-
Georg Neis authored
This enum defined three modes of doing inlining: kGeneralInlining, kRestrictedInlining, kStressInlining. kStressInlining was unused. kRestrictedInlining meant that JSInliningHeuristic::Reduce would return NoChange, but only after wasting some time inspecting calls. This is now replaced by simply not installing JSInliningHeuristic as a reducer when inlining is disabled. Note: There is still a --stress-inline flag, which sets (through flag implications) a bunch of parameters that affect inlining. Change-Id: I05bafbe3f1f35610d7035a2c71c5ac17bdb80758 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936473 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65196}
-
- 31 Oct, 2019 1 commit
-
-
Maya Lekova authored
Implement the possibility to revisit the same function in the serializer using equality of its arguments. Bug: v8:7790 Change-Id: I609a6009bf503e378e50d0b32c6f1c13721d2557 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863198 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64683}
-
- 22 Oct, 2019 1 commit
-
-
Georg Neis authored
Instead of logging when SFI inlineability is computed, log when that result is actually used. Moreover, log something in some cases where we logged nothing so far (e.g. when we can't inline due to missing feedback vector). Change-Id: Id93119f4ead17aa9e721eb4fcc20774c54178665 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873693Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64466}
-
- 18 Oct, 2019 1 commit
-
-
Georg Neis authored
In inlining heuristics, we used to warn about a missing bytecode array when the actual reason for not inlining the function might have been a different one (and was printed earlier already). Bug: v8:7790 Change-Id: I3a44fd793d9b1edc80cd215a8110aa47eee731d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863934Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64378}
-
- 26 Sep, 2019 2 commits
-
-
Georg Neis authored
Make it clearer when the broker is missing information about a potential inlinee. Bug: v8:7790 Change-Id: I73d6066e75049e15a3fd821ac685476812482142 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825241 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#64007}
-
Georg Neis authored
Change-Id: I94c29febf3f89d8b907dd879413d4a113ca1d0df Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826723Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63997}
-