Skip to content

V
V8
Switch branch/tag
  1. 08 Apr, 2022 26 commits
  3. 07 Apr, 2022 14 commits
    • Manos Koukoutos's avatar
      [wasm] Do not fall back to Turbofan if --liftoff-only · d1655841
      Manos Koukoutos authored 
      If --liftoff-only is on, we should not execute Turbofan compilation, no
matter what the result of Liftoff compilation was. Right now, decoding
errors are considered bailouts, which make us fall back to Turbofan and
trigger a DCHECK.

Change-Id: Ic12591da256d92fb79578603d4778a3d2aa460ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574555Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79865}
      d1655841
    • Milad Fa's avatar
      S390[simd]: avoid using r0 as scratch during vector load/store · 4dc894b9
      Milad Fa authored 
      Passing `ip/r1` as scratch to LoadV128 anf StoreV128.

Change-Id: Ie86d3bd241065de985f98025e7bb60aba4cd42d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576132Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79864}
      4dc894b9
    • Dominik Inführ's avatar
      [heap] Drop old-to-old slots at once after iteration · 72a11f20
      Dominik Inführ authored 
      Removing slots in the Iterate() method performs an atomic CAS operation
on a cell. This is not necessary, we can simply keep slots and drop
the whole SlotSet with all buckets after iteration.

Bug: v8:12760
Change-Id: I6aeb656d21e5fea6f7e15238d4105013c84ffb2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574558Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79863}
      72a11f20
    • Milad Fa's avatar
      PPC/s390: [wasm] Count direct calls · aacd4162
      Milad Fa authored 
      Port 9ca0bfef

Original Commit Message:

    This adds feedback collection to count the number of executions of
    call_direct instructions in Liftoff code. The purpose is better
    inlining decisions in Turbofan, which are enabled by having call
    count information for all kinds of calls.
    The new feature is gated on --wasm-speculative-inlining. While
    direct calls don't need to speculate about their target, the whole
    feedback collection infrastructure depends on that flag.

R=jkummerow@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Id94a8a00e00877213b017d1ccf06ae0ea988539b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576126Reviewed-by: 's avatarJoran Siu <joransiu@ca.ibm.com>
Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79862}
      aacd4162
    • Jakob Kummerow's avatar
      [wasm] Tune inlining heuristics · 2fbb686e
      Jakob Kummerow authored 
      The key idea is that we can now use call count feedback into
account consistently for all kinds of calls that support inlining.

Bug: v8:12166
Change-Id: I764b8686b6c825a9b24f0032e81f7d1217ef1371
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574554Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarManos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79861}
      2fbb686e
    • Bryant Chandler's avatar
      Revert "[fuchsia] Use SDK provided gn templates for d8" · e6e4da2f
      Bryant Chandler authored 
      This reverts commit 3111db91.

Reason for revert: This has runtime failures because including
cmx fragments isn't working ocrrectly. Still investigating why
this wasn't discovered by CQ.

Original change's description:
> [fuchsia] Use SDK provided gn templates for d8
>
> cr_fuchsia_package is deprecated in favor of using the Fuchsia
> SDK provided rules directly.
>
> This CL adds a cmx file specifically for v8_unittests. CMX
> files define fuchsia components, see
> https://chromium-review.googlesource.com/c/chromium/src/+/3529652
> for more info.
>
> Bug: chromium:1092804
> Change-Id: Ibf1d866ec6b94a0e1a7a7c7c443a6ee80e3b1042
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3537885
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Wez <wez@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Bryant Chandler <bryantchandler@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79760}

Bug: chromium:1092804
Change-Id: Ib9a4d4f8e04c6cd7f3bd289e7c956b6115a77a25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3572004
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: 's avatarWez <wez@chromium.org>
Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Commit-Queue: Bryant Chandler <bryantchandler@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79860}
      e6e4da2f
    • Camillo Bruni's avatar
      [d8] Harden Shell::ReadFile · 16e464fb
      Camillo Bruni authored 
      - Always return a MaybeLocal<String>
- Don't crash on long filenames

Bug: chromium:1311923
Change-Id: I96e10337ceb32aeafafe0b73c78651a1ac38fb9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576122Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79859}
      16e464fb
    • henrika's avatar
      [logging][profiling] Log BytecodeHandler code in JIT loggers · ec778f9a
      henrika authored 
      Local tests on Windows using the --enable-system-instrumentation flag
in combination with ETW have shown that parts of the JS stack miss
symbols and most of these missing parts comes from
code-creation,Bytecodehandler events.

The CL fixes this issue.

Bug: v8:11043
Change-Id: I77b150742e689a4002dbc5937d6daa08a0795ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574545Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Commit-Queue: Henrik Andreasson <henrika@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79858}
      ec778f9a
    • Jakob Gruber's avatar
      [osr] Enable concurrent OSR · 6879c515
      Jakob Gruber authored 
      Fixed: v8:12161
Change-Id: Ie6e83dd4f261fff2d1fa8613116e83ef6b61561f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576116
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79857}
      6879c515
    • Nico Hartmann's avatar
      [torque] Generate asserts for C++ object definitions · 0c922d87
      Nico Hartmann authored 
      This CL adds the requirements to port object definitions back to C++.
A @cppObjectDefinition is introduced to annotate classes for which
Torque shall merely generate asserts to check that offsets match between
Torque and C++.

As a first object, this CL ports Oddball back to C++.

Bug: v8:12710
Change-Id: I1304d8980f6318ffccbc2ef7284cb9d46ff579e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3523046Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79856}
      0c922d87
    • Leszek Swirski's avatar
      Revert "[osr] Add an install-by-offset mechanism" · bb5cc0d5
      Leszek Swirski authored 
      This reverts commit 51b99213.

Reason for revert: Speculative revert for MSAN failure  https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/43080/overview

Original change's description:
> [osr] Add an install-by-offset mechanism
>
> .. for concurrent OSR. There, the challenge is to hit the correct
> JumpLoop bytecode once compilation completes, since execution has
> moved on in the meantime.
>
> This CL adds a new mechanism to request installation at a specific
> bytecode offset. We add a new `osr_install_target` field to the
> BytecodeArray:
>
>   bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
>     osr_urgency: uint32: 3 bit;
>     osr_install_target: uint32: 13 bit;
>   }
>
>   // [...]
>   osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
>   bytecode_age: uint16;  // Only 3 bits used.
>   // [...]
>
> Note urgency and install target are packed into one 16 bit field,
> we can thus merge both checks into one comparison within JumpLoop.
> Note also that these fields are adjacent to the bytecode age; we
> still reset both OSR state and age with a single (now 32-bit)
> store.
>
> The install target is the lowest 13 bits of the bytecode offset.
> When set, every reached JumpLoop will check `is this my offset?`,
> and if yes, jump into runtime to tier up.
>
> Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.
>
> Bug: v8:12161
> Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79853}

Bug: v8:12161
Change-Id: I0c47499544465c80b5b23a492c00ec1c62815caa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576121
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79855}
      bb5cc0d5
    • Clemens Backes's avatar
      [codegen][x64] Improve code for float to int64 · 08e514a8
      Clemens Backes authored 
      This improves the code generated for float to int64 conversions on x64.
Instead of explicitly checking the input for specific values and
executing conditional jumps, just convert the integer back to a float
and check if this results in the rounded input. The "success value" is
then materialized via vmov + and instead of via branches.

old:
   7  c4e1fb2cd9           vcvttsd2siq rbx,xmm1
   c  ba01000000           movl rdx,0x1
  11  49ba000000000000e0c3 REX.W movq r10,0xc3e0000000000000
  1b  c441f96efa           vmovq xmm15,r10
  20  c5792ef9             vucomisd xmm15,xmm1
  24  7a08                 jpe 0x3599421714ee  <+0x2e>
  26  7408                 jz 0x3599421714f0  <+0x30>
  28  4883fb01             REX.W cmpq rbx,0x1
  2c  7102                 jno 0x3599421714f0  <+0x30>
  2e  33d2                 xorl rdx,rdx

new:
   7  c463010bf90b         vroundsd xmm15,xmm15,xmm1,0xb
   d  c4e1fb2cd9           vcvttsd2siq rbx,xmm1
  12  c4e1832ac3           vcvtqsi2sd xmm0,xmm15,rbx
  17  c4c17bc2c700         vcmpss xmm0,xmm0,xmm15, (eq)
  1d  c4e1f97ec2           vmovq rdx,xmm0
  22  83e201               andl rdx,0x1

A follow-up step would be to replace the explicitly materialized success
value by a direct jump to the code handling the error case, but that
requires more rewrite in TurboFan.

R=tebbi@chromium.org

Bug: v8:10005
Change-Id: Iaedc3f395fb3a8c11c936faa8c6e55c2dfe86cd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560434Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79854}
      08e514a8
    • Jakob Gruber's avatar
      [osr] Add an install-by-offset mechanism · 51b99213
      Jakob Gruber authored 
      .. for concurrent OSR. There, the challenge is to hit the correct
JumpLoop bytecode once compilation completes, since execution has
moved on in the meantime.

This CL adds a new mechanism to request installation at a specific
bytecode offset. We add a new `osr_install_target` field to the
BytecodeArray:

  bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
    osr_urgency: uint32: 3 bit;
    osr_install_target: uint32: 13 bit;
  }

  // [...]
  osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
  bytecode_age: uint16;  // Only 3 bits used.
  // [...]

Note urgency and install target are packed into one 16 bit field,
we can thus merge both checks into one comparison within JumpLoop.
Note also that these fields are adjacent to the bytecode age; we
still reset both OSR state and age with a single (now 32-bit)
store.

The install target is the lowest 13 bits of the bytecode offset.
When set, every reached JumpLoop will check `is this my offset?`,
and if yes, jump into runtime to tier up.

Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.

Bug: v8:12161
Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79853}
      51b99213
    • Benedikt Meurer's avatar
      [inspector] De-flake inspector/debugger/get-possible-breakpoints.js. · a90f1748
      Benedikt Meurer authored 
      Since the inspector does not longer hold on strongly to Script objects
after they were collected by V8, this test was relying on the GC to not
collect the scripts too eagerly in case where nothing else holds on to
the script. So explicitly adding a global object property assignment
here in those cases to ensure that the Script is kept alive.

Fixed: chromium:1314212, v8:12699
Bug: chromium:1246884, chromium:1295659
Change-Id: Ia16fcf841aeb29bf131fc6fa066f120d342f94b2
Doc: https://bit.ly/v8-inspector-script-caching
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576117
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79852}
      a90f1748