Skip to content

V
V8
Switch branch/tag
  1. 07 Sep, 2022 1 commit
  3. 05 Sep, 2022 1 commit
  5. 30 Aug, 2022 2 commits
    • Milad Fa's avatar
      PPC/s390: [sparkplug] Allow sparkplug->ignition deopt in func entry · 67c0ad3b
      Milad Fa authored 
      Port af62c4f0

Original Commit Message:

    Adapted from https://crrev.com/c/3862264.

    Add a new teardown trampoline for the case where a Sparkplug function is
    deoptimized during its function entry stack check. In these cases, the
    stack is in an incomplete setup state, so instead of forwarding to
    interpreter re-entry, we undo the partial stack setup and forward to
    the standard interpreter entry.

R=szuend@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I6e3b906938dc9a297b602290e762426e56fb8d9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864189Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82828}
      67c0ad3b
    • Milad Fa's avatar
      PPC/s390: [maglev] Implement Maglev-to-Turbofan OSR · 1e3e6969
      Milad Fa authored 
      Port ed90ea5c

Original Commit Message:

    This implementation sticks closely to what Ignition-to-Turbofan (and now
    Sparkplug-to-TF) does. OSR is detected in the TieringManager by having
    optimized code available, without having entered it. The osr_urgency is
    increased to enable OSR for increasing loop depths. When a candidate
    JumpLoop backedge is reached, we call into runtime to trigger OSR
    compilation.

    JumpLoop also detects the availability of cached OSR'd code. When a
    matching OSR code object is available, Maglev 1) deoptimizes s.t. the
    unoptimized frame layout is reconstructed, and 2) delegates the actual
    OSR tierup to the unoptimized tier. For purposes of 1), we add a new
    DeoptimizeReason that causes a one-time eager deopt without invalidating
    any code.

    into a generic spot that both SP and ML can use.

R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I2de3ef530b9d1aac97e499fee75716a958cd9d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863277
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82827}
      1e3e6969
  7. 29 Aug, 2022 1 commit
    • Milad Fa's avatar
      PPC/s390: [builtins][masm] Move hot flags to the beginning of IsolateData · 99ca63fd
      Milad Fa authored 
      Port 8a56da44

Original Commit Message:

    ... so that the offset fits into the maximum offset for load byte
    instruction for arm/arm64 (Ldrb) in order to produce smaller code.

    Update code generation so that the loading of the flag value is
    combined with the comparison operation where possible.

    Additionally, this CL moves the Isolate::is_profiling flag to the
    IsolateData so that it can be loaded directly via roots register which
    removes one indirection.

    The fields moved in the IsolateData:
     - is_marking_flag and is_minor_marking_flag (checked by write barriers)
     - is_profiling (checked on API callbacks/getter calls)
     - stack_is_iterable (not super hot, checked during deoptimization).

    the field size expectations clear.

R=ishell@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ibafb23e9a035caffe6921a304a3d318b54732167
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862227Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82790}
      99ca63fd
  9. 26 Aug, 2022 2 commits
  11. 22 Aug, 2022 1 commit
    • ishell@chromium.org's avatar
      [runtime] Merge redirected and non-redirected callback fields · 134ca75c
      ishell@chromium.org authored 
      Namely:
 - AccessorInfo::getter and AccessorInfo::js_getter,
 - CallHandlerInfo::callback and CallHandlerInfo::js_callback.

The redirected/non-redirected callback distinction is required only
for simulated builds but we wasted memory also for all native builds.

Now we store these fields in "redirected" form which allows us to call
them directly from builtins or generated code. In case it's necessary
to call a callback from C++ code the C function address is read from
the redirection. This additional indirection makes the callback calls
from C++ code in simulated builds slower but saves memory for native
builds.

This CL should recover a part of memory regression caused by inlining
Foreign fields into AccessorInfo and CallHandlerInfo.

Bug: v8:12949, chromium:1336105, chromium:1335930
Change-Id: I38470ed21ee23b281247c11a9531542c7e4acca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835686Reviewed-by: 's avatarJakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82631}
      134ca75c
  13. 10 Aug, 2022 1 commit
  15. 08 Aug, 2022 1 commit
    • ishell@chromium.org's avatar
      [ext-code-space] Add InterpreterEntryTrampolineForProfiling builtin · 1067c6ac
      ishell@chromium.org authored 
      ... - a code range size agnostic version of InterpreterEntryTrampoline
builtin. The new builtin is fully compatible with the default version
and used as a template for creating interpreter entry trampoline
Code objects when --interpreted-frames-native-stack is enabled.

This CL introduces a new assembler option "position_independent_code"
which affects the way builtin calls are generated.
This mode is enabled only for InterpreterEntryTrampolineForProfiling.

Motivation:

* InterpreterEntryTrampoline uses RelocInfo::CODE_TARGET for calling
  other builtins which requires the code range to be small enough to
  allow PC-relative jumps/calls between Code objects. This is the
  reason why --interpreted-frames-native-stack was not supported on
  arm and might not work on arm64 because the code range is bigger
  than the max PC-relative distance for call/jump instructions.
  The new builtin calls other builtins via builtins entry table which
  makes the code fully relocatable and usable for any code range size.

* RelocInfo::CODE_TARGET requires a target code to be materialized
  as a Code object which contradicts the Code-less builtins goal.

* The --interpreted-frames-native-stack is rarely used in the wild but
  we have to pay the price of deserializing InterpreterEntryTrampoline
  builtin as a Code object which consumes address space in the code
  range and thus limits the number of V8 isolates that can be created
  because of code range exhaustion. Now the pointer compression cage
  becomes the limiting factor instead of the code range.

* We can remove complicated logic of Factory::CopyCode() and respective
  support on GC side.

Bug: v8:11880, v8:8713, v8:12592
Change-Id: Ib72e28c03496c43db42f6fe46622def12e102f31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811287Reviewed-by: 's avatarJakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82263}
      1067c6ac
  17. 02 Aug, 2022 1 commit
  19. 18 Jul, 2022 1 commit
  21. 29 Jun, 2022 1 commit
  23. 23 Jun, 2022 1 commit
  25. 20 Jun, 2022 1 commit
  27. 07 Jun, 2022 1 commit
  29. 25 May, 2022 2 commits
    • Milad Fa's avatar
      S390: use r1 as scratch register · 9a570284
      Milad Fa authored 
      ip holds the jump table slot.

Change-Id: Ia56bf62835155d58ef10e57d761088d0b9a9710d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3668285Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80753}
      9a570284
    • Milad Fa's avatar
      PPC/s390: [wasm] Fix return value of lazy compile runtime function · 68ae81bf
      Milad Fa authored 
      Port 22a16bda

Original Commit Message:

    The Runtime_WasmCompileLazy function was returning a ptr-sized address,
    wrapped in an Object. This worked because no GC is triggered between the
    return from the runtime function and the point where we jump to the
    returned address.

    In a pointer-compressed world though, generated code assumes that all
    objects live in the same 4GB heap, so comparisons only compare the lower
    32 bit. On a 64-bit system, this can lead to collisions where a
    comparison determines that the returned address equals a heap object,
    even though the upper 32-bit differ.

    This happens occasionally in the wild, where the returned function entry
    pointer has the same lower half than the exception sentinel value. This
    leads to triggering stack unwinding (by the CEntry stub), which then
    fails (with a CHECK) because there is no pending exception.

    This CL fixes that by returning a Smi instead which is the offset in the
    jump table where the kWasmCompileLazy builtin should jump to. The
    builtin then gets the jump table start address from the instance object,
    adds the offset that the runtime function returned, and performs the
    jump.

    We do not include a regression test because this failure is very
    spurious and hard to reproduce.

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I92907b97a9d44d8cf42bb356ef350a22f7c5d5e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3666249
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80752}
      68ae81bf
  31. 16 May, 2022 1 commit
  33. 13 May, 2022 1 commit
  35. 09 May, 2022 1 commit
    • Milad Fa's avatar
      PPC/s390: [osr] Extend OSR tracing · 0e05d1b7
      Milad Fa authored 
      Port 3e43010a

Original Commit Message:

    New trace events:

    - finished OSR compilation.
    - entry into OSR code.

    Since the latter now happens without a trip into runtime, tracing is a
    bit more involved - we need to check FLAG_trace_osr in generated code,
    and call a runtime function if it is set.

R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I2f09eb755dd5986d94f736280ad38574129085e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635717Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80431}
      0e05d1b7
  37. 02 May, 2022 2 commits
  39. 28 Apr, 2022 1 commit
    • Simon Zünd's avatar
      [builtins] Add 'RestartFrameTrampoline' · b0118171
      Simon Zünd authored 
      Doc: https://bit.ly/revive-restart-frame
Context: https://crrev.com/c/3582395 (jumbo CL with the whole feature)

This CL adds a new builtin called "RestartFrameTrampoline". This
trampoline is relatively simple: It leaves the current frame and
re-invokes the function. This essentially restarts the function and
is one of the key components required to bring back the "Restart
frame" DevTools debugging feature.

The builtin is closely related to the "FrameDropperTrampoline"
removed in the CL https://crrev.com/c/2854750. The key difference
is that the "FrameDropperTrampoline" dropped to an "arbitrary"
frame pointer before restarting the function (arbitrary in the
sense that it was provided as an argument). This caused issues
as the feature was implemented in a way that the frame pointer
wasn't necessarily valid anymore.

In comparison, the "RestartFrameTrampoline" relies on the V8
unwinder to drop it in the correct frame first and is then
invoked via either the CEntry stub or the deoptimizer
(see design doc for details).

Bug: chromium:1303521
Change-Id: I7bd46620808f8694c2c776b8bcd267e525d5b581
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585944
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80254}
      b0118171
  41. 27 Apr, 2022 1 commit
  43. 26 Apr, 2022 1 commit
  45. 21 Apr, 2022 1 commit
  47. 14 Apr, 2022 1 commit
  49. 11 Apr, 2022 1 commit
  51. 07 Apr, 2022 1 commit
  53. 04 Apr, 2022 2 commits
  55. 30 Mar, 2022 1 commit
    • Jakob Gruber's avatar
      Refactor OptimizationMarker and ConcurrencyMode enums · 57d985a5
      Jakob Gruber authored 
      .. with readability and simplicity in mind.

- Rename OptimizationMarker to the (shorter) TieringState. 'Tiering'
  also matches 'TieringManager' terminology.
- Rename the values:
  kNone -> kNone
  kInOptimizationQueue -> kInProgress
  kCompileFoo_NotConcurrent -> kRequestFoo_Synchronous
  kCompileFoo_Concurrent -> kRequestFoo_Concurrent
- Likewise rename ConcurrencyMode::kNotConcurrent to kSynchronous.
- Add predicates to test enum values.
- Consistent lower case names for accessors on JSFunction and
  FeedbackVector.
- Instead of having to call HasOptimizationMarker() before using any
  other accessor, simply have optimization_marker() return kNone if
  no feedback vector exists.
- Drive-by: Enable the Unreachable() in MaybeOptimizeCode()
  unconditionally - this should never happen, there's no reason not
  to protect against this in release builds as well.

Bug: v8:12161
Change-Id: I67c03e2b7bd0a6b86d0c64f504ad8cb47e9e26ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555774Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79669}
      57d985a5
  57. 29 Mar, 2022 1 commit
  59. 21 Mar, 2022 1 commit
    • Milad Fa's avatar
      PPC/s390: Remove dynamic map checks and custom deoptimization kinds · f52f9341
      Milad Fa authored 
      Port b2978927

Original Commit Message:

    This CL removes:

    - Dynamic map checks aka minimorphic property loads (TF support,
      builtins).
    - "Bailout" deopts (= drop to the interpreter once, but don't
      throw out optimized code).
    - "EagerWithResume" deopts (= part of dynamic map check
      functionality, we call a builtin for the deopt check and deopt
      or resume based on the result).

R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I64476f73810774c2c592231d82c4a2cbfa2bf94e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3537881Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79551}
      f52f9341
  61. 17 Mar, 2022 1 commit
  63. 15 Mar, 2022 1 commit
    • Milad Fa's avatar
      PPC/s390: [codegen] Change RegList into a class · 46cd6c8b
      Milad Fa authored 
      Port 8a0d1b6f

Original Commit Message:

    Modernise the RegList interface to be a proper class, rather than a
    typedef to an integer, and add proper methods onto it rather than ad-hoc
    bit manipulation.

    In particular, this makes RegList typesafe, adding a DoubleRegList for
    DoubleRegisters.

    The Arm64 CPURegList isn't updated to use (or extend) the new RegList
    interface, because of its weird type-erasing semantics (it can store
    Registers and VRegisters). Maybe in the future we'll want to get rid of
    CPURegList entirely and use RegList/DoubleRegList directly.

R=leszeks@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I997156fe4f4f2ccc40b2631d5cb752efdc8a5ad2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3525084Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79484}
      46cd6c8b
  65. 14 Mar, 2022 1 commit
  67. 25 Feb, 2022 1 commit
  69. 17 Feb, 2022 1 commit