- 26 Jan, 2021 2 commits
-
-
Ng Zhi An authored
This is a reland of 5a0938e5 The fix is in instruction-selector-x64.cc, the OpParameter is a uint8_t, I typo-ed a int8_t. Drive-by fix to maro-assembler-x64.cc to use movaps instead of movapd. Original change's description: > [wasm-simd][x64] Prototype i32x4.widen_i8x16_{s,u} > > This prototypes i32x4.widen_i8x16_s and i32x4.widen_i8x16_u for x64. It > uses some masks and pshufb for the widening. These masks (3 for each > instruction) are stored as external references. > > Bug: v8:11297 > Change-Id: I6c8f55426bbb44b16ed552f393762c34c2524b55 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2617389 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72301} Bug: v8:11297 Change-Id: Ie1df32bd4ef3c71532cab6f82a515f619b6a2b67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2648967Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72330}
-
Zhi An Ng authored
This reverts commit 9c09c227. Reason for revert: gc stress failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/20563/overview Original change's description: > [wasm-simd] Merge all any_true to v128.any_true > > In https://github.com/WebAssembly/simd/pull/423, all any_true > instructions were removed, and replaced with a single v128.any_true. > > This patch removes all but v8x16.any_true, and renames it to > v128.any_true. > > Bug: v8:11331 > Change-Id: Ie394ec841a1a1c4030c4f589eac2cee8a6a2a1f9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639033 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72304} TBR=neis@chromium.org,gdeepti@chromium.org,neis@google.com,zhin@chromium.org Change-Id: I52dbf8de679059dd7b17908c1fe3ada0eb54ff84 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11331 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649240Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72305}
-
- 25 Jan, 2021 4 commits
-
-
Ng Zhi An authored
In https://github.com/WebAssembly/simd/pull/423, all any_true instructions were removed, and replaced with a single v128.any_true. This patch removes all but v8x16.any_true, and renames it to v128.any_true. Bug: v8:11331 Change-Id: Ie394ec841a1a1c4030c4f589eac2cee8a6a2a1f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639033Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72304}
-
Zhi An Ng authored
This reverts commit 5a0938e5. Reason for revert: Broke build https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8857098178780038608/+/steps/Check/0/logs/RunWasm_I32x4WidenI8x16S_liftoff/0 Original change's description: > [wasm-simd][x64] Prototype i32x4.widen_i8x16_{s,u} > > This prototypes i32x4.widen_i8x16_s and i32x4.widen_i8x16_u for x64. It > uses some masks and pshufb for the widening. These masks (3 for each > instruction) are stored as external references. > > Bug: v8:11297 > Change-Id: I6c8f55426bbb44b16ed552f393762c34c2524b55 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2617389 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72301} TBR=neis@chromium.org,gdeepti@chromium.org,neis@google.com,ahaas@chromium.org,zhin@chromium.org Change-Id: I83aa2e86854e39ac6afd250fdc0dfac7cdd99e6d No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11297 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2648194Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72302}
-
Ng Zhi An authored
This prototypes i32x4.widen_i8x16_s and i32x4.widen_i8x16_u for x64. It uses some masks and pshufb for the widening. These masks (3 for each instruction) are stored as external references. Bug: v8:11297 Change-Id: I6c8f55426bbb44b16ed552f393762c34c2524b55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2617389 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#72301}
-
Ng Zhi An authored
Prototype these 6 instructions on x64: - f64x2.convert_low_i32x4_s - f64x2.convert_low_i32x4_u - i32x4.trunc_sat_f64x2_s_zero - i32x4.trunc_sat_f64x2_u_zero - f32x4.demote_f64x2_zero - f64x2.promote_low_f32x4 Some of these code sequences make use of special masks, we keep them in external references. Code sequence based on suggestions at: https://github.com/WebAssembly/simd/pull/383 Bug: v8:11265 Change-Id: Ied67d7b5b6beaaccac7c179ec13504482cb9c915 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643562Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72297}
-
- 22 Jan, 2021 2 commits
-
-
Victor Gomes authored
After removing the arguments adaptor frame, this should not be needed anymore. Removes ArgumentFrame from the following nodes: - ArgumentsLength - RestLength - NewArgumentsElements Also removes 'formal parameter count' as input of ArgumentsLength. Adapt the escape analysis to use the frame pointer directly instead of the ArgumentsFrame node. Change-Id: I0ead48a6ee05a10d05d6cfa2e46906ad69930986 Bug: v8:11306 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639765 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72264}
-
Paolo Severini authored
This reverts commit 6ada6a90. Reason for revert: Revert for link issue: https://bugs.chromium.org/p/v8/issues/detail?id=11335 Original change's description: > Reland "Faster JS-to-Wasm calls" > > This is a reland of 860fcb1b > > - Disabled the tests for this feature in V8-lite mode (the original > change broke V8-lite tests) > - Also modified test console-profile-wasm.js that was brittle with this > change because it assumed that there was always a JS-to-Wasm wrapper > but this is not the case when the TurboFan compilation completes before > the Liftoff-compiled code starts to run. > > More changes in Patchset 8: > > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, > into a new phase, wasm-inlining that reuses the JSInliner reducer. > The doc > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# > describes the new logic. > > - Fixed a couple of small issues in wasm_compiler.cc to make sure that > the graph "JSToWasm Wrapper" subgraph has a valid Control chain; > this should solve the problem we had inlining the calls in functions > that can throw exception. > > > Original change's description: > > Faster JS-to-Wasm calls > > > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > > the basis of the signature of a Wasm function to call, and whose task > > is to: > > - set "thread_in_wasm_flag" to true > > - convert the arguments from tagged types into Wasm native types > > - calculate the address of the Wasm function to call and call it > > - convert back the result from Wasm native types into tagged types > > - reset "thread_in_wasm_flag" to false. > > > > This CL tries to improve the performance of JS-to-Wasm calls by > > inlining the code of the JS-to-Wasm wrappers in the call site. > > > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > > this kind of calls. A 'JSWasmCall' node is associated to > > WasmCallParameters, which contain information about the signature of > > the Wasm function to call. > > > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > > of the Wasm function, when the conversion is not necessary. > > The actual inlining of the graph generated for this wrapper happens in > > the simplified-lowering phase. > > > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > > lazy deoptimizations that can happen if the Wasm function callee calls > > back some JS code that invalidates the compiled JS caller function. > > > > Bug: v8:11092 > > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Maya Lekova <mslekova@chromium.org> > > Reviewed-by: Andreas Haas <ahaas@chromium.org> > > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > > Cr-Commit-Position: refs/heads/master@{#71824} > > Bug: v8:11092 > Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng > Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#72147} Tbr: ahaas@chromium.org, jgruber@chromium.org Bug: v8:11092, v8:11335 Change-Id: Iab2908928dfe7ea353f70cb5d3bf2de4d3074db6 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644758 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72253}
-
- 19 Jan, 2021 1 commit
-
-
Paolo Severini authored
This is a reland of 860fcb1b - Disabled the tests for this feature in V8-lite mode (the original change broke V8-lite tests) - Also modified test console-profile-wasm.js that was brittle with this change because it assumed that there was always a JS-to-Wasm wrapper but this is not the case when the TurboFan compilation completes before the Liftoff-compiled code starts to run. More changes in Patchset 8: - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, into a new phase, wasm-inlining that reuses the JSInliner reducer. The doc https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# describes the new logic. - Fixed a couple of small issues in wasm_compiler.cc to make sure that the graph "JSToWasm Wrapper" subgraph has a valid Control chain; this should solve the problem we had inlining the calls in functions that can throw exception. Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > > Bug: v8:11092 > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#71824} Bug: v8:11092 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#72147}
-
- 17 Dec, 2020 2 commits
-
-
Nico Hartmann authored
This reverts commit 860fcb1b. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/13831/overview Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > > Bug: v8:11092 > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#71824} TBR=neis@chromium.org,ahaas@chromium.org,jgruber@chromium.org,tebbi@chromium.org,ishell@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org,paolosev@microsoft.com Change-Id: I214cbdee74c1a2aaad907ffc84662ed25631983e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11092 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595438Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71825}
-
Paolo Severini authored
This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. Currently JS-to-Wasm calls go through a wrapper/trampoline, built on the basis of the signature of a Wasm function to call, and whose task is to: - set "thread_in_wasm_flag" to true - convert the arguments from tagged types into Wasm native types - calculate the address of the Wasm function to call and call it - convert back the result from Wasm native types into tagged types - reset "thread_in_wasm_flag" to false. This CL tries to improve the performance of JS-to-Wasm calls by inlining the code of the JS-to-Wasm wrappers in the call site. It introduces a new IR operand, JSWasmCall, which replaces JSCall for this kind of calls. A 'JSWasmCall' node is associated to WasmCallParameters, which contain information about the signature of the Wasm function to call. WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments of the Wasm function, when the conversion is not necessary. The actual inlining of the graph generated for this wrapper happens in the simplified-lowering phase. A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage lazy deoptimizations that can happen if the Wasm function callee calls back some JS code that invalidates the compiled JS caller function. Bug: v8:11092 Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#71824}
-
- 02 Dec, 2020 2 commits
-
-
Ross McIlroy authored
Unifies various operators for dynamic map checks with the naming scheme of DynamicCheckMaps (to be similar to CheckMaps. BUG=v8:10582 Change-Id: I8ac842f55fe31cdc7b84968d077017a86ddf4442 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567952 Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71559}
-
Jakob Gruber authored
This reverts commit 3599cce1. Originally landed in https://chromium-review.googlesource.com/c/v8/v8/+/2531775 Work on NCI is suspended, remove unused complexity. We may want to share native-context-independent feedback in the future, but probably through other means. Bug: v8:8888 Change-Id: I23dfb67f6f01b4891af87bc42a9e62f99d0bf044 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567701Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71553}
-
- 01 Dec, 2020 1 commit
-
-
Ross McIlroy authored
In order to reduce the codegen size of dynamic map checks, add the ability to have an eager with resume deopt point, which can call a given builitin to perform a more detailed check than can be done in codegen, and then either deoptimizes itself (as if the calling code had performed an eager deopt) or resumes execution in the calling code after the check. In addition, support for adding extra arguments to a deoptimization continuation is added to enable us to pass the necessary arguments to the DynamicMapChecks builtin. Finally, a trampoline is added to the DynamicMapChecks which saves the registers that might be clobbered by that builtin, to avoid having to save them in the generated code. This trampoline also performs the deoptimization based on the result of the DynamicMapChecks builtin. In order to ensure both the trampoline and DynamicMapChecks builtin have the same call interface, and to limit the number of registers that need saving in the trampoline, the DynamicMapChecks builtin is moved to be a CSA builtin with a custom CallInterfaceDescriptor, that calls an exported Torque macro that implements the actual functionality. All told, this changes the codegen for a monomorphic dynamic map check from: movl rbx,<expected_map> cmpl [<object>-0x1],rbx jnz <deferred_call> resume_point: ... deferred_call: <spill registers> movl rax,<slot> movq rbx,<object> movq rcx,<handler> movq r10,<DynamicMapChecks> call r10 cmpq rax,0x0 jz <restore_regs> cmpq rax,0x1 jz <deopt_point_1> cmpq rax,0x2 jz <deopt_point_2> int3l restore_regs: <restore_regs> jmp <resume_point> ... deopt_point_1: call Deoptimization_Eager deopt_point_2: call Deoptimization_Bailout To: movl rax,<slot> movl rcx,<expected_map> movq rdx,<handler> cmpl [<object>-0x1],rcx jnz <deopt_point> resume_point: ... deopt_point: call DynamicMapChecksTrampoline jmp <resume_point> BUG=v8:10582 Change-Id: Ica4927b9acc963b9b73dc62d9379a7815335650f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560197 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71545}
-
- 24 Nov, 2020 1 commit
-
-
Zhi An Ng authored
Prototype 2 prefetch instructions (temporal and non-temporal) on arm64 and interpreter. Add prfm to assembler, and use MiscField to encode the two versions. Small tweak to simulator to handle these new instructions (no-op). The implementation in the interpreter just pops the memory index and does nothing. Simple test cases added for these 2 new instructions, as well as a prefetch with OOB index, which should not trap. Bug: v8:11168 Change-Id: Ieced8081615d07f950d6d4c1128d1bc6a75839fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2543167Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71353}
-
- 17 Nov, 2020 1 commit
-
-
Jakob Gruber authored
This CL enables a first batch of feedback-based optimizations in NCI code. Specifically, optimizations based on unary, binary, compare, for-in-next, and for-in-prepare feedback are now enabled. This has two main implications: 1. NCI code can now deopt. Deoptimized code is currently thrown away permanently and cannot be reused. Now that shared/cached NCI code can deopt, this leads to an interesting question of what should happen with deoptimized NCI code. The answer in this CL is to remove the cache entry (it may later be re-added). 2. Tiering up from NCI to TF still requires feedback; since NCI code, starting with this CL, no longer collects full feedback, feedback must be created in some other way. This is solved by sharing a context-independent encoding of feedback across native contexts. Feedback is shared through a new SerializedFeedback object type, essentially a byte array of serialized feedback. Currently, only smi-based feedback is shared, but map-based feedback will be added in the future. SerializedFeedback is kept in the NCI cache alongside NCI Code objects. It is created on NCI cache insertion, and deserialized upon NCI cache hits. Bug: v8:8888 Change-Id: Ic0d5fbea3aa4d3b0a165624dab9d0283b07dcee7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531775Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71224}
-
- 10 Nov, 2020 2 commits
-
-
Marja Hölttä authored
This is the second reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 , this time without RuntimeCallStats in the tests. Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: I782df6e032ff8191082b425e68d68b69cef0a560 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527092 Auto-Submit: Marja Hölttä <marja@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71077}
-
Zhi An Ng authored
Prototype i32x4.extadd_pairwise_i16x8_{s,u} and i16x8.extadd_pairwise_i8x16{s,u} (names not confirmed) on ARM64 and interpreter. With a simple test case. Bug: v8:11086 Change-Id: If1ffc04e179e86ca5cc209bf9ef9d337298e3cc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2513872Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71068}
-
- 09 Nov, 2020 2 commits
-
-
Shu-yu Guo authored
This reverts commit 30ca51ec. Reason for revert: TSAN failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34104 Original change's description: > [super] Optimize super property access in JSNativeContextSpecialization > > This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 > > Generalize the existing property lookup machinery > (JSNCS::ReduceNamedAccess) to handle the case where the > lookup_start_object and the receiver are different objects. > > Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l > > Bug: v8:9237 > Change-Id: Ia8e79b00f7720f4e3e90801e49a0106e03b4767d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523197 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71052} TBR=marja@chromium.org,neis@chromium.org Change-Id: I2b10963a9a99f7b482f1014472a6a281fcf9b8c1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9237 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527184Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#71058}
-
Marja Hölttä authored
This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: Ia8e79b00f7720f4e3e90801e49a0106e03b4767d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523197 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71052}
-
- 05 Nov, 2020 2 commits
-
-
Clemens Backes authored
This reverts commit 0147db5a. Reason for revert: Data races: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34056 Original change's description: > [super] Optimize super property access in JSNativeContextSpecialization > > Generalize the existing property lookup machinery > (JSNCS::ReduceNamedAccess) to handle the case where the > lookup_start_object and the receiver are different objects. > > Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l > > Bug: v8:9237 > Change-Id: I28b6d87ce6537acd8cf972bbe7dc6d63d581aadc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487122 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70988} TBR=marja@chromium.org,mvstanton@chromium.org,neis@chromium.org Change-Id: Ib5ddb919ae569fe5ddf266d986f1c8bc0fe9621a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9237 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520908Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70992}
-
Marja Hölttä authored
Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: I28b6d87ce6537acd8cf972bbe7dc6d63d581aadc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487122 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#70988}
-
- 28 Oct, 2020 1 commit
-
-
Zhi An Ng authored
Prototype i8x16, i16x8, i32x4, i64x2 sign select on x64 and interpreter. Bug: v8:10983 Change-Id: I7d6f39a2cb4c2aefe31daac782978fe8b363dd1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486235 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#70818}
-
- 19 Oct, 2020 1 commit
-
-
Ng Zhi An authored
Also known as multiply long, this multiplies the top or bottom half of the input operands, the result is twice as wide as the input. This implements arm64 and interpreter. Bug: v8:11008 Change-Id: Iad693007066dd1a9bc529b282e88812a081c3a01 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469156Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70624}
-
- 16 Oct, 2020 1 commit
-
-
Ng Zhi An authored
Store lane loads a value from memory and replaces a single lane of a simd value. This implements store lane for x64 and interpreter. Bug: v8:10975 Change-Id: Ida79a03e0fd2bc18f2c06687311936b3cb550ed5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473383Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70586}
-
- 15 Oct, 2020 1 commit
-
-
Ng Zhi An authored
Rename AddSaturate and SubSaturate to the shorter version, AddSat and SubSat, following the spec. Bug: v8:10946,v8:10933 Change-Id: Idf74b3a1eb2e2f6d4e37d2b8e5fa6d96ea090db4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436615Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70549}
-
- 14 Oct, 2020 1 commit
-
-
Jakob Gruber authored
This is a reland of 16cd5995 Changes since the original CL: generic lowering support for ForInPrepare and ForInNext. Original change's description: > [nci] Prepare JSForInPrepare and JSForInNext for feedback input > > These two operators are still missing feedback collection in generic > lowering (reminder: all operations that collect FB in the interpreter > must also collect FB in generic lowering). > > This CL prepares for that by adding the feedback vector as an input, > and additionally adds node wrappers to improve useability. > > The actual collection logic will be added in a following CL. > > Bug: v8:8888 > Change-Id: I04627eedb2dc237dc4e417091c44d2a95bd98f5f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454712 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70372} Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Bug: v8:8888 Change-Id: Idc294ffd2a24922edd08db6897d32d5724956995 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2459373 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70496}
-
- 12 Oct, 2020 4 commits
-
-
Ng Zhi An authored
This implements i8x16.popcnt on arm64 and interpreter. Bug: v8:11002 Change-Id: Ia94a053d7e0a0c800057ac80865ba6f86ac7caf8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461058Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70461}
-
Ng Zhi An authored
Implement on interpreter and x64. Bug: v8:10997 Change-Id: I3537ce54e1b56cc3b04d91cb07c430c35b88c3aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2459109 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70459}
-
Ng Zhi An authored
Load lane loads a value from memory and replaces a single lane of a simd value. This implements the load (no stores yet) for x64 and interpreter. Bug: v8:10975 Change-Id: I95d1b5e781ee9adaec23dda749e514f2485eda10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444578 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#70456}
-
Ng Zhi An authored
These instructions are not in the proposal, and will be unlikely to be requested (poor performance, insufficient use cases). As we get more instruction suggestions, these are sitting around on useful opcodes and we have to play musical chairs every time we prototype a new instruction. Bug: v8:10933 Change-Id: Ic7ce4e514c343d821f76b8c071e41f9bddfbd1ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2457669Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70455}
-
- 08 Oct, 2020 1 commit
-
-
Ng Zhi An authored
Prototype these 4 instructions: - i64x2.widen_low_i32x4_s - i64x2.widen_high_i32x4_s - i64x2.widen_low_i32x4_u - i64x2.widen_high_i32x4_u Bug: v8:10972 Change-Id: I3cc3bfdd6dfd0f0bab1dfef63399ed9fa68bd2d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2441369Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70395}
-
- 07 Oct, 2020 2 commits
-
-
Jakob Gruber authored
This reverts commit 16cd5995. Reason for revert: Can't be landed without also implementing generic lowering, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20fyi/18261. Original change's description: > [nci] Prepare JSForInPrepare and JSForInNext for feedback input > > These two operators are still missing feedback collection in generic > lowering (reminder: all operations that collect FB in the interpreter > must also collect FB in generic lowering). > > This CL prepares for that by adding the feedback vector as an input, > and additionally adds node wrappers to improve useability. > > The actual collection logic will be added in a following CL. > > Bug: v8:8888 > Change-Id: I04627eedb2dc237dc4e417091c44d2a95bd98f5f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454712 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70372} TBR=jgruber@chromium.org,leszeks@chromium.org,tebbi@chromium.org Change-Id: Ibff2bf44eb04bebd982b019b4539275db75c611a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8888 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454078Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70376}
-
Jakob Gruber authored
These two operators are still missing feedback collection in generic lowering (reminder: all operations that collect FB in the interpreter must also collect FB in generic lowering). This CL prepares for that by adding the feedback vector as an input, and additionally adds node wrappers to improve useability. The actual collection logic will be added in a following CL. Bug: v8:8888 Change-Id: I04627eedb2dc237dc4e417091c44d2a95bd98f5f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454712 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70372}
-
- 06 Oct, 2020 1 commit
-
-
Ng Zhi An authored
Only implemented and tested on arm64 and interpreter. Moved a helper function (Clamp, renamed to Saturate) into src/utils to be able to reuse this in interpreter and tests. Bug: v8:10971 Change-Id: Iaffcd36d27e0e8ab11e167befa96eef8e59f1c81 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438990Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70360}
-
- 25 Sep, 2020 1 commit
-
-
Adam Klein authored
These instructions were changed from "s8x16" to "i8x16" prefixes in https://github.com/WebAssembly/simd/pull/321. This CL updates all V8 code, including arch-specific code, to match. Bug: v8:10946, v8:10933 Change-Id: I26ef9ad77571f94501d42c1d65f57380fd507f3d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432068Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#70143}
-
- 15 Sep, 2020 1 commit
-
-
Jakob Gruber authored
Feedback collection is currently implemented only for JS operators in generic lowering. Missing feedback collection results in soft-deopts immediately after tiering up to TF from NCI code. In this CL we disable two large classes of such problematic lowerings for NCI code, type hint lowering and typed lowering. Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Bug: v8:8888 Change-Id: Ia8452775616074b7ad6dfe930f305449db3f5682 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410180 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69910}
-
- 10 Sep, 2020 1 commit
-
-
Jakob Gruber authored
This is the final part of the tier-up commit series. It implements: - A prologue in NCI code objects that checks and acts upon the optimization marker. - Currently, handling is deferred to the InterpreterEntryTrampoline but this will change in the future. - The lifecycle is otherwise like Ignition-to-Turbofan; the runtime profiler marks a function for optimization, the next call to that function triggers optimization by calling into runtime, and the finished code object is installed both on the JSFunction and the optimized code cache. - The feedback vector's kOptimizedCodeWeakOrSmiOffset slot is currently reused for the mid-to-top tier up. Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Bug: v8:8888 Change-Id: Iff50b05ddcc68b25d7ed0f1e0d20af076a1522a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361466Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69808}
-
- 28 Aug, 2020 1 commit
-
-
Marja Hölttä authored
This is the first step in a series of CLs. The goal is to make super property access faster. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit?usp=sharing This CL: - Add bytecode LdaNamedPropertyFromSuper - IGNITION_HANDLER just calls Runtime::LoadFromSuper - JSGenericLowering::LowerJSLoadNamedFromSuper just replaces the node with a runtime call to Runtime::LoadFromSuper Bug: v8:9237 Change-Id: Id28e935294c5068dd6c54e6b860a77d61517fff5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2327912 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69604}
-
- 29 Jul, 2020 1 commit
-
-
Jakob Gruber authored
This is the first step towards implementing a tier-up mechanism from NCI code to TF. We will follow the existing Ignition-to-Turbofan mechanics, which are, roughly: 1. Track a bytecode interrupt budget. 2. When exhausted, call the runtime profiler, which increments profiler ticks for the top frame's function. 3. When a function should tier up, it is marked as such using the FeedbackVector::optimized_code_weak_or_smi slot / the OptimizationMarker mechanism. 4. The InterpreterEntryTrampoline checks this slot and calls into runtime to compile if needed. 5. The finished code is also placed into this slot, as well as installed on the JSFunction. 6. Again, the IET checks the slot and tail-calls the code object if it exists. This CL implements step 1 for NCI code by inserting the new simplified UpdateInterruptBudget operator at the same spots (and using the same offsets) as Ignition. When the budget is exhausted, we call a runtime function that currently does nothing and will be implemented in the next CL. Bug: v8:8888 Change-Id: I98c0f8d96f32d515218dc2a76f961d44fe281c86 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312778 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69124}
-