Skip to content

V
V8
Switch branch/tag
  1. 23 Mar, 2021 5 commits
    • Frank Emrich's avatar
      [dict-proto] TF support for constants in dictionary mode protos, pt. 3 · c2ba619c
      Frank Emrich authored 
      This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/2720300.
As compared to the original version, it adds
--no-stress-flush-bytecode to the const-dict-tracking.js test

Original description:

This CL is part of a  series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL implements support for the case that the property
in question is an accesor, meaning that the given PropertyAccessInfo
has kind kAccessorDictionaryProtoConstant.

Bug: v8:11248
Change-Id: I896e5dc59821f88abdb7a743e21ca3a700af9db2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782280Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73617}
      c2ba619c
    • Nico Hartmann's avatar
      Revert "[dict-proto] TF support for constants in dictionary mode protos, pt. 3" · 03227d05
      Nico Hartmann authored 
      This reverts commit b1883dc3.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/17269/overview

Original change's description:
> [dict-proto] TF support for constants in dictionary mode protos, pt. 3
>
> This CL is part of a  series that implements Turbofan support for
> property accesses satisfying the following conditions:
> 1. The holder is a dictionary mode object.
> 2. The holder is a prototype.
> 3. The access is a load.
>
> This feature will only be enabled if the build flag
> v8_dict_property_const_tracking is set.
>
> This particular CL implements support for the case that the property
> in question is an accesor, meaning that the given PropertyAccessInfo
> has kind kAccessorDictionaryProtoConstant.
>
> Bug: v8:11248
> Change-Id: Id082107edd45fa91a3f1d96aa9df345a60f46917
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720300
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Frank Emrich <emrich@google.com>
> Cr-Commit-Position: refs/heads/master@{#73607}

Bug: v8:11248
Change-Id: Id753354a5ccddd1a05ecf9aec3267f152ef713c5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780299Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73612}
      03227d05
    • Frank Emrich's avatar
      [dict-proto] TF support for constants in dictionary mode protos, pt. 3 · b1883dc3
      Frank Emrich authored 
      This CL is part of a  series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL implements support for the case that the property
in question is an accesor, meaning that the given PropertyAccessInfo
has kind kAccessorDictionaryProtoConstant.

Bug: v8:11248
Change-Id: Id082107edd45fa91a3f1d96aa9df345a60f46917
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720300Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73607}
      b1883dc3
    • Frank Emrich's avatar
      [dict-proto] TF support for constants in dictionary mode protos, pt. 2 · afe9020f
      Frank Emrich authored 
      This CL is part of a  series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL implements support for the case that the property
in question is a data property, meaning that the given
PropertyAccessInfo has kind kDataDictionaryProtoConstant.
Support for accessor properties is added in a separated CL.

Bug: v8:11248
Change-Id: I8794127d08c3d3aed6ec2a3eb19c4c82bdf2d1df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718229
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarMarja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73603}
      afe9020f
    • Nico Hartmann's avatar
      Reland "[TurboFan] Move FunctionTemplateInfo to never serialized" · 07db5a65
      Nico Hartmann authored 
      This reverts commit c85b7a44.

This reland fixes missing serialization of objects stored in
CallHandlerInfo::data by adding necessary handling of these objects
in FunctionTemplateInfoRef::SerializeCallCode when running with
direct heap access.

Drive-by: Remove declaration of CallHandlerInfoRef::Serialize, which
did not have a definition.

Original change's description:
> [TurboFan] Move FunctionTemplateInfo to never serialized
>
> This CL moves FunctionTemplateInfo to the list of never serialized
> objects, allowing direct heap reads. To make this threadsafe, the CL:
> - adds necessary atomic (relaxed/acquire-release) operations to the
>   accessors of FunctionTemplateInfo.
> - changes FunctionTemplateInfoRef::LookupHolderOfExpectedType to be
>   usable from the background thread (e.g. no handle construction) with
>   the caveat of skipping optimization in some cases where necessary
>   JSObjects are not serialized.
>
> Drive-by: Add missing serialization of objects possibly reachable
> through CallHandlerInfo::data.
>
> Bug: v8:7790
> Change-Id: I49cf4f328ecfab368dff9076fde8f5783ead3246
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679687
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73364}

Bug: v8:7790, chromium:1188563
Change-Id: Ib43f1eaf0592d2565292e86dea5acfc41a58f637
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773807Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73599}
      07db5a65
  3. 17 Mar, 2021 1 commit
    • Nico Hartmann's avatar
      Revert "[TurboFan] Move FunctionTemplateInfo to never serialized" · c85b7a44
      Nico Hartmann authored 
      This reverts commit 220e68c0.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1188563

Original change's description:
> [TurboFan] Move FunctionTemplateInfo to never serialized
>
> This CL moves FunctionTemplateInfo to the list of never serialized
> objects, allowing direct heap reads. To make this threadsafe, the CL:
> - adds necessary atomic (relaxed/acquire-release) operations to the
>   accessors of FunctionTemplateInfo.
> - changes FunctionTemplateInfoRef::LookupHolderOfExpectedType to be
>   usable from the background thread (e.g. no handle construction) with
>   the caveat of skipping optimization in some cases where necessary
>   JSObjects are not serialized.
>
> Drive-by: Add missing serialization of objects possibly reachable
> through CallHandlerInfo::data.
>
> Bug: v8:7790
> Change-Id: I49cf4f328ecfab368dff9076fde8f5783ead3246
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679687
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73364}

TBR=neis@chromium.org

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: v8:7790
Change-Id: I66fd8d915e2434e3f78103b9e11dce01eb356675
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764753Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73454}
      c85b7a44
  5. 16 Mar, 2021 1 commit
    • Jakob Gruber's avatar
      [compiler] Concurrent JSObjectRef::GetOwnConstantElement · 21a23587
      Jakob Gruber authored 
      This CL implements the above in a concurrent setting without relying
on serialization (except existing serialization to read a consistent
JSObject state, which should be addressed in future work).

There are three main cases in which GetOwnConstantElement can succeed:

- Frozen elements are always constant. The backing store is immutable
after initialization and can be accessed through relaxed reads.
- String wrapper elements are always constant. The JSPrimitiveWrapper
is immutable after initialization, and internalized Strings are
protected by a mutex (other string kinds are currently not handled).
- Dictionary elements may be constant. Since this case is not
particularly important for the optimization, we leave it unimplemented
for now.

Bug: v8:7790
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_no_cm_rel_ng
Change-Id: If2fbced50218ebd3930da8157cd2ae5eb83a8e02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717308Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73442}
      21a23587
  7. 12 Mar, 2021 1 commit
  9. 03 Mar, 2021 1 commit
    • Frank Emrich's avatar
      [dict-proto] TF support for constants in dictionary mode protos, pt. 1 · a3ad3529
      Frank Emrich authored 
      This CL is the first in a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL does the following:

a) In PropertyAccessInfo::Kind, rename kDataConstant and
kAccessorConstant to kFastDataConstant and kFastAccessorConstant,
respectively, to indicate that these kinds are used for fast mode
holders.

b) In PropertyAccessInfo::Kind, add kDictionaryProtoDataConstant and
kDictionaryProtoAccessorConstant, which will be used for dictionary
mode holders (which must also be prototypes, as stated  above).

c) Add a member dictionary_index_ to PropertyAccessInfo, which is
used by the kinds mentioned in b)

Bug: v8:11248
Change-Id: Id1c10215aab287066a9765756f112c8035141013
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718228
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73169}
      a3ad3529
  11. 24 Feb, 2021 1 commit
  13. 23 Feb, 2021 1 commit
  15. 22 Feb, 2021 2 commits
    • Jakob Gruber's avatar
      [compiler] Split up GetOwnConstantElement · bd7da651
      Jakob Gruber authored 
      This method used to be defined on Object and handled Strings and
JSObjects; but only the object hierarchy rooted at JSObject has
'elements', and Strings are handled slightly differently. Thus it
makes sense to split up into

 JSObject::GetOwnConstantElement
 String::GetCharAsString

This way, we can also separate future work on making JSObjects and
Strings never-serialized.

Bug: v8:7790
Change-Id: I8e0f142fbd9cbf8e8abe1e9a189bcd948c2f1fa8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704080
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72911}
      bd7da651
    • Jakob Gruber's avatar
      Reland "[compiler] Direct heap reads for JSArrayRef" · 2e844377
      Jakob Gruber authored 
      This is a reland of 76a2ab06

Changes since the original CL:
- Handle unserialized elements (optional result in getter).
- Merge should_access_heap and --turbo-direct-heap-access paths.
- Slightly update the serialized path in GetOwnCowElement.
- Fix the cctest, add a regression test.

Atomic JSObject::elements/JSArray::length setters are addressed
in this CL: crrev.com/c/2704076.

Original change's description:
> [compiler] Direct heap reads for JSArrayRef
>
> There are two aspects to the non-JSObject parts of JSArrayRef:
>
> - JSArrayRef::length. Relevant only in two spots, 1. when reading
> (immutable) array boilerplates and 2. for GetOwnCowElement.
>
> - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing
> store. Relies on the invariant that cow backing stores are immutable.
>
> This CL renames the length accessor to length_unsafe to make the
> danger explicit at callsites.
>
> For GetOwnCowElement the refactor is slightly larger, since we now
> need to read into the backing store while keeping full control of
> object reads (e.g. JSArray::length and JSArray::elements_kind). We
> make all reads explicit at the call site by requiring that elements,
> elements kind, and length are passed in as arguments to
> GetOwnCowElement. Inside GetOwnCowElement, consistency between these
> is *not* guaranteed due to concurrency. At runtime, consistency *is*
> guaranteed through the reference-equality check on the elements seen
> during compilation. The actual elements read is implemented in
> ConcurrentLookupIterator::GetOwnCowElement.
>
> Bug: v8:7790
> Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72834}

Bug: v8:7790
Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72904}
      2e844377
  17. 19 Feb, 2021 1 commit
    • Georg Neis's avatar
      Revert "[compiler] Direct heap reads for JSArrayRef" · 3cfe4fe0
      Georg Neis authored 
      This reverts commit 76a2ab06.

Reason for revert: A few issues, e.g.
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8854931126653780144/+/u/Check__flakes_/ArrayWithCowElements

Original change's description:
> [compiler] Direct heap reads for JSArrayRef
>
> There are two aspects to the non-JSObject parts of JSArrayRef:
>
> - JSArrayRef::length. Relevant only in two spots, 1. when reading
> (immutable) array boilerplates and 2. for GetOwnCowElement.
>
> - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing
> store. Relies on the invariant that cow backing stores are immutable.
>
> This CL renames the length accessor to length_unsafe to make the
> danger explicit at callsites.
>
> For GetOwnCowElement the refactor is slightly larger, since we now
> need to read into the backing store while keeping full control of
> object reads (e.g. JSArray::length and JSArray::elements_kind). We
> make all reads explicit at the call site by requiring that elements,
> elements kind, and length are passed in as arguments to
> GetOwnCowElement. Inside GetOwnCowElement, consistency between these
> is *not* guaranteed due to concurrency. At runtime, consistency *is*
> guaranteed through the reference-equality check on the elements seen
> during compilation. The actual elements read is implemented in
> ConcurrentLookupIterator::GetOwnCowElement.
>
> Bug: v8:7790
> Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72834}

Bug: v8:7790, chromium:1180012
Change-Id: I50e72380c544b2b78e1e3dc87a8249281b710912
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704666
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72860}
      3cfe4fe0
  19. 18 Feb, 2021 1 commit
    • Jakob Gruber's avatar
      [compiler] Direct heap reads for JSArrayRef · 76a2ab06
      Jakob Gruber authored 
      There are two aspects to the non-JSObject parts of JSArrayRef:

- JSArrayRef::length. Relevant only in two spots, 1. when reading
(immutable) array boilerplates and 2. for GetOwnCowElement.

- JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing
store. Relies on the invariant that cow backing stores are immutable.

This CL renames the length accessor to length_unsafe to make the
danger explicit at callsites.

For GetOwnCowElement the refactor is slightly larger, since we now
need to read into the backing store while keeping full control of
object reads (e.g. JSArray::length and JSArray::elements_kind). We
make all reads explicit at the call site by requiring that elements,
elements kind, and length are passed in as arguments to
GetOwnCowElement. Inside GetOwnCowElement, consistency between these
is *not* guaranteed due to concurrency. At runtime, consistency *is*
guaranteed through the reference-equality check on the elements seen
during compilation. The actual elements read is implemented in
ConcurrentLookupIterator::GetOwnCowElement.

Bug: v8:7790
Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72834}
      76a2ab06
  21. 17 Feb, 2021 1 commit
    • Seth Brenith's avatar
      Reland "[interpreter] Short Star bytecode" · 7be64db4
      Seth Brenith authored 
      This is a reland of cf93071c

Original change's description:
> [interpreter] Short Star bytecode
>
> Design doc:
> https://docs.google.com/document/d/1g_NExMT78II_KnIYNa9MvyPYIj23qAiFUEsyemY5KRk/edit
>
> This change adds 16 new interpreter opcodes, kStar0 through kStar15, so
> that we can use a single byte to represent the common operation of
> storing to a low-numbered register. This generally reduces the quantity
> of bytecode generated on web sites by 8-9%.
>
> In order to not degrade speed, a couple of other changes are required:
>
> The existing lookahead logic to check for Star after certain other
> bytecode handlers is updated to check for these new short Star codes
> instead. Furthermore, that lookahead logic is updated to contain its own
> copy of the dispatch jump rather than merging control flow with the
> lookahead-failed case, to improve branch prediction.
>
> A bunch of constants use bytecode size in bytes as a proxy for the size
> or complexity of a function, and are adjusted downward proportionally to
> the decrease in generated bytecode size.
>
> Other small drive-by fix: update generate-bytecode-expectations to emit
> \n instead of \r\n on Windows.
>
> Change-Id: I6307c2b0f5794a3a1088bb0fb94f6e1615441ed5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2641180
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#72773}

Change-Id: I1afb670c25694498b3989de615858f984a8c7f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2698057
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72821}
      7be64db4
  23. 16 Feb, 2021 2 commits
    • Leszek Swirski's avatar
      Revert "[interpreter] Short Star bytecode" · 08a49bbe
      Leszek Swirski authored 
      This reverts commit cf93071c.

Reason for revert: Speculative revert because of Mac4 GC stress failure: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/16697/overview

Original change's description:
> [interpreter] Short Star bytecode
>
> Design doc:
> https://docs.google.com/document/d/1g_NExMT78II_KnIYNa9MvyPYIj23qAiFUEsyemY5KRk/edit
>
> This change adds 16 new interpreter opcodes, kStar0 through kStar15, so
> that we can use a single byte to represent the common operation of
> storing to a low-numbered register. This generally reduces the quantity
> of bytecode generated on web sites by 8-9%.
>
> In order to not degrade speed, a couple of other changes are required:
>
> The existing lookahead logic to check for Star after certain other
> bytecode handlers is updated to check for these new short Star codes
> instead. Furthermore, that lookahead logic is updated to contain its own
> copy of the dispatch jump rather than merging control flow with the
> lookahead-failed case, to improve branch prediction.
>
> A bunch of constants use bytecode size in bytes as a proxy for the size
> or complexity of a function, and are adjusted downward proportionally to
> the decrease in generated bytecode size.
>
> Other small drive-by fix: update generate-bytecode-expectations to emit
> \n instead of \r\n on Windows.
>
> Change-Id: I6307c2b0f5794a3a1088bb0fb94f6e1615441ed5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2641180
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#72773}

TBR=rmcilroy@chromium.org,mythria@chromium.org,seth.brenith@microsoft.com

Change-Id: I0162b9400861b90bacef27cca9aebc8ab9d74c10
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2697350Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72777}
      08a49bbe
    • Seth Brenith's avatar
      [interpreter] Short Star bytecode · cf93071c
      Seth Brenith authored 
      Design doc:
https://docs.google.com/document/d/1g_NExMT78II_KnIYNa9MvyPYIj23qAiFUEsyemY5KRk/edit

This change adds 16 new interpreter opcodes, kStar0 through kStar15, so
that we can use a single byte to represent the common operation of
storing to a low-numbered register. This generally reduces the quantity
of bytecode generated on web sites by 8-9%.

In order to not degrade speed, a couple of other changes are required:

The existing lookahead logic to check for Star after certain other
bytecode handlers is updated to check for these new short Star codes
instead. Furthermore, that lookahead logic is updated to contain its own
copy of the dispatch jump rather than merging control flow with the
lookahead-failed case, to improve branch prediction.

A bunch of constants use bytecode size in bytes as a proxy for the size
or complexity of a function, and are adjusted downward proportionally to
the decrease in generated bytecode size.

Other small drive-by fix: update generate-bytecode-expectations to emit
\n instead of \r\n on Windows.

Change-Id: I6307c2b0f5794a3a1088bb0fb94f6e1615441ed5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2641180Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#72773}
      cf93071c
  25. 12 Feb, 2021 1 commit
    • Georg Neis's avatar
      Reland "[compiler] Directly read PropertyCells" · cf7cba8d
      Georg Neis authored 
      This reverts commit 87df0b7e (thus
relands 42cd9eb7), with fixes for
the discovered issues.

Original change's description:
> Revert "[compiler] Directly read PropertyCells"
>
> This reverts commit 42cd9eb7.
>
> Reason for revert: Clusterfuzz issues, e.g.
> https://bugs.chromium.org/p/chromium/issues/detail?id=1176318
>
> Original change's description:
> > [compiler] Directly read PropertyCells
> >
> > Main changes:
> >
> > - Introduce a new broker data kind kBackgroundSerialized for objects
> >   that can be serialized in the background (when direct reads are on).
> >   (I'm planning to remove kPossiblyBackgroundSerialized in a followup,
> >   in favor of a dynamic choice of kSerialized or kBackgroundSerialized).
> > - Make PropertyCell use that new kind.
> > - Introduce a bottleneck in runtime code for changes to PropertyCells
> >   and make sure that a certain protocol is followed that allows
> >   concurrent reads from the background thread.
> > - Improve interface of PropertyCell in various ways.
> >
> > Bug: v8:7790
> > Change-Id: If3d7926c3b894808811348b4b2bed153f5c06897
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2661462
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#72586}
>
> TBR=ulan@chromium.org,neis@chromium.org,verwaest@chromium.org,nicohartmann@chromium.org
>
> Change-Id: Id04145760c49fa379bc5a3fc16eba664025a9180
> Bug: v8:7790
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685125
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72619}

Bug: v8:7790, chromium:1176509, chromium:1176318, chromium:1176504
Change-Id: Icaf285912bb948432a4a2d599cd174f6a5aa296e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685166Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72697}
      cf7cba8d
  27. 10 Feb, 2021 1 commit
    • Georg Neis's avatar
      Revert "[compiler] Directly read PropertyCells" · 87df0b7e
      Georg Neis authored 
      This reverts commit 42cd9eb7.

Reason for revert: Clusterfuzz issues, e.g.
https://bugs.chromium.org/p/chromium/issues/detail?id=1176318

Original change's description:
> [compiler] Directly read PropertyCells
>
> Main changes:
>
> - Introduce a new broker data kind kBackgroundSerialized for objects
>   that can be serialized in the background (when direct reads are on).
>   (I'm planning to remove kPossiblyBackgroundSerialized in a followup,
>   in favor of a dynamic choice of kSerialized or kBackgroundSerialized).
> - Make PropertyCell use that new kind.
> - Introduce a bottleneck in runtime code for changes to PropertyCells
>   and make sure that a certain protocol is followed that allows
>   concurrent reads from the background thread.
> - Improve interface of PropertyCell in various ways.
>
> Bug: v8:7790
> Change-Id: If3d7926c3b894808811348b4b2bed153f5c06897
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2661462
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72586}

TBR=ulan@chromium.org,neis@chromium.org,verwaest@chromium.org,nicohartmann@chromium.org

Change-Id: Id04145760c49fa379bc5a3fc16eba664025a9180
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685125Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72619}
      87df0b7e
  29. 09 Feb, 2021 1 commit
  31. 25 Jan, 2021 1 commit
  33. 22 Jan, 2021 1 commit
  35. 20 Jan, 2021 1 commit
    • Jakob Gruber's avatar
      [compiler] Rename type BailoutId to BytecodeOffset · 727d22be
      Jakob Gruber authored 
      This reflects the actual contents of the type, which is an offset into
the bytecode (or certain marker values). Historically, in the days of
FCG the bailout id used to refer to node ids - this is why certain
tracing output still calls the bailout id 'node id' and 'ast id'.
These spots will be fixed in a follow-up CL.

This change is mechanical:

 git grep -l BailoutId | while read f; do \
  sed -i 's/BailoutId/BytecodeOffset/g' $f; done

With a manual component of updating the DeoptimizationData method
name from 'BytecodeOffset' to 'GetBytecodeOffset'.

Bug: v8:11332
Change-Id: I956b947a480bf52263159c0eb1e895360bcbe6d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639754
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72189}
      727d22be
  37. 18 Jan, 2021 2 commits
  39. 17 Dec, 2020 1 commit
  41. 15 Dec, 2020 1 commit
    • Ross McIlroy's avatar
      [TurboFan] Avoid serializing BytecodeAnalysis · 6544a1e4
      Ross McIlroy authored 
      The SerializerForBackgroundCompilation needs bytecode analysis for loop
target analysis, but doesn't require the much more expensive liveness
analysis. In order to move more work off the main thread, perform fast
bytecode analysis without liveness analysis in
SerializerForBackgroundCompilation, and then move the full bytecode
analysis to the background thread in BytecodeGraphBuilder.

BUG=v8:7790,v8:9684

Change-Id: I63ef80ecab8ad0c56953c72be31abc8f5a74b9c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593329Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71767}
      6544a1e4
  43. 14 Dec, 2020 1 commit
    • Nico Hartmann's avatar
      Revert "[TurboFan] Move SFI and BytecodeArray to kNeverSerialized" · ff606a06
      Nico Hartmann authored 
      This reverts commit 8ffbf0d2.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1158322

Original change's description:
> [TurboFan] Move SFI and BytecodeArray to kNeverSerialized
>
> This CL moves SharedFunctionInfo and BytecodeArray to the
> kNeverSerialized classes, making them directly accessible from the
> background thread.
>
> To resolve the dependence on HeapNumber and BigInt objects stored in
> the BytecodeArray's constant pool, this CL introduces a new
> ObjectDataKind::kPossiblyBackgroundSerializedHeapObject, which allows
> for objects to be serialized lazily from the background thread where
> we know that this is safe (e.g. because they are constant). BigInt and
> HeapNumber are the first members of this new group of objects.
>
> Bug: v8:7790
> Change-Id: I1d962d1cb7c36cc3f5baeb9603d5298f32af3363
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567705
> Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71716}

TBR=neis@chromium.org,nicohartmann@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7790
Change-Id: Ice35d7c1c4d7e96be887a0aa26fbfa69db627022
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589734Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71738}
      ff606a06
  45. 11 Dec, 2020 1 commit
    • Nico Hartmann's avatar
      [TurboFan] Move SFI and BytecodeArray to kNeverSerialized · 8ffbf0d2
      Nico Hartmann authored 
      This CL moves SharedFunctionInfo and BytecodeArray to the
kNeverSerialized classes, making them directly accessible from the
background thread.

To resolve the dependence on HeapNumber and BigInt objects stored in
the BytecodeArray's constant pool, this CL introduces a new
ObjectDataKind::kPossiblyBackgroundSerializedHeapObject, which allows
for objects to be serialized lazily from the background thread where
we know that this is safe (e.g. because they are constant). BigInt and
HeapNumber are the first members of this new group of objects.

Bug: v8:7790
Change-Id: I1d962d1cb7c36cc3f5baeb9603d5298f32af3363
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567705Reviewed-by: 's avatarGeorg Neis (ooo until January 5) <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71716}
      8ffbf0d2
  47. 13 Nov, 2020 1 commit
  49. 10 Nov, 2020 2 commits
  51. 09 Nov, 2020 3 commits
  53. 07 Nov, 2020 1 commit
  55. 05 Nov, 2020 2 commits
  57. 29 Oct, 2020 1 commit