1. 11 Jan, 2021 1 commit
  2. 17 Dec, 2020 2 commits
    • Nico Hartmann's avatar
      Revert "Faster JS-to-Wasm calls" · de50785e
      Nico Hartmann authored
      This reverts commit 860fcb1b.
      
      Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/13831/overview
      
      Original change's description:
      > Faster JS-to-Wasm calls
      >
      > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
      >
      > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
      > the basis of the signature of a Wasm function to call, and whose task
      > is to:
      > - set "thread_in_wasm_flag" to true
      > - convert the arguments from tagged types into Wasm native types
      > - calculate the address of the Wasm function to call and call it
      > - convert back the result from Wasm native types into tagged types
      > - reset "thread_in_wasm_flag" to false.
      >
      > This CL tries to improve the performance of JS-to-Wasm calls by
      > inlining the code of the JS-to-Wasm wrappers in the call site.
      >
      > It introduces a new IR operand, JSWasmCall, which replaces JSCall for
      > this kind of calls. A 'JSWasmCall' node is associated to
      > WasmCallParameters, which contain information about the signature of
      > the Wasm function to call.
      >
      > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
      > of the Wasm function, when the conversion is not necessary.
      > The actual inlining of the graph generated for this wrapper happens in
      > the simplified-lowering phase.
      >
      > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
      > lazy deoptimizations that can happen if the Wasm function callee calls
      > back some JS code that invalidates the compiled JS caller function.
      >
      > Bug: v8:11092
      > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538
      > Reviewed-by: Igor Sheludko <ishell@chromium.org>
      > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
      > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Maya Lekova <mslekova@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      > Cr-Commit-Position: refs/heads/master@{#71824}
      
      TBR=neis@chromium.org,ahaas@chromium.org,jgruber@chromium.org,tebbi@chromium.org,ishell@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org,paolosev@microsoft.com
      
      Change-Id: I214cbdee74c1a2aaad907ffc84662ed25631983e
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:11092
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595438Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71825}
      de50785e
    • Paolo Severini's avatar
      Faster JS-to-Wasm calls · 860fcb1b
      Paolo Severini authored
      This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
      
      Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
      the basis of the signature of a Wasm function to call, and whose task
      is to:
      - set "thread_in_wasm_flag" to true
      - convert the arguments from tagged types into Wasm native types
      - calculate the address of the Wasm function to call and call it
      - convert back the result from Wasm native types into tagged types
      - reset "thread_in_wasm_flag" to false.
      
      This CL tries to improve the performance of JS-to-Wasm calls by
      inlining the code of the JS-to-Wasm wrappers in the call site.
      
      It introduces a new IR operand, JSWasmCall, which replaces JSCall for
      this kind of calls. A 'JSWasmCall' node is associated to
      WasmCallParameters, which contain information about the signature of
      the Wasm function to call.
      
      WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
      of the Wasm function, when the conversion is not necessary.
      The actual inlining of the graph generated for this wrapper happens in
      the simplified-lowering phase.
      
      A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
      lazy deoptimizations that can happen if the Wasm function callee calls
      back some JS code that invalidates the compiled JS caller function.
      
      Bug: v8:11092
      Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarGeorg Neis (ooo until January 5) <neis@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      Cr-Commit-Position: refs/heads/master@{#71824}
      860fcb1b
  3. 16 Dec, 2020 1 commit
  4. 02 Dec, 2020 1 commit
  5. 01 Dec, 2020 1 commit
    • Ross McIlroy's avatar
      [Turboprop] Move deoptimizations for dynamic map checks into builtin. · b6643320
      Ross McIlroy authored
      In order to reduce the codegen size of dynamic map checks, add the
      ability to have an eager with resume deopt point, which can call
      a given builitin to perform a more detailed check than can be done
      in codegen, and then either deoptimizes itself (as if the calling
      code had performed an eager deopt) or resumes execution in the
      calling code after the check.
      
      In addition, support for adding extra arguments to a
      deoptimization continuation is added to enable us to pass the
      necessary arguments to the DynamicMapChecks builtin.
      
      Finally, a trampoline is added to the DynamicMapChecks which saves
      the registers that might be clobbered by that builtin, to avoid
      having to save them in the generated code. This trampoline also
      performs the deoptimization based on the result of the
      DynamicMapChecks builtin.
      
      In order to ensure both the trampoline and DynamicMapChecks
      builtin have the same call interface, and to limit the number
      of registers that need saving in the trampoline, the
      DynamicMapChecks builtin is moved to be a CSA builtin with a
      custom CallInterfaceDescriptor, that calls an exported Torque
      macro that implements the actual functionality.
      
      All told, this changes the codegen for a monomorphic dynamic
      map check from:
          movl rbx,<expected_map>
          cmpl [<object>-0x1],rbx
          jnz <deferred_call>
         resume_point:
          ...
         deferred_call:
          <spill registers>
          movl rax,<slot>
          movq rbx,<object>
          movq rcx,<handler>
          movq r10,<DynamicMapChecks>
          call r10
          cmpq rax,0x0
          jz <restore_regs>
          cmpq rax,0x1
          jz <deopt_point_1>
          cmpq rax,0x2
          jz <deopt_point_2>
          int3l
         restore_regs:
          <restore_regs>
          jmp <resume_point>
          ...
         deopt_point_1:
          call Deoptimization_Eager
         deopt_point_2:
          call Deoptimization_Bailout
      
      To: movl rax,<slot>
          movl rcx,<expected_map>
          movq rdx,<handler>
          cmpl [<object>-0x1],rcx
          jnz <deopt_point>
         resume_point:
          ...
         deopt_point:
          call DynamicMapChecksTrampoline
          jmp <resume_point>
      
      BUG=v8:10582
      
      Change-Id: Ica4927b9acc963b9b73dc62d9379a7815335650f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560197
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71545}
      b6643320
  6. 05 Oct, 2020 1 commit
  7. 17 Aug, 2020 1 commit
  8. 29 Jul, 2020 1 commit
  9. 27 Jul, 2020 1 commit
  10. 10 Jul, 2020 1 commit
  11. 17 Mar, 2020 1 commit
  12. 05 Mar, 2020 1 commit
    • Dan Elphick's avatar
      [compiler] Optimize AddInputsToFrameStateDescriptor · 500d73b9
      Dan Elphick authored
      Optimizes InstructionSelector::AddInputsToFrameStateDescriptor by
      taking advantage of SparseInputMask data structure to more quickly
      handle empty inputs and insert all the OptimizedOut entries in one go.
      The number of empty inputs is now determined using CountTrailingZeros
      rather than iterating over them one at a time.
      
      Gives a 9% improvement to SelectInstructions runtime call stat for
      Octane in turboprop.
      
      Bug: v8:10051
      Change-Id: Ib13d6f9644b4c89ba0546a19fe0ed623d69fec99
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2037443
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66591}
      500d73b9
  13. 04 Mar, 2020 1 commit
  14. 02 Mar, 2020 1 commit
  15. 11 Feb, 2020 1 commit
    • Dan Elphick's avatar
      Revert "[compiler] Make StateValuesAccess methods inlinable" · 1a4bbc8a
      Dan Elphick authored
      This reverts commit 14d1b9e9.
      
      Reason for revert: Increases RuntimeStats/Group-JavaScript/duration
      
      Original change's description:
      > [compiler] Make StateValuesAccess methods inlinable
      > 
      > This moves several simple StateValuesAccess methods as well as
      > SparseInputMask::InputIterator::IsReal into their header files so they
      > can be more easily inlined. This gives about a 7% improvement to the
      > BackgroundSelectInstructions runtime call stat.
      > 
      > Also marks some methods called by the new methods as V8_PRIVATE_EXPORT
      > so component build test can build.
      > 
      > Bug: v8:10051
      > Change-Id: I3e34977a4fa660d3f4f55fd4f2c0b2370d5d2bc2
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023559
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#66078}
      
      TBR=neis@chromium.org,delphick@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:10051
      Change-Id: I9168b524bc06562906a12a6ec0e948d6f90d4a7d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050387Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66219}
      1a4bbc8a
  16. 07 Feb, 2020 1 commit
  17. 03 Feb, 2020 1 commit
    • Dan Elphick's avatar
      [compiler] Make StateValuesAccess methods inlinable · 14d1b9e9
      Dan Elphick authored
      This moves several simple StateValuesAccess methods as well as
      SparseInputMask::InputIterator::IsReal into their header files so they
      can be more easily inlined. This gives about a 7% improvement to the
      BackgroundSelectInstructions runtime call stat.
      
      Also marks some methods called by the new methods as V8_PRIVATE_EXPORT
      so component build test can build.
      
      Bug: v8:10051
      Change-Id: I3e34977a4fa660d3f4f55fd4f2c0b2370d5d2bc2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023559Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66078}
      14d1b9e9
  18. 22 Oct, 2019 1 commit
  19. 26 Aug, 2019 1 commit
  20. 23 Aug, 2019 2 commits
  21. 01 Aug, 2019 1 commit
  22. 31 May, 2019 1 commit
    • Santiago Aboy Solanes's avatar
      [ptr-compr][turbofan][CSA] Adding the CompressedHeapConstant node · a31b36e0
      Santiago Aboy Solanes authored
      CompressedHeapConstant is used in the DecompressionElimination Reducer to
      create compressed HeapConstant values. It won't appear in the graph
      up until that point.
      
      This CL enables back the disabled tests in DecompressionElimination, as
      well as generating the CompressedHeapConstant in that reducer.
      
      The RelocInfo has already been added for x64 but not for arm64. Therefore,
      the x64 version is now doing the mov on 32 bits. The support for ARM will
      come in a following CL, and for now it is doing the mov in 64 bits.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
      Bug: v8:8977, v8:7703, v8:9298
      Change-Id: If0ca4f937cfa60501679e66f6fd5ded2df38f605
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632236Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61950}
      a31b36e0
  23. 23 May, 2019 1 commit
  24. 06 May, 2019 1 commit
  25. 13 Feb, 2019 1 commit
  26. 02 Jan, 2019 1 commit
  27. 17 Dec, 2018 3 commits
    • Sigurd Schneider's avatar
      Reland "[assembler] Split out CPUFeatures into its own file" · 01b0afd5
      Sigurd Schneider authored
      This is a reland of 3ad101f5
      
      Original change's description:
      > [assembler] Split out CPUFeatures into its own file
      >
      > This reduces the preprocessor expanded source size by 84,675 LoC:
      >
      > gen         (   20 files):    71,349 to    1,523,934 (   21x)
      > src         (  624 files):   367,410 to   53,253,894 (  145x)
      > test        (  392 files):   490,503 to   37,436,176 (   76x)
      > third_party (  432 files):   239,085 to    9,547,902 (   40x)
      > total       ( 1520 files): 1,183,031 to  102,736,424 (   87x)
      >
      > to
      >
      > gen         (   20 files):    71,349 to    1,523,794 (   21x)
      > src         (  624 files):   367,411 to   53,186,896 (  145x)
      > test        (  392 files):   490,504 to   37,418,639 (   76x)
      > third_party (  432 files):   239,085 to    9,547,902 (   40x)
      > total       ( 1520 files): 1,183,033 to  102,651,749 (   87x)
      >
      >
      > Change-Id: Ia8a79092051a42815b65e86a0784297915368c9b
      > Reviewed-on: https://chromium-review.googlesource.com/c/1291471
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Marja Hölttä <marja@chromium.org>
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58266}
      
      TBR=marja@chromium.org,clemensh@chromium.org,ulan@chromium.org
      
      Change-Id: I5b857666508b1c80dcadd0b470aada37dd49077e
      Reviewed-on: https://chromium-review.googlesource.com/c/1379872Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58278}
      01b0afd5
    • Maya Lekova's avatar
      Revert "[assembler] Split out CPUFeatures into its own file" · 316b152a
      Maya Lekova authored
      This reverts commit 3ad101f5.
      
      Reason for revert: Broken Android Arm64 debug builder - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Android%20Arm64%20-%20debug%20builder/3089
      
      Original change's description:
      > [assembler] Split out CPUFeatures into its own file
      > 
      > This reduces the preprocessor expanded source size by 84,675 LoC:
      > 
      > gen         (   20 files):    71,349 to    1,523,934 (   21x)
      > src         (  624 files):   367,410 to   53,253,894 (  145x)
      > test        (  392 files):   490,503 to   37,436,176 (   76x)
      > third_party (  432 files):   239,085 to    9,547,902 (   40x)
      > total       ( 1520 files): 1,183,031 to  102,736,424 (   87x)
      > 
      > to
      > 
      > gen         (   20 files):    71,349 to    1,523,794 (   21x)
      > src         (  624 files):   367,411 to   53,186,896 (  145x)
      > test        (  392 files):   490,504 to   37,418,639 (   76x)
      > third_party (  432 files):   239,085 to    9,547,902 (   40x)
      > total       ( 1520 files): 1,183,033 to  102,651,749 (   87x)
      > 
      > 
      > Change-Id: Ia8a79092051a42815b65e86a0784297915368c9b
      > Reviewed-on: https://chromium-review.googlesource.com/c/1291471
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Marja Hölttä <marja@chromium.org>
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58266}
      
      TBR=ulan@chromium.org,marja@chromium.org,sigurds@chromium.org,clemensh@chromium.org
      
      Change-Id: I111f9bbef9e66cd1ee7f4206b6af1097f7c50e66
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/1379933Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Commit-Queue: Maya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58268}
      316b152a
    • Sigurd Schneider's avatar
      [assembler] Split out CPUFeatures into its own file · 3ad101f5
      Sigurd Schneider authored
      This reduces the preprocessor expanded source size by 84,675 LoC:
      
      gen         (   20 files):    71,349 to    1,523,934 (   21x)
      src         (  624 files):   367,410 to   53,253,894 (  145x)
      test        (  392 files):   490,503 to   37,436,176 (   76x)
      third_party (  432 files):   239,085 to    9,547,902 (   40x)
      total       ( 1520 files): 1,183,031 to  102,736,424 (   87x)
      
      to
      
      gen         (   20 files):    71,349 to    1,523,794 (   21x)
      src         (  624 files):   367,411 to   53,186,896 (  145x)
      test        (  392 files):   490,504 to   37,418,639 (   76x)
      third_party (  432 files):   239,085 to    9,547,902 (   40x)
      total       ( 1520 files): 1,183,033 to  102,651,749 (   87x)
      
      
      Change-Id: Ia8a79092051a42815b65e86a0784297915368c9b
      Reviewed-on: https://chromium-review.googlesource.com/c/1291471Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMarja Hölttä <marja@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58266}
      3ad101f5
  28. 30 Nov, 2018 1 commit
  29. 19 Sep, 2018 1 commit
  30. 17 Sep, 2018 1 commit
  31. 06 Jun, 2018 1 commit
  32. 30 Apr, 2018 1 commit
    • Jaroslav Sevcik's avatar
      Replace array index masking with the poisoning approach. · f53dfd93
      Jaroslav Sevcik authored
      The idea is to mark all the branches and loads participating in array
      bounds checks, and let them contribute-to/use the poisoning register.
      In the code, the marks for array indexing operations now contain
      "Critical" in their name. By default (--untrusted-code-mitigations),
      we only instrument the "critical" operations with poisoning.
      
      With that in place, we also remove the array masking approach based
      on arithmetic.
      
      Since we do not propagate the poison through function calls,
      we introduce a node for poisoning an index that is passed through
      function call - the typical example is the bounds-checked index
      that is passed to the CharCodeAt builtin.
      
      Most of the code in this CL is threads through the three levels of
      protection (safe, critical, unsafe) for loads, branches and flags.
      
      Bug: chromium:798964
      
      Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
      Reviewed-on: https://chromium-review.googlesource.com/995413
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52883}
      f53dfd93
  33. 28 Apr, 2018 1 commit
  34. 05 Mar, 2018 2 commits
  35. 02 Mar, 2018 1 commit