- 08 Jan, 2021 2 commits
-
-
Santiago Aboy Solanes authored
Follow-up that continues to make StringRefs's methods return optional values. Bug: v8:7790 Change-Id: I34f907810747216b047a3da8db035cf4f62728c3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2615162Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#71982}
-
Santiago Aboy Solanes authored
We are planning on moving String to kNeverSerialized. For this, we are modifying its methods to bail out if they encounter a NeverSerialized non-internalized String. Bug: v8:7790 Change-Id: Ia83c1385e53707ddec374e1730963c29b928a08c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2615420Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#71975}
-
- 21 Dec, 2020 1 commit
-
-
Sathya Gunasekaran authored
LAST_FUNCTION_TYPE, FIRST_FUNCTION_TYPE are no longer necessary. TBR: tebbi@chromium.org Bug: v8:11256 Change-Id: I37b1396eca8f89a287e04f2ef6b642dad248ae67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2599745 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71852}
-
- 17 Dec, 2020 3 commits
-
-
Sathya Gunasekaran authored
This allows the JSFunctionOrBoundFunction instance type range to no longer be stuck at the last of the JSObject instance type range. This will be useful in the future where we extend the function instance types and include them in fast protector cell checks. Bug: v8:11256 Change-Id: I955991576b3cca76b10f76c87748016fe527e3d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595275Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#71826}
-
Nico Hartmann authored
This reverts commit 860fcb1b. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/13831/overview Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > > Bug: v8:11092 > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#71824} TBR=neis@chromium.org,ahaas@chromium.org,jgruber@chromium.org,tebbi@chromium.org,ishell@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org,paolosev@microsoft.com Change-Id: I214cbdee74c1a2aaad907ffc84662ed25631983e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11092 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595438Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71825}
-
Paolo Severini authored
This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. Currently JS-to-Wasm calls go through a wrapper/trampoline, built on the basis of the signature of a Wasm function to call, and whose task is to: - set "thread_in_wasm_flag" to true - convert the arguments from tagged types into Wasm native types - calculate the address of the Wasm function to call and call it - convert back the result from Wasm native types into tagged types - reset "thread_in_wasm_flag" to false. This CL tries to improve the performance of JS-to-Wasm calls by inlining the code of the JS-to-Wasm wrappers in the call site. It introduces a new IR operand, JSWasmCall, which replaces JSCall for this kind of calls. A 'JSWasmCall' node is associated to WasmCallParameters, which contain information about the signature of the Wasm function to call. WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments of the Wasm function, when the conversion is not necessary. The actual inlining of the graph generated for this wrapper happens in the simplified-lowering phase. A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage lazy deoptimizations that can happen if the Wasm function callee calls back some JS code that invalidates the compiled JS caller function. Bug: v8:11092 Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Georg Neis (ooo until January 5) <neis@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#71824}
-
- 03 Dec, 2020 1 commit
-
-
Leszek Swirski authored
TurboFan creates DisallowHeapAccess scopes, to prevent heap access in the concurrent parts of the compiler. Then, for parts of the compiler that do want to access the heap, it either creates Allow* scopes (which should be avoided since they "punch a hole" in the Disallow* scopes), or relies on a weakening of Handle::IsDereferenceAllowed which allows handles owned by a LocalHeap to be dereferenced even if there is a DisallowHeapDereference scope. This patch: a) Strengthens the implicit requirements around handle dereferencing to require a running heap on this thread (either main-thread heap or an un-parked, un-safepointed LocalHeap). b) Removes the overly strict Disallow scopes in TurboFan, relying instead on implicit requirements for allocation/handle dereferencing in off-thread code. c) Cleans up the "should_disallow_heap_access" predicate to be more explicit about what should be disallowed (e.g. property accesses can't be computed concurrently) Change-Id: Icb56b7764913ac17e2db197a70bb189af88a6978 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554617 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#71600}
-
- 26 Nov, 2020 1 commit
-
-
Santiago Aboy Solanes authored
Scopes in V8 are used to guarantee one or more properties during its lifetimes. If a scope is not named e.g MyClassScope(args) instead of MyClassScope scope(args) it will get created and automatically destroyed and therefore, being useless as a scope. This CL would produce a compiling warning when that happens to ward off this developer error. Follow-up to ccrev.com/2552415 in which it was introduced and implemented for Guard classes. Change-Id: Ifa0fb89cc3d9bdcdee0fd8150a2618af5ef45cbf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555001 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#71425}
-
- 10 Nov, 2020 2 commits
-
-
Marja Hölttä authored
This is the second reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 , this time without RuntimeCallStats in the tests. Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: I782df6e032ff8191082b425e68d68b69cef0a560 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527092 Auto-Submit: Marja Hölttä <marja@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71077}
-
Georg Neis authored
This is a reland of 3b6f7802. The compilation failures due to call-by-reference have been fixed. Original change's description: > [cleanup] Replace more uses of Min/Max by std::min/max > > Bug: v8:11074 > Change-Id: I94d53ea0aac123459ae60fc61748fedf0faac2f4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521147 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Auto-Submit: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71022} Bug: v8:11074 Change-Id: Ia01bfd014e481d3a13b306974f6837a65391b19c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527064 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71072}
-
- 09 Nov, 2020 5 commits
-
-
Shu-yu Guo authored
This reverts commit 30ca51ec. Reason for revert: TSAN failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34104 Original change's description: > [super] Optimize super property access in JSNativeContextSpecialization > > This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 > > Generalize the existing property lookup machinery > (JSNCS::ReduceNamedAccess) to handle the case where the > lookup_start_object and the receiver are different objects. > > Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l > > Bug: v8:9237 > Change-Id: Ia8e79b00f7720f4e3e90801e49a0106e03b4767d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523197 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71052} TBR=marja@chromium.org,neis@chromium.org Change-Id: I2b10963a9a99f7b482f1014472a6a281fcf9b8c1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9237 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527184Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#71058}
-
Marja Hölttä authored
This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: Ia8e79b00f7720f4e3e90801e49a0106e03b4767d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523197 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71052}
-
Maya Lekova authored
This is a tentative fix for the linked issue. The CL enables all int64/uint64 tests for fast API calls on all platforms. Bug: chromium:1144751 Change-Id: Ie892ad625257d3b0e0bdd9ac24261b3cbeaaba62 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520902 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71043}
-
Georg Neis authored
In a few places we incorrectly assumed to know the instance type of the heap object. In particular, in JSCallReducer::ReduceDataViewAccess, doing map inference on the receiver and determining that all maps are JSDataView maps does not guarantee that the receiver is a JSDataView constant because we might deopt before getting to the data view operation. Bug: chromium:1146652 Change-Id: I1611308c3ebe0d33fa6b0cf0938d777b4e6449ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524440 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#71034}
-
Zhi An Ng authored
This reverts commit 3b6f7802. Reason for revert: Build failure https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20full%20debug/14666 Original change's description: > [cleanup] Replace more uses of Min/Max by std::min/max > > Bug: v8:11074 > Change-Id: I94d53ea0aac123459ae60fc61748fedf0faac2f4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521147 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Auto-Submit: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71022} TBR=neis@chromium.org,zhin@chromium.org,mslekova@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:11074 Change-Id: Id6c50bd9ba4132e83f4eecec9e23c6c15e2d787b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524412Reviewed-by:
Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71026}
-
- 07 Nov, 2020 1 commit
-
-
Georg Neis authored
Bug: v8:11074 Change-Id: I94d53ea0aac123459ae60fc61748fedf0faac2f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521147Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71022}
-
- 06 Nov, 2020 1 commit
-
-
Nico Hartmann authored
Bug: v8:11074 Change-Id: I6d58d523254915a6b0d6542d8f80ddc6cee71dee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520907Reviewed-by:
Zhi An Ng <zhin@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71003}
-
- 05 Nov, 2020 2 commits
-
-
Clemens Backes authored
This reverts commit 0147db5a. Reason for revert: Data races: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34056 Original change's description: > [super] Optimize super property access in JSNativeContextSpecialization > > Generalize the existing property lookup machinery > (JSNCS::ReduceNamedAccess) to handle the case where the > lookup_start_object and the receiver are different objects. > > Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l > > Bug: v8:9237 > Change-Id: I28b6d87ce6537acd8cf972bbe7dc6d63d581aadc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487122 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70988} TBR=marja@chromium.org,mvstanton@chromium.org,neis@chromium.org Change-Id: Ib5ddb919ae569fe5ddf266d986f1c8bc0fe9621a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9237 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520908Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70992}
-
Marja Hölttä authored
Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: I28b6d87ce6537acd8cf972bbe7dc6d63d581aadc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487122 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#70988}
-
- 28 Oct, 2020 1 commit
-
-
Shu-yu Guo authored
Change-Id: I4ab54dac771bb551c2435a98f9e53194a6f27853 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2495494 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70851}
-
- 20 Oct, 2020 1 commit
-
-
Georg Neis authored
Gracefully handle hugely nested JSBoundFunctions by checking against the local isolate's stack limit in relevant recursive functions. This is based on d734bb4c (which was reverted). In order to get access to the local isolate, the CL replaces the heap broker's LocalHeap pointer with a LocalIsolate pointer. Bug: chromium:1125145 Change-Id: I15d6265c7dfcd8a70af4ab4ce6f30149a886be00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480682 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70654}
-
- 14 Oct, 2020 1 commit
-
-
Jakob Gruber authored
This is a reland of 16cd5995 Changes since the original CL: generic lowering support for ForInPrepare and ForInNext. Original change's description: > [nci] Prepare JSForInPrepare and JSForInNext for feedback input > > These two operators are still missing feedback collection in generic > lowering (reminder: all operations that collect FB in the interpreter > must also collect FB in generic lowering). > > This CL prepares for that by adding the feedback vector as an input, > and additionally adds node wrappers to improve useability. > > The actual collection logic will be added in a following CL. > > Bug: v8:8888 > Change-Id: I04627eedb2dc237dc4e417091c44d2a95bd98f5f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454712 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70372} Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Bug: v8:8888 Change-Id: Idc294ffd2a24922edd08db6897d32d5724956995 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2459373 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70496}
-
- 07 Oct, 2020 2 commits
-
-
Jakob Gruber authored
This reverts commit 16cd5995. Reason for revert: Can't be landed without also implementing generic lowering, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20fyi/18261. Original change's description: > [nci] Prepare JSForInPrepare and JSForInNext for feedback input > > These two operators are still missing feedback collection in generic > lowering (reminder: all operations that collect FB in the interpreter > must also collect FB in generic lowering). > > This CL prepares for that by adding the feedback vector as an input, > and additionally adds node wrappers to improve useability. > > The actual collection logic will be added in a following CL. > > Bug: v8:8888 > Change-Id: I04627eedb2dc237dc4e417091c44d2a95bd98f5f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454712 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70372} TBR=jgruber@chromium.org,leszeks@chromium.org,tebbi@chromium.org Change-Id: Ibff2bf44eb04bebd982b019b4539275db75c611a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8888 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454078Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70376}
-
Jakob Gruber authored
These two operators are still missing feedback collection in generic lowering (reminder: all operations that collect FB in the interpreter must also collect FB in generic lowering). This CL prepares for that by adding the feedback vector as an input, and additionally adds node wrappers to improve useability. The actual collection logic will be added in a following CL. Bug: v8:8888 Change-Id: I04627eedb2dc237dc4e417091c44d2a95bd98f5f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454712 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70372}
-
- 06 Oct, 2020 1 commit
-
-
Maya Lekova authored
This CL ensures that if float parameters are unsupported for fast API calls (which is currently the case for all platforms except x64), the call is properly optimized to the regular TurboFan path. Bug: chromium:1052746 Change-Id: I6dd9892d1db2b8c194c30b5d656d50ff63f03f51 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450020 Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#70354}
-
- 30 Sep, 2020 1 commit
-
-
Jakob Gruber authored
Turboprop-generated Code objects will now have the dedicated TURBOPROP code kind instead of OPTIMIZED_FUNCTION. When possible, the code kind is used as the source of truth instead of FLAG_turboprop. This is the initial step towards implementing tier-up from Turboprop to Turbofan. Future work: Rename OPTIMIZED_FUNCTION to TURBOFAN, rename STUB to DEOPT_ENTRIES_OR_FOR_TESTING, implement TP tier-up. No-Try: true Bug: v8:9684 Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Change-Id: I3c9308718d7e9a2b7e6796e7ea94f17e5ff84c0a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424140 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70213}
-
- 29 Sep, 2020 2 commits
-
-
Georg Neis authored
This reverts commit d734bb4c. Reason for revert: Flawed. Original change's description: > [compiler] Check for stack overflow in recursive ReduceJSCall > > Gracefully handle hugely nested JSBoundFunctions. > > Bug: chromium:1125145 > Change-Id: I08f136fa9d35cf16ea8da5132d4d483a75d0ba94 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418091 > Auto-Submit: Georg Neis <neis@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70164} TBR=neis@chromium.org,mslekova@chromium.org Change-Id: I2d4ed79e2470981dab7ccba8e0c7e1004fe91369 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1125145 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436342Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#70195}
-
Mike Stanton authored
Here is an alternate fix for chromium:1123379, which addresses a TODO. A callback is provided to the GraphAssembler when it's working on an unscheduled graph. In such cases, changed nodes in the main graph need to be revisited after change. The callback ensures that the GraphAssembler kicks that process off when necessary. Bug: chromium:1123379 Change-Id: I9d864c3390fbe670ee450152a67555dcbfa8f581 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2433924 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70192}
-
- 28 Sep, 2020 1 commit
-
-
Georg Neis authored
Gracefully handle hugely nested JSBoundFunctions. Bug: chromium:1125145 Change-Id: I08f136fa9d35cf16ea8da5132d4d483a75d0ba94 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418091 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#70164}
-
- 16 Sep, 2020 1 commit
-
-
Santiago Aboy Solanes authored
This is a reland of b5f37051 Got reverted since it was breaking the bots (https://bugs.chromium.org/p/v8/issues/detail?id=10918) The solution is to keep the JSDataView class as kSerialized but change its method to do a direct heap access. In this way, its map it will still be serialized (which was the cause of the bot failure). In order to keep incrementally skipping serialization, we can introduce new macros that allow a per-method skip of serialization rather than per-class. Original change's description: > [compiler] Replace JSDataView with direct reads > > Bug: v8:7790 > Change-Id: Id01c2e4359aa4294816ffe14c08a586a9b9b10c2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404768 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69904} Bug: v8:7790, v8:10918 Change-Id: Ifdfe504272369e7cc1332fe53992739f9d0be385 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2413258Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69949}
-
- 15 Sep, 2020 2 commits
-
-
Santiago Aboy Solanes authored
This reverts commit b5f37051. Reason for revert: Breaking the fuzzer https://bugs.chromium.org/p/v8/issues/detail?id=10918 Original change's description: > [compiler] Replace JSDataView with direct reads > > Bug: v8:7790 > Change-Id: Id01c2e4359aa4294816ffe14c08a586a9b9b10c2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404768 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69904} Change-Id: I9a470708f06328061d5d4ecf21fa38bc0e49ff45 Bug: v8:7790, v8:10918 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410196Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69911}
-
Santiago Aboy Solanes authored
Bug: v8:7790 Change-Id: Id01c2e4359aa4294816ffe14c08a586a9b9b10c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404768 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69904}
-
- 31 Aug, 2020 1 commit
-
-
Jakob Gruber authored
The graph assembler calls MergeControlToEnd as part of Unreachable node creation; this causes issues when used inside the GraphReducer framework, since the reducer is not notified by gasm that the end node should be revisited. The (hacky) fix in this CL is to always mark the end node for revisitation after a gasm reduction has taken place. Bug: v8:8888,chromium:1123379 Change-Id: I350bb7144add04a0c3fd7f3d88c07fcfe1cd42e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384772 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69619}
-
- 24 Aug, 2020 1 commit
-
-
Jakob Gruber authored
Prior to this CL, one had to artificially insert a basic-block-terminating node after Unreachable. The common pattern was Unreachable(); Goto(&some_label); // Never reached but generates useless code. This CL improves usability by automatically merging Unreachable nodes to the end node, and terminating current effect/control. The updated pattern is just Unreachable(); or in cases where Turboprop must maintain a schedule: Unreachable(&some_label); Bug: v8:8888 Change-Id: I26a0b11b5e67252a6dc3584ae09ed06370f1eacc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362690 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69531}
-
- 29 Jul, 2020 1 commit
-
-
Georg Neis authored
The bug was that the allocation of the result array (before the loop) was using the outer frame state, thus returning the allocation's result (an array full of holes) as the return value of the map operation in case the allocation triggers a lazy deopt. Bug: chromium:1104514 Change-Id: I9a6db8a5860472e1b438b6b54414938d61e166c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324249Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69129}
-
- 22 Jul, 2020 2 commits
-
-
Maya Lekova authored
This CL fixes passing the receiver of a fast call as an effect input only in cases where the opcode supports it. It also introduces a test for callbacks without fallback support and a test where ConvertReceiver is not introduced. Bug: chromium:1052746 Change-Id: I6f396f4c9cbaab7ae915c908a9f805d9770f8946 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312777 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69005}
-
Maya Lekova authored
The object is passed now as an v8::ApiObject instead of unwrapped C++ pointer and the embedder should do the unwrapping. Bug: chromium:1052746 Change-Id: If5671c5fdbbe8d58435c7bd9aceccf5e17f8ea21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2304571Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#68991}
-
- 15 Jul, 2020 1 commit
-
-
Maya Lekova authored
This change adds a has_error parameter on the stack which allows the fast callback to report an error. In case this parameter is set to non-zero, the generated code calls the slow (default) callback, which can throw the exception. Bug: chromium:1052746 Change-Id: Ib11f6b0bef37d5eb1d04cd6d0a3ef59028dcc448 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183929Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#68871}
-
- 09 Jul, 2020 1 commit
-
-
Jakob Gruber authored
After native-context-independent codegen, verify that the resulting Code object does not embed any nc-dependent objects, and that no code dependencies have been created. Bug: v8:8888 Change-Id: I894e74b27e86e7727ff17aa0dbfdd908373a5e55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284498 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#68757}
-
- 07 Jul, 2020 1 commit
-
-
Jakob Gruber authored
Native context independent code generation should, at the moment, not use any collected feedback. We implement this by returning InsufficientFeedback from the heap broker's ReadFeedbackForX methods if currently compiling nci code. Thus all feedback.IsInsufficient() calls inside the compiler will return true (disabling feedback-based optimizations). FeedbackSource::IsValid() (used in generic lowering) can still return true. Bug: v8:8888 Change-Id: I198b6457276073e7376c777b206c50726f1b3645 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284494 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68726}
-