But for builtins, jump tables are disabled
to be compatible with embedded builtins.
This is a reland of 884bec9f70
Original change's description:
> [turbofan] enable switch jump tables with --no-untrusted-code-mitigations,
> also for stubs and Wasm
>
> Bug: chromium:845851
> Change-Id: I9b860dc26f8b35d629235b82fc5fffe04bf10493
> Reviewed-on: https://chromium-review.googlesource.com/1076151
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53525}
Bug: chromium:845851
Change-Id: I66c300f875a46a3f2a68730fda94b8196f38aa97
Reviewed-on: https://chromium-review.googlesource.com/1087468
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53612}
This CL implements NumberIsNaN in Torque and removes it from the
CodeStubAssembler. It is currently used in TypedArray.p.sort and
Array.p.sort.
R=jgruber@chromium.org
Change-Id: Iaaa81901f89c0df68997d4501607b302a0449012
Reviewed-on: https://chromium-review.googlesource.com/1092532
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53611}
Since we never extract pools from a {DisjointAllocationPool}, the
{Allocate} method can just return an {AddressRange}, and also {Merge}
just needs to merge a single {AddressRange}.
Drive-by: Make {AddressRange} a proper struct, for DCHECKs and better
accessors.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: I19fd02b2c6d8eb5316a5e994835b89be9cfa792b
Reviewed-on: https://chromium-review.googlesource.com/1090723
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53610}
This class can contain members and functions common across all
platforms.
Bug: v8:6666
Change-Id: I8f232f806457164a2401f74c7140fd035ad05096
Reviewed-on: https://chromium-review.googlesource.com/1086940
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53609}
This CL moves the DataViewGetFloat32 and DataViewGetFloat64
getters from runtime to Torque.
Change-Id: Ic85ec7bcb4e48f679c24e28121b7c543454e7cde
Reviewed-on: https://chromium-review.googlesource.com/1088919
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#53606}
This CL updates the d3.js library to version 5.4. The most notable
change is that the library can now distinguish between click and drag
events if an element supports both selection via click and displacement
via drag.
Curiously, npm created a 'package-lock.json', which is ~500 lines, and
which is supposed to be checked into the repository according to documentation.
Change-Id: Ifabd236296d951f390e0a1516d89e73138ce1713
Reviewed-on: https://chromium-review.googlesource.com/1076234
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53604}
This makes sure that reloc entries with WASM_STUB_CALL mode can be
shared within the constant pool. Call sites to such stubs never need to
be patched individually and absolute addresses of such call targets can
be shared when they are put into constant pools.
This applies to ARM, ARM64 and PPC architectures only.
R=clemensh@chromium.org
BUG=chromium:850413
Change-Id: I657248f61f122f1a3d6d30ebd14326df45f67540
Reviewed-on: https://chromium-review.googlesource.com/1091055
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53603}
This is a reland of 4f9455994c
Original change's description:
> Add Visitor for EphemeronHashTable
>
> JSWeakCollection does not have any weak references anymore. Special
> handling of Ephemerons can now be implemented in
> VisitEphemeronHashTable.
>
> Bug: chromium:844008
> Change-Id: I9f4d8ad6a32cc7a55b715803f6a83ff8d2743ce8
> Reviewed-on: https://chromium-review.googlesource.com/1090274
> Commit-Queue: Dominik Inführ <dinfuehr@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53584}
Bug: chromium:844008
Change-Id: I9d2953d55eb0affba4fede5ec37369c1eb6574f5
Reviewed-on: https://chromium-review.googlesource.com/1092370
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Cr-Commit-Position: refs/heads/master@{#53602}
Currently, nosnap builds do not run mksnapshot and thus do not have a
chance to generate the embedded blob. In theory we could support this,
but let's just ensure we don't crash for now.
Bug: v8:6666,v8:7835
Change-Id: I7d3b1f772b296ae3bcaed1604e0d1e44834da1c0
Reviewed-on: https://chromium-review.googlesource.com/1092491
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53600}
This updates 'hello-world.cc' sample.
Change-Id: Id1f3fd222ddd89946e3ab50a8eff5c6477d1f665
Reviewed-on: https://chromium-review.googlesource.com/1089816
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53597}
The globals tests for simd are failing on mips big endian. Will re-enable
after fixing.
R=clemensh@chromium.org
BUG=v8:6020
Change-Id: I8a8a17c4e947b69ccc2eb6bbe79c308b1129d1af
Reviewed-on: https://chromium-review.googlesource.com/1089814
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53595}
z/Architecture Principles of Operation details LOCR/LOCGR to be RRF-c
format, with the operands printed in the form LOCR/LOCGR R1,R2,M3,
where M3 is binary encoded in bits 16-20. Current disassembler
is printing the operands in the wrong order, and extracting the Mask
from the wrong bits.
R=jyan@ca.ibm.com, michael_dawson@ca.ibm.com
Change-Id: I30baaab16ab3dbf879df381cd1f0978a66a214a6
Reviewed-on: https://chromium-review.googlesource.com/1091139
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53593}
This uses an optimized single-byte encoding for WASM_STUB_CALL reloc
entries when possible, by sacrificing size from DEOPT_REASON. Note that
stub calls in WebAssembly are used for trap handlers, which are fairly
common on regular WasmCode.
R=clemensh@chromium.org
BUG=chromium:850111,chromium:850413
Change-Id: I153fdd775290dece2884d438d5defd441486b369
Reviewed-on: https://chromium-review.googlesource.com/1090831
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53587}
This CL extracts code for loading a NumberDictionary element
from "EmitElementLoad" to its own function in the CSA.
This is done in preparation for a fast path in Torque for dictionary
elements.
R=jgruber@chromium.org
Change-Id: I3bb9897910183cd50be127bae771e531a61d57be
Reviewed-on: https://chromium-review.googlesource.com/1090832
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53586}
JSWeakCollection does not have any weak references anymore. Special
handling of Ephemerons can now be implemented in
VisitEphemeronHashTable.
Bug: chromium:844008
Change-Id: I9f4d8ad6a32cc7a55b715803f6a83ff8d2743ce8
Reviewed-on: https://chromium-review.googlesource.com/1090274
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53584}
This is a reland of 91bab5588c
This CL contains two major changes w.r.t to the original CL:
The random state is removed from the Smi root list and we pre-seed the RNG
on each sort with the length of the array.
To cut down on the length of the arguments list and to keep track of the
random state across recursive calls, we move most of the sort arguments into
a FixedArray and reload from the array for each recursion.
Original change's description:
> [array] Use random middle element to determine pivot during sorting
>
> This CL adds a "random state" to the Smi Root list and implements a
> basic Linear congruential pseudo random number generator in Torque.
>
> The RNG is used to determine the pivot element for sorting. This will
> prevent the worst cases for certain data layouts.
>
> Drive-by-fix: Make sorting of ranges and execution pauses for profviz
> deterministic by adding a secondary sorting criteria.
>
> Bug: v8:7382
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
> Reviewed-on: https://chromium-review.googlesource.com/1082193
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Simon Zünd <szuend@google.com>
> Cr-Commit-Position: refs/heads/master@{#53524}
Bug: v8:7382
Change-Id: Ia7bef7ed1c0e904ffe43bc428e702f64f9c6a60b
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1087888
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53583}
Struct fields should not end in an underscore according to the style
guide.
Drive-by: Add {TurboAssembler} constructor which receives an
{IsolateData} directly, to allow creating a {TurboAssembler} in a
background thread.
R=mstarzinger@chromium.org
Change-Id: I32800476690f4c8619059519b7d27b06f5d4be95
Reviewed-on: https://chromium-review.googlesource.com/1090278
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53582}
This makes all runtime calls compiled by Liftoff load the respective
CEntry builtin from the instance object instead of embedding it into the
instruction stream. Another step towards making the code independent of
the originating Isolate.
As a drive-by this also changes one implicit runtime call in the stack
check in the TurboFan backend in a similar fashion.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: Ifab5995aa95250d6fae60ef5debb98aee2b6fc0c
Reviewed-on: https://chromium-review.googlesource.com/1089067
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53578}
With lazy compilation, not every exported function has code assiciated
with it. {WasmExportedFunction} provides the function index though,
which can be used to check whether code exists and access that code.
R=mstarzinger@chromium.org
Bug: v8:7758
Change-Id: Id80285fec46bf5be4af49875734aa0fe28d732c9
Reviewed-on: https://chromium-review.googlesource.com/1090273
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53576}
This makes the WebAssembly runtime stubs load the correct CEntry stub
from the instance object instead of embedding the address within the
instruction stream. It effectively makes those stubs independent of the
underlying Isolate.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: I0e7f3ecf7642d3fb1ee7adf83a8f0e6cc4d38fdf
Reviewed-on: https://chromium-review.googlesource.com/1086997
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53575}
This reads much nicer than the for loop with {num_imported_functions_}
and {num_functions}, and is potentially even faster, because we access
the code table directly and not via function index.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: I83e5c0253d8f78c22982a79d878431ba75cfc027
Reviewed-on: https://chromium-review.googlesource.com/1090271
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53574}
This reverts commit ceb9c8127f.
Reason for revert: Tanks compile time
Original change's description:
> [sfi] Remove SFI function literal id field
>
> SharedFunctionInfos store their original function literal's id. This is
> also their index in the Script's SFI list.
>
> Since the function literal id is only needed for lazy compilation and live
> edit, we can calculate it on-the-fly by linear search in the Script SFI list,
> and save a field on the SFI.
>
> If this regresses compile performance, we could alternatively store the
> function literal id on the preparsed scope data as future work.
>
> Bug: chromium:818642
> Change-Id: I5468cea0e115921f1c864d94e567d749a4349882
> Reviewed-on: https://chromium-review.googlesource.com/1082480
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53523}
TBR=hpayer@chromium.org,leszeks@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:818642
Bug: chromium:850417
Change-Id: If2fd21331b7062532c04004a51e705f7e9d0a151
Reviewed-on: https://chromium-review.googlesource.com/1090494
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53573}
JSWeakCollection should use EphemeronHashTable as backing store instead of
ObjectHashTable such that the GC can handle these structures differently in
the future.
Bug: chromium:844008
Change-Id: Icc6df60c975a942877e2507ef45e0d235e5f72be
Reviewed-on: https://chromium-review.googlesource.com/1089063
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53572}
As a first step towards moving accesses to the broker, this moves
heap accesses from BitsetType::Lub to the broker.
Bug: v8:7790
Change-Id: Ie240b84b979717caae42cb8aa06ee8d9877a446d
Reviewed-on: https://chromium-review.googlesource.com/1088695
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53571}
Use a passed in Isolate/Heap directly rather than using GetIsolate() on
HeapObjects which may not in future be tied to an isolate.
Bug: v8:7786
Change-Id: I89d8706544aa135049434cf20c4e1308474c678b
Reviewed-on: https://chromium-review.googlesource.com/1089334
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53569}
This CL adds the simplest version of a trap handler fallback. At
instantiation time, we check whether the module was compiled to use
trap handlers and the memory is guarded. If the memory is not guarded
but the module is supposed to use trap handlers, we recompile the
module with bounds checks so that we can use an unguarded memory.
The compiled module is replaced with a bounds checking version, meaning
future instances from this module will also use bounds checks.
Some likely desirable features that are current missing but can be
added future CLs include:
* Disabling trap handler mode entirely.
* Recompiling all old instances so that trap handler and bounds checked
code does not coexist in the same process.
Bug: v8:7143
Change-Id: I161fc0d544133b07dc4a93cc6af813369aaf3efe
Reviewed-on: https://chromium-review.googlesource.com/1018182
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53566}
