This will allow it to take an OffThreadIsolate in the future, without
requiring GetIsolate on SharedFunctionInfo.
Change-Id: I7db56d5f0587585f829b26e60683c133760d8ff1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282534
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68696}
This is the last batch of operators which used to embed the feedback
vector as a HeapConstant:
- CreateEmptyLiteralArray
- LoadGlobal
- LoadNamed
- StoreDataPropertyInLiteral
- StoreGlobal
- StoreInArrayLiteral
- StoreNamed
- StoreNamedOwn
They now take the vector as an input. In NCI mode, the vector is
loaded from the closure at the beginning of the function.
Bug: v8:8888
Change-Id: Ifd2d2a556db343512b61e099a73702822b1ba9f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282525
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68695}
Prior to this CL, the construct node layout was:
{target, args..., new_target}
The new layout is:
{target, new_target, args..., feedback_vector}
Having new_target at index 1 brings it closer to call node layout,
which is now identical except that it has receiver at index 1. The new
feedback vector input will be needed for NCI code.
Affected node kinds are:
- JSConstruct
- JSConstructWithArrayLike
- JSConstructWithSpread
- JSConstructForwardVarargs (just the new_target position change)
Bug: v8:8888
Change-Id: I4c68a0901d01e8862fd276c8a858799d5f4ff024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2278475
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68692}
Port 871183ea12
Original Commit Message:
- Add wasm opcode, decode and compiler code for v128.const
- Add codegen implementations for v128.const on x64/Arm64
- Reuse/Rename some shuffle specific methods to handle generic
128-bit immediates
- Tests
R=gdeepti@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ia4990f768b6fac0ac72cf79129a53b531c9c2fa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280541
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68691}
ForInNext can get lowered to a low-level call to the ForInFilter
builtin. We currently type low-level Call nodes simply as Any, leading
to a CHECK failure when the verifier expects a primitive.
This CL fixes the issue simply by manually setting the type as part of
the lowering. An alternative would be to have the Call typing inspect
its input similar to what the JSCall typing does. We can consider this
if we hit the same issue in other cases.
Bug: chromium:1102053
Change-Id: I6682d8cf95c6a3ebaff9c8de677aa20ca676573f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282523
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68688}
This change also makes it possible to create Torque references to
elements in the context.
Change-Id: I064b73dedf8463c8d92b94b0e59f3cb4e366611a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280084
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68677}
Split off MarkingWorklists and from Marker and introduce MarkerBase.
MarkerBase refers just to interfaces types for passing along visitors.
The concrete Marker provides the impl for these interfaces. Unified
heap marker uses different marking visitors internally but provides an
implementation for the same interface.
Change-Id: Ibc4b2c88e2e69bd303a95da7d167a701934f4a07
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270539
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68676}
After r68405 reduced the default stack size on Arm64 a couple of tests
hit stack limits on the Arm64 android bots. Reduce the argument count
on these tests to avoid this issue.
BUG=chromium:1099623
Change-Id: I8957043b74bd416bb78223599b1a661a4887f54a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280095
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68670}
This adds Google benchmark for microbenchmarking C++ code as an
optional dependency.
To enable, add the following to the .gclient before syncing
"custom_vars": {
"checkout_google_benchmark": True
}
Change-Id: Id0eab772dd71558906658ef4bb60e31acd665948
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2275964
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68663}
Split off MarkingState from MarkingVisitor.
With this CL the marking implementation is moved to "MarkingState"
which is the new bottleneck for marking a single object.
MarkingVisitor merely forwards to MarkingState, which knows how to set
the markbit and add the object to the worklist accordingly. This
allows to have a "UnifiedHeapMarkingVisitor" in future which can
easily reuse Marking to provide C++ marking.
Change-Id: I87ebbe37e8e8cd841e872cae9dc3490e2b55c4dd
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270172
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68660}
Using x16/x17 for tail calls allows us to use a "BTI c" instead
of "BTI jc" landing pad. This means that we cannot enter functions
with a jump to a register other than x16/x17 anymore.
Bug: v8:10026
Change-Id: If5af1af861acc19f9e0dfc19c38d6a57a6fb6b6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2276049
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#68655}
This changes the default scope info for SyntheticFunctionContexts
to the EmptyScopeInfo which does not contain an extension slot.
The bug happened because, previously, the native context scope info
was used as dummy.
Change-Id: I4d6bf6918c11c79201d16bde99ed76800ad6f6c5
Bug: v8:10629
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2277806
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68636}
Motivation:
We used to approximate s33/i33 value parsing by first checking for
specific negative codes, and then parsing an u32 value if that failed.
This is not correct in all cases.
Changes:
- Implement i33 parsing in Decoder.
- Factor out parsing of heap types into read_heap_type.
- Introduce HeapType::kBottom.
- Introduce helper functions in WasmFeatures and value_type_reader.
- Remove macros from the parsing of value types.
- HeapType::code now returns an i32 for compatibility with the i33
requirement.
- Introduce HeapType::Repr.
- Renamings: HeapType::type() -> representation(),
ValueType::heap() -> heap_representation()
Bug: v8:7748
Change-Id: I04deabce8837a48af2226411cd706a397f9e5725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2274118
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68633}
Also should address minor performance regressions for instance types
that should (and used to) use map compare rather than instance_type
comparison.
In the process, convert a bunch of IsXXX methods from the CSA into
exported Torque methods that call through to the Cast<> to ensure
there is only a single implementation of the type checkers. Also clean
up and remove duplicate/redundant code and unused Torque imports.
Bug: v8:7793, chromium:1098481
Change-Id: I3cd5146d913bb75bab4f73415b1b94bc30924725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270545
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68621}
Prototype f64x2.nearest on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintn, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintn, which is the same instruction used for
F64RoundTiesEven (scalar), wasm-compiler reuses the Float64RoundTiesEven
check.
Bug: v8:10553
Change-Id: Ia4c4245cac87c132331f54e81dad323fc3fb9f6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2268358
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68619}
e.g. the following is now valid Torque code:
macro TestA(implicit c: Context)() {}
macro TestB(): bool {
return TestA();
}
This is handy for more flexible usage of generics that may or may not
use implicit parameters deep inside their specializations.
Note that this change doesn't change the fundamental rigor (or lack
thereof) around checking the usage of implicit parameters, which
already do not require '_' before their parameter identifier if
unused. It just silences errors in cases where a call site doesn't
implicitly pass a parameter that ultimately doesn't have a use site
and adds meaningful error messages in the case that it does.
Bug: v8:7793
Change-Id: I559d06c0864a7e79fe52bee5a9a7af9941889748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2274127
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68618}
This is likely the major change of the series, as Call nodes are the
focus of call reducer (and to a lesser extent other phases like
inlining).
This CL essentially adds the new input to Call nodes, and updates the
rest of the pipeline. As a (fairly large) drive-by, I also introduce
the JSCallNode wrapper class and apply it in call reducer.
This change, although large, will hopefully make future refactorings
*much* easier, since it is now clear where certain assumptions about
Call node layout are made.
Bug: v8:8888
Change-Id: Ia15fe0ba459b6034863a5815a4e4662cee41fc83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264353
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68616}
OldGenerationAllocationCounter() needs to be invoked in safepoint,
otherwise invocation races with background threads incrementing the
counter.
First landed in https://crrev.com/c/2235544 and relanded in https://crrev.com/c/2259854 because of regressions. This CL also invokes UpdateNewSpaceAllocationCounter() in the safepoint.
Bug: v8:10315
Change-Id: I6104bed0aad848250feecfe51d6d849b184a8842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260560
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68614}
This patch does not include support for RTTs for i31ref yet.
Bug: v8:7748
Change-Id: Ifbeb8e305c2d0a57e4d5d6be761d046e330e0da1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273135
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68613}
It seems that the mix of atomic and non-atomic updates to the same
memory location is not working correctly. One fix is changing all memory
updates to be atomic. Another fix is removing the non-atomic access that
happens while the workers are already running (using atomic accesses).
This CL implements the latter.
R=ahaas@chromium.org
Bug: v8:10647, v8:10650
Change-Id: I84b4f3f442b6be3c4ea6e51962a523f443f5e43b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273133
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68603}
On mips platform, call operations may be followed by trampolines, which
leading to wrong information of the call instr's location in safepoint.
This CL fix it by adding a last_call_pc_ to record the location.
Besides, this CL also fix a bind operation in CheckTrampolinePool, which
may try to use trampoline before it's emission.
Change-Id: Ic0cbdb93afffa60a7389ee8177c381087fcaf52e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2095645
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68600}
When filling stack slots, the start offset can be too large to fit into
the immediate of a str instruction (which is used to handle remainders
after stp). For example, a function with 32 i64 params will require 256
bytes reserved for the params, so the offset starts at 256 + 16
(instance) = 272. This does not fit into a int9, so we hit an
UNREACHABLE case when emitting str.
The fix here checks that start can fit in an unscaled immediate, and if
it doesn't fallback to the general case. We could use the Str
from macro-asesmbler, but that uses another instruction, so we are not
saving anything.
A check for IsImmLSUnscaled(-start-12) is sufficient because 12 is the
largest possible value for remainder. So if -start-12 fits, everything
else will fit.
Bug: v8:10645
Change-Id: I1c415499ada3a807d5f3889f091150bfefdf471d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267369
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68594}
Prototype f64x2.trunc on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintz, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintz, which is the same instruction used for F64
trunc (scalar), wasm-compiler reuses the Float64RoundTruncate check.
Bug: v8:10553
Change-Id: I074d5b4172809915d4b37c59bd3b0dcbf9a45e1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2268357
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68592}
Prototype f64x2.floor on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintm, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintm, which is the same instruction used for
Float64RoundDown (scalar), wasm-compiler reuses the Float64RoundDown check.
Bug: v8:10553
Change-Id: I6f3d5c378a811ed94859535667aed1fa2d1ee552
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2265234
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68589}
An 'arguments' array cannot be allocated in young space when its size
exceeds kMaxRegularHeapObjectSize. In this case the optimizations in
JSCreateLowering::ReduceJSCreateArguments are skipped.
Bug: chromium:1098565
Change-Id: I30fdc78a1eb6e51fcd293785a46c9fd78995da9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273121
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68585}
The test was taking more than a minute before CL
https://crrev.com/c/2259933. Afterwards, it takes a lot longer, but I
could never reproduce a hang locally.
Let's re-enable and mark SLOW to increase the chance that it runs to
completion. We can then see how much slower it really got.
Also add some output that helps triaging in case it really hangs.
R=ahaas@chromium.org
Bug: v8:9506
Change-Id: I09a935ca0018517d45c6c008a099b8052bc45c47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273117
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68582}
Relanding without changes, revert reason was fixed by:
https://chromium-review.googlesource.com/c/v8/v8/+/2272564
Originally reviewed at:
https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Original description:
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I7fd4986efa3153ac68037ec418ea617f3f7636e8
Tbr: ulan@chromium.org
Tbr: tebbi@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273123
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68581}
This slows down promise benchmarks since we process all unhandled promises.
Bug: vu:1099632
Change-Id: I2188a2842ec0a69ca93e5d406f10371ceff60f9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270235
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68575}
This reverts commit 04ce88eae5.
Reason for revert: TSAN failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32135
Original change's description:
> [wasm-gc] Implement rtt.sub
>
> RTTs are internally represented as Maps. To store supertype information,
> this patch introduces a WasmTypeInfo object, which is installed on Wasm
> objects' Maps and points at both the off-heap type information and the
> parent RTT.
> In this patch, rtt.sub always creates a fresh RTT. The canonicalization
> that the proposal requires will be implemented later.
>
> Bug: v8:7748
> Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68564}
TBR=ulan@chromium.org,jkummerow@chromium.org,tebbi@chromium.org
Change-Id: I311732e1ced4de7a58b87d4a9b6056e0d62aa986
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270734
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68567}
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68564}
Motivation:
The immediate-argument classes defined in function-body-decoder.h were
often adding an offset to the provided pc. This was inconsistent,
bug-prone, and counterintuitive. This CL imposes that all immediates
are passed as pc the start of the immediate argument they are parsing.
Some other smaller inconsistencies are fixed as well.
Changes:
src/wasm/:
- Enforce that all Immediates are passed the pc at the start of the
argument they are parsing. Adapt all call sites.
- Remove unneeded offset arguments from two SIMD related immediates.
- Add a pc argument to all Validate functions for immediates instead
of using the Decoder's current pc.
- Remove the (unused) pc argument from all Complete functions for
immediates.
- Introduce Validate() for BranchOnExceptionImmediate.
- In WasmDecoder::Decode(), make sure len is updated before breaking out
of the loop in case of a Validate() failure.
- Change the default prefix_len of DecodeLoadMem/DecodeStoreMem to 1.
wasm-interpreter.cc:
- Change the default prefix_len of ExecuteLoad/Store to 1.
- Adapt offsets in calls to Immediates.
- Remove redundant opcode_length argument from ExecuteSimdOp, use len
in its place.
function-body-decoder-unittest.cc
- Adapt offsets in calls to Immediates.
- Introduce and use EXPECT_OK, as is done in other tests.
Change-Id: I534606c0e238af309804d4a7c8cec75b1e49c6ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267381
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68559}
Prototype f64x2.ceil on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintp, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintp, which is the same instruction used for
Float64RoundUp (scalar), wasm-compiler reuses the Float64RoundUp check.
Bug: v8:10553
Change-Id: I5841c6a06f260debe8ae90d331bdcc2a0fa3278c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258813
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68553}
This is a reland of f7a1932ef9
There was a wpt test in Chrome that expected the incorrect behavior.
I disable the test in https://crrev.com/c/2264418 so that we can land
the fix here.
Original change's description:
> [wasm] Re-exported globals preserve their identity
>
> V8 fails a recently added spec test that when an imported global get
> re-exported, it should preserve its identity. This CL fixes the behavior
> in V8.
>
> Drive-by change: fix the object printer of globals: a global which
> stores a reference type only has a tagged buffer, a global which stores
> a value type only has an untagged buffer.
>
> R=clemensb@chromium.org
>
> Bug: v8:10556
> Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68513}
Bug: v8:10556
Change-Id: I8e1b08fc9f72dde166cba167e6e320e714796769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264097
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68552}
Bitmask requires wasm_simd_post_mvp because it was merged into SIMD
proposal after 84 cut, which Origin Trial starts.
For now, bitmask is the only instruction that requires this flag to be
set, and no other post mvp instructions are included in the fuzzer.
We should revert this change (and also move bitmask out of the flag)
after this OT is over.
Bug: chromium:1098666
Change-Id: I7d45c805aaa18bfc1a5180e70b912d5f17d4a31d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264628
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68549}
Similar tests are already skipped on tsan, using the same bug to also
skip this test. Note that it's a slightly different test, but based on
the same "worker-ping-test.js".
TBR=ahaas@chromium.org
Bug: v8:9506
Change-Id: Ie8d0aab5b1fd3ae6c77a65fa04ac4772b2836a1c
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267301
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68548}
The BigInt proposal got to stage 4 and integrated into the main spec.
Therefore the proposal tests are unnecessary and will be outdated soon.
R=thibaudm@chromium.org
Change-Id: I149de015f098a89333dd907bf5a4d18a36086c2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264095
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68542}
Local type information was stored in the {WasmFullDecoder}, and a
pointer to that vector was handed to {WasmDecoder}. Since
{WasmFullDecoder} inherits from {WasmDecoder}, we can just move the
vector to the {WasmDecoder} class, and save an indirection and an
unnecessary nullptr check.
Drive-by: Rename {GetLocalType} to {local_type}, since it's a simple
accessor.
Drive-by 2: Move fields of {WasmDecoder} to the end of the class, as
mandated in the style guide.
Drive-by 3: Rename some locals in the 'let' decoding to make the meaning
more clear.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I6ab9831f0c1955e47562e84c5fbf15807439b024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264360
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68541}
This method was there to turn a trap into an exception. It's not used
any more, so can be removed.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: I39bb3141722ddf1e09271348016c1d6f6d72b928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264103
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68534}
This removes several dead functions from the wasm-module-runner.cc.
R=ahaas@chromium.org
Change-Id: I35efbc6960a28f41d14ca5d8e828c4e6f2953409
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264100
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68533}
This reverts commit f7a1932ef9.
Reason for revert: Breaking wasm wpt tests: https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/5408
Original change's description:
> [wasm] Re-exported globals preserve their identity
>
> V8 fails a recently added spec test that when an imported global get
> re-exported, it should preserve its identity. This CL fixes the behavior
> in V8.
>
> Drive-by change: fix the object printer of globals: a global which
> stores a reference type only has a tagged buffer, a global which stores
> a value type only has an untagged buffer.
>
> R=clemensb@chromium.org
>
> Bug: v8:10556
> Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68513}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I06eb1996cafe7d4e93a7e59d21679fea239cf961
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264956
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68528}
Prototype f32x4.nearest on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintn, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintn, which is the same instruction used for
F32RoundTiesEven (scalar), wasm-compiler reuses the Float32RoundTiesEven
check.
Bug: v8:10553
Change-Id: I066b8c5f10fd86294afe1c530c516493deeb7b53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258037
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68526}
Some operations require an immediate argument that represents a heap
type. This CL introduces a class to represent it and uses it where
appropriate. Also, the redundant TypeIndexImmediate is removed.
Bug: v8:7748
Change-Id: Ib4b1d50764a79f5dd3240688f8165c39745eaad8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260874
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68522}
Fix returning from TryAllocateLinearlyAligned without updating the
allocation stats if a preceding filler was required. Also makes
AllocateRaw take an int instead of size_t in line with other Spaces.
Bug: v8:8875, chromium:1097389
Change-Id: If0932caa94dce1cd45b41f44fa225a2007772ea1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264354
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68516}
V8 fails a recently added spec test that when an imported global get
re-exported, it should preserve its identity. This CL fixes the behavior
in V8.
Drive-by change: fix the object printer of globals: a global which
stores a reference type only has a tagged buffer, a global which stores
a value type only has an untagged buffer.
R=clemensb@chromium.org
Bug: v8:10556
Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68513}
Since the interpreter is not used in production any more, it does not
need to support lazy compilation. Since the code is still (accidentally)
triggered by indirect calls, we need to refactor that code. It only
allows calls within the same instance anyway.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: Ied1c8effd4c9fbb857a068db587de3463867ac80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259942
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68512}
This allows the compiler to eliminate more unneeded branches. Since all
functions just do a lookup in a static table (either directly, or via
compiling a switch to such a lookup), they are also good candidates for
inlining, which is made possible by this change.
One DCHECK is removed instead of pulling in the inl header, which would
require more refactoring since the check is in a non-inl header.
R=thibaudm@chromium.orgTBR=jkummerow@chromium.org
Bug: v8:10576
Change-Id: If0fd25fd62c5f30b896fc67a5458a5ae475a6351
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259944
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68508}
Test has flaky data race and will be fixed after branch to avoid
regressions.
Bug: v8:10637, v8:10315
Change-Id: Iddbbd91701aea622803146b84c9a9aa334bda927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2263155
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68506}
With this CL d8 exits with an error code if there is an unhandled
promise rejection, e.g. due tue a failed assertion in a promise. Up
until now these assertions were just ignored.
Bug: v8:10556
Change-Id: I25f20e4be45a2de130562deb15f6a144f0ac976f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238569
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68503}
The IsInBounds function is used in a few different places, when used for
bounds checks on 32-bit platforms, size_t for max_memory_size leads to
incorrect out of bounds accesses as size_t is not guaranteed to be
64-bit on all platforms. Use specific uint32_t, uint64_t methods for
Wasm bounds checking instead of size_t.
Bug: chromium:1080902
Change-Id: I0e21f0a310382c8ed0703c8302200d3352495c13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256858
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68500}
Prototype f32x4.trunc on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintz, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintz, which is the same instruction used for F32
trunc (scalar), wasm-compiler reuses the Float32RoundTruncate check.
Bug: v8:10553
Change-Id: I65ddc36ccff21f8f0ff21a6e768184c084ffcfea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256770
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68498}
Both the .return and .throw methods are delegated to the underlying sync
iterator. These methods are retrieved using GetMethod [1], which checks
for either null or undefined instead of only undefined.
[1] https://tc39.es/ecma262/#sec-getmethod
Bug: v8:10395
Change-Id: Ide8db4270d48783da6fd1d45a5b01f2858e2828c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258667
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68493}
Scalar lowering for i8x16, i16x8, i32x4 bitmask.
Depending on which lane we are lowering, we can either shift the MSB
into the correct final bit position, then do a big OR of all the nodes.
Bug: v8:10308
Change-Id: Iddf6c077b5a8658a487cef59f2e3bbae3c8bd98d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219327
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68491}
After https://chromium-review.googlesource.com/c/v8/v8/+/2250254,
allocated_object_size in RO_SPACE is incorrect. This changes it to use
the accounting_stats_ value. This also fixes the Capacity() which was
previously uninitialized. Both are tested in new ReadOnlySpace allocation
tests in test-spaces.cc.
Couple of cleanups:
* area_size_ becomes const since its value is fixed after construction.
* Deletes incorrect comment in base-space.h
Bug: v8:10454
Change-Id: I9bbbc1ef2548722eee9dae1bb8d67448eccf8955
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259937
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68489}
There is currently no API call that allows access to the id of the
script underlying a Module. As this function can only be used for
SourceTextModules, we also add IsSourceTextModule() and
IsSyntheticModule() to allow callers to distinguish them.
Bug: v8:10616
Change-Id: Ia55ea8e6993922b695019852e38ca54ffce32cbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248199
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68487}
along with a very basic test case.
Bug: v8:7748
Change-Id: I93d4b280922dd9eba8defc1a83ca08a2a957376a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2254023
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68485}
Due to recent spec changes, this CL removes the type immediate of
ref.is_null again. Instead we check if the type of the input parameter
is nullable.
R=jkummerow@chromium.org
Bug: v8:10556
Change-Id: If07d30fe4dd27664be7774422573b2ab2b0dfa20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247654
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68484}
The interpreter is not used in production code any more, hence move it
from src/wasm to test/common/wasm.
It's still used in unit tests, cctests, and in fuzzers.
Because of this move, a few more methods had to be exported via
V8_EXPORT_PRIVATE.
R=ahaas@chromium.org, yangguo@chromium.org
Bug: v8:10389
Change-Id: If626b940a721146c596fd7df4faaea633e710272
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257226
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68480}
Following up on previous changes for unary ops:
https://crrev.com/c/2246576
Bug: v8:8888
Change-Id: Ie4dd9a307fb0415e93babf412e3d8d9e86791761
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257227
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68479}
This change enables automatic generation of Cast<> operators for
classes that are defined in Torque.
* Cast<> macros are generated for all classes that are defined in
Torque code that are neither shapes nor marked with a new
@doNotGenerateCast annotation.
* Implicitly generated Cast macros simply call through to an
internally-defined "DownCastForTorqueClass" macro that implements
the cast using one of three strategies for efficiency. If the class
has subclasses (i.e. a range of instance types including subtypes),
the DownCastForTorqueClass checks for inclusion in the instance type
range. If the class has a single instance type (i.e. no subclasses),
then either 1) a map check is used if the class has a globally-
defined map constant or 2) an equality check for the instance type
is used.
* Added new intrinsics to introspect class information, e.g. fetching
instance type ranges for a class, accessing the globally-defined map
for a class.
* Removed a whole pile of existing explicit Cast<> operators that are
no longer needed because of the implicitly generated Cast<> macros.
* Added tests for the new Cast<> implementations.
Bug: v8:7793
Change-Id: I3aadb0c62b720e9de4e7978b9ec4f05075771b8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250239
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68478}
This extends the opcode macro lists to include both the long name
(e.g.: JSAdd) and short name (Add) to reduce duplication. The change
is only for JS operators for now but can be extended to others in the
future.
Drive-by: Base more predicates off the macro lists for robustness.
Bug: v8:8888
Change-Id: I10debdf86166dbe9dac63a6df57938820a8af8d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255468
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68477}
Just a test for now to document how trailing space after async
functions is not removed by SourceRangeAstVisitor.
Bug: v8:10628
Change-Id: I40f0d911c59540ea835c807a2be5b0d1488291d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259852
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68476}
Chrome may send memory measurement requests to multiple renderer
processes at the same time. This may lead to multiple GC happening at
the same time if the processes are idle. Randomization spreads out
the GCs over time to reduce the load on the system.
Bug: chromium:1049093
Change-Id: I5aa67fb07f8a55d0ba769bf823168b35cb3c23cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208861
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68472}
Prototype f32x4.floor on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintm, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintm, which is the same instruction used for F32
Floor (scalar), wasm-compiler reuses the Float32RoundDown check.
Bug: v8:10553
Change-Id: I540e82a156131821f732cd427df2e5c68f4094d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252541
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68470}
Adjust atomics.wait, atomics.notify semantics for when they are used
with non-shared Wasm memory to mirror the spec change introduced
in: https://github.com/WebAssembly/threads/pull/147. This does not
need to be gated by the flag here, as this will only decode if
the flag is enabled.
Bug: v8:9921
Change-Id: I7f2e018fed6bd131ad4c386def1e838626c28a4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256863
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68468}
Let's see if this is still flaky after almost 5 years.
Bug: v8:4573
Change-Id: I4cd2779b2c4aefc7bb20597db2fccc0e7e7c39c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255467
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68465}
This changes black/white list to block/allow list.
Bug: v8:10619
Change-Id: Id55d72f90891670ca57b62dfeb6b3251025927dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257228
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68464}
