Since WASM can generate direct calls to any function that it knows the
arity of and these can be any JS linkage builtin, we need to ensure that
CPP builtins also go into CODE_SPACE.
This moves 276 builtins (~25KiB) from RO_SPACE back to CODE_SPACE.
Bug: chromium:1022695, v8:7464
Change-Id: I4cda8b68ddf6a5ddad09c6e7d4e6a08c8e6c2ccb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916600
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65004}
The DCHECK in the lookup method compares the stashed length of the backing store
and the byte_length queried on lookup. These two are not guaranteed to be equal
as there can be grow calls that update the lenght of the buffer between the
length being stashed and the equality check.
Bug: chromium:1010272
Change-Id: I754fa0a9ab676cd838e893d12ef6b13fc7d335e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1911490
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65003}
This makes sure that the {WasmGraphBuilder} properly detects the
presence of Simd128 global.get and global.set opcodes and triggers
scalar lowering on architectures without Simd128 support.
R=clemensb@chromium.org
TEST=cctest/test-run-wasm-simd/RunWasm_S128Globals
BUG=v8:9973
Change-Id: I1538bd1d3fea40cc78e82b125d4f113842faf68a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917148
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65002}
This reverts commit 80caf2cf53.
Reason for revert: Breaks gpu tests:
https://ci.chromium.org/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/5570
# Debug check failed: !possibly_empty_buckets->Contains(bucket_index).
Original change's description:
> [heap] Reduce size of possibly empty buckets
>
> Before this CL a byte was used per bucket to store whether the bucket
> is possibly empty or not. This CL changes this such that each bucket
> only needs a single bit.
>
> PossiblyEmptyBuckets is now a word in the page header. If more bits
> are needed than fit into a single word, an external bitmap is
> allocated using AlignedAlloc. Storing this on the page header, allows
> to remove initial_buckets from the SlotSet. The SlotSet allocation is
> then again a power-of-2 in release mode.
>
> Change-Id: If61fd5cfa153f98757beeb444a530f6e2803fdb6
> Bug: chromium:1023139
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906376
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64991}
TBR=ulan@chromium.org,dinfuehr@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:1023139
Change-Id: Ia90b07b9562af934dacba012da31e4f172f2922d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918258
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65001}
This reverts commit a9ea67d4bb.
Reason for revert: Regressions https://crbug.com/1025160.
Original change's description:
> Reland "[regalloc] Use an adaptive data structure for live sets"
>
> This is a reland of b3d748a282
>
> Original change's description:
> > [regalloc] Use an adaptive data structure for live sets
> >
> > Live sets represent sets of live virtual registers at block entry and
> > exit points. They are usually sparsely populated; for example, a sample
> > taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> > 10% or less.
> >
> > Prior to this CL, live sets were implemented as a statically-sized bit
> > vector. This is fine for low-ish virtual register counts, but becomes
> > wasteful at higher numbers.
> >
> > This CL attempts to address this issue through an adaptive
> > implementation. Small live sets remain bit vectors, while larger sets
> > switch to a PersistentMap-based implementation. PersistentMap has very
> > memory-efficient add/remove/copy operations.
> >
> > Of course, with adaptive data structures we enter the territory of
> > parameter fiddling. In this case, two parameters are used:
> > kMaxSmallSetSize controls when to switch implementations, and
> > kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> > deleted entries in the map) sets in.
> >
> > On the (degenerate) test case from the linked bug, the register
> > allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> > I expect savings on the order of 10s of KB.
> >
> > Bug: v8:9574
> > Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64872}
>
> Bug: v8:9574
> Change-Id: I5a95d56c33a98cc5c6c58ff9308314e2eefa462c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910953
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64950}
TBR=jgruber@chromium.org,tebbi@chromium.org,thibaudm@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9574,chromium:1025160
Change-Id: I177d64eed588cd09c999e15b04d37630c2c6538b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918255
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64998}
Switch the parameter name src and dst.
Change-Id: I4bd07959dd9e9da3a32ebb8d4b61dd6b92e90592
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918094
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/master@{#64996}
This reverts commit 0c3906f4dc.
Reason for revert: <broken compatibility with Python 3>
Original change's description:
> Fix an error caused by a bug in Python < 2.7.9
>
> There seems to be a bug in Python versions prior
> to 2.7.9 where running exec could produce the following error:
>
> SyntaxError: unqualified exec is not allowed in function
> '_ParsePythonTestTemplates' it contains a nested function
> with free variables (testcfg.py, line 71)
>
> https://bugs.python.org/issue21591
>
> It's causing an issue on all Ubuntu 14 and RHEL 7 machines.
>
> The proposed change is an equivalent syntax which doesn't
> produce an error:
> https://docs.python.org/2/reference/simple_stmts.html#the-exec-statement
>
>
> Change-Id: I159cc1be58ff375f313ae5c4fb814763704b880e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893647
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#64736}
TBR=machenbach@chromium.org,bmsdave@gmail.com,tmrts@chromium.org,miladfar@ca.ibm.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: Ib62143645184d768f54272b7c2d7745f6b700369
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921171
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64995}
Before this CL a byte was used per bucket to store whether the bucket
is possibly empty or not. This CL changes this such that each bucket
only needs a single bit.
PossiblyEmptyBuckets is now a word in the page header. If more bits
are needed than fit into a single word, an external bitmap is
allocated using AlignedAlloc. Storing this on the page header, allows
to remove initial_buckets from the SlotSet. The SlotSet allocation is
then again a power-of-2 in release mode.
Change-Id: If61fd5cfa153f98757beeb444a530f6e2803fdb6
Bug: chromium:1023139
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906376
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64991}
This reverts commit 1ec2ca266f.
Reason for revert: Preparing for re-enabling pointer compression.
Original change's description:
> [ptr-compr] Temporarily enable double fields unboxing
>
> We are not shipping ptr-compr in M79 on x64 because chromium:1009439
> blocks 31-bit Smis on 64-bit architectures, so these's no point in
> disabling double fields unboxing.
>
> This CL will be reverted after the M79 branch point.
>
> Bug: v8:9799, chromium:1009439
> Change-Id: I28d0013d3ab06ce41d5028ba4f66c9b249de52d7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862556
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64288}
Bug: v8:9799, chromium:1009439
Change-Id: I18e22422725777ad8bfbb19243158228f3559c32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1919320
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64990}
It was perhaps incorrectly not declared inline while still appearing in
the main header file and then appearing in the -inl.h. MSVC doesn't like
it being declared inline however, so just inline it directly into the
main header.
Bug: v8:8510
Change-Id: I16106b91b3b4dff31e70382f2e66aa4f42fb290b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918249
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64988}
Currently it's pretty easy to write Torque code that generates an error
in some common generic function such as Convert<To: type, From: type>,
and unless your change is very small, it can be hard to figure out what
part of it caused that macro specialization. This CL updates the Torque
compiler to emit some extra information about the stack of code
positions that caused a specialization of a macro or builtin, similar to
what Clang does for C++ templates. Obviously there might be multiple
places that require a particular specialization, but we only report the
first one that caused the specialization to be created.
Bug: v8:7793
Change-Id: I4c0fbf1fd437d0eb0d7d5002baef7a5361aea5ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1911019
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64987}
The constructor taking an Isolate and HeapObject never uses the
HeapObject value and just calls through to the Isolate constructor.
Bug: v8:9810
Change-Id: Ia2553b4d1f31cf24549980dbb5c2bfa38fe91f8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918247
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64986}
Still trying to find the culprit for https://crbug.com/893973,
which seems to be some internal inconsistency in the debug stack
trace iterator.
Bug: chromium:893973
Tbr: yangguo@chromium.org
Change-Id: Id8d62a371cb957d3e78f4919e1ed8b9f54c5738b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918246
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64985}
Bug: v8:7790
Change-Id: Ibfc83828c8677901caa4e04e2b88915ddabeed49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918245
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64984}
utils.h itself is fairly large and contains lots of unrelated functions
as well as having a fair number of dependencies itself, so this splits
bounds checking and bit field operations into their own headers in base
and replaces uses of utils.h with the more appropriate header where
possible. (Also fixes some cases where other headers were previously
brought in transitively).
Bug: v8:9810, v8:8912
Change-Id: I76c53f953848a57e2c5bfad6ce45abcd6d2a4f1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916604
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64983}
Changes introduced in a5376b7 "Convert" the Smi values to int64 and
back to Smi. This behaviour fails as the 64-bit overflow check will
not work due to the conversion making Smi to the lower 32-bit.
Change-Id: Ida57baed13d8ad048cf2484e6984b4d26eb3fda5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917421
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64982}
Currently the inspector reports Wasm in one of two ways:
- If there is a source map, report one script per Wasm script, with
bytecode but no source.
- If there is no source map, report one script per Wasm function, with
source (Wasm disassembly) but no bytecode.
With this change, behavior with source map is same, but without source
map it will report both ways. This will allow us to change the frontend
to do its own disassembly, allowing us to remove the per-function scripts
in a future change.
Bug: chromium:1013527
Change-Id: I0c559ad08896e8d0da419e3c6ad8d1edff3976fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899782
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Eric Leese <leese@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64980}
This adds an abstraction for command-line arguments for each of the
two comparison runs done in correctness fuzzing. No functional
changes intended.
No-Try: true
Bug: chromium:1023091
Change-Id: I9421715c4904416b9aaf53848954a5248c79ffd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906372
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64979}
We calculate the spill offset of a value by examining the top of the
stack, checking its offset, and adding the size of the value.
The offset is passed around for creations of other VarState, but is
otherwise not used in any meaningful way yet.
Bug: v8:9909
Change-Id: Id06f0e1cf932ba63dc291c94a3e513f4d815c554
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1913501
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64974}
This reverts commit 64c09f67d2.
Reason for revert: We already support up to max int32 sized TypedArrays
regardless of the smi size, so the chromium:1009439 issue should no longer be a blocker.
Original change's description:
> [ptr-compr] Temporarily disable 31 bit Smis on 64-bit architectures
>
> The reason is to unblock M79 blocked by chromium:1009439 while full
> solution is not ready yet.
>
> This CL will be reverted after the M79 branch point.
>
> Bug: v8:9767, chromium:1009439
> Change-Id: I5302d86fe953ecd94d9a4bba0d29c807b7b9d703
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862554
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64286}
Bug: v8:9767, chromium:1009439
Change-Id: I92c43c8b27feb4f99e948bca03551e3e0316f2b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916692
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64971}
This is a reland of 1d493d31ce
Original change's description:
> [foozzie] Refactor command abstraction
>
> This moves code for running d8 into its own class. No functional
> changes intended.
>
> No-Try: true
> Bug: chromium:1023091
> Change-Id: I7cbfeebd2911dc758322f89cf93666550f2956d9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906378
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64928}
Bug: chromium:1023091
Change-Id: I7df6e12084e20510a400ce209827c2bba8325f86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914209
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64966}
Now that we can represent specific weak types with Weak<T>, this CL
updates the generated verifier functions so that they permit weak
references only to the specified type. As an example, consider the
verifier emitted for the following field in PrototypeInfo:
object_create_map: Weak<Map>|Undefined;
We used to emit the following, which allowed any weak reference:
CHECK(object_create_map__value.IsWeakOrCleared()
|| object_create_map__value.GetHeapObjectOrSmi().IsOddball());
With this change, we emit a stricter check:
CHECK(object_create_map__value.IsCleared()
|| (!object_create_map__value.IsWeak()
&& object_create_map__value.GetHeapObjectOrSmi().IsOddball())
|| (object_create_map__value.IsWeak()
&& object_create_map__value.GetHeapObjectOrSmi().IsMap()));
Bug: v8:7793
Change-Id: I4be236d97dedbcdd6c98207928aee8bda2a77f00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914613
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64965}
This makes sure that the {WasmGraphBuilder} properly detects the
presence of Simd128 loads and store opcodes and triggers then scalar
lowering of the graph on architectures that don't support Simd128.
R=clemensb@chromium.org
TEST=mjsunit/wasm/exceptions-simd
BUG=v8:9973
Change-Id: I118f72135ddc9011efa3f75aaf120bb67e708d8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916605
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64964}
When debugging CSA builtins, it's useful to place a 'DebugBreak();' in the
code. However, the instruction scheduler re-orders instructions around it which
can be a little frustrating.
Change-Id: Ic4288bbc24e78987c7cbf3616e80cf5915f474c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916602
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#64963}
Subclasses can now access it via {code()}, even in constexpr contexts.
R=tebbi@chromium.org
Bug: v8:9810
Change-Id: I3cc6872f568f38db8cdbcda69ac0e203f839cda5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914216
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64962}
... that started failing on AIX where the allocation of a huge
ArrayBuffer succeeds.
Bug: v8:4153
Change-Id: I322c71e01edccb254a523f7f85817971b6c68242
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914561
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64960}
In Liftoff, we have a good estimate about how big the generated code
might get. Also, we often compile hundreds of functions which each hold
an assembler buffer alive until we finally add that code to the wasm
module.
In order to reduce memory consumption in Liftoff, this CL reduces
{AssemblerBase::kMinimalBufferSize} from 4096 to 128, and adds
{AssemblerBase::kDefaultBufferSize} to be used instead.
R=jkummerow@chromium.org
Change-Id: I7029bf501244770f4824a86b233d7f99c4b7910b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914559
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64958}
