Live ranges defined by a constant operand normally don't require a spill
slot since they can just rematerialize the value from the constant. In
the attached issue however, deoptimization adds an explicit slot
requirement for a range that is defined by a constant operand. This case
is not expected in the register allocator and we eventually hit a
DCHECK.
This fix allocates a new stack slot during the MeetRegisterConstraints
and adds the missing gap move.
Drive-by: remove dead method LiveRange::NextSlotPosition.
R=sigurds@chromium.org
CC=nicohartmann@chromium.org
Bug: chromium:1146880
Change-Id: I08fbb890f2f3d9574196989cf3e5ef6232433484
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563689
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73510}
Reduces the overhead of mid-tier optimization without much impact on
mid-tier generated code performance.
BUG=v8:9684
Change-Id: I81889049f718ec2b18a805b11aab119754466c95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772611
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73509}
RepresentationFor is quite hot in MidTierAllocator profiles. To
optimize this, instead stash the representation in the
VirtualRegisterData and pass that about consistently instead of
passing the virtual_register int and having to retrieve both
representation and VirtualRegisterData for the vreg multiple times.
This improves mid-tier allocation time by ~8% on Octane benchmarks.
BUG=v8:9684
Change-Id: Ied01fbdab013c278da022d1df321b08fbfc68a4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2768618
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73508}
The previous uses of LR here allowed overwriting it with arbitrary addresses
that aren't signed. Change this so we never return to an arbitrary LR.
This makes a difference even when we replace the RET with a BR, because BR is
constrained by BTI, whereas RET isn't.
Bug: v8:10026
Change-Id: Ibbf326ccf0cf32f6d9541c7a82108dc0373827df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767015
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#73507}
... when v8_enable_short_builtin_calls is enabled for current build
configuration.
Bug: v8:11527
Change-Id: Ie7edf7ede5822f3b8f7ec815c89d0c50ec7657bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2770880
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73505}
Rolling v8/build: 37b76d6..ff9d9de
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b965b65..c730dae
Rolling v8/third_party/depot_tools: 36de4be..2737963
Rolling v8/tools/clang: 752611e..41f9e2d
Rolling v8/tools/luci-go: git_revision:19175e196dd495f6e092845f7d777cb5bf157b3e..git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816
Rolling v8/tools/luci-go: git_revision:19175e196dd495f6e092845f7d777cb5bf157b3e..git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816
Rolling v8/tools/luci-go: git_revision:19175e196dd495f6e092845f7d777cb5bf157b3e..git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I7a3f21d3d171596b6d98a843379bd1c146f2ae54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2771598
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73500}
... on desktop x64 and arm64 if pointer compression is enabled.
Bug: v8:11527
Change-Id: Ie23b59312c6db34a5f40e23347b3c4f11173612d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767222
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73498}
Throwing an object that needs special property lookup currently traps
when we catch it in wasm. We should just return undefined to let the
caller know that this is not a wasm exception object.
Drive-by: use the named {caught_tag} register consistently.
R=clemensb@chromium.org
Bug: chromium:1188825
Change-Id: I8ebd4db756ac7ba04208ab43c7349c28b813fc49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767519
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73497}
This brings the WasmModuleBuilder in the mjsunit test suite
up to date wrt. the latest changes of the GC proposal.
Bug: v8:7748
Change-Id: I4e1a3d34a1e83626ab89d2fa0e10ca4aa61d75ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690590
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73496}
We currently canonicalize shuffles in the architecture specific
instruction selector. This has the drawback that if we want to pattern
match on nodes that have a shuffle as input, they need to individually
canonicalize the shuffle. There can also be a subtle bug if we
canonicalize the same shuffle node twice (see bug for details).
This moves the canonicalization to "construction time", in
wasm-compiler, when building the graph. As such, any pattern matches in
instruction-selector will only need to deal with canonicalized shuffles.
We introduce a new kind of parameter for shuffle nodes,
ShuffleParameter, to store the 16 bytes plus a bool indicating if this
is a swizzle. A swizzle essentially: inputs to the shuffle are the same
or all indices only touch 1 input. We calculate this when
canonicalizing, so store this bit of information inside of the node's
parameter.
We update the tests in x64 to handle special cases where, even though
the node's inputs are not swapped (due to canonicalization), they need
to be swapped for the specific instruction selected (e.g. palignr). The
test data also contains canonicalized shuffles, so we have to manually
canonicalize them.
Bug: v8:11542
Change-Id: I4e78082267bd03d6caedf43d68d81ef3f5f364a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762420
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73495}
Refactor SpacePolicy on a non-templated class to avoid the situation
of having MakeGarbageCollectedTraitBase<T>::SpacePolicy<U> refer to
different T and U which make it hard for the compiler to alias
anything.
Bug: chromium:1056170
Change-Id: I78eb0362d43403ad2712bcb65746eeb9f6ad44fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2769338
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73494}
Previously we needed to register the backing stores globally because
the embedder could create them from a raw pointer. This is no longer
possible after the removal of the old API.
The global backing store registry now keeps track only of wasm memory
backing stores.
Bug: v8:9380
Change-Id: Iffefbf14dcafc1f9ce0dc3613335c754c9cb649a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2763874
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73493}
Also added multiply low/high and vector merge instructions to
the simulator.
Change-Id: I889004b5572ee7df75be706c424ac2e83e53e8b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2769058
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73492}
The machine graph verifier did not handle kUnalignedLoad and
kUnalignedStore yet, which caused problems with debug builds on arm.
R=mvstanton@chromium.org
Bug: v8:11384
Change-Id: I1a33c1e5993f9f0dd453a2d3f757e0eaff65b479
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2756213
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73487}
Sweeper cannot assume that platform never changes, so that we can
support using testing-specific platforms.
Instead, the sweeper gets the current platform from HeapBase on sweeping
start. The platform is set to nullptr whenever sweeping is not active.
Bug: chromium:1056170
Change-Id: I749e1dbfa204635fbb446a8c383aaa2548a717be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767139
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73486}
The bulk-memory proposal and the reference types proposal have been
merged into the main repository, so we don't have to run the proposal
tests anymore.
R=ecmziegler@chromium.org
Change-Id: I14583b8c1c387075442a402458ce04e7c6071f89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752165
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73481}
If the block is unreachable, the interface is not called and the
{try_info} field is not set. Therefore, check it before accessing it.
R=clemensb@chromium.org
Bug: chromium:1188975
Change-Id: Ic6d7d2b7e26b0448143076e25a89c036216e8618
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767017
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73480}
This completes support for encoding/decoding exception values of any
type, and with that completes exception handling support in Liftoff.
R=clemensb@chromium.org
Bug: v8:11453
Change-Id: Ie70b16478061cb68f3165b96c3806503f9908b6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767141
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73479}
The text representation of that opcode is "memory.grow", so the macro
should also be called WASM_MEMORY_GROW. This is also consistent with
WASM_MEMORY_SIZE.
R=thibaudm@chromium.org
Change-Id: Ibda328e52418d04392856820d3099f2dadaaf98f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764466
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73477}
This is a speed-for-memory tradeoff, which can be achieved by
re-mapping the builtins code blob into existing code range.
This CL handles cases where both embedded and un-embedded off-heap
builtins' PCs might appear on the call stack.
The v8_enable_short_builtin_calls build flag is still disabled.
Bug: v8:11527, v8:11421
Change-Id: Ie3db6eb8e264854df42b936a97d3e73d01de5dfd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749636
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73476}
One of the x86 ISA extensions is confusingly named SSSE3 (*Supplemental*
Streaming SIMD Extensions 3). SSSE3 supersedes SSE3, and is superseded
by SSE4.
This CL adds testing coverage for x86 CPUs that support SSE3
instructions, but do not support SSSE3 instructions. Chrome supports
these CPUs, and they are used by a non-trivial amount of Chrome's users
on Windows. This CL aims to cover all the spots missed by
https://crrev.com/c/2757893.
Change-Id: I83fc963b977b285898ffe12304443ad67db68d1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764820
Auto-Submit: Victor Costan <pwnall@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73474}
This will enable more optimizations in later compilation stages.
Bug: v8:11510
Change-Id: Ia4125f564014432a356c7889c862f6cd767f9db5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764756
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73473}
This is a reland of d76064df4f
Original change's description:
> cppgc: Rework GC info creation
>
> Previously, GCInfoTrait relied on the non-trivial constructor of a
> static object for registering a new GCInfo object. The generated code
> is required to be thread-safe which is achieved by introducing guard
> variables in the compiler.
>
> The new version is similar to Blink in that it relies on zero
> initialization of a trivially constructible atomic.
>
> Compared to guard variables that are created per GCInfo registration,
> the atomic creates less bloat (~20bytes/type) and also results in a
> better fast path.
>
> Minimum example: https://godbolt.org/z/qrdTf8
>
> Bug: chromium:1056170
> Change-Id: I95efbbf035b655d0440c9477f5391e310e2b71fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764750
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73463}
Bug: chromium:1056170
Change-Id: I01e60beabc1d279d352361657f408f113aac768e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767021
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73471}
We have it readily available at all call-sites. There is no need to
request it via GetIsolate on the function itself.
Change-Id: I4936177c47c8adf9dfeafe1e320f8411ae358a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2761200
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73470}
When dropping the exception from the stack, we have to
take locals into account when computing the right stack
slot.
Fixed: chromium:1187836
Change-Id: I76acb1e4dc50992524123cc369dea8e51242164c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764749
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73469}
This reverts commit d76064df4f.
Reason for revert: Breaking MSAN - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/37390/overview
Original change's description:
> cppgc: Rework GC info creation
>
> Previously, GCInfoTrait relied on the non-trivial constructor of a
> static object for registering a new GCInfo object. The generated code
> is required to be thread-safe which is achieved by introducing guard
> variables in the compiler.
>
> The new version is similar to Blink in that it relies on zero
> initialization of a trivially constructible atomic.
>
> Compared to guard variables that are created per GCInfo registration,
> the atomic creates less bloat (~20bytes/type) and also results in a
> better fast path.
>
> Minimum example: https://godbolt.org/z/qrdTf8
>
> Bug: chromium:1056170
> Change-Id: I95efbbf035b655d0440c9477f5391e310e2b71fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764750
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73463}
Bug: chromium:1056170
Change-Id: I71960103513d6db7789d752b70727d014c2e6406
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767020
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73466}
The original CL was reverted because PC authentication was missing for
the `caller_pc` in the stack walk. This caused a crash on the CFI bot.
PS1 is the original CL, later patch sets contain the fix.
Original Message:
[wasm] Emit safepoint info for callee-saved registers in the deopt-index
Encode safepoint info of callee-saved registers in the deopt index of
the normal safepoint.
R=clemensb@chromium.org, jkummerow@chromium.org
Change-Id: I633cd715eccc697e888cd381e3bda1a47d0d0851
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759520
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73464}
Previously, GCInfoTrait relied on the non-trivial constructor of a
static object for registering a new GCInfo object. The generated code
is required to be thread-safe which is achieved by introducing guard
variables in the compiler.
The new version is similar to Blink in that it relies on zero
initialization of a trivially constructible atomic.
Compared to guard variables that are created per GCInfo registration,
the atomic creates less bloat (~20bytes/type) and also results in a
better fast path.
Minimum example: https://godbolt.org/z/qrdTf8
Bug: chromium:1056170
Change-Id: I95efbbf035b655d0440c9477f5391e310e2b71fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764750
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73463}
Copy over from Blink two tests that the library was missing.
Bug: chromium:1056170
Change-Id: If4349e8c4dc0036f4894d274e5d38e63b0390c4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764751
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73462}
Changes:
- Remove the restriction that ref.test, ref.cast and br_on_cast may only
cast to subtypes of the cast object's type. Optimize unrelated type
casts in the decoder. Add tests.
- Generalize Unreachable() interface function to Trap(TrapReason).
- Fix rtt.sub to be able to accept an rtt without depth. Modify related
test accordingly.
- Type local.tee according to the local's type as opposed to the value's
type.
Bug: v8:7748, v8:11541
Change-Id: I4d1846a2cfda891d32a9c1ed26781e4518d4cdf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2756210
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73461}
