This reverts commit 862d605c13.
Reason for revert: fixed compile issue
Original change's description:
> Revert "[wasm] Consolidate function table representation."
>
> This reverts commit 4a45f35f26.
>
> Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20builder/builds/25471
>
> Original change's description:
> > [wasm] Consolidate function table representation.
> >
> > This CL avoids the need to reference the function tables (and signatures)
> > as either fixed arrays or vectors, preferring vectors.
> >
> > The only place we need fixed arrays is on the compiled module, to support
> > serialization. When we move off the GC heap, we'll also move away
> > from fixed arrays in that last case.
> >
> > The CL aids with getting wasm of the GC heap, by reducing the places
> > and representations we'll need to change when changing the way we
> > reference fixed tables.
> >
> > Bug:
> > Change-Id: Id4e43905a3df39062bf2839fa72dd5d9a0fe87da
> > Reviewed-on: https://chromium-review.googlesource.com/588334
> > Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> > Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#46917}
>
> TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org
>
> Change-Id: Ie7d04f7ec74d6d0b3783df1c78c91c100ab784f4
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/588627
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46918}
TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org
Change-Id: Ic0ba8097c13f2b1afd263b6243360e8ab95ae474
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/588667
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46919}
This reverts commit 4a45f35f26.
Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20builder/builds/25471
Original change's description:
> [wasm] Consolidate function table representation.
>
> This CL avoids the need to reference the function tables (and signatures)
> as either fixed arrays or vectors, preferring vectors.
>
> The only place we need fixed arrays is on the compiled module, to support
> serialization. When we move off the GC heap, we'll also move away
> from fixed arrays in that last case.
>
> The CL aids with getting wasm of the GC heap, by reducing the places
> and representations we'll need to change when changing the way we
> reference fixed tables.
>
> Bug:
> Change-Id: Id4e43905a3df39062bf2839fa72dd5d9a0fe87da
> Reviewed-on: https://chromium-review.googlesource.com/588334
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46917}
TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org
Change-Id: Ie7d04f7ec74d6d0b3783df1c78c91c100ab784f4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/588627
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46918}
This CL avoids the need to reference the function tables (and signatures)
as either fixed arrays or vectors, preferring vectors.
The only place we need fixed arrays is on the compiled module, to support
serialization. When we move off the GC heap, we'll also move away
from fixed arrays in that last case.
The CL aids with getting wasm of the GC heap, by reducing the places
and representations we'll need to change when changing the way we
reference fixed tables.
Bug:
Change-Id: Id4e43905a3df39062bf2839fa72dd5d9a0fe87da
Reviewed-on: https://chromium-review.googlesource.com/588334
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46917}
Check for these UMA stats were in functions only used for testing. Moved the
checks to code inside module decoding.
Note that the module decoder is used both to validate and generate the
intermediate (turbofan) graph of function bodies. This CL assumes
that the validation phase (of function bodies) is the correct place to
track decoding time.
Bug: v8:6361
Change-Id: I791281daae96473d53cb8ae332fff8bb2673bf6c
Reviewed-on: https://chromium-review.googlesource.com/586974
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46915}
The global objects lookup code mistakingly reports weakly referenced
JSGlobalObject's as normal one. It should not.
The fix just adds is_weak check into V8HeapExplorer::SetGcSubrootReference
the rest is formatting.
Bug: chromium:747382
Change-Id: I3fc62317dd3d8728d261f27bd58654aff13eb6fe
Reviewed-on: https://chromium-review.googlesource.com/585385
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46913}
Internally, the module status type has one additional value, namely
PreInstantiating. I previously mapped this to Instantiating when
crossing the API boundary but it really should be mapped to
Uninstantiated. That's because when instantiation fails, typically all
modules not yet visited will remain in the PreInstantiating state, yet
they must appear Uninstantiated to the outside.
A relevant test will be added to chromium shortly.
Bug: v8:1569, chromium:748544
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icb33c7f90db5e62375b6c09d14e3d2d5342b0879
Reviewed-on: https://chromium-review.googlesource.com/586602
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46911}
- No need for multiple assertAsyncRan() calls, just do t.plan(count)
- Previously, if you forget to call assertAsyncRan(), the test will still
pass, which is no longer true.
- No longer hold global state (with
asyncAssertsExpected). Previously if one assert wasn't hit then
there's no way to find out which test failed. You'd have to
comment each test and try again.
- Each test runs independently in the microtask queue.
- Better failure reporting by printing the entire function.
Example error :
=== mjsunit/harmony/promise-prototype-finally ===
abort: Expected asserts: 2, Actual asserts: 1
in test: reject/finally/then
assert => {
assert.plan(2);
Promise.reject(3).finally().then(
assert.unreachable,
x => {
assert.equals(3, x);
});
}
Change-Id: Ic3f6272e1e87b8b0121b8c8c7cce19cf90d1f1be
Reviewed-on: https://chromium-review.googlesource.com/455555
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#46910}
Port 1edb46cc04
Original Commit Message:
This improves the general Array constructor call performance (w/o
usable AllocationSite feedback) in TurboFan by ~2x, i.e. for example
invoking the Array constructor like this
var a = Array.call(undefined, n);
instead of
var a = Array(n);
such that the CallIC doesn't know that it's eventually calling the
Array constructor.
It also thus changes the single argument Array constructor to always
return holey arrays. Previously the single argument case for the Array
constructor was somehow trying to dynamically detect 0 and in that case
returned a packed array instead of a holey one. That adds quite a lot
of churn, and doesn't seem to be very useful, especially since this
might lead to unnecessary feedback pollution later.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I6a50ae016556ed38a7d7ca5546b575ca25e91b4a
Reviewed-on: https://chromium-review.googlesource.com/586641
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46909}
Port 6ace4a500e
Original Commit Message:
In debug mode (SLOW_DCHECK), Handle<T>::cast accesses the object to
check its type. Obviously we can no longer do that now that we run
on a background thread.
problem. I will look into fixing those as well.
R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I2140cd7b3e27a6deb24fe3f462d99ad31eeb8276
Reviewed-on: https://chromium-review.googlesource.com/586675
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46908}
Calls to this method are currently being wrongly categorized as Blink C++
when it is cast to a GenericNamedPropertySetterCallback in
Object::GetPropertyWithAccessor and called.
Bug:
Change-Id: I691346d0d1e6b22dfc12cf4cfb07cfff71a36baf
Reviewed-on: https://chromium-review.googlesource.com/585169
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Adithya Srinivasan <adithyas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46907}
This is for debugging only.
R=adamk@chromium.org
Bug: v8:1569
Change-Id: I6526d3a98e96bb1267f1850268c5dc83a64587a6
Reviewed-on: https://chromium-review.googlesource.com/586590
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46906}
This fixes undefined behavior in the arithmetic negation operation by
switching to a branch-free implementation.
R=clemensh@chromium.org
TEST=unittests/MachineOperatorReducerTest.Int32DivWithConstant
Change-Id: I518f0e4343fc331607b8bbeefd2bb06285621fe6
Reviewed-on: https://chromium-review.googlesource.com/584870
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46905}
Moves parser internalization of ast values out of
ParseAny/Program/Function and instead internalizes during compile
finalization. Currently also internalizes during scope analysis if
there is a ScopeInfo to enable variable name lookups. We also
internalize early for FCG / AstGraphBuilder.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia766795947d847517b87cd5ea39797347083174b
Reviewed-on: https://chromium-review.googlesource.com/582407
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46904}
Port dfdcaf4316
Port 2e1f5567cc
Original Commit Message:
This CL introduces TurboAssembler, a super-class of Assembler and sub-class
of MacroAssembler. TurboAssembler contains all the functionality that is used
by Turbofan and previously was part of MacroAssembler. TurboAssembler has
access to the isolate but, in contrast to MacroAssembler, does not expect to
be running on the main thread.
R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6048
LOG=N
Change-Id: I3f51771afefe46410db7cda2625472d78c87f8c6
Reviewed-on: https://chromium-review.googlesource.com/583584
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46900}
Reland of https://chromium-review.googlesource.com/c/543042/.
Now the OSR phase is only used when OSRing from the ast graph builder.
When OSRing from Turbofan, the implementation is now in the graph
building phase, at the beginning of the VisitBytecode function.
We are no longer generating any OSRLoopEntry or OSRNormalEntry nodes,
nor nodes for the possible code of the OSRed function which is before
the OSRed loops.
The trimming and reducing of the OSR phase is not done either. This
change in the way the way the OSR is done enabled to remove the
workaround to the bug mentioned below.
Bug: v8:6112
Bug: v8:6518
Change-Id: Ia02f2138f54fc79cab2f02fed68d9bb522d6ce14
Reviewed-on: https://chromium-review.googlesource.com/584756
Commit-Queue: Alexandre Talon <alexandret@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46899}
Previously we would shift the length of the string by three, which
could overflow with the new larger string length limit. Now we check
that the length will fit without extra allocation before and after
the shift, because really large strings will never fit, and will
always go to the Checked case.
Bug: chromium:748069, v8:6148
Change-Id: I41cac14b0fde6c5e8ca92305a052cbb743111554
Reviewed-on: https://chromium-review.googlesource.com/584611
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46896}
This brings the wasm-constants.js file inline with that (forked copy) in
the WebAssembly spec repo, which should make it easier to export tests
from V8 to the spec in the future.
R=clemensh@chromium.org
Bug:
Change-Id: I7db23efc2d671f65b614f9dbc97ae2f355f91b04
Reviewed-on: https://chromium-review.googlesource.com/586248
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46894}
In definitions for BranchShortHelperR6 and BranchAndLinkShortHelperR6
are noted many source code lines which are very often repeated or very
similar. These lines of code calcluate offsets and for them this CL
introduces functions CalculateOffset().
TEST=
BUG=
Change-Id: Ia64020efaeab207e72fc00d1dcb5b35a4003f36a
Reviewed-on: https://chromium-review.googlesource.com/574229
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Miran Karić <Miran.Karic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#46893}
The CL introduces optimizations in code generator to MipsTst, MipsCmp,
MipsCmpS and MipsCmpD instructions for mips32 and Mips64Tst, Mips64Cmp,
Mips64CmpS and Mips64CmpD for mips64.
BUG=
Change-Id: I6daf465e0ac7475691078b4d683da5247df6ea99
Reviewed-on: https://chromium-review.googlesource.com/584529
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Miran Karić <Miran.Karic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#46892}
This DCHECK would have triggered in the test cases in the attached bug.
Bug: chromium:740591
Change-Id: Ib8e866fe60f5f4ee825e6772f68be768925ed792
Reviewed-on: https://chromium-review.googlesource.com/585401
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46891}
The yield* statement when used in combination with async iterators is not
supported yet, as that is desugared into a more complex construct that doesn't
offer a good dedicated bytecode to attach the source range information yet.
Note that invocation counts of generator functions are incorrect as they count
each resumption as an individual call. See https://crbug.com/v8/6594.
Bug: v8:6000
Change-Id: I7ac7073473c9b64bb207cdbc4dab083ec1145656
Reviewed-on: https://chromium-review.googlesource.com/582690
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46890}
This switches the {StdlibSet} to be a data structure that does not
require dynamic memory allocation. This makes it easier to carry it
around as part of a {CompilationJob} and serialize it into the heap.
R=clemensh@chromium.org
Change-Id: I77b2353cfdcd9438a26f04d00749159fed9b9b6c
Reviewed-on: https://chromium-review.googlesource.com/584868
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46889}
Refactor common test code into code-coverage-utils.js and add tests to
verify counter behavior in opt/no-opt situations.
Bug: v8:6000
Change-Id: I07e62345476e8c81521c491ae605ddaf71600667
Reviewed-on: https://chromium-review.googlesource.com/584449
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46888}
Before we try to do ASI and fail with a generic error, we special case
for the await token in the failure case.
Bug: v8:6572, v8:6513
Change-Id: Ia050c98b5a5b20bc326f429a367635b8553e4112
Reviewed-on: https://chromium-review.googlesource.com/582210
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46885}
With this patch, rather than embedding the JSReceiver address directly
in the WasmToJS wrappers, we put that in a fixed array with global handle
scope and instead embed the location of the handle and the index in the
wrapper. This ensures that the wrapper doesn't need to be patched if the
GC kicks in. This is needed to get the WASM code off the GCed heap.
R=mtrofin@chromium.org
Bug:
Change-Id: Ie5a77a78cdecec51b04f702c63b8e4285e6a2d8d
Reviewed-on: https://chromium-review.googlesource.com/581682
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46884}
Remove need for shuffling of accumulator and operand registers when
suspending a generator
BUG=v8:6351
TBR=bmeurer@chromium.org
Change-Id: I372509adc03b9781716412b809639554fe16e372
Reviewed-on: https://chromium-review.googlesource.com/578377
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46883}
Bug: chromium:740591
Change-Id: I869be41d8630b23704b9470c4d3db8a21bbde873
Reviewed-on: https://chromium-review.googlesource.com/583531
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46881}
- Changes some instance fields from VM pointers to VM.
- Changes some comments to correctly describe code.
Bug: v8:6635
Change-Id: I9ec93ef0b09d541c966caa6482c5832cd6b1e149
Reviewed-on: https://chromium-review.googlesource.com/584931
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46880}
Allow appending expressions to a CSA_ASSERT call, which will be printed
if the assert fails, e.g.
CSA_ASSERT(csa, IsFixedArray(array), array)
->
CSA_ASSERT failed: IsFixedArray(array) [../../src/foo.cc]
* array: 0x12345678 <SharedFunctionInfo>
This helps debug assert failures where it may not be immediately obvious
why the assert failed, and the runtime call to print the failure has
already clobbered the registers used by the predicate.
Currently, the number of additional expressions is limited to 5, for
macro simplicity.
Change-Id: I000b6806ea0f8f9240493b3606c9f845ca65faf9
Reviewed-on: https://chromium-review.googlesource.com/584752
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46878}
The manual monthly update of the wasm spec tests.
R=rossberg@chromium.org
Change-Id: I7d30750f18d6b4e53bbb59e24e040b1bd87d7eba
Reviewed-on: https://chromium-review.googlesource.com/584750
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46877}
os.system uses fork(), which is not supported by ASAN/LSAN. Some fuzz tests
consist of js code that randomly picks properties and functions and calls them.
Sometimes, this combination means ASAN will report false positives.
Bug: chromium:740361
Change-Id: Id8d517263251a1fe88abadd33b0225c664b00498
Reviewed-on: https://chromium-review.googlesource.com/580313
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46876}
Empty Array literals are amongst the most commonly used literal types on our
top25 page list. Using a custom bytecode we can drop the boilerplate for empty
Array literals alltogether. However, we still need a proper AllocationSite to
track ElementsKind transitions.
Bug: v8:6211, chromium:746935
Change-Id: I891eaa778e4e81e138e483a65f04ae00ae30bd28
Reviewed-on: https://chromium-review.googlesource.com/580932
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46875}
Rather than using an ad-hock ownership model for ast_value_factory, use a
shared_ptr.
BUG=v8:5203
Change-Id: I5f2a573c8b175a3138ad8b01aa78bddadd16e6d3
Reviewed-on: https://chromium-review.googlesource.com/582628
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46874}
