ReduceJSToNumeric() can fail to update the node type after changing
it's operator to JSToNumeric.
BUG=chromium:1158049
Change-Id: Iaabb3676f8ad9563903b81de2e7eecdcc92cbc0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593336
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71771}
This fixes a typo that meant we stopped generating debugging information
in the JIT dump for perf to consume.
Change-Id: I75c8905617ac6e03fb522639f36a8137f3f124e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593253
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#71770}
NewSpace::Grow shouldn't be invoked when the maximum semi space size
was already reached.
Bug: v8:11199
Change-Id: I78ba71b7a043f0a515be188f2023e301d6bc6eed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584864
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71769}
GetMaxConcurrency() needs to return a value greater than 0 when there
is work left. When the return value is 0, no more items are processed.
With Minor MC it could happen that GetMaxConcurrency() returned 0 when
there were no old-to-new-slots even though there were still items left
to process. This CL fixes this and adds a DCHECK to ensure this doesn't
happen again.
Change-Id: Ia971c232564bcb0b0d305e76371a3a8e82f46229
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593247
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71768}
The SerializerForBackgroundCompilation needs bytecode analysis for loop
target analysis, but doesn't require the much more expensive liveness
analysis. In order to move more work off the main thread, perform fast
bytecode analysis without liveness analysis in
SerializerForBackgroundCompilation, and then move the full bytecode
analysis to the background thread in BytecodeGraphBuilder.
BUG=v8:7790,v8:9684
Change-Id: I63ef80ecab8ad0c56953c72be31abc8f5a74b9c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593329
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71767}
The fix is already in ICU-20310
Bug: v8:8565
Change-Id: Ifcef1c643ec5ea0cc95f29ee5a3a1962cb5e6b17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2591883
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71764}
This is a reland of bee5992a6d.
Fixes a TSan race report by replacing a FlagScope in tests with
direct assignment to the flag in question.
Original change's description:
> [wasm-gc] Initial Liftoff support
>
> This CL implements Liftoff support for struct.get/set,
> struct.new_with_rtt, rtt.canon, and ref.is_null, which
> is enough to make the first testcase pass.
>
> Bug: v8:7748
> Change-Id: Id09e9872d2126127192c852b3cb6d57ff9417582
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584951
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71744}
Bug: v8:7748
Change-Id: I17de6803c23a88209102385010dfdf9b88e25ace
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593254
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71762}
Embedders often use integers for representing scriptIds, but the
stack trace interface only exposes scriptIds as strings, which
introduces the need for parsing the scriptId string to an int in
the embedder.
This CL also exposes the scriptId as an integer.
Bug: chromium:1158782
Change-Id: I7d85ad1497f2eff17f5cd8f9c87f0c72696c1ecf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589973
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71761}
When dereferencing handles check whether the main thread is parked
similar to background threads.
Bug: chromium:1152995
Change-Id: Ic79680f1b1c49f5f0ad872d6377ca45920a18b98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575061
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71760}
If memory64 is used, the offset expression in data segments needs to
have type i64 too.
This CL extends the implementation to enforce that, and adds a unittest.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I849483fc96849e83950f09637e62d427a19094f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589733
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71759}
Since the compile job can always be reused after creation (even if it
runs out of work), we do not need the logic to (re-)initialize it. In
fact, it will always only be initialized once already.
This allows us to initialize it once during construction of the
compilation state (or right after the initialization), and then access
it without locks later.
In addition, this CL
1) renames "current_compile_job_" to "compile_job_", since there will
always only be one now;
2) removes the {ScheduleCompileJobForNewUnits} method, and just does a
{compile_job_->NotifyConcurrencyIncrease()} instead;
3) removes the {has_priority_} field and just directly does a
{compile_job_->UpdatePriority} call.
The streaming test platform needed to be fixed to avoid calling {Join}
on the job handle, which would invalidate the handle afterwards.
Instead, we just run all tasks as long as there are any.
R=thibaudm@chromium.orgCC=etiennep@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I7094231e86d5f54cfca5e971b96fd81e994c874a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584946
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71757}
Codegen is identical to x64.
Tweaked a macro definition to do a dst == src1 check when AVX is not
supported, and updated a single caller in LiftOff.
Bug: v8:11086
Change-Id: Ic9645f3d1bf1c26a1aa6db6bc2fa67fc991f8bbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2579928
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71756}
Code like:
x = wasm_v32x4_shuffle(x, x, 1, 2, 3, 0);
is currently matched by S8x16Concat, which lowers to two instructions:
movapd xmm_dst, xmm_src
palignr xmm_dst, xmm_src, 0x4
There is a special case after a S8x16Concat is matched:.
- is_swizzle, the inputs are the same
- it is a 32x4 shuffle (offset % 4 == 0)
Which can have a better codegen:
- (dst == src) shufps dst, src, 0b00111001
- (dst != src) pshufd dst, src, 0b00111001
Add a new simd shuffle matcher which will match 32x4 rotate, and
construct the appropriate indices referring to the 32x4 elements.
pshufd for the given example. However, this matching happens after
S8x16Concat, so we get the palignr first. We could move the pattern
matching cases around, but it will lead to some cases where
where it would have matched a S8x16Concat, but now matches a
S32x4shuffle instead, leading to worse codegen.
Note: we also pattern match on 32x4Swizzle, which correctly generates
Change-Id: Ie3aca53bbc06826be2cf49632de4c24ec73d0a9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589062
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71754}
pextrq + movq crosses register files twice, which is not efficient.
Optimize this by:
- checking if lane 0, do nothing if dst == src (macro-assembler helper)
- use vmovhlps on AVX, with src as the operands to avoid false
dependency on dst
- use movhlps otherwise, this is shorter than shufpd, and faster on
older system
Change-Id: I3486d87224c048b3229c2f92359b8b8e6d5fd025
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589056
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71751}
Change the codegen for f32x4.extract_lane from shufps to insertps. They
have the same performance, but shufps has a false dependency on dst (it
shuffles dst and src, but we don't care about dst at all).
We then merge the SSE and AVX opcode.
Bug: v8:11217
Change-Id: I7cdbf486573ce3a19881df84400a9c7e09c3ee48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2585259
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71748}
Change the codegen for f32x4.extract_lane from shufps to insertps when
AVX is supported. They have the same performance, but shufps has a false
dependency on dst (it shuffles dst and src, but we don't care about dst
at all).
Also for SSE, extractps + movd crosses register files, so change it to
use insertps as well.
Change-Id: Idf45849d37ac3499bf3371ba2fa6ae05829aa8a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589048
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71747}
This is the same as the original implementation in https://crrev.com/c/2567534
which was speculatively reverted due to flaky tests. Since then, there have
been some changes to fix those tests, so trying to get this in again.
Bug: v8:11002
Change-Id: I5bd0f63d3aec4cf6db403b35737f8b695b0f4e37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589063
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71746}
This CL implements Liftoff support for struct.get/set,
struct.new_with_rtt, rtt.canon, and ref.is_null, which
is enough to make the first testcase pass.
Bug: v8:7748
Change-Id: Id09e9872d2126127192c852b3cb6d57ff9417582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584951
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71744}
The original implementation of matching was a RegExp on the source
which wasn't able to reliably distinguish between comments inside
of string literals and actual comments. For that reason, it had
a special rule to disallow quotes to remove false positives.
Original comment:
> Also, ['"] are excluded from allowed URLs to avoid matches
> against sources that invoke evals with sourceURL.
After the code was moved into the scanner, that shouldn't be an
issue anymore - the scanner knows that this is a real comment and
isn't part of a string literal.
Allowing quotes enables a slightly smaller encoding of source maps,
specifically in the case where there are no sourceContents:
Non-base64 source maps can get away with effectively no encoding
overhead (they typically don't contain whitespace).
Change-Id: Iffa5df28d80656fa56e603e7c0e57aa1f44d0014
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2576801
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Jan Krems <jankrems@google.com>
Commit-Queue: Jan Krems <jankrems@google.com>
Cr-Commit-Position: refs/heads/master@{#71742}
Only process each LiveRangeBundle once in AssignSpillSlots().
Previously we would try to merge a LiveRangeBundle as many times as
there are LiveRanges inside it. Even though the merge would only happen
once, we would still iterate over all LiveRanges and do expensive checks
for each iteration.
R=sigurds@chromium.org
Bug: v8:11237
Change-Id: I9e613aaf5e571d4c28486dd2c20154336c533563
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584956
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71741}
This reverts commit 8ffbf0d299.
Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1158322
Original change's description:
> [TurboFan] Move SFI and BytecodeArray to kNeverSerialized
>
> This CL moves SharedFunctionInfo and BytecodeArray to the
> kNeverSerialized classes, making them directly accessible from the
> background thread.
>
> To resolve the dependence on HeapNumber and BigInt objects stored in
> the BytecodeArray's constant pool, this CL introduces a new
> ObjectDataKind::kPossiblyBackgroundSerializedHeapObject, which allows
> for objects to be serialized lazily from the background thread where
> we know that this is safe (e.g. because they are constant). BigInt and
> HeapNumber are the first members of this new group of objects.
>
> Bug: v8:7790
> Change-Id: I1d962d1cb7c36cc3f5baeb9603d5298f32af3363
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567705
> Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71716}
TBR=neis@chromium.org,nicohartmann@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7790
Change-Id: Ice35d7c1c4d7e96be887a0aa26fbfa69db627022
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589734
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71738}
Simd128Registers::names_ is also removed as the stringification
will be done by DEFINE_REGISTER_NAMES.
PPC FP and Vector Register (VR and VSR) Layou:
VR0 is VSR32 and goes all the way to VSR63 which is used by V8 Vector
operations.
VSR[0]0 - FPR[0] VSR[0]128
|
|
|
VSR[31] - FPR[31]
VSR[32] - VR[0] VR[0]128
|
|
|
V
VSR[63] - VR[31]
Change-Id: Ied2a530b08d1eb40af59ce44f848d638f2a6dc9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2587356
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71735}
Switch from an array of supported types to a switch over
type kinds, in preparation for user-defined reference types.
Bug: v8:7748
Change-Id: I17a0a71184ee0937748f07f22c1fd545a057fb6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584950
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71733}
Associate DeoptLogEntry with both, the function's source position and
the deopt location's source position.
Also fixes the list-panel click handler to support all clickable entry
types.
Bug: v8:10644, v8:10754
Change-Id: If10272a926d5dad10b29322e237610900715b9dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584955
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71732}
Drive-by cleanup: IWYU for macro-assembler-ia32.cc.
IWYU added src/heap/basic-memory-chunk.h which failed a presubmit, so I
updated src/DEPS to allow for including it.
Bug: v8:11217,v8:7490
Change-Id: I63662bfb2b34e354e94f6052edfcb92f1341da58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2583675
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71729}
Drive-by cleanup: IWYU for macro-assembler-ia32.h and
instruction-selector-ia32.cc
Ran using `iwyu_tool.py -p out/ia32.debug <filename>`, with a local
build of llvm and iwyu.
Bug: v8:11217,v8:7490
Change-Id: I4f8e95fa9be2f51f6764c994bb4da9ae86854c4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2583671
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71728}
PPC has a set of 64 Vector Registers called VSX.
The lower 32 of them are shared with Floating Point register (only
64 bit of the registers are used for FP operations).
The upper 32 registers are VR registers which are only used for
VMX Vector operations.
VSX Vector operations have the option to use the lower 32 or upper
32 registers using the TX bit set on the instructions. VMX operations
only use the upper 32 registers.
In V8 we always set the VSX TX bit to "1" to make sure all the vector
operations take place on the upper 32 registers.
Change-Id: Ib3ea03254cbdc9547c3b698fe19c0c6b28138741
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2585260
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71722}