This extends crrev.com/c/3948663 (ref.cast) by adding the new
"ref.cast null" which only behaves different for null for which
it doesn't trap but instead casts the null value to the target
(null)type.
Bug: v8:7748
Change-Id: I3ac85d83cc06c95af8830c1c60ae2f28414e2570
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960329
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83934}
It looks like a map can become a migration target between
graph building and codegen.
Bug: v8:7700
Change-Id: I88562d69ae62ce5e6c168c73d8ad5eb19099c03b
Fixes: v8:13419
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3982113
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83933}
The DCHECK is not correct: if we're marking a not-fully-initialized
object, then the handle can change from its uninitialized value (zero)
to a valid handle prior to this DCHECK, therefore causing it to fail.
This scenario is fine though, since the new entry will already be marked
as alive as it has just been allocated.
To fix that, the DCHECK now allows the two values to mismatch iff the
handle is zero.
Bug: v8:13297
Change-Id: If640d457da1d78a3d1666ffa930c27116a6080c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981553
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83931}
In the constant branch, we need to check if char code is
bigger than zero.
In the generic branch, we do the `andl` before the
comparison.
This also fixes issues with aliasing the code char with
the result register.
Bug: v8:7700
Change-Id: I41a8a22a1acf3feabdee34a61d77c53bcda6892b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981276
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83930}
They do have a meaning as well: there are no unstable maps. When we need
to clear unstable maps (and drop related stable maps), we can avoid
doing this for empty unstable map sets since no unstable maps can have
transitioned to new stable maps.
Bug: v8:7700
Change-Id: Ie74f62b6bff81dff8118a46e22a2ea81550d09c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981278
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83929}
This is a reland of commit 95eece3068
Original change's description:
> [heap] Fix racy OOM in new space concurrent sweeping
>
> Some tests are flakily failing due to a timing issue between new space
> concurrent sweeping and allocations.
> When new spaces and other spaces are also swept, each concurrent thread
> will take one new space page. If a young allocation happens right after
> the atomic pause finished, it's possible that all new space pages are
> held by concurrent threads. The main thread will try to contribute to
> sweeping but get no pages, and fail to allocate.
>
> Fix by restoring the round robin order of sweeping, such that not all
> threads start with new space.
>
> Bug: v8:12612, v8:13413
> Change-Id: I3b448199b4678c339f9e59f7ca31d9e1e0e76011
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976043
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83918}
Bug: v8:12612, v8:13413
Change-Id: Idbd5cbb53c9f43290e02d10d85ee4199ea9a4136
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3980756
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83927}
Unstable maps can transition to stable ones after a side effect,
therefore we cannot trust the set of stable maps. The CL nukes
from the set from stable_maps, equivalent of setting it to
the universal set.
Bug: v8:7700
Change-Id: I457f76efd48ec7eec747233ec063ebe265d3085a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3978169
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83923}
Fix regressions caused by
https://crrev.com/c/3966952
Update and clear the list of young nodes which would otherwise be
repeatedly processed during Scavenge and full GCs.
Bug: v8:13372, chromium:1378097
Change-Id: I1b302f75f970385e9e0259fa4b1719d9262c1f2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981273
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83922}
The deadlock occurs when the Isolate is destroyed before a wasm compile
job is finished causing the `WasmEngine::LogCode` to deadlock itself
when the TaskRunner is already in the terminated state.
Change-Id: I36dc68aecbcb2054d7da61d22defd0eff3130f62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976515
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83921}
Update the free list implementation for new space to set a larger
minimum size and skip redundant step in the allocation logic.
Bug: v8:12612
Change-Id: I480fe99cf4cfad7c25d687540b7841cd56d41d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976508
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83920}
This reverts commit 95eece3068.
Reason for revert: Broke single generation bot
Original change's description:
> [heap] Fix racy OOM in new space concurrent sweeping
>
> Some tests are flakily failing due to a timing issue between new space
> concurrent sweeping and allocations.
> When new spaces and other spaces are also swept, each concurrent thread
> will take one new space page. If a young allocation happens right after
> the atomic pause finished, it's possible that all new space pages are
> held by concurrent threads. The main thread will try to contribute to
> sweeping but get no pages, and fail to allocate.
>
> Fix by restoring the round robin order of sweeping, such that not all
> threads start with new space.
>
> Bug: v8:12612, v8:13413
> Change-Id: I3b448199b4678c339f9e59f7ca31d9e1e0e76011
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976043
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83918}
Bug: v8:12612, v8:13413
Change-Id: Id65358e55721b98d10f6737adaf057482aef103b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981275
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83919}
Some tests are flakily failing due to a timing issue between new space
concurrent sweeping and allocations.
When new spaces and other spaces are also swept, each concurrent thread
will take one new space page. If a young allocation happens right after
the atomic pause finished, it's possible that all new space pages are
held by concurrent threads. The main thread will try to contribute to
sweeping but get no pages, and fail to allocate.
Fix by restoring the round robin order of sweeping, such that not all
threads start with new space.
Bug: v8:12612, v8:13413
Change-Id: I3b448199b4678c339f9e59f7ca31d9e1e0e76011
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976043
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83918}
This is an extension to the fix landed in https://crrev.com/c/3295348.
We should also throw the exception when we are paused in a module.
This is a constellation that can only happen with debug-evaluate as
'eval's in modules are always indirect, whereas debug-evaluate uses
direct, sloppy eval.
R=bmeurer@chromium.org, leszeks@chromium.org
Bug: chromium:1352303
Change-Id: I7373462dc6ae419e0a1a05a385ab81f204ff03ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976510
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83917}
Rolling v8/build: 35368b6..adcb306
Rolling v8/buildtools: 32851f2..4c4e17b
Rolling v8/buildtools/reclient: re_client_version:0.69.0.458df98-gomaip..re_client_version:0.81.1.0853992-gomaip
Rolling v8/buildtools/third_party/libc++/trunk: 166132d..0487904
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/cf46d16..2f63d55
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221024.1.1..version:10.20221025.2.1
Rolling v8/third_party/instrumented_libraries: 459048b..f764ffc
Rolling v8/tools/clang: bc55ae7..863e4bb
Change-Id: I512c7139152f29e67a8b7c665b67bdd5eca5a96a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3978533
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83916}
Because Data's ctor is not defined, debug info optimization will
generate empty debug info for it. Adding standalone_debug attribute for
it to have complete debug info for this class.
Bug:
Change-Id: I0ca023518b1f5142a63686ba5a41007ac067c1f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963719
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Zequan Wu <zequanwu@google.com>
Auto-Submit: Zequan Wu <zequanwu@google.com>
Cr-Commit-Position: refs/heads/main@{#83915}
This reverts commit 05bd7d9cd6.
Reason for revert: Still looks like a reason for rollout tests failure https://ci.chromium.org/ui/p/chromium/builders/try/linux-rel/1179312/overview
Original change's description:
> Reland "[turbofan] Optimize rab/gsab-backed TypedArrays and DataViews"
>
> This reverts commit 4b28d53011.
>
> Original change's description:
> > [turbofan] Optimize rab/gsab-backed TypedArrays and DataViews
> >
> > This CL adds TurboFan optimizations for length and element access
> > of TypedArrays and DataViews that are rab/gsab-backed.
> >
> > To enable this optimization, this CL builds the necessary machinery
> > required to allow machine operators at the front of the pipeline
> > (before simplified lowering). Some key changes to allow this are:
> > - Introduce Type::Machine() to allow the typer and the verifier to
> > provide a type to those machine operators in parts of the pipeline
> > that require nodes to be typed.
> > - Add EnterMachineGraph and ExitMachineGraph operators that define
> > the boundary between early machine graphs and the normal graph with
> > JS semantics.
> > - Give Branch operators a BranchSemantics parameter to distinguish
> > between machine branches (condition is a machine level value) and
> > JS branches (condition is a JS boolean value) and have phases that
> > handle branches decide on the branch's semantics based on this
> > parameter instead of the position in the pipeline.
> > - Extend SimplifiedLowering and SimplifiedLoweringVerifier to handle
> > machine graphs. In particular, constants required special handling,
> > because they are cached in the graph but they may have uses in both
> > a machine and the JS graph, which prevents consistent typing of
> > them.
> > - Moved lots of logic from JSCallReducerAssembler into
> > [JS]GraphAssembler such that functionality can be shared between
> > different phases (e.g. JSNativeContextSpecialization and
> > JSCallReducer need to generate logic to compute a TypedArray's
> > byte length). Extended assembler interface in general with
> > additional TNode<> overloads.
> >
> >
> > Bug: v8:11111, chromium:1358505
> > Change-Id: Ife006b8c38a83045cd3b8558acbfdcb66408891f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898690
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#83881}
>
> Bug: v8:11111, chromium:1358505, v8:13412
> Change-Id: I61664e18a9dba1741bcb70ec22ba6342521f500a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976512
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83904}
Bug: v8:11111, chromium:1358505, v8:13412
Change-Id: I960a34cfdb861feddf51cbcd759218f39b26cd56
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3980313
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Ilya Rezvov <irezvov@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83914}
This CL simplifies safepoint scopes, there are now three kinds of
safepoint scopes:
1) IsolateSafepointScope - performs an isolate local safepoint
2) GlobalSafepointScope - a global safepoint across multiple isolates
3) SafepointScope - chooses based on condition between local/global
This CL is not supposed to change current safepointing behavior in
any way. The CL renames the current SafepointScope to
IsolateSafepointScope and changes GlobalSafepointScope to always
perform a global safepoint. It then also introduces the new
SafepointScope and makes use of it for snapshotting and in heap.cc.
Bug: v8:13267
Change-Id: Ie7e1f81b6158c98d3d98552ba735cc73c9b869c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973310
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83912}
kLiftoffFrameSetupFunctionReg is using r15 which needs it
to be part of the LO cache registers.
Change-Id: I5b2510124d8c5a688decd3874b2fa8c85d40d728
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3975382
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83911}
Keep track of simple field loads and stores in NodeInfo, and try to
reuse them where possible instead of recalculating them.
Bug: v8:7700
Change-Id: I1f5eb3cb37ac76bcbc1ce75f243a36a31e71c907
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974888
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83909}
We need to update the ZoneHandleSet reference.
Bug: v8:7700
Change-Id: I7908f033170b8d698383bddc10ac55f7bbc7d25e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976042
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83908}
If the lookup-start-object is a constant and we're loading a constant
property, return a constant.
Bug: v8:7700
Change-Id: I260cbb0c69e362bef7ccad3ec8d2ada55fb56bfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976514
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83907}
Improve testing shards on windows, which is the second slowest
configuration.
On the slowest config (linux32) we can't do much as the bottleneck
is gcmole. But the collection of gcmole data is now moved to the
end, which should save ~30 seconds per build at least. That's what
it costs to collect the other tests that run before.
Bug: v8:11428
Change-Id: I0a4f484b37396d4883b4f1d937a476e125c84c00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3978090
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83906}
- Fixes the operand index for the first argument of the builtin.
- Adds fast paths for constant code point.
Bug: v8:7700
Change-Id: I0bf398a7b6410f900b602218c79558af73f42e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976509
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83905}
This reverts commit 4b28d53011.
Original change's description:
> [turbofan] Optimize rab/gsab-backed TypedArrays and DataViews
>
> This CL adds TurboFan optimizations for length and element access
> of TypedArrays and DataViews that are rab/gsab-backed.
>
> To enable this optimization, this CL builds the necessary machinery
> required to allow machine operators at the front of the pipeline
> (before simplified lowering). Some key changes to allow this are:
> - Introduce Type::Machine() to allow the typer and the verifier to
> provide a type to those machine operators in parts of the pipeline
> that require nodes to be typed.
> - Add EnterMachineGraph and ExitMachineGraph operators that define
> the boundary between early machine graphs and the normal graph with
> JS semantics.
> - Give Branch operators a BranchSemantics parameter to distinguish
> between machine branches (condition is a machine level value) and
> JS branches (condition is a JS boolean value) and have phases that
> handle branches decide on the branch's semantics based on this
> parameter instead of the position in the pipeline.
> - Extend SimplifiedLowering and SimplifiedLoweringVerifier to handle
> machine graphs. In particular, constants required special handling,
> because they are cached in the graph but they may have uses in both
> a machine and the JS graph, which prevents consistent typing of
> them.
> - Moved lots of logic from JSCallReducerAssembler into
> [JS]GraphAssembler such that functionality can be shared between
> different phases (e.g. JSNativeContextSpecialization and
> JSCallReducer need to generate logic to compute a TypedArray's
> byte length). Extended assembler interface in general with
> additional TNode<> overloads.
>
>
> Bug: v8:11111, chromium:1358505
> Change-Id: Ife006b8c38a83045cd3b8558acbfdcb66408891f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898690
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83881}
Bug: v8:11111, chromium:1358505, v8:13412
Change-Id: I61664e18a9dba1741bcb70ec22ba6342521f500a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976512
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83904}
With the blocklist re-use experiment we now handle locals near the
script/global scope correctly.
This CL lands the regression test of @bmeurer since it passes now.
R=bmeurer@chromium.org
Fixed: chromium:1209117
Change-Id: I2cb0ec1689b4fd32501886cc8bdd49486beef4dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976513
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83903}
Replace the template parameter by a parameter list, so we can also pass
zero observers.
This removes nullptr checks and the {EmptyImmediateObserver}
implementation.
R=jkummerow@chromium.org
Change-Id: Ia10bf319039c2b3af9376deb6613b9b683c40d11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973268
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83902}
Follow-up to commit 6168782925
With this change 0x14 now also consumes a sig index immediate.
This will allow users to switch from 0x17 back to 0x14 without
breaking changes. After another grace period, 0x17 can be removed.
Reland of commit I65fe8b5bceb70323dd5e6450ec7bcc02696b15fa adapted by the concurrent changes in 35cc93aa42.
(This reverts commit 01379ba6d65371b70908da8e8386a9d9993aa2f9.)
Change-Id: I699095afb85d460e1fef8bd88abfd4c748090eda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3977828
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83900}
This CL solves two problems:
- Eliminating redundant CheckBigInt/CheckBigInt64 by decomposing
CheckBigInt64 to CheckBigInt and CheckedBigIntToBigInt64.
- Having precise checks for SignedBigInt64 to make the range of BigInt64
consistent in CheckedBigInt64Ops and CheckedBigIntToBigInt64.
Otherwise, there would be semantic difference between the subgraphs
where we keep CheckBigInt64 inbetween two CheckedBigInt64Ops (e.g.,
the variant assert_types) and the subgraphs where we eliminate the
checks.
Bug: v8:9407
Change-Id: I79a5c99e12eb3f3ffc7b5cbfc51191e6792f634b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960333
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83899}
This reverts commit 8f3047531d.
Reason for revert: CL collision:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20builder/63710/overview
Original change's description:
> [wasm] ref.call: Consume sig index immediate
>
> Follow-up to commit 6168782925
> With this change 0x14 now also consumes a sig index immediate.
> This will allow users to switch from 0x17 back to 0x14 without
> breaking changes. After another grace period, 0x17 can be removed.
>
> Change-Id: I5d0039fd1ca9d62c3d42e5834fe7924de45ad7ef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974512
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83890}
Change-Id: I65fe8b5bceb70323dd5e6450ec7bcc02696b15fa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976029
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83894}
This code looks like it was copied over of Abseil. However, parts of it
are not used anywhere, aside from their own unit tests, so delete them.
The unused functions are:
- MatchEmptyOrDeleted()
- CountLeadingEmptyOrDeleted()
- ConvertSpecialToEmptyAndFullToDeleted()
In turn, _mm_cmpgt_epi8_fixed() is also unused and can be deleted.
Bug: v8:11388
Change-Id: I35b84600690e6f044a1d5ab4bf41e7f67fb76d87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3965230
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83892}
... as an example of a simple builtin.
Bug: v8:7700
Change-Id: I4eb3479c04066cf4860d1fc28d5f7e9c758a6375
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974773
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83891}
Follow-up to commit 6168782925
With this change 0x14 now also consumes a sig index immediate.
This will allow users to switch from 0x17 back to 0x14 without
breaking changes. After another grace period, 0x17 can be removed.
Change-Id: I5d0039fd1ca9d62c3d42e5834fe7924de45ad7ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974512
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83890}
The wasm decoder immediates are currently templatized by the {validate}
enum value. They do not need to be though; the only difference is in the
constructor, so the constructor should be templatized instead.
This CL implements that, and also changes the {validate} enum to be a
tag (a typename) instead. This is needed in order to enable template
parameter deduction for the constructor calls (C++ does not allow to
explicitly define the template parameter at constructor calls).
As a nice side effect, this produces nicer symbolized stack traces.
Before:
v8::internal::wasm::Decoder::read_u32v<(v8::internal::wasm::Decoder::ValidateFlag)1>
After:
v8::internal::wasm::Decoder::read_u32v<v8::internal::wasm::Decoder::BooleanValidationTag>
R=jkummerow@chromium.org
Change-Id: I013c909ebaf2c8c495f32b5ce598905f3eccc3ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973267
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83889}
This reverts commit bd590292b3.
Reason for revert:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/25069/overview
Original change's description:
> [turbofan] Optimize rab/gsab-backed TypedArrays and DataViews
>
> This CL adds TurboFan optimizations for length and element access
> of TypedArrays and DataViews that are rab/gsab-backed.
>
> To enable this optimization, this CL builds the necessary machinery
> required to allow machine operators at the front of the pipeline
> (before simplified lowering). Some key changes to allow this are:
> - Introduce Type::Machine() to allow the typer and the verifier to
> provide a type to those machine operators in parts of the pipeline
> that require nodes to be typed.
> - Add EnterMachineGraph and ExitMachineGraph operators that define
> the boundary between early machine graphs and the normal graph with
> JS semantics.
> - Give Branch operators a BranchSemantics parameter to distinguish
> between machine branches (condition is a machine level value) and
> JS branches (condition is a JS boolean value) and have phases that
> handle branches decide on the branch's semantics based on this
> parameter instead of the position in the pipeline.
> - Extend SimplifiedLowering and SimplifiedLoweringVerifier to handle
> machine graphs. In particular, constants required special handling,
> because they are cached in the graph but they may have uses in both
> a machine and the JS graph, which prevents consistent typing of
> them.
> - Moved lots of logic from JSCallReducerAssembler into
> [JS]GraphAssembler such that functionality can be shared between
> different phases (e.g. JSNativeContextSpecialization and
> JSCallReducer need to generate logic to compute a TypedArray's
> byte length). Extended assembler interface in general with
> additional TNode<> overloads.
>
>
> Bug: v8:11111, chromium:1358505
> Change-Id: Ife006b8c38a83045cd3b8558acbfdcb66408891f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898690
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83881}
Bug: v8:11111, chromium:1358505
Change-Id: Ifa7b81523237ebda941cab2feed42c176846b618
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976028
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83888}
