On ia32, support for vsqrtss and vsqrtsd was missing, so I add the
implementation of these instructions and disassembly support.
On x64, disassembly support for vsqrtss was missing, while vsqrtsd was
implemented. Now both are implemented.
The implementation of f32.sqrt and f64.sqrt is very straight-forward on
ia32 and x64, we can immediately emit the {v}sqrtss or {v}sqrtsd
instruction.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: Icf3ec05a97a23e94cdf70f4a72f30dd02fbddd13
Reviewed-on: https://chromium-review.googlesource.com/944221
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51724}
Implement in-place weak reference handling in GC.
Turn FeedbackVector::optimized_code_or_smi into an in-place weak reference (this
is the only in-place weak reference at this point).
(See bug for design doc.)
BUG=v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0f9f992cb4ee0457c40b7c868317dfb607bfb906
Reviewed-on: https://chromium-review.googlesource.com/873638
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51722}
Only create spread-related feedback slots when the array literal
actually contains a spread.
Bug: v8:5940
Change-Id: I0afad81d4bf1a86ebc1bf81f1213f680eb22bc49
Reviewed-on: https://chromium-review.googlesource.com/947955
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51721}
The CHECK didn't account for the recent introduction of
StoreInArrayLiteralIC.
Bug: v8:5940, chromium:818438
Change-Id: I73b4120eb39b16d766f0b1a9cb82ba44804b09a3
Reviewed-on: https://chromium-review.googlesource.com/947950
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51719}
This enables the v8_enable_embedded_builtins gn flag on non-ia32 builds
and adds a new --stress-off-heap-code test mode to fyi bots.
v8_enable_embedded_builtins=true changes accesses to constants and
external references to go through the root list in builtins code.
--stress-off-heap-code copies builtins code off-heap on isolate
creation.
A few drive-by-fixes:
- ensure that we actually inspect the correct builtin during
isolate-independence testing.
- relax tests to decrease maintenance (now we only fail if a builtin
should be isolate-independent but isn't).
- switch to a different off-heap-trampoline register on arm due to
conflicts with custom stub linkages.
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:6666
Change-Id: I09ad3c75cb4342f4c548ea780f275993730896c8
Reviewed-on: https://chromium-review.googlesource.com/934281
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51717}
- Removes Reserve, Free (overload) and SetProtection methods.
- Updates comment on enum which we still need to distinguish
between allocated and reserved ArrayBuffers.
Bug: chromium:799573
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I1b4e08f97c22ae6b6af847fbcdde047be62fecf8
Reviewed-on: https://chromium-review.googlesource.com/924603
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51714}
Per spec, accesses to a DataView object must throw a TypeError if
the underlying ArrayBuffer has been detached/neutered. Since that
implies a length of 0, we used to detect this as an out-of-bounds
access and throw a RangeError. Adding a separate check for buffer
detachedness lets us distinguish both cases properly.
Bug: v8:4895
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I1c1d4145dcd77dfb69f61062e14a6e8e538d45eb
Reviewed-on: https://chromium-review.googlesource.com/947585
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51712}
When the multiplication steps fail, they have already thrown an
exception internally, so we should not throw another.
The power-of-two fast path erroneously did not throw at all for
a few input values.
Bug: chromium:818277
Change-Id: If90f6aa3e77fc72e3434daca3b898c77739933ab
Reviewed-on: https://chromium-review.googlesource.com/947254
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51711}
- Merge new fail expectations that are dupes of existing issues
into the respective sections.
- Stop skipping tests we can run now.
Bug: v8:6791, v8:7511
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I4e17ff8eb5d2596561a138e34c441b00b761d7d2
Reviewed-on: https://chromium-review.googlesource.com/947321
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51710}
... and use it in the implementation of array literal spreads,
replacing calls to %AppendElement.
Array spreads in destructuring will be taken care of in a separate CL.
Bug: v8:5940, v8:7446
Change-Id: Idec52398902a7fd3c1244852cf73246f142404f0
Reviewed-on: https://chromium-review.googlesource.com/915364
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51709}
Unfortunately, different runtime libraries and/or compilers differ on
whether a class without any copy constructor, move constructor, copy
assignment and move assignment operator is considered trivially
copyable.
See discussion on https://crrev.com/c/941521.
This CL adds a comment about this, and deletes a test for this specific
case.
R=mstarzinger@chromium.orgCC=jyan@ca.ibm.com, ivica.bogosavljevic@mips.com
Change-Id: Ie07adda370e5e955b782e72356b50121477d4623
Reviewed-on: https://chromium-review.googlesource.com/944081
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51704}
Folding _ + NaN => NaN can widen type None to a constant type, which leads to floating DeadValue nodes. This CL fixes this by removing the optimization. Alternatively, we should consider removing all nodes of type None in simplified lowering.
Bug: chromium:817225
Change-Id: I2a126b360d70d3626f8a3c5e73ac72dc980ac8b3
Reviewed-on: https://chromium-review.googlesource.com/946129
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51699}
This is a reland of b8bc26d099
Original change's description:
> [turbofan] Preserve order of compares in switches
>
> This CL makes sure that control flow optimization does
> not change the order of switches that ultimately get
> lowered to a series of comparisons anyway.
>
> Bug: v8:7326
> Change-Id: If004de6b71a7e9504d37754c847ca108a64e49db
> Reviewed-on: https://chromium-review.googlesource.com/941952
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51679}
Bug: v8:7326
Change-Id: Ifbe61dece499c98bbd49fa3ae9b99ccf4e955ddc
Reviewed-on: https://chromium-review.googlesource.com/945770
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51691}
Table inits can contain imported functions, hence their code will be a
wasm-to-wasm wrapper.
Fix a DCHECK and add a regression test.
R=ahaas@chromium.org
Bug: chromium:817380
Change-Id: I836be589e1ae66839ccd470154c8dea488e6bc1f
Reviewed-on: https://chromium-review.googlesource.com/943107
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51685}
Previously the array iterator protector only guarded the lookup of the
@@iterator symbol on the initial Array.prototype, and we had to use an
additional map check on the %ArrayIteratorPrototype% to ensure that no
one messed with the next() method. This CL extends the array iterator
protector to also guard the lookup of %ArrayIteratorPrototype%.next.
This simplifies the code quite a bit and makes it more robust for cases
where someone has to install additional methods on the iterator
prototype, i.e. a custom async iterator.
Bug: v8:7510, v8:7514
Change-Id: Ie6080bb837a91a2b60b224597121470614210660
Reviewed-on: https://chromium-review.googlesource.com/945728
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51684}
This reverts commit 93fc3841c3.
Reason for revert: may break node.js integration
Original change's description:
> [parsing] inline ArrayLiteral creation for spread calls
>
> Instead of using runtime calls to generate the Array Literal passed to
> %reflect_call / %reflect_construct, we create an ArrayLiteral from the
> list of arguments, and perform spreads using the interpreter mechanism for
> spreading in ArrayLiterals (thus, the spreading becomes inline). This
> array literal is still passed to %reflect_call / %reflect_construct as
> before.
>
> This cuts the runtime for bench-spread-call.js -> testSpread roughly in
> half, and will likely improve further once
> https://chromium-review.googlesource.com/c/v8/v8/+/915364 has landed.
>
> BUG=v8:7446
> R=neis@chromium.org, adamk@chromium.org
>
> Change-Id: I74a6acd3a60aad422e4ac575275c7b567659d8ad
> Reviewed-on: https://chromium-review.googlesource.com/939587
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51678}
TBR=adamk@chromium.org,neis@chromium.org,caitp@igalia.com,bmeurer@chromium.org
Change-Id: I4730077591bce0e5e7b2ce7d59678e8b7135cc08
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7446
Reviewed-on: https://chromium-review.googlesource.com/945769
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51682}
Instead of using runtime calls to generate the Array Literal passed to
%reflect_call / %reflect_construct, we create an ArrayLiteral from the
list of arguments, and perform spreads using the interpreter mechanism for
spreading in ArrayLiterals (thus, the spreading becomes inline). This
array literal is still passed to %reflect_call / %reflect_construct as
before.
This cuts the runtime for bench-spread-call.js -> testSpread roughly in
half, and will likely improve further once
https://chromium-review.googlesource.com/c/v8/v8/+/915364 has landed.
BUG=v8:7446
R=neis@chromium.org, adamk@chromium.org
Change-Id: I74a6acd3a60aad422e4ac575275c7b567659d8ad
Reviewed-on: https://chromium-review.googlesource.com/939587
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51678}
Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/941442.
"background" refers to a priority and is inappropriate to refer to
worker threads as many tasks posted to worker threads by v8 are in
fact high priority.
Also took advantage of this rename to make NumberOfWorkerThreads()
return an int instead of size_t. While it is never negative, int is
simpler and Google C++ style guide states to avoid unsigned integers in
such cases (ref. "On Unsigned Integers" @
https://google.github.io/styleguide/cppguide.html#Integer_Types).
The Chromium embedder for that call provided an int which was converted
to size_t for this override and most often casted back down to int on the
v8 side, adding churn, and readability overhead.
R=ahaas@chromium.org
Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib5280df73d2846b111d985be65a10b049995ea6a
Reviewed-on: https://chromium-review.googlesource.com/941944
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51662}
This CL adds a regression benchmark for a fast-path of
String.p.charCodeAt, which is important for node.js.
Bug: v8:7326
Change-Id: I54efaa2988c595dd40e6a55a3464b3ee7de6f07b
Reviewed-on: https://chromium-review.googlesource.com/942885
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51654}
MSVC 2015 and 2017 implement std::is_trivially_copyable, but not
correctly. Hence, reimplement it using more low-level primitives.
For stdlibc++ versions below 5.0, we already have a workaround for the
missing support of std::is_trivially_copyable, but this is an unsound
approximation, because it is ignoring move constructor, move assignment
and copy assignment. Therefore, do not use this approximation for
asserting trivial copyability of a type.
Finally, add unittests for the new is_trivially_copyable
implementations.
R=mstarzinger@chromium.orgCC=loorongjie@gmail.com
Change-Id: I9ee56a65882e8c94b72c9a2d484edd27963a5d89
Reviewed-on: https://chromium-review.googlesource.com/941521
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51651}
Some macros in test-assembler-mips have the same name
as newly introduced macros in sid sysroot. We rename
them in order to prevent compilation problems
Change-Id: I84d9562f39c1aca8ac20e979466862228f438425
Reviewed-on: https://chromium-review.googlesource.com/942322
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51649}
With a temporary intermediate step to allow adapting embedders before
getting rid of the ExpectedRuntime method altogether.
The method is being renamed to CallOnWorkerThread() as an effort to
go away from "background" nomenclature for worker threads ("background"
usually refers to a priority but worker threads are commonly used for
high priority tasks in v8).
Other CLs will follow to rename other "background" APIs.
Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2fd4eac7458708d4eacb0f4871c982a567a3865e
Reviewed-on: https://chromium-review.googlesource.com/941442
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51645}
Also Add vhaddps to x64
Fix haddps for SSE3 scope and disassembler on ia32/x64
Change-Id: If511e6428fa1ce034b4281943dfee1405c9d4ffc
Reviewed-on: https://chromium-review.googlesource.com/939265
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#51642}
For namespace objects, [[GetOwnProperty]] on an uninitialized property
throws a ReferenceError. This was not implemented everywhere. This CL
fixes all such issues I'm aware of.
Bug: v8:7470
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I5f024450005c4f4dcb3f41c844ef055f67a9a869
Reviewed-on: https://chromium-review.googlesource.com/937341
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51638}
The assert-guarded comment claiming that ToNumber could not
possibly neuter the target array unfortunately turns out to
have been wishful thinking.
Bug: chromium:816961
Change-Id: Ib98f96f4cd7f33414c0b5a6037bfb881938cc15e
Reviewed-on: https://chromium-review.googlesource.com/939767
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51637}
gcc and clang (and the standard) don't allow implicit conversion of
function pointers to object pointers. MSVC does allow that, and since
system headers require this to work, clang-cl allows it too -- but
it emits a -Wmicrosoft-cast warning (which we currently suppress in
the Chromium build, but which we want to enable.)
As a side effect, when printing a function pointer to a stream, MSVC
(and clang-cl) will pick the operator<<(void*) overload, while gcc
and clang will pick operator<<(bool) since the best allowed conversion
they find is from function pointer to bool.
To prevent the clang-cl warning, we need to make sure that we never
directly print a function pointer to a stream. In v8, this requires
two changes:
1. Give PrintCheckOperand() an explicit specialization for function
pointers and explicitly cast to void* there. This ports
https://codereview.chromium.org/2515283002/ to V8, and also fixes a
bug on non-Windows where DCHECK() of function pointers would print
"(1 vs 1)" instead of the function's addresses.
(The bug remains with member function pointers,
where it's not clear what to print instead of the 1.)
2. has_output_operator<T> must not use operator<< on its argument
in an evaluated context if T is a function pointer. This patch
modifies has_output_operator<> to use an unevaluated context instead,
which is simpler than the current approach (and matches what Chromium's
base does), but changes behavior in minor (boring) ways
(see template-utils-unittest.cc), since operator<<() is now
called with a temporary and only operator<<() implementations callable
with a temporary are considered.
A more complicated but behavior-preserving alternative would be to
add an explicit specialization for function pointers. You can see
this variant in patch set 1 on gerrit.
Bug: chromium:550065
Change-Id: Idc2854d6c258b7fc0b959604006d8952a79eca3d
Reviewed-on: https://chromium-review.googlesource.com/940004
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51636}
Due to a recent refactoring the function EnsureEventLoopInitialized on
the default platform became obsolete. It does not contain a single line
of code. With this CL we prepare the removal of this function from the
V8 platform API.
R=rmcilroy@chromium.org
Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: If4d54cd989f8df2f40b322be3b67bb8a482398d0
Reviewed-on: https://chromium-review.googlesource.com/934221
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51635}
This CL also reorganizes the Strings test suite
Bug: v8:7340
Change-Id: I54d4d76a16c362e38ebfc9719ac8cb1a490ef3cc
Reviewed-on: https://chromium-review.googlesource.com/941122
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51631}
According to the spec, exported wasm functions should not have a
[[Construct]] method, hence they don't have a prototype.
R=bmeurer@chromium.org
CC=titzer@chromium.org
Bug: v8:7503
Change-Id: I9e142d65a80c0ef6dbd743421771f194c2d50614
Reviewed-on: https://chromium-review.googlesource.com/939782
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51622}
This also adds a DCHECK that the buffer does not have guard pages in
MaterializeArrayBuffer because the code there does not know how correctly set up
a buffer with guard pages.
Bug: chromium:801849
Change-Id: Ic761fcdfbd16a2d6e87f4eb135f5d03b7aa2d71d
Reviewed-on: https://chromium-review.googlesource.com/938968
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51616}
