Tests cctest/test-run-wasm-simd/RunWasm_I16x8ConvertI32x4_turbofan
and cctest/test-run-wasm-simd/RunWasm_I8x16ConvertI16x8_simd_lowered
will be skipped for big endian until implementation for big endian is
done correctly.
Change-Id: Ia6253070ede207f437e4b710a656bce8d65e412e
Reviewed-on: https://chromium-review.googlesource.com/1113307
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54176}
An i64 to i32 conversion within the same register is a noop on arm64,
since i32 operations just use the "W" part of the register anyway.
R=ahaas@chromium.orgCC=rodolph.perfetta@arm.com
Bug: v8:6600
Change-Id: Ia7cb49673c4997dc095736a054d052ffd91bb957
Reviewed-on: https://chromium-review.googlesource.com/1124449
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54175}
This CL adds a regression test that will check that the elements
pointer is properly reloaded after the JavaScript comparison
function is called during Array.p.sort.
R=jgruber@chromium.org
Bug: chromium:859809
Change-Id: I15f55fcc1906bd8d0751596e5457367a643b92da
Reviewed-on: https://chromium-review.googlesource.com/1124475
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54174}
Most scanner logic doesn't need to care about surrogate pairs, so we can just
push it down to identifier scanning.
This CL additionally drops some explicit kEndOfInput checks that are subsumed
by predicates seemlessly returning false for kEndOfInput (-1).
Change-Id: If031a9355ab5fbca0c3b647045e3034f42923979
Reviewed-on: https://chromium-review.googlesource.com/1124447
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54172}
It turns out we can just remove kReturnVariable from the normal change
tracking, since it's always set when jumping to the final label anyway.
Bug: v8:7793
Change-Id: I6d0a777016047aa31b0edddd19c661e2631e1078
Reviewed-on: https://chromium-review.googlesource.com/1124471
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54171}
Instead of installing code dependencies during graph reduction,
install them after code generation.
Bug: v8:7902, v8:7790
Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
Reviewed-on: https://chromium-review.googlesource.com/1119913
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54170}
Variables/return values with constexpr type cannot have multiple
assignments. We check this now.
For conditionals, it is important to always infer a non-constexpr type.
This CL adds the ability to map any type (including union types) to be
mapped to their non-constexpr variant. Conditionals infer their type as
the non-constexpr version of a combination of the two branch types.
In addition, this improves subtyping for constexpr types:
If A extends B, then constexpr A extends constexpr B.
This makes it necessary to clean up "constexpr String", which has nothing
to do with tagged values.
Bug: v8:7793
Change-Id: Ia4d3cd5dc98f45b0ec89adf05c5c6111a0e51cc6
Reviewed-on: https://chromium-review.googlesource.com/1122864
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54167}
This CL is a manual revert of the Array.p.sort Torque QuickSort
implementation.
The plan is to ship TimSort in either Chromium 69 or 70 and not ship
Torque-QuickSort at all (to keep disruption to a minimum). For this
reason we revert back to the implementation in array.js.
R=jgruber@chromium.org
Bug: chromium:859809, v8:7382
Change-Id: I92eb70408883f51d98311e78642f554316bc1e76
Reviewed-on: https://chromium-review.googlesource.com/1124334
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54166}
When calling a builtin via a function pointer, torque tries to find any
builtin with the same parameter types for a descriptor. If no such
builtin exist, we currently crash.
Example:
type DoesNotExistFn = builtin(Context, Smi, Smi, Smi) => Smi;
macro TestMacro(c: Context, fn: DoesNotExistFn) {
let result: Smi = fn(c, 1, 2, 3);
}
R=tebbi@chromium.org
Bug: v8:7793
Change-Id: Ia7436dc6541aca5de2e8dcb6b2a09978a1af9d39
Reviewed-on: https://chromium-review.googlesource.com/1123821
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54165}
The current output of release builds is not very helpful, as it does
not contain the line number, nor the values of {expect_exception} or
{i_isolate->has_pending_exception()}.
R=ahaas@chromium.org
Bug: chromium:854011
Change-Id: I0bc1b8be6151d5420310eb67b2ebd0dc866fc9a6
Reviewed-on: https://chromium-review.googlesource.com/1122869
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54164}
Adds a ReadOnlyRoots class trivially constructable from a Heap* or
Isolate* and which can be obtained from a any HeapObject which provides
access to roots objects that will always be in RO_SPACE. In the longer
term this object will be accessed via a global variable without
requiring an Isolate or using the memory address of a HeapObject to
infer it.
Moves the list macros in heap.h to roots.h and splits some of them into
two parts (read-only and mutable).
Convert cases of heap_object->GetHeap()->root_accessor() to
heap_objects->GetReadOnlyRoots().root_accessor().
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I14b01052adb2af9a5ec82b970e933d6a423d17a5
Reviewed-on: https://chromium-review.googlesource.com/1122127
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54160}
- display script size overview
- color scripts in overview depending on eval, streaming or other scripts
- fix stats to always take own-bytes into accout
- rename all *Time properties to *Duration for consistency
- extract ScriptSource log event into separate method
- support script source events in parse-processor
Bug: chromium:757467, chromium:850038
Change-Id: I227d1d5952ae9e508ab1a01146fcf47f74a3f7ea
Reviewed-on: https://chromium-review.googlesource.com/1117195
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54159}
This CL adds a comparison for the performance of getting and setting
float32 and float64 values with DataViews and with TypedArrays.
Since TypedArrays do not specify endianness, we can't compare
performance across both possible endiannesses, but this is better
than no comparison at all.
Change-Id: Iea54b942c0bb8168e9d8002d94e2bb9bc6566331
Reviewed-on: https://chromium-review.googlesource.com/1120250
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54158}
This CL adds code to inline the Int8 and Uint8 getters for DataView
objects in TurboFan in js-call-reducer.cc, as well as a new test file.
It already improves execution speed compared to the Torque baseline
implementation, and implements most of the architecture needed
for inlining the other DataView getters and setters as well.
Change-Id: I0e62b98fd6ec995f7db5ec42ea1eff1f03572f97
Reviewed-on: https://chromium-review.googlesource.com/1119909
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54157}
This CL replaces most uses of the V8_EMBEDDED_BUILTIN define
by a new read-only runtime flag called FLAG_embedded_builtins.
The flag is true iff V8_EMBEDDED_BUILTINS is defined.
Bug: v8:6666
Change-Id: Ifcc909dc9b028a2c967f8a0e45029df5e71072df
Reviewed-on: https://chromium-review.googlesource.com/1122401
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54156}
This fixed the {WasmCompiledFrame::Print} method to print the pc offset
(an integer) in hexadecimal notation, and not print it as a pointer
value, which somehow produced weird output in my case.
R=mstarzinger@chromium.org
Change-Id: I417e980d2bf1448f5694a32c28a7c7bca1de9703
Reviewed-on: https://chromium-review.googlesource.com/1122866
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54155}
This is a reland of 20f33823c9.
Win32 failures should be fixed by https://crrev.com/c/1120175.
Original change's description:
> [wasm] Enable Liftoff by default on ia32 and x64
>
> R=titzer@chromium.org, hablich@chromium.org
>
> Bug: v8:6600, chromium:787421
> Change-Id: Ia8ae56ddef3b27b0721d5a66ff19abe098a2c6ca
> Reviewed-on: https://chromium-review.googlesource.com/1109899
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Hablich <hablich@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53965}
TBR=titzer@chromium.org, hablich@chromium.org
Bug: v8:6600, chromium:787421
Change-Id: Ia0fc1f152988a2df95d94d002b9ddfdc0a9c4abd
Reviewed-on: https://chromium-review.googlesource.com/1120205
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54154}
Only use the "W" part (lower 32 bit) of the src register. Otherwise, we
can get results larger than 32.
R=ahaas@chromium.org
CC=rodolph.perfetta@arm.com
Bug: v8:7914, chromium:854011
Change-Id: I6329231e6cc0ae537c165b2d383fc5a14bd28ca3
Reviewed-on: https://chromium-review.googlesource.com/1122409
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54152}
This reverts commit 3dfaf8264f.
Reason for revert: Failures - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20gcc%204.8/20394
Original change's description:
> [debug] liveedit in native
>
> Liveedit step-by-step:
> 1. calculate diff between old source and new source,
> 2. map function literals from old source to new source,
> 3. create new script for new_source,
> 4. mark literals with changed code as changed, all others as unchanged,
> 5. check that for changed literals there are no:
> - running generators in the heap,
> - non droppable frames (e.g. running generator) above them on stack.
> 6. mark the bottom most frame with changed function as scheduled for
> restart if any.
> 7. for unchanged functions:
> - deoptimize,
> - remove from cache,
> - update source positions,
> - move to new script,
> - reset feedback information and preparsed scope information if any,
> - replace any sfi in constant pool with changed one if any.
> 8. for changed functions:
> - deoptimize
> - remove from cache,
> - reset feedback information,
> - update all links from js functions to old shared with new one.
> 9. swap scripts.
>
> TBR=ulan@chromium.org
>
> Bug: v8:7862,v8:5713
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
> Reviewed-on: https://chromium-review.googlesource.com/1105493
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54146}
TBR=dgozman@chromium.org,ulan@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org
Change-Id: I45df5b6f3abaf29e593c6ac11edefbd0177d0109
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7862, v8:5713
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1124159
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54151}
This CL changes the NumberDictionary fast-path for Array.p.sort to
throw a TypeError when trying to write to a read-only property.
Previously, the fast-path simply bailed to the slow-path which could
swallow the TypeError by accident. I.e. because the fast-path could
leave the array in an inconsistent state that is already sorted.
Example:
let arr = new Array(10);
Object.defineProperty(arr, 0, {value: 2, writable: false});
Object.defineProperty(arr, 2, {value: 1, writable: false});
arr.sort();
The pre-processing step will move the value 1 to index 1: {0: 2, 1: 1}
When trying to swap those 2 values, the fast-path will write the 2 at
index 1, then try to write the 1 at index 0 and fail, bailing to the
slow-path. As the array looks like {0: 2, 1: 2} its already sorted
and the TypeError will not be thrown.
R=jgruber@chromium.org
Bug: v8:7382, v8:7907
Change-Id: I5d2f2d73478fdca066ce1048dcb2b8301751cb1f
Reviewed-on: https://chromium-review.googlesource.com/1122120
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54150}
For spread calls with arrays with double elements but zero length,
we skip the box-as-heapnumber step; so in this corner case the
Call builtin sees a FixedDoubleArray, which is fine because it
doesn't read any of the raw double values from it.
This patch doesn't change the implementation, it only updates the
assert to match reality.
Bug: chromium:856095
Change-Id: I0227f4ccbc6c61c8f5f7669a266ef7a64c6a9a43
Reviewed-on: https://chromium-review.googlesource.com/1117922
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54149}
Also improve its code generation.
Change-Id: I4358500a66b0d21cdc8850a4e63986c4901d3cf4
Reviewed-on: https://chromium-review.googlesource.com/1118005
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54147}
Liveedit step-by-step:
1. calculate diff between old source and new source,
2. map function literals from old source to new source,
3. create new script for new_source,
4. mark literals with changed code as changed, all others as unchanged,
5. check that for changed literals there are no:
- running generators in the heap,
- non droppable frames (e.g. running generator) above them on stack.
6. mark the bottom most frame with changed function as scheduled for
restart if any.
7. for unchanged functions:
- deoptimize,
- remove from cache,
- update source positions,
- move to new script,
- reset feedback information and preparsed scope information if any,
- replace any sfi in constant pool with changed one if any.
8. for changed functions:
- deoptimize
- remove from cache,
- reset feedback information,
- update all links from js functions to old shared with new one.
9. swap scripts.
TBR=ulan@chromium.org
Bug: v8:7862,v8:5713
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
Reviewed-on: https://chromium-review.googlesource.com/1105493
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54146}
Removes JS version and creates a runtime functions for now to
interface with existing JS uses.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I150701d338a0951a5e5da1aca667c65f941850d9
Reviewed-on: https://chromium-review.googlesource.com/1122024
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54145}
Currently we rely on tasks to invoke the second pass phantom callbacks.
This may accumulate phantom callbacks and make GCs ineffective if we
do not enter the message loop to run the tasks between the GCs.
Bug: v8:7912
Change-Id: I799c97ff99ed6967480bda24ea0bf1c6a7dd69be
Reviewed-on: https://chromium-review.googlesource.com/1122621
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54144}
Adds Intl::IsObjectOfType method to do type checks. This will make it
easier to port the methods using the runtime type check calls as we
won't have to create a v8::string for type checks.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0babdc8709564be693ce808e2ef3ffef7b24ceec
Reviewed-on: https://chromium-review.googlesource.com/1121943
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54143}
This should restore the old behavior of giving low priority to
newly-added live ranges.
Bug: chromium:859021
Change-Id: If22c9a1d0897d82623eb141fa03c30110e68bfc4
Reviewed-on: https://chromium-review.googlesource.com/1122402
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54142}
On Windows (32-bit), we need to emit explicit stack limit checks for
stack frames bigger than one page (4kB). This CL implements this by
emitting corresponding code at the end of Liftoff functions if needed.
R=mstarzinger@chromium.org
Bug: v8:7908, v8:6600
Change-Id: Iacb3e7afdd433a4e68620d9230bd0ba473611da8
Reviewed-on: https://chromium-review.googlesource.com/1120175
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54141}
This correctly serializes {RelocInfo::INTERNAL_REFERENCE} addresses in a
position-independent form, so that they can be properly relocated when
the code is deserialized again. We store the offset within the code in
the serialized stream.
R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:857049
Change-Id: Ie8c84ee67bdfc17a65faa159a21cc1f2a78ac924
Reviewed-on: https://chromium-review.googlesource.com/1122414
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54140}
Pass Isolate to ConsumedPreParsedScopeData::SetData (guaranteed to be
called on main thread) and use it to create the handle in
ConsumedPreParsedScopeData::GetDataForSkippableFunction, rather than
calling GetIsolate.
Bug: v8:7786
Change-Id: Ibd632bb57f35a921f37c620d77dd6dfdb1f092c6
Reviewed-on: https://chromium-review.googlesource.com/1088703
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54138}
In the process, create a shared array utility GetLengthProperty that fast-paths
accessing the length properties of JSArray.
Bug: v8:7793
Change-Id: I6d7f0007c162794773dc0fc3e8bf12b3adf12fa0
Reviewed-on: https://chromium-review.googlesource.com/1116221
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54133}
When parsing a numeric literal in a line like "a=0x0e+b|0;",
currently the scanner consumes the "e+" part (as it thinks
it's the start of an exponent).
In the ECMAScript lexical grammar HexIntegerLiteral cannot
contain exponents, which means the '+' character should be
parsed as a binary operator.
R=bradnelson@chromium.org
BUG=v8:7893
Change-Id: I97a0d4ea2ee1d38a3462efbfaef5eb87b8ea704b
Reviewed-on: https://chromium-review.googlesource.com/1116551
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54132}
Adds a instance types for each HashTable subtype, rather than reusing
HASH_TABLE_TYPE. This allows us to check for these types by checking
the instance type directly, rather than by comparing against the map in
the root set.
Also, as a drive-by, do the same for SCRIPT_CONTEXT_TABLE_TYPE, and use
instance type checks rather than map checks for Context types.
This is a good general clean-up, but in particular is intended for
GetIsolate removal.
TBR=jarin@chromium.org
Bug: v8:7786
Change-Id: I420abdd12906dfa20c922e486ecdc657eb3c6ef0
Reviewed-on: https://chromium-review.googlesource.com/1114958
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54128}