Move I32x4SConvertF32x4 into shared implementation, and takes care of
both AVX and no-AVX implementation. Instruction selector still requires
dst == src to save a move in codegen.
Bug: v8:11589
Change-Id: Ie982682b3002192ab27700bf73f8c1e66aeba492
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086732
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76243}
MovFloatToInt and MovIntToFloat have been optimized
on Power8 and above to use VSX instructions instead if
using the memory.
Change-Id: I77af9aa20aa477f8f9e3ec9545445ef777aa0c72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087726
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76241}
TurboFan currently calls into runtime for these two instructions, but
there is a better 4-instruction lowering that Liftoff already uses. Move
this into macro-assembler so we can share this across both compilers. We
name this PopcntHelper because there isn't a Cnt on ARM64 that works on
Word32/Word64.
Bug: v8:12071
Change-Id: I182bf466b76cbad985d8c5b8ddae0f4352f71cd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087812
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76236}
Use logical shifts to emulate arithmetic shift, by first adding a bias
to make all signed values unsigned, then subtracting the shifted bias.
Details are in code comments for SharedTurboAssembler::I64x2ShrS.
Also refactor ia32 (which was already using this algorithm) to use the
shared macro-assembler function. And convert Liftoff's implementation as
well.
Bug: v8:12058
Change-Id: Ia1fd5fe5a9a0b7a7f31c426d4112256c8bf7021b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3083291
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76209}
Port edc349dbf5
Port 593fbb69c4
Bug: v8:11235
Change-Id: I19dd21a14f6475b0cf212728c4124f3b8f6c9c3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3076770
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76156}
The number of arguments for the LiftoffCompiler has grown significantly
since its initial implementation, and it becomes hard to keep track of
all options at the call sites.
This CL refactors all optional parameters into a {LiftoffOptions} struct
which has a factory-like interface.
This will allow us to add more options in the future, e.g. for dynamic
tiering.
R=thibaudm@chromium.org
Change-Id: I66697bb2f99b676a84c158304cc3a285e1b077d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069148
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76098}
Since recently, the WebAssembly instance gets cached in Liftoff code
to avoid reloading it from the stack whenever it is used. Typically the
cached instance gets invalidated at a function call and therefore does
not need to be recorded in safepoints.
However, when the DebugBreak builtin is called, the cached instance
was not invalidated. It is even incorrect to invalidate the cached
instance there because that would modify the CacheState of Liftoff.
Therefore this CL adds the register that caches the instance to the
safepoint of the call to the DebugBreak builtin.
R=clemensb@chromium.org
Bug: v8:11979
Change-Id: I7f9153e0c0e7e797b11b827111b4d61e29606071
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063222
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76021}
This adds a code comment before the OOL code for the special stack check
for a large frame. Otherwise it is hard to see where it begins in the
code, and it might be unexpected to see that block of code at the end of
a Liftoff function.
Drive-by: Replace another "out of line: " comment by "OOL: ", which is
typically understood equally well.
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ie8b243cedebe979ca46e0515a9fdd0695ab58304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059081
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75995}
The JS API constructor was renamed to "WebAssembly.Tag" to match the
spec:
https://github.com/WebAssembly/exception-handling/issues/159
Rename "exception" to "tag" throughout the codebase for consistency with
the JS API, and to match the spec terminology (e.g. "tag section").
R=clemensb@chromium.org,nicohartmann@chromium.org
Bug: v8:11992
Change-Id: I63f9f3101abfeefd49117461bd59c594ca5dab70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053583
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75994}
Add an explicit check for the available stack space before allocating a
large frame. Even though this typically does not cause problems on ia32,
we should do it to be consistent with other platforms and with TurboFan
code.
This follows the same structure as on x64: https://crrev.com/c/3059074
A follow-up CL will add a DCHECK to verify that we never overflow the
stack space by more than 4KB (https://crrev.com/c/3059076).
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ifffe56f29feae14545e6f70e30a1c94c5eabad6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059075
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75991}
Add an explicit check for the available stack space before allocating a
large frame. Even though this typically does not cause problems on x64,
we should do it to be consistent with other platforms and with TurboFan
code.
After also fixing ia32 (https://crrev.com/c/3059075), we can add a
DCHECK to verify that we never overflow the stack space by more than
4KB (https://crrev.com/c/3059076).
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: I4f407dc6a83d4a71636066777706f23d05002111
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059074
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75990}
The comment is a left-over of the state before
https://crrev.com/c/3055302. It should have been removed as part of that
CL.
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ic5234b230b3eda30e9a4a346e8c3b83c813a5dbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059078
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75989}
FP Div, Min and Max are added in this CL.
Opcodes are also reordered in macros to match the
instruction selector.
Change-Id: Idd6909721b0d06d523c93873e5faff39449d937c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058294
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75965}
Port 593fbb69c4
Original Commit Message:
Currently we first construct the frame (via
{TurboAssembler::EnterFrame}), then we spill the instance to the
respective slot (via {LiftoffAssembler::SpillInstance}). Instead, we
should already spill the instance as part of frame construction. That
allows for a more compact instruction to be used ("push" instead of
"mov" on Intel), and on arm64 even allows to merge pushing into an
existing instruction (where we currently push the zero register x31
instead).
This makes the prologue more similar to what TurboFan generates in
{TurboAssembler::AssembleConstructFrame} (which does not use
{TurboAssembler::EnterFrame}).
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I0b87d73776b59ade36faea2f4772c63c89eb740e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056455
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75942}
Currently we first construct the frame (via
{TurboAssembler::EnterFrame}), then we spill the instance to the
respective slot (via {LiftoffAssembler::SpillInstance}). Instead, we
should already spill the instance as part of frame construction. That
allows for a more compact instruction to be used ("push" instead of
"mov" on Intel), and on arm64 even allows to merge pushing into an
existing instruction (where we currently push the zero register x31
instead).
This makes the prologue more similar to what TurboFan generates in
{TurboAssembler::AssembleConstructFrame} (which does not use
{TurboAssembler::EnterFrame}).
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ibb4a38d2049cff66fec9450db4f7f375d006beac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055302
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75938}
Handle large frames by doing an explicit check to see if there is enough
remaining stack space before the stack limit.
The bailout which can be removed then is being triggered on more than 1
percent of all functions, so this is expected to improve compile time by
several percent, because we avoid the costly TurboFan compilation for
those >1%.
The code follows the same pattern as on arm, see
https://crrev.com/c/3046180.
R=ahaas@chromium.org
Bug: v8:11235
Change-Id: I0d359ae5fe0126da7ade860f596cfc108e7fd1d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054114
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75925}
Adds Integer and FP Sub and Mull.
Change-Id: Ide2cfdbdc308d18011ba5cc6a61cd326c13c09b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048789
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75922}
This is a reland of b99fe75c6d.
The test is now skipped on non-SIMD hardware.
Original change's description:
> [liftoff][arm64] Zero-extend offsets also for SIMD
>
> This extends https://crrev.com/c/2917612 also for SIMD, which
> (sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
> As part of this CL, that method is renamed to {GetEffectiveAddress}
> which IMO is a better name. Also, it just returns a register to make the
> semantic of that function obvious in the signature.
>
> Drive-by: When sign extending to 32 bit, only write to the W portion of
> the register. This is a bit cleaner, and I first thought that
> this would be the bug.
>
> R=jkummerow@chromium.org
> CC=thibaudm@chromium.org
>
> Bug: chromium:1231950, v8:12018
> Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75898}
TBR=zhin@chromium.orgCC=jkummerow@chromium.org, thibaudm@chromium.org
Bug: chromium:1231950, v8:12018
Change-Id: I662b62fafe99389be7a6c23b970fdf3768f866cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3051610
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75901}
This reverts commit b99fe75c6d.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/43105
Original change's description:
> [liftoff][arm64] Zero-extend offsets also for SIMD
>
> This extends https://crrev.com/c/2917612 also for SIMD, which
> (sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
> As part of this CL, that method is renamed to {GetEffectiveAddress}
> which IMO is a better name. Also, it just returns a register to make the
> semantic of that function obvious in the signature.
>
> Drive-by: When sign extending to 32 bit, only write to the W portion of
> the register. This is a bit cleaner, and I first thought that
> this would be the bug.
>
> R=jkummerow@chromium.org
> CC=thibaudm@chromium.org
>
> Bug: chromium:1231950, v8:12018
> Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75898}
Bug: chromium:1231950, v8:12018
Change-Id: I4e7a9d6fa6809b7c4d9be919cd5698737d784849
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049085
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75900}
This extends https://crrev.com/c/2917612 also for SIMD, which
(sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
As part of this CL, that method is renamed to {GetEffectiveAddress}
which IMO is a better name. Also, it just returns a register to make the
semantic of that function obvious in the signature.
Drive-by: When sign extending to 32 bit, only write to the W portion of
the register. This is a bit cleaner, and I first thought that
this would be the bug.
R=jkummerow@chromium.org
CC=thibaudm@chromium.org
Bug: chromium:1231950, v8:12018
Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75898}
Handle large frames by doing an explicit check to see if there is enough
remaining stack space before the stack limit.
The bailout which can be removed then is being triggered on more than 1
percent of all functions, so this is expected to improve compile time by
several percent, because we avoid the costly TurboFan compilation for
those >1%.
R=ahaas@chromium.org
Bug: v8:11235
Change-Id: I935998f7676647572598b52c989f7d41cc5239a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046180
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75897}
Starting with Simd Add ops which are ported to liftoff.
Change-Id: I2128303accf9bc47812560f5aa38b5ccfc2e3e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049070
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75890}
Shared ops between TurboFan and Liftoff are moved into
the macro-assembler.
Change-Id: I03cd3af10074b6b4666a7d2a13e652629576f76f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035764
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75768}
This refactors the {GetMemOp} function once again:
Instead of computing (mem_start + (offset_reg + offset_imm)), do compute
((mem_start + offset_imm) + offset_reg). This avoids an overflow in
(offset_reg + offset_imm) when using 32-bit computations, which hides
OOB memory accesses when relying on the trap handler.
As a nice side-effect, this change makes the whole method a lot nicer to
read.
We also need to change {StoreTaggedPointer} now, which was relying on the
inner working of {GetMemOp}. The new version makes the semantics more
transparent at the cost of repeating some logic from (the previous version
of) {GetMemOp}.
R=jkummerow@chromium.org
Bug: v8:11955, chromium:1227465, v8:11951
Change-Id: Ia068ca7c4f7db89b81529edd3438b0e4eee7d23d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015566
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75693}
- Implement f32/f64 fcopysign
- Implement f32/f64 type conversion
- enable some test cases that now pass.
Change-Id: Ia36299484adac885349df25d7c233dd7e43dded4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992914
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#75690}
Port [wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing
Change-Id: I166ee58ad1fe682847ee252db134ab615056b416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3020545
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#75671}
Trap handling is not implemented yet for memory64. Make sure that no
code tries to use it, by setting {NativeModule::bounds_checks_}
accordingly.
This requires some changes to tests to make sure that the
{WasmModule::is_memory64} field is set before creating the corresponding
{NativeModule}.
R=ahaas@chromium.org
Bug: v8:10949
Change-Id: I11d9544b603fc471e3368bb4e7487da4711293a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011167
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75632}
We did not handle conflicts between regular register moves and the
cached instance / cached memory start correctly. This could lead to us
overwriting a regular register when restoring the cached instance, which
results in either crashes or miscalculations afterwards.
R=ahaas@chromium.org
Bug: chromium:1217064
Change-Id: Icd4b08b97a47726108a50d51b3a7ba410d132f98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003158
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75602}
Port 6f48b7b369
Original Commit Message:
This is a reland of b0bcedccfd
Changes:
- Consistently use int32_t for max_steps and nondeterminism
- Skip SIMD tests on architectures that don't support it
Original change's description:
> [wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing
>
> R=clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I9764e3e2944690ed0883afdab20afd47fdd4acfa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979605
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75512}
R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I5d0281bb9668c22d9d068fdf95bc80404b982744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3006474
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75564}
This is a three-state field now: kTrapHandler, kExplicitBoundsChecks,
kNoBoundsChecks. It is set once based on the flags
(--wasm-bounds-checks and --wasm-enforce-bounds-checks) and depending on
whether the signal handler for wasm trap handling was installed. All
compilation then only uses the field value, and does not need to check
any flags any more.
R=ahaas@chromium.org
Bug: v8:11926
Change-Id: I2c0eb5ecb742ee65d1c10e4dceff7204119dab7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996191
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75558}
For static OOB accesses in Liftoff we were adding a protected
instruction information, mapping the PC of a jump instruction to the
landing pad. This is not needed, as the jump instruction is not supposed
to trigger a signal.
This CL slightly refactors the code to avoid this protected instruction
information, and resolves the old TODO.
R=ahaas@chromium.org
Change-Id: I668f3ec6a0815af83cbc04fb307744000166fb8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003156
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75554}
We've already been zero-extending 32-bit offset registers since
https://chromium-review.googlesource.com/c/v8/v8/+/2917612,
but that patch only covered the case where offset_imm == 0.
When there is a non-zero offset, we need the same fix.
Bug: chromium:1224882,v8:11809
Change-Id: I1908f735929798f411346807fc4f3c79d8e04362
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998582
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75500}
The {EnterFrame} and {LeaveFrame} methods will already emit a (scoped)
code comment in the form
[ EnterFrame
... instructions ...
]
Thus skip the additional code comment emitted by Liftoff.
R=ahaas@chromium.org
Bug: v8:11879
Change-Id: I488568022cb03b16f07a12c1a575d90613691758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996197
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75479}
Extern ref in Liftoff is enabled since M-90
(https://crrev.com/c/2625886), hence remove the flag to simplify the
code.
R=ahaas@chromium.org
Bug: v8:11879
Change-Id: Ie72dfbc006d6f42e2e9e83d44ff78e3c53a82614
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996195
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75478}
We currently merge i32 binary operations with a subsequent if or br_if,
and we merge i32.eqz with a subsequent br_if. The combination i32.eqz +
if was missing, even thought there is already support for that in the
"if" handler.
R=ahaas@chromium.org
Change-Id: Id4386d0c5d6dcf3605c72ea1146169d2088abe98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996196
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75477}
The cached memory start was not preserved across stack checks in debug
code. This only manifests if the stack check is actually executed, hence
it's tricky to reproduce.
R=ahaas@chromium.org
Bug: chromium:1222648
Change-Id: I8d678305022e3521bd457ad49ebed30d81b05231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2987824
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75388}
Add a code comment for checking the maximum number of steps, and
disambiguate the different types of breakpoints.
R=thibaudm@chromium.org
Change-Id: I9be40461554948a61e81b3f9953cfc4475e52e54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2985400
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75383}
Most Liftoff code comments are generated by the {NextInstruction}
function. That code was inside an "#ifdef DEBUG" block so far, because
previously code comments were only enabled in debug builds anyway. Now
that we have the separate v8_code_comments gn arg, they can also be
enabled in release builds.
Hence remove the "#if DEBUG" such that code comments are also output in
release mode.
This should not introduce any compile time regressions since both macros
are no-ops in official builds.
R=ahaas@chromium.org
Change-Id: I0bdd11534620072ccf0ff959c7f7d658aa75717b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2985243
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75382}
The code used to be only enabled in debug mode. Now that we have a
separate v8_code_comments gn arg, this is not the case any more. Hence
remove the "DEBUG_" prefix from the macro.
R=ahaas@chromium.org
Change-Id: I60215e3b07d6cb0cee5076136834e4bb5a13355b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982345
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75378}
This is a reland of 9701d4a420
with a small fix for some code landed in between the dry-run and
submission.
Original change's description:
> [base] Move most of src/numbers into base
>
> Moves all but conversions.*, hash-seed-inl.h and math-random.* into
> base, in preparation for moving the parts of conversions that don't
> access HeapObjects.
>
> Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.
>
> Bug: v8:11917
> Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75354}
Bug: v8:11917
Change-Id: Ie1ec9032fe56646a7c7303185cecc70fce5694ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982607
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75368}
Instead, make the array-allocating builtin initialize the object.
This speeds up later stages of Turbofan graph processing, in particular
live range computation.
Bug: v8:7748
Change-Id: Iba0d682922b444b1d6151eeaee8d939821ebc980
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983457
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75367}
There is only one global wasm engine, so we do not need to store the
pointer in the NativeModule. We just use {GetWasmEngine()} instead,
which reads the global pointer.
R=jkummerow@chromium.org
Bug: v8:11879
Change-Id: I66dedd571755774d96621b8d20ff23bdfef8134f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983208
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75366}
This reverts commit 9701d4a420.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64/40802/overview
Original change's description:
> [base] Move most of src/numbers into base
>
> Moves all but conversions.*, hash-seed-inl.h and math-random.* into
> base, in preparation for moving the parts of conversions that don't
> access HeapObjects.
>
> Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.
>
> Bug: v8:11917
> Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75354}
Bug: v8:11917
Change-Id: Iacf796c95256016fa74f0a910c5bb1a86baa425a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982605
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75356}
Moves all but conversions.*, hash-seed-inl.h and math-random.* into
base, in preparation for moving the parts of conversions that don't
access HeapObjects.
Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.
Bug: v8:11917
Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75354}
This is a reland of ac6546469d.
Two constants defined in {AssemblerBase} were not defined anywhere,
which is fixed now.
Original change's description:
> [wasm] Remove WasmInstructionBuffer
>
> {WasmInstructionBuffer} was basically a wrapper around {AssemblerBuffer}
> which remembered the last {AssemblerBuffer} on {Grow()}. Since the
> {Assembler} itself already keeps track of the latest {AssemblerBuffer},
> this functionality is mostly redundant. All we need instead is a method
> to retrieve the {AssemblerBuffer} from the {Assembler}.
>
> This CL thus removes {WasmInstructionBuffer} and instead adds
> {AssemblerBase::ReleaseBuffer}.
>
> R=jkummerow@chromium.org, mslekova@chromium.org
> CC=dlehmann@google.com
>
> Bug: v8:11714
> Change-Id: Id07945b67992802a6177bf09e5f5c5be08f657b0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982013
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75336}
Bug: v8:11714
Change-Id: I8797de1a7a78a93aaef936e46bfd1e73ec2cc9d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982015
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75338}
This reverts commit ac6546469d.
Reason for revert: Breaks ASAN no-inline - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20ASAN%20no%20inline%20-%20release%20builder/22909/overview
Original change's description:
> [wasm] Remove WasmInstructionBuffer
>
> {WasmInstructionBuffer} was basically a wrapper around {AssemblerBuffer}
> which remembered the last {AssemblerBuffer} on {Grow()}. Since the
> {Assembler} itself already keeps track of the latest {AssemblerBuffer},
> this functionality is mostly redundant. All we need instead is a method
> to retrieve the {AssemblerBuffer} from the {Assembler}.
>
> This CL thus removes {WasmInstructionBuffer} and instead adds
> {AssemblerBase::ReleaseBuffer}.
>
> R=jkummerow@chromium.org, mslekova@chromium.org
> CC=dlehmann@google.com
>
> Bug: v8:11714
> Change-Id: Id07945b67992802a6177bf09e5f5c5be08f657b0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982013
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75336}
Bug: v8:11714
Change-Id: Iff32952f712ab2f0f9a16d91906d0135c084f4df
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982014
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75337}
{WasmInstructionBuffer} was basically a wrapper around {AssemblerBuffer}
which remembered the last {AssemblerBuffer} on {Grow()}. Since the
{Assembler} itself already keeps track of the latest {AssemblerBuffer},
this functionality is mostly redundant. All we need instead is a method
to retrieve the {AssemblerBuffer} from the {Assembler}.
This CL thus removes {WasmInstructionBuffer} and instead adds
{AssemblerBase::ReleaseBuffer}.
R=jkummerow@chromium.org, mslekova@chromium.orgCC=dlehmann@google.com
Bug: v8:11714
Change-Id: Id07945b67992802a6177bf09e5f5c5be08f657b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982013
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75336}
Instrument floating-point operations to set a flag if the result is NaN.
Does not handle f32x4 and f64x2 results yet.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I1c3603e2c0c92e71bea8418e85852c01904379af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979600
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75335}
Detect if Simd is enabled and if so push/pop the entire
128 bit value, if not then only push/pop the double values.
Change-Id: I45d54dcf799a685066559cc3521ef44cd884b788
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979352
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75332}
These are the changes Cobalt currently has in V8's cpu related code.
- Add missing Starboard CPU code
- Replace some V8_OS_WIN with V8_TARGET_OS_WIN, they are found when
cross-compiling for Linux platforms on Windows
Bug: v8:10927
Change-Id: Id63ae8614cbe6fe0eb53df89060c8ca2c9969ef4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2963803
Commit-Queue: John Xu <johnx@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75318}
There is exactly one WasmEngine per process, hence we do not need to
store or pass a pointer to it. We just use {GetWasmEngine} (which just
reads a global variable) whenever we need it.
R=jkummerow@chromium.org
Bug: v8:11879
Change-Id: I7e0e86e326f4cafe5a894af0ff6d35803c0340a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972725
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75266}
Split interface functions into constant, non-constant, and meta
functions. This will be useful once initializer expression decoding is
implemented as an interface for WasmFullDecoder.
Additionally, add ArrayInit() interface function (currently unused).
Bug: v8:11895
Change-Id: If076fe47871868c2d754f9c72c865f0a7f9f97d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964609
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75251}
The adding of base:: was mostly prepared using git grep and sed:
git grep -l <pattern> | grep -v base/vector.h | \
xargs sed -i 's/\b<pattern>\b/base::<pattern>/
with lots of manual clean-ups due to the resulting
v8::internal::base::Vectors.
#includes were fixed using:
git grep -l "src/utils/vector.h" | \
axargs sed -i 's!src/utils/vector.h!src/base/vector.h!'
Bug: v8:11879
Change-Id: I3e6d622987fee4478089c40539724c19735bd625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968412
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75243}
On a loop back edge both the cached instance and the cached memory
start have to get restored for the next loop iteration. In the original
CL we did not consider the case that by restoring the instance we may
overwrite the currently cached memory start.
Original description:
WebAssembly functions often have subsequent memory accesses, and each of
these memory accesses need the start address of the memory in a register.
With this CL the register with the memory start address is cached, so
only the first memory access has to load the memory start address into a
register, subsequent memory accesses can just reuse the register.
In first measurements with the epic benchmark this reduces the size of
the generated Liftoff code by a bit more than 5%.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: I884c0da24be8bc6b10f2c6bf5437b9a279819538
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960220
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75183}
This reverts commit fd93f33824.
Reason for revert: Out of bounds errors in Unity benchmark (link is internal).
Original change's description:
> [wasm][liftoff] Cache the memory start register
>
> WebAssembly functions often have subsequent memory accesses, and each of
> these memory accesses need the start address of the memory in a register.
> With this CL the register with the memory start address is cached, so
> only the first memory access has to load the memory start address into a
> register, subsequent memory accesses can just reuse the register.
>
> In first measurements with the epic benchmark this reduces the size of
> the generated Liftoff code by a bit more than 5%.
>
> R=clemensb@chromium.org
>
> Bug: v8:11862
> Change-Id: Ic33e7e3c00a4209570821269c728187affbeadcf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947403
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75113}
Bug: v8:11862
Change-Id: I20c7e7d729cf9846499db90c02f8581d7f994ace
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960216
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75132}
WebAssembly functions often have subsequent memory accesses, and each of
these memory accesses need the start address of the memory in a register.
With this CL the register with the memory start address is cached, so
only the first memory access has to load the memory start address into a
register, subsequent memory accesses can just reuse the register.
In first measurements with the epic benchmark this reduces the size of
the generated Liftoff code by a bit more than 5%.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: Ic33e7e3c00a4209570821269c728187affbeadcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947403
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75113}
Functions defined inside a class declarations are inline by default.
Thus remove the 'inline' annotation from all such definitions.
Drive-by: Move the 'inline' annotation of
{WasmFunctionBuilder::signature} from the definition to the declaration.
R=jkummerow@chromium.org
Bug: v8:11384
Change-Id: I18be0b7d83c2414b3237e2f834e470c613143d7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953320
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75096}
There was already a lookahead implementation in Liftoff for the case
where a comparison was followed by kExprBrIf. This CL extends this
lookahead implementation to kExprIf as well. This extension reduces the
size of the code generated by Liftoff in the Epic benchmark by 1.5%.
R=clemensb@chromium.org
Bug: v8:11873, v8:11862
Change-Id: If4428bdd64eedcdd6dc543efc3b9945cbd8be3cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953322
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75088}
Changes:
- Remove endianness transformations from WasmValue contstructors.
WasmValue will now use the system's endianness. Remove
CopyToWithSystemEndianness.
- Remove endianness transformation from global variable load/stores in:
wasm-compiler.cc, liftoff-compiler.cc, wasm-objects{.cc, -inl.h}, and
wasm-interpreter.cc
- Adjust SIMD tests that directly access part of a value by changing
which lane they access within that value. We do that by introducing
a LANE macro and use it over ReadLittleEndianValue.
Change-Id: I99e97c6eae72e9a135b184633ec266049803bb03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944437
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75085}
For Cobalt's purpose in the past, we introduced base::Memcpy to
intercept memcpy calls and replace it with SbMemoryCopy on
Starboard/Cobalt. Recently Cobalt removed SbMemoryCopy because we found
out that memcpy implementation is universal. To reduce the cost to
maintain base::Memcpy, let us remove it and revert back to raw memcpy.
Bug: v8:10927
Change-Id: I060f191f8f1aed8b78ffe4558a3743f3a2da008b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951462
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: John Xu <johnx@google.com>
Cr-Commit-Position: refs/heads/master@{#75070}
Add a new testing tier based on Liftoff. In this tier, the Liftoff
compiler takes an address to a counter, and decrements that counter at
every instruction. When the counter reaches 0, execution aborts.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I20970e323ff19f7cb6ab6855377c678ca391421e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944440
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75022}
Strict equality checking of ValueTypes only made sense before
reference types came along.
Change-Id: I632f541328cb27ae87a5e3daccd4ffb9cfc8a502
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928513
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74965}
Changes:
- Merge all immediates which read a u32_v index into IndexImmediate.
Refactor overloaded Validate(const byte*, [Type]Immediate) functions
to Validate[Type](const byte*, IndexImmediate).
- Move MemoryIndexImmediate/MemoryAccessImmediate validation into their
own Validate functions. Remove CheckHasMemory(), move its
functionality into these Validate() functions.
- Refactor MemoryInitImmediate, TableInitImmediate and
CallIndirectImmediate as composite immediates.
- Change field initializations for some Immediates to constructor
initializers. This helps us drop some useless default constructors.
- Use the correct pc in StackEffect for struct.new_default.
Bug: v8:11831
Change-Id: I878f69a33f8473dc275184995b3b7b88fe0dfc8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928498
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74948}
This instruction is a non-standard V8-only experiment for now,
hidden behind the --experimental-wasm-gc-experiments flag.
The motivation is to provide a way to set up non-canonicalized
RTT hierarchies, to enable expressing the type system of Java-like
languages in terms of WasmGC constructs.
Bug: v8:7748
Change-Id: Idf1c18e9944c983f40f1e01b2032ee5fdc2fd81b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930478
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74920}
Port 2b77ca200c
Original Commit Message:
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.
R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ife3ae4f93b85fe1b2c76fe4b98fa408b5b51ed71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929661
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74886}
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.
R=clemensb@chromium.orgCC=jkummerow@chromium.org
Bug: v8:11809
Change-Id: I21e2535c701041d11fa06c176fa683d82db0a3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917612
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74881}
Various behaviour preserving changes that make it easier to switch on
callee-saved registers without having to land refactoring code at the
same time.
- Use MaybeStoreRegisters / MaybeRestoreRegisters
- Use CallRecordWriteStubSaveRegisters everywhere for now. Eventually
this will be replaced by CallRecordWriteStub in places with fixed
registers.
- Use WriteBarrierDescriptor::ComputeSavedRegisters, which for now
returns the same as allocatable_registers
Full x64 implementation: https://crrev.com/c/2922604
Bug: v8:11420
Change-Id: I04e6ac2f6333edc91cb1030a0217f59ad441a1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922250
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74876}
This is a reland of 17915002fc with an
added fix for TurboAssembler::CallTSANRelaxedStoreStub.
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: Ibac3e6f0360d35579ee0b0dc5d698f8cdab93260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922604
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74870}
This will be thrown during array allocations if the requested size is
larger than kV8MaxWasmArrayLength.
Additional changes:
- In test-gc.cc, add the possibility to check against the trap message
in CheckHasThrown.
- Small reorganization of WasmGCTester in test-gc.cc.
Bug: v8:7748
Change-Id: I6f74b525bd7087fcc66f43c451ef130df022b0f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922247
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74867}
And add s10 to scratch_register_list. Clean up t* register used in macroassembler
Bug: v8:7703
Change-Id: Ib8477cd7528b8c2a2297da3f46659f30af45286e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914246
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#74841}
This reverts commit 17915002fc.
Reason for revert: Breaks TSAN builds (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20builder/19166/overview)
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: I20f239e64ec2834acd651341634974291992add5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922316
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74832}
Calls to the record write stub are quite frequent and the caller has to
save all registers used by the builtin.
This CL moves the register saving to the builtin itself, reducing the
call-site code size significantly in many cases and thus improving
compilation speed of sparkplug.
Follow-up CLs with introduce the same behaviour to other platforms.
- CallRecordWriteStubSaveRegisters preserves the existing behaviour and
saves clobbered registers.
- CallRecordWriteStub expects the registers to match the ones specified
in the WriteBarrierDescriptor for more compact code.
Bug: v8:11420
Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74831}
This adds detection for constant memory indexes which can statically be
proven to be in-bounds (because the effective offset is within the
minimum memory size). In these cases, we can skip the bounds check and
the out-of-line code for the trap-handler.
This often saves 1-2% of code size.
R=ahaas@chromium.org
Bug: v8:11802
Change-Id: I0ee094e6f1f5d132af1d6a8a7c539a4af6c3cb5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919827
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74825}
Changes:
- Add --experimental-wasm-gc-experiments flag.
- Add array.copy opcode. Implement it in decoding and code generation
behind the new flag.
- Add WasmCodeBuilder::BoundsCheckArrayCopy. Move BoundsCheckArray to
the private section.
- Add WasmArrayCopy and WasmArrayCopyWithChecks builtin.
- Add WasmArrayCopy runtime function.
- Add WasmArray::ElementSlot.
- Always print two hex digits in CHECK_PROTOTYPE_OPCODE.
- In test-gc, print the thrown-error message if the function should not
throw.
- In test-gc, add GetResultObject with one argument.
Bug: v8:7748
Change-Id: I58f4d37e254154596cdef5e78482b55260dd3782
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912729
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74806}
This is a first step towards supporting unwrapped WasmObject objects on
JavaScript side.
In addition this CL
1) introduces Representation::WasmValue which is used for all WasmObject
fields exposed to JavaScript side.
2) adds creation of meaningful DescriptorArrays for WasmObject's Maps.
Bug: v8:11804
Change-Id: I4afcd39da5cb77b659943da54a2ca34d13bcc9bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912776
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74744}
... and use the generated WasmObject instance type range for data refs
checks.
Bug: v8:11804
Change-Id: I855ff76404ff7e3ca919dabec238d35cb39c0baf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910784
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74713}
Additional changes:
- Clean up liftoff implementation of br_on_*.
- Bundle operations everywhere based on operation rather than type.
- Remove reference argument from WASM_BR_ON_* macros, to bring them in
sync with WASM_BR_ON_CAST.
- Add missing function decoding unittests for br_on_*.
Bug: v8:7748
Change-Id: I5f5ebfac5b50b5a9a201acb435344d7471326242
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909857
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74709}
This is a reland of 8f39a58586
Changes compared to original:
Change the type of arguments of WASM_I32V from byte to int for MSVC
compatibility.
Original change's description:
> [wasm-gc] Implement br_on_cast_fail
>
> Bug: v8:7748
> Change-Id: I7894ad51ccf8ac41a5081c272a583a4ff25c1835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900225
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74652}
Bug: v8:7748
Change-Id: I39f39ff6979382f5618683a8e7754f56df4ec9e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905599
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74689}
We used to recompile WasmCapiCallWrappers whenever they were
needed, but never garbage-collected them, which caused a memory
leak when many short-lived instances of the same module were
created. This patch makes the wrappers cacheable and caches them,
which avoids both repeated compilation effort and the unbounded
memory growth.
Drive-by cleanup: unify WasmCapiFunctionData with the other
Wasm*FunctionData classes by making it inherit from WasmFunctionData.
Bug: v8:11774
Change-Id: Ia0c0d76be2938dc7bebfdc845f4a1cfeafef4a70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905605
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74682}
Inline the RememberedSetAction and SaveFPMode flags directly into the
RecordWrite stubs:
- Save two register for input arguments
- Avoid branches in the RecordWrite stubs
We end up with 2 stubs for the EphemeronKeyBarrier and 4 stubs for
RecordWrite. Due to more inlined calls we have roughly 1KiB more
builtins code for RecordWrite currently. We will address this in the
future by splitting out common code into a separate stub. There is
no additional code size overhead for EphemeronKeyBarrier.
This saves 4 to 8 bytes on x64 per RecordWrite call and 2.5% sparkplug
code size reduction on d3.min.js.
Bug: v8:11420
Change-Id: Ib7170265dd6dd4b3aaf8275083f096e76fae8251
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902731
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74661}
This is a reland of 3356078ae1.
The fix is in PS2:
- fix the DCHECK to be triggered only if dst != src, the dcheck
is meant to prevent rep from being overwritten, which happens only
if dst != src
- fix instruction selector for f64x2.replace_lane, require SameAsFirst
only for non-AVX, which makes dst == src, saving a move
- on x64 we also require all registers, since the macro-assembler
helper only handles registers
Original change's description:
> [wasm-simd][x64][ia32] Factor f64x2.replace_lane into shared code
>
> This pblendw/movlhps combination has lower latency and requires less
> unop than pinsrq (1 v.s. 2).
>
> Bug: v8:11589
> Change-Id: I770b0c20a286774afefbac5ef0adffe463318f21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2828871
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74049}
Bug: v8:11589
Change-Id: I51cba0539d5241242dc4d7d971ede1940b9ac1fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2842264
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74545}
As mentioned in this CL https://crrev.com/c/2510070,
PPC_OWNERS file is the only necessary file applied
to all *-ppc* files.
Change-Id: I2052186660c6d186e3ead3e8e127a9129814377f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892602
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74536}
On x64 we can emit more compact instructions for mov(reg, imm). However
currently this only happens when using the Set method explicitly.
This CL renames Set to Move to avoid confusion and yield better code
by default.
Also use the new Move helper for Smis as well.
Change-Id: I06558e88d1142098f77fb98870f09742d494f3dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874450
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74512}
- Share RemeberedSetAction and SmiCheck enums between all platforms.
- Convert to enum classes with k-prefixed values
Bug: v8:11420
Change-Id: Ib265a229f12a850ea866fd01d8022cbae5e1a9d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885040
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74489}
After updating our bots to use GCC 7.4, we do not need to support
incomplete C++14 support any more. In particular, we can assume
complete c++14 constexpr support now.
This CL removes the V8_HAS_CXX14_CONSTEXPR and CONSTEXPR_DCHECK macros.
The CONSTEXPR_DCHECKs are replaced by DCHECK and friend, or
STATIC_ASSERT where possible.
R=jgruber@chromium.org, leszeks@chromium.org, mlippautz@chromium.org
Bug: v8:9686, v8:11384
Change-Id: I3a8769a0f54da7eb2cacc37ee23e5c97092e3051
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876847
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74486}
The line being modified currently causes a 32-bit build with MSVC to
give out this warning:
C2397: conversion from 'int32_t' to 'v8::internal::byte' requires a
narrowing conversion.
Avoid the warning by declaring `shift` as type byte to start with.
Change-Id: Ib11c8e24811bfc6fe076b845be140e86b7ca38c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2877949
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74451}
Structs with zero fields weren't handled correctly, because the GC
has a requirement that each object occupies at least two pointers.
On the high end, Wasm structs accidentally had a limit of 255 pointers
including object header. This CL bumps that to the intended limit
of 999 fields (which is arbitrary and could be raised if needed).
Bug: v8:7748
Change-Id: I13a3f45b3ddb28023c76775da32be0d07ec2ffd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874653
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74436}
The heap sandbox mode was broken after the introduction of
WasmExportedFunctionData objects due to missing external pointer
handling. This CL implements that.
Bug: v8:10391
Change-Id: Icc6a2944b68f475c40b6431ab26400c35083b7bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862771
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Samuel Groß <saelo@google.com>
Cr-Commit-Position: refs/heads/master@{#74415}
After dropping support for older GCC versions, we can now assume full
c++14 constexpr support, and can hence resolve a TODO to make a
LiftoffCompiler method constexpr.
This is also a proof-of-concept to verify that this indeed works on all
bots now.
R=ahaas@chromium.org
Bug: v8:9686, v8:11384
Change-Id: I9b7da91152b0af98778312d653aebbf4236fed0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876850
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74407}
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.
R=jkummerow@chromium.org
Bug: v8:11717
Change-Id: I5e6261c9a4825f6b58068d57327601723edfa481
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859948
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74296}
By (mostly) unifying the different kinds of WasmFunctionData, and
precomputing and caching what we can, we can reduce the amount of
work that has to be done for each call.
We still have to store the current instance for JS function calls;
that may be eliminatable in the future.
WasmCapiFunctions are not included in the refactoring yet.
Bug: v8:7748,v8:9495
Change-Id: Ie6839153153d5854670cd01bc77a86111c1f68d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2856543
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74287}
Root slots are full pointer size. Using tagged ptr loads
will lead to errors on big endian platform.
Change-Id: I477597fadee025b6fb060d67a83bee60290aeb14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857636
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74273}
We were inconsistent in handling offsets >= 2GB on 32-bit systems. The
code was still relying on this being detected as statically out of
bounds, but with the increase of {kV8MaxWasmMemoryPages} to support 4GB
memories, this is not the case any more.
This CL fixes this by again detecting such situations as statically OOB.
We do not expect to be able to allocate memories of size >2GB on such
systems. If this assumptions turns out to be wrong, we will erroneously
trap. If that happens, we will have to explicitly disallow memories of
such size on 32-bit systems.
R=jkummerow@chromium.org
Bug: v8:7881, chromium:1201340
Change-Id: Ic89a67d38fb860eb8a48a4ff51bc02c53f8a2c2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848467
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74175}
Similar to the recent change to --code-comments, make --debug-code a
build-time enabled flag, enabled by default on debug builds.
This also removes the emit_debug_code() option from the assembler,
instead using the flag directly (there were no cases where this option
didn't match the global flag).
Change-Id: Ic26b0d37b615a055508c9dda099ffbe979eae030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843348
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74095}
- Add v8_code_comments to allow runtime-enabled code comments with
--code-comments
- v8_code_comments is enable by default in debug mode
- Make MacroAssembler::RecordComment helper inlineable to remove
call and check overheads when v8_code_comments = false
- Make FLAG_code_comments readonly if v8_code_comments = false and
benefit from dead-code elimination
This saves roughly 5% CompileBaselineVisit time in sparkplug
on a 5MiB JS file.
Bug: v8:11420
Change-Id: I1174ab37b4bbe1ff8880416c1f6a6e28377a962c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2824428
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74055}
This pblendw/movlhps combination has lower latency and requires less
unop than pinsrq (1 v.s. 2).
Bug: v8:11589
Change-Id: I770b0c20a286774afefbac5ef0adffe463318f21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2828871
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74049}
This is a reland of ae0752df1b
Reland fixes:
* Remove UNREACHABLE() from constexpr switch, since we don't have a
CONSTEXPR_UNREACHABLE() (it's ok, the switch is exhaustive for the
enum anyway).
* Fix IsRegisterArray trait to use public inheritance and size_t for
std::array size.
Original change's description:
> [codegen] Add static interface descriptors
>
> Add a new CRTP StaticCallInterfaceDescriptor class, which provides
> static constexpr getters for a descriptor's registers, parameter counts,
> and so on. Each CallInterfaceDescriptor subclass is changed to extend
> StaticCallInterfaceDescriptor, with StaticCallInterfaceDescriptor itself
> extending CallInterfaceDescriptor to still provide a dynamic lookup
> where needed.
>
> StaticCallInterfaceDescriptor provides a couple of customisation points,
> where it reads its CRTP derived descriptor's static fields and
> functions, with default fallbacks where appropriate. With these
> customisation points, the definition of CallInterfaceDescriptor
> subclasses is simplified to:
>
> a) Providing parameter names (as before)
> b) Providing parameter types (as before)
> c) Optionally setting flags (like kNoContext or kAllowVarArgs) as
> static booleans on the class.
> d) Optionally providing a `registers()` method that returns a
> std::array<Register, N> of registers that may be used for
> parameters (if not provided, this defaults to the implementation
> specific default register set).
>
> Parameter registers (and register count) are automagically set based on
> the number of parameters and number of given registers, with extra magic
> to ignore no_reg registers (to reduce ia32 special casing). The
> CallInterfaceDescriptorData is initialized based on these static
> functions, rather than manual per-descriptor initializers.
>
> This allows us to skip loading descriptors dynamically for CallBuiltin
> in Sparkplug, and instead lets us use a bit of template magic to
> statically set up arguments for the calls. Any other users of statically
> known descriptors will also benefit, thanks to C++ picking the static
> methods over the dynamic methods on the base class when available.
>
> Because we can remove various virtual functions and trigger heavier
> inlining of constantly known values, binary size slightly decreases with
> this change.
>
> Note that torque-generated descriptors are changed to use the same magic,
> rather than having Torque-specific magic, for consistency.
>
> Bug: v8:11420
> Change-Id: Icc5e238b6313a08734feb564204a13226b450c22
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814518
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73996}
TBR=nicohartmann@chromium.org,clemensb@chromium.org,ishell@chromium.org,clemensb@chromium.org
Bug: v8:11420
Change-Id: Icd1f6cdb3c178e74460044b1e9623139929ceba8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831872
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74010}
This makes it much easier to read the code, since that code otherwise
looks unreachable.
R=thibaudm@chromium.org
Change-Id: I8720f8e23a6932d83b7ef6a1f26632095ecfeb43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826120
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74005}
Changes:
- Remove redundant argument from PopControl(), FallThruTo();
- Rename FallThruTo() -> FallThrough();
- Do not Kill() the environment at control end in
graph-builder-interface, as this is not needed.
- Move some things around and remove dead code.
Change-Id: Ia2e2fb5c3a60c32838d42e5916691b38642b30bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2830792
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74004}
The "num_exceptions" field of the control block must be updated before
entering the stack check, because it is used in
"GetCurrentDebugSideTable" to compute the correct indices for the debug
side table.
R=clemensb@chromium.org
Bug: chromium:1199526
Change-Id: I54f1e4244bf84d0a78b47a764fedc83b54758d01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831483
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74003}
This reverts commit ae0752df1b.
Reason for revert: Predictably, constexpr issues on non-clang compilers.
Original change's description:
> [codegen] Add static interface descriptors
>
> Add a new CRTP StaticCallInterfaceDescriptor class, which provides
> static constexpr getters for a descriptor's registers, parameter counts,
> and so on. Each CallInterfaceDescriptor subclass is changed to extend
> StaticCallInterfaceDescriptor, with StaticCallInterfaceDescriptor itself
> extending CallInterfaceDescriptor to still provide a dynamic lookup
> where needed.
>
> StaticCallInterfaceDescriptor provides a couple of customisation points,
> where it reads its CRTP derived descriptor's static fields and
> functions, with default fallbacks where appropriate. With these
> customisation points, the definition of CallInterfaceDescriptor
> subclasses is simplified to:
>
> a) Providing parameter names (as before)
> b) Providing parameter types (as before)
> c) Optionally setting flags (like kNoContext or kAllowVarArgs) as
> static booleans on the class.
> d) Optionally providing a `registers()` method that returns a
> std::array<Register, N> of registers that may be used for
> parameters (if not provided, this defaults to the implementation
> specific default register set).
>
> Parameter registers (and register count) are automagically set based on
> the number of parameters and number of given registers, with extra magic
> to ignore no_reg registers (to reduce ia32 special casing). The
> CallInterfaceDescriptorData is initialized based on these static
> functions, rather than manual per-descriptor initializers.
>
> This allows us to skip loading descriptors dynamically for CallBuiltin
> in Sparkplug, and instead lets us use a bit of template magic to
> statically set up arguments for the calls. Any other users of statically
> known descriptors will also benefit, thanks to C++ picking the static
> methods over the dynamic methods on the base class when available.
>
> Because we can remove various virtual functions and trigger heavier
> inlining of constantly known values, binary size slightly decreases with
> this change.
>
> Note that torque-generated descriptors are changed to use the same magic,
> rather than having Torque-specific magic, for consistency.
>
> Bug: v8:11420
> Change-Id: Icc5e238b6313a08734feb564204a13226b450c22
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814518
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73996}
Bug: v8:11420
Change-Id: Ie5469c9253fc140590ac30b72db6eb1d93f86806
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831485
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74000}
Add a new CRTP StaticCallInterfaceDescriptor class, which provides
static constexpr getters for a descriptor's registers, parameter counts,
and so on. Each CallInterfaceDescriptor subclass is changed to extend
StaticCallInterfaceDescriptor, with StaticCallInterfaceDescriptor itself
extending CallInterfaceDescriptor to still provide a dynamic lookup
where needed.
StaticCallInterfaceDescriptor provides a couple of customisation points,
where it reads its CRTP derived descriptor's static fields and
functions, with default fallbacks where appropriate. With these
customisation points, the definition of CallInterfaceDescriptor
subclasses is simplified to:
a) Providing parameter names (as before)
b) Providing parameter types (as before)
c) Optionally setting flags (like kNoContext or kAllowVarArgs) as
static booleans on the class.
d) Optionally providing a `registers()` method that returns a
std::array<Register, N> of registers that may be used for
parameters (if not provided, this defaults to the implementation
specific default register set).
Parameter registers (and register count) are automagically set based on
the number of parameters and number of given registers, with extra magic
to ignore no_reg registers (to reduce ia32 special casing). The
CallInterfaceDescriptorData is initialized based on these static
functions, rather than manual per-descriptor initializers.
This allows us to skip loading descriptors dynamically for CallBuiltin
in Sparkplug, and instead lets us use a bit of template magic to
statically set up arguments for the calls. Any other users of statically
known descriptors will also benefit, thanks to C++ picking the static
methods over the dynamic methods on the base class when available.
Because we can remove various virtual functions and trigger heavier
inlining of constantly known values, binary size slightly decreases with
this change.
Note that torque-generated descriptors are changed to use the same magic,
rather than having Torque-specific magic, for consistency.
Bug: v8:11420
Change-Id: Icc5e238b6313a08734feb564204a13226b450c22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814518
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73996}
Port 06a2c2e0c0
Original Commit Message:
We currently allow OSR (On-Stack Replacement) of arbitrarily deep return
addresses. This is in direct violation of Intel CET's shadow stack,
which we plan to enable eventually.
This change works around this by postponing OSR until after we return to
the old code. The main changes are:
- Reserve a slot in Liftoff frames to store the OSR target,
- Skip the return address modification, and instead store the new code
pointer in the dedicated slot,
- Upon returning to the old code, check the slot and do an indirect jump
to the new code if needed.
CET also prevents indirect jumps to arbitrary locations, so the last
point is also a CET violation. Valid indirect jump targets must be
marked with the ENDBRANCH instruction, which I will do in a follow-up
CL.
R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Id972de1ba7556474cb00b377ea3a38eb4332eae3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2828870
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73984}
We currently allow OSR (On-Stack Replacement) of arbitrarily deep return
addresses. This is in direct violation of Intel CET's shadow stack,
which we plan to enable eventually.
This change works around this by postponing OSR until after we return to
the old code. The main changes are:
- Reserve a slot in Liftoff frames to store the OSR target,
- Skip the return address modification, and instead store the new code
pointer in the dedicated slot,
- Upon returning to the old code, check the slot and do an indirect jump
to the new code if needed.
CET also prevents indirect jumps to arbitrary locations, so the last
point is also a CET violation. Valid indirect jump targets must be
marked with the ENDBRANCH instruction, which I will do in a follow-up
CL.
Bug: v8:11654
Change-Id: I6925005211aa95d60803b9409e3c07c7c226b25c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826127
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73977}
Changes:
- Implement function subtyping in wasm-subtyping.cc.
- Add Signature::Build(), which takes initializer lists for the return
and parameter types.
- Only throw kTrapFuncSigMismatch in call_indirect, change that trap's
message.
- Add a missing "return 0" in function-body-decoder-impl.h
- Fix a faulty check in wasm-objects.cc.
- Improve some comments.
- Write tests. Improve readability of subtyping-unittest.
Bug: v8:7748
Change-Id: I1caba09d5bd01cfd4d6125f300cd9c16af7aba99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2822633
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73972}
We add one more member function template to AvxHelper to allow one new
way of calling:
- Andps(x, y, z) -> vandps(x, y, z), andps(x, z) && x == y
Clean up a bunch of places where we need to pass an int literal as a
byte.
Unfortunately we cannot define Movq using AVX_OP. Because of the way
movq is defined in the assembler, using function templates, there are
versions of movq with 1 argument defined. That is not a valid
instruction (but is valid for `dec`). We end up selecting
vmovq(XMMRegister, Register) and movq(XMMRegister), which is not valid.
Bug: v8:11589
Change-Id: I45e3bc213d93ece7f65da8eb1e3fa185aec4c573
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2815560
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73944}
