This adds support for i32.shl, i32.shr_u and i32.shr_s.
These are the first instructions implemented which have constraints on
the registers they use (rcx in this case), so the implementation is a
bit more involved. It's still worth trying to emit good code here, as
shifts are quite common in our benchmarks.
This code will later have to be extended to use i32 immediates directly
instead of loading them into a register first. This will result in
smaller code and better performance.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I45b41ab062b58a9b2bc7e14a68663180307b900d
Reviewed-on: https://chromium-review.googlesource.com/859761
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50481}
Drive-by-cleanup:
- Add InternalElementsAccessor to expose protected instance methods
to ElementsAccessor subclasses.
- Make some more ElementsAccessor methods protected that take the
raw entry as parameter.
Bug: chromium:798644
Change-Id: Iffd00f1953461e8dd22c123e62298410fb6e049c
Reviewed-on: https://chromium-review.googlesource.com/856816
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50480}
This reverts commit d30a8fa9b4.
Reason for revert: no-snap test failures here
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/17068
You need to update the whitelist in src/debug/debug-evaluate.cc.
I'm a bit surprised this only happens in no-snap builds.
Original change's description:
> Reimplement Object.entries/values as CSA to optimize performance.
>
> This implementation based on runtime implementation.
>
> Bug: v8:6804
> Change-Id: Ib8bfcc4648e44a999789237effc0275c5e4d9936
> Reviewed-on: https://chromium-review.googlesource.com/810504
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50477}
TBR=cbruni@chromium.org,jgruber@chromium.org,ishell@chromium.org,brn@b6n.ch
Change-Id: I1a0c8e3c054a57ca4d15f7a064ff4b28ca133b16
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6804
Reviewed-on: https://chromium-review.googlesource.com/859937
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50478}
Before this, only the [[ProxyHandler]] was set to null during revocation
of the Proxy through either the v8::Proxy::Revoke() or the
Proxy.revocable() API. To be consistent with the spec, the Proxy's
target is set to null as well. This change should not be observable
through JS, since the check for if the Proxy is revoked should always
use the handler. But the changed value is exposed through the public
v8::Proxy::GetTarget() API, which is used by the inspector API and
Node.js.
Also included is a much more comprehensive test for Inspector's support
for Proxy, which prior to this commit did not work as intended.
Bug:
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I727607ec2b3cea8642cd636573932c1e6bb5cc07
Reviewed-on: https://chromium-review.googlesource.com/854676
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50476}
Disallow using the PC as a base in LDR and instead provide a dedicated assembler
method for pc-relative loads. The reason for this is that the generic
`Assembler::ldr` method may decide to generate more instructions if the offset
is out of range, and if the PC was the base, we would get surprising
results. For example:
~~~
ldr r0, [pc, #0xcabba9e]
~~~
is not equivalent to:
~~~
movw ip, #0xba9e
movt ip, #0xcab
ldr r0, [pc, ip]
~~~
since the reference to the PC has moved down two instructions!
We could teach the assembler to handle those cases correctly, but pc-relative
loads are used in specific cases only so that's not necessary.
As a drive-by, remove a reference to code aging.
Bug:
Change-Id: I586d83a418db52cf28d3b524f889bf40f077998a
Reviewed-on: https://chromium-review.googlesource.com/847008
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#50475}
This fixes a long-standing TODO to only make a copy of a module's
wire bytes if the input is a SharedArrayBuffer and also fixes the
concurrent-modification bug for synchronous validation.
R=clemensh@chromium.org
BUG=chromium:794091
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I8d2f20a9aeedbc306434853f8f6cfc070a24cf97
Reviewed-on: https://chromium-review.googlesource.com/856559
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50472}
This reverts commit 8fbc6a05c1.
Reason for revert: https://crbug.com/800356
Original change's description:
> Optimize TypedArraySpeciesCreate using SpeciesProtector of Array
>
> If there is no constructor or species updates on Array or TypedArrays,
> then skip lookups of constructor and species so that we can create a new
> typed array quickly. This path makes TA.p.slice() 4x faster in fast
> cases.
>
> Bug: v8:7161
> Change-Id: Ib8d2a3f6b8b5ed356c5822a814164166d1285f64
> Reviewed-on: https://chromium-review.googlesource.com/828343
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50423}
TBR=jkummerow@chromium.org,jgruber@chromium.org,ishell@chromium.org,bmeurer@chromium.org,cwhan.tunz@gmail.com
Change-Id: Icca07564d2a83710852eb797bac25f1d5600696e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7161
Reviewed-on: https://chromium-review.googlesource.com/859156
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50470}
The types of the arguments length was wrong because it didn't include
the case of SMI_PARAMETERS. Fixing this by reverting to untyped nodes.
Bug:
Change-Id: Iebc2f1f4530f4f04418a0e200b7bb46938cb456f
Reviewed-on: https://chromium-review.googlesource.com/856981
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50466}
Port 2a50797d40
Original Commit Message:
This CL introduces a Context::kInvalidContext sentinel value to make clear that
no context is active. We silently accept smi 0 (= nullptr) as a non-set context
which usually was the default value making it hard to ensure whether this
happened on purpose or not.
R=cbruni@chromium.org, joransiu@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: If907db07b6e84696e3f9c1df937ed75bac54a987
Reviewed-on: https://chromium-review.googlesource.com/857587
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#50465}
As they're now equal, simplify some TF opcodes by restoring jssp from csp on
stack pointer switch. Also, remove some direct references to jssp.
Bug: v8:6644
Change-Id: I20ee54fc0d536809a0aa72def43337f83cc91685
Reviewed-on: https://chromium-review.googlesource.com/857457
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50462}
Inlining the EnqueueMicrotask logic into the various uses blows up the
snapshot size significantly. So instead of doing that we just turn the
operation into a dedicated builtin that we call from the various uses.
This still avoids the runtime function call overhead and maintains the
fast path without write barriers for the common case of the microtask
queue fitting into new space.
This also moves back the microtask helper CSA functions to the
specialized assembler.
Bug: v8:7253, chromium:799563
Change-Id: I2d24d0e5c01e442c5ad7f5d4373fbc6e94351ac5
Reviewed-on: https://chromium-review.googlesource.com/856618
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50461}
This is used in chromium for html attribute event handlers.
See blink layout test fast/events/event-function-toString.html
Bug: v8:4958
Change-Id: Ib3d88af834bbb62b4ccd4683eda743d92064b075
Reviewed-on: https://chromium-review.googlesource.com/837641
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50460}
--fuzzer-gc-analysis prints allocations count without need for
predictable mode.
--random_gc_interval is similar to --gc-interval with 2 differences:
1) Causes gc every random(0, X) allocations instead of constant X.
2) Doesn't update the allocation timeout when there is a GC for
different reason than timeout equals to 0.
Bug: v8:6972
Change-Id: I07ad935fc264a61069255c7358b4fcbe42bfb17a
Reviewed-on: https://chromium-review.googlesource.com/815214
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50456}
This reverts commit bf4cc9ee15.
Reason for revert: Breaks windows with msvc and linux with gcc
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/841https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/17265
Original change's description:
> [esnext] load `iterator.next` only once at beginning of iteration
>
> https://github.com/tc39/ecma262/pull/988 gained concensus during the
> september 2017 TC39 meetings. This moves the load of the "next" method
> to the very beginning of the iteration protocol, rather than during
> each iteration step.
>
> This impacts:
>
> - yield*
> - for-of loops
> - spread arguments
> - array spreads
>
> In the v8 implementation, this also affects async iteration versions of
> these things (the sole exception being the Async-From-Sync iterator,
> which requires a few more changes to work with this, likely done in a
> followup patch).
>
> This change introduces a new AST node, ResolvedProperty, which can be used
> as a callee by Call nodes to produce the same bytecode as Property calls,
> without observably re-loading the property. This is used in several
> AST-desugarings involving the iteration protocol.
>
> BUG=v8:6861, v8:5699
> R=rmcilroy@chromium.org, neis@chromium.org, adamk@chromium.org
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ib81106a0182687fc5efea0bc32302ad06376773b
> Reviewed-on: https://chromium-review.googlesource.com/687997
> Commit-Queue: Caitlin Potter <caitp@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50452}
TBR=rmcilroy@chromium.org,adamk@chromium.org,neis@chromium.org,caitp@igalia.com,caitp@chromium.org
Change-Id: I1797c0d596dfd6850d6f0f505f591a7a990dd1f1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6861, v8:5699
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/857616
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50454}
--stress-marking and --stress-scavenge flags with the value
greater than 0 enable additional tracking, allocation observers etc.
--fuzzer-analysis switches --stress-* flags into analysis mode,
which means that all allocation observers and additional checks
are still executed, but GC is not influenced by them. It also
provides analysis information needed by the fuzzer on the stdout.
Bug: v8:6972
Change-Id: I5ac45adb311441d57d5b951aeec036e689930e9f
Reviewed-on: https://chromium-review.googlesource.com/814536
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50453}
https://github.com/tc39/ecma262/pull/988 gained concensus during the
september 2017 TC39 meetings. This moves the load of the "next" method
to the very beginning of the iteration protocol, rather than during
each iteration step.
This impacts:
- yield*
- for-of loops
- spread arguments
- array spreads
In the v8 implementation, this also affects async iteration versions of
these things (the sole exception being the Async-From-Sync iterator,
which requires a few more changes to work with this, likely done in a
followup patch).
This change introduces a new AST node, ResolvedProperty, which can be used
as a callee by Call nodes to produce the same bytecode as Property calls,
without observably re-loading the property. This is used in several
AST-desugarings involving the iteration protocol.
BUG=v8:6861, v8:5699
R=rmcilroy@chromium.org, neis@chromium.org, adamk@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ib81106a0182687fc5efea0bc32302ad06376773b
Reviewed-on: https://chromium-review.googlesource.com/687997
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50452}
This switches the source positions consumed by {WasmFunctionBuilder} to
have type {size_t} instead of {int}. All checks for accidental loss due
to overflow in static casts can now be moved into one place.
R=clemensh@chromium.org
Change-Id: Id0b0da5fe799eac794c9d610c4c4c9a72a587b3f
Reviewed-on: https://chromium-review.googlesource.com/857196
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50449}
In Liftoff, we want to trace the cache state basically before or after
processing each instruction. Instead of duplicating this code
everywhere, introduce a new interface method {NextInstruction}, which
is called before each instruction.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Iea61738d200076690a8440a75a2fd90018efa43b
Reviewed-on: https://chromium-review.googlesource.com/852457
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50447}
This is a reland of f22156bf37.
Original change's description:
> [Liftoff] Rename kConstant to kI32Const
>
> This makes it more clear that we only store i32 values as constants in
> the cache state.
>
> R=ahaas@chromium.org
>
> Bug: v8:6600
> Change-Id: I3022e963e864c9c533cbb673bd8502481389799b
> Reviewed-on: https://chromium-review.googlesource.com/853870
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50437}
Bug: v8:6600
Change-Id: I4c28f379eab525a0c86866c39b2e6b55f7c5ab1a
Reviewed-on: https://chromium-review.googlesource.com/857017
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50446}
We were trying to disassemble the whole body of a function, including
safepoints and the constant pool. This lead to DCHECK errors on mips.
This CL fixes that, and adds printing of source positions.
It also fixes the output of instructions size to only contain the
instructions for both on-the-heap and off-the-heap code.
R=titzer@chromium.org
Bug: chromium:800233
Change-Id: Idb15a779680af7997eb78aea2a329189b684d53e
Reviewed-on: https://chromium-review.googlesource.com/856458
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50444}
Loop headers contain a stack check in wasm, hence an exception can be
thrown at the position of the loop instruction. This means that for
asm.js, we need to store a source position for each loop instruction.
R=mstarzinger@chromium.org
Bug: chromium:799690
Change-Id: I129abef11461992e2f10af8e6afc28ce1cf83341
Reviewed-on: https://chromium-review.googlesource.com/856338
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50443}
In d8 a script is executed in a RealmScope. However, all micro task
which are created by the script are not executed within the RealmScope
at the moment. With this CL I move the execution of the micro task into
the RealmScope.
I thought about creating a new RealmScope for the micro tasks, but
(1) It did not fix the crashing repro;
(2) It seems wrong that the micro tasks are executed in a different
realm than the script;
Therefore I just moved the execution of the micro tasks into the
RealmScope of the script.
Thereby I moved the execution tasks also into the Context::Scope of the
script. The problem is that the Context::Scope surrounds the RealmScope,
and when I to open the RealmScope before the Context::Scope, not even
the execution of the script works anymore.
R=yangguo@chromium.org
Bug: chromium:797846
Change-Id: If152af282beec8f0b0564dcc9682fee8588e142c
Reviewed-on: https://chromium-review.googlesource.com/856497
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50442}
This adds support for i32.eqz, i32.clz, and i32.ctz.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I0dd7c14cf98b68463edae7de3ced9a9d1f82de44
Reviewed-on: https://chromium-review.googlesource.com/852456
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50441}
- Remove unused deoptimization reasons.
- Replace most uses of kNoReason with an actual reason (some are new).
- Rename kNoReason to kUnknown.
Bug:
Change-Id: Ia8df54fca0f0f4885ef0c3523ce8f67b557a635d
Reviewed-on: https://chromium-review.googlesource.com/839421
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50440}
This reverts commit f22156bf37.
Reason for revert: Lots of compile errors. Try bots sloppy??
Original change's description:
> [Liftoff] Rename kConstant to kI32Const
>
> This makes it more clear that we only store i32 values as constants in
> the cache state.
>
> R=ahaas@chromium.org
>
> Bug: v8:6600
> Change-Id: I3022e963e864c9c533cbb673bd8502481389799b
> Reviewed-on: https://chromium-review.googlesource.com/853870
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50437}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I6e224d4aa03ff18d6d55e9f8d4726fac711c7665
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/857016
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50438}
This makes it more clear that we only store i32 values as constants in
the cache state.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I3022e963e864c9c533cbb673bd8502481389799b
Reviewed-on: https://chromium-review.googlesource.com/853870
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50437}
The checked node and used node were mismatched. It checked if
"var_unique" is a string, but it used "key" which may not be a string.
Bug: v8:4911, v8:7161, chromium:800077
Change-Id: Ia2aee8b77ac33500430365a4800bf9cca40a28fc
Reviewed-on: https://chromium-review.googlesource.com/855138
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50435}
This CL simply moves the implementation classes for WASM native
module serialization into the CC file and simplifies them a bit.
R=mstarzinger@chromium.org
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id560d2c35eb12bdd461f5d80cb5211a2f4f51684
Reviewed-on: https://chromium-review.googlesource.com/856677
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50434}
In collaboration with Qingyan Li <qingyan.liqy@alibaba-inc.com>.
R=jgruber@chromium.org, mlippautz@chromium.org
Bug: v8:7249
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I87f62103ec5b31de274fa22ad275f1c1bcb3ed86
Reviewed-on: https://chromium-review.googlesource.com/846750
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50433}
