Implement f32x4.pmin, f32x4.pmax, f64x2.pmin, and f64x2.pmax.
Due to the way minps/maxps/minpd/maxpd works [0], we swap lhs and rhs.
This is similar to the way TurboFan does this [1].
[0] "If the values being compared are both 0.0s (of either sign), the
value in the second operand (source operand) is returned." but pmin/pmax
wants to return the lhs (which follows the definition of std::min<T> in
C++ STL.)
[1]
https://source.chromium.org/search?q=instruction-selector-ia32.cc%20VisitPmin&ss=chromium%2Fchromium%2Fsrc:v8%2F
Bug: v8:10904
Change-Id: Ie58cae66cd48421c3ab40df33df979b0353b01ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2406593
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69889}
Add a separate mutex for the {debug_side_tables_} field. This ensures
that we can use {GetDebugSideTableIfExists} even if {mutex_} is already
locked.
R=ahaas@chromium.org
CC=clemensb@chromium.org
Bug: v8:10889
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: Icb67c45aec0cf66814705b83532f4833f36738e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402879
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69888}
We currently wait until baseline compilation is finished to finalize
export wrappers, but this can happen concurrently.
This change triggers export wrapper finalization as soon as the last
export wrapper is compiled, while background threads start compiling
baseline units.
R=clemensb@chromium.org
Bug: v8:9916
Change-Id: I945a8de7a917f6bc79e8a50431d8da530a901956
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400342
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69884}
The test now verifies that JavaScript programs can be executed
over the REPRL interface, that runtime exceptions can be detected,
and that the engine's state is properly reset between executions.
Change-Id: Ic8032c07e222307cbb4d332e7eaec61936a10ccd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2396082
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Samuel Groß <saelo@google.com>
Cr-Commit-Position: refs/heads/master@{#69883}
Concurrent allocation uses Isolate::is_profiling() to determine
whether logging is on. This races with the main thread when the
value in is_profiling is switched on/off by the cpu profiler.
Fix this by making is_profiling relaxed atomic. The profiler doesn't
turn off logging for correctness reasons, so it is fine when background
threads may read an old value and continue logging a bit longer. It is
also okay when background threads start logging again a bit longer when
profiling is stopped.
Bug: v8:10315
Change-Id: Id52d06f7a8239e10dfa63da38e761b2c00a2da4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404779
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69882}
Add support for DisallowGarbageCollection scope. This scope will be
introduced once this CL landed.
DisallowGarbageCollection works like DisallowHeapAllocation but also
disallows safepoints.
Bug: v8:10315
Change-Id: Ia7d777d4104b32810dd481ad9dbdf0edd075b6cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2395561
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69881}
CL in preparation of writing JavaScript-based log parsing tests.
- Return both temporary and normal log file in
Log::TearDownAndGetLogFile
- Add file_name accessor to Logger and Log classes
- Use separate Log::WriteLogHeader method
- Remove unused logger_ instance variable from Log
Bug: v8:10668
Change-Id: Ie1f6f92cc6c55fd1dc664cac95f481bc29da7e18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2407773
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69879}
This commit adds a check in Heap::AllocateRaw when setting the
large_object variable, when the AllocationType is of type kCode, to
take into account the size of the CodeSpace's area size.
The motivation for this change is that without this check it is
possible that size_in_bytes is less than 128, and hence not considered
a large object, but it might be larger than the available space
in code_space->AreaSize(), which will cause the object to be created
in the CodeLargeObjectSpace. This will later cause a segmentation fault
when calling the following chain of functions:
if (!large_object) {
MemoryChunk::FromHeapObject(heap_object)
->GetCodeObjectRegistry()
->RegisterNewlyAllocatedCodeObject(heap_object.address());
}
We (Red Hat) ran into this issue when running Node.js v12.16.1 in
combination with yarn on aarch64 (this was the only architecture that
this happed on).
Bug: v8:10808
Change-Id: I0c396b0eb64bc4cc91d9a3be521254f3130eac7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390665
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69876}
JSInliningHeuristic::Finalize did not take into account that by the
time it gets called some of the candidate nodes may have changed to
non-call operators.
Bug: chromium:1127319
Change-Id: I180ed36de98455be6b55790ba7bdb4391ff5fd5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409273
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69874}
LICENSE.valgrind is a stale copy of src/third_party/valgrind/LICENSE
Change-Id: I274ad8cbe4e347979a9152b3a31c4598d2525aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398458
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69873}
Changes:
- Add optional WasmModuleObject field to WasmGlobalObject
- Introduce DynamicTypeCheckRef. Use it to typecheck imported global
objects.
- Correctly typecheck imported WasmGlobalObjects.
- Add some testing infrastructure and one test file
Bug: v8:7748
Change-Id: Icc62d378d17696c5808d580f1ec84186c9556ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403248
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69872}
Currently is_linux GN variable is set to true on building Chrome OS
but it is planned to be set false. This CL is the preparation to
keep the compatibility.
Bug: chromium:1110266
Test: Built locally.
Change-Id: Ibb9a57269f5a147e372fd33a473d9514379e1c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2405847
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69870}
Optimized code that is marked for deoptimization is not considered
'attached' or 'available', but we still want to discard it prior to
serialization. Change JSFunction::CanDiscardCompiled to explicitly
check for this case.
Bug: v8:10881, v8:10869
Change-Id: Id573c21e331afdae28be4ab434d522249d1ac9be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409275
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69868}
This is a reland of 6798619a69
Original change's description:
> [d8] Add d8 global variable
>
> - Add a a "d8" global variable where d8 can provide helpers.
> This in in preparation of adding d8.log for testing our log parsers
> written in JavaScript.
>
> - Separate d8 helper creation into individual functions.
>
> Bug: v8:10668
> Change-Id: I84e434452463afb93ae403f890d8841b20b00703
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400990
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69801}
Tbr: verwaest@chromium.org
Bug: v8:10668
Change-Id: If3256ec4e11f01ef1dc5c2e61fa33ed6d7a6aee3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409274
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69867}
The stress-snapshot mode clears bytecode arrays from shared function
infos which the MarkCompactCollector later tries to access. The
simplest fix here is to disable incremental marking in this
specialized testing mode.
Bug: v8:10882
Change-Id: Ie0b5fc4c6411f0768b4e76d21fbd225dc56aab6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409277
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69866}
This skips the top outliers in debug mode and marks other tests as
slow that frequently flakily time out, see bug.
No=Try: true
Bug: v8:10909
Change-Id: I26b22cceba4a93496f340fe25af0685391fa762b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2407897
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69865}
This commit adds a static cast to CONSTEXPR_DCHECK in as_int().
The motivation for this is that currently this check generates the
following compiler warning:
/v8/src/objects/internal-index.h: In member function
‘constexpr int v8::internal::InternalIndex::as_int() const’:
/v8/src/objects/internal-index.h:44:29: warning:
comparison of integer expressions of different signedness:
‘const size_t’ {aka ‘const long unsigned int’} and ‘int’ [-Wsign-compare]
44 | CONSTEXPR_DCHECK(entry_ <= std::numeric_limits<int>::max());
| ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: I6adda356dbbe522221731a29f205213f1ba23755
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2407892
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69864}
Stress configurations cause maps to be GC'ed too early.
We now keep them alive by storing the object in a global variable.
Bug: v8:10892
Change-Id: If03c42612d9907b3b6d0df8bb2de879857a89e0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404774
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69862}
We need to construct Float32 nodes for f32x4, using Word32 operators
will cause the wrong register to be allocated, triggering a CHECK
failure.
Bug: v8:10507
Change-Id: I70842f1d61b90fed2407ee52af4bc5a6b1b82ba6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2399050
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69856}
F32x4 and F64x2 pmin and pmax were accepted into the proposal [0], this
removes all the ifdefs and todo guarding the prototypes, and moves these
instructions out of the post-mvp flag.
[0] https://github.com/WebAssembly/simd/pull/122
Bug: v8:10904
Change-Id: I4e0c2f29ddc5d7fc19a209cd02b3d369617574a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2405802
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69855}
... by unparking the local heap before accessing the handles.
Bug: v8:7790
Change-Id: I0910fd8ad2a1e9cbbf312acb4f26358a09891f0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404455
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69852}
Only for the interpreter.
Change-Id: I2456a7d6b385b3b8ebcb3ff8782ea5586289bea6
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400343
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69851}
FLAG_local_heaps needs to be set before creating the context, otherwise
the StressConcurrentAllocatorTask is already started. Setting the flag
then races with background thread, which checks FLAG_local_heaps while
creating LocalHeap.
Bug: v8:10315
Change-Id: If6de748ec174dffb94a2582d24e37d24586ee95a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404823
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69850}
Currently, the generic wrapper is used for i32 and i64 params and 0 or 1
i32 return value.
Bug: v8:10701
Change-Id: I8c47e78fa9beeda01bdb647e1fcf9ebe6baf1ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403243
Commit-Queue: Eva Herencsárová <evih@google.com>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69849}
We used to store MinimorphicPropertyAccessInfo indexed on the feedback
slot id. This works fine when there is no inlining but returns the
wrong access information when functions are inlined. Index it
based on FeedbackSource to avoid these problems.
Bug: v8:10582,chromium:1125871
Change-Id: Id01010f3153f7e21495d73899a8604a64417ae95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2401426
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69845}
Since the AllowHandleDereference scope doesn't happen for
kNeverSerialized (see https://crrev.com/c/v8/v8/+/2402033),
there is no need to have the extra if.
Bug: v8:7790
Change-Id: I4c9f93d2e754625e7b30aee61e2b502161bd60c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404770
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69843}
This optimization does not work when the stack arguments are reversed.
Change-Id: Ib543e6ca234cc70708909e0b3cd474b1309ec40e
Bug: chromium:1126769, v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404775
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69842}
The problem here was that IncrementalMarking::Step was invoking
new_space()->ResetOriginalTop() which sets original_top to the current
top. IncrementalMarking::Step could be invoked during
InvokeAllocationObservers(), which is called right after acquiring a
new LAB and allocating the first object in it. However this first
allocation might be from generated code with allocation folding enabled.
The generated code might not use all of the memory it allocated and in
that process move top backwards again. Nevertheless
InvokeAllocationObservers() could already set original_top to the
current top. If the generated code later not uses all of that
memory, original_top can be bigger than top.
Fix this problem by ensuring that original_top always equals the LAB
start. Each time LAB start is moved/accounted for, original_top is now
updated as well for the new space. Also IncrementalMarking::Step()
isn't allowed to move original_top anymore.
Bug: chromium:1116278, v8:10315
Change-Id: Ib18a0b07e2665b8ba933555387b84329cbecdf5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398519
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69840}
