Commit Graph

66306 Commits

Author SHA1 Message Date
Zhi An Ng
53b9ee3765 [wasm-simd] Add extended multiply to fuzzer
Bug: v8:11262
Change-Id: Ic83cf2752ebaffb589ac72206c25005145b0b8c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589067
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71814}
2020-12-17 03:29:14 +00:00
Zhi An Ng
741e5a66de [wasm-simd][ia32][x64] More optimization for f32x4.extract_lane
We can have more optimizations for this instruction, they leave some
junk in the top lanes of dst, but that doesn't matter:

- when lane is 1: we use movshdup, this is 4 bytes long
- when lane is 2: use movhlps, this is 3 bytes long
- otherwise use shufps (4 bytes) or pshufd (5 bytes)

All of which are better than insertps (6 bytes).

Change-Id: I0e524431d1832e297e8c8bb418d42382d93fa691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2591850
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71813}
2020-12-17 01:58:52 +00:00
Zhi An Ng
08c2c0059d [wasm-simd] Move extended multiply out of post-mvp
Bug: v8:11262
Change-Id: Iefe32dbf20e4c511a3f1d56ce7dc53c2bc2da112
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589066
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71812}
2020-12-17 01:44:12 +00:00
Zhi An Ng
1f2cc01a1b [wasm-simd][x64] Use Movaps to get AVX version if supported
Use Movaps so that when AVX is supported we get vmovaps, this avoids
mixing SSE and AVX code.

Change-Id: Icbcefa42bd368bed1a30f5f790ea6c5cea564e26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2591856
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71811}
2020-12-17 00:45:32 +00:00
Jakob Kummerow
362e4c0866 Revert "[wasm-gc] Liftoff support part 5: i31"
This reverts commit a3ce2f6da2.

Reason for revert: speculative revert due to waterfall unhappiness (looks like bot weirdness though?)

Original change's description:
> [wasm-gc] Liftoff support part 5: i31
>
> This implements support for i31.get_s and i31.get_u.
>
> Bug: v8:7748
> Change-Id: Icbfddbc2ff46b4eb6bf3edf7b3a794f9797361d4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595309
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71808}

TBR=jkummerow@chromium.org,clemensb@chromium.org

Change-Id: I5050f16fdaf355d178935f523a9bec516302d2a1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596337
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71810}
2020-12-17 00:03:14 +00:00
Milad Fa
07f0b7a4c8 PPC/s390: Reland "[Turboprop] Move dynamic check maps immediate args to deopt exit."
Port 7bdb0fbb81

Original Commit Message:

    This is a reland of b2a611d815

    Original change's description:
    > [Turboprop] Move dynamic check maps immediate args to deopt exit.
    >
    > Rather than loading the immediate arguments required by the
    > dynamic check maps builtin into registers in the fast-path,
    > instead insert them into the instruction stream in the deopt
    > exit and have the builtin load them into registers itself.
    >
    > BUG=v8:10582
    >
    > Change-Id: I66716570b408501374eed8f5e6432df64c6deb7c
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589736
    > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
    > Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
    > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#71790}

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I83fc0f3e3ebcf19ca4303e50aae94d7b353cd0ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595708
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71809}
2020-12-16 23:44:12 +00:00
Jakob Kummerow
a3ce2f6da2 [wasm-gc] Liftoff support part 5: i31
This implements support for i31.get_s and i31.get_u.

Bug: v8:7748
Change-Id: Icbfddbc2ff46b4eb6bf3edf7b3a794f9797361d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595309
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71808}
2020-12-16 23:29:52 +00:00
Milad Fa
45414e119a PPC/s390: [wasm-gc] Liftoff support part 3: arrays
Port 3dffdf037b

Original Commit Message:

    This adds support for the following instructions:
    ref.eq, array.new_with_rtt, array.new_default_with_rtt,
    array.get, array.set, array.len.

R=jkummerow@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I5e517967648251f9babbabe4dc9148a5432aa58e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595927
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71807}
2020-12-16 23:28:32 +00:00
Shu-yu Guo
03446c6e4b Revert "[wasm-gc] Liftoff support part 4: subtyping"
This reverts commit dc369749c7.

Reason for revert: nosse variant failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/33279/overview

Original change's description:
> [wasm-gc] Liftoff support part 4: subtyping
>
> This adds support for the following instructions:
> struct.new_default, rtt.sub, ref.test, ref.cast
>
> Bug: v8:7748
> Change-Id: I7423ddd7a83c80cb1e82c620780c27bec59ec762
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593341
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71805}

TBR=jkummerow@chromium.org,clemensb@chromium.org

Change-Id: I06bb493852223aecf221c9149bc7b034b1fb13ad
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596497
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71806}
2020-12-16 23:26:06 +00:00
Jakob Kummerow
dc369749c7 [wasm-gc] Liftoff support part 4: subtyping
This adds support for the following instructions:
struct.new_default, rtt.sub, ref.test, ref.cast

Bug: v8:7748
Change-Id: I7423ddd7a83c80cb1e82c620780c27bec59ec762
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593341
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71805}
2020-12-16 19:34:42 +00:00
Ross McIlroy
e63347c511 [Turboprop] Enable turbo_direct_heap_access with Turboprop
Concurrent inlining is enabled for TurboProp compiles, but we don't
enable the --concurrent-inlining flag so don't also set the implied
turbo_direct_heap_access flag. This CL fixes this.

BUG=v8:9684

Change-Id: I298febdf7c466385047f420d4c33ca0162778210
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593344
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71804}
2020-12-16 19:06:03 +00:00
Ross McIlroy
7bdb0fbb81 Reland "[Turboprop] Move dynamic check maps immediate args to deopt exit."
This is a reland of b2a611d815

Original change's description:
> [Turboprop] Move dynamic check maps immediate args to deopt exit.
>
> Rather than loading the immediate arguments required by the
> dynamic check maps builtin into registers in the fast-path,
> instead insert them into the instruction stream in the deopt
> exit and have the builtin load them into registers itself.
>
> BUG=v8:10582
>
> Change-Id: I66716570b408501374eed8f5e6432df64c6deb7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589736
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71790}

TBR=tebbi@chromium.org,gsathya@chromium.org

Bug: v8:10582
Change-Id: Ieda0295ee135bff983c67c3f04bb47115f0a2739
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595311
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71803}
2020-12-16 18:38:52 +00:00
Sathya Gunasekaran
7bf6d477d4 [runtime] Use instance type checks in LookupIterator::UpdateProtector
Instead of looking up the specific maps in every native context, just
check against the instance type.

Bug: v8:11256
Change-Id: Ib50d599c014c95b03ba3260014dfcbd9ec82982c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593337
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71802}
2020-12-16 17:56:10 +00:00
Milad Fa
67ac2a7d55 PPC/s390: [macro-assembler] Avoid using the isolate in CallRecordWriteStub
Port 6b3994e850

Original Commit Message:

    CallRecordWriteStub is used in a background compile thread for
    JS-to-Wasm wrapper compilation, so it should avoid accessing the
    isolate.
    Call the builtin using CallBuiltin which does not require a Handle<Code>
    object and instead gets the call target directly from the embedded data.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ibf3cb676b15d3ab946c673e38c454c8050ff1435
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595292
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71801}
2020-12-16 17:09:10 +00:00
Victor Gomes
ae78e0c02a [codegen] Add DCHECK in GetRegisterParameter
Change-Id: I49fad3cef572a1f5b3d01d8245335622cbb4be0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2594778
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71800}
2020-12-16 17:02:20 +00:00
Sathya Gunasekaran
15c227befb [runtime] Fix TypedArrayPrototype protector cell checks
Previously, we were looking up the prototype of the receiver and
checking that against %TypedArrayPrototype% before invalidating the
protector cell.

This is incorrect as it's possible to patch the prototype and then
change the constructor property, bypassing this check.

This CL adds a new instance type to prototype of all TypedArray
constructors and checks the receiver against this instance type.

TBR: tebbi@chromium.org
Bug: v8:11274, v8:11256
Change-Id: I2ff6280e4cf820b06c5593fe4addd36f7ac656c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2594776
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71799}
2020-12-16 16:31:00 +00:00
Manos Koukoutos
62355eeb2c [turbofan] Add MachineRepresentation argument to LoopExitValue
LoopExitValue nodes can be used as inputs to Phis in loop optimizations.
To do this, we need to know the machine representation that needs to be
passed to the new Phi node. This CL adds a MachineRepresentation
argument to LoopExitValue nodes, as well as a helper to extract it.
Since the MachineRepresentation is not used by JS compilation, nodes
generated during JS compilation are passed kTagged as a default value.

Change-Id: I925f382d5e6988d8fad3de7a6db231e871d6ed36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578983
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71798}
2020-12-16 16:27:50 +00:00
Peter Marshall
106a47fd90 [cpu-profiler] Enable deopt test
There is a race in the way we handle deopts that made this test flaky.
The race is not hugely important to fix, and is difficult without
breaking something else.

The best thing to do here is update the test to reflect reality so we
can get the test coverage back.

This updates the test so that the deopt reason can be found either
on the first or second level function. The test assumed it would
always be available on the second level function in the profile,
but if we get a regular profile tick at the exact wrong time, we
could end up with the deopt info getting attached to the first level
function. So we accept either.

Bug: v8:5193
Change-Id: Ia43880ebafd1341a514b3143dc215514b5dccf15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2594775
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71797}
2020-12-16 16:21:10 +00:00
Jakob Kummerow
3dffdf037b [wasm-gc] Liftoff support part 3: arrays
This adds support for the following instructions:
ref.eq, array.new_with_rtt, array.new_default_with_rtt,
array.get, array.set, array.len.

Bug: v8:7748
Change-Id: I93c4a6676acc8b0ac035dd50762be6a1cc545a57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593340
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71796}
2020-12-16 16:10:58 +00:00
Pierre Langlois
3650b36542 [perf-prof] Make sure filenames are correctly null-terminated.
JS script names in debug info entries need to be null-terminated, the
terminator included in the length. However, SeqOneByteString's GetChars
returns raw pointer that's not null terminated.

Bug: chromium:1159164
Change-Id: Id00f72dc831fa1ae48a458a1d4476ada4730be54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593345
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#71795}
2020-12-16 15:58:04 +00:00
Dominik Inführ
9aaf874a1c [heap] Move completion of sweeping before actual GC
This CL completes sweeping in Heap::PerformGarbageCollection before
invoking the actual collection. Collection code can now assume that
sweeping was already finished.

This helps with emitting the right epoch for sweeping and avoids a
data-race when updating the epoch while sweeping tasks are still running.

Bug: chromium:1154636
Change-Id: Ic9c4ac49568199d0ea48f17eea132079defe74a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573478
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71794}
2020-12-16 15:32:54 +00:00
Clemens Backes
a1ec77e610 Revert "[Turboprop] Move dynamic check maps immediate args to deopt exit."
This reverts commit b2a611d815.

Reason for revert: Several failures on https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/3743/overview

Original change's description:
> [Turboprop] Move dynamic check maps immediate args to deopt exit.
>
> Rather than loading the immediate arguments required by the
> dynamic check maps builtin into registers in the fast-path,
> instead insert them into the instruction stream in the deopt
> exit and have the builtin load them into registers itself.
>
> BUG=v8:10582
>
> Change-Id: I66716570b408501374eed8f5e6432df64c6deb7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589736
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71790}

TBR=rmcilroy@chromium.org,gsathya@chromium.org,tebbi@chromium.org

Change-Id: I4c56bee156ffcea8de0aeaff9ac1bf03e03134c9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595308
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71793}
2020-12-16 15:31:09 +00:00
Jakob Kummerow
e7be15c7b5 [wasm-gc][builtins] Migrate WasmAllocateArrayWithRtt to Torque
This is useful in particular as preparation for calling
this builtin from Liftoff code (where we don't have access
to a Context).

Bug: v8:7748
Change-Id: Ie1a10a0487a99a1e6b75693da1554d7af28e7924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593256
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71792}
2020-12-16 15:04:14 +00:00
Sathya Gunasekaran
33fb2319b2 [runtime] Add new instance types for common prototype objects
In the future, these instance types will be used for fast range checks
rather than the current slow individual map checks.

Bug: v8:11256
Change-Id: I4ad7d5259fbd46c3272a80996a5ac45a400d1f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2590040
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71791}
2020-12-16 14:46:14 +00:00
Ross McIlroy
b2a611d815 [Turboprop] Move dynamic check maps immediate args to deopt exit.
Rather than loading the immediate arguments required by the
dynamic check maps builtin into registers in the fast-path,
instead insert them into the instruction stream in the deopt
exit and have the builtin load them into registers itself.

BUG=v8:10582

Change-Id: I66716570b408501374eed8f5e6432df64c6deb7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589736
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71790}
2020-12-16 14:44:05 +00:00
Milad Fa
30eef5475a [wasm-gc] skip tests on unsupported platforms.
Change-Id: I1109da446b53179b366a30db3ddc1cd1973d0d28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593647
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71789}
2020-12-16 14:13:04 +00:00
Dominik Inführ
666418d54b [test] Disable test with stress_concurrent_allocation
Test creates out-of-memory condition. Running that test in the
stress_concurrent_allocation variant might lead to "ineffective GCs"
failure before going OOM. Simply do not run this test for that variant.


Bug: v8:11272
Change-Id: I114686ec345f7a38f871347b62983d7591dc6ba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2594769
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71788}
2020-12-16 13:49:14 +00:00
Zhi An Ng
76f9ee6137 [wasm-simd][ia32] Fix DCHECK in f64x2.extract_lane
f64x2.extract_lane can only extract lane 0 or 1. Fix the DCHECK to check
for the appropriate lane values.

Change-Id: I62d5e34ce01e0fa66609fb1fed7979bf2782bb74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589057
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71787}
2020-12-16 13:27:34 +00:00
Andreas Haas
8656a594ab [wasm][liftoff] Fix stack check safepoints for arm, arm64, and ia32
Registers are spilled differently on arm and intel platforms.
Additionally, on arm64 registers are spilled with padding. Therefore
the code for safepoint information for spilled registers is platform-
dependent now.

Additionally the alignment of the frame size is done before the
out-of-line code now, so that the safepoint indices can be calculated
correctly for spilled registers in out-of-line code.

Finally, some code was unimplemented on ia32 and arm, which I added
now.

R=thibaudm@chromium.org

Bug: v8:7581, v8:10929
Change-Id: Ia9b824dfc74cafa9ec3cc0d308fb18b485afd715
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584952
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71786}
2020-12-16 13:21:29 +00:00
Thibaud Michaud
6b3994e850 [macro-assembler] Avoid using the isolate in CallRecordWriteStub
CallRecordWriteStub is used in a background compile thread for
JS-to-Wasm wrapper compilation, so it should avoid accessing the
isolate.
Call the builtin using CallBuiltin which does not require a Handle<Code>
object and instead gets the call target directly from the embedded data.

R=clemensb@chromium.org

Bug: chromium:1146813
Change-Id: I4ee59084e4184f2e9039208e4e6db43482cefde6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593333
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71785}
2020-12-16 13:20:24 +00:00
Clemens Backes
43d61196b0 [wasm] Remove unused parameter from Drop
Neither Liftoff nor the WasmGraphBuildingInterface use the parameter,
hence drop it.

R=jkummerow@chromium.org

Change-Id: Ia7f2b81dfc95f31c27e12d4ada07c5603a34abff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593335
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71784}
2020-12-16 13:17:44 +00:00
Almothana Athamneh
56354ab357 Add official builder for mac-arm64 release and debug
Bug: v8:11264
Change-Id: I9e1302a499ba6b32e9d93d81e922c9f318c2ba07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593252
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71783}
2020-12-16 13:02:24 +00:00
Clemens Backes
8619422e2c [wasm][test] Remove an unneeded pointer
We were storing the pointer to the WasmModule both as a shared_ptr and
as a raw pointer. Maybe this had historical reasons, but now it's just
redundant.

R=thibaudm@chromium.org

Change-Id: Id72d102b6df804f93e3ab0235eeceef91a6dd8fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593334
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71782}
2020-12-16 12:43:04 +00:00
Clemens Backes
1f7e126fdd [wasm] Move members from WasmRunner to WasmRunnerBase
This moves some fields and methods from the WasmRunner template to the
WasmRunnerBase base class. This avoids repeated compilation for the
different instantiations of the WasmRunner template.

Additional changes:
- SetUpTrapCallback, SetThreadInWasmFlag, and ClearThreadInWasmFlag are
  static now.
- CheckUsedExecutionTier is unused, and did not even compile any more.
  In the template class this was OK, because it's only compiled on first
  use.

R=thibaudm@chromium.org

Change-Id: I485729cf4a1fd93fe6abb0be269694f0179fc4ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593331
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71781}
2020-12-16 10:44:39 +00:00
Jakob Kummerow
67f0733e32 [cleanup] Add .cache to .gitignore
Recent versions of clangd put lots of stuff into .cache,
cluttering `git status` output.

No-Try: true
Change-Id: I0b5d78a8b2813bd11ad1f0d32bc8ea314103fe19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593255
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71780}
2020-12-16 10:37:28 +00:00
Michael Achenbach
84f9ef3c07 Whitespace change to trigger builders
Change-Id: Ib4d7e86ab38669443f52c02e6e7c16ab28496238
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593343
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71779}
2020-12-16 10:08:26 +00:00
Michael Achenbach
24f1e251ca Whitespace change to trigger builders
Change-Id: I97405198ab40fe15dc6989707ca3a774edd3e838
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593342
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71778}
2020-12-16 09:42:23 +00:00
Dominik Inführ
893f32fe9e Reland^3 [heap] Add epoch to GC tracing events
This is a reland of b614cd78c3

Original change's description:
> Reland "Reland "[heap] Add epoch to GC tracing events""
>
> This is a reland of 3238162da7
>
> No changes since the last reland.
>
> Original change's description:
> > Reland "[heap] Add epoch to GC tracing events"
> >
> > This is a reland of be52501d52
> >
> > Fix data race by not emitting the epoch for sweeper background jobs
> > at them moment.
> >
> > Original change's description:
> > > [heap] Add epoch to GC tracing events
> > >
> > > This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute
> > > to the trace event. Use TRACE_GC_EPOCH for top-level events, nested
> > > events can get the information from its parent.
> > >
> > > V8's GC needs an epoch for young and full collections, since scavenges
> > > also occur during incremental marking. The epoch is also process-wide,
> > > so different isolates do not reuse the same id.
> > >
> > > Change-Id: I8889bccce51e008374b4796445a50062bd87a45d
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247
> > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#71521}
> >
> > Change-Id: Ib8f4bfdc01c459955eb6db63bb6e24a8aa068f09
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567702
> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#71567}
>
> TBR=ulan@chromium.org,dinfuehr@chromium.org
>
> Change-Id: I09dcfabbad4ef1ad50e02a227282982cd7d87997
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2571122
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71609}

Change-Id: I89dfa5c7658197348a39be51b75dba77bfd4a70b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2577470
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71777}
2020-12-16 06:46:46 +00:00
Daniel Clark
8ae4dc4088 [modules][api] Implement HostGetSupportedImportAssertions
Implement the HostGetSupportedImportAssertions, whose purpose
is to filter the list of import assertions exposed to the embedder to
only those assertion with keys that the embedder recognizes. See
https://tc39.es/proposal-import-assertions/#sec-hostgetsupportedimportassertions.

This change doesn't actually implement it as a callback, but instead
passes the supported assertions during creation of the Isolate via
CreateParams. This expresses clearly the requirement that the supported
assertions must never change for the lifetime of the Isolate.

Note that we still need to maintain all assertions in a map
while parsing the import assertions clause, because duplicate keys for
an unsupported assertion still needs to be detected as a parse error. So,
the filtering is done later during
SourceTextModuleDescriptor::AstModuleRequest::Serialize.

The actual filtering algorithm simply iterates the assertions and the
supported assertion keys in a nested loop. There's currently only one
assertion in use ("type"), so there should be no reason to get too
clever here unless at least several more assertions are generally
supported.

Bug: v8:10958
Change-Id: I9a2d965e9d452718d0ddfe9dca55b7b4ed963019
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2572173
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71776}
2020-12-16 03:48:45 +00:00
Zhi An Ng
5f4b0e47a9 [wasm-simd][x64] Fix definition of Shufps
The definition of Shufps is wrong, we are incorrectly passing 0 as the
immediate in all cases. No tests broke because we only used Shufps for
splats, which has imm8 == 0 anyway.

Also, it was using movss, which only moves a single 32-bit. Because we
were using it only for f32x4 splat, this ended up being enough (imm8 ==
0 meant that we only shuffled the low 32-bit). This is fixed to use
movaps, which moves the entire 128-bit register.

Also tweak the definition of Shufps to take 4 arguments. `vshufps dst,
src1, src2, imm8` shuffles src1 and src2 into dst. `shufps dst, src,
imm8`, shuffles dst and src into dst.

So `Shufps(dst, src, imm8)` is ambiguous in the AVX case, it could be:
1. vshufps(dst, src, src, imm8), or
2. vshufps(dst, dst, src, imm8)

2. is more likely to be the intended behavior, but it introduces a false
dependency on the value of dst.

With `Shufps(dst, src1, src2, imm8)`, it is clearer what the behavior
should be:
1. shufps(dst, src2, imm8) matches the AVX behavior IFF dst == src1.

Change-Id: I60dc4ec868023d28d00f2b09d2c53b82a729bc4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2591849
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71775}
2020-12-16 01:43:55 +00:00
Milad Fa
28740a36dc PPC/s390: [wasm-gc] Liftoff support part 2
Port 5e18ab5019

Original Commit Message:

    This adds support for the following instructions:
    br_on_null, ref.as_non_null, br_on_cast, i31.new

R=jkummerow@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ia234f2749e401feeaf68e6b7f0b1ba2403eaa77d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593648
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71774}
2020-12-15 22:08:05 +00:00
Jakob Kummerow
5e18ab5019 [wasm-gc] Liftoff support part 2
This adds support for the following instructions:
br_on_null, ref.as_non_null, br_on_cast, i31.new

Bug: v8:7748
Change-Id: I210b8979327ea0031f89748b71b51abbac10bb8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2590041
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71773}
2020-12-15 20:38:24 +00:00
Ross McIlroy
4faf8b52bf [TurboFan][TurboProp] Optimize bytecode iterator.
Optimize BytecodeArrayRandomIterator to reserve roughly the right
size index array based on bytecode array length. Also save the
bytecode length in BytecodeArrayAccessor to avoid a more expensive
heap read accessor on BytecodeArray.

BUG=v8:9684

Change-Id: I7f85439877dbfc5ccf5aacc9d4006bd285f1c891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593330
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71772}
2020-12-15 18:11:34 +00:00
Mike Stanton
13921eb704 [turbofan] Update Node type in JSTypedLowering::ReduceJSToNumeric
ReduceJSToNumeric() can fail to update the node type after changing
it's operator to JSToNumeric.

BUG=chromium:1158049

Change-Id: Iaabb3676f8ad9563903b81de2e7eecdcc92cbc0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593336
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71771}
2020-12-15 17:25:34 +00:00
Pierre Langlois
b68466f4c9 [perf-prof] Re-enable line information for JS jitted code.
This fixes a typo that meant we stopped generating debugging information
in the JIT dump for perf to consume.

Change-Id: I75c8905617ac6e03fb522639f36a8137f3f124e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593253
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#71770}
2020-12-15 17:20:14 +00:00
Dominik Inführ
f03196baa6 [test] Test for maximum capacity before growing
NewSpace::Grow shouldn't be invoked when the maximum semi space size
was already reached.

Bug: v8:11199
Change-Id: I78ba71b7a043f0a515be188f2023e301d6bc6eed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584864
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71769}
2020-12-15 16:37:34 +00:00
Dominik Inführ
f6ae3c477b [heap] Ensure GetMaxConcurrency() > 0 when there is still work left
GetMaxConcurrency() needs to return a value greater than 0 when there
is work left. When the return value is 0, no more items are processed.

With Minor MC it could happen that GetMaxConcurrency() returned 0 when
there were no old-to-new-slots even though there were still items left
to process. This CL fixes this and adds a DCHECK to ensure this doesn't
happen again.

Change-Id: Ia971c232564bcb0b0d305e76371a3a8e82f46229
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593247
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71768}
2020-12-15 15:53:24 +00:00
Ross McIlroy
6544a1e40b [TurboFan] Avoid serializing BytecodeAnalysis
The SerializerForBackgroundCompilation needs bytecode analysis for loop
target analysis, but doesn't require the much more expensive liveness
analysis. In order to move more work off the main thread, perform fast
bytecode analysis without liveness analysis in
SerializerForBackgroundCompilation, and then move the full bytecode
analysis to the background thread in BytecodeGraphBuilder.

BUG=v8:7790,v8:9684

Change-Id: I63ef80ecab8ad0c56953c72be31abc8f5a74b9c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593329
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71767}
2020-12-15 15:51:05 +00:00
Thibaud Michaud
8eb97f5a4b [wasm][eh] Add delegate instruction to the EH prototype
Drive-by: remove reference to BrOnExnNull in wasm-module-builder.js.

R=clemensb@chromium.org
CC=aheejin@chromium.org

Bug: v8:8091
Change-Id: I42821b21c32fe8bf3410e75cf81bbff9678d3fa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575059
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71766}
2020-12-15 14:34:44 +00:00
bcoe
dfcdf7837e [coverage] fix greedy nullish coalescing
The SourceRangeScope helper was consuming too many characters, instead
explicitly create SourceRange, based on scanner position.

Bug: v8:11231
Change-Id: I852d211227abacf867e8f1ab3e3ab06dbdba2a9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2576006
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71765}
2020-12-15 14:28:44 +00:00