fixed Abort() calling sequence on platforms with function descriptors by taking
function descriptor of the External Reference object into account when calling
C code.
Change-Id: I54c04a5f1774f2768380cc5c95b1b807204335ce
Reviewed-on: https://chromium-review.googlesource.com/c/1258186
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56356}
In C to WASM stubs, when number of parameters is more than 5, or
anything requires stack arguments, current linkage is faulty
because of missing STACK_SHADOW_WORDS
Drive-by: Also cleanup s390 code which is not supported anymore.
R=joransiu@ca.ibm.com
Change-Id: I7405c32fd94e158e6868f9ce7d4390c995078dbb
Reviewed-on: https://chromium-review.googlesource.com/c/1257269
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56352}
This is part of clean-up for a new Clang warning that we'd like to
enable. This patch addresses all warnings from V8 that I saw in a full debug
build of Chromium on Linux.
../../v8/src/reloc-info.h:405:18: warning: explicitly defaulted move assignment
operator is implicitly deleted [-Wdefaulted-function-deleted]
RelocIterator& operator=(RelocIterator&&) = default;
^
../../v8/src/reloc-info.h:447:13: note: move assignment operator of
'RelocIterator' is implicitly deleted because field 'mode_mask_' is of
const-qualified type 'const int'
const int mode_mask_;
^
../../v8/src/wasm/baseline/liftoff-compiler.cc:111:36: warning: explicitly
defaulted move constructor is implicitly deleted [-Wdefaulted-function-deleted]
MOVE_ONLY_NO_DEFAULT_CONSTRUCTOR(LiftoffCompiler);
^
../../v8/src/wasm/baseline/liftoff-compiler.cc:1834:20: note: move constructor
of 'LiftoffCompiler' is implicitly deleted because field 'asm_' has a deleted
move constructor
LiftoffAssembler asm_;
^
../../v8/src/wasm/wasm-debug.cc:95:3: warning: explicitly defaulted move
assignment operator is implicitly deleted [-Wdefaulted-function-deleted]
MOVE_ONLY_NO_DEFAULT_CONSTRUCTOR(InterpreterHandle);
^
../../v8/src/wasm/wasm-debug.cc:98:19: note: move assignment operator of
'InterpreterHandle' is implicitly deleted because field 'interpreter_' has a
deleted move assignment operator
WasmInterpreter interpreter_;
^
../../v8/src/wasm/wasm-interpreter.h:211:35: note: copy assignment operator of
'WasmInterpreter' is implicitly deleted because field 'internals_' is of
const-qualified type 'v8::internal::wasm::WasmInterpreterInternals *const'
WasmInterpreterInternals* const internals_;
^
Bug: chromium:890307
Change-Id: Idfc5827f24821212081a006c4329c466c4576bcc
Reviewed-on: https://chromium-review.googlesource.com/c/1256863
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56351}
By moving the block range end to left of closing bracket,
we can avoid ambiguity where an open-ended singleton range
could be both interpreted as inside the parent range, or
next to it.
R=verwaest@chromium.org
Bug: v8:8237
Change-Id: Ibc9412b31efe900b6d8bff0d8fa8c52ddfbf460a
Reviewed-on: https://chromium-review.googlesource.com/1254127
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56347}
The root register is not available in JS-to-Wasm functions, and
this was not reflected in the linkage. Similarily, it is not
available in C-to-Wasm functions.
Change-Id: I2dbfd06ef99d6f9b9940e9489f563441d9ebfabd
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1256766
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56346}
Int64AbsWithOverflow should have 2 return value, the 2nd one should
indicate whether it's overflow or not.
This causes a debug failure on s390x.
Change-Id: I2874227751d5874b47e63fed9e8f085f5165a44d
Reviewed-on: https://chromium-review.googlesource.com/1255642
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56343}
We can call FeedbackTypeOf before the switch statement to avoid
generating callsites for every operation. This CL saves 4 KiB binary
size.
Bug: v8:8238
Change-Id: I0f9d7a155e0cec219306ca1fb35f1eb9ff18a36f
Reviewed-on: https://chromium-review.googlesource.com/1254207
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56340}
Don't re-log all existing functions during StartProcessorIfNotStarted().
They will already be in the CodeMap attached to the ProfileGenerator and
re-logging them causes leaks. See the linked bug for more details.
Bug: v8:8253
Change-Id: Ibb1a1ab2431c588e8c3a3a9ff714767cdf61a88e
Reviewed-on: https://chromium-review.googlesource.com/1256763
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56336}
In particular, recognize builtins' values accesses and direct accesses
to external reference values. For example:
REX.W leaq rax,[r13+0x47a0]
REX.W leaq rbx,[r13+0x80b0]
turns into
REX.W leaq rax,[r13+0x47a0] (builtin (RecordWrite))
REX.W leaq rbx,[r13+0x80b0] (external value (Isolate::context_address))
This CL also extends the via-root-register-accessible region to the
whole Isolate object.
Bug: v8:8238
Change-Id: I218d8589690579919cfa01b2f3c3094af0e73c51
Reviewed-on: https://chromium-review.googlesource.com/1251550
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56332}
MIPS architecture doesn't have support for 64-bit atomics.
It is possible to implement them using 32-bit atomics,
but the process is involved and takes time. For the time
being support 64-bit atomics using runtime.
Bug: v8:8100
Change-Id: I8c732ea9975c46be70643a1e722d78938c8a70de
Reviewed-on: https://chromium-review.googlesource.com/1251521
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56331}
This improves the performance on primitive strings of
IterableToListWithSymbolLookup, which implements the
CreateArrayFromIterable bytecode. The fast path is only
taken if the string iterator protector is valid (that is,
String.prototype[Symbol.iterator] and
String.prototype[Symbol.iterator]().next are untouched).
This brings spreading of primitive strings closer to the
performance of the string iterator optimizations.
(see https://docs.google.com/document/d/13z1fvRVpe_oEroplXEEX0a3WK94fhXorHjcOMsDmR-8/).
Bug: chromium:881273, v8:7980
Change-Id: Ic8d8619da2f2afcc9346203613a844f62653fd7a
Reviewed-on: https://chromium-review.googlesource.com/1243110
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56329}
For wasm modules with non-absolute sourceMappingURL, the source needs
to be empty so that devtools can look for the source map at the origin
of the module.
R=clemensh@chromium.org,adamk@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I74c40addc1a7cb1be0442e9f2b272590c0b81f60
Reviewed-on: https://chromium-review.googlesource.com/1250402
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56326}
Following up on the earlier work regarding redundant Smi checks in
https://chromium-review.googlesource.com/c/v8/v8/+/1246181, it was
noticed that the handling of the 0 and -0 and how some operations
identify these is not really consistent, but was still rather ad-hoc.
This change tries to unify the handling a bit by making sure that all
number comparisons generally pass truncations that identify zeros, since
for the number comparisons in JavaScript there's no difference between
0 and -0. In the same spirit NumberAbs and NumberToBoolean should also
pass these truncations, since they also don't care about the differences
between 0 and -0.
Adjust NumberCeil, NumberFloor, NumberTrunc, NumberMin and NumberMax
to pass along any incoming kIdentifiesZeros truncation, since these
operations also don't really care whether the inputs can be -0 if the
use nodes don't care.
Also utilize the kIdentifiesZeros truncation for NumberModulus with
Signed32 inputs, because it's kind of common to do something like
`x % 2 === 0`, where it doesn't really matter whether `x % 2` would
eventually produce a negative zero (since that would still be considered
true for the sake of the comparison).
This also adds a whole lot of tests to ensure that not only are these
optimizations correct, but also that we do indeed perform them.
Drive-by-fix: The `NumberAbs(x)` would incorrectly lower to just `x` for
PositiveIntegerOrMinusZeroOrNaN inputs, which was obviously wrong in
case of -0. This was fixed as well, and an appropriate test was added.
The reason for the unification is that with the introduction of Word64
for CheckBounds (which is necessary to support large TypedArrays and
DataViews) we can no longer safely pass Word32 truncations for the
interesting cases, since the index might be outside the Signed32 or
Unsigned32 ranges, but we still identify 0 and -0 for the sake of the
bounds check, and so it's important that this is handled consistently
to not regress performance on TypedArrays and DataViews accesses.
Bug: v8:8015, v8:8178
Change-Id: Ia1d32f1b726754cea1e5793105d9423d84a6393a
Reviewed-on: https://chromium-review.googlesource.com/1246172
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56325}
TracingCpuProfiler wrapper uses API interrupt to start the profiling
on the Isolate thread. However it could do it before Isolate is
initialized, so the interrupt it requested got lost.
The patch moves TracingCpuProfiler creation after ThreadLocal object
for isolate is initialized.
BUG=v8:8247
Change-Id: I5b0b3d18e017396f9860faeab909abbfab4616df
Reviewed-on: https://chromium-review.googlesource.com/1252762
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56324}
The current Android NDK defines __BIONIC_HAVE_UCONTEXT_T for all
architecures, so the old paths are no longer needed.
Bug: chromium:437330
Change-Id: I6314971e9ee1d78c4b73f8c1b37af7aa6f419b71
Reviewed-on: https://chromium-review.googlesource.com/1252282
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Richard Coles <torne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56322}
Picking a few low-hanging fruits.
Bug: v8:7790
Change-Id: I798d579b1f1a08fab821e159d08f453d2dad89c1
Reviewed-on: https://chromium-review.googlesource.com/1254124
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56320}
This removes duplication in the platform-dependent assemblers by
introducing {AssemblerBase::ShouldRecordRelocInfo}.
On arm64, we also remove a bool and replace it by an early exit.
R=mstarzinger@chromium.org
Bug: v8:8238
Change-Id: I08c623a19167a358c3188dc9008f045120da82b1
Reviewed-on: https://chromium-review.googlesource.com/1251085
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56319}
This reduces the usage of macros and shrinks the binary size (by 4 KiB).
Bug: v8:8238
Change-Id: Ic689f8ce7dabe481125fcdb74a265155431317b6
Reviewed-on: https://chromium-review.googlesource.com/1253605
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56316}
The protector is useful for follow-up optimizations on string iterator.
Tests are also added.
Change-Id: I416037c742628c4d4d3b878d0df727a9ae7162f7
Reviewed-on: https://chromium-review.googlesource.com/1251122
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56315}
Delay the creation of FunctionNameVariables until we validated the
FormalParameters. This is needed so we don't declare them in cases where
we later get an error, have to reset, and reparse.
Bug: chromium:890553, v8:7926
Change-Id: I742e6f7f71158e3903843bd583dc7943468c18f6
Reviewed-on: https://chromium-review.googlesource.com/1254061
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#56314}
This removes the burden from Torque not to emit unnecessary phis.
This is factored out from the Torque IR CL (https://crrev.com/c/1245766).
Change-Id: I302714250e9ea6367f37613c09caa522d56c151c
Reviewed-on: https://chromium-review.googlesource.com/1254121
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56312}
Instead of writing the forwarding pointer of this object and treating it like
an object that would survive on scavenge just write the actual string pointer
to the outer slot. As a consequence, the ThingString will not look like a live
object and is handled properly when pruning the external string table.
Bug: v8:8249
Test: test/cctest/heap/test-external-string-tracker.cc
Change-Id: I975900213e2e4b598f298c8f78b6c6047c9e6da4
Reviewed-on: https://chromium-review.googlesource.com/1252885
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56311}
It was shipped in Chrome 67.
Bug: v8:6791, v8:8238
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I94d8f0aa18570452403a35dea270b18f155c970a
Reviewed-on: https://chromium-review.googlesource.com/1253604
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56310}
This change adds an infrastructure to "snapshot" data that is being
serialized only once. This data lives in its own per-isolate zone, wrapped
in a new CompilerData class.
This change reduces the "serialize standard objects" on TypeScript
benchmark from ~69ms to ~30ms (more than 50% improvement).
Bug: v8:7790
Change-Id: I6ce4f6fb993334969662fdd993d681945a9f3727
Reviewed-on: https://chromium-review.googlesource.com/1238920
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56309}
