Commit Graph

46268 Commits

Author SHA1 Message Date
Mike Stanton
800daded0b [turbofan] Masking/poisoning in codegen (optimized code, arm64)
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only under the
--branch-load-poisoning flag, and this CL enlarges the set of supported
platforms from {x64, arm} to {x64, arm, arm64}.

Overview of changes:
- new register configuration configuration with one register reserved for
  the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
  of all successors of branches (and deopts) that are marked as safety
  branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
  * only integer loads are masked at the moment.

Bug: chromium:798964
Change-Id: Ie6bc9c3bdac9998b0ef81f050a9c844399ca3ae4
Reviewed-on: https://chromium-review.googlesource.com/928724
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51576}
2018-02-26 16:47:32 +00:00
sreten.kovacevic
3e92808a8b [Liftoff][mips] Implement Load and Store instructions
Implement Load and Store instructions for liftoff on MIPS.
Function CallTrapCallbackForTesting also implemented  to prevent
test from failing when address is out of range.

Bug: v8:6600
Change-Id: I85e48334d171ad6d86a02eeba51e4f07edaf9648
Reviewed-on: https://chromium-review.googlesource.com/934133
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51575}
2018-02-26 16:18:32 +00:00
Peter Marshall
6b25ab2e8c [typedarray] Extend ElementsAccessor::CopyElements to all Object types
Previously, Strings without an iterator would go to the runtime path
and fail on because it expected a JSReceiver type. This was in-line
with what the elements accessor expected. We can actually handle all
object types in the final slow path (using LookupIterator) so it is no
problem to change the accept types.

Bug: chromium:816289
Change-Id: Iebb8de0bb7551aee3894c8a23836d079c93726a7
Reviewed-on: https://chromium-review.googlesource.com/937461
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51574}
2018-02-26 15:51:31 +00:00
Clemens Hammacher
ecb77978c7 Reland "[Assembler][x64] Make Operand immutable"
This is a reland of e7f9fb4a0d.

Original change's description:
> [Assembler][x64] Make Operand immutable
> 
> This CL removes all setters from the Operand and removes the friendship
> relation between Assembler and Operand. All data fields of the Operand
> are set exactly once in the constructor, the Operand is immutable
> afterwards.
> In order to construct the data of an Operand easily, the OperandBuilder
> is introduced. After building an Operand, the data is copied to the
> const field of the Operand.
> 
> R=mstarzinger@chromium.org
> 
> Bug: v8:7310
> Change-Id: I1628052b8a0c47cbfbc3645dfdac5a0e9705977b
> Reviewed-on: https://chromium-review.googlesource.com/936741
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51563}

Bug: v8:7310
Change-Id: I84df5e11b1811585fbba7309e3bb9c6b17e18c0b
Reviewed-on: https://chromium-review.googlesource.com/936628
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51573}
2018-02-26 15:38:21 +00:00
jgruber
0ad8033bca [code] Add Code::Instruction{Start,End,Size} helpers
These helpers support off-heap code objects, for which they return
start, end, and size of the off-heap instruction stream.

Bug: v8:6666
Change-Id: Ib5e819d976eee3073b0354b8d8ce324b691f1b15
Reviewed-on: https://chromium-review.googlesource.com/937281
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51572}
2018-02-26 14:53:31 +00:00
jgruber
d6a88d05c5 Reland "[builtins] Update off-heap-safe list"
This is a reland of 087e9daa79.

Original change's description:
> [builtins] Update off-heap-safe list
>
> TBR=yangguo@chromium.org
>
> Bug: v8:6666
> Change-Id: I70ba2ecbc259431b571a2e5611494dd7725f2aa6
> Reviewed-on: https://chromium-review.googlesource.com/937302
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51567}

TBR=yangguo@chromium.org

Bug: v8:6666
Change-Id: I9475c8e412f765623131f168e9fe25d8082d061e
Reviewed-on: https://chromium-review.googlesource.com/937541
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51571}
2018-02-26 14:42:20 +00:00
Yang Guo
b04c87d84c [regexp] fix v8_interpreted_regexp build.
R=jgruber@chromium.org

Change-Id: I8328fdaf5d53850b87dd16867255d4325ab9cd9c
Reviewed-on: https://chromium-review.googlesource.com/936644
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51570}
2018-02-26 13:53:33 +00:00
Jakob Gruber
9ea4a95a61 Revert "[builtins] Update off-heap-safe list"
This reverts commit 087e9daa79.

Reason for revert: https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/15549

Original change's description:
> [builtins] Update off-heap-safe list
> 
> TBR=yangguo@chromium.org
> 
> Bug: v8:6666
> Change-Id: I70ba2ecbc259431b571a2e5611494dd7725f2aa6
> Reviewed-on: https://chromium-review.googlesource.com/937302
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51567}

TBR=yangguo@chromium.org,jgruber@chromium.org

Change-Id: If37f28e0bfbd1fe495ec425d8306aa081e75eca4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/937303
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51569}
2018-02-26 13:50:54 +00:00
Clemens Hammacher
c9f7431cbb [Liftoff] Refactor unops
Refactor EmitUnOp to be templatized in the type and the emit function,
similar to EmitBinOp. This simplified adding f32 and f64 unops.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Iaab473a3bbcc45673ff6190d6b56244c48bfa5a6
Reviewed-on: https://chromium-review.googlesource.com/937201
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51568}
2018-02-26 13:44:33 +00:00
jgruber
087e9daa79 [builtins] Update off-heap-safe list
TBR=yangguo@chromium.org

Bug: v8:6666
Change-Id: I70ba2ecbc259431b571a2e5611494dd7725f2aa6
Reviewed-on: https://chromium-review.googlesource.com/937302
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51567}
2018-02-26 13:43:28 +00:00
Peter Marshall
ec5c342798 [typedarray] Fix failing DCHECK for TA.from with a length getter.
I loosened the DCHECKs here but I think they are still fundamentally
safe: `length` must be <= the actual length of the source (so that
there are actually enough elements to copy), and `length` must also be
<= the destination length, minus the offset (so there is enough space
to copy the elements into).

Bug: chromium:816317
Change-Id: Ice00ac60f4884363f6065ffee71f6ab1d1b32dbc
Reviewed-on: https://chromium-review.googlesource.com/937209
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51566}
2018-02-26 13:42:23 +00:00
Marja Hölttä
dd3c4fca2f [objects.h splitting] Move Promise-related classes.
BUG=v8:5402,v8:7310

Change-Id: Ic3ee7d2dec0403e7831f51735365c26caadc6a7b
Reviewed-on: https://chromium-review.googlesource.com/934136
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51565}
2018-02-26 13:19:00 +00:00
Clemens Hammacher
d18125e7df Revert "[Assembler][x64] Make Operand immutable"
This reverts commit e7f9fb4a0d.

Reason for revert: msvc compile error: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/1573

Original change's description:
> [Assembler][x64] Make Operand immutable
> 
> This CL removes all setters from the Operand and removes the friendship
> relation between Assembler and Operand. All data fields of the Operand
> are set exactly once in the constructor, the Operand is immutable
> afterwards.
> In order to construct the data of an Operand easily, the OperandBuilder
> is introduced. After building an Operand, the data is copied to the
> const field of the Operand.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:7310
> Change-Id: I1628052b8a0c47cbfbc3645dfdac5a0e9705977b
> Reviewed-on: https://chromium-review.googlesource.com/936741
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51563}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I8ae40de35e81765549f93ffe58f1b12286de6333
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7310
Reviewed-on: https://chromium-review.googlesource.com/936627
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51564}
2018-02-26 12:51:11 +00:00
Clemens Hammacher
e7f9fb4a0d [Assembler][x64] Make Operand immutable
This CL removes all setters from the Operand and removes the friendship
relation between Assembler and Operand. All data fields of the Operand
are set exactly once in the constructor, the Operand is immutable
afterwards.
In order to construct the data of an Operand easily, the OperandBuilder
is introduced. After building an Operand, the data is copied to the
const field of the Operand.

R=mstarzinger@chromium.org

Bug: v8:7310
Change-Id: I1628052b8a0c47cbfbc3645dfdac5a0e9705977b
Reviewed-on: https://chromium-review.googlesource.com/936741
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51563}
2018-02-26 12:17:00 +00:00
jgruber
9cd019543c [builtins] Add IsBuiltin convenience predicate
With this, `Builtins::IsBuiltinId(code->builtin_index())` turns into
`Builtins::IsBuiltin(code)`.

Bug: v8:6666
Change-Id: Id731299cf5eb3f213933d3a9b3ae78d9bb95e757
Reviewed-on: https://chromium-review.googlesource.com/937205
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51562}
2018-02-26 12:12:40 +00:00
jgruber
d7a9ca5de9 [safepoints] Support off-heap safepoint tables
There's two considerations involving off-heap code and safepoint
tables.

1. Since the safepoint table is embedded within the instructions area
of code objects, we need to ensure that the actual instruction size
(i.e.  safepoint_table_offset if a code object has safepoints) is
large enough for the off-heap trampoline.

2. The pc-relative calculation in SafepointTable::FindEntry must be
able to handle off-heap pcs.

Bug: v8:6666
Change-Id: I92a5ecc49d0a78755b89c3c5774523afb21cd724
Reviewed-on: https://chromium-review.googlesource.com/934242
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51561}
2018-02-26 12:09:30 +00:00
Predrag Rudic
330ad4f2fd MIPS64 Fix mjsunit/compiler/reflect-construct test failure
Change-Id: I9185b17c73ad4486b81538a8ce2f84271b820919
Reviewed-on: https://chromium-review.googlesource.com/936763
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51560}
2018-02-26 11:36:50 +00:00
Ulan Degenbaev
e8925ad509 [heap-profiler] Show key as the value retainer for weak maps.
The key -> value edge is shown as "<index> / WeakMap", where <index> is
the index of the edge in the key.

Bug: chromium:778739, chromium:749502
Change-Id: I657051695f2a171372788dbb777543a55a35d554
Reviewed-on: https://chromium-review.googlesource.com/926524
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51559}
2018-02-26 11:35:45 +00:00
Yang Guo
5d3c5784f5 [debug] remove ScriptBreakPointType from debug test api wrapper.
R=jgruber@chromium.org

Bug: v8:5530
Change-Id: I1680beaa665b6937df2e26d20cb69cc8577a21a9
Reviewed-on: https://chromium-review.googlesource.com/937203
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51558}
2018-02-26 11:34:40 +00:00
Yang Guo
9a561c82af [debug] remove outdated regression test.
TBR=jgruber@chromium.org
NOTREECHECKS=true
NOTRY=true

Change-Id: Id5d81f863fa6d14ac86d49b6516e577c2da7a999
Reviewed-on: https://chromium-review.googlesource.com/936543
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51557}
2018-02-26 11:27:40 +00:00
Sigurd Schneider
c64a32b1fc [turbofan] Change interface of builtin StringSubstring
This CL changes the builtin
  StringSubstring(string, start, end)
to take start and end as untagged IntPtr values.

Bug: v8:7250, v8:7340

Change-Id: I39700d087da903f076a6ca163a8f880d31eea3a0
Reviewed-on: https://chromium-review.googlesource.com/923961
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51556}
2018-02-26 10:46:11 +00:00
Clemens Hammacher
c1eaae646b [Assembler][ia32] Pass Operand by value
The Operand class is small enough to be efficiently passed by value.
This saves binary size and performance because the Operand does not need
to be emitted to the caller's frame and loaded in the callee.
Binary saving is 37kB in release mode on ia32.

R=mstarzinger@chromium.org

Bug: v8:7310
Change-Id: Ibc103622ec216725c762c2ba4bb96451c99db556
Reviewed-on: https://chromium-review.googlesource.com/934264
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51555}
2018-02-26 10:27:59 +00:00
Nico Weber
bd7204998a Disable snapshots in 64-bit win/cross builds for now.
Snapshots don't yet work in 64-bit win/cross builds, so disable them
until they do.

No behavior change in builds that aren't 64-bit win/cross builds.

Bug: chromium:803591
Change-Id: I7a04c7e01a58a95a2bfb78c7d2593c7c5c5041cf
Reviewed-on: https://chromium-review.googlesource.com/936668
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51554}
2018-02-26 10:13:49 +00:00
Michael Starzinger
be4cd67ce2 [turbofan] Support poisoning arguments in JavaScript.
This adds support for poisoning the stack pointer and implicit register
arguments like the context register and the function register in the
prologue of generated code with JavaScript linkage. The speculation
poison is computed similarly to the interpreter by matching expected
with actual code start addresses.

R=jarin@chromium.org,rmcilroy@chromium.org
BUG=chromium:798964

Change-Id: I5fa48844745459cf7b3d00c407a7b835f61c857b
Reviewed-on: https://chromium-review.googlesource.com/919167
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51553}
2018-02-26 10:04:59 +00:00
Yang Guo
175fc49c6e [debug] remove legacy implementation for break points.
R=herhut@chromium.org, jgruber@chromium.org

Bug: v8:7310, v8:5510
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Icefd10b6cc210e5bb2684d18b091179ead387326
Reviewed-on: https://chromium-review.googlesource.com/934445
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51552}
2018-02-26 10:01:39 +00:00
Benedikt Meurer
d504203e93 [turbofan] Consistently use String feedback for JSAdd.
Currently we didn't always consistently use the String feedback on
JSAdd, but only if JSTypedLowering would already figure out statically
that one of the inputs is already a String. That leads to some odd
performance cliffs, as highlighted in the referenced bug.

This CL fixes the JSTypedLowering::ReduceJSAdd to always bake in the
String feedback. This improves the relevant performance tests from the
bug from

  console.timeEnd: Runtime join3, 967.512000
  console.timeEnd: Runtime join, 1004.599000
  console.timeEnd: Runtime join3, 1124.764000
  console.timeEnd: Runtime join, 966.164000
  console.timeEnd: Runtime join3, 1145.296000
  console.timeEnd: Runtime join, 966.176000
  console.timeEnd: Runtime join3, 1145.272000
  console.timeEnd: Runtime join, 931.266000

to

  console.timeEnd: Runtime join3, 903.050000
  console.timeEnd: Runtime join, 856.509000
  console.timeEnd: Runtime join3, 945.144000
  console.timeEnd: Runtime join, 840.038000
  console.timeEnd: Runtime join3, 927.965000
  console.timeEnd: Runtime join, 841.263000
  console.timeEnd: Runtime join3, 929.342000
  console.timeEnd: Runtime join, 858.143000

which corresponds to an 8-18% improvement.

Bug: v8:7415
Change-Id: I62e008298e4ee0864885b37817c91d055acf2a09
Reviewed-on: https://chromium-review.googlesource.com/936643
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51551}
2018-02-26 09:57:09 +00:00
Marja Hölttä
80e0a759fd [iwyu] More iwyu fixes (date, execution etc.)
Removing includes which are not needed and also not indirectly pulled in.

BUG=v8:7490, v8:7310

Change-Id: I219ba92c3281c3c245cc6c5574c85c2d51a217a9
Reviewed-on: https://chromium-review.googlesource.com/934722
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51550}
2018-02-26 08:59:59 +00:00
jgruber
f352bbdcd3 [contexts] Remove unused native context slots
Bug: v8:7310
Change-Id: Ib9c40bababbb688305be7bea262a4348805a1f18
Reviewed-on: https://chromium-review.googlesource.com/936762
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51549}
2018-02-26 08:32:19 +00:00
Benedikt Meurer
597852f815 [turbofan] Further harden the JSCreateClosure nodes.
The CreateClosureMode introduced with 2ece046c5 is still not 100%
fail-safe and doesn't scale. What we really need instead, especially
when we might start removing the SharedFunctionInfo::code field
eventually, is to tell the JSCreateClosure node which code object to
use. So instead of adding magic around it, let's just pass it to the
node.

Bug: v8:2206, v8:7253, v8:7310
Change-Id: Iedb6ae468a763643617975f47d96854d1aeafbe9
Reviewed-on: https://chromium-review.googlesource.com/937121
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51548}
2018-02-26 07:35:32 +00:00
Benedikt Meurer
2ece046c5b [turbofan] Introduce explicit CreateClosureMode.
We use JSCreateClosure to also constructs closures for builtins, i.e.
for the callbacks created by the Promise constructor. For these builtins
we cannot set code to CompileLazy builtin, but need to use the code from
the SharedFunctionInfo. The explicit mode tells the lowering what it
should do (instead of relying on SharedFunctionInfo::native(), which is
not the right bit).

Bug: v8:2206, v8:7253, v8:7310
Change-Id: Ic956814e137c57b36ebb5d7b4d964dde5ee51a0d
Reviewed-on: https://chromium-review.googlesource.com/930964
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51547}
2018-02-26 04:30:10 +00:00
Gabriel Charette
c41c7a0943 Revert "Use all available workers for concurrent marking."
This reverts commit 3c62f7ae07.
(and commit 4939463c77)

The goal of this revert is to contrast the effect on perf bots of
landing it vs reverting it to more easily attribute its impact.

R=hpayer@chromium.org

Bug: chromium:812178
Change-Id: I7c977b1b0b587f787263272400d87f6aae7af634
Reviewed-on: https://chromium-review.googlesource.com/936761
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51546}
2018-02-25 21:40:49 +00:00
Clemens Hammacher
04c90edb79 [Liftoff] Implement f32 comparisons
This implements the full set of f32 comparisons (f32.eq, f32.ne,
f32.lt, f32.gt, f32.le, f32.ge) on ia32 and x64.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I2be786431d01b4ed540b70f3e4a27c19b7d2649e
Reviewed-on: https://chromium-review.googlesource.com/928982
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51545}
2018-02-25 14:06:38 +00:00
Gabriel Charette
903144f3c1 Add clear trace events per ItemParallelJob::Items instead of reusing their top-level category.
This is a follow-up to https://chromium-review.googlesource.com/904164
now that I've realized raw TRACE_EVENTs work in v8 (initially thought
had to go through heap()->tracer()).

After adding events to EvacuatePage(), the subitem event for evacuation tasks
became redundant. Since this results in a better output this CL applies
this approach to all paralell work items.

Not using TRACE_BACKGROUND_GC also avoids polluting logs with subitems
when using v8's tracing flags.

R=mlippautz@chromium.org

Bug: chromium:651354
Change-Id: I62efbde69da2a0a9bd255e34093d64924e339974
Reviewed-on: https://chromium-review.googlesource.com/934263
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51544}
2018-02-25 08:29:28 +00:00
Gabriel Charette
8bd7a2a8cc Reland top-level breakdown trace events for EVACUATE_COPY.
I think those are safe to keep and add useful information to highlight
the type of evacuate copy step being performed.

This is a prerequisite for https://chromium-review.googlesource.com/c/v8/v8/+/934263
as it will drop tracing individual work items and will
leave it to top-level item trace events like these to
highlight individual work item's work.

Will reland after reverting them all however to confirm the re-adding
these doesn't cause regressions as the fine grain trace events
initially did.

R=hpayer@chromium.org

Bug: chromium:813824
Change-Id: I8e53b880ce0aeae08afa7a2c0f36a455f645bcfa
Reviewed-on: https://chromium-review.googlesource.com/934248
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51543}
2018-02-24 22:27:28 +00:00
Michael Achenbach
3f10c65f26 [foozzie] Suppress optimization status for correctness fuzzing
TBR=yangguo@chromium.org
NOTRY=true

Bug: chromium:813833
Change-Id: If9694bebc6576549feb00cbf035c4a5e92a70976
Reviewed-on: https://chromium-review.googlesource.com/936442
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51542}
2018-02-24 18:32:35 +00:00
v8-autoroll
1b254a2516 Update V8 DEPS.
Rolling v8/build: 787ae8b..b1d6c28

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/13a8b37..8a42ad3

Rolling v8/tools/clang: 7e69312..b3d3f59

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I7bf829336fd7ded9b95573fc9b95c4988d36d8f6
Reviewed-on: https://chromium-review.googlesource.com/936226
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51541}
2018-02-24 05:04:34 +00:00
jing.bao
1202e08eca [wasm]implement simd lowering for F32x4AddHoriz and I16x8AddHoriz.
Change lowering for Store to use input replacement type.

Change-Id: Ic1fbbb37a3cc938fca7015d838933284bae6068e
Reviewed-on: https://chromium-review.googlesource.com/903266
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51540}
2018-02-24 02:23:51 +00:00
Michael Achenbach
03f203bdf3 [foozzie] Fix Date proxy mocking
Fuzzers after switching to ToT mjsunit.js, which accesses
Date.prototype, while for correctness fuzzing it's mocked out as a
proxy.

This makes the proxy return the property correctly.

TBR=yangguo@chromium.org
NOTRY=true

Bug: chromium:813833
Change-Id: Ic4b6412063f42c4e75905fbd568b7f81bc54daff
Reviewed-on: https://chromium-review.googlesource.com/936046
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51539}
2018-02-24 02:10:02 +00:00
Michael Achenbach
5f0a4422df [foozzie] Override more mjsunit.js methods for better output comparison
TBR=yangguo@chromium.org
NOTRY=true

Bug: chromium:813833
Change-Id: I8f687d27981a54234c37ba2e4b22060696f6dee7
Reviewed-on: https://chromium-review.googlesource.com/936006
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51538}
2018-02-24 01:39:41 +00:00
Shiyu Zhang
a404fe442d [x64] Remove unnecessary SUB in ComputeCodeStartAddress()
This patch removes one unnecessary sub instruction in ComputeCodeStartAddress for SpeculationPoison generation at the beginning of each bytecode handler.

leaq rbx,[rip+0x0]      => leaq rbx,[rip+0xfffffff9]
subq rbx,0x7            => To be removed
movq r9,0x0
cmpq rcx,rbx
movq rbx,0xffffffff
cmovzq r9,rbx


Change-Id: I7648ae27d4039488d1fc0f4c25477a5cb889bd6d
Reviewed-on: https://chromium-review.googlesource.com/933593
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#51537}
2018-02-24 01:22:50 +00:00
Sathya Gunasekaran
9b13670983 [promise] Make re-fulfilling a promise a no op.
Previously the API allowed the embedder to re fulfill a non pending
promise. This was changed as part of
c041296189.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I53dc028fecdcc6ab05c05cfc7795e89519ed9633
Reviewed-on: https://chromium-review.googlesource.com/932968
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51536}
2018-02-24 00:38:10 +00:00
Mathias Bynens
263aa3edd0 [cleanup] Avoid redundant TaggedIsSmi checks in CSA
`CodeStubAssembler::ToInteger_Inline` performs a `TaggedIsSmi` check,
and calls `ToInteger` with the appropriate truncation mode if the
input is not a Smi.

When we already know we’re dealing with something that’s not a Smi,
this check is redundant, and we can use
`CallBuiltin(Builtins::kToInteger*)` directly.

Bug: v8:7310
Change-Id: If538e39bcb738014bd03f10edd0051dac72b7ea3
Reviewed-on: https://chromium-review.googlesource.com/934901
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51535}
2018-02-24 00:31:51 +00:00
Adam Klein
9f9550ef79 Simplify FunctionKind, saving 4 bits in SharedFunctionInfo
Since we only need to store 18 different function kinds,
the bitfield approach was wasting space (requiring 11 bits).

This patch replaces the bitfield with a regular enum, and
updates all the FunctionKind predicates to use comparisons
instead of bitwise ops.

For the small amount of builtin code that depended upon being
able to do masking to determine whether something is a class
constructor, we still store two extra bits on FunctionKind,
which are computed when the SFI is initialized.

If this approach causes performance regressions (i.e., if it
turns out that other code was implicitly depending on masking
for fast checks), we can revert this or address it in
other ways (e.g., by doing similar caching of repeated checks
in the caller).

This is a reland of 42667bab5b.

Bug: v8:7310
Change-Id: I2ec54289ea687399c61d75b7aff2d849861a64f2
Reviewed-on: https://chromium-review.googlesource.com/934864
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51534}
2018-02-23 22:44:21 +00:00
Eric Holk
063ac04480 [wasm] Use guard pages for minicage
Change-Id: Ic9eaaa2af0106fea85a85599d404b2b304b3db2d
Reviewed-on: https://chromium-review.googlesource.com/930338
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51533}
2018-02-23 22:18:37 +00:00
Deepti Gandluri
3db1d4a55e Refactor atomic ops to distinguish Int32/Int64 ops
Currently, atomic operations assume the default to be 32-bit
operations, fix opcode names for differentiation between 32/64-bit
operations.

Bug: v8:6532
Change-Id: Idc7df4e191f54b125271b067891e0a1df07008a4
Reviewed-on: https://chromium-review.googlesource.com/924333
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51532}
2018-02-23 21:10:07 +00:00
Michael Achenbach
ac790b1132 [test] Skip flaky test on windows
NOTRY=true

Bug: v8:7492
Change-Id: Ie25281f8efa30d14574c7b53b4ab8a22d1344535
Reviewed-on: https://chromium-review.googlesource.com/934847
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51531}
2018-02-23 18:45:28 +00:00
Michael Achenbach
2310ea72b9 [test] Skip flaky cpu-profiler test
See https://crbug.com/v8/5193#c26

TBR=yangguo@chromium.org
NOTRY=true

Bug: v8:5193
Change-Id: I10f4c57c54b5bf596641a0e4c492bd652941b28e
Reviewed-on: https://chromium-review.googlesource.com/934845
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51530}
2018-02-23 17:16:17 +00:00
Michael Achenbach
ce286f2106 [foozzie] Migrate more harness adjustments to V8 repo
This adds printing on failures to compare output when correctness fuzzing.

TBR=yangguo@chromium.org
NOTRY=true

Bug: chromium:813833
Change-Id: I0280561392f6614960608db4e93341552c716142
Reviewed-on: https://chromium-review.googlesource.com/934843
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51529}
2018-02-23 17:12:07 +00:00
Junliang Yan
11805b137d PPC/s390: [turbofan] Masking/poisoning in codegen (optimized code, arm)
Port 2579951648

Original Commit Message:

    This introduces masking of loads with speculation bit during code generation.
    At the moment, this is done only under the
    --branch-load-poisoning flag, and this CL enlarges the set of supported
    platforms from {x64} to {x64, arm}.

    Overview of changes:
    - new register configuration configuration with one register reserved for
      the speculation poison/mask (kSpeculationPoisonRegister).
    - in codegen, we introduce an update to the poison register at the starts
      of all successors of branches (and deopts) that are marked as safety
      branches (deopts).
    - in memory optimizer, we lower all field and element loads to PoisonedLoads.
    - poisoned loads are then masked in codegen with the poison register.
      * only integer loads are masked at the moment.

R=tebbi@chromium.org, joransiu@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Idda9bf06133d8999290cda5bcf6333c064b3e6dc
Reviewed-on: https://chromium-review.googlesource.com/927163
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51528}
2018-02-23 16:52:47 +00:00
Michael Achenbach
a988f2ecde Revert "[CQ] Temporarily drop gcc bots from CQ"
This reverts commit e234176b95.

Reason for revert: goma problem fixed

Original change's description:
> [CQ] Temporarily drop gcc bots from CQ
> 
> NOTRY=true
> NOTREECHECKS=true
> TBR=yangguo@chromium.org
> 
> Bug: chromium:814810
> Change-Id: Ibf9d5d637f4e98a295d0cde6632679c77c3a4eb3
> Reviewed-on: https://chromium-review.googlesource.com/931921
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51478}

TBR=machenbach@chromium.org,yangguo@chromium.org

Change-Id: Ifb4af81d4ccb784ec724d6ca4ab351f1df0db755
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:814810
Reviewed-on: https://chromium-review.googlesource.com/934801
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51527}
2018-02-23 16:48:58 +00:00