In both PrepareCall and ProcessParameter, we were incorrectly passing
the reg code of a Q register into LiftoffRegister::ForFpPair, which
takes a D register. Similar to the F32 case (the reg code was halved),
the reg code needs to be doubled (q1 -> d2) before constructing the
LiftoffRegister.
Bug: v8:9909
Change-Id: Id4df9e99b92546f68be0d99d98f0a1ac25ee7e5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013492
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65925}
The actual allocatable size still depends on the allocator;
in particular Blink's ArrayBufferAllocator is currently limited
to 2GB.
WebAssembly memories are not affected by this change (i.e. still
capped at 2GB as well).
For 32-bit platforms, the limit remains at 2**30-1 (=max smi) elements.
Bug: v8:4153
Change-Id: If0d6047dd4061028688d85a3dc0a2684dcca8693
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007495
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65924}
Add a case for is_fp_pair in StackTransferRecipe, when moving registers.
This is similar to the is_gp_pair case, but we only need to check the
low fp register, and move both low and high if the low fp register is
different.
Bug: v8:9909
Change-Id: I02f72f6390a1b2802afce5e91ed227b749d838ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013223
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65923}
Serialization of WasmModuleObject was our first implementation for
postMessage, and was used for IndexedDB. IndexedDB support is removed
since a long time, and postMessage works by just messaging an identifier
and reusing the underlying NativeModule when receiving this.
Thus the logic to serialize the actual code is unused, and thus should
be removed together with all tests.
R=ahaas@chromium.org
Bug: v8:10146
Change-Id: I599296736dabd486c45ced2b6e5996e490fa40c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013110
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65922}
This CL adds a --debug-in-liftoff flag, which takes another path in
{WasmScript::SetBreakPointForFunction}, and sets the breakpoint via
{wasm::DebugInfo} (Liftoff-related) instead of {WasmDebugInfo} (C++
interpreter related).
Actual breakpoint support is not there yet, so the new test which sets
this flag does not currently break anywhere. This will change with a
future CL.
R=thibaudm@chromium.org
Bug: v8:10147
Change-Id: I95a905e666b8f502366d2c7273c8f25a267ee184
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2012920
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65921}
Changing script context handling from bytecode based to metadata on the
function. This fixes the debugger to explicitly check the code rather
than implicitly relying on a NewScriptContext bytecode causing side
effects.
Bug: chromium:1043151
Tbr: ulan@chromium.org
Change-Id: I38c5c04d7c76155e0a055ae6efd57f25986bdb7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013117
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65920}
This is a reland of 3b7535636f
Original change's description:
> Reland "[runtime] Cache prototype chain enumerable keys in PrototypeInfo"
>
> This is a reland of 5253d7bf15
>
> Original change's description:
> > [runtime] Cache prototype chain enumerable keys in PrototypeInfo
> >
> > This CL adds a prototype_chain_enum_cache to cache the enumeration of a
> > prototype and its entire chain on the PrototypeInfo. It can improve for-in
> > performance via simply merging the receiver enumeration with this cache.
> >
> > It improves the score of JetStream2-tagcloud-SP case by ~9% on IA Chromebook.
> >
> > Contributed by tao.pan@intel.com
> >
> > Change-Id: Ib40bfe41e772672337155584672f06fa1ba1e70d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870844
> > Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#65224}
>
> Change-Id: I93b74727c46abbaab163324c50fbd977fcc9bb36
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955232
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Cr-Commit-Position: refs/heads/master@{#65377}
Change-Id: If4b4631e1b8a3d2df748b6be8500f838836a3291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2008253
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65919}
... and consult it there from the various reducers. The flag makes no
sense without the broker and the reducers already have access to the
broker, so we can avoid an additional flag per reducer.
Bug: v8:7790
Change-Id: I448050a55951b94d5313c1a79a502be906b98b25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013108
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65918}
This flag enables the CPU profiler before running any scripts in D8.
This is so that we can turn the flag on during fuzzing to help us find
security and stability issues.
Right now this flag has problems with a bunch of tests under
mjsunit/asm which fail in the stack walker when the flag is on. I'll
address these in a follow-up before we turn this on for fuzzing.
Bug: v8:10150
Change-Id: Ief8134ab2e9da63851b9c235f47ba217d1dce348
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013111
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65917}
Add a test that const declarations are recognized as having side-
effects in REPL mode.
Bug: chromium:1043151
Change-Id: I6f8038ab4a5ee446d23904ed46637223157db5c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013114
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65916}
Get rid of two left-over special-cases for wasm scripts that have (or
don't have) a SourceMapURL attached to them.
Bug: chromium:1013527
Change-Id: I51bab8074011299e6f0d1fd32d93e4cb559bd476
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013113
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65914}
In the debugger, wasm scripts currently do not contain meaningful column
informations. Fix that by keeping track of the offset and size of the
wasm code section inthe module and reporting that to the debugger.
Bug: chromium:1042636
Change-Id: Ie2b5d3a50952a467d256f815c16e459cb0ae600e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011083
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65913}
The instruction selector assumed for Word32AtomicPairLoad node that if
there exists a Projection(1) user, then there also exists a
Projection(0) user. This, however, is not the case, because TurboFan
eliminates unreachable nodes. The missing projection node lead to a
failed DCHECK in the register allocator.
To fix the problem I use now the Word32AtomicPairLoad node directly to
allocate the register. On ia32 I stop additionally to allocate unneeded
temp registers.
R=gdeepti@chromium.orgCC=zhin@chromium.org
Bug: chromium:1042379
Change-Id: I79bd9f3f4672e147246a71c32b7c9b4dbd79b17f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002547
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65912}
Bug: chromium:1027130
Change-Id: Ifd1f355ce266e672183f337f114432f11a866a52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011835
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65910}
Instead, serialize to CBOR, then convert to JSON.
I plan to remove the JSON serialization support from
protocol::Value and from the generated types. We're
close - three files here, four files in Chromium.
Change-Id: I067dc896dad1bb7cd95914b3dcc86597f136251b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2008751
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65909}
This API was used for IndexedDB support and for transferring modules by
serializing and deserializing (before we were sharing code between
isolates). Last uses were removed in https://crrev.com/c/1847366, thus
this whole API is unused by now.
This CL deprecates the API and refactors tests to use the internal APIs
instead.
R=adamk@chromium.org
Bug: v8:10146
Change-Id: I838039b4be7ea4eebe6769f31f48e51e7bcd4645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2006090
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65908}
Otherwise, the last tests that ran in a worker keep sitting on their
sigterm handlers without any running processes. This creates
exceptions when workers terminate.
Bug: v8:8292
Change-Id: Iefb9a4a353399c1e3168eae2916e3cedca4e09b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011831
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65907}
Since we create the asm offset table ourselves, we can skip all decoder
error checks when decoding it. We keep DCHECKs though to catch errors
early and give fuzzers a change to find inconsistencies in our encoding
and decoding.
R=jkummerow@chromium.org
Bug: chromium:667678
Change-Id: I2c77f3857548057ce5c432d1c6f5576d66ca5cd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011086
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65905}
Add a case for kWasmS128 in Spill. We encounter this in the
wasm-trace-memory-liftoff test, but that test was skipped on ARM and
ARM64 due to insufficient implementation of Liftoff on those archs. But
with recent changes, they are now capable of running this particular
test, so we enable it.
Drive-by fix for incorrect size used in vld1 for filling S128 values.
Bug: v8:9909
Change-Id: I8addd06ba3c9a40364e432180cd5dbc48debca23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007901
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65904}
This reverts commit faccc95b77.
Reason for revert: Causing some failures, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20verify%20csa/15741 and https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64/35635 and https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64/32736
Original change's description:
> Reland "[wasm] Perform NativeModule tier down in parallel."
>
> This is a reland of 3352fcc900
>
> Disable stress-opt for test and check recompilation before clearing
> callbacks.
>
> Original change's description:
> > [wasm] Perform NativeModule tier down in parallel.
> >
> > Reuse logic in {CompileNativeModule} function in module-compiler.cc:
> > initialize parallel compile jobs, then wait for them to finish while
> > taking part in this compilation.
> >
> > Bug: v8:9654
> > Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
> > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#65763}
>
> Bug: v8:9654
> Change-Id: I8e8830f05e189596207365b7332a2cc25e493e47
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002945
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65901}
TBR=clemensb@chromium.org,duongn@microsoft.com
Change-Id: I99f5a5455a022d0cbff3da54610cedfe6380a094
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2012985
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65903}
This is a pure refactoring to make the {GraphAssembler} available in all
of {WasmGraphBuilder}, including {WasmWrapperGraphBuilder}.
Future CLs will use more features of the {GraphAssembler} for building
wasm graphs.
The {WasmGraphAssembler} class will be extended to contain functionality
only needed (or making sense) in the context of wasm.
Drive-by: Move fields to the end of the {WasmGraphBuilder} class.
R=jkummerow@chromium.org
Bug: v8:10123
Change-Id: Idf44915944882adec75ef002ec577f63b2317a17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011825
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65902}
This is a reland of 3352fcc900
Disable stress-opt for test and check recompilation before clearing
callbacks.
Original change's description:
> [wasm] Perform NativeModule tier down in parallel.
>
> Reuse logic in {CompileNativeModule} function in module-compiler.cc:
> initialize parallel compile jobs, then wait for them to finish while
> taking part in this compilation.
>
> Bug: v8:9654
> Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65763}
Bug: v8:9654
Change-Id: I8e8830f05e189596207365b7332a2cc25e493e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002945
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65901}
The asm.js offset table exists in two forms: Delta-encoded in a byte
array, as generated during asm translation, and decoded, for faster
lookup.
This CL moves the encoded version from the {AsmWasmData} and
{WasmModuleObject} to the {WasmModule}, and stores it off-heap in a C++
array instead of a {ByteArray}.
Also, it moves the decoded version off-heap by storing it in a C++ data
structure that makes lookup easy, instead of encoding it again in
another {ByteArray}.
This change is a nice refactoring in itself, but it also prepares adding
more information to the offset table. For reconstructing the source code
of an asm.js function, we will need to store the start and end offsets
of the whole function as well (see linked bug).
R=jkummerow@chromium.org
Bug: chromium:667678
Change-Id: I79b789c3122dd8ba803cedc6bfdcc3d4b1fa0fd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011108
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65900}
The test was supposed to manipulate the serialized bytes to make them
invalid, but the value at the manipulated position was already 0, hence
the bytes stayed valid. This went unnoticed before
https://crrev.com/c/2010786, since there was a fallback anyway to
re-compile the module if deserialization fails.
This CL fixes this by using the right offset, and checking that the
value there is not already zero.
R=thibaudm@chromium.org
Change-Id: Ie0eaf2c8ee9e8c4c477f717f3d8aed8564b3adbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007493
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65898}
Move caching logic out of the {WasmEngine} and in its own
{NativeModuleCache} class, with its own mutex.
R=clemensb@chromium.org
Bug: v8:6847
Change-Id: I73067fd9f0556e57c28782088dcb772a14265154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2004613
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65895}
There is not really a reason to guard the first by the latter. Just emit
a hint if --trace-liftoff is used without --trace-wasm-decoder, but
still make it work.
Also, used DEFINE_DEBUG_BOOL instead of guarding the output by another
"#ifdef DEBUG".
R=ahaas@chromium.org
Change-Id: Ia7d3f504df92779447877612e98b9c2a847b9f6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011828
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65894}
The {locals_names} in {WasmDebugInfo} was left unused after
https://crrev.com/c/2002541. All uses and even all accessors are removed
already.
R=thibaudm@chromium.org
Bug: v8:10019
Change-Id: Ib7ce61cf8c6a749b0919a8a6857664e2ab354785
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011101
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65891}
Lite mode implies jitless, hence we also need to skip in lite mode.
TBR=thibaudm@chromium.org
Bug: v8:6847
Change-Id: I0147b2604180e3801d5e939619ea00a87220f7ec
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011830
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65890}
This CL enables emitting register codes that are
greater than 6 bits by encoding it as a LEB128.
Change-Id: I35675b5ef6a935f785035aa101ed4ca812af251e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2008305
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65889}
This fixes a few issues:
1) It avoids using the {DeserializeOrCompile} API method, which is not
used in chrome any more and will be deprecated soon.
2) It switches to the {DeserializeNativeModule} internal method, which
really checks deserialization in isolation and does not fall back to
compiling the wire bytes if the serialized bytes are incorrect.
3) It disables a test which tried to invalidate the number of functions,
but the respective bytes were already zero, so nothing was
invalidated. This still needs to be fixed in a follow-up CL.
4) It serializes the modules in a separate isolate, which then gets
disposed to free references to the NativeModule and remove it from
the modules cache. Otherwise we will just never deserialize, but use
the cached module instead.
R=thibaudm@chromium.org
Bug: v8:6847, v8:10146
Change-Id: I37ef524a9c96c32fec2e7466488d67395fa5ccea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010786
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65888}
There is no need to truncate if we are going to extend it again.
At first glance it looks like we can eliminate both steps but
unfortunately the Change is still needed since it will write on the
top bits.
Change-Id: I06d9776384a76f7b2a4454a9176926b3bcef2f2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010111
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65886}
Force source position collection when using --print-break-location.
Bug: v8:10132
Change-Id: I4706d9f1e09c52ca7bfb2410485bc3ef26c2128a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011821
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65885}
Compilation is failing on certain versions of gcc with:
'sort' is not a member of 'std'
'adjacent_find' is not a member of 'std'
'count' is not a member of 'std' and
Bug: v8:10145
Change-Id: I0672636987c515485318d29d251c3b49a22ff374
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2008307
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65884}
Adds support to the register allocator verifier to keep track of which
stack slots contain tagged pointers, but have not been tracked by the
reference map and so could contain stale values (i.e., not traced by a
garbage collection).
BUG=v8:9684
Change-Id: I8dd9925f0cb71cac4ae3e49f467767454694e515
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007488
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65883}
Combines 2 ldrs into a single ldm (without writeback since the
instruction uses fp as base and as a target). Shrinks the builtin
instruction size on ARM by 2932 bytes.
Change-Id: Id74e1e158a9d5db49caa2927e88df2a350adafab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011103
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65882}
This reverts commit 50a80c9359.
Reason for revert: We want to understand if this change is
necessary to avoid renderer hangs.
Original change's description:
> [turbofan] Make hints equality cheaper using hashing
>
> Put the nesting limit of the serializer back to 25.
>
> Bug: chromium:1034768
> Change-Id: I7ea827d27241ea930bae40142069bab1962e4133
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981156
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65630}
TBR=mvstanton@chromium.org,mslekova@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:1034768
Change-Id: I7aaf71e665e35999ea9c1b8d2680678add17bf96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010115
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65881}
If we assume that kMaxHintsSize is at least 1, we can reduce the
clutter of broker arguments somewhat.
Bug: v8:7790
Change-Id: I6c6607f694e420ef50a07202d0c98cbff7471af9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011084
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65880}
This CL introduces the xadd instruction to the x64 assembler so it can
be used to implement WebAssembly's AtomicAdd. This is done in a
separate CL though.
R=clemensb@chromium.org
Bug: v8:10108
Change-Id: I36dcb900ed4c39b23c4996328774780afd8b816a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011105
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65879}
The interpreted-frames-native-stack flag has been broken since pointer
compression was enabled. This fixes the load of the field.
Bug: v8:10138
Change-Id: I746407a7a5680c5d3e9a3b190371af00818282b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011206
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65878}
To improve ergonomics, graph generation is now triggered by the
IfBuilder0 destructor instead of requiring an implicit call to
Build(). This will be more expected for gasm users, since no other
builders require such a Build() call.
Drive-by: Rename 'ForSmiZeroUntil' methods to 'ForZeroUntil' since
'Smi' doesn't make sense in this context (TF only knows the Number
type here).
Bug: v8:9972
Change-Id: I365805e8428b35f19760e6ff155423463194b0f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011107
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65877}
