The motivation behind this change is that the WasmArgumentsAdaptor
builtin needed too many registers on ia32 and was blocking work on
adding a root register.
Bug: v8:6666
Change-Id: I9d39af96e8520acc092f5ef4b7f0a159fe4e3b12
Reviewed-on: https://chromium-review.googlesource.com/1209788
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55761}
To support all possible cases, we must limit the number of register
args for TFS builtins on ia32 to 3. Out of the 6 allocatable
registers, esi is taken as the context register and ebx is the root
register. One register must remain available to store the jump/call
target. Thus 3 registers remain for arguments.
The reason this applies to TFS builtins specifically is because this
becomes relevant for builtins used as targets of Torque function
pointers (which must have a register available to store the target).
Bug: v8:6666
Change-Id: I17d9450cc29c983ddaffc2deb36f45c1c414e166
Reviewed-on: https://chromium-review.googlesource.com/1209287
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55759}
Previously the builtins table had a value for every single
OperandScale/Bytecode combination regardless of whether it was valid.
This change makes it so that only valid bytecode handlers are stored in
the builtins table. This prevents placeholders being serialized into the
snapshot (and embedded into the binary) saving 9KB in
CODE_SPACE/OLD_SPACE and 2.5KB in the embedded data as well as 66
entries in the builtins table.
To do this, it generates a new header file bytecodes-builtins-list.h
which is created from the BYTECODE_LIST and OPERAND_SCALE_LIST macros.
Since list macros cannot be used to conditionally generate elements in
the C-preprocessor, this is done by generator executable, compiled from
interpreter/generate-flat-headers.cc.
Additionally the generator creates the flat bytecode list so that it is
transposed from the previous result, i.e. the results are grouped by
bytecode and then operand scale rather than operand scale then bytecode.
This should give better locality for commonly used bytecodes and may
allow less commonly used ExtraWide bytecodes to never be mapped into
memory at all.
The cost to storing the handlers densely is that looking up a handler
now requires a binary search through the builtins table, but this should
only happen during debugging. It is also fixable at least for non-wide
handlers and could be improved for wide ones if the need arises.
Bug: v8:8068
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaad22a952e2858f508030c5ddc082f91bf59f667
Reviewed-on: https://chromium-review.googlesource.com/1209304
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55757}
- Provide MapData::SerializeDescriptors method for serializing the whole
descriptor array.
- Trigger this in JSObjectData::SerializeAsBoilerplate.
- Further make things more consistent across the broker.
Bug: v8:7790
Change-Id: Ie6499da8857f7c6561f7c44922aeffcea4876be7
Reviewed-on: https://chromium-review.googlesource.com/1199102
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55756}
- Provide getters for all member variables.
- Add missing flags for cycle detection.
- Be more consistent in stylistic matters.
Bug: v8:7790
Change-Id: I87c3901b203acc4254ec48f5cc895b2e68ff32aa
Reviewed-on: https://chromium-review.googlesource.com/1196431
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55755}
Issues that caused failure of this test have been resolved with commit
https://chromium-review.googlesource.com/c/v8/v8/+/1213183, so it can
be re-enabled.
Change-Id: I441998e5e63fce7a7e718b593c8e58a71841b78e
Reviewed-on: https://chromium-review.googlesource.com/1215168
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55754}
This new instance type will be used for wrapper objects representing
exported exceptions. Currently the objects are empty and only serve as
an identity for exported exceptions. Eventually they will also need to
reference the signature underlying the exception to perform a signature
check upon import.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import
BUG=v8:8091
Change-Id: Ifdd561fc000090f4a985aeb45549fd7110849646
Reviewed-on: https://chromium-review.googlesource.com/1215166
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55752}
* Enable Liftoff wasm cctests on BE for mips and mips64
* Fix issues that were introduced with these tests and that are
linked with Load/Store instructions
* Change endianness on GetGlobal and SetGlobal, as done in TF
* Skip I32Binop tests that fail with OOM error and seem to not be
related directly to this task
Bug: v8:6600
Change-Id: Ib62ca5e3c681326d28e70a5157d8646e0c8d0b51
Reviewed-on: https://chromium-review.googlesource.com/1213183
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55751}
This CL makes sure, that logical operators (||, &&) always have return
type never. Together with a check that never is never passed as a
function argument, this prevents faulty evaluation as in !(x || y).
Before, the logical operators had a behavior similar to
(bool labels Taken, NotTaken), with a fast exit if the left-hand side
allowed shor-circuit evaluation, but returning the right-hand side
otherwise. Since we want to allow existing (a || b || c) patterns in
the codebase, this requires weakening the restriction that the left-
and right-hand side need to have the same type. Now the possibilites
are:
bool, never
never, bool
never, never
bool, bool
constexpr bool, constexpr bool
Bug: v8:8137
Change-Id: I9576b337dc4008ac58b4625e77fef4e73bcdd6e3
Reviewed-on: https://chromium-review.googlesource.com/1215162
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55750}
If there are many workers and we are very unlucky, the cmpxchg loop can
in fact fail for more than 5 times. This CL removes this unneeded
limitation to avoid spurious failures.
R=mstarzinger@chromium.org
Bug: chromium:824443
Change-Id: I0a6adde1330c8a8389a42b36bf44e516fae8c574
Reviewed-on: https://chromium-review.googlesource.com/1213170
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55749}
This CL fixes a bug that allowed calls to Array.p.shift on
zero-length arrays where the 'length' is read-only without throwing
a TypeError.
R=bmeurer@chromium.org, jgruber@chromium.org
Bug: chromium:882233
Change-Id: Ib129ab4c4f4f233e7bb553effa77539badfbe26e
Reviewed-on: https://chromium-review.googlesource.com/1215164
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55746}
It used to call the old IterableToList, which had the wrong
semantics for holes.
Bug: v8:8133
Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
Reviewed-on: https://chromium-review.googlesource.com/1213204
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55745}
This will replace "<?>" in certain debug output with the empty string.
There should be no end-user visible changes, though.
Change-Id: I80db2f2169532c600662977025185378004f7cd5
Reviewed-on: https://chromium-review.googlesource.com/1213188
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55742}
Makes for a nicer stack trace
Bug: v8:5367
Change-Id: I6d77907e08c2c4efc7a1b25016c7e83841c7c574
Reviewed-on: https://chromium-review.googlesource.com/1211444
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55736}
The isolates step times out due to some very slow tests. Marking as slow
changes the test order and increases throughput.
NOTRY=true
TBR=yangguo@chromium.org
Change-Id: Iaaf6fe93e7f0e17266923d1ab6f0fe7b09abea9e
Reviewed-on: https://chromium-review.googlesource.com/1213212
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55734}
An unnecessary call to ToString() on the array index caused trips to
the runtime. The fix also includes performance micro-benchmarks so
we'll have a harder time regressing this case in future.
TBR=tebbi@chromium.org
Bug: v8:8112
Change-Id: I781e8b1bbe2eb56db961cf33b0dca8523868b83d
Reviewed-on: https://chromium-review.googlesource.com/1213207
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55733}
For strict equality `a === b` with Symbol feedback we need to check only
one side via CheckSymbol, since the resulting comparison can only be
true if both sides are symbols. For consistency with the receivers case
we check the left side, so CheckSymbol(a). This significantly reduces
the number of CheckSymbol operations in optimized code for the ARES-6
Air benchmark.
Bug: v8:6344
Change-Id: I50420f8d862fec31214b7e86b17919edcfc1f23e
Reviewed-on: https://chromium-review.googlesource.com/1213173
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55731}
Seems like most lifeedit tests are not predicable.
NOTRY=true
TBR=yangguo@chromium.org
Bug: v8:8147
Change-Id: Ia0a3871112f5a6f4b5821ee401bfdfd26dd8f9e5
Reviewed-on: https://chromium-review.googlesource.com/1213211
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55730}
Though it works with other variants apparently, we don't want to waste to
many resources for now.
NOTRY=true
TBR=sergiyb@chromium.org
Bug: chromium:866862
Change-Id: I8da2808fec183efa1bf325664ecf33f18a5b02fc
Reviewed-on: https://chromium-review.googlesource.com/1213187
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55728}
... and add move constructor and move assignment operator.
Also define some VirtualMemory parameters as r-values to explicitly express
that the ownership is passed from the caller to callee.
Bug: v8:8015
Change-Id: Iee27ddc844556dc7465177656b339cd1f83a3b56
Reviewed-on: https://chromium-review.googlesource.com/1213062
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55726}
This replaces the previous CheckStringAdd operator which deopts in case
the combined length overflows with a dedicated pure StringConcat operator.
This operator is similar to NewConsString in that it takes the resulting
length plus the two input strings. The operator relies on the length
being checked explicitly by the surrounding code instead of baking the
check into the operator itself. This way TurboFan can eliminate
redundant/unnecessary StringConcat operations, since they are pure now.
This also unifies the treatment of string addition in JSTypedLowering,
and generalizes the StringLength constant-folding to apply to more cases
not just the JSAdd cases inside JSTypedLowering.
Bug: v8:7902, v8:8015
Change-Id: I987ec39815a9464fd5fd9c4f7b26b709f94f2b3f
Reviewed-on: https://chromium-review.googlesource.com/1213205
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55725}
This optimization addresses a case triggered by the Templates/Untagged
js-perf-test, in which template literals get compiled to a cascade of
JSAdd(JSAdd, JSToString) nodes.
Before the optimization in https://chromium-review.googlesource.com/c/v8/v8/+/1193342
JSToString no-ops used to get optimized away during typed lowering together
with constant folding of string concatenation. This change allows us to get
rid of a no-op JSToString call during native context specialization, thus
allowing for constant folding of JSAdd to kick in and CheckStringAdd nodes to
not be generated at all.
This change also removes the NumberToString optimization from typed
lowering, as it's being executed during earlier stage.
Bug: chromium:879083
Change-Id: I1d8155ed969b6959fbb86fca21e4714b88a2695a
Reviewed-on: https://chromium-review.googlesource.com/1202622
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55724}
The cctest and unittests suites call the test executable to list the
tests, which requires pushing the executables to the device on Android.
NOTRY=true
TBR=sergiyb@chromium.org
Bug: chromium:866862
Change-Id: I318dff7af2b2de3b8642ec4b6ba30b602da808bb
Reviewed-on: https://chromium-review.googlesource.com/1213202
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55723}
Add a test that runs multiple workers that concurrently try to advance
along a random sequence of numbers, using AtomicCompareExchange to
update the shared current position.
Change-Id: Ie073bbdce6fd6766ef1f73f996dd592b90b8b3c2
Reviewed-on: https://chromium-review.googlesource.com/1198769
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55722}
This reverts commit 0aac3884c9.
Reason for revert: Various performance regressions (Blink and JSTests).
Original change's description:
> [turbofan] Be more consistent about Smi comparisons.
>
> This changes SimplifiedLowering to be more consistent when chosing Smi
> representation as input for Number comparisons. We already had some
> isolated logic for doing (speculative) Number comparisons on Smis, but
> only in the case where that decision was based on type feedback, not on
> information already present in the graph.
>
> Bug: v8:7703
> Change-Id: I25370ade630917675a6ac79b5ae6a8afd253dfc7
> Reviewed-on: https://chromium-review.googlesource.com/1196422
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55518}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7703, chromium:881758, chromium:881759, chromium:881760
Change-Id: I4af9c0b0ad37dea17ceabeb721c92a7cc978987a
Reviewed-on: https://chromium-review.googlesource.com/1213185
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55720}
Make the TurboFan Typer infer proper types for calls to the known
Symbol.prototype.toString() and Symbol.prototype.valueOf() builtins.
Bug: v8:8015
Change-Id: Ia133bd8f2cfcabaf984820a953b357d1747d6892
Reviewed-on: https://chromium-review.googlesource.com/1213203
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55719}
Splits PreParsedScopeDataBuilder out of ProducedPreParserScopeData to make the split between
building PreParsedScopeData and using already build PreParserScopeData more explicit.
BUG=v8:8041
Change-Id: Iab42cab84c247152c14ac39f3136f985753160ec
Reviewed-on: https://chromium-review.googlesource.com/1202104
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55718}
The first: we allocated within the argument list of a function call on
a handlified receiver. The allocation may trigger GC which leaves us
with a stale receiver reference.
The second: in generated code we triggered further allocations while
an uninitialized fixed array was live.
Bug: v8:8145
Change-Id: If59cab6274277534b2ff6463daa5863b8feae22c
Reviewed-on: https://chromium-review.googlesource.com/1213162
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55717}
This is needed to implement a new metric that measures
health of Web Page Replay archives.
Bug: chromium:880432
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I59aed22e4671e491fc3a30d04fbdce1643404b32
Reviewed-on: https://chromium-review.googlesource.com/1204570
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55716}