Add support for disallowing speculation upon deoptimize from
a CheckBound node, and use this in the case of array builtins
in js-call-reducer to prevent deoptimization loops.
Bug: v8:7127
Change-Id: I04cf655b10178d2938d2f0ee6b336601fab6463b
Reviewed-on: https://chromium-review.googlesource.com/822195
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50097}
Adds static_cast<int> to a number of return values in disasm-arm64.cc.
The implicit conversion from size_t (unsigned long) to int was causing
compilation warnings/errors when upgrading to Android NDK r16.
Bug: chromium:771171
Change-Id: I9a5f80d65565e1a9ab4caf2cf874240f04f406a1
Reviewed-on: https://chromium-review.googlesource.com/826254
Commit-Queue: Brian Sheedy <bsheedy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50094}
This would help separate such API misuses from other Invoke() crashes
which indicate crashes in generated code.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6c596fb63950d7306fab1b689dd913a61764d257
Reviewed-on: https://chromium-review.googlesource.com/825942
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50092}
Port bd732f7ddd
Original Commit Message:
The original CL introduced a test which uses a random number generator.
I disable the test for now, which is okay because this CL adds to a
work-in-progress feature anyways, and I will fix the problem in another
CL.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
So far, only ia32 and x64 are implemented.
R=ahaas@chromium.org, joransiu@ca.ibm.com, jbarboza@ca.ibm.com
BUG=
LOG=N
Change-Id: I8d63286aa5af5f52cc2eeaf2adeee13d0ff19e7d
Reviewed-on: https://chromium-review.googlesource.com/823084
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50091}
In a certain scenario streaming compilation got stuck and did never
finish. This CL fixes this issue.
Scenario:
* Streaming compilation starts
* The compilation tasks execute all compiation units in the working
queue and set the finished_ flag to true.
* New data arrives over streaming
* The compilation tasks compile so fast that the executed_units_ queue
gets full. The compilation tasks stop executing and wait for the
finisher task to restart them.
* The finisher task does not restart the compilation tasks because the
finished_ flag is set.
With this CL I remove the finished flag and instead look at the size
of the working queue directly.
In addition I added a test which does not actually reproduce this
scenario but seems good to have anyways.
R=mtrofin@chromium.org
Change-Id: I44560c43e51be13c4461208368e21137b115656c
Reviewed-on: https://chromium-review.googlesource.com/824523
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50090}
top_on_previous_step_ can only be valid when Allocation Observers are
active. Add some assertions in the code to ensure this holds.
Use AllocationObserversActive() more pervasively. Remove some code based
on the established invariant.
Bug:
Change-Id: I7f0d4c4f617ed9fa05c6b94202a90953fbc33cfd
Reviewed-on: https://chromium-review.googlesource.com/823576
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#50088}
- Makes ArrayBufferAllocatorBase forward all operations to default
ArrayBufferAllocator.
- ShellArrayBufferAllocator uses VM for allocations over a threshold.
Bug: chromium:793750,v8:7146
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I62d8f9281b744e987223a16fbb762bd77747bf39
Reviewed-on: https://chromium-review.googlesource.com/822764
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50087}
This ensures that MigrateFastToFast does not overflow the length of the
property array.
Bug: chromium:789393
Change-Id: I77adc319c1c8c469ea482bad35ead8661d535192
Reviewed-on: https://chromium-review.googlesource.com/824167
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50086}
The k value passed to NumberAdd was outside the integer range, which
meant it had to choose Double as the only valid representation. The
other array builtins pass the result of CheckBounds here to specifically
force the types into integer range, which allows the representation
selection to pick Word32 instead of Float64 representation.
Drive-by-fix: Pass kind to AccessBuilder::ForJSArrayLength() as well.
Bug: chromium:791045, v8:1956
Change-Id: I357e1ba0dc52be544e631e4d554ab772b9b4c9bb
Reviewed-on: https://chromium-review.googlesource.com/823968
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50084}
The dispatcher is responsible for handling stores to lexical environment
variables and for storing directly to the JSGlobalObject. In the latter
case the dispatcher also ensures that JSGlobalProxy is provided as
a receiver if a setter function has to be called.
Unlike StoreIC the calling convention for the StoreGlobalIC does not include
receiver.
Bug: v8:7206, chromium:576312, v8:5561
Change-Id: Ifa896c7b41bf440785b757c2272ec91211e79c98
Reviewed-on: https://chromium-review.googlesource.com/818965
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50081}
Revision 5bc1d29 introduced a bug in the case when the filler is in
the unmapped region, which leads to CHECK failure.
Change-Id: I013e4386f6d5e9cdad22c11e1a7a9f1a088375ae
Reviewed-on: https://chromium-review.googlesource.com/823845
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50080}
So far we generated source positions and safepoint information, but we
never actually attached it to the generated code objects. This CL adds
that.
R=titzer@chromium.org
Bug: v8:6600, chromium:793694
Change-Id: I8f4c6d8752f4c31a1df51c4893c262ea5925f3b5
Reviewed-on: https://chromium-review.googlesource.com/824266
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50077}
- All testcase/testsuite/variant generator subclasses renamed to
just TestCase/TestSuite/VariantGenerator since they're private
implementation.
- All `testcase` variables renamed to `test` to not conflict with
a module name.
- No more two statements in the same line.
- Removed some unused testsuite methods.
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7710f3419f738a5f9ddca73765dd2cad2e35b952
Reviewed-on: https://chromium-review.googlesource.com/823964
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50076}
The intel manual knows "short jumps", "near jumps" and "far jumps",
where our Label::kNear corresponds to short jumps and Label::kFar
corresponds to near jumps.
Add some words to document this.
R=mstarzinger@chromium.org
Change-Id: I2b41cc770ee2c1fecff5e7363cede264ca3cd033
Reviewed-on: https://chromium-review.googlesource.com/824270
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50075}
This refactors the list of redirections of runtime call targets that
simulators maintain to be process-wide (as opposed to be per Isolate).
Such redirections are used for static C++ call targets which themselves
are process-wide, which makes this model a closer fit. Access is already
properly synchronized via a mutex.
Along the way this also introduces the {SimulatorBase} class as a common
base class for all simulator implementations.
R=clemensh@chromium.org
Change-Id: Iae8602c44b1b34cb916dde2b22c9403b0496b3d4
Reviewed-on: https://chromium-review.googlesource.com/823966
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50074}
RegisterLists should only be allocated via the register allocator. To ensure
this, make the RegisterList constructor private and only expose it to tests
and the BytecodeRegisterAllocator.
Change-Id: I09ebfc5c0f1baecfb1333fd672b96d462fd26fcf
Reviewed-on: https://chromium-review.googlesource.com/822196
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50073}
LiftoffAssembler::ReserveStackSpace expected number of bytes, not
number of stack slots. Also, make this clear in the naming of the
parameter, and remove a dead field.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ic4c7167cfa26a169b2936acdde865863141f441d
Reviewed-on: https://chromium-review.googlesource.com/823967
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50072}
We really just need one check instead of three. This also unifies the
error message to be the same on 32 and 64 bit systems.
Drive-by: Fix potential overflow in {validate_size}.
R=titzer@chromium.org
Bug: chromium:794353
Change-Id: I63c1f5ef53c1f245b9e82bcbf86a5d9ac0d2725e
Reviewed-on: https://chromium-review.googlesource.com/824082
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50071}
This includes adding a padding slot to the stack handler, which is done for all
architectures for consistency.
Bug: v8:6644
Change-Id: I8a6379a82e2a9d1819069850b6734489bd6071a6
Reviewed-on: https://chromium-review.googlesource.com/822477
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#50070}
This disallows speculation after deoptimization from any of
Array.{forEach,map,filter,find} due to CheckMap fails. Such
CheckMap fails happen if the builtins' function argument
causes the map of the array to change. The js-call-lowering
refrains from optimizing builtins for which speculation was
disallowed.
Bug: v8:6898, v8:7127
Change-Id: Ied6696f8fb023ee404fb82e9d37bfb061f293854
Reviewed-on: https://chromium-review.googlesource.com/819354
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50069}
Add support for loading and storing i32 values to and from memory.
Support for f32 and for non-traphandler configurations (i.e. emitting
bounds checks) will be added in a follow-up CL.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I43c44ce61f5acbac325261212374eb0f48c6ee89
Reviewed-on: https://chromium-review.googlesource.com/809164
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50068}
I also used the opportunity to clean up the loop peeler a bit by making the
class stateful, to avoid passing long argument lists around.
Bug: v8:5864
Change-Id: I2e034c6eabd381b01e15cf3e6aa3ce7b14e7b3d8
Reviewed-on: https://chromium-review.googlesource.com/822933
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50067}
For eager deopts within builtin stub frames we skiped marking the
underlying function as deoptimized. This avoided deopt loops where
we would just generate the same optimized code all over again.
Bug: v8:6898
Change-Id: Ie3d7ee4dfcbeb63e6087112d5740a423c4730599
Reviewed-on: https://chromium-review.googlesource.com/822491
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50066}
- create testcase subclass for each test
- move get_command, get_source from suite to test
- promises-aplus tests are broken
- moving expected outcomes etc. is still in progress
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I006e64ecf51dda95c41dff88c68b24f17a638566
Reviewed-on: https://chromium-review.googlesource.com/798331
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50065}
This CL adds support to the deoptimizer for setting the no speculation
bit on a provided feedback vector if desired.
Bug: v8:7127
Change-Id: I31fd1ea306cf5a4e919faeb896a83c1afdfccd63
Reviewed-on: https://chromium-review.googlesource.com/819370
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50064}
This reverts commit 7d699b938c.
Reason for revert: Actually we like the trampolines. Slight reduction in code size, and prevents spanning the icache.
Original change's description:
> [ICs] Eliminate trampoline ICs in TurboFan generic lowering
>
> Trampoline ICs differ from normal ICs only in that they
> load the feedback vector from the stack instead of accepting it
> as an argument. We created them for FullCodeGen, where you always
> have the feedback vector on the stack, and can reduce the amount
> of code required to invoke an ICs by hiding the stack load down
> in the trampoline IC.
>
> Now the concept isn't really necessary, and we can achieve a
> nice cleanup of our idea-space by removing it. The first step is
> to remove their usage in TurboFan.
>
> Bug: v8:7199
> Change-Id: I08aefa5de199b1f19adea261b7086a84338c0805
> Reviewed-on: https://chromium-review.googlesource.com/822193
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50038}
TBR=mvstanton@chromium.org,tebbi@chromium.org
Change-Id: I63dcd98b799739d1d6ea55508b1ea5cfad9e3292
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7199
Reviewed-on: https://chromium-review.googlesource.com/822420
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50063}
The new frame type is inteneded to represent native C++ stack frames.
JS code may sometimes make calls to helper native functions that do not
provide any special stack layout besides the return address and frame pointer.
Currently the stack iterator bails out when it sees an unknown frame.
The patch allows the iterator to unwind stacks having such frames.
BUG=chromium:768540
Change-Id: I9c273c7015695a6733c0a0c52b522fca7b25de0d
Reviewed-on: https://chromium-review.googlesource.com/794991
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50058}
These enums capture the "type" of a load and store in one value, with
accessors to get the value type, memory type, memory size etc.
This will simplify implementing memory operations in Liftoff.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ief673e90fe63292853f97e5e95b5c39da1296730
Reviewed-on: https://chromium-review.googlesource.com/822476
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50054}
Turbofan does not always maintain source positions. Since the profiler
is best-effort only, this is ok and we should not assert it.
Source positions for stack traces are computed with an independent
mechanism: the stack walker. It's impossible to use the stack walker
here since it assumes that the frames actually exist.
Bug: chromium:787959
Change-Id: I43c3c4e6de0a9b5f76b05c53af238cb1df6ea1c5
Reviewed-on: https://chromium-review.googlesource.com/822930
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50053}
* DisableInlineAllocationSteps was a blunt hammer added to work around
tests that needed to avoid artificially lower limits imposed by
observers. PauseAllocationObserversScope can properly disable step on
a temporary basis.
* Modify tests. Remove DisableInlineAllocationSteps.
This exposed a bug in allocation observers: we were not doing a step
when a fresh page is added.
Fix this by moving the step into UpdateAllocationInfo. We should be
doing a step (and keeping top_on_previous_step_ consistent) whenever
we move move top(). UpdateAllocationInfo is the correct place for this
rather than the callers of UpdateAllocationInfo.
Bug:
Change-Id: I2edc238dc2e73bf9a2e9738c2a9b50efcac5cbf0
Reviewed-on: https://chromium-review.googlesource.com/821052
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50052}
If an initializer is a NaryOperation, its position ends up as a start position
of a Scope, and a DCHECK used to fire.
Interestingly, this was not caught by our existing tests.
BUG=chromium:791256
Change-Id: Id47f850c7ad17ca580352f9bd56c9567b485c3b8
Reviewed-on: https://chromium-review.googlesource.com/822093
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50051}
This is a reland of fa18e78dc7.
Mips compile error is fixed.
Original change's description:
> [wasm] [cleanup] Only pass information really needed
>
> Instead of always passing the MachineType, we can often just pass the
> accessed memory size or the MachineRepresentation, which is less
> information to pass and will simplify the upcoming refactoring for
> memory operations in Liftoff.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: I8748f8e00dcfdbc4082893143fe88bdafde99053
> Reviewed-on: https://chromium-review.googlesource.com/822194
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50041}
TBR=titzer@chromium.org
Bug: v8:6600
Change-Id: I3dff3072d6ceebd74873ace0c7dce7cccc3055d5
Reviewed-on: https://chromium-review.googlesource.com/822851
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50050}
This reverts commit ee106cb907.
Reason for revert: Still failing on big endian mips.
Original change's description:
> Reland "[wasm] [cleanup] Only pass information really needed"
>
> This is a reland of fa18e78dc7.
>
> Mips compile error is fixed.
>
> Original change's description:
> > [wasm] [cleanup] Only pass information really needed
> >
> > Instead of always passing the MachineType, we can often just pass the
> > accessed memory size or the MachineRepresentation, which is less
> > information to pass and will simplify the upcoming refactoring for
> > memory operations in Liftoff.
> >
> > R=titzer@chromium.org
> >
> > Bug: v8:6600
> > Change-Id: I8748f8e00dcfdbc4082893143fe88bdafde99053
> > Reviewed-on: https://chromium-review.googlesource.com/822194
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#50041}
>
> TBR=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: Ia2c47464277a7c7a70099e7f7d6e32003e34d87e
> Reviewed-on: https://chromium-review.googlesource.com/822342
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50047}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I448e3ad433451fb468c2db66b4b297e8c72a8c69
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/822696
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50048}