This is the implementation of crrev.com/c/866721 for arm.
Drive-by change: I simplified the slot index calculation.
Original description:
At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.
R=v8-arm-ports@googlegroups.com
Change-Id: Ic448872aa1da63f421d569ab5ec9160f36e6652b
Reviewed-on: https://chromium-review.googlesource.com/866745
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50607}
There is not much missing to support loading and storing f32 values.
This CL adds that.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: If4a21490bfcb9cccec1ba62986a23549b3c857fa
Reviewed-on: https://chromium-review.googlesource.com/866711
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50606}
Make this a member method of WasmTableObject, because it is pretty
coupled with that object anyways, and is always being called together
with WasmTableObject::Set or WasmTableObject::AddDispatchTable.
It also simplifies another refactoring: https://crrev.com/c/866733R=titzer@chromium.org
Change-Id: I53392fb9cf21f2e45c2a144d180e9b3614657094
Reviewed-on: https://chromium-review.googlesource.com/866933
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50605}
The implementation can be greatly simplified by using variadic
templates.
R=mstarzinger@chromium.org
Change-Id: Ifbda09bc536c9660a83d1888b395e92367c9b03e
Reviewed-on: https://chromium-review.googlesource.com/860458
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50603}
This adds testing configs to the V8 side, so that they can be deleted on the
infra side in a follow up.
TBR=yangguo@chromium.org
NOTRY=true
Bug: v8:7302
Change-Id: I93e65576b9799675ea0a8beca188c84a30695de3
Reviewed-on: https://chromium-review.googlesource.com/867037
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50597}
The (numbing) repetition in these tests were leading to errors when
writing new tests. Now a function DefineHigherOrderTests() can be
used to succinctly describe a test on (mostly) a single line.
Change-Id: I70d65ffd784a17bbf0b9ca2de477135c5d901794
Reviewed-on: https://chromium-review.googlesource.com/864144
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50590}
At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.
R=titzer@chromium.org
Change-Id: Iab676186f41b8174bcc6c5a6053e6b0d5640ed3c
Reviewed-on: https://chromium-review.googlesource.com/866721
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50586}
This is the implementation of crrev.com/c/766371 for arm64.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
R=v8-arm-ports@googlegroups.com
Change-Id: I6e344a23f359861c9a1ff5a6511651c2176ce9a8
Reviewed-on: https://chromium-review.googlesource.com/842545
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50585}
Also sort all variants in configuration mapping.
Bug: v8:7285
Change-Id: I2d3032b911e48c34557e47e50345fb29da7bbe85
Reviewed-on: https://chromium-review.googlesource.com/866502
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50584}
On Arm64, the 31 encoding refers to either the zero register or the stack
pointer depending on the instruction. However, in order to distinguish them in
the assembler, the stack pointer has an internal code which isn't 31.
As a result, we need to use the internal code when converting a Register to a
DWARF code.
Bug: v8:6644
Change-Id: If8a6b6c94badd7d10c22664c7081733258b07a31
Reviewed-on: https://chromium-review.googlesource.com/866870
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#50583}
This fixes a corner-case in the {NativeModuleSerializer} with modules
that do not contain any functions in the code table.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-801850
BUG=chromium:801850
Change-Id: I30cc3a26f30d8653fba2d7b99715830d12300ac2
Reviewed-on: https://chromium-review.googlesource.com/866773
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50581}
- Remove CSA fallback to runtime for overlap cases
- Move overlap handling from runtime into elements.cc
Depending on typed array size (and overlap size), quick measurements
show a 4.3x - 8x improvement. This fixes large >5x performance
cliff between overlap and non-overlap cases.
https://github.com/peterwmwong/v8-perf/blob/master/typedarray-set-overlap-fast-c-call/README.md
Bug: v8:5929
Change-Id: I47758d2ee603bc26f38dd9112567113cf887f5d5
Reviewed-on: https://chromium-review.googlesource.com/846378
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#50578}
This will add three gc fuzzing flags with 5% likelihood each to the second
correctness fuzzing config. The random checks are determined by the
top-level random-seed passed to the script.
This change depends on setting the fuzzer random seed as default to the
standard random seed, since the former isn't explicitly passed by
clusterfuzz.
NOTRY=true
TBR=hpayer@chromium.org
Bug: v8:7012
Change-Id: I794dc48bb953b6a95bbc4fc4305ad561bc13b6ee
Reviewed-on: https://chromium-review.googlesource.com/865912
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50577}
On arm64, the stack pointer has to be aligned all the time. This
alignment was not considered in the creation of the CallDescriptor in
the fuzzer and thereby caused a mismatch between the CallDescriptor and
code generator. In other words, a callee put return values in a stack
slot which was different than the stack slot where the caller expected
the return value.
With this CL we consider this alignment in the fuzzer.
R=clemensh@chromium.org
Change-Id: I8c78c24c682b7b8678c0d4d112bae99cf405b184
Reviewed-on: https://chromium-review.googlesource.com/864682
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50574}
Mixing SSE and AVX instructions can cause severe slowdowns, so always
use AVX instructions if available.
The {Movss} method of {TurboAssembler} automatically does this,
emitting either {vmovss} or {movss}.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I45124944964e5a970814c7b50dfbfca333137dc1
Reviewed-on: https://chromium-review.googlesource.com/865910
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50572}
Every JS function has a bailout check at the beginning which makes sure it was
not lazily deoptimized. We can improve the check slightly:
- Load the code data container directly with a pc-relative load instead of
ADR+LDR.
- Check the deoptimization bit with TBZ directly, saving us a TST instruction.
- Use one of the macro-assembler's dedicated scratch registers instead of x2.
Bug:
Change-Id: Iea4824c74ed5a01b18595d5e980788f9745bbb6e
Reviewed-on: https://chromium-review.googlesource.com/864446
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#50570}
If a NumberConstant can be represented as a Smi, then lower it to a
IntPtrConstant node during simplified lowering. Thanks to this, all backends can
match Smi values that can also be encoded as immediates in the instruction
selector. Additionally, we can apply the same lowering to the CodeAssembler for
the snapshot.
As a result, we can remove `mov` instructions generated because Int32Matcher and
Int64Matcher didn't not recognize Smis:
For 32-bit target, it's common for Smis also be immediates: "if (a < 100) {}"
~~~
mov r1, #200 -> cmp r0, #200
cmp r0, r1 -> blt <>
blt <> ->
~~~
On Arm64 particularly, we lose opportunites to use `cbz`: "if (a == 0) {}"
~~~
movz x0, #0x0 -> cbz x1 <>
cmp x1, x0 ->
b.eq <> ->
~~~
Overall, we do not see an impact on benchmarks such as webtooling. However, we
do see noteworthy code size reduction, from 0.5% to 1.5%.
Bug:
Change-Id: I7fbb718ad51b9036c3514fa31c1326bdd6f2b0e6
Reviewed-on: https://chromium-review.googlesource.com/848814
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#50569}
Instead of passing four arguments to the runtime function, just pass
one pointer to a struct containing all information. This makes it much
easier to implement memory tracing in Liftoff in a follow-up CL.
Also fix a few other minor things like the namespace and the include
guards.
R=titzer@chromium.org
Change-Id: I47d8827cbb896a581585947f594af52f42bdb37c
Reviewed-on: https://chromium-review.googlesource.com/863673
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50568}
The fast variants set got the same as no variants after crankshaft
deprecation and there is no plan to extend it again. Hence we remove
the modifier now.
TBR=yangguo@chromium.org
Bug: v8:7264
Change-Id: Ib577542741841b5b9542327b90afea8d5a62c879
Reviewed-on: https://chromium-review.googlesource.com/866496
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50566}
For JSCreate nodes with constant inputs we cannot simply assume that the
new.target input is a JSFunction, since it can essentially be any
JSReceiver that is a constructor, i.e. it can also be a JSBoundFunction.
Bug: chromium:801627
Change-Id: Ia37bf9c0a751e4665e1167a3771fbe166473c979
Reviewed-on: https://chromium-review.googlesource.com/866493
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50563}
This moves the funky conditional code in ScheduleAndSelectInstructions to
the caller (the caller mostly knows statically what it wants).
My hidden agenda is to prepare the pipeline for post-scheduling passes.
Change-Id: Ia6009a6b2472d7211ef213eb4eb551957ae9709c
Bug: v8:5267
Reviewed-on: https://chromium-review.googlesource.com/863663
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50562}
This reverts commit 42667bab5b.
Reason for revert: Breaks msvc compile:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/908
Original change's description:
> Simplify FunctionKind, saving 4 bits in SharedFunctionInfo
>
> Since we only need to store 18 different function kinds,
> the bitfield approach was wasting space (requiring 11 bits).
>
> This patch replaces the bitfield with a regular enum, and
> updates all the FunctionKind predicates to use comparisons
> instead of bitwise ops.
>
> For the small amount of builtin code that depended upon being
> able to do masking to determine whether something is a class
> constructor, we still store two extra bits on FunctionKind,
> which are computed when the SFI is initialized.
>
> If this approach causes performance regressions (i.e., if it
> turns out that other code was implicitly depending on masking
> for fast checks), we can revert this or address it in
> other ways (e.g., by doing similar caching of repeated checks
> in the caller).
>
> Change-Id: Iebb3214f564ea8bd7b21e78fda33517d63247124
> Reviewed-on: https://chromium-review.googlesource.com/860896
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50559}
TBR=adamk@chromium.org,gsathya@chromium.org
Change-Id: I8e1faa0ca6213d1e70a00fcb417b1bfa35ebd643
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/866310
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50561}
Since we only need to store 18 different function kinds,
the bitfield approach was wasting space (requiring 11 bits).
This patch replaces the bitfield with a regular enum, and
updates all the FunctionKind predicates to use comparisons
instead of bitwise ops.
For the small amount of builtin code that depended upon being
able to do masking to determine whether something is a class
constructor, we still store two extra bits on FunctionKind,
which are computed when the SFI is initialized.
If this approach causes performance regressions (i.e., if it
turns out that other code was implicitly depending on masking
for fast checks), we can revert this or address it in
other ways (e.g., by doing similar caching of repeated checks
in the caller).
Change-Id: Iebb3214f564ea8bd7b21e78fda33517d63247124
Reviewed-on: https://chromium-review.googlesource.com/860896
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50559}
It was shipped in Chrome 63.
Bug: v8:5855
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icc00b8300622d1c7b5662be8ac5e425b9781f666
Reviewed-on: https://chromium-review.googlesource.com/858381
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50558}
