The slow-path of CheckedInt32Mod(x,y) when x is found to be negative
still had the power of two right hand side optimization, and thus would
perform a dynamic check on y. Now the same dynamic check was done for
the fast-path, and the word operations for this check were pure, leading
to weird bit materialization in TurboFan (due to sea of nodes). But
there's not really a point to be clever for the slow-path, so we just
insert the Uint32Mod operation directly here, which completely avoids
the problem.
This improves the Kraken/audio-oscillator test from around 73ms to 69ms.
Bug: v8:8069
Change-Id: Ie8ea667136c95df2bd8c5ba56ebbc6bd2442ff23
Reviewed-on: https://chromium-review.googlesource.com/c/1259063
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56370}
When converting a Signed32\/MinusZero value from Word32 to Float64
representation or just passing it through as Word32 (with potential
type checks on it) we don't need to worry about -0 as long as the uses
identify 0 and -0.
Drive-by-fix: Fix the CheckChange() helper in the representation
changer test to pass Truncation::Any() by default.
Bug: chromium:891639, chromium:891612, chromium:891627, v8:8015, v8:8178
Change-Id: I06948ec0cdb8e778cb3678124ef927277a5f40ee
Reviewed-on: https://chromium-review.googlesource.com/c/1258902
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56369}
Adds new VisitModes VISIT_ALL_BUT_READ_ONLY and
VISIT_STRONG_FOR_SERIALIZATION.
GC-related methods like MarkReachableObjects now now use
VISIT_ALL_BUT_READ_ONLY instead of VISIT_ALL. All GC-related VisitModes
skip iterating over the read-only roots.
All Serializer methods should always use a _FOR_SERIALIZATION value to
ensure they do visit the read-only roots.
Also adds RootsTable::read_only_roots_begin and end methods.
Bug: v8:7464
Change-Id: I468d7ae9f345d9fc0e10837f01dc5b92bd996412
Reviewed-on: https://chromium-review.googlesource.com/c/1256245
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56368}
Often, tasks just need to call a single API method. By implementing
such tasks via a lambda, we save a lot of boilerplate. Additionally,
since lambdas are defined inside other function bodies, they have
access to private methods, which sometimes allows for better
encapsulation.
This CL introduces {CancelableLambdaTask} and
{CancelableIdleLambdaTask} and uses them to replace some custom tasks.
More can be refactored later.
R=ahaas@chromium.org
Bug: v8:8238
Change-Id: I88bd2c9bd57ebc32d082528f2e4251d741a0d021
Reviewed-on: https://chromium-review.googlesource.com/c/1256773
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56367}
This is a hack to make sure the atomic operations don't
use the kRootRegister ebx before code generation.
I've filed v8:8254 to track that a larger clean-up operation
will be needed to remove this and other hacks.
Change-Id: I6f28f01ba2f96257a9e65eaa36fcad66b01906dd
Bug: v8:6666, v8:8254
Reviewed-on: https://chromium-review.googlesource.com/c/1256862
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56366}
This reverts commit ef2a19a211.
Reason for revert: Broken layout tests: https://ci.chromium.org/p/chromium/builders/luci.chromium.try/linux_chromium_rel_ng/201392
Original change's description:
> Add fast path for spreading primitive strings.
>
> This improves the performance on primitive strings of
> IterableToListWithSymbolLookup, which implements the
> CreateArrayFromIterable bytecode. The fast path is only
> taken if the string iterator protector is valid (that is,
> String.prototype[Symbol.iterator] and
> String.prototype[Symbol.iterator]().next are untouched).
>
> This brings spreading of primitive strings closer to the
> performance of the string iterator optimizations.
> (see https://docs.google.com/document/d/13z1fvRVpe_oEroplXEEX0a3WK94fhXorHjcOMsDmR-8/).
>
> Bug: chromium:881273, v8:7980
> Change-Id: Ic8d8619da2f2afcc9346203613a844f62653fd7a
> Reviewed-on: https://chromium-review.googlesource.com/1243110
> Commit-Queue: Hai Dang <dhai@google.com>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56329}
TBR=ulan@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org,dhai@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:881273, v8:7980
Change-Id: I4868160b87bdebf9fd2ff346aefd4cdce23681a1
Reviewed-on: https://chromium-review.googlesource.com/c/1261022
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56365}
This undoes the workaround from https://crrev.com/c/1223426.
Bug: chromium:887888
Change-Id: Id7a68354b1f1020d7d001ba4120be8a11f896067
Reviewed-on: https://chromium-review.googlesource.com/c/1260942
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56364}
This introduces a new flag --async-stack-traces, which enables zero-cost
async stack traces. This enriches the non-standard Error.stack property
with async stack frames computed from walking up the promise chains and
collecting all the await suspension points along the way. In Error.stack
these async frames are marked with "async" to make it possible to
distinguish them from regular frames, for example:
```
Error: Some error message
at bar (<anonymous>)
at async foo (<anonymous>)
```
It's zero-cost because no additional information is collected during the
execution of the program, but only the information already present in the
promise chains is used to reconstruct an approximation of the async stack
in case of an exception. But this approximation is limited to suspension
points at await's in async functions. This depends on a recent ECMAScript
specification change, flagged behind --harmony-await-optimization and
implied the --async-stack-traces flag. Without this change there's no
way to get from the outer promise of an async function to the rest of
the promise chain, since the link is broken by the indirection introduced
by await.
For async functions the special outer promise, named .promise in the
Parser desugaring, is now forcible allocated to stack slot 0 during
scope resolution, to make it accessible to the stack frame construction
logic. Note that this first prototype doesn't yet work fully support
async generators and might have other limitations.
Bug: v8:7522
Ref: nodejs/node#11865
Change-Id: I0cc8e3cdfe45dab56d3d506be2d25907409b01a9
Design-Document: http://bit.ly/v8-zero-cost-async-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/1256762
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56363}
When projection nodes are optimized, TempRegisters are used, which
don't check to see if the registers are already in use.
UseUniqueRegisters instead.
Change-Id: I6a327098067daa3328355380da666d404fcc8b46
Bug: v8:8202, v8:6532
Reviewed-on: https://chromium-review.googlesource.com/c/1259107
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56360}
fixed Abort() calling sequence on platforms with function descriptors by taking
function descriptor of the External Reference object into account when calling
C code.
Change-Id: I54c04a5f1774f2768380cc5c95b1b807204335ce
Reviewed-on: https://chromium-review.googlesource.com/c/1258186
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56356}
In C to WASM stubs, when number of parameters is more than 5, or
anything requires stack arguments, current linkage is faulty
because of missing STACK_SHADOW_WORDS
Drive-by: Also cleanup s390 code which is not supported anymore.
R=joransiu@ca.ibm.com
Change-Id: I7405c32fd94e158e6868f9ce7d4390c995078dbb
Reviewed-on: https://chromium-review.googlesource.com/c/1257269
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56352}
This is part of clean-up for a new Clang warning that we'd like to
enable. This patch addresses all warnings from V8 that I saw in a full debug
build of Chromium on Linux.
../../v8/src/reloc-info.h:405:18: warning: explicitly defaulted move assignment
operator is implicitly deleted [-Wdefaulted-function-deleted]
RelocIterator& operator=(RelocIterator&&) = default;
^
../../v8/src/reloc-info.h:447:13: note: move assignment operator of
'RelocIterator' is implicitly deleted because field 'mode_mask_' is of
const-qualified type 'const int'
const int mode_mask_;
^
../../v8/src/wasm/baseline/liftoff-compiler.cc:111:36: warning: explicitly
defaulted move constructor is implicitly deleted [-Wdefaulted-function-deleted]
MOVE_ONLY_NO_DEFAULT_CONSTRUCTOR(LiftoffCompiler);
^
../../v8/src/wasm/baseline/liftoff-compiler.cc:1834:20: note: move constructor
of 'LiftoffCompiler' is implicitly deleted because field 'asm_' has a deleted
move constructor
LiftoffAssembler asm_;
^
../../v8/src/wasm/wasm-debug.cc:95:3: warning: explicitly defaulted move
assignment operator is implicitly deleted [-Wdefaulted-function-deleted]
MOVE_ONLY_NO_DEFAULT_CONSTRUCTOR(InterpreterHandle);
^
../../v8/src/wasm/wasm-debug.cc:98:19: note: move assignment operator of
'InterpreterHandle' is implicitly deleted because field 'interpreter_' has a
deleted move assignment operator
WasmInterpreter interpreter_;
^
../../v8/src/wasm/wasm-interpreter.h:211:35: note: copy assignment operator of
'WasmInterpreter' is implicitly deleted because field 'internals_' is of
const-qualified type 'v8::internal::wasm::WasmInterpreterInternals *const'
WasmInterpreterInternals* const internals_;
^
Bug: chromium:890307
Change-Id: Idfc5827f24821212081a006c4329c466c4576bcc
Reviewed-on: https://chromium-review.googlesource.com/c/1256863
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56351}
By moving the block range end to left of closing bracket,
we can avoid ambiguity where an open-ended singleton range
could be both interpreted as inside the parent range, or
next to it.
R=verwaest@chromium.org
Bug: v8:8237
Change-Id: Ibc9412b31efe900b6d8bff0d8fa8c52ddfbf460a
Reviewed-on: https://chromium-review.googlesource.com/1254127
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56347}
The root register is not available in JS-to-Wasm functions, and
this was not reflected in the linkage. Similarily, it is not
available in C-to-Wasm functions.
Change-Id: I2dbfd06ef99d6f9b9940e9489f563441d9ebfabd
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1256766
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56346}
Int64AbsWithOverflow should have 2 return value, the 2nd one should
indicate whether it's overflow or not.
This causes a debug failure on s390x.
Change-Id: I2874227751d5874b47e63fed9e8f085f5165a44d
Reviewed-on: https://chromium-review.googlesource.com/1255642
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56343}
We can call FeedbackTypeOf before the switch statement to avoid
generating callsites for every operation. This CL saves 4 KiB binary
size.
Bug: v8:8238
Change-Id: I0f9d7a155e0cec219306ca1fb35f1eb9ff18a36f
Reviewed-on: https://chromium-review.googlesource.com/1254207
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56340}
Don't re-log all existing functions during StartProcessorIfNotStarted().
They will already be in the CodeMap attached to the ProfileGenerator and
re-logging them causes leaks. See the linked bug for more details.
Bug: v8:8253
Change-Id: Ibb1a1ab2431c588e8c3a3a9ff714767cdf61a88e
Reviewed-on: https://chromium-review.googlesource.com/1256763
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56336}
In particular, recognize builtins' values accesses and direct accesses
to external reference values. For example:
REX.W leaq rax,[r13+0x47a0]
REX.W leaq rbx,[r13+0x80b0]
turns into
REX.W leaq rax,[r13+0x47a0] (builtin (RecordWrite))
REX.W leaq rbx,[r13+0x80b0] (external value (Isolate::context_address))
This CL also extends the via-root-register-accessible region to the
whole Isolate object.
Bug: v8:8238
Change-Id: I218d8589690579919cfa01b2f3c3094af0e73c51
Reviewed-on: https://chromium-review.googlesource.com/1251550
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56332}
MIPS architecture doesn't have support for 64-bit atomics.
It is possible to implement them using 32-bit atomics,
but the process is involved and takes time. For the time
being support 64-bit atomics using runtime.
Bug: v8:8100
Change-Id: I8c732ea9975c46be70643a1e722d78938c8a70de
Reviewed-on: https://chromium-review.googlesource.com/1251521
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56331}
This improves the performance on primitive strings of
IterableToListWithSymbolLookup, which implements the
CreateArrayFromIterable bytecode. The fast path is only
taken if the string iterator protector is valid (that is,
String.prototype[Symbol.iterator] and
String.prototype[Symbol.iterator]().next are untouched).
This brings spreading of primitive strings closer to the
performance of the string iterator optimizations.
(see https://docs.google.com/document/d/13z1fvRVpe_oEroplXEEX0a3WK94fhXorHjcOMsDmR-8/).
Bug: chromium:881273, v8:7980
Change-Id: Ic8d8619da2f2afcc9346203613a844f62653fd7a
Reviewed-on: https://chromium-review.googlesource.com/1243110
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56329}
For wasm modules with non-absolute sourceMappingURL, the source needs
to be empty so that devtools can look for the source map at the origin
of the module.
R=clemensh@chromium.org,adamk@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I74c40addc1a7cb1be0442e9f2b272590c0b81f60
Reviewed-on: https://chromium-review.googlesource.com/1250402
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56326}
Following up on the earlier work regarding redundant Smi checks in
https://chromium-review.googlesource.com/c/v8/v8/+/1246181, it was
noticed that the handling of the 0 and -0 and how some operations
identify these is not really consistent, but was still rather ad-hoc.
This change tries to unify the handling a bit by making sure that all
number comparisons generally pass truncations that identify zeros, since
for the number comparisons in JavaScript there's no difference between
0 and -0. In the same spirit NumberAbs and NumberToBoolean should also
pass these truncations, since they also don't care about the differences
between 0 and -0.
Adjust NumberCeil, NumberFloor, NumberTrunc, NumberMin and NumberMax
to pass along any incoming kIdentifiesZeros truncation, since these
operations also don't really care whether the inputs can be -0 if the
use nodes don't care.
Also utilize the kIdentifiesZeros truncation for NumberModulus with
Signed32 inputs, because it's kind of common to do something like
`x % 2 === 0`, where it doesn't really matter whether `x % 2` would
eventually produce a negative zero (since that would still be considered
true for the sake of the comparison).
This also adds a whole lot of tests to ensure that not only are these
optimizations correct, but also that we do indeed perform them.
Drive-by-fix: The `NumberAbs(x)` would incorrectly lower to just `x` for
PositiveIntegerOrMinusZeroOrNaN inputs, which was obviously wrong in
case of -0. This was fixed as well, and an appropriate test was added.
The reason for the unification is that with the introduction of Word64
for CheckBounds (which is necessary to support large TypedArrays and
DataViews) we can no longer safely pass Word32 truncations for the
interesting cases, since the index might be outside the Signed32 or
Unsigned32 ranges, but we still identify 0 and -0 for the sake of the
bounds check, and so it's important that this is handled consistently
to not regress performance on TypedArrays and DataViews accesses.
Bug: v8:8015, v8:8178
Change-Id: Ia1d32f1b726754cea1e5793105d9423d84a6393a
Reviewed-on: https://chromium-review.googlesource.com/1246172
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56325}
TracingCpuProfiler wrapper uses API interrupt to start the profiling
on the Isolate thread. However it could do it before Isolate is
initialized, so the interrupt it requested got lost.
The patch moves TracingCpuProfiler creation after ThreadLocal object
for isolate is initialized.
BUG=v8:8247
Change-Id: I5b0b3d18e017396f9860faeab909abbfab4616df
Reviewed-on: https://chromium-review.googlesource.com/1252762
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56324}
The current Android NDK defines __BIONIC_HAVE_UCONTEXT_T for all
architecures, so the old paths are no longer needed.
Bug: chromium:437330
Change-Id: I6314971e9ee1d78c4b73f8c1b37af7aa6f419b71
Reviewed-on: https://chromium-review.googlesource.com/1252282
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Richard Coles <torne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56322}