There is no particular reason that PropertyDescriptorObject should be a
subclass of FixedArray. By using a separate struct type, we get better
generated accessor functions, automatic verification, and runtime type
info, plus we save four bytes per instance.
Change-Id: If076782832aa9398806794e4ee6d019aea2f92b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999463
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65756}
Note the tricky part in instruction-selector-x64, where we flip the
inputs given to the code generator. This is because the semantics we
want is: v128.andnot a b = a & !b, but the x64 instruction performs
andnps a b = !a & b. Therefore we flip the inputs, and combined with
g.DefineSameAsFirst, the output register will be the same as b, and we
can use andnps without any modifications in both SSE and AVX cases.
Bug: v8:10082
Change-Id: Iff98dc1dd944fbc642875f6306c6633d5d646615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1980894
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65738}
For measuring the time spent in each phase of TurboFan we use
PipelineRunScope that adds a RuntimeCallStats scope with the correct counter.
PipelineRunScope uses the runtimestats table set on the PipelineData to
initialize the RuntimeCallStats scope. We correctly set the runtimestats on
the pipelineData when starting ExecuteJobs but don't set it on PrepareJobs.
This cl fixes it to also set runtimestats table on PrepareJobs. PrepareJobs
always run on main thread, so it should be safe to use the runtimestats table
on the isolate.
Change-Id: Ied211158a10197aabb94373967146089a48c2db0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995386
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65737}
Many binary operations defiend in CodeAssembler check for constants
in the inputs and apply simplification if applicable. This is now
performed by the MachineOperatorReducer in a uniform way. To avoid
code duplication, the premature optimizations in CodeAssembler have
been removed in this CL.
Bug: v8:10021
Change-Id: I9b99f05e4f9ab31ff933f22d62674ee80efee8ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995277
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65707}
This change moves the definitions of the bitfield flags used by Symbol
and Map to Torque. Symbol could directly follow the pattern established
by SharedFunctionInfo, but Map required some other changes:
- Until now, Torque bitfield definitions have required unsigned types. I
thought that this would be the least-surprising behavior, since we
never sign-extend when decoding bitfield values. However, I believe
that the amount of churn involved in making ElementsKind be unsigned
outweighs the benefit we were getting from this restriction (and
similar difficulties are likely to arise in converting other bitfield
structs to Torque), so this CL updates Torque to allow signed bitfield
values.
- If we try to make Map extend from all of the generated classes that
define its flags, we end up with class sizing problems because some
compilers only apply empty base class optimization to the first in a
row of empty base classes. We could work around this issue by
generating macros instead of classes, but I took this as an
opportunity for a minor clean-up instead: rather than having bitfield
definitions for several different bitfield structs all jumbled
together in Map, they can be split up. I think this makes the code a
little easier to follow, but if others disagree I'm happy to implement
macro generation instead.
Change-Id: Ibf339b0be97f72d740bf1daa8300b471912faeba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1988934
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65701}
This change updates CachedTemplateObjectMap, BreakPointInfo, and
BreakPoint to inherit directly from Struct rather than Tuple2 or Tuple3.
It also removes Tuple3 because nothing else used Tuple3. By avoiding
tuple types, we get various benefits that Torque can provide:
- stricter debug verifier functions
- accessors, cast functions, and printers are generated
- BreakPoint and BreakPointInfo have different instance types, so you
can tell them apart at runtime or in a debugger
Change-Id: I9367bc08c6dea55d659fd610f9f6105fd61c907a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1988793
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65668}
When FLAG_noconcurrent_recompilation is turned on we always run on main
thread. So it is safe to derefernce handles when printing the turbofan
graph. We should only add a DCHECK when dereferencing read-only heap
objects when optimizing concurrently.
Bug: chromium:1040444,chromium:1040403
Change-Id: I6bde966690458b1d122611b02e713c581c87f534
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992433
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65659}
We were missing some possible load compressions due to not having these
bitcasts as cases.
Bug: v8:7703
Change-Id: I866196c4fd09d313d3a461cb7f8f80bc92278e13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989830
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65647}
The only one remaining was the one in CSA. Once that was removed, we can
simplify the pipeline.
In order to remove it, we have to update the machine graph verifer so
that Word32Equal can accept Tagged values as well.
Bug: v8:7703
Change-Id: Ia3c4d872babc2005be1b402b4614a6039c59dbf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1987254
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65634}
The optimized code for String.charCodeAt(BigInt.asUintN(64, 10n)) did
not throw a TypeError due to how lowering of CheckBounds triggers
RepresentationChanger.
Bug: chromium:1038573
Change-Id: Ie0f9ca95de5af5fd3701841ab169e11ccc77216c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986003
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65632}
Put the nesting limit of the serializer back to 25.
Bug: chromium:1034768
Change-Id: I7ea827d27241ea930bae40142069bab1962e4133
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981156
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65630}
Currently, the code does not take hint register in preference.
This CL initializes current_free according to initial reg (which maybe hint_reg),
to ensure that any candidate that equals this one won't replace hint register.
Contributed by yolanda.chen@intel.com
Change-Id: I6acc1d031e6b130e69d650667dbf98551c52ff7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1973671
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65628}
The current value of 200 is fine with the TypeScript run time (less than
8s) as long as the limit is checked at an earlier stage, which was
overlooked in the initial implementation.
Fixed: chromium:1038292
Change-Id: Ia512e709a79450eed631f03129ddbbff65fd81b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1985992
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65598}
Set the wasm engine in the {PipelineData} constructor used for JS to
Wasm wrapper compilation, so that the code tracer can be accessed
independently from the isolate.
R=mvstanton@chromium.org
Bug: chromium:1032677
Change-Id: Id26d1695446251e310fe7dbd9cc7b04f8f1ad175
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1973738
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65595}
This limit hangs TypeScript and needs further investigation.
Bug: chromium:1038292
Change-Id: I5270052cb2b357f9f872d6de42a8122cee81b13e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981499
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65568}
In the process:
* Rework the Torque definition of ScopeInfo to enable direct
field-style access of ScopeFlags, removing some dead code in
the process.
* Allow implicit FromConstexpr conversion from subtypes of
'constexpr A' to other types. This makes it possible/easy to
convert constexpr versions of enums to other types, since the
constexpr version of the enum isn't addressable. It's namespace
isn't a valid namespace and is an implementation detail anyway.
* Cleanup LanguageMode: Language mode is now an enum and directly
mirrors the C++-side definition rather than being a Smi. With
the changes above, a new type LanguageModeSmi is introduced
that is the Smi representation of LanguageMode that can be
implicitly casted from constexpr LanguageMode values.
Change-Id: I190412f95e02905f445d149883fbf1f2b8ed757b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977159
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65561}
This enables using the GraphAssembler for Wasm.
Change-Id: Id1f46db6cc05c9de6e878fb062434211a9c390ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977160
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65552}
This reverts commit 91e3243d60.
Reason for revert: This deopts to the wrong point.
Original change's description:
> Extend GetIterator bytecode to perform JSReceiver check on object[Symbol.iterator]()
>
> Current GetIterator bytecode loads and calls @@iterator property on a
> given object. This change extends the bytecode functionality to check
> whether the value returned after calling @@iterator property is a valid
> JSReceiver. The bytecode throws SymbolIteratorInvalid exception if the
> returned value is not a valid JSReceiver. This change absorbs the
> functionality of additional two bytecodes - JumpIfJSReceiver and
> CallRuntime, that are part of the iterator protocol in the GetIterator
> bytecode.
>
> Bug: v8:9489
> Change-Id: I9e84cfe85eeb9a1b8a97ca0595375ac26ba1bbfd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792905
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
> Cr-Commit-Position: refs/heads/master@{#63704}
TBR=rmcilroy@chromium.org,leszeks@chromium.org,tebbi@chromium.org,swapnilgaikwad@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9489
Change-Id: I9324b5b01ead29912ad793a1e7b4d009643d7901
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1960288
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65541}
This uses the Smi-fast-path that was added for i32 values also for f32
and f64. The code was generalized to do the smi-to-wasm-type and
float64-to-wasm-type conversion dependent on the type, and keep the rest
generic.
R=jkummerow@chromium.org
Bug: v8:10070
Change-Id: I42b021dcc99755883cf003579c730675e6d93ff6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1965577
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65539}
This allows the definition of classes with several arrays and ports
SmallOrderedHashTable subclasses to Torque as an example, including
the existing CSA allocation functions for them.
Overview of changes:
- Introduce ResidueClass to encapsulate the modulo-arithmetic
necessary to do alignment checks.
- Add MachineOperatorReducer to the CSA pipeline to address now
missing CSA ad-hoc constant folding that got blocked by a
temporary phi.
- Allow assignments to references to structs. This is needed to
initialize the data_table part of SmallOrderedHashMap.
- Make the NumberLiteralExpression AST-node store a double instead
of a string. This is necessary to detect arrays with constant size
used for padding.
- Turn offsets into base::Optional<size_t> to ensure we don't use
an invalid or statically unknown offset.
- Remove CreateFieldReferenceInstruction since it doesn't work for
complex offset computations and the logic can be expressed better
in ImplementationVisitor.
- Validate alignment of structs embedded in classes.
Bug: v8:10004 v8:7793
Change-Id: Ifa414b42278e572a0c577bf9da3d37f80771a258
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958011
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65538}
This is a reland of 53308bf7c0
Original change's description:
> [csa] use JSGraph to create constants in CodeAssembler
>
> Now that CodeAssembler uses optimizing TurboFan passes, creating
> constants without using the caching implemented in JSGraph leads to
> problems, since value numbering only works properly if all constants
> in the graph were introduced through the cache.
> To mitigate this, this CL creates the JSGraph earlier so that
> CodeAssembler can already use the same JSGraph used by later TurboFan
> optimizations.
> For other uses of RawMachineAssembler, everything stays as before.
>
> This issue is creating bot failures in
> https://chromium-review.googlesource.com/c/v8/v8/+/1958011
>
> Change-Id: Ife017876b19cb2602694279ef1da75f23e18a031
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967329
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65477}
TBR=mslekova@chromium.org
Change-Id: I5c8218ce22470b3efa06d872176c910a4c5325a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977858
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65537}
This CL limits the total number of hints of each type (constants, maps,
etc.) to 50. It also adds a limit to the number of seen functions with
the same SFI and feedback vector to 200. Octane already hits those
limits in DeltaBlue and TypeScript, but that doesn't affect the scores.
Bug: v8:7790
Change-Id: I644519955115c09bfb8ba6d98cf21087b153668d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1975757
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65535}
The instruction selector for these two operations use VisitRROFloat
which uses and operand for the second input (operand1). The codegen
assumes it is a register, which is wrong. This fixes it to be an
operand.
Change-Id: Ic27ba2c0520ba6e15963b01af7593411ec2a34e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958052
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65533}
This change includes templatization of the test helper to allow the
same function to be reused for both signed and unsigned data types.
We implement a new function RoundingAverageUnsigned in overflowing-math,
rather than in base/utils, since the addition could overflow.
SIMD scalar lowering and implementation for other backends will follow
in future patches.
Bug: v8:10039
Change-Id: I70735f7b6536f197869ef1afbccaf5649e7e8448
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958007
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65531}
For Smi, we can avoid calling the ToNumber builtin, and also the
conversion to float and back. This adds some complexity, but greatly
improves performance for parameters that fit in a Smi.
R=jkummerow@chromium.org
Bug: v8:10070
Change-Id: Ic55f17e42ce52811296293f3cd218c850af42961
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1965576
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65525}
After calling the ToNumber builtin, we are guaranteed to get either a
Smi or a HeapNumber. Thus we can skip the check for undefined, which
removes quite some unneeded code from wasm-to-js and js-to-wasm
wrappers.
R=ahaas@chromium.org
Bug: v8:10070
Change-Id: I0e2ad19f1575fb6979222e324fbdb71aaf85e6fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962279
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65520}
This reverts commit 9f18e55ff0.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/29660
Original change's description:
> [TurboFan] Don't serialize read-only heap objects
>
> Read-only heap objects are immutable and immovable. It is safe to access
> these objects directly from the heap. Not having to serialize them
> reduces the time we spend on main thread especially for TurboProp.
>
> Bug: v8:9684
> Change-Id: Ibabb7076af50c9007d2a8ed57fe257406958fb6a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955596
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65490}
TBR=mvstanton@chromium.org,neis@chromium.org,mythria@chromium.org,mslekova@chromium.org
Change-Id: If2d8649cdc083f7d064684352501320a96a1ba2c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1973732
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65492}
Read-only heap objects are immutable and immovable. It is safe to access
these objects directly from the heap. Not having to serialize them
reduces the time we spend on main thread especially for TurboProp.
Bug: v8:9684
Change-Id: Ibabb7076af50c9007d2a8ed57fe257406958fb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955596
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65490}
Add a --max-serializer-nesting flag which defaults to 25.
Fixed: chromium:1034768
Change-Id: Ib68f26ce4bf53db297b25d16a046d275beaec642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1969895
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65486}
This reverts commit 53308bf7c0.
Reason for revert: Fails on multiple arm bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/12441
Original change's description:
> [csa] use JSGraph to create constants in CodeAssembler
>
> Now that CodeAssembler uses optimizing TurboFan passes, creating
> constants without using the caching implemented in JSGraph leads to
> problems, since value numbering only works properly if all constants
> in the graph were introduced through the cache.
> To mitigate this, this CL creates the JSGraph earlier so that
> CodeAssembler can already use the same JSGraph used by later TurboFan
> optimizations.
> For other uses of RawMachineAssembler, everything stays as before.
>
> This issue is creating bot failures in
> https://chromium-review.googlesource.com/c/v8/v8/+/1958011
>
> Change-Id: Ife017876b19cb2602694279ef1da75f23e18a031
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967329
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65477}
TBR=tebbi@chromium.org,mslekova@chromium.org
Change-Id: I6df6782adfb40632f51681942efab9b591f72cab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1969901
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65483}
Now that CodeAssembler uses optimizing TurboFan passes, creating
constants without using the caching implemented in JSGraph leads to
problems, since value numbering only works properly if all constants
in the graph were introduced through the cache.
To mitigate this, this CL creates the JSGraph earlier so that
CodeAssembler can already use the same JSGraph used by later TurboFan
optimizations.
For other uses of RawMachineAssembler, everything stays as before.
This issue is creating bot failures in
https://chromium-review.googlesource.com/c/v8/v8/+/1958011
Change-Id: Ife017876b19cb2602694279ef1da75f23e18a031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967329
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65477}
MapRef::GetStrongValue now returns an Optional to account for the case
where we can't figure out the name of the bound function during
serialization. We could reach out to the heap in the future in this
case.
Fixed: chromium:1034203
Change-Id: I9fa81921b5dbd8bc9f68aa3c10921bc01b695a6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967386
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65470}
The {cmp} instruction might add an entry to the constant pool at a time
where we didn't expect any entries to be added.
This can be fixed by moving the {CheckConstPool} call *after* the {cmp}.
R=mslekova@chromium.org
Bug: chromium:1034394
Change-Id: If075ad0b02e2973a734d70d9e58c205bd14e6a33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967380
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65463}
This is a reland of c924f54ee0
Reason: Added back a bitcast that was supposed to be redundant (but it
wasn't)
Changes can be seen from patchets 1..3.
Original change's description:
> [turbofan][ptr-compr] Remove redundant ChangeTaggedToCompressed
>
> The final goal is to eliminate it altogether. This CL just
> eliminate the redundant ones.
>
> Bug: v8:7703
> Change-Id: If6e718c373fca7c65ce46c347533ec4550fbc444
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950968
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65398}
Bug: v8:7703
Change-Id: I099e67d0255d4ad5529a73b272df893069374136
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1965582
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65454}
Moves the TailCall instruction codes to the start of the enum, and
changes the test for IsTailCall from 4 equality tests to a single
inequality.
Bug: v8:10051
Change-Id: I679d6377161bd4f9a05f6202763d52c0a67b7900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1964075
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65440}
The OutputRegister shouldn't be overwritten, because it may be the same register
as InputRegister(1), which will be used later.
And remove the useless if-else in And32, Or32, Xor32.
Change-Id: I1f944b5b6acd5c183cef537524827b47a8cb0186
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967092
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65438}
Bug: chromium:1029530
Change-Id: I12aa4c238387f6a47bf149fd1a136ea83c385f4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962278
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65434}
operations.
Some 32-bit operations like kMips64And32, kMips64Or32 and kMips64Shr
overwrite the input registers' value by truncates the 64-bit value to
32 bits and sign-extends it,which may conflicts with later operatons
that need the input register's 64-bit value.
Change-Id: I29a5116999f7e851f38bdbcc5b066141a0617589
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928503
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#65426}
This reverts commit fa62140475.
Reason for revert: Still breaks GPU bots like https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/7658
Original change's description:
> Reland "[turbofan][ptr-compr] Remove redundant ChangeTaggedToCompressed"
>
> This is a reland of c924f54ee0
>
> Will split the CL into parts since debugging is really hard for the
> combination of tests + bots that caused the failure.
>
> Relanding the safest part on this first CL.
>
> The difference between the original commit and this one can be seen in
> patchsets 1..2.
>
> Original change's description:
> > [turbofan][ptr-compr] Remove redundant ChangeTaggedToCompressed
> >
> > The final goal is to eliminate it altogether. This CL just
> > eliminate the redundant ones.
> >
> > Bug: v8:7703
> > Change-Id: If6e718c373fca7c65ce46c347533ec4550fbc444
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950968
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#65398}
>
> Bug: v8:7703
> Change-Id: I5ff513a53eebcee6e2412f7ea8b801789476d50f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962277
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65423}
TBR=tebbi@chromium.org,solanes@chromium.org
Change-Id: I60bbf7061a733325e350d749c4adae65305b518c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962862
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65424}
This is a reland of c924f54ee0
Will split the CL into parts since debugging is really hard for the
combination of tests + bots that caused the failure.
Relanding the safest part on this first CL.
The difference between the original commit and this one can be seen in
patchsets 1..2.
Original change's description:
> [turbofan][ptr-compr] Remove redundant ChangeTaggedToCompressed
>
> The final goal is to eliminate it altogether. This CL just
> eliminate the redundant ones.
>
> Bug: v8:7703
> Change-Id: If6e718c373fca7c65ce46c347533ec4550fbc444
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950968
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65398}
Bug: v8:7703
Change-Id: I5ff513a53eebcee6e2412f7ea8b801789476d50f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962277
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65423}
Found by combining dcheck_always_on with is_ubsan on x64.
Change-Id: Ie9bcf2402693aa3752be17421dd485533656df08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962271
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65417}
- Move {function_} and {closure_hints_} out of each {Environment}, as
it's sufficient to only have it in the serializer class.
- Similarly, remove {parameter_count_} and {register_count_} from
{Environment}. To accomodate for that, change implementation of
"dead" environments to be based on a flag.
- Remove {ClearEphemeralHints}. This was called for any bytecode not
recognized by the serializer. I think it makes more sense to just
do nothing at all for those, i.e. keep whatever hints we have.
- Split the magical {ephemeral_hints_} vector into three separate
things for clarity: {accumulator_hints_}, {parameters_hints_}, and
{locals_hints}. Note that we already had {current_context_hints_}.
Bug: v8:7790
Change-Id: Icbe33f500bdbd0f8002570934f59425f49c9de12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958010
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65400}
- Remove CLEAR_ENVIRONMENT_LIST of bytecodes, since clearing the
environment is already the default behavior.
- Address a TODO in Environment::Merge: also merge context hints.
- Don't needlessly clear register hints for InvokeIntrinsic.
Bug: v8:7790
Change-Id: Ibead921002e45ed46c8c1629cae7bb9febf09b90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1952870
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65399}
The final goal is to eliminate it altogether. This CL just
eliminate the redundant ones.
Bug: v8:7703
Change-Id: If6e718c373fca7c65ce46c347533ec4550fbc444
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950968
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65398}
The cache adds a strong pointer from a code object to closures and
thus can leak arbitrary objects.
Bug: chromium:1030043
Tbr: yangguo@chromium.org
Change-Id: I8ce90119fa97eaea59d42e7fae5acd336b5fe5d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954392
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65363}
There was some common code regarding smi tagging and either overflowing
or deopting if the number was too big for 31 bit smis.
Bug: v8:10021
Change-Id: I9cd9e5ff29b06638a10dd0c5a9f72ff13df6d6bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950964
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65352}
Also make return and unconditional jumps kill the environment instead
of clearing it. This was still leftover from before we introduced
liveness and prevented sharing as well.
Bug: v8:7790
Change-Id: Ic79d64c9eaedf608d26e3265d4b27d21f7f3dfe1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948710
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65345}
port 91ee5f0https://crrev.com/c/1925614
Original Commit Message:
[wasm-simd] Implement f64x2 min max for arm
Change-Id: I41b350cdcc9242b2fed6260873dc202367509137
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947690
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65342}
Change-Id: Ia5c6793f22b3eeff3614542e455d46daa76657a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948792
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65324}
Bug: chromium:1029576
Change-Id: If647f764da2682a0f278b9b8060d0665fab1c40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948711
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65312}
I noticed that the generated code from the Torque macro
EnsureArrayLengthWritable included an imul instruction, even though the
inputs to that instruction are both constants. This change adds the
ability for MachineOperatorReducer to get rid of that operation.
Change-Id: Ia2050c888d76f110d1290fd9eab13853c3353a63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941138
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65310}
Replace unsigned extract lane followed by sign extend
as added here https://chromium-review.googlesource.com/c/v8/v8/+/1846711
with a signed extract lane for I8x16 and I16x8.
Change-Id: I5a701417b772d12f5ef038efbb081716bb27e25a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873700
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65307}
The following changes were introduced with the recent proposal update:
- OOB access with 0 length traps
- Double drop of segments is allowed
- Dropped segments are treated like having size 0 (OOB error)
- Active segments are dropped right after initialization
R=ahaas@chromium.org
Change-Id: I4e9fc4d9212841c7d858585c672143f99287520d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946355
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65305}
These hints are different from the rest (they only ever grow) and
there's no need to have them in each environment.
Bug: v8:7790
Change-Id: I56ed9671f602bcb6faba4003d84fee8b1d6e0128
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944156
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65300}
Add serialization of the virtual closures for Function.ptototype.apply
and Function.prototype.call. Also add tests for those.
Bug: v8:7790
Change-Id: I26374009c09958943ef36eae283a270875234e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943155
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65298}
... in order to be in sync with JSNativeContextSpecialization. This
probably doesn't allow any more optimizations but avoids confusing
misses in the broker trace.
Bug: v8:7790
Change-Id: Ia99a5828651468af8450028a351692482c21670c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944155
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65293}
Loop variable analysis doesn't recognize that the initial type of the
loop variable phi combined with the increment type may produce a NaN
result through the addition of two infinities of differing sign.
This leads to unreachable code and a SIGINT crash.
The fix is to consider this case before typing the loop variable phi,
falling back to more conservative typing if discovered.
R=neis@chromium.org
Bug: chromium:1028863
Change-Id: Ic4b5189c4c50c5bbe29e46050de630fd0673de9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946352
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65291}
Each Pipeline phase now declares kRuntimeCallCounterId which is used to
record the runtime stats for the duration of the phase. As a result
some manually instantiated counters are removed.
All counters have the same name as the phase name with the v8.TF prefix
replaced with Optimize. To enforce this, the existing phase_name
declaration in each phase has been replaced with a macro that also
declares the counter id and its mode.
Bug: v8:10006
Change-Id: I836582298b60c30eb794f4c45a8bb16efa17a38e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943161
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65289}
Instead of logging them as "wasm-unnamed" functions, log them as
"wasm-to-js", and append the signature.
This moves and generalizes the {AppendSignature} method that was already
used to produce the signature string for other wrappers.
R=jkummerow@chromium.org
Bug: chromium:1029470
Change-Id: Ic911cb19a49dcbc332bf5a4aa195107522ac6945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946350
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65287}
Replacing a constant BigInt with a constant int64 is only valid
when the use site has truncating semantics. (For non-constant
values, the representation changer did correctly check for this.)
Bug: chromium:1028593
Change-Id: Ib58b16ece6f21ba30153fd6cfa0560cc2d78d6a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940263
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65262}
If the inputs are Unsigned32OrMinusZeroOrNaN and we want to compile for
an Unsigned32 result, we still need to deopt if the RHS is zero (because
that must produce NaN).
Bug: chromium:1028862
Change-Id: Ib5b7cd10f8c4ec9a76b75a2b408729f1ca86ea3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943150
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65260}
The lane indices of S8x16Shuffle will be printed as null-terminated
character array in Operator1's PrintParameter implementation.This patch
add S8x16ShuffleParameter class, override operater<<, print indices as
integer array.
before fix:
Shuffle[\b\t\n^K\f\r^N^O]
after fix:
Shuffle[8,9,10,11,12,13,14,15,0,0,0,0,0,0,0,0]
Change-Id: I421e639f5229d3a5e348868be33f2d8bbfcfd2d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922735
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Auto-Submit: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/master@{#65253}
git cl upload failed since I needed to do a git cl format. Missed that
and uploaded https://chromium-review.googlesource.com/c/v8/v8/+/1940153
without the rename.
Bug: v8:7703
Change-Id: I26090433af86968357eaeecf3e906a9e824647a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940260
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65250}
Due to the ordering of the nodes to be changed, we might change the
ChangeTaggedToCompressed's input before the ChangeTaggedToCompressed
node itself changes. Then, we need to check for this possibility too.
Bug: v8:7703
Change-Id: I2b453211dc264b509f2ea7c0cf891be50f404009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1942607
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65248}
Ports are getting easier now. This one was fairly straightforward.
Bug: v8:9972
Change-Id: I69c0566060523e505e30980cb1d3d9633da976b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940257
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65246}
These node/edge kinds don't fit into the heap object type system; add
wrapper classes for them instead. The wrapper class must be explicitly
created, but is implicitly convertible to Node*.
Bug: v8:9972
Change-Id: Ic6c253a95bb5705fb946ee3f35508ea70c9f0070
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940255
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65244}
This is an initial (and partial) step towards full typing in graph
assembler. It removes all uses of SloppyTNode, starts to introduce
types in the GraphAssembler base class, and makes lambda function
types (for if- and for-builders) more specific.
Plenty of TODOs remain; e.g. checked casts and complete typing of
GraphAssembler are left to follow-up work.
Bug: v8:9972
Change-Id: I780adf83b53ad76beda4726960d95ab6df13e2ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940476
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65241}
A call to this intrinsic will produce true in the interpreter and false
in optimized code. This is useful for writing tests.
Change-Id: I64d06ed062027e723eca82d6f879202244f21fdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939750
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65240}
The last use of the predicate in question was to switch builtins that
implement WebAssembly runtime stubs to use hard aborts instead of normal
aborts like other builtins. This is no longer needed since the builtins
in question are embedded and no longer copied into WebAssembly modules.
This also allows to move the {WASM_RUNTIME_STUB_LIST} macro out of the
builtins-defintions.h file and into the wasm-code-manager.h file.
R=clemensb@chromium.org
BUG=v8:10021
Change-Id: Ib42d3731fc92df378cfce39d39e7fbdbbf722937
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940266
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65238}
Very similar to the recent ArrayPrototypeForEach port, this moves the
Reduce reduction, which previously operated directly on the graph, to
graph assembler.
Nothing too interesting here, but it's becoming clearer that we will
need more flexible Branch (multiple merge values) and If (a `break`
mechanism) handling in the future.
Bug: v8:9972
Change-Id: Ic48c85305ba721a9a43c67f7ad13c60da310487e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934329
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65233}
Even though they don't generate any code, it breaks some pattern
matching when these nodes are present (e.g comparisons with compressed
heap objects).
Bug: v8:7703
Change-Id: I9670c2b4e85b1635061b16d4b125de9ff51fd403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940153
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65227}
This removes the aforementioned untyped method and switches all users to
the typed TNode<> version. Those versions now contain proper checks to
compare the static information against the return count and types stored
in the call descriptor.
R=leszeks@chromium.org
BUG=v8:10021
Change-Id: I393ea6211babc100e007fb1678877d36efa7bbf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939753
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65225}
First this plumbs RuntimeCallStats from the OptimizingCompileDispatcher
down through to PipelineCompilationJob which stashes the
RuntimeCallStats on the PipelineData.
Adds new RCS thread-specific counters: OptimizeAssembleCode and
OptimizeBackgroundAssembleCode which are used in
PipelineImpl::AssembleCode.
Bug: v8:10006
Change-Id: Ieef6d32afddf4b0760e204010b09a85dfec92cf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926030
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65221}
The serializer was missing the opportunity to process calls later
constructed by JSNativeContextSpecialization::InlinePropertySetterCall
and InlinePropertyGetterCall. Added a test to ensure we're not missing
the data anymore.
This drops the "Missing data" warnings when running ARES-6 from 1044
to only 12.
Bug: v8:7790
Change-Id: Ic4b8a4cb2ac3927371b75f22de011b9957502319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937147
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65220}
... in line with VirtualContext and VirtualBoundFunction.
Bug: v8:7790
Change-Id: I454048ab4ddc192780a09017b8b47caf60386098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940247
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65217}
port edd50adhttps://crrev.com/c/1924355
Original Commit Message:
In both ChangeIntPtrToSmi and ChangeInt32ToSmi we can use bitcasts
instead of change nodes for Smi Tagging, when we are using 31 bit
smis in 64 bit architectures with pointer compression enabled.
In ChangeIntPtrToSmi we can ignore the truncation as well.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I309e6c7ba671499f721149e1ea1c8e153fe3b2ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939028
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65215}
ObjectRefs either use the serialized data or access the heap depending
on whether broker mode is disabled or not. This cl changes it to use
the mode of the data and accesses heap for UnserializedHeapObject. This
allows us to access heap for some of the objects (ex: readonly object)
instead of serializing them.
This change shouldn't change any behaviour. In a followup cl, we will
mark readonly objects as UnserializedHeapObjects even when broker mode
is serialized.
Bug: v8:9684
Change-Id: I8775e60ed480957b485c39df254827dd69c655a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937148
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65206}
We want to grow the table entries exponentially, so the entries length
will not reflect the actual size of the table any more. Hence, introduce
another field on {WasmTableObject} to store the actual length.
R=mstarzinger@chromium.orgCC=ecmziegler@chromium.org
Bug: v8:10018
Change-Id: Ie8252f33fddda3ae60dd24bd8db148fd67262226
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939050
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65200}
This enum defined three modes of doing inlining:
kGeneralInlining, kRestrictedInlining, kStressInlining.
kStressInlining was unused. kRestrictedInlining meant
that JSInliningHeuristic::Reduce would return NoChange,
but only after wasting some time inspecting calls. This
is now replaced by simply not installing JSInliningHeuristic
as a reducer when inlining is disabled.
Note: There is still a --stress-inline flag, which sets
(through flag implications) a bunch of parameters that affect
inlining.
Change-Id: I05bafbe3f1f35610d7035a2c71c5ac17bdb80758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936473
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65196}
After landing a few relatively simple ports in preceding work, this CL
ports the more involved Array.prototype.forEach reduction, containing
checkpoints, JS and runtime calls, loops, and exceptions. With the
mechanisms introduced in this change, I'd expect a large chunk of
js-call reductions to be trivially portable.
Newly introduced:
- IfBuilder0 for if-then-else statements (with optional else).
- ForBuilder for for-loop statements.
- MayThrow() for exceptional control flow. Exceptional edges are
automatically merged and wired into the outer graph if necessary.
Bug: v8:9972
Change-Id: I835bf90c5871fbd94a1d12721d44b500fbef75e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921798
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65193}
Make WasmFeatures a proper class which uses an EnumSet under the hood.
This way, it inherits all behaviour of EnumSet like comparison, merge,
etc.
Accesses change from being simple field access into the struct to
actually bit tests in the EnumSet.
R=mstarzinger@chromium.org
Bug: v8:10019
Change-Id: I768f92b90ac0294156f4482defba5ce00bc70165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934334
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65184}
We were abusing of ChangeInt32ToIntPtr since we were using it with Smis
as inputs. The new ChangeTaggedInt32ToSmi takes a smi value in 32 bits
and extends it (if necessary) to 64 bits.
Knowing it's a smi lets us skip the ChangeInt32ToInt64 when we are
using 31 bit smis.
Change-Id: Ibd88127fa8122d4b9f683151469cd37320515b5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921985
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65180}
This flag has had no effect since mid 2017 when its use-site was
accidentally removed (in https://codereview.chromium.org/2902533003).
Change-Id: I81436b064c2664deff781ad6d75ad47937e3fdc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934333
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65172}
after c968607e12 aka r65078.
CheckedTaggedToArrayIndex is the function that's in sync with the
ICs. It does both more (string-to-index conversion) and less (limit
to kMaxSafeInteger) than CheckedTaggedToInt64.
Bug: chromium:1028021
Change-Id: I992b11b8d4c58b4d3f5385b21998f53dd4b235d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934338
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65170}
In both ChangeIntPtrToSmi and ChangeInt32ToSmi we can use bitcasts
instead of change nodes for Smi Tagging, when we are using 31 bit
smis in 64 bit architectures with pointer compression enabled.
In ChangeIntPtrToSmi we can ignore the truncation as well.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I4487ba40ba9fda7b1ab31da95ff7bd144407d02d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924355
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65168}
TurboFan serializes the callee functions when concurrent inlining is
turned on. However, if inlining itself is turned off (for ex: TurboProp)
we don't need to serialize these functions reducing time spent on
main thread.
Bug: v8:9684
Change-Id: If4aba1deb64188e411d4f82b27c475ea93a15344
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932375
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65157}
This brings the number of optimization misses (with concurrent
inlining) in Octane's typescript from 179 down to 3 (the actual
score doesn't seem to change but it's already on par with the
default configuration).
Bug: v8:7790
Change-Id: Ia4ade2eafc035491d3eac9081383c72b435e8df6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924441
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65152}
Change-Id: Iaa3abd6584adf6c844d09a6341bd7fb80fb3d24d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932372
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65149}
Subsequently LookupHolderOfExpectedType should be called only
when we have installed handler code.
Bug: chromium:1024936, v8:7790
Change-Id: I33a0a7232afaba8455a0cec1fdc56251947419d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930905
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65148}
Adds RuntimeStats counters for HeapBrokerInitialization, Serialize,
SerializeMetadata and Finalization phases. These happen only on main thread.
In a followup cl we will also add counters for other phases that could happen
on main thread or background thread.
Earlier RecompileSynchronous was used to measure the time spent in Concurrent,
non Concurrent and Concurrent finalize phases. This cl replaces them with
OptimizeConcurrent, OptimizeNonConcurrent and OptimizeConcurrentFinalize
counters. This cl also renames RecompileConcurrent to OptimizeBackground to
make it clear this measures the background component of optimization.
This also updates names of trace events to be in-sync with RuntimeStat counters.
Bug: v8:9684
Change-Id: Ifda81ce7ab1c659c2df53bab924c51c46f46939b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924439
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65147}
This saves some bytes here and there. Whenever the label is bound just a
few instructions after, we can use a near jump.
R=ahaas@chromium.org
Bug: v8:10005
Change-Id: If2ec596575e1bd88d09fde3fa96ffa8187de542f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930898
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65145}
Allow sharing of hints and modification of shared hints such that
feedback can be propagated to the hints for the corresponding
register, AND all alias registers. Even propagation from an inlined
callee back to the caller is possible.
Bug: v8:7790
Change-Id: I96b3c5e41613efa5711ab758db1c3ef7f7ae6418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914560
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65139}
FunctionBlueprint holds a SharedFunctionInfo, FeedbackVector and a
Hints object that represents what we know about the Context of
the "function-to-be." Since we occasionally synthesize a
FunctionBlueprint object from a JSFunction (when we have it),
it can happen that sometimes the Context hint is a concrete
Context object, and other times it's a VirtualContext, representing
a context created sometime during the bytecode execution of the
function under optimization. Moreover, both such FunctionBlueprints
can exist in the same run due to the vagaries of CALL_IC feedback
(ie, sometimes you have a JSFunction, other times you don't).
More details in doc:
https://docs.google.com/document/d/1F1FxoDzlaYP5l5T6ZcZacV3LCUp5elcez05KWj-Mp78/edit?usp=sharing
Bug: crbug:1024282
Change-Id: Id4055531333b3dcbdb93afd23d9a226728292e11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926151
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65127}
port aafbc13https://crrev.com/c/1900662
Original Commit Message:
[wasm-simd] Implement i64x2 shifts for arm
Change-Id: I036610bdcf8e36879cf7a47fbf6e28034345a945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928499
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65126}
port ea06b01https://crrev.com/c/1925613
Original Commit Message:
[wasm-simd] Implement i64x2 add sub for arm
Also some cleanup reordering of instruction codes.
Change-Id: I151668f4125c46b35b08ddd3640341125f6fdbdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928500
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65124}
This introduces a new keyword "shape" in addition to "class",
which allows the definition of a type that extends a JSObject
subclass and specifies one or several maps with statically
known in-object properties.
Differences compared to normal classes:
- Shapes are transient since they specify maps instead of
instance types.
- Shapes have a known size.
- Fields of shapes are always in-object properties. In particular,
this means that their offset is after kHeaderSize.
- It's forbidden to inherited from shapes.
- Since shapes usually specify NativeContext-dependent maps, it's
not possible to write runtime type-checks for them. Thus this CL
avoids mapping them to their own TNode type, as the CAST macro
won't work properly. We had runtime-checks for some of them
nevertheless, some of them scarily confusing like
IsJSSloppyArgumentsObject, that actually just checked the instance
type.
Drive-by cleanups and simplifications:
- Allow subclassing from non-abstract classes and remove
@dirtyInstantiatedAbstractClass. This attribute stems from a mis-
conception of how instance types work, and with this change it
ceases to have semantic influence.
- Replace the existing JSArgumentsObject subclasses into two shapes.
JSArgumentsObjectWithLength had to be removed since shapes don't
support subclassing.
- Place kHeaderSize correctly for objects with indexed fields.
Design doc:
https://docs.google.com/document/d/1zPy2ZYfNFjeEuw6Mz3YJA-GaPGbdcSYam3SrS7ETzRU
Bug: v8:8944
Change-Id: Iabf185ccd27d0900e0890539a7fe9eaa8bf2d50e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917140
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65108}
port a7b9e58https://crrev.com/c/1900661
Original Commit Message:
[wasm-simd] Implement i64x2 neg for arm
Change-Id: Ia4f52b26e4c3d6e2833b01246bd917d5e62ca79d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924003
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#65103}
InstanceBuilder::LoadTableSegments - Throw RuntimeError instead of
LinkError
WasmGraphBuilder::TableInit & WasmGraphBuilder::MemoryInit - Do not
check for active/dropped status if size == 0
WasmGraphBuilder::MemoryFill - Throw out-of-bounds error BEFORE
attempting any memory operations if necessary
R=ahaas@chromium.org
Bug: v8:9865
Change-Id: I6a67779dc99fdc1c6bda6a2526d0e9ee5385f3ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924442
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65098}
An initial investigation of using GraphAssembler in JSCallReducer.
This CL ports two simple reductions (ReduceMathUnary,
ReduceMathBinary) as well as a slightly more involved reduction with
branching control flow (ReduceStringPrototypeSubstring). The graph
assembler abstracts away the details of maintaining effect and control
edges. Resulting code ends up looking very similar to CSA.
Newly introduced:
- Typing through TNode.
- IfBuilder1 for nicer if-then-else sequences that return exactly 1
value. Future CLs will add more convenience builders that follow this
pattern.
- Many small readability improvements through helper functions.
Bug: v8:9972
Change-Id: Iaa186b76c006e07c8d69a74f340a4912577a32a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914204
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65095}
It could also be a DeadValue.
A regression test will take a while but the fix is straightforward.
Bug: chromium:1027045
Change-Id: I49a66668b7189b7ea7d6d79d514b9e0de3edc966
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928853
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65094}
Also some cleanup reordering of instruction codes.
Bug: v8:9813
Change-Id: I35caad0b84dd5824090046cba964454eac45d5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925613
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65088}
They have to be in sync, so this patch updates both systems.
Bug: v8:4153
Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65078}
This is necessary because the spec changed.
R=mstarzinger@chromium.org
Bug: v8:9865
Change-Id: Id8b4d85eafcf368d591666907036e6aa54664e63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921794
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65072}
When importing a JS function, Wasm tries to guess the type of function
(parameters & strict/sloppy mode). This can sometimes fail which leads
to re-creation of the wrapper. With this change, the same wrapper can
be used for strict and sloppy mode requiring the re-creation only on
arity mismatch.
R=mstarzinger@chromium.org
Change-Id: I77ec2b853153dec0772873cfb60c064a74065732
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921793
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65064}
Bug: v8:9972
Change-Id: Ia85520eea8d3bcadc2573c16bf2778b1c3ff0c5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926028
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65061}
These instructions should always treat inputs as signed, and saturate to
unsigned min/max values.
E.g. given -1, it should saturate to 0.
The spec text,
https://github.com/WebAssembly/simd/blob/master/proposals/simd/SIMD.md#integer-to-integer-narrowing,
has been updated to describe this.
The changes here include codegen changes to ia32, x64, arm, and arm64,
changes to arm simulator, assembler, and disassembler to handle the case
of treating input as signed and narrowing to unsigned. The vqmovn
instruction can handle this case, our assembler wasn't allowing callers
to specify this.
The interpreter and scalar lowering are also fixed with this change.
Bug: v8:9729
Change-Id: I6f72baa825f59037f7754485df6a2964af59fe31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879423
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65051}
This reduction relies on a known object layout of the regexp instance
in order to access the lastIndex field through a statically-determined
offset. Prior to this CL, we checked only for instance types, not for
the map, and thus it was possible to read garbage from either inside
or outside the current object.
Bug: chromium:1024758,v8:7779
Change-Id: I1eec8220797f443bdf3d05804e54f33b21fa2f00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924353
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65039}
This CL implements torque builtins for BigInt subtraction and extends
the compilation pipeline to lower calls to the generic subtraction
to SpeculativeBigIntSubtract and later to BigIntSubtract with
necessary checks in case of BigInt feedback.
The CL also implements lowering of these operators to native machine
word operations on 64 bit architectures if they are used in a
truncating context (aka BigInt.asUintN).
Bug: v8:9407
Change-Id: Idf5da14c380bc7c12375e7f084a3e1c455303f5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895566
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65037}
Drive-by: For more flexibility (e.g. for future IsNull methods), remove
'Constant' from names in the list of constants.
Bug: v8:9972
Change-Id: I66ec64c30cb397641d77cd26b514e8ac52763e16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924348
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65030}
... by disallowing checkpoint elimination across function boundaries.
See the comment in checkpoint-elimination.cc and the tests for details.
Bug: v8:9945
Change-Id: Ibf4ab6f0e4e709e26d3c4428a082ef45dcbeb8b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906208
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65027}
We recently extended function-entry stack checks by an offset
representing the difference in optimized and unoptimized frame sizes,
with the intent of avoiding stack overflows during deopts. Although
the generated code is very efficient (just a single additional
register subtraction, executed exactly once per call), perf impact
is measurable.
To avoid the overhead in most cases, this CL adds a stack slack,
currently set to 256 bytes, by which deopts are allowed to exceed the
real V8 stack limit. For function-entry stack checks with an offset
less than stack slack, the offset is not applied and the more
efficient version of the stack check is emitted.
The V8 limit is chosen to be smaller than OS stack size (assumed to
be at least 1 MB). This guarantee is upheld even with slack.
Bug: chromium:1020989,v8:9534
Change-Id: Idee2e7ad1fa7810bf086a9f72ce00a9717010310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910099
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65025}
This implements the rest of the load extend instructions:
- i32x4.load16x4_s
- i32x4.load16x4_u
- i64x2.load32x2_s
- i64x2.load32x2_u
Bug: v8:9886
Change-Id: I4649f77bae5224042a1628d9f0498c050b1e599d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903812
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65017}
At least under some circumstances (GCC 6 with x64 Linux for me),
the code in `serializer-for-background-compilation.cc` guarded by
`ENABLE_SLOW_DCHECKS` attempts to use `std::iterator_traits` on the
`FunctionalList`, which previously failed compilation because
the standard iterator member types were unavailable.
This adds these members.
Refs: https://chromium-review.googlesource.com/c/v8/v8/+/1800578
Change-Id: Ifece423fce31d98777c6a65ef442623c321ecba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921800
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65014}
For many subclasses of JSObject, we used kSize instead of kHeaderSize
even though they can contain in-object properties. In fact, kSize
was very much used as the header size, as can be seen in many examples
in this CL.
This change is a preparation for a for a cleanup of how Torque
generates field offsets.
TBR=hpayer@chromium.org
Change-Id: I350e996057cd66c427381334080f8ac93de88597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917141
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65013}
The serialization of Construct was accidentally using the wrong hints
for the receiver. Also, the recursion in ProcessCallOrConstruct was
not quite right: for example, it overwrote the accumulator hints in
each recursion.
With this CL the Octane raytrace score for --concurrent-inlining is
back to the default configuration's score.
Bug: v8:7790
Change-Id: I501c9cc0b0c8de04520742b9c6b392a4a732bf78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921789
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65011}
That warning about missing data was sometimes printed even
when nothing was missing.
(Also drop an outdated TODO.)
Bug: v8:7790
Change-Id: I9550b3237c87b7b0e59f740c34b13d3e38d8d36e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917153
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65010}
This makes sure that the {WasmGraphBuilder} properly detects the
presence of Simd128 global.get and global.set opcodes and triggers
scalar lowering on architectures without Simd128 support.
R=clemensb@chromium.org
TEST=cctest/test-run-wasm-simd/RunWasm_S128Globals
BUG=v8:9973
Change-Id: I1538bd1d3fea40cc78e82b125d4f113842faf68a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917148
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65002}
This reverts commit a9ea67d4bb.
Reason for revert: Regressions https://crbug.com/1025160.
Original change's description:
> Reland "[regalloc] Use an adaptive data structure for live sets"
>
> This is a reland of b3d748a282
>
> Original change's description:
> > [regalloc] Use an adaptive data structure for live sets
> >
> > Live sets represent sets of live virtual registers at block entry and
> > exit points. They are usually sparsely populated; for example, a sample
> > taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> > 10% or less.
> >
> > Prior to this CL, live sets were implemented as a statically-sized bit
> > vector. This is fine for low-ish virtual register counts, but becomes
> > wasteful at higher numbers.
> >
> > This CL attempts to address this issue through an adaptive
> > implementation. Small live sets remain bit vectors, while larger sets
> > switch to a PersistentMap-based implementation. PersistentMap has very
> > memory-efficient add/remove/copy operations.
> >
> > Of course, with adaptive data structures we enter the territory of
> > parameter fiddling. In this case, two parameters are used:
> > kMaxSmallSetSize controls when to switch implementations, and
> > kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> > deleted entries in the map) sets in.
> >
> > On the (degenerate) test case from the linked bug, the register
> > allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> > I expect savings on the order of 10s of KB.
> >
> > Bug: v8:9574
> > Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64872}
>
> Bug: v8:9574
> Change-Id: I5a95d56c33a98cc5c6c58ff9308314e2eefa462c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910953
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64950}
TBR=jgruber@chromium.org,tebbi@chromium.org,thibaudm@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9574,chromium:1025160
Change-Id: I177d64eed588cd09c999e15b04d37630c2c6538b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918255
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64998}
Bug: v8:7790
Change-Id: Ibfc83828c8677901caa4e04e2b88915ddabeed49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918245
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64984}
utils.h itself is fairly large and contains lots of unrelated functions
as well as having a fair number of dependencies itself, so this splits
bounds checking and bit field operations into their own headers in base
and replaces uses of utils.h with the more appropriate header where
possible. (Also fixes some cases where other headers were previously
brought in transitively).
Bug: v8:9810, v8:8912
Change-Id: I76c53f953848a57e2c5bfad6ce45abcd6d2a4f1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916604
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64983}
This makes sure that the {WasmGraphBuilder} properly detects the
presence of Simd128 loads and store opcodes and triggers then scalar
lowering of the graph on architectures that don't support Simd128.
R=clemensb@chromium.org
TEST=mjsunit/wasm/exceptions-simd
BUG=v8:9973
Change-Id: I118f72135ddc9011efa3f75aaf120bb67e708d8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916605
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64964}
When debugging CSA builtins, it's useful to place a 'DebugBreak();' in the
code. However, the instruction scheduler re-orders instructions around it which
can be a little frustrating.
Change-Id: Ic4288bbc24e78987c7cbf3616e80cf5915f474c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916602
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#64963}
This removes {CPURegister::Is} and {CPURegister::is}, and just uses
{CPURegister::operator==} instead.
Drive-by: Use DCHECK_EQ and DCHECK_NE where possible.
R=mstarzinger@chromium.org
Bug: v8:9810
Change-Id: I03aad8b4223bd4ae37d468326a734f7a5c3c8061
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916202
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64956}
This is a reland of b3d748a282
Original change's description:
> [regalloc] Use an adaptive data structure for live sets
>
> Live sets represent sets of live virtual registers at block entry and
> exit points. They are usually sparsely populated; for example, a sample
> taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> 10% or less.
>
> Prior to this CL, live sets were implemented as a statically-sized bit
> vector. This is fine for low-ish virtual register counts, but becomes
> wasteful at higher numbers.
>
> This CL attempts to address this issue through an adaptive
> implementation. Small live sets remain bit vectors, while larger sets
> switch to a PersistentMap-based implementation. PersistentMap has very
> memory-efficient add/remove/copy operations.
>
> Of course, with adaptive data structures we enter the territory of
> parameter fiddling. In this case, two parameters are used:
> kMaxSmallSetSize controls when to switch implementations, and
> kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> deleted entries in the map) sets in.
>
> On the (degenerate) test case from the linked bug, the register
> allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> I expect savings on the order of 10s of KB.
>
> Bug: v8:9574
> Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64872}
Bug: v8:9574
Change-Id: I5a95d56c33a98cc5c6c58ff9308314e2eefa462c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910953
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64950}
This reverts commit 4d1b7af7b1.
Reason for revert: Broke clusterfuzz asan build
Original change's description:
> [turbofan][64] Remove Smi Untagging extra nodes for 31 bit smis
>
> There are some cases where we can ignore some truncations or
> change nodes for Smi Untagging, when we are using 31 bit smis
> in 64 bit architectures.
>
> Updated DecompressionOptimizer to match the new pattern.
>
> Change-Id: I89d34407e6f780ec0399cd427cf9d3e24ee5669a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889877
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64909}
TBR=jgruber@chromium.org,tebbi@chromium.org,solanes@chromium.org
Bug: chromium:1023972
Change-Id: I7773455a970a11c345a020c1421c961314c8eb5c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914202
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64930}
When simulating bytecode, we store the current environment at the
site of the appropriate catch handler when entering a try range.
If the start of the try range is dead, we don't bother to store
an environment. However, generators can create alive regions
inside the try range. At such moments, we should recognize
we're in a try range and store the environment for the handler.
Bug: chromium:1017159
Change-Id: Icccc2ccf530895099bc62b97d9aaec8b97d5f4e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879247
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64929}
port 80dc6a3https://crrev.com/c/1903445
Original Commit Message:
[ptr-compr] Remove CompressedSigned MachineRepresentation
Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
bits used. This renders CompressedSigned useless.
Change-Id: I3d656752bb81a09bd3985bd39ab9f656504f4da1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1911268
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64925}
This reverts commit 75a6132505.
Reason for revert: Fails arm64 gc stress (see bisect): https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/16691
Original change's description:
> [turbofan] Simplified LowerCheckedInt(32|64)ToTaggedSigned
>
> Merge duplicate LowerCheckedInt32ToTaggedSigned code.
>
> Skip ChangeInt32ToInt64:
> * In 32 bit archs, ChangeInt32ToInt64 is a no-op.
> * In 64 bit archs with 31 bit smis and smi corrupting enabled,
> ChangeInt32ToIntPtr can be skipped. This is because it would only
> change the upper bits, and those upper bits are not significant
> since we are smi-corrupting.
>
> Change-Id: Ia217773fc7fccdd6227f66fbd600326ebbe9b86d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893193
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64906}
TBR=jgruber@chromium.org,tebbi@chromium.org,solanes@chromium.org
Change-Id: I6586a6f226537acba988afa1be7454c2c3e6ee54
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910955
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64915}
This reverts commit b3d748a282.
Reason for revert: Regressions, see https://crbug.com/1023423.
Original change's description:
> [regalloc] Use an adaptive data structure for live sets
>
> Live sets represent sets of live virtual registers at block entry and
> exit points. They are usually sparsely populated; for example, a sample
> taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> 10% or less.
>
> Prior to this CL, live sets were implemented as a statically-sized bit
> vector. This is fine for low-ish virtual register counts, but becomes
> wasteful at higher numbers.
>
> This CL attempts to address this issue through an adaptive
> implementation. Small live sets remain bit vectors, while larger sets
> switch to a PersistentMap-based implementation. PersistentMap has very
> memory-efficient add/remove/copy operations.
>
> Of course, with adaptive data structures we enter the territory of
> parameter fiddling. In this case, two parameters are used:
> kMaxSmallSetSize controls when to switch implementations, and
> kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> deleted entries in the map) sets in.
>
> On the (degenerate) test case from the linked bug, the register
> allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> I expect savings on the order of 10s of KB.
>
> Bug: v8:9574
> Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64872}
TBR=jgruber@chromium.org,tebbi@chromium.org,thibaudm@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9574
Change-Id: I5d684198f9c4575a0c892076459cc2c20dce9aec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910944
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64912}
There are some cases where we can ignore some truncations or
change nodes for Smi Untagging, when we are using 31 bit smis
in 64 bit architectures.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I89d34407e6f780ec0399cd427cf9d3e24ee5669a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889877
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64909}
Merge duplicate LowerCheckedInt32ToTaggedSigned code.
Skip ChangeInt32ToInt64:
* In 32 bit archs, ChangeInt32ToInt64 is a no-op.
* In 64 bit archs with 31 bit smis and smi corrupting enabled,
ChangeInt32ToIntPtr can be skipped. This is because it would only
change the upper bits, and those upper bits are not significant
since we are smi-corrupting.
Change-Id: Ia217773fc7fccdd6227f66fbd600326ebbe9b86d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893193
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64906}
Instead of changing all of TryToName to do the conversion to array
index, this patch narrows this fast path just to the element load IC
handler.
This patch also restores the HeapNumber conversion in TryToIntPtr and
in Turbofan inlining as per the original state of things.
Bug: v8:9449, chromium:1016738, chromium:1016709
Change-Id: Ibf3a2c38637fc36e0ee037dc740f273848d1e8a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1902386
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64896}
When the serializer encounters a JSConstruct, it now serializes the
initial map of the new_target to enable further opitmizations in
JSNativeContextSpecialization.
Add regression tests as well.
Bug: v8:7790
Change-Id: Ifab2b58c64a341744e833ed063e9695d74a5cdce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900457
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64886}
Port 6e90f2f292
Original Commit Message:
Including but not limiting to removing:
* BitcastCompressedXXX
* CheckedCompressedXXX
* ChangeXXXToCompressedYYY
* ChangeCompressedXXX
As a note, ChangeTaggedToCompressed can't be removed just yet as it
is still in use.
R=solanes@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I0974b300654f61d152ea65016a0e278ea4ba1b60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907440
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64885}
Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
bits used. This renders CompressedSigned useless.
Bug: v8:7703
Change-Id: Id59aaebc24d670ed32c483ceecf77fd194405ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903445
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64883}
Including but not limiting to removing:
* BitcastCompressedXXX
* CheckedCompressedXXX
* ChangeXXXToCompressedYYY
* ChangeCompressedXXX
As a note, ChangeTaggedToCompressed can't be removed just yet as it
is still in use.
Bug: v8:7703
Change-Id: I98cf88a32adfa976d419e69702d1cac4d3e811a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903435
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64880}
I changed the verification algorithm of switch nodes from a quadratic
algorithm to a linear one. On my machine this speeds up the test from
17 seconds to 2 seconds in the x64.optdebug build.
R=mslekova@chromium.org
Bug: v8:9810
Change-Id: I952d3fcc641b4e269b8ebac8f65fe545c6062587
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905768
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64877}
Live sets represent sets of live virtual registers at block entry and
exit points. They are usually sparsely populated; for example, a sample
taken from Octane2 shows 80% of sampled live sets with a fill ratio of
10% or less.
Prior to this CL, live sets were implemented as a statically-sized bit
vector. This is fine for low-ish virtual register counts, but becomes
wasteful at higher numbers.
This CL attempts to address this issue through an adaptive
implementation. Small live sets remain bit vectors, while larger sets
switch to a PersistentMap-based implementation. PersistentMap has very
memory-efficient add/remove/copy operations.
Of course, with adaptive data structures we enter the territory of
parameter fiddling. In this case, two parameters are used:
kMaxSmallSetSize controls when to switch implementations, and
kMaxDeletionsBeforePrune controls when pruning (= managing the # of
deleted entries in the map) sets in.
On the (degenerate) test case from the linked bug, the register
allocation zone shrinks from 1008MB to 475MB. For more realistic cases
I expect savings on the order of 10s of KB.
Bug: v8:9574
Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64872}
port b6edadchttps://crrev.com/c/1872930
Original Commit Message:
[wasm-simd] Implement f64x2 comparisons for arm
Change-Id: If0fab2307a7f6da75f27ecd90cef6e15945214dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903290
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#64868}
{WhichPowerOf2} is basically the same as {CountTrailingZeros}, with a
restriction to powers of two. Since it does not use or depend on any v8
internals, it can be moved to src/base/bits.h.
This CL also changes the implementation to use the CTZ builtin if
available, and falls back to popcnt otherwise.
Drive-by: Make it constexpr, and rename to {WhichPowerOfTwo}.
R=sigurds@chromium.org
Bug: v8:9810, v8:8912
Change-Id: I8368d098f9ab1247f3b9f036f1385a38de10cc6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903966
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64851}
Since the turbo_decompression_elimination flag is removed, there
are several methods in machine-type.h that get simplified, e.g
TypeCompressedTaggedPointer() can be replaced by just
"TaggedPointer()".
Also Removing the creation of Change to/from Compressed nodes.
Removing these Change nodes' logic is left to a follow-up CL.
Bug: v8:7703
Change-Id: Iff1f9aa8361189cf781a26317fd342b942fd5aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1897537
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64834}
Introduce new operator LoadTransform that holds a LoadTransformInfo param,
which describes the kind of load (normal, unaligned, protected), and a
transformation (splat or extend, signed or unsigned).
We have a new method that a full decoder needs to implement, LoadTransform,
which resuses the existing LoadType we have, but also takes a LoadTransform,
to distinguish between splats and extends at the decoder level.
This implements 4 out of the 10 suggested load splat/extend operations
(to keep the cl smaller), and is also missing interpreter support (will
be added in the future).
Change-Id: I1e65c693bfbe30e2a511c81b5a32e06aacbddc19
Bug: v8:9886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863863
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64819}
For now, both are implemented via a C call, just like i32_rol and
i32_ror. If they turn out to be critical for performance, we can still
implement them via hardware instructions on selected platforms.
R=jkummerow@chromium.org
Bug: v8:9919
Change-Id: I16affdfe397a08ef6a51d310f018b3a099e80e44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900454
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64816}
There is at least one case where a Load output flows into an
In32LessThanOrEqual node without any bitcasts or truncations in the
middle. We have to consider these cases in the reducer.
Bug: v8:7703
Change-Id: I1ed9c41e80c0603fd287d096c3050c5ae27c2b3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879945
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64811}
Previously we were only blocking verify_stub_graph and not
FLAG_turbo_verify_machine_graph. This led to failures when
FLAG_turbo_verify_machine_graph was active (e.g when it was set to
"*").
Change-Id: I27b53f0bc1b544498d1d182903301347e5669013
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893339
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64806}
Phis act as proxys: a phi's input has only 32 bits observed iff
the phi's output has only 32 bits observed. When the Tagged Phi
has only 32 bits observed, the Phi's MachineRepresentation
changes to the Compressed counterpart.
Also, update machine graph verifier so that Phis of Compressed
accept Tagged inputs as well.
Bug: v8:7703
Change-Id: I365d0b38f76edbaecbfea29f603abd2ce2224878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879943
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64802}
The bug is due to an unexpected opcode. To avoid similar issues in the future, we fallback to CheckContextExtensionSlowPath. This was the default behaviour before the CL (https://chromium-review.googlesource.com/c/v8/v8/+/1876051).
Bug: chromium:1020983
Change-Id: Ia7f0f2986ec0008d1128ad3856efbb5d9e52dfc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899989
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64794}
This removes the feature that we log precise information about
functions and scripts in "v8.compile", since it comes at a
significant cost and is not going to be used anytime soon. If
we ever decide that we need this, we will have to come up with
a cheaper way of doing this.
Fixed: v8:9874
Tbr: yangguo@chromium.org
Bug: v8:8598, v8:9039, v8:9325, v8:9874
Change-Id: I3481570b6fda2a050f05d2ae84cf3e9245f67d52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1898652
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64783}
When running the tests with --turbo-stress-instruction-scheduling, there are
crashes in the cases where there is no isolate, since we used the random
generator from the isolate. This change introduces a RandomNumberGenerator to
the instruction scheduler instead.
We use the value from --random-seed for seeding the random number generator.
We don't treat a zero value specially, as the feature is meant to be used with
the test system which always sets a random seed and doesn't rely on default
behaviour. This also means that the instruction scheduler will always produce
the same result for the same input within the same run, which fixes another
issue with the x64 jump optimisation: when that optimisation is enabled, the
backend is ran twice, and previously it was producing a different schedule
each time, thus collecting incorrect jump information.
Bug: v8:9884
Change-Id: I00394a7e50d0c502254b18490ebaf28a38d8f819
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895555
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#64769}
port 4664840https://crrev.com/c/1871605
Original Commit Message:
CallDebugOnFunctionCall was always using Registers and not Immediates.
Then ParameterCount is not really needed. Since updating that, we
could update other functions, e.g InvokeFunction, to only use
registers too.
Also removed now irrelevant variables, e.g definitely_mismatches.
[mips][codegen] Removed ParameterCount class
port 1e69689https://crrev.com/c/1886916
Original Commit Message:
It was used only with Register inputs, so we can replace its uses with
the Registers themselves.
Change-Id: I0a661519f5602bf4d52c40c6c238436b93b71664
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1898826
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64753}
Change builtin calls in wasm-compiler.cc to use CallBuiltinPointer
rather than CallCodeObject which means they bypass the trampoline.
Since the Code objects are no longer being called, remove them from the
executable Code object allow-list in builtins.cc.
Bug: v8:9338
Change-Id: I9835bab859c4d5e45dbfb4c7a339ccf74e719237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893337
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64744}
Now that embedded builtins are mandatory and non-embedded builtins no
longer need to be supported, it is safe to embed the target of the
CEntry builtin directly into WebAssembly runtime stubs. This produces
more efficient code and simplifies the runtime stubs.
R=clemensb@chromium.org
Change-Id: If2f91fa733edc266af3a204ac17ff36e4c0b41a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895567
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64739}
Changing the target of JSCall nodes (e.g. while lowering higher order calls)
now preserves feedback and speculation mode to allow further (speculative)
optimizations. A flag is introduced to mark feedback unrelated to the call
target after such a transformation. This flag is used to prevent access to
the feedback without the need to invalidate it.
Bug: v8:9702
Change-Id: I311d3a4b1b22d6f65e5837a23b0b7585c8d75eed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844788
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64733}
Relevant opcodes:
* kFrameState
* kStateValues
* kTypedStateValues
The code to decompress CompressedHeapConstants is not there for the
opcodes stated above. We can only do this optimization for Loads
for the moment.
Bug: v8:7703
Change-Id: I226089f1b2b78d0bd742785c7c9924284a97c72d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879942
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64732}
This fixes a compilation error in Node.js with Xcode:
initialize the const member 'blueprint_'.
error: constructor for 'v8::internal::compiler::Callee' must explicitly
Change-Id: Ia55398428d0de35a9ad5132eabd22d0adb694514
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895561
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64719}
Port b875f4661a
Original Commit Message:
Reland "[compiler] Optionally apply an offset to stack checks"
This is a reland of 4a16305b65
The original CL adjust only one part of the stack check, namely the
comparison of the stack pointer against the stack limit in generated code.
There is a second part: Runtime::kStackGuard repeats this check to
distinguish between a stack overflow and an interrupt request.
This second part in runtime must apply the offset just like in generated
code. It is implemented in this reland by the StackCheckOffset operator
and a new StackGuardWithGap runtime function.
Original change's description:
> [compiler] Optionally apply an offset to stack checks
>
> The motivation behind this change is that the frame size of an optimized
> function and its unoptimized version may differ, and deoptimization
> may thus trigger a stack overflow. The solution implemented in this CL
> is to optionally apply an offset to the stack check s.t. the check
> becomes 'sp - offset > limit'. The offset is applied to stack checks at
> function-entry, and is set to the difference between the optimized and
> unoptimized frame size.
>
> A caveat: OSR may not be fully handled by this fix since we've already
> passed the function-entry stack check. A possible solution would be to
> *not* skip creation of function-entry stack checks for inlinees.
>
> This CL: 1. annotates stack check nodes with the stack check kind, where
> kind is one of {function-entry,iteration-body,unknown}. 2. potentially
> allocates a temporary register to store the result of the 'sp - offset'
> in instruction selection (and switches input registers to 'unique'
> mode). 3. Applies the offset in code generation.
>
> mode). 3. Applies the offset in code generation.
>
> Drive-by: Add src/compiler/globals.h for compiler-specific globals.
>
> Bug: v8:9534,chromium:1000887
> Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63701}
Change-Id: I77554bddde57153ec92c4b80c15d0a52efbaab2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893554
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mu Tao <pamilty@gmail.com>
Cr-Commit-Position: refs/heads/master@{#64718}
The {SetTraceValue} method was only defined for a set of integer types,
which sometimes lead to ambiguities when using types like {size_t},
{unsigned long} or the like (see https://crrev.com/c/1886912/1).
This CL fixes that by providing a method accepting any integer type.
It also changes the existing methods to avoid the "cast via union"
idiom, and uses memcpy instead.
R=petermarshall@chromium.org
Bug: v8:9810
Change-Id: I1530405640dc6cb0058153a8dbb860c7f3727ac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886918
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64710}
There is some duplication in the AVX definitions, which will be cleaned
up in a future change.
Bug: v8:9561
Change-Id: I78b134f536ec47d45c0a56f653148e8925f7def6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893359
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64706}
Previously only Builtins declared TFJ or CPP in builtins-definitions.h
were converted to direct calls in ReduceJSCall. This allows all
builtins with JS linkage to be converted. To facilitate this, it adds
Builtins::HasJSLinkage(id) that returns true for any builtins with
JSTrampolineDescriptor as their call descriptor.
It also ensures that any JS functions installed by the bootstrapper are
also required to have JS linkage to catch early errors.
Change-Id: I2fddca41f9ab1c7c9633aa0ab4847a5c108e2bb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883549
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64698}
This gets rid of a bunch of compiler warnings with MSVC.
Change-Id: I73440f0d203603fe39a2408d2b9cc647700aa5fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893334
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#64692}
Implement the possibility to revisit the same function in the
serializer using equality of its arguments.
Bug: v8:7790
Change-Id: I609a6009bf503e378e50d0b32c6f1c13721d2557
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863198
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64683}
