This reverts commit 9f18e55ff0.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/29660
Original change's description:
> [TurboFan] Don't serialize read-only heap objects
>
> Read-only heap objects are immutable and immovable. It is safe to access
> these objects directly from the heap. Not having to serialize them
> reduces the time we spend on main thread especially for TurboProp.
>
> Bug: v8:9684
> Change-Id: Ibabb7076af50c9007d2a8ed57fe257406958fb6a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955596
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65490}
TBR=mvstanton@chromium.org,neis@chromium.org,mythria@chromium.org,mslekova@chromium.org
Change-Id: If2d8649cdc083f7d064684352501320a96a1ba2c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1973732
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65492}
Read-only heap objects are immutable and immovable. It is safe to access
these objects directly from the heap. Not having to serialize them
reduces the time we spend on main thread especially for TurboProp.
Bug: v8:9684
Change-Id: Ibabb7076af50c9007d2a8ed57fe257406958fb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955596
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65490}
Add a --max-serializer-nesting flag which defaults to 25.
Fixed: chromium:1034768
Change-Id: Ib68f26ce4bf53db297b25d16a046d275beaec642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1969895
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65486}
This reverts commit 53308bf7c0.
Reason for revert: Fails on multiple arm bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/12441
Original change's description:
> [csa] use JSGraph to create constants in CodeAssembler
>
> Now that CodeAssembler uses optimizing TurboFan passes, creating
> constants without using the caching implemented in JSGraph leads to
> problems, since value numbering only works properly if all constants
> in the graph were introduced through the cache.
> To mitigate this, this CL creates the JSGraph earlier so that
> CodeAssembler can already use the same JSGraph used by later TurboFan
> optimizations.
> For other uses of RawMachineAssembler, everything stays as before.
>
> This issue is creating bot failures in
> https://chromium-review.googlesource.com/c/v8/v8/+/1958011
>
> Change-Id: Ife017876b19cb2602694279ef1da75f23e18a031
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967329
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65477}
TBR=tebbi@chromium.org,mslekova@chromium.org
Change-Id: I6df6782adfb40632f51681942efab9b591f72cab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1969901
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65483}
Now that CodeAssembler uses optimizing TurboFan passes, creating
constants without using the caching implemented in JSGraph leads to
problems, since value numbering only works properly if all constants
in the graph were introduced through the cache.
To mitigate this, this CL creates the JSGraph earlier so that
CodeAssembler can already use the same JSGraph used by later TurboFan
optimizations.
For other uses of RawMachineAssembler, everything stays as before.
This issue is creating bot failures in
https://chromium-review.googlesource.com/c/v8/v8/+/1958011
Change-Id: Ife017876b19cb2602694279ef1da75f23e18a031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967329
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65477}
MapRef::GetStrongValue now returns an Optional to account for the case
where we can't figure out the name of the bound function during
serialization. We could reach out to the heap in the future in this
case.
Fixed: chromium:1034203
Change-Id: I9fa81921b5dbd8bc9f68aa3c10921bc01b695a6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967386
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65470}
The {cmp} instruction might add an entry to the constant pool at a time
where we didn't expect any entries to be added.
This can be fixed by moving the {CheckConstPool} call *after* the {cmp}.
R=mslekova@chromium.org
Bug: chromium:1034394
Change-Id: If075ad0b02e2973a734d70d9e58c205bd14e6a33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967380
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65463}
This is a reland of c924f54ee0
Reason: Added back a bitcast that was supposed to be redundant (but it
wasn't)
Changes can be seen from patchets 1..3.
Original change's description:
> [turbofan][ptr-compr] Remove redundant ChangeTaggedToCompressed
>
> The final goal is to eliminate it altogether. This CL just
> eliminate the redundant ones.
>
> Bug: v8:7703
> Change-Id: If6e718c373fca7c65ce46c347533ec4550fbc444
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950968
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65398}
Bug: v8:7703
Change-Id: I099e67d0255d4ad5529a73b272df893069374136
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1965582
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65454}
Moves the TailCall instruction codes to the start of the enum, and
changes the test for IsTailCall from 4 equality tests to a single
inequality.
Bug: v8:10051
Change-Id: I679d6377161bd4f9a05f6202763d52c0a67b7900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1964075
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65440}
The OutputRegister shouldn't be overwritten, because it may be the same register
as InputRegister(1), which will be used later.
And remove the useless if-else in And32, Or32, Xor32.
Change-Id: I1f944b5b6acd5c183cef537524827b47a8cb0186
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967092
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65438}
Bug: chromium:1029530
Change-Id: I12aa4c238387f6a47bf149fd1a136ea83c385f4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962278
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65434}
operations.
Some 32-bit operations like kMips64And32, kMips64Or32 and kMips64Shr
overwrite the input registers' value by truncates the 64-bit value to
32 bits and sign-extends it,which may conflicts with later operatons
that need the input register's 64-bit value.
Change-Id: I29a5116999f7e851f38bdbcc5b066141a0617589
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928503
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#65426}
This reverts commit fa62140475.
Reason for revert: Still breaks GPU bots like https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/7658
Original change's description:
> Reland "[turbofan][ptr-compr] Remove redundant ChangeTaggedToCompressed"
>
> This is a reland of c924f54ee0
>
> Will split the CL into parts since debugging is really hard for the
> combination of tests + bots that caused the failure.
>
> Relanding the safest part on this first CL.
>
> The difference between the original commit and this one can be seen in
> patchsets 1..2.
>
> Original change's description:
> > [turbofan][ptr-compr] Remove redundant ChangeTaggedToCompressed
> >
> > The final goal is to eliminate it altogether. This CL just
> > eliminate the redundant ones.
> >
> > Bug: v8:7703
> > Change-Id: If6e718c373fca7c65ce46c347533ec4550fbc444
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950968
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#65398}
>
> Bug: v8:7703
> Change-Id: I5ff513a53eebcee6e2412f7ea8b801789476d50f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962277
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65423}
TBR=tebbi@chromium.org,solanes@chromium.org
Change-Id: I60bbf7061a733325e350d749c4adae65305b518c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962862
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65424}
This is a reland of c924f54ee0
Will split the CL into parts since debugging is really hard for the
combination of tests + bots that caused the failure.
Relanding the safest part on this first CL.
The difference between the original commit and this one can be seen in
patchsets 1..2.
Original change's description:
> [turbofan][ptr-compr] Remove redundant ChangeTaggedToCompressed
>
> The final goal is to eliminate it altogether. This CL just
> eliminate the redundant ones.
>
> Bug: v8:7703
> Change-Id: If6e718c373fca7c65ce46c347533ec4550fbc444
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950968
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65398}
Bug: v8:7703
Change-Id: I5ff513a53eebcee6e2412f7ea8b801789476d50f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962277
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65423}
Found by combining dcheck_always_on with is_ubsan on x64.
Change-Id: Ie9bcf2402693aa3752be17421dd485533656df08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962271
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65417}
- Move {function_} and {closure_hints_} out of each {Environment}, as
it's sufficient to only have it in the serializer class.
- Similarly, remove {parameter_count_} and {register_count_} from
{Environment}. To accomodate for that, change implementation of
"dead" environments to be based on a flag.
- Remove {ClearEphemeralHints}. This was called for any bytecode not
recognized by the serializer. I think it makes more sense to just
do nothing at all for those, i.e. keep whatever hints we have.
- Split the magical {ephemeral_hints_} vector into three separate
things for clarity: {accumulator_hints_}, {parameters_hints_}, and
{locals_hints}. Note that we already had {current_context_hints_}.
Bug: v8:7790
Change-Id: Icbe33f500bdbd0f8002570934f59425f49c9de12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958010
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65400}
- Remove CLEAR_ENVIRONMENT_LIST of bytecodes, since clearing the
environment is already the default behavior.
- Address a TODO in Environment::Merge: also merge context hints.
- Don't needlessly clear register hints for InvokeIntrinsic.
Bug: v8:7790
Change-Id: Ibead921002e45ed46c8c1629cae7bb9febf09b90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1952870
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65399}
The final goal is to eliminate it altogether. This CL just
eliminate the redundant ones.
Bug: v8:7703
Change-Id: If6e718c373fca7c65ce46c347533ec4550fbc444
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950968
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65398}
The cache adds a strong pointer from a code object to closures and
thus can leak arbitrary objects.
Bug: chromium:1030043
Tbr: yangguo@chromium.org
Change-Id: I8ce90119fa97eaea59d42e7fae5acd336b5fe5d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954392
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65363}
There was some common code regarding smi tagging and either overflowing
or deopting if the number was too big for 31 bit smis.
Bug: v8:10021
Change-Id: I9cd9e5ff29b06638a10dd0c5a9f72ff13df6d6bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950964
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65352}
Also make return and unconditional jumps kill the environment instead
of clearing it. This was still leftover from before we introduced
liveness and prevented sharing as well.
Bug: v8:7790
Change-Id: Ic79d64c9eaedf608d26e3265d4b27d21f7f3dfe1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948710
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65345}
port 91ee5f0https://crrev.com/c/1925614
Original Commit Message:
[wasm-simd] Implement f64x2 min max for arm
Change-Id: I41b350cdcc9242b2fed6260873dc202367509137
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947690
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65342}
Change-Id: Ia5c6793f22b3eeff3614542e455d46daa76657a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948792
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65324}
Bug: chromium:1029576
Change-Id: If647f764da2682a0f278b9b8060d0665fab1c40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948711
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65312}
I noticed that the generated code from the Torque macro
EnsureArrayLengthWritable included an imul instruction, even though the
inputs to that instruction are both constants. This change adds the
ability for MachineOperatorReducer to get rid of that operation.
Change-Id: Ia2050c888d76f110d1290fd9eab13853c3353a63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941138
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65310}
Replace unsigned extract lane followed by sign extend
as added here https://chromium-review.googlesource.com/c/v8/v8/+/1846711
with a signed extract lane for I8x16 and I16x8.
Change-Id: I5a701417b772d12f5ef038efbb081716bb27e25a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873700
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65307}
The following changes were introduced with the recent proposal update:
- OOB access with 0 length traps
- Double drop of segments is allowed
- Dropped segments are treated like having size 0 (OOB error)
- Active segments are dropped right after initialization
R=ahaas@chromium.org
Change-Id: I4e9fc4d9212841c7d858585c672143f99287520d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946355
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65305}
These hints are different from the rest (they only ever grow) and
there's no need to have them in each environment.
Bug: v8:7790
Change-Id: I56ed9671f602bcb6faba4003d84fee8b1d6e0128
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944156
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65300}
Add serialization of the virtual closures for Function.ptototype.apply
and Function.prototype.call. Also add tests for those.
Bug: v8:7790
Change-Id: I26374009c09958943ef36eae283a270875234e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943155
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65298}
... in order to be in sync with JSNativeContextSpecialization. This
probably doesn't allow any more optimizations but avoids confusing
misses in the broker trace.
Bug: v8:7790
Change-Id: Ia99a5828651468af8450028a351692482c21670c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944155
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65293}
Loop variable analysis doesn't recognize that the initial type of the
loop variable phi combined with the increment type may produce a NaN
result through the addition of two infinities of differing sign.
This leads to unreachable code and a SIGINT crash.
The fix is to consider this case before typing the loop variable phi,
falling back to more conservative typing if discovered.
R=neis@chromium.org
Bug: chromium:1028863
Change-Id: Ic4b5189c4c50c5bbe29e46050de630fd0673de9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946352
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65291}
Each Pipeline phase now declares kRuntimeCallCounterId which is used to
record the runtime stats for the duration of the phase. As a result
some manually instantiated counters are removed.
All counters have the same name as the phase name with the v8.TF prefix
replaced with Optimize. To enforce this, the existing phase_name
declaration in each phase has been replaced with a macro that also
declares the counter id and its mode.
Bug: v8:10006
Change-Id: I836582298b60c30eb794f4c45a8bb16efa17a38e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943161
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65289}
Instead of logging them as "wasm-unnamed" functions, log them as
"wasm-to-js", and append the signature.
This moves and generalizes the {AppendSignature} method that was already
used to produce the signature string for other wrappers.
R=jkummerow@chromium.org
Bug: chromium:1029470
Change-Id: Ic911cb19a49dcbc332bf5a4aa195107522ac6945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946350
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65287}
Replacing a constant BigInt with a constant int64 is only valid
when the use site has truncating semantics. (For non-constant
values, the representation changer did correctly check for this.)
Bug: chromium:1028593
Change-Id: Ib58b16ece6f21ba30153fd6cfa0560cc2d78d6a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940263
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65262}
If the inputs are Unsigned32OrMinusZeroOrNaN and we want to compile for
an Unsigned32 result, we still need to deopt if the RHS is zero (because
that must produce NaN).
Bug: chromium:1028862
Change-Id: Ib5b7cd10f8c4ec9a76b75a2b408729f1ca86ea3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943150
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65260}
The lane indices of S8x16Shuffle will be printed as null-terminated
character array in Operator1's PrintParameter implementation.This patch
add S8x16ShuffleParameter class, override operater<<, print indices as
integer array.
before fix:
Shuffle[\b\t\n^K\f\r^N^O]
after fix:
Shuffle[8,9,10,11,12,13,14,15,0,0,0,0,0,0,0,0]
Change-Id: I421e639f5229d3a5e348868be33f2d8bbfcfd2d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922735
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Auto-Submit: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/master@{#65253}
git cl upload failed since I needed to do a git cl format. Missed that
and uploaded https://chromium-review.googlesource.com/c/v8/v8/+/1940153
without the rename.
Bug: v8:7703
Change-Id: I26090433af86968357eaeecf3e906a9e824647a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940260
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65250}
Due to the ordering of the nodes to be changed, we might change the
ChangeTaggedToCompressed's input before the ChangeTaggedToCompressed
node itself changes. Then, we need to check for this possibility too.
Bug: v8:7703
Change-Id: I2b453211dc264b509f2ea7c0cf891be50f404009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1942607
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65248}
Ports are getting easier now. This one was fairly straightforward.
Bug: v8:9972
Change-Id: I69c0566060523e505e30980cb1d3d9633da976b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940257
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65246}
These node/edge kinds don't fit into the heap object type system; add
wrapper classes for them instead. The wrapper class must be explicitly
created, but is implicitly convertible to Node*.
Bug: v8:9972
Change-Id: Ic6c253a95bb5705fb946ee3f35508ea70c9f0070
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940255
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65244}
This is an initial (and partial) step towards full typing in graph
assembler. It removes all uses of SloppyTNode, starts to introduce
types in the GraphAssembler base class, and makes lambda function
types (for if- and for-builders) more specific.
Plenty of TODOs remain; e.g. checked casts and complete typing of
GraphAssembler are left to follow-up work.
Bug: v8:9972
Change-Id: I780adf83b53ad76beda4726960d95ab6df13e2ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940476
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65241}
A call to this intrinsic will produce true in the interpreter and false
in optimized code. This is useful for writing tests.
Change-Id: I64d06ed062027e723eca82d6f879202244f21fdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939750
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65240}
The last use of the predicate in question was to switch builtins that
implement WebAssembly runtime stubs to use hard aborts instead of normal
aborts like other builtins. This is no longer needed since the builtins
in question are embedded and no longer copied into WebAssembly modules.
This also allows to move the {WASM_RUNTIME_STUB_LIST} macro out of the
builtins-defintions.h file and into the wasm-code-manager.h file.
R=clemensb@chromium.org
BUG=v8:10021
Change-Id: Ib42d3731fc92df378cfce39d39e7fbdbbf722937
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940266
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65238}
Very similar to the recent ArrayPrototypeForEach port, this moves the
Reduce reduction, which previously operated directly on the graph, to
graph assembler.
Nothing too interesting here, but it's becoming clearer that we will
need more flexible Branch (multiple merge values) and If (a `break`
mechanism) handling in the future.
Bug: v8:9972
Change-Id: Ic48c85305ba721a9a43c67f7ad13c60da310487e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934329
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65233}
Even though they don't generate any code, it breaks some pattern
matching when these nodes are present (e.g comparisons with compressed
heap objects).
Bug: v8:7703
Change-Id: I9670c2b4e85b1635061b16d4b125de9ff51fd403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940153
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65227}
This removes the aforementioned untyped method and switches all users to
the typed TNode<> version. Those versions now contain proper checks to
compare the static information against the return count and types stored
in the call descriptor.
R=leszeks@chromium.org
BUG=v8:10021
Change-Id: I393ea6211babc100e007fb1678877d36efa7bbf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939753
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65225}
First this plumbs RuntimeCallStats from the OptimizingCompileDispatcher
down through to PipelineCompilationJob which stashes the
RuntimeCallStats on the PipelineData.
Adds new RCS thread-specific counters: OptimizeAssembleCode and
OptimizeBackgroundAssembleCode which are used in
PipelineImpl::AssembleCode.
Bug: v8:10006
Change-Id: Ieef6d32afddf4b0760e204010b09a85dfec92cf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926030
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65221}
The serializer was missing the opportunity to process calls later
constructed by JSNativeContextSpecialization::InlinePropertySetterCall
and InlinePropertyGetterCall. Added a test to ensure we're not missing
the data anymore.
This drops the "Missing data" warnings when running ARES-6 from 1044
to only 12.
Bug: v8:7790
Change-Id: Ic4b8a4cb2ac3927371b75f22de011b9957502319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937147
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65220}
... in line with VirtualContext and VirtualBoundFunction.
Bug: v8:7790
Change-Id: I454048ab4ddc192780a09017b8b47caf60386098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940247
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65217}
port edd50adhttps://crrev.com/c/1924355
Original Commit Message:
In both ChangeIntPtrToSmi and ChangeInt32ToSmi we can use bitcasts
instead of change nodes for Smi Tagging, when we are using 31 bit
smis in 64 bit architectures with pointer compression enabled.
In ChangeIntPtrToSmi we can ignore the truncation as well.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I309e6c7ba671499f721149e1ea1c8e153fe3b2ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939028
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65215}
ObjectRefs either use the serialized data or access the heap depending
on whether broker mode is disabled or not. This cl changes it to use
the mode of the data and accesses heap for UnserializedHeapObject. This
allows us to access heap for some of the objects (ex: readonly object)
instead of serializing them.
This change shouldn't change any behaviour. In a followup cl, we will
mark readonly objects as UnserializedHeapObjects even when broker mode
is serialized.
Bug: v8:9684
Change-Id: I8775e60ed480957b485c39df254827dd69c655a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937148
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65206}
We want to grow the table entries exponentially, so the entries length
will not reflect the actual size of the table any more. Hence, introduce
another field on {WasmTableObject} to store the actual length.
R=mstarzinger@chromium.orgCC=ecmziegler@chromium.org
Bug: v8:10018
Change-Id: Ie8252f33fddda3ae60dd24bd8db148fd67262226
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939050
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65200}
This enum defined three modes of doing inlining:
kGeneralInlining, kRestrictedInlining, kStressInlining.
kStressInlining was unused. kRestrictedInlining meant
that JSInliningHeuristic::Reduce would return NoChange,
but only after wasting some time inspecting calls. This
is now replaced by simply not installing JSInliningHeuristic
as a reducer when inlining is disabled.
Note: There is still a --stress-inline flag, which sets
(through flag implications) a bunch of parameters that affect
inlining.
Change-Id: I05bafbe3f1f35610d7035a2c71c5ac17bdb80758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936473
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65196}
After landing a few relatively simple ports in preceding work, this CL
ports the more involved Array.prototype.forEach reduction, containing
checkpoints, JS and runtime calls, loops, and exceptions. With the
mechanisms introduced in this change, I'd expect a large chunk of
js-call reductions to be trivially portable.
Newly introduced:
- IfBuilder0 for if-then-else statements (with optional else).
- ForBuilder for for-loop statements.
- MayThrow() for exceptional control flow. Exceptional edges are
automatically merged and wired into the outer graph if necessary.
Bug: v8:9972
Change-Id: I835bf90c5871fbd94a1d12721d44b500fbef75e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921798
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65193}
Make WasmFeatures a proper class which uses an EnumSet under the hood.
This way, it inherits all behaviour of EnumSet like comparison, merge,
etc.
Accesses change from being simple field access into the struct to
actually bit tests in the EnumSet.
R=mstarzinger@chromium.org
Bug: v8:10019
Change-Id: I768f92b90ac0294156f4482defba5ce00bc70165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934334
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65184}
We were abusing of ChangeInt32ToIntPtr since we were using it with Smis
as inputs. The new ChangeTaggedInt32ToSmi takes a smi value in 32 bits
and extends it (if necessary) to 64 bits.
Knowing it's a smi lets us skip the ChangeInt32ToInt64 when we are
using 31 bit smis.
Change-Id: Ibd88127fa8122d4b9f683151469cd37320515b5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921985
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65180}
This flag has had no effect since mid 2017 when its use-site was
accidentally removed (in https://codereview.chromium.org/2902533003).
Change-Id: I81436b064c2664deff781ad6d75ad47937e3fdc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934333
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65172}
after c968607e12 aka r65078.
CheckedTaggedToArrayIndex is the function that's in sync with the
ICs. It does both more (string-to-index conversion) and less (limit
to kMaxSafeInteger) than CheckedTaggedToInt64.
Bug: chromium:1028021
Change-Id: I992b11b8d4c58b4d3f5385b21998f53dd4b235d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934338
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65170}
In both ChangeIntPtrToSmi and ChangeInt32ToSmi we can use bitcasts
instead of change nodes for Smi Tagging, when we are using 31 bit
smis in 64 bit architectures with pointer compression enabled.
In ChangeIntPtrToSmi we can ignore the truncation as well.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I4487ba40ba9fda7b1ab31da95ff7bd144407d02d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924355
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65168}
TurboFan serializes the callee functions when concurrent inlining is
turned on. However, if inlining itself is turned off (for ex: TurboProp)
we don't need to serialize these functions reducing time spent on
main thread.
Bug: v8:9684
Change-Id: If4aba1deb64188e411d4f82b27c475ea93a15344
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932375
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65157}
This brings the number of optimization misses (with concurrent
inlining) in Octane's typescript from 179 down to 3 (the actual
score doesn't seem to change but it's already on par with the
default configuration).
Bug: v8:7790
Change-Id: Ia4ade2eafc035491d3eac9081383c72b435e8df6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924441
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65152}
Change-Id: Iaa3abd6584adf6c844d09a6341bd7fb80fb3d24d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932372
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65149}
Subsequently LookupHolderOfExpectedType should be called only
when we have installed handler code.
Bug: chromium:1024936, v8:7790
Change-Id: I33a0a7232afaba8455a0cec1fdc56251947419d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930905
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65148}
Adds RuntimeStats counters for HeapBrokerInitialization, Serialize,
SerializeMetadata and Finalization phases. These happen only on main thread.
In a followup cl we will also add counters for other phases that could happen
on main thread or background thread.
Earlier RecompileSynchronous was used to measure the time spent in Concurrent,
non Concurrent and Concurrent finalize phases. This cl replaces them with
OptimizeConcurrent, OptimizeNonConcurrent and OptimizeConcurrentFinalize
counters. This cl also renames RecompileConcurrent to OptimizeBackground to
make it clear this measures the background component of optimization.
This also updates names of trace events to be in-sync with RuntimeStat counters.
Bug: v8:9684
Change-Id: Ifda81ce7ab1c659c2df53bab924c51c46f46939b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924439
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65147}
This saves some bytes here and there. Whenever the label is bound just a
few instructions after, we can use a near jump.
R=ahaas@chromium.org
Bug: v8:10005
Change-Id: If2ec596575e1bd88d09fde3fa96ffa8187de542f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930898
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65145}
Allow sharing of hints and modification of shared hints such that
feedback can be propagated to the hints for the corresponding
register, AND all alias registers. Even propagation from an inlined
callee back to the caller is possible.
Bug: v8:7790
Change-Id: I96b3c5e41613efa5711ab758db1c3ef7f7ae6418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914560
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65139}
FunctionBlueprint holds a SharedFunctionInfo, FeedbackVector and a
Hints object that represents what we know about the Context of
the "function-to-be." Since we occasionally synthesize a
FunctionBlueprint object from a JSFunction (when we have it),
it can happen that sometimes the Context hint is a concrete
Context object, and other times it's a VirtualContext, representing
a context created sometime during the bytecode execution of the
function under optimization. Moreover, both such FunctionBlueprints
can exist in the same run due to the vagaries of CALL_IC feedback
(ie, sometimes you have a JSFunction, other times you don't).
More details in doc:
https://docs.google.com/document/d/1F1FxoDzlaYP5l5T6ZcZacV3LCUp5elcez05KWj-Mp78/edit?usp=sharing
Bug: crbug:1024282
Change-Id: Id4055531333b3dcbdb93afd23d9a226728292e11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926151
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65127}
port aafbc13https://crrev.com/c/1900662
Original Commit Message:
[wasm-simd] Implement i64x2 shifts for arm
Change-Id: I036610bdcf8e36879cf7a47fbf6e28034345a945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928499
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65126}
port ea06b01https://crrev.com/c/1925613
Original Commit Message:
[wasm-simd] Implement i64x2 add sub for arm
Also some cleanup reordering of instruction codes.
Change-Id: I151668f4125c46b35b08ddd3640341125f6fdbdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928500
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65124}
This introduces a new keyword "shape" in addition to "class",
which allows the definition of a type that extends a JSObject
subclass and specifies one or several maps with statically
known in-object properties.
Differences compared to normal classes:
- Shapes are transient since they specify maps instead of
instance types.
- Shapes have a known size.
- Fields of shapes are always in-object properties. In particular,
this means that their offset is after kHeaderSize.
- It's forbidden to inherited from shapes.
- Since shapes usually specify NativeContext-dependent maps, it's
not possible to write runtime type-checks for them. Thus this CL
avoids mapping them to their own TNode type, as the CAST macro
won't work properly. We had runtime-checks for some of them
nevertheless, some of them scarily confusing like
IsJSSloppyArgumentsObject, that actually just checked the instance
type.
Drive-by cleanups and simplifications:
- Allow subclassing from non-abstract classes and remove
@dirtyInstantiatedAbstractClass. This attribute stems from a mis-
conception of how instance types work, and with this change it
ceases to have semantic influence.
- Replace the existing JSArgumentsObject subclasses into two shapes.
JSArgumentsObjectWithLength had to be removed since shapes don't
support subclassing.
- Place kHeaderSize correctly for objects with indexed fields.
Design doc:
https://docs.google.com/document/d/1zPy2ZYfNFjeEuw6Mz3YJA-GaPGbdcSYam3SrS7ETzRU
Bug: v8:8944
Change-Id: Iabf185ccd27d0900e0890539a7fe9eaa8bf2d50e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917140
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65108}
port a7b9e58https://crrev.com/c/1900661
Original Commit Message:
[wasm-simd] Implement i64x2 neg for arm
Change-Id: Ia4f52b26e4c3d6e2833b01246bd917d5e62ca79d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924003
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#65103}
InstanceBuilder::LoadTableSegments - Throw RuntimeError instead of
LinkError
WasmGraphBuilder::TableInit & WasmGraphBuilder::MemoryInit - Do not
check for active/dropped status if size == 0
WasmGraphBuilder::MemoryFill - Throw out-of-bounds error BEFORE
attempting any memory operations if necessary
R=ahaas@chromium.org
Bug: v8:9865
Change-Id: I6a67779dc99fdc1c6bda6a2526d0e9ee5385f3ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924442
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65098}
An initial investigation of using GraphAssembler in JSCallReducer.
This CL ports two simple reductions (ReduceMathUnary,
ReduceMathBinary) as well as a slightly more involved reduction with
branching control flow (ReduceStringPrototypeSubstring). The graph
assembler abstracts away the details of maintaining effect and control
edges. Resulting code ends up looking very similar to CSA.
Newly introduced:
- Typing through TNode.
- IfBuilder1 for nicer if-then-else sequences that return exactly 1
value. Future CLs will add more convenience builders that follow this
pattern.
- Many small readability improvements through helper functions.
Bug: v8:9972
Change-Id: Iaa186b76c006e07c8d69a74f340a4912577a32a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914204
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65095}
It could also be a DeadValue.
A regression test will take a while but the fix is straightforward.
Bug: chromium:1027045
Change-Id: I49a66668b7189b7ea7d6d79d514b9e0de3edc966
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928853
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65094}
Also some cleanup reordering of instruction codes.
Bug: v8:9813
Change-Id: I35caad0b84dd5824090046cba964454eac45d5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925613
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65088}
They have to be in sync, so this patch updates both systems.
Bug: v8:4153
Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65078}
This is necessary because the spec changed.
R=mstarzinger@chromium.org
Bug: v8:9865
Change-Id: Id8b4d85eafcf368d591666907036e6aa54664e63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921794
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65072}
When importing a JS function, Wasm tries to guess the type of function
(parameters & strict/sloppy mode). This can sometimes fail which leads
to re-creation of the wrapper. With this change, the same wrapper can
be used for strict and sloppy mode requiring the re-creation only on
arity mismatch.
R=mstarzinger@chromium.org
Change-Id: I77ec2b853153dec0772873cfb60c064a74065732
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921793
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65064}
Bug: v8:9972
Change-Id: Ia85520eea8d3bcadc2573c16bf2778b1c3ff0c5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926028
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65061}
These instructions should always treat inputs as signed, and saturate to
unsigned min/max values.
E.g. given -1, it should saturate to 0.
The spec text,
https://github.com/WebAssembly/simd/blob/master/proposals/simd/SIMD.md#integer-to-integer-narrowing,
has been updated to describe this.
The changes here include codegen changes to ia32, x64, arm, and arm64,
changes to arm simulator, assembler, and disassembler to handle the case
of treating input as signed and narrowing to unsigned. The vqmovn
instruction can handle this case, our assembler wasn't allowing callers
to specify this.
The interpreter and scalar lowering are also fixed with this change.
Bug: v8:9729
Change-Id: I6f72baa825f59037f7754485df6a2964af59fe31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879423
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65051}
This reduction relies on a known object layout of the regexp instance
in order to access the lastIndex field through a statically-determined
offset. Prior to this CL, we checked only for instance types, not for
the map, and thus it was possible to read garbage from either inside
or outside the current object.
Bug: chromium:1024758,v8:7779
Change-Id: I1eec8220797f443bdf3d05804e54f33b21fa2f00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924353
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65039}
This CL implements torque builtins for BigInt subtraction and extends
the compilation pipeline to lower calls to the generic subtraction
to SpeculativeBigIntSubtract and later to BigIntSubtract with
necessary checks in case of BigInt feedback.
The CL also implements lowering of these operators to native machine
word operations on 64 bit architectures if they are used in a
truncating context (aka BigInt.asUintN).
Bug: v8:9407
Change-Id: Idf5da14c380bc7c12375e7f084a3e1c455303f5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895566
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65037}
Drive-by: For more flexibility (e.g. for future IsNull methods), remove
'Constant' from names in the list of constants.
Bug: v8:9972
Change-Id: I66ec64c30cb397641d77cd26b514e8ac52763e16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924348
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65030}
... by disallowing checkpoint elimination across function boundaries.
See the comment in checkpoint-elimination.cc and the tests for details.
Bug: v8:9945
Change-Id: Ibf4ab6f0e4e709e26d3c4428a082ef45dcbeb8b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906208
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65027}
We recently extended function-entry stack checks by an offset
representing the difference in optimized and unoptimized frame sizes,
with the intent of avoiding stack overflows during deopts. Although
the generated code is very efficient (just a single additional
register subtraction, executed exactly once per call), perf impact
is measurable.
To avoid the overhead in most cases, this CL adds a stack slack,
currently set to 256 bytes, by which deopts are allowed to exceed the
real V8 stack limit. For function-entry stack checks with an offset
less than stack slack, the offset is not applied and the more
efficient version of the stack check is emitted.
The V8 limit is chosen to be smaller than OS stack size (assumed to
be at least 1 MB). This guarantee is upheld even with slack.
Bug: chromium:1020989,v8:9534
Change-Id: Idee2e7ad1fa7810bf086a9f72ce00a9717010310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910099
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65025}
This implements the rest of the load extend instructions:
- i32x4.load16x4_s
- i32x4.load16x4_u
- i64x2.load32x2_s
- i64x2.load32x2_u
Bug: v8:9886
Change-Id: I4649f77bae5224042a1628d9f0498c050b1e599d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903812
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65017}
At least under some circumstances (GCC 6 with x64 Linux for me),
the code in `serializer-for-background-compilation.cc` guarded by
`ENABLE_SLOW_DCHECKS` attempts to use `std::iterator_traits` on the
`FunctionalList`, which previously failed compilation because
the standard iterator member types were unavailable.
This adds these members.
Refs: https://chromium-review.googlesource.com/c/v8/v8/+/1800578
Change-Id: Ifece423fce31d98777c6a65ef442623c321ecba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921800
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65014}
For many subclasses of JSObject, we used kSize instead of kHeaderSize
even though they can contain in-object properties. In fact, kSize
was very much used as the header size, as can be seen in many examples
in this CL.
This change is a preparation for a for a cleanup of how Torque
generates field offsets.
TBR=hpayer@chromium.org
Change-Id: I350e996057cd66c427381334080f8ac93de88597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917141
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65013}
The serialization of Construct was accidentally using the wrong hints
for the receiver. Also, the recursion in ProcessCallOrConstruct was
not quite right: for example, it overwrote the accumulator hints in
each recursion.
With this CL the Octane raytrace score for --concurrent-inlining is
back to the default configuration's score.
Bug: v8:7790
Change-Id: I501c9cc0b0c8de04520742b9c6b392a4a732bf78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921789
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65011}
That warning about missing data was sometimes printed even
when nothing was missing.
(Also drop an outdated TODO.)
Bug: v8:7790
Change-Id: I9550b3237c87b7b0e59f740c34b13d3e38d8d36e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917153
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65010}
This makes sure that the {WasmGraphBuilder} properly detects the
presence of Simd128 global.get and global.set opcodes and triggers
scalar lowering on architectures without Simd128 support.
R=clemensb@chromium.org
TEST=cctest/test-run-wasm-simd/RunWasm_S128Globals
BUG=v8:9973
Change-Id: I1538bd1d3fea40cc78e82b125d4f113842faf68a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917148
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65002}
This reverts commit a9ea67d4bb.
Reason for revert: Regressions https://crbug.com/1025160.
Original change's description:
> Reland "[regalloc] Use an adaptive data structure for live sets"
>
> This is a reland of b3d748a282
>
> Original change's description:
> > [regalloc] Use an adaptive data structure for live sets
> >
> > Live sets represent sets of live virtual registers at block entry and
> > exit points. They are usually sparsely populated; for example, a sample
> > taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> > 10% or less.
> >
> > Prior to this CL, live sets were implemented as a statically-sized bit
> > vector. This is fine for low-ish virtual register counts, but becomes
> > wasteful at higher numbers.
> >
> > This CL attempts to address this issue through an adaptive
> > implementation. Small live sets remain bit vectors, while larger sets
> > switch to a PersistentMap-based implementation. PersistentMap has very
> > memory-efficient add/remove/copy operations.
> >
> > Of course, with adaptive data structures we enter the territory of
> > parameter fiddling. In this case, two parameters are used:
> > kMaxSmallSetSize controls when to switch implementations, and
> > kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> > deleted entries in the map) sets in.
> >
> > On the (degenerate) test case from the linked bug, the register
> > allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> > I expect savings on the order of 10s of KB.
> >
> > Bug: v8:9574
> > Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64872}
>
> Bug: v8:9574
> Change-Id: I5a95d56c33a98cc5c6c58ff9308314e2eefa462c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910953
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64950}
TBR=jgruber@chromium.org,tebbi@chromium.org,thibaudm@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9574,chromium:1025160
Change-Id: I177d64eed588cd09c999e15b04d37630c2c6538b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918255
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64998}
Bug: v8:7790
Change-Id: Ibfc83828c8677901caa4e04e2b88915ddabeed49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918245
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64984}
utils.h itself is fairly large and contains lots of unrelated functions
as well as having a fair number of dependencies itself, so this splits
bounds checking and bit field operations into their own headers in base
and replaces uses of utils.h with the more appropriate header where
possible. (Also fixes some cases where other headers were previously
brought in transitively).
Bug: v8:9810, v8:8912
Change-Id: I76c53f953848a57e2c5bfad6ce45abcd6d2a4f1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916604
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64983}
This makes sure that the {WasmGraphBuilder} properly detects the
presence of Simd128 loads and store opcodes and triggers then scalar
lowering of the graph on architectures that don't support Simd128.
R=clemensb@chromium.org
TEST=mjsunit/wasm/exceptions-simd
BUG=v8:9973
Change-Id: I118f72135ddc9011efa3f75aaf120bb67e708d8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916605
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64964}
When debugging CSA builtins, it's useful to place a 'DebugBreak();' in the
code. However, the instruction scheduler re-orders instructions around it which
can be a little frustrating.
Change-Id: Ic4288bbc24e78987c7cbf3616e80cf5915f474c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916602
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#64963}
This removes {CPURegister::Is} and {CPURegister::is}, and just uses
{CPURegister::operator==} instead.
Drive-by: Use DCHECK_EQ and DCHECK_NE where possible.
R=mstarzinger@chromium.org
Bug: v8:9810
Change-Id: I03aad8b4223bd4ae37d468326a734f7a5c3c8061
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916202
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64956}
This is a reland of b3d748a282
Original change's description:
> [regalloc] Use an adaptive data structure for live sets
>
> Live sets represent sets of live virtual registers at block entry and
> exit points. They are usually sparsely populated; for example, a sample
> taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> 10% or less.
>
> Prior to this CL, live sets were implemented as a statically-sized bit
> vector. This is fine for low-ish virtual register counts, but becomes
> wasteful at higher numbers.
>
> This CL attempts to address this issue through an adaptive
> implementation. Small live sets remain bit vectors, while larger sets
> switch to a PersistentMap-based implementation. PersistentMap has very
> memory-efficient add/remove/copy operations.
>
> Of course, with adaptive data structures we enter the territory of
> parameter fiddling. In this case, two parameters are used:
> kMaxSmallSetSize controls when to switch implementations, and
> kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> deleted entries in the map) sets in.
>
> On the (degenerate) test case from the linked bug, the register
> allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> I expect savings on the order of 10s of KB.
>
> Bug: v8:9574
> Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64872}
Bug: v8:9574
Change-Id: I5a95d56c33a98cc5c6c58ff9308314e2eefa462c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910953
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64950}
This reverts commit 4d1b7af7b1.
Reason for revert: Broke clusterfuzz asan build
Original change's description:
> [turbofan][64] Remove Smi Untagging extra nodes for 31 bit smis
>
> There are some cases where we can ignore some truncations or
> change nodes for Smi Untagging, when we are using 31 bit smis
> in 64 bit architectures.
>
> Updated DecompressionOptimizer to match the new pattern.
>
> Change-Id: I89d34407e6f780ec0399cd427cf9d3e24ee5669a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889877
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64909}
TBR=jgruber@chromium.org,tebbi@chromium.org,solanes@chromium.org
Bug: chromium:1023972
Change-Id: I7773455a970a11c345a020c1421c961314c8eb5c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914202
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64930}
When simulating bytecode, we store the current environment at the
site of the appropriate catch handler when entering a try range.
If the start of the try range is dead, we don't bother to store
an environment. However, generators can create alive regions
inside the try range. At such moments, we should recognize
we're in a try range and store the environment for the handler.
Bug: chromium:1017159
Change-Id: Icccc2ccf530895099bc62b97d9aaec8b97d5f4e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879247
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64929}
port 80dc6a3https://crrev.com/c/1903445
Original Commit Message:
[ptr-compr] Remove CompressedSigned MachineRepresentation
Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
bits used. This renders CompressedSigned useless.
Change-Id: I3d656752bb81a09bd3985bd39ab9f656504f4da1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1911268
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64925}
This reverts commit 75a6132505.
Reason for revert: Fails arm64 gc stress (see bisect): https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/16691
Original change's description:
> [turbofan] Simplified LowerCheckedInt(32|64)ToTaggedSigned
>
> Merge duplicate LowerCheckedInt32ToTaggedSigned code.
>
> Skip ChangeInt32ToInt64:
> * In 32 bit archs, ChangeInt32ToInt64 is a no-op.
> * In 64 bit archs with 31 bit smis and smi corrupting enabled,
> ChangeInt32ToIntPtr can be skipped. This is because it would only
> change the upper bits, and those upper bits are not significant
> since we are smi-corrupting.
>
> Change-Id: Ia217773fc7fccdd6227f66fbd600326ebbe9b86d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893193
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64906}
TBR=jgruber@chromium.org,tebbi@chromium.org,solanes@chromium.org
Change-Id: I6586a6f226537acba988afa1be7454c2c3e6ee54
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910955
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64915}
This reverts commit b3d748a282.
Reason for revert: Regressions, see https://crbug.com/1023423.
Original change's description:
> [regalloc] Use an adaptive data structure for live sets
>
> Live sets represent sets of live virtual registers at block entry and
> exit points. They are usually sparsely populated; for example, a sample
> taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> 10% or less.
>
> Prior to this CL, live sets were implemented as a statically-sized bit
> vector. This is fine for low-ish virtual register counts, but becomes
> wasteful at higher numbers.
>
> This CL attempts to address this issue through an adaptive
> implementation. Small live sets remain bit vectors, while larger sets
> switch to a PersistentMap-based implementation. PersistentMap has very
> memory-efficient add/remove/copy operations.
>
> Of course, with adaptive data structures we enter the territory of
> parameter fiddling. In this case, two parameters are used:
> kMaxSmallSetSize controls when to switch implementations, and
> kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> deleted entries in the map) sets in.
>
> On the (degenerate) test case from the linked bug, the register
> allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> I expect savings on the order of 10s of KB.
>
> Bug: v8:9574
> Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64872}
TBR=jgruber@chromium.org,tebbi@chromium.org,thibaudm@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9574
Change-Id: I5d684198f9c4575a0c892076459cc2c20dce9aec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910944
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64912}
There are some cases where we can ignore some truncations or
change nodes for Smi Untagging, when we are using 31 bit smis
in 64 bit architectures.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I89d34407e6f780ec0399cd427cf9d3e24ee5669a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889877
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64909}
Merge duplicate LowerCheckedInt32ToTaggedSigned code.
Skip ChangeInt32ToInt64:
* In 32 bit archs, ChangeInt32ToInt64 is a no-op.
* In 64 bit archs with 31 bit smis and smi corrupting enabled,
ChangeInt32ToIntPtr can be skipped. This is because it would only
change the upper bits, and those upper bits are not significant
since we are smi-corrupting.
Change-Id: Ia217773fc7fccdd6227f66fbd600326ebbe9b86d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893193
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64906}
Instead of changing all of TryToName to do the conversion to array
index, this patch narrows this fast path just to the element load IC
handler.
This patch also restores the HeapNumber conversion in TryToIntPtr and
in Turbofan inlining as per the original state of things.
Bug: v8:9449, chromium:1016738, chromium:1016709
Change-Id: Ibf3a2c38637fc36e0ee037dc740f273848d1e8a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1902386
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64896}
When the serializer encounters a JSConstruct, it now serializes the
initial map of the new_target to enable further opitmizations in
JSNativeContextSpecialization.
Add regression tests as well.
Bug: v8:7790
Change-Id: Ifab2b58c64a341744e833ed063e9695d74a5cdce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900457
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64886}
Port 6e90f2f292
Original Commit Message:
Including but not limiting to removing:
* BitcastCompressedXXX
* CheckedCompressedXXX
* ChangeXXXToCompressedYYY
* ChangeCompressedXXX
As a note, ChangeTaggedToCompressed can't be removed just yet as it
is still in use.
R=solanes@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I0974b300654f61d152ea65016a0e278ea4ba1b60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907440
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64885}
Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
bits used. This renders CompressedSigned useless.
Bug: v8:7703
Change-Id: Id59aaebc24d670ed32c483ceecf77fd194405ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903445
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64883}
Including but not limiting to removing:
* BitcastCompressedXXX
* CheckedCompressedXXX
* ChangeXXXToCompressedYYY
* ChangeCompressedXXX
As a note, ChangeTaggedToCompressed can't be removed just yet as it
is still in use.
Bug: v8:7703
Change-Id: I98cf88a32adfa976d419e69702d1cac4d3e811a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903435
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64880}
I changed the verification algorithm of switch nodes from a quadratic
algorithm to a linear one. On my machine this speeds up the test from
17 seconds to 2 seconds in the x64.optdebug build.
R=mslekova@chromium.org
Bug: v8:9810
Change-Id: I952d3fcc641b4e269b8ebac8f65fe545c6062587
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905768
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64877}
Live sets represent sets of live virtual registers at block entry and
exit points. They are usually sparsely populated; for example, a sample
taken from Octane2 shows 80% of sampled live sets with a fill ratio of
10% or less.
Prior to this CL, live sets were implemented as a statically-sized bit
vector. This is fine for low-ish virtual register counts, but becomes
wasteful at higher numbers.
This CL attempts to address this issue through an adaptive
implementation. Small live sets remain bit vectors, while larger sets
switch to a PersistentMap-based implementation. PersistentMap has very
memory-efficient add/remove/copy operations.
Of course, with adaptive data structures we enter the territory of
parameter fiddling. In this case, two parameters are used:
kMaxSmallSetSize controls when to switch implementations, and
kMaxDeletionsBeforePrune controls when pruning (= managing the # of
deleted entries in the map) sets in.
On the (degenerate) test case from the linked bug, the register
allocation zone shrinks from 1008MB to 475MB. For more realistic cases
I expect savings on the order of 10s of KB.
Bug: v8:9574
Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64872}
port b6edadchttps://crrev.com/c/1872930
Original Commit Message:
[wasm-simd] Implement f64x2 comparisons for arm
Change-Id: If0fab2307a7f6da75f27ecd90cef6e15945214dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903290
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#64868}
{WhichPowerOf2} is basically the same as {CountTrailingZeros}, with a
restriction to powers of two. Since it does not use or depend on any v8
internals, it can be moved to src/base/bits.h.
This CL also changes the implementation to use the CTZ builtin if
available, and falls back to popcnt otherwise.
Drive-by: Make it constexpr, and rename to {WhichPowerOfTwo}.
R=sigurds@chromium.org
Bug: v8:9810, v8:8912
Change-Id: I8368d098f9ab1247f3b9f036f1385a38de10cc6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903966
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64851}
Since the turbo_decompression_elimination flag is removed, there
are several methods in machine-type.h that get simplified, e.g
TypeCompressedTaggedPointer() can be replaced by just
"TaggedPointer()".
Also Removing the creation of Change to/from Compressed nodes.
Removing these Change nodes' logic is left to a follow-up CL.
Bug: v8:7703
Change-Id: Iff1f9aa8361189cf781a26317fd342b942fd5aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1897537
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64834}
Introduce new operator LoadTransform that holds a LoadTransformInfo param,
which describes the kind of load (normal, unaligned, protected), and a
transformation (splat or extend, signed or unsigned).
We have a new method that a full decoder needs to implement, LoadTransform,
which resuses the existing LoadType we have, but also takes a LoadTransform,
to distinguish between splats and extends at the decoder level.
This implements 4 out of the 10 suggested load splat/extend operations
(to keep the cl smaller), and is also missing interpreter support (will
be added in the future).
Change-Id: I1e65c693bfbe30e2a511c81b5a32e06aacbddc19
Bug: v8:9886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863863
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64819}
For now, both are implemented via a C call, just like i32_rol and
i32_ror. If they turn out to be critical for performance, we can still
implement them via hardware instructions on selected platforms.
R=jkummerow@chromium.org
Bug: v8:9919
Change-Id: I16affdfe397a08ef6a51d310f018b3a099e80e44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900454
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64816}
There is at least one case where a Load output flows into an
In32LessThanOrEqual node without any bitcasts or truncations in the
middle. We have to consider these cases in the reducer.
Bug: v8:7703
Change-Id: I1ed9c41e80c0603fd287d096c3050c5ae27c2b3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879945
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64811}
Previously we were only blocking verify_stub_graph and not
FLAG_turbo_verify_machine_graph. This led to failures when
FLAG_turbo_verify_machine_graph was active (e.g when it was set to
"*").
Change-Id: I27b53f0bc1b544498d1d182903301347e5669013
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893339
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64806}
Phis act as proxys: a phi's input has only 32 bits observed iff
the phi's output has only 32 bits observed. When the Tagged Phi
has only 32 bits observed, the Phi's MachineRepresentation
changes to the Compressed counterpart.
Also, update machine graph verifier so that Phis of Compressed
accept Tagged inputs as well.
Bug: v8:7703
Change-Id: I365d0b38f76edbaecbfea29f603abd2ce2224878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879943
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64802}
The bug is due to an unexpected opcode. To avoid similar issues in the future, we fallback to CheckContextExtensionSlowPath. This was the default behaviour before the CL (https://chromium-review.googlesource.com/c/v8/v8/+/1876051).
Bug: chromium:1020983
Change-Id: Ia7f0f2986ec0008d1128ad3856efbb5d9e52dfc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899989
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64794}
This removes the feature that we log precise information about
functions and scripts in "v8.compile", since it comes at a
significant cost and is not going to be used anytime soon. If
we ever decide that we need this, we will have to come up with
a cheaper way of doing this.
Fixed: v8:9874
Tbr: yangguo@chromium.org
Bug: v8:8598, v8:9039, v8:9325, v8:9874
Change-Id: I3481570b6fda2a050f05d2ae84cf3e9245f67d52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1898652
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64783}
When running the tests with --turbo-stress-instruction-scheduling, there are
crashes in the cases where there is no isolate, since we used the random
generator from the isolate. This change introduces a RandomNumberGenerator to
the instruction scheduler instead.
We use the value from --random-seed for seeding the random number generator.
We don't treat a zero value specially, as the feature is meant to be used with
the test system which always sets a random seed and doesn't rely on default
behaviour. This also means that the instruction scheduler will always produce
the same result for the same input within the same run, which fixes another
issue with the x64 jump optimisation: when that optimisation is enabled, the
backend is ran twice, and previously it was producing a different schedule
each time, thus collecting incorrect jump information.
Bug: v8:9884
Change-Id: I00394a7e50d0c502254b18490ebaf28a38d8f819
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895555
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#64769}
port 4664840https://crrev.com/c/1871605
Original Commit Message:
CallDebugOnFunctionCall was always using Registers and not Immediates.
Then ParameterCount is not really needed. Since updating that, we
could update other functions, e.g InvokeFunction, to only use
registers too.
Also removed now irrelevant variables, e.g definitely_mismatches.
[mips][codegen] Removed ParameterCount class
port 1e69689https://crrev.com/c/1886916
Original Commit Message:
It was used only with Register inputs, so we can replace its uses with
the Registers themselves.
Change-Id: I0a661519f5602bf4d52c40c6c238436b93b71664
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1898826
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64753}
Change builtin calls in wasm-compiler.cc to use CallBuiltinPointer
rather than CallCodeObject which means they bypass the trampoline.
Since the Code objects are no longer being called, remove them from the
executable Code object allow-list in builtins.cc.
Bug: v8:9338
Change-Id: I9835bab859c4d5e45dbfb4c7a339ccf74e719237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893337
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64744}
Now that embedded builtins are mandatory and non-embedded builtins no
longer need to be supported, it is safe to embed the target of the
CEntry builtin directly into WebAssembly runtime stubs. This produces
more efficient code and simplifies the runtime stubs.
R=clemensb@chromium.org
Change-Id: If2f91fa733edc266af3a204ac17ff36e4c0b41a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895567
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64739}
Changing the target of JSCall nodes (e.g. while lowering higher order calls)
now preserves feedback and speculation mode to allow further (speculative)
optimizations. A flag is introduced to mark feedback unrelated to the call
target after such a transformation. This flag is used to prevent access to
the feedback without the need to invalidate it.
Bug: v8:9702
Change-Id: I311d3a4b1b22d6f65e5837a23b0b7585c8d75eed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844788
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64733}
Relevant opcodes:
* kFrameState
* kStateValues
* kTypedStateValues
The code to decompress CompressedHeapConstants is not there for the
opcodes stated above. We can only do this optimization for Loads
for the moment.
Bug: v8:7703
Change-Id: I226089f1b2b78d0bd742785c7c9924284a97c72d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879942
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64732}
This fixes a compilation error in Node.js with Xcode:
initialize the const member 'blueprint_'.
error: constructor for 'v8::internal::compiler::Callee' must explicitly
Change-Id: Ia55398428d0de35a9ad5132eabd22d0adb694514
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895561
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64719}
Port b875f4661a
Original Commit Message:
Reland "[compiler] Optionally apply an offset to stack checks"
This is a reland of 4a16305b65
The original CL adjust only one part of the stack check, namely the
comparison of the stack pointer against the stack limit in generated code.
There is a second part: Runtime::kStackGuard repeats this check to
distinguish between a stack overflow and an interrupt request.
This second part in runtime must apply the offset just like in generated
code. It is implemented in this reland by the StackCheckOffset operator
and a new StackGuardWithGap runtime function.
Original change's description:
> [compiler] Optionally apply an offset to stack checks
>
> The motivation behind this change is that the frame size of an optimized
> function and its unoptimized version may differ, and deoptimization
> may thus trigger a stack overflow. The solution implemented in this CL
> is to optionally apply an offset to the stack check s.t. the check
> becomes 'sp - offset > limit'. The offset is applied to stack checks at
> function-entry, and is set to the difference between the optimized and
> unoptimized frame size.
>
> A caveat: OSR may not be fully handled by this fix since we've already
> passed the function-entry stack check. A possible solution would be to
> *not* skip creation of function-entry stack checks for inlinees.
>
> This CL: 1. annotates stack check nodes with the stack check kind, where
> kind is one of {function-entry,iteration-body,unknown}. 2. potentially
> allocates a temporary register to store the result of the 'sp - offset'
> in instruction selection (and switches input registers to 'unique'
> mode). 3. Applies the offset in code generation.
>
> mode). 3. Applies the offset in code generation.
>
> Drive-by: Add src/compiler/globals.h for compiler-specific globals.
>
> Bug: v8:9534,chromium:1000887
> Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63701}
Change-Id: I77554bddde57153ec92c4b80c15d0a52efbaab2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893554
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mu Tao <pamilty@gmail.com>
Cr-Commit-Position: refs/heads/master@{#64718}
The {SetTraceValue} method was only defined for a set of integer types,
which sometimes lead to ambiguities when using types like {size_t},
{unsigned long} or the like (see https://crrev.com/c/1886912/1).
This CL fixes that by providing a method accepting any integer type.
It also changes the existing methods to avoid the "cast via union"
idiom, and uses memcpy instead.
R=petermarshall@chromium.org
Bug: v8:9810
Change-Id: I1530405640dc6cb0058153a8dbb860c7f3727ac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886918
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64710}
There is some duplication in the AVX definitions, which will be cleaned
up in a future change.
Bug: v8:9561
Change-Id: I78b134f536ec47d45c0a56f653148e8925f7def6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893359
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64706}
Previously only Builtins declared TFJ or CPP in builtins-definitions.h
were converted to direct calls in ReduceJSCall. This allows all
builtins with JS linkage to be converted. To facilitate this, it adds
Builtins::HasJSLinkage(id) that returns true for any builtins with
JSTrampolineDescriptor as their call descriptor.
It also ensures that any JS functions installed by the bootstrapper are
also required to have JS linkage to catch early errors.
Change-Id: I2fddca41f9ab1c7c9633aa0ab4847a5c108e2bb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883549
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64698}
This gets rid of a bunch of compiler warnings with MSVC.
Change-Id: I73440f0d203603fe39a2408d2b9cc647700aa5fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893334
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#64692}
Implement the possibility to revisit the same function in the
serializer using equality of its arguments.
Bug: v8:7790
Change-Id: I609a6009bf503e378e50d0b32c6f1c13721d2557
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863198
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64683}
Add information to CallInterfaceDescriptor if additional implicit arguments
can be passed on the stack, that is, if it is a varargs calling convention.
With this information, we can have a proper DCHECK in CSA to avoid passing
the wrong number of arguments to builtins that don't support it.
Previously, this lead to difficult to investigate crashes with misaligned
stacks.
Drive-by cleanup: Reduce duplication between DEFINE_PARAMETERS_... macros.
Change-Id: I449af6713a3cdd72e098d3481dfee62e01343f14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1888932
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64666}
This reverts commit 2da05dfcf5.
Reason for revert: Will need to commit some of the changes as a port of 46648402d0
Original change's description:
> PPC/s390: [codegen] Removed ParameterCount class
>
> Port 1e696896ed
>
> Original Commit Message:
>
> It was used only with Register inputs, so we can replace its uses with
> the Registers themselves.
>
> R=solanes@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
>
> Change-Id: I95c0e6fc19ea5f9579d022756a4693ea0140d2f7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1890543
> Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#64661}
TBR=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,joransiu@ca.ibm.com,miladfar@ca.ibm.com,solanes@chromium.org
Change-Id: I10f0a7f3c81f7c5c396df1e26ead50c5f8755231
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891073
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64662}
... since we may be in the background. Print the HeapObjectRef instead,
which will read the heap when it's allowed to do so.
Bug: v8:9541
Change-Id: I201c6dcd83e1b050393d633e4d59aec636772da6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889876
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64655}
Port b875f4661a
Original Commit Message:
This is a reland of 4a16305b65
The original CL adjust only one part of the stack check, namely the
comparison of the stack pointer against the stack limit in generated code.
There is a second part: Runtime::kStackGuard repeats this check to
distinguish between a stack overflow and an interrupt request.
This second part in runtime must apply the offset just like in generated
code. It is implemented in this reland by the StackCheckOffset operator
and a new StackGuardWithGap runtime function.
Original change's description:
> [compiler] Optionally apply an offset to stack checks
>
> The motivation behind this change is that the frame size of an optimized
> function and its unoptimized version may differ, and deoptimization
> may thus trigger a stack overflow. The solution implemented in this CL
> is to optionally apply an offset to the stack check s.t. the check
> becomes 'sp - offset > limit'. The offset is applied to stack checks at
> function-entry, and is set to the difference between the optimized and
> unoptimized frame size.
>
> A caveat: OSR may not be fully handled by this fix since we've already
> passed the function-entry stack check. A possible solution would be to
> *not* skip creation of function-entry stack checks for inlinees.
>
> This CL: 1. annotates stack check nodes with the stack check kind, where
> kind is one of {function-entry,iteration-body,unknown}. 2. potentially
> allocates a temporary register to store the result of the 'sp - offset'
> in instruction selection (and switches input registers to 'unique'
> mode). 3. Applies the offset in code generation.
>
> Drive-by: Add src/compiler/globals.h for compiler-specific globals.
>
> Bug: v8:9534,chromium:1000887
> Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63701}
R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I37bf1d9157a96a5d3538108703f2d7469a11bffe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1890535
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64652}
It was used only with Register inputs, so we can replace its uses with
the Registers themselves.
Change-Id: I1ea3ed88ee41177b696a7281cdf3b90fefdc5870
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886916
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64639}
Smi checks get lowered to Word32And, so they are important to consider
in the reducer.
Bug: v8:7703
Change-Id: Ie6e2403db84f83808edcc1e44ecb60ecd72ae34d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876053
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64638}
Effect control linearization knows about compressed values only when
DecompressionElimination is active.
Bug: v8:7703
Change-Id: I7854488322f846f94c644e057ab1c32641adf662
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883896
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64637}
This is a reland of 4a16305b65
The original CL adjust only one part of the stack check, namely the
comparison of the stack pointer against the stack limit in generated code.
There is a second part: Runtime::kStackGuard repeats this check to
distinguish between a stack overflow and an interrupt request.
This second part in runtime must apply the offset just like in generated
code. It is implemented in this reland by the StackCheckOffset operator
and a new StackGuardWithGap runtime function.
Original change's description:
> [compiler] Optionally apply an offset to stack checks
>
> The motivation behind this change is that the frame size of an optimized
> function and its unoptimized version may differ, and deoptimization
> may thus trigger a stack overflow. The solution implemented in this CL
> is to optionally apply an offset to the stack check s.t. the check
> becomes 'sp - offset > limit'. The offset is applied to stack checks at
> function-entry, and is set to the difference between the optimized and
> unoptimized frame size.
>
> A caveat: OSR may not be fully handled by this fix since we've already
> passed the function-entry stack check. A possible solution would be to
> *not* skip creation of function-entry stack checks for inlinees.
>
> This CL: 1. annotates stack check nodes with the stack check kind, where
> kind is one of {function-entry,iteration-body,unknown}. 2. potentially
> allocates a temporary register to store the result of the 'sp - offset'
> in instruction selection (and switches input registers to 'unique'
> mode). 3. Applies the offset in code generation.
>
> Drive-by: Add src/compiler/globals.h for compiler-specific globals.
>
> Bug: v8:9534,chromium:1000887
> Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63701}
Bug: v8:9534, chromium:1000887
Change-Id: I71771c281afd7d57c09aa48ea1b182d01e6dee2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822037
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64634}
There are a couple of bugs here:
1. The immediate used for vinsertps is wrong when lane == 1, the first
two bits specify which element of the source is copied, and it should
always be 00, 01 to copy the first 2 lanes of source.
2. For both cases, the second insertps call should be using dst as the
src, since dst was already updated by the first insertps call, it was
incorrectly using the old value of src. This was probably working
correctly because in many cases dst and src happened to be the same
register.
3. rep cannot be same as dst, because dst is overwritten, and rep should
stay the same
I also modified the F64x2ReplaceLane to test separately for replacing
lane 0 and lane 1.
Fixed bug 3. for arm and arm64.
Bug: v8:9728
Change-Id: Iec6e48bcfbc7d27908dd86d5f113a8b5dedd499b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1877055
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64620}
Inlines UpdateEffectControlWith and AddClonedNode in GraphAssembler to address
a regression in some benchmarks caused by Add the ability for GraphAssembler
to update basic blocks.
BUG=chromium:1018661,v8:9684
Change-Id: I05513c13305465310552448192e0474f5aaa4a20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886917
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64615}
Remove serialized_ flags where there's only one thing to be serialized
and its pointer can be used instead.
Bug: v8:7790
Change-Id: I489bb3085cef574f81f417f950898d4348f8b9ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886911
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64608}
ClusterFuzzer found that a context can be created by
a call to the runtime when checking for context extensions
on the bytecode graph builder.
That happens in large contexts.
Bug: chromium:1019069
Change-Id: I7ab66dceedd56476ab972d7998ef4ca6896dc868
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886691
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64605}
We know statically if a context has an extension slot or not, but that
was dynamically checked.
The CL lifts the ScopeInfo chain to the compiler and does the check
statically, it only generates the undefined check if the context
has an extension slot.
Bug: v8:9744
Change-Id: I169d05bb11b36501e97af00d30ae44bedcd6be83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876051
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64599}
This change begins making use of the fact that Torque now knows about
the relationship between classes and instance types, to replace a few
repetitive lists:
- Instance type checkers (single and range), defined in
src/objects/instance-type.h
- Verification dispatch in src/diagnostics/objects-debug.cc
- Printer dispatch in src/diagnostics/objects-printer.cc
- Postmortem object type detection in
tools/debug_helper/get-object-properties.cc
Torque is updated to generate four macro lists for the instance types,
representing all of the classes separated in two dimensions: classes
that correspond to a single instance type versus those that have a
range, and classes that are fully defined in Torque (with fields and
methods inside '{}') versus those that are only declared. The latter
distinction is useful because fully-defined classes are guaranteed to
correspond to real C++ classes, whereas only-declared classes are not.
A few other changes were required to make the lists above work:
- Renamed IsFiller to IsFreeSpaceOrFiller to better reflect what it does
and avoid conflicts with the new macro-generated IsFiller method. This
is the part I'm most worried about: I think the new name is an
improvement for clarity and consistency, but I could imagine someone
typing IsFiller out of habit and introducing a bug. If we'd prefer to
keep the name IsFiller, my other idea is to rename FreeSpace to
VariableSizeFiller and Filler to FixedSizeFiller.
- Made Tuple3 extend from Struct, not Tuple2, because IsTuple2 is
expected to check for only TUPLE2_TYPE and not include TUPLE3_TYPE.
- Normalized the dispatched behavior for BigIntBase and HeapNumber.
- Added a few new object printers.
Bug: v8:7793
Change-Id: I5462bb105f8a314baa59bd6ab6ab6215df6f313c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1860314
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64597}
Add support to verify the update schedule after ScheduledEffectControlLinearization
and ScheduledMachineLowering phases. To do so, we need to recompute the immediate
dominator tree of the scheduled blocks.
BUG=v8:9684
Change-Id: I849fb7e3e699ca56c5115d90a53006d517cf3fe5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881160
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64596}
Otherwise we might reuse a node that is scheduled later in the unchanged block.
BUG=v8:9684
Change-Id: I655b538384d5ed8782d3d9bbb883037462003693
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881155
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64594}
Since we only care about one bit in the lower 32 bits, we can always
perform smi checking while looking at the lower bits.
This improves pointer compression, since we wouldn't need to decompress,
while not affecting the non-pointer compression case.
Change-Id: Ic020fefcc92de0516148f34a3caacc60ff29556b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876050
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64593}
Now that all builtins are embedded, it is no longer needed to have a
fallback variant where WebAssembly runtime stubs tail-call existing
(non-embedded) builtins, just call the (embedded) builtin directly.
R=clemensb@chromium.org
BUG=v8:6666,v8:9810
Change-Id: Id8a2b2089cabc77f841f484986d8212ca2918ef4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883550
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64581}
When rewiring a block to throw, we need to remove the current block from the list
of predecessors for all of our successors, as well as clearing our current successors.
BUG=v8:9684
Change-Id: I0da063b2ef707f07ea27a5f72cabd2ff9a91cc42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881154
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64579}
A bit was added in the context length slot to indicate if
the context had an extension slot. It turns out that
we need this information much earlier and so this flag is now
in the scope info instead.
This CL removes this bit from length, since it was not
used anymore.
I also renamed HasContextExtension to HasContextExtensionSlot
to differentiate from Context::has_extension which returns
true only if the context has an extension slot and the
extension is not the undefined object.
Bug: v8:9744
Change-Id: I7c37105b7afed34e8f480a64596fab285388f21b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879935
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64577}
This class used to describe unoptimized but compiled frames. All such
frames are by now covered via the architecture-independent description
in the {StandardFrameConstants} class (or one of its subclasses).
R=clemensb@chromium.org
BUG=v8:9810
Change-Id: I294cc6eec7d4a05e88e7aa336f1ebedfa0eb6e98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1878708
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64556}
Add VirtualBoundFunction to the serializer which takes care of
processing the result of Function.prototype.bind.
Add cctest and an mjsunit test.
Bug: v8:7790
Change-Id: Ic2b48d356cbe3b576eb22f58215cc886a8994e31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859625
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64548}
This rearranges the TurboProp pipeline to avoid the need for a second
schedule of the graph. To do this, it moves the final schedule creation
before effect-control-linearization (which used a temporary schedule
previously, and with TurboFan). It then enables the block updater in the
graph assembler for effect control linearization and does select and
memory lowering in a new ScheduledMachineLowering phase to maintain
this existing schedule during these lowering passes.
BUG=v8:9684
Change-Id: I6a7790b010f8b152dd01d85aa95ee5d4f99087a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847351
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64537}
This adds avx for extractps, insertps, and cvtdq2ps. These require
SSE4_1, so modified AvxHelper to take another template arg for sse4
operations, and open the proper cpu scope before calling this arg.
Bug: v8:9561
Change-Id: Iad2be7ebab41b96f7eb74f4e2bd9776002e6a76c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1874378
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64529}
Updates the EffectControlLinerizer to feed all nodes it processes
through the GraphAssembler. This is required to enable the GraphAssembler
to maintain the schedule for TurboProp, but also means we can avoid
keeping track of the current effect and control nodes in the
EffectControlLinearizer and use the GraphAssembler for that instead.
Also modifies EffectControlLinearizer to avoid accessing the basic block
while lowering nodes, since a basic block updating GraphAssembler could
modify the current block. Once lowered, we finalizes GraphAssembler to
provide the updated basic block for which the original control should be
processed.
BUG=v8:9684
Change-Id: Ibe7f396e15f8bebf35b9c50d56c245cbc92547f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1842453
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64528}
Adds the ability for the GraphAssembler to operate on, and maintain, a
scheduled graph. This will be used by TurboProp to maintain the initial
schedule created before effect-control-linearization, by updating this schedule
during effect-control, select and memory lowering stages rather than doing a
later reschedule.
In order to do this, an internal BlockUpdater is added to GraphAssembler,
which is enabled by passing the schedule to the GraphAssembler. The
GraphAssembler is modified to call into the block updater when nodes are added
and updates the schedule with new basic blocks when new control flow is updated.
BUG=v8:9684
Change-Id: I6d428ad21d869c472bb20f43cc8caf44722f090a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1841355
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64519}
Added the opcodes kWord32Equal and kChangeTaggedToCompressed to
DecompressionOptimizer.
Currently TaggedEqual node generates ChangeTaggedToCompressed
nodes before the Word32Equal inputs. This means we need to also
propagate kOnly32BitsObserved from kChangeTaggedToCompressed.
Bug: v8:7703
Change-Id: I61fee07269696c60e065e1bbfee3a65c1b1537fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871911
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64513}
This changes the way {SaveFPRegsMode} is stored in a {CallDescriptor}.
The value is now encoded in the flags field, similar to all other
boolean properties. It removes the last mutable field from the call
descriptor, making the struct fully immutable.
R=neis@chromium.org
Change-Id: I6bca118c7ce0c5bc77e7aa2fcc6541439bd27b3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868616
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64512}
Port f22837dbf1R=xwafish@gmail.com
Change-Id: Iece021bb832618cac0d111639b388d94f7da7028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868773
Commit-Queue: Mu Tao <pamilty@gmail.com>
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64505}
The {InstructionCode} is only used to store plain (non-negative) values
of the {ArchOpcode} enum, or additionally encodes {BitField} values. The
underlying base type 'U' of a {BitField} is uint32_t. To avoid all the
numerous implicit conversions between int32_t and uint32_t, this is
changing the {InstructionCode} so that uint32_t is used exclusively.
R=neis@chromium.org
BUG=v8:9872
Change-Id: If64107ad9298011e219b4827735eafb51465beb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869193
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64503}
This operator implicitly reads the stack pointer register and is thus
not pure. This CL removes it from the list of pure operators and
inserts it into the effect chain at its use sites.
Drive-by: Alpha-sort the list in CanAllocate.
Bug: v8:9534
Change-Id: Icf96fb3e308600dbacec3dbfb7386a4f0d0bdc39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1875098
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64502}
Port 26afd8f314
Change-Id: I4033e6bb50166d59679dddd8ba0480b4bc4b821d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1874969
Commit-Queue: Mu Tao <pamilty@gmail.com>
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64499}
Port 434f96812f
Change-Id: I9e9cb8b9ca56d5af3b5ffffa5908501c9214752d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1874968
Commit-Queue: Mu Tao <pamilty@gmail.com>
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64497}
Port a0b95232a9R=xwafish@gmail.com
Change-Id: I15c385a676e574f36d8c25c6f6294ac344b0af43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868557
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Mu Tao <pamilty@gmail.com>
Cr-Commit-Position: refs/heads/master@{#64492}
Port afbbfcbe1cR=xwafish@gmail.com
Change-Id: Iab3a9f32d8bccddcdca8d9a874869e62ae961948
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868558
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64491}
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}
We should be encountering this due to TaggedEquality.
DecompressionElimination used to take care of this, but it will not be
present in the new system.
Bug: v8:7703
Change-Id: I9fe00ee116ed1514cb4c465a8d19df6e785ef913
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868623
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64471}
Instead of logging when SFI inlineability is computed, log when
that result is actually used.
Moreover, log something in some cases where we logged nothing
so far (e.g. when we can't inline due to missing feedback vector).
Change-Id: Id93119f4ead17aa9e721eb4fcc20774c54178665
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873693
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64466}
This is a reland of c48096d442
Original change's description:
> Reland "[runtime] Remove extension slots from context objects"
>
> This is a reland of c07c02e1c4
>
> Original change's description:
> > [runtime] Remove extension slots from context objects
> >
> > Context objects have an extension slot, which contains further
> > additional data that depends on the type of the context.
> >
> > This CL removes the extension slot from contexts that don't need
> > them, hence reducing memory.
> >
> > The following contexts will still have an extension slot: native,
> > module, await, block and with contexts. See objects/contexts.h for
> > what the slot is used for.
> > The following contexts will not have an extension slot anymore (they
> > were not used before): script, catch and builtin contexts.
> > Eval and function contexts only have the extension slot if they
> > contain a sloppy eval.
> >
> > Bug: v8:9744
> > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#64372}
>
> TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
>
> Bug: v8:9744
> Change-Id: I0749cc2d8f59940c25841736634a70047116d647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64380}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I621ffe98722f8c4defaf277b8d1666484ba2963f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872400
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64451}
... and make the printing more consistent.
Bug: v8:9518
Change-Id: I6e8b595124974ec7f8e5003624bd33d2b0787ac0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864948
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64450}
The natives blob was deprecated in V8 7.8. This CL removes all related
functionality, including:
- Build system support, i.e.: generation of natives_blob.bin and the
v8_extra_library_files gn flag.
- Related scripts (js2c.py, concatenate-files.py).
- Related API functions (SetNativesDataBlob,
InitializeExternalStartupData).
- Natives bootstrapping logic.
- The InternalArray type (previously exposed through natives).
- Other natives-exposed builtins.
- Inlining of these builtins.
- The dedicated 'uncached external one byte string' type.
Step 1 landed in https://crrev.com/c/1824944.
Step 2 landed in https://crrev.com/c/1835536.
Step 3 (this CL) removes these all functionality related to natives
support in V8.
Bug: v8:7624
Change-Id: Ice6c2662781efe8417231805276476d32bc5a625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844771
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64446}
We previously had a DCHECK to protect the assumption that the
continuation to StackPointerGreaterThan must be a branch. This is not
a valid assumption to make, in fact the second callsite of
VisitStackPointerGreaterThan immediately violates it.
Instead, this CL additionally considers non-branch continuations when
getting the effect level.
A slight digression since it was not clear to me how comparison
results were materialized for 'Set' continuations: this happens during
codegen, where CodeGenerator::AssembleInstruction inserts a call to
AssembleArchBoolean if necessary.
Bug: v8:9829,v8:9534
Change-Id: Ib554071b7aa33e0f6b8a0d605219db6b6dc7d5b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871912
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64430}
Disallow reorderings across calls and across caller registers save/restore.
Bug: v8:9775
Change-Id: I8b1037dd127217ed9f4a42d45e0d928380c9241a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862558
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64429}
This reverts commit c48096d442.
Reason for revert: Flaky bot failures (https://bugs.chromium.org/p/v8/issues/detail?id=9744#c9)
Original change's description:
> Reland "[runtime] Remove extension slots from context objects"
>
> This is a reland of c07c02e1c4
>
> Original change's description:
> > [runtime] Remove extension slots from context objects
> >
> > Context objects have an extension slot, which contains further
> > additional data that depends on the type of the context.
> >
> > This CL removes the extension slot from contexts that don't need
> > them, hence reducing memory.
> >
> > The following contexts will still have an extension slot: native,
> > module, await, block and with contexts. See objects/contexts.h for
> > what the slot is used for.
> > The following contexts will not have an extension slot anymore (they
> > were not used before): script, catch and builtin contexts.
> > Eval and function contexts only have the extension slot if they
> > contain a sloppy eval.
> >
> > Bug: v8:9744
> > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#64372}
>
> TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
>
> Bug: v8:9744
> Change-Id: I0749cc2d8f59940c25841736634a70047116d647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64380}
TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9744
Change-Id: Ia58067b41f1eb5880a52b36ead754d7190ff7f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871922
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64424}
This is a reland of ad9bd3a0cc
Reland reason: Probably not the cause of the TSAN failures
Original change's description:
> [ptr-compr][CSA] Enable the DecompressionOptimizer phase in CSA
>
> Also update the MachineGraphVerifier to take into account the
> possibility of the Store receiving a Compressed representation as well.
>
> Bug: v8:7703
> Change-Id: I6d6e28b980151af6296000cfe6f67a3a037b029c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859627
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64410}
TBR=tebbi@chromium.org, jgruber@chromium.org
Bug: v8:7703
Change-Id: Ic8181d0288a8504e611437601f6b34e472fcac47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871919
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64420}
Also update the MachineGraphVerifier to take into account the
possibility of the Store receiving a Compressed representation as well.
Bug: v8:7703
Change-Id: I6d6e28b980151af6296000cfe6f67a3a037b029c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859627
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64410}
TurboFan can normally inline an arrow function closure callback like:
[1, 2, 3].map(x => x * x);
The serializer has information to support this in the form of
FunctionBlueprint Hints, though it's not exploiting them. This CL
remedies that.
Bug: v8:7790
Change-Id: I8fc10f04ffc9bd2ea03cd761e8a5a41258000c76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863939
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64409}
This is a reland of c07c02e1c4
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I0749cc2d8f59940c25841736634a70047116d647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64380}
In inlining heuristics, we used to warn about a missing bytecode array
when the actual reason for not inlining the function might have been a
different one (and was printed earlier already).
Bug: v8:7790
Change-Id: I3a44fd793d9b1edc80cd215a8110aa47eee731d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863934
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64378}
This reverts commit c07c02e1c4.
Reason for revert: MSAN failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/29251
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com
Change-Id: I98dee04ab4d3ae977053982ec884b738d2f6f623
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868611
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64373}
Context objects have an extension slot, which contains further
additional data that depends on the type of the context.
This CL removes the extension slot from contexts that don't need
them, hence reducing memory.
The following contexts will still have an extension slot: native,
module, await, block and with contexts. See objects/contexts.h for
what the slot is used for.
The following contexts will not have an extension slot anymore (they
were not used before): script, catch and builtin contexts.
Eval and function contexts only have the extension slot if they
contain a sloppy eval.
Bug: v8:9744
Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
Commit-Queue: Victor Gomes <victorgomes@google.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64372}
In the non-avx case, we are incorrectly using DefineSameAsFirst, which
is wrong, since operand0 is a 32-bit register, but the output should be
a simd register. This error was caught by running the test with flag:
--no-enable-avx, leading to a register allocator verifier failure.
Drive by cleanup to remove duplicate cases for avx and see in i64x2 replace
lane.
Bug: v8:9728
Change-Id: I96490c82e13660fc41e72ac523e5be37b051b624
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866963
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64363}
This is a reland of c7c47c68f2.
This makes TSAN happy in addition to:
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Tbr: ulan@chromium.org, neis@chromium.org, ishell@chromium.org
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: I4d0ab4cbbb23a9ae616407f17ef8f35a0b68ddb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864654
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64360}
The DecompressionOptimizer aims to avoid adding the root in AnyTagged
or TaggedPointer loads. For the TaggedSigned case, we already solve it
in instruction selection.
The new phase will run only when pointer compression is enabled. For
the moment, it's also requires FLAG_turbo_decompression_elimination to
be false. This latter flag is only temporary to test out the
implementation.
The phase needs to be run when Machine are present in the graph, i.e
at the very end of the pipeline. Also, since this phase may change
the load's MachineRepresentation from Tagged to Compressed, it's best
to run it as late as possible in order to keep the phases that know
about Compressed MachineRepresentation to a minimum.
As an example, if we Load a Tagged value only to Store it back again
(i.e Load -> Store nodes, with the Load being the Store's value) we
don't need to fully decompress it since the Store will ignore the
top bits.
Bug: v8:7703
Change-Id: I6b4aec203ab8cbb540b2513cabb1e2a5691ce938
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859615
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64358}
The calling conventions on AIX uses function descriptors,
which means that pointers to functions do not point to code,
but instead point to metadata about them. When calling JITed code,
we must assure to use function descriptors instead of raw pointers when
needed. Before this CL 213504b, all CallCFunction on AIX were guaranteed to have
function descriptors. Starting form the CL mentioned above, CallCFunction can also
Jump to a Trampoline which does not have a function descriptor, hence a new
"CallCFunctionWithoutFunctionDescriptor" method is proposed to deal with this issue.
BUG= v8:9766
Change-Id: I9343c31c812f5d4dda8503a5adf024b24dbde072
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825961
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64357}
The serializer doesn't correctly propagate environment information
from try blocks into their catch handlers, and this impedes
optimizations that fire when we compile concurrently.
function bar(x) {
try {
boom(); // throws
} catch(_) {
return x.a;
}
}
function foo() { return bar({a: 42}); }
When foo is optimized, we can normally return the constant 42
directly. This CL makes that work for concurrent inlining.
Bug: v8:7790
Change-Id: Id1c5fd06d51ec6fe69ab10fbd65afd6fa7e76820
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863193
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64352}
LoadReverseSimd128 and StoreReverseSimd128 are implemented
to support the above instruction selection.
Change-Id: I5dcb30ce68b3478c69668b7589e77a52e77d9388
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846460
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64350}
This introduces 2 new machine operators that are variants of I64x2Splat
and I64x2ReplaceLane that takes two int32 operands instead of one i64
operand.
Bug: v8:9728
Change-Id: I6675f991e6c56821c84d183dacfda96961c1a708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1841242
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64337}
This extends existing table support to be able to store 'exnref' in
addition to 'anyref' types. Tools can use this to maintain data
structures for exception packages.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-anyref
BUG=v8:8091
Change-Id: Iccbcfdc328db81a366921bcdd98c2256f66e7fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781046
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64323}
Updates CSA::TryToIntptr to handle array indices that are less than
INT_MAX which allows to handle string keys in the ICs.
Updates ICs to go monomorphic for string keys that are array indices.
Updates Turbofan to handle array indices when lowering element access.
Change-Id: Ibdde20130e075d0d645ab4a8266a968335eaad84
Bug: v8:9449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813018
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64320}
for "entries", i.e. indices into the backing store (as opposed to
"public indices" going into the hash function).
This improves consistency and compiler-enforced type safety; no change
in behavior is intended.
Change-Id: I25e57e3ddcf18a406e2dfbd66786b6980c4e9615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852768
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64317}
This reverts commit c7c47c68f2.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0d
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
This is a reland of f05bae1e0d
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64314}
This reverts commit f05bae1e0d.
Reason for revert: broke arm sim debug
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/17714https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8899519852984476944/+/steps/Check_-_trusted/0/logs/FunctionDetailsInlining/0
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: Ie7b4086c3a9ab2627ecac599da36b20cf8d1f948
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863200
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64299}
Remove the native context slot from contexts by making context maps
native-context-specific. Now we require 2 loads to go from a context to the
native context, but we have 1 field fewer to store when creating contexts.
Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64296}
This replaces all left-over uses of {WasmGraphBuilder::Buffer} with
proper alternatives (e.g. using {base::SmallVector} instead).
R=clemensb@chromium.org
Change-Id: I2607ce7e2638a1bb35daccbb5b38382d5b62a430
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859626
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64285}
The macros will use AVX variants when available.
Bug: v8:9561
Change-Id: I06872a08184983adc8018ffdf03916feac02016f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1857422
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64280}
This switches the {WasmGraphBuilder} to use {SmallVector} for passing
argument and return values. It deprecates {WasmGraphBuilder::Buffer},
which is a dangerous construct as it makes it easy to accidentally use
the single buffer for two vectors at the same time. This also removes
the by now unused {WasmGraphBuilder::Realloc} method.
R=clemensb@chromium.org
Change-Id: I6bd9be437a99c23bb403a046a75c148ac4a14451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859619
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64277}
This switches the {WasmGraphBuilder::GetExceptionValues} to use a proper
vector instead of the deprecated {Buffer} method. This also addresses a
TODO about missing landing pads for the above affected method.
R=clemensb@chromium.org
Change-Id: I33ba7d712a00f2a284ec159a501bcd90e02a3a51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859620
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64276}
With exception handling enabled new call paths open up, which will
perform environment merging while a "call" or "call_indirect" is
currently being emitted. This will lead to double-use of the buffer
returned by calls to {Buffer} or {Realloc}. In general we should
transition away from this optimization to safer constructs such as
{base::SmallVector} to avoid such bugs.
R=clemensb@chromium.org
TEST=mjsunit/regress/regress-9832
BUG=v8:9832
Change-Id: I4c862ac1bc7dc34ad62279c82f6414153e8cbddb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856006
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64271}
This requires a change to instruction selector to UseUnique so that it
does not shadow the temporary register.
Bug: v8:9810
Change-Id: Iaceadbc39f0c51a92c2a73c4b1097d49a7397876
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1850614
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64259}
Design doc:
https://docs.google.com/document/d/1ZU6rCvF2YHBGMLujWqqaxlPsjFfjKDE9C3-EugfdlAE/edit
Changes from the design doc:
- Changed to use 'class' declarations rather than 'type' declarations
for things that need instance types but whose layout is not known to
Torque. These declarations end with a semicolon rather than having a
full set of methods and fields surrounded by {}. If the class's name
should not be treated as a class name in generated output (because
it's actually a template, or doesn't exist at all), we use the
standard 'generates' clause to declare the most appropriate C++ class.
- Removed @instanceTypeName.
- @highestInstanceType became @highestInstanceTypeWithinParentClassRange
to indicate a semantic change: it no longer denotes the highest
instance type globally, but only within the range of values for its
immediate parent class. This lets us use it for Oddball, which is
expected to be the highest primitive type.
- Added new abstract classes JSCustomElementsObject and JSSpecialObject
to help with some range checks.
- Added @lowestInstanceTypeWithinParentClassRange so we can move the new
classes JSCustomElementsObject and JSSpecialObject to the beginning of
the JSObject range. This seems like the least-brittle way to establish
ranges that also include JSProxy (and these ranges are verified with
static assertions in instance-type.h).
- Renamed @instanceTypeValue to @apiExposedInstanceTypeValue.
- Renamed @instanceTypeFlags to @reserveBitsInInstanceType.
This change introduces the new annotations and adds the ability for
Torque to assign instance types that satisfy those annotations. Torque
now emits two new macros:
- TORQUE_ASSIGNED_INSTANCE_TYPES, which is used to define the
InstanceType enumeration
- TORQUE_ASSIGNED_INSTANCE_TYPE_LIST, which replaces the non-String
parts of INSTANCE_TYPE_LIST
The design document mentions a couple of other macro lists that could
easily be replaced, but I'd like to defer those to a subsequent checkin
because this one is already pretty large.
Bug: v8:7793
Change-Id: Ie71d93a9d5b610e62be0ffa3bb36180c3357a6e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757094
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64258}
