Partial implementation of v128.const, only the optimized case for all 0s
and all 1s. The other cases bailout to TurboFan for now, and will be
added in subsequent patches.
Bug: v8:9909
Change-Id: I3240c1c5f4259c45d51edca00fec37047bc1b3a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284212
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68772}
This reverts commit bebb2bdc06.
Reason for revert: Breaks GarbageCollectionWithLocalHeap test.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/31107
Original change's description:
> [heap] Allow LocalHeap on the main thread
>
> This changes the safepoint scope to skip LocalHeap that is active
> for the current thread to avoid deadlocking.
>
> Bug: v8:10315
> Change-Id: I45e80ae66d0dbbe768107aa9cf0603204c644d9f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289983
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68769}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: Ifba8218f9104afed3f2d92258296067f8f424062
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290573
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68770}
This changes the safepoint scope to skip LocalHeap that is active
for the current thread to avoid deadlocking.
Bug: v8:10315
Change-Id: I45e80ae66d0dbbe768107aa9cf0603204c644d9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289983
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68769}
When local heap is parked it is not allowed to dereference any handles.
A GC might be relocating objects at that point.
Change-Id: I557682d47f8f0acfe041506833f6b397feb4438b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289981
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68768}
Motivation: With rtt.sub now allowed in constant expressions, we have
to generalize WasmInitExpr to be able to handle expressions with
operands. This is the second CL that prepares the ground for this
change.
Changes:
- Remove the error from read-value-type when reading a generic rtt.
- Add validation for HeapTypeImmediate in ModuleDecoder. Use it to
validate null constants immediates, which was missing. Add tests.
- Change ValueType::name to print rtt depths as integers.
- Move global initializer building in wasm-module-builder to its own
function.
Bug: v8:7748
Change-Id: Ic041e1c7d032f2a1063a21fec1bfe96cb0d8120e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284983
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68767}
MemMove makes an indirect call to memmove_function which is
overwritten in init_memcopy_functions to an address not
permitted by CFI to be called indirectly.
This CL disables CFI_ICALL for this function.
BUG=chromium:584575
Change-Id: I372f0c13a1900bf3c48484db9ba7ff4a3b3fc7e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289010
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68766}
With this change, if we pass --trace-turbo-stack-accesses, output will
be something like:
=== Stack access counters ===
Number of functions: xx
Name: wasm-function#1, Loads: xx, Stores: xx
...
Total Loads: xx, Total Stores: xx
This only applies to optimized/wasm functions.
Bug: v8:10663
Change-Id: I0b08e3fa321b76dc53942c8fbffd14759978c7b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2283913
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68765}
This reverts commit 273f4e42e3.
Reason for revert: Based on another need that needs to be reverted because of TSAN failures.
Original change's description:
> [heap] Avoid ParkedMutexGuard during allocation
>
> Since main thread allocation does not start incremental marking anymore
> while holding allocation_mutex_, background allocation does not need
> ParkedMutexGuard anymore to avoid deadlocks.
>
> This also means background thread allocation isn't paused anymore to
> perform a GC, which already resulted in subtle bugs (e.g. in
> ExpandBackground with incremental marking). We also do not
> stop-the-world anymore while holding allocation_mutex_.
>
> Bug: v8:10315
> Change-Id: Iadf00bc26434c765722b82a10497ab06151f15cc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289771
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68754}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: I3a16c13626c891e8063564fc05fd2d3fc427d159
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289975
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68761}
A Wasm module's start function might be imported from JavaScript, and
as such might contain calls to Blink. For such a case, we must make
sure that an "incumbent context" is available.
See microtask queue handling for a similar example.
Bug: chromium:1096558
Change-Id: I2e3c0fc20d4e3581e490822c3ac63ce2c5e1e990
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284982
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68760}
Motivation: With rtt.sub now allowed in constant expressions, we have
to generalize WasmInitExpr to be able to handle expressions with
operands. This CL prepares the ground for this change and adds no
functionality.
Changes:
- ValueType::heap_representation and HeapType::representation now
return HeapType::Representation.
- Add ValueType::is_rtt().
- WasmInitExpr:
- Make kind private. Rename val -> operator, make it private. Add
accessors.
- Rename kGlobalIndex -> kGlobalGet.
- Squash global_index and function_index into index.
- Add heap_type Immediate. Use it for RefNullConst. TypeOf in
module-decoder.cc can now fully determine the type of a
WasmInitExpr.
- Add class constructors/static method constructors for each Operator
kind.
- Delete copy constructor. WasmInitExpr will use std::unique_ptr for
its operands.
- consume_init_expr now uses a stack.
- A few minor improvements.
Bug: v8:7748
Change-Id: I3ba3ee7ac2d6bc58e887790c37110ceb80658985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284483
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68759}
In previous change https://crrev.com/c/2274308 , I attempted to fix an
issue where FindOptimalSpillingPos could sometimes fail to find the
LiveRange that covers the top of the loop. However, I misunderstood how
TopLevelLiveRange::GetChildCovers behaves, so I introduced a different
case where FindOptimalSpillingPos would fail to find the right
LiveRange. This change updates GetChildCovers to do what I had thought
it would do, so it can find the right LiveRange in all cases.
chromium:1102243
Bug: chromium:1101958, chromium:1101954, chromium:1102257,
Change-Id: If91c642c3f7f5e3a8b4cfaa3b3577865c84afcb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288660
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#68758}
After native-context-independent codegen, verify that the resulting
Code object does not embed any nc-dependent objects, and that no code
dependencies have been created.
Bug: v8:8888
Change-Id: I894e74b27e86e7727ff17aa0dbfdd908373a5e55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284498
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68757}
By introducing a globally known map for each generic type.
These maps are never used to allocate objects, they only
serve as sentinels for generic heap types.
Bug: v8:7748
Change-Id: I950a8c712dc1510759a833fe9122b9e9a6222dc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288860
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68755}
Since main thread allocation does not start incremental marking anymore
while holding allocation_mutex_, background allocation does not need
ParkedMutexGuard anymore to avoid deadlocks.
This also means background thread allocation isn't paused anymore to
perform a GC, which already resulted in subtle bugs (e.g. in
ExpandBackground with incremental marking). We also do not
stop-the-world anymore while holding allocation_mutex_.
Bug: v8:10315
Change-Id: Iadf00bc26434c765722b82a10497ab06151f15cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289771
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68754}
The tool is no longer supported since we migrated to Turbofan.
Change-Id: I55b911f47867b2a6985ce14f973cd837f71ec4b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288859
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68753}
For 64-bit binary operations, Liftoff on arm made the assumption that
register pairs are always ordered, i.e. the register code for the low
word is lower than the register code for the high word.
Ensuring this was only implemented in {GetUnusedRegister} in
https://crrev.com/c/2168875. Other cases were missing though, e.g.
return values, but also different places were we
construct register pairs internally.
Thus, this CL removes this constraint again and instead handles
unordered register pairs in 64-bit binary operations on arm.
R=thibaudm@chromium.org
Bug: chromium:1101304
Change-Id: I4cd9fb1577f82ab06d34c9dde6533cf04a2cade7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287870
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68752}
This rounds up all SIMD instructions as included in the proposal as of
9f1295a494.
Bug: v8:10180
Change-Id: Icd4cb0aeddede6a611de6f8f3916dc036977c499
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2285789
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68746}
And removed the ifdef guards around instruction-selector and
tests since v128.const is now implemented for x86, x64, arm, arm64.
Bug: v8:8460
Change-Id: I0ed8aede0a07db2fd286bf0c3385eba1079558f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2285149
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68745}
The second argument of FromParameterIndex should be the parameter count, including the receiver.
Previously it worked by chance, because the code was trying to access the receiver but did not include it in the parameter count, accessing the first argument. This does not work anymore when the arguments are reversed (V8_REVERSE_JSARGS).
Change-Id: I8ca9054a99d074c130f9a9b444e7b8a379840991
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282531
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68742}
--trace-wasm-decoder should not imply --single-threaded, as
--single-threaded implies --no-liftoff. Hence we cannot trace the
decoder in Liftoff mode.
R=thibaudm@chromium.org
Change-Id: I3e4f0ea119288ef88c4b00dd2f2a11244b77c204
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287492
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68741}
Instead of having one decoder method per opcode, make all load and store
opcodes use the same method, and load the necessary information from a
static array.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I27daf52b9cb0af6a288a5642913c132e20f0eabd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287489
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68740}
This CL attempts to hide panels from the user view until
data upload event to help users read instructions more easily.
Screenshots: https://imgur.com/a/qFgIKI8
Bug: v8:10665
Change-Id: Ida666aa850b80cff3f428e1789cc92592ec79a6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2278474
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#68738}
Due to an optimization in how resumable functions are compiled, we can
actually see another Oddball type as StrictEquality inputs. I'm giving
up on getting the DCHECK right and removing it entirely.
Bug: chromium:1102683
Change-Id: Ia210777c66641e898e96900713710a51ebed311d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287494
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68735}
Goal is to include coverage of builtin functions into coverage
bitmap send to Fuzzilli fuzzer. In order to do this, after each
REPRL loop, coverage data of bitmaps are retrieved from JS heap
and stored into coverage bitmap. Additionally, there is an option,
to print out statistics about how many of edges from builtin
functions were turned on by the program inputted into REPRL loop.
This commit introduces two flags:
--no-fuzzilli-enable-builtins-coverage - when enable-builtins-coverage
turned of, builtins coverage will not be exported to fuzzilli
--fuzzilli-coverage-statistics - when turned on, d8 prints
statistics into covlog.txt file after each loop
Change-Id: I8f9cf8dc693b952467b108c6d6bc00134125bc5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2263154
Commit-Queue: Peter Ralbovsky <ralbovsky@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68733}
Instead of having one method with a big switch, and specializing that
method for each single opcode, we now have one proper method per opcode.
This makes the code way more readable, and also reduces the compile time
of liftoff-compiler.cc significantly.
Unfortunately, we cannot use template specializations for this, since
GCC does not support specializing the methods within an unspecialized
templated class.
Hence, we need to have another dispatch per opcode when generating the
opcode handler table. I left a comment explaining why we do it this way.
The upside of this is that we get nicer method names.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I8c7026177490893711c999217eeb1e4f2fbb5e36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282533
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68732}
Native context independent code generation should, at the moment, not
use any collected feedback.
We implement this by returning InsufficientFeedback from the heap
broker's ReadFeedbackForX methods if currently compiling nci code.
Thus all feedback.IsInsufficient() calls inside the compiler will
return true (disabling feedback-based optimizations).
FeedbackSource::IsValid() (used in generic lowering) can still return
true.
Bug: v8:8888
Change-Id: I198b6457276073e7376c777b206c50726f1b3645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284494
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68726}
We used to expose raw WasmGC objects via the JS interface and made
use of that in our cctests. Since those objects would cause crashes
when used in JavaScript, this patch prevents such interactions, and
migrates the tests to use the C-Wasm interface instead.
Bug: v8:7748
Change-Id: I76a10663cda43c940c8c22c57c14922be9b05134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284497
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68725}
