This is part of an effort to improve the performance of TA#subarray.
Bug: v8:7161
Change-Id: Iffd469ca6528710c28cc454604a725ca9748359d
Reviewed-on: https://chromium-review.googlesource.com/c/1435768
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59105}
An enum-typed value should never have a value outside of that enum's
range.
This patch enforces that in Debug mode, while in Release mode keeping
the previous behavior of returning "UnknownOpcode" as the mnemonic for
illegal IrOpcode values to ease debugging.
Bug: v8:3770
Change-Id: I83a5a356f1fb7a266921940a4495f1d39a1823cd
Reviewed-on: https://chromium-review.googlesource.com/c/1436221
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59102}
Not even when copying 0 bytes. Same for memmove and memcmp.
Bug: v8:3770
Change-Id: I3ed45a4572467ec7a9fc697ac28c004aa9b8b274
Reviewed-on: https://chromium-review.googlesource.com/c/1436217
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59101}
The Memory<T>(address) helper requires the address to be aligned. Since
values embedded into ia32/x64 code can in general be unaligned, we must
use ReadUnalignedValue/WriteUnalignedValue to manipulate them.
Bug: v8:3770
Change-Id: I12c3fc6aa09062dcc9188b6782ed4a35e1d684bd
Reviewed-on: https://chromium-review.googlesource.com/c/1436223
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59100}
Anyref parameters can exist across GC runs. Therefore the GC has to
know where anyref parameters are on the stack so that it can mark them
in its marking phase, and update them in the compaction phase.
Already in a previous CL we grouped all anyref parameters so that they
can be found more easily in a stack frame, see
https://crrev.com/c/1371827. In this CL we implement the stack scanning
itself.
Note that anyref parameters are not scanned while iterating over the
caller's frame (to which they actually belong), but while iterating
over the callee's frame. The reason is that with tail-calls, only the
callee knows how many tagged stack parameters (aka anyref parameters)
there are.
R=mstarzinger@chromium.orgalso-by=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I7a41ce11d06c0d420146fdb0bb8d5606f28824d7
Reviewed-on: https://chromium-review.googlesource.com/c/1424955
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59099}
This CL changes Array#sort to use the generic path for fast elements
kinds if --force-slow-path is present. Note that the IsFastJSArray macro
includes this check but not the Cast itself.
R=jgruber@chromium.org
Bug: v8:8215
Change-Id: I1135ab9db15effd86020f49f4ae23ba1e1da07f8
Reviewed-on: https://chromium-review.googlesource.com/c/1435940
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59097}
This fixes a corner case with the matching for a {UBFX} instruction.
According to the ISA reference "UBFX Rd, Rn, #lsb, #width" is only valid
for "#width" in the [1;32-#lsb] range. Specifically a "#width" of 0 is
invalid but was not checked against by the instruction selector.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-924905
BUG=chromium:924905
Change-Id: I470671282b215be62dfd147a619a0d317f7cc746
Reviewed-on: https://chromium-review.googlesource.com/c/1435939
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59096}
Inferring the language mode involves iterating the stack to find the
closure. This is an expensive operation and should be done only when
required. This cl changes the implementation to infer the language
mode only when we can't defer it any further. Currently, we infer the
language mode when throwing an exception or when passing this
information to PropertyCallbackArguments.
This cl also changes the language mode parameter to SetProperty
related methods to Maybe<ShouldThrow>. We only use the language mode to
decide if we need to throw and using ShouldThrow instead of language
mode simplifies the code by avoiding conversions from Maybe<ShouldThrow>
to Maybe<LanguageMode> and vice-versa.
Bug: v8:8580, chromium:923820, chromium:925289
Change-Id: I72497497f62fe0d86fcecd57b06b3183b7531f7b
Reviewed-on: https://chromium-review.googlesource.com/c/1425912
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59094}
The compilation state should have no notion of Isolates. Move code
logging and management of the corresponding foreground task to the
WasmEngine.
R=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: Ib690317139d0754731b9f0e71d06e7a722082eed
Reviewed-on: https://chromium-review.googlesource.com/c/1434035
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59093}
The WasmCodeManager held a list of all Isolates that use the
WasmEngine/WasmCodeManager (those two are 1:1).
Since we want to move all isolate-specific tasks (like code logging and
compilation callbacks) to the WasmEngine, this CL moves this management
from the WasmCodeManager to the WasmEngine. We now have a bidirectional
mapping from NativeModules to the Isolates that use them, and from an
Isolate to all the NativeModules it uses (n:n).
The IsolateData struct will be extended in follow-up CLs to hold things
like the ForegroundTaskRunner. The Isolate* in the NativeModule /
CompilationState will eventually be removed.
R=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: Ic2c003c3949f73ce3264dd9dac96884a5c0b9896
Reviewed-on: https://chromium-review.googlesource.com/c/1433793
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59092}
Rearrange things such that when creating the environment we have
access to the subject of compilation (either a full JSFunction or
just a FunctionBlueprint).
Bug: v8:7790
Change-Id: I03cc4701eb8bc1ed44c8381f4ab82da5f9b840b8
Reviewed-on: https://chromium-review.googlesource.com/c/1434374
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59091}
This is a reland of c5154eeada
Now, the CL no longer enables ASAN for Torque, since this seems
to be another Clang issue that's not fixed yet.
Original change's description:
> [build][torque] remove workarounds for clang bug
>
> Now that https://bugs.llvm.org/show_bug.cgi?id=40118 has been fixed and
> rolled into V8, we can remove the workarounds for this Clang bug.
>
> This also effectively reverts
> https://chromium-review.googlesource.com/c/v8/v8/+/1280222
>
> Bug: chromium:893437
> Change-Id: Ia0d6d8ebdafafbc380b1b7a7809ef16effe50d71
> Reviewed-on: https://chromium-review.googlesource.com/c/1425519
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58987}
Bug: chromium:893437
TBR: jarin@chromium.org
Change-Id: Ib9ac101702d12e5bf28891cbe6b5b16bd9d5e402
Reviewed-on: https://chromium-review.googlesource.com/c/1433787
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59090}
SetProperty now infers the language mode from the closure and the context
So we no longer have to pass around the language mode. Cleanup by
removing the parameter where it is no longer needed.
Bug: v8:8580
Change-Id: I89452b5a762eb48a911f158d22c7bfa9e3bb1be4
Reviewed-on: https://chromium-review.googlesource.com/c/1421840
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59089}
Declare Variables with a name and position, rather than by passing
through a VariableProxy. This allows us to not create dummy proxies
for things like function declarations, and allows us to consider those
declarations unused.
As a side-effect, we also have to check if a variable is unused in the
bytecode generator (as it will no longer be allocated), and we end up
skip generating code/SFIs for dead variables/functions.
Change-Id: I4c2c872473f23e124f9456b4b92f87159658f8e0
Reviewed-on: https://chromium-review.googlesource.com/c/1414916
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59088}
V8 has no path in calling this API and thus there is no way for the
embedder to get notified about this event.
Bug: chromium:843903
Change-Id: I938675aed9191a292f21bae0fed0e3ea8acaf936
Reviewed-on: https://chromium-review.googlesource.com/c/1434377
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59087}
Change-Id: Id9a893e9ca87053bb8e010730a9c3e7061bca6a5
Reviewed-on: https://chromium-review.googlesource.com/c/1435934
Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59086}
Remove hc from -u- if does not agree with the resolved one.
Bug: v8:7482
Change-Id: I635c5357b8fd2b630ed80577a9b6a116e9a0e3f4
Reviewed-on: https://chromium-review.googlesource.com/c/1417170
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59084}
Both PropertyCallbackInfo<T> and WeakCallbackInfo<T> callbacks are
using a design that relies on invalid reinterpret_casts and thereby
undefined behavior. Since they are exposed via the public API, fixing
this is going to be difficult.
Bug: v8:3770,v8:8735
Change-Id: I7171c5b38f070b4a43a0de1ebb7d1a1458c1d91f
Reviewed-on: https://chromium-review.googlesource.com/c/1436222
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59083}
This is a partial reland of 048a3a3ecb
Original change's description:
> [Intl] Cleans up intl-relative-time-format flag
>
> Cleans up always=true intl-relative-time-format flag
> It shipped in m71 in Dec 2018.
>
> Bug: v8:8704
> Change-Id: I52d86aea9aedf201a216a1df0773a486fbee37b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1417299
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58904}
Bug: v8:8704
Change-Id: Iac62a347eea7f85dd3fa4a3bbfb18091b80f9a5e
Reviewed-on: https://chromium-review.googlesource.com/c/1429224
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59081}
This adds the new runtime flag as a variant and runs it on a subset of
builders corresponding to the "extra" testing set.
Currently failing tests are skipped in the new variant.
After https://crrev.com/c/1433777 this costs only little additional
resources.
Bug: v8:8678
Change-Id: Ibd0e38872814d11252e55a7c6a58d313aa84ebe3
Reviewed-on: https://chromium-review.googlesource.com/c/1433774
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59080}
This allows us to do fewer checks on the common path.
Change-Id: I2d1a9239cbf7b637bdbc2a15abaadae225410acf
Reviewed-on: https://chromium-review.googlesource.com/c/1430700
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59078}
This is a reland of 0896599f6f with a fix for
failing layout test.
Original change's description:
> Change SetProperty/SetSuperProperty to infer language mode when possible
>
> In most cases, the language mode can be inferred from the closure and
> the context. Computing the language mode instead of passing it around
> simplifies the ICs and will make it possible to go towards lazily
> allocating feedback vectors. Currently ICs obtain the language mode from
> the feedback vectors and with lazy feedback allocation we may not always
> have feedback vectors. Since computing language mode is a bit expensive
> we want to defer it as far as possible.
>
> In Array builtins and other builtins like Reflect.Set we need to force a
> language mode when setting the properties. To support these cases the
> SetProperty methods allow the language mode to be overridden when needed.
>
> This is a first cl in a series of cls, that will defer the language mode
> computation further and remove language mode where it is not needed.
>
> BUG: v8:8580
> Change-Id: I9c2396e3bcfe77c3c9d6760c46d86954d54744b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1409426
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58893}
TBR: ahaas@chromium.org
Change-Id: Id5d81eae91b55638dbc72168f0e5203e684869fb
Reviewed-on: https://chromium-review.googlesource.com/c/1421077
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59075}
This patch reduces the cost of the predicate that computes whether an
object contains only data or may contain pointers.
This also guards pushing to the copy_list_ with the predicate.
Bug: chromium:852420
Change-Id: I55c4e15eb8341708a21f484fb95b2c2cc2b25143
Reviewed-on: https://chromium-review.googlesource.com/c/1430068
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59074}
This is part of an effort to improve the performance of TA#subarray.
Bug: v8:7161
Change-Id: Id110b4bd30fd8f67b9f8f23268e64de22e471c68
Reviewed-on: https://chromium-review.googlesource.com/c/1432596
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59073}
We already have an implication check that if the ElementsKind
is double, then the elements backing store should be a
FixedDoubleArray. Additionally check that if the ElementsKind is
object or smi, that the backing store is a FixedArray.
R=neis@chromium.org
Bug: v8:8662
Change-Id: Ib01079251fe7e1f1c076d4814ef5d306bb179ef0
Reviewed-on: https://chromium-review.googlesource.com/c/1434234
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59072}
Also introduce a helper for filling the arguments hints vector.
Bug: v8:7790
Change-Id: I89526f3d10bb4fc498a371d48d074254bd860cdc
Reviewed-on: https://chromium-review.googlesource.com/c/1433790
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59070}
If a value dies in deferred code, there is no need to reload it at the
end of the deferred code, as it will be dead in the non-deferred code
that follows in control flow order. In the linearized view of register
allocation, this is encoded as a lifetime gap (or the end of an
interval).
Moreover, this may lead to wrong assignments if the value dies
between two deferred blocks and we leave a non-splintered live
range in the middle of deferred code.
Bug: chromium:915975
Change-Id: Iec68fe86f0dfbbac612635a637f3239475906d14
Reviewed-on: https://chromium-review.googlesource.com/c/1433784
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59068}
This reverts commit 25457c60a7.
Reason for revert: https://crbug.com/v8/8731
Original change's description:
> [testrunner] load tests concurrently into test execution processor
>
> loading every test up-front into the processing queue costs about 224MB for a
> x64 testsuite run.
>
> This CL eliminates that overhead by utilizing generators and threading.
>
> LoadingProc now loads test after receiving the results of the loaded tests.
>
> R=machenbach@chromium.org
> CC=yangguo@chromium.org,sergiyb@chromium.org
>
> Bug: v8:8174
> Change-Id: I8f4e6de38430c54fe126e4504b52851866769efb
> Reviewed-on: https://chromium-review.googlesource.com/c/1420678
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59056}
TBR=machenbach@chromium.org,tmrts@chromium.org
Change-Id: I1e074a031dced367a32a93827b9e863b0331340f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8174
Reviewed-on: https://chromium-review.googlesource.com/c/1433792
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59065}
All users have elements already, and we can just pass that in.
Change-Id: Ie9b8c1290d74bce120461c9f15695e8eb7dfd7c2
Reviewed-on: https://chromium-review.googlesource.com/c/1430072
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59064}
... more precisely, do not mess up the exceptional edges.
Bug: chromium:924151
Change-Id: I3541a1c339c07f509519d4ece6d677dd499f181e
Reviewed-on: https://chromium-review.googlesource.com/c/1429860
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59063}
Previously, trusted (or no-mitigations) has been tested on a subset of builders
from all platforms. This reduces it to arm-sim and native Android devices.
Change-Id: I90066686e6a92db4a944025538e01a117f324421
Reviewed-on: https://chromium-review.googlesource.com/c/1433777
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59062}
After the v8:8689 "Split compilation in three stages" commit landed,
WasmCompilationUnit::result_ was left dangling. In builds that
noticed this (in particular certain jumbo builds), the
-Wunused-private-field warning triggered which broke the build.
Bug: v8:8689
Change-Id: Iafc56b3dc6bb53e2e8417cabce540c2fcfd3431a
Reviewed-on: https://chromium-review.googlesource.com/c/1433780
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59059}
Other platforms besides ARM64 Windows may also have alignment
requirements, e.g. PPC and s390. These requirements may affect
both the code pointer field and the size field, and so they
each need alignment directives because they are stored in
different sections.
Since aligning wastes a handful of bytes at most, not making
alignment conditional on the platform type seems like a good idea.
Refs: https://github.com/nodejs/node/pull/24875
Change-Id: I1f58606af294be65e74a1f107cd05fc21e032704
Reviewed-on: https://chromium-review.googlesource.com/c/1433778
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59058}
This CL implements handling of Call/ConstructWithSpread bytecodes
by passing empty hints for the parameters mapped to the spread argument.
R=neis@chromium.org
Bug: v8:7790
Change-Id: I00f4e87e7bf62c3f387ee92d9aa4d252bdf79838
Reviewed-on: https://chromium-review.googlesource.com/c/1429864
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59057}
