This implements support for i31.get_s and i31.get_u.
Bug: v8:7748
Change-Id: Icbfddbc2ff46b4eb6bf3edf7b3a794f9797361d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595309
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71808}
This adds support for the following instructions:
struct.new_default, rtt.sub, ref.test, ref.cast
Bug: v8:7748
Change-Id: I7423ddd7a83c80cb1e82c620780c27bec59ec762
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593341
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71805}
Concurrent inlining is enabled for TurboProp compiles, but we don't
enable the --concurrent-inlining flag so don't also set the implied
turbo_direct_heap_access flag. This CL fixes this.
BUG=v8:9684
Change-Id: I298febdf7c466385047f420d4c33ca0162778210
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593344
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71804}
This is a reland of b2a611d815
Original change's description:
> [Turboprop] Move dynamic check maps immediate args to deopt exit.
>
> Rather than loading the immediate arguments required by the
> dynamic check maps builtin into registers in the fast-path,
> instead insert them into the instruction stream in the deopt
> exit and have the builtin load them into registers itself.
>
> BUG=v8:10582
>
> Change-Id: I66716570b408501374eed8f5e6432df64c6deb7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589736
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71790}
TBR=tebbi@chromium.org,gsathya@chromium.org
Bug: v8:10582
Change-Id: Ieda0295ee135bff983c67c3f04bb47115f0a2739
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595311
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71803}
There is a race in the way we handle deopts that made this test flaky.
The race is not hugely important to fix, and is difficult without
breaking something else.
The best thing to do here is update the test to reflect reality so we
can get the test coverage back.
This updates the test so that the deopt reason can be found either
on the first or second level function. The test assumed it would
always be available on the second level function in the profile,
but if we get a regular profile tick at the exact wrong time, we
could end up with the deopt info getting attached to the first level
function. So we accept either.
Bug: v8:5193
Change-Id: Ia43880ebafd1341a514b3143dc215514b5dccf15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2594775
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71797}
This adds support for the following instructions:
ref.eq, array.new_with_rtt, array.new_default_with_rtt,
array.get, array.set, array.len.
Bug: v8:7748
Change-Id: I93c4a6676acc8b0ac035dd50762be6a1cc545a57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593340
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71796}
This reverts commit b2a611d815.
Reason for revert: Several failures on https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/3743/overview
Original change's description:
> [Turboprop] Move dynamic check maps immediate args to deopt exit.
>
> Rather than loading the immediate arguments required by the
> dynamic check maps builtin into registers in the fast-path,
> instead insert them into the instruction stream in the deopt
> exit and have the builtin load them into registers itself.
>
> BUG=v8:10582
>
> Change-Id: I66716570b408501374eed8f5e6432df64c6deb7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589736
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71790}
TBR=rmcilroy@chromium.org,gsathya@chromium.org,tebbi@chromium.org
Change-Id: I4c56bee156ffcea8de0aeaff9ac1bf03e03134c9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595308
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71793}
Rather than loading the immediate arguments required by the
dynamic check maps builtin into registers in the fast-path,
instead insert them into the instruction stream in the deopt
exit and have the builtin load them into registers itself.
BUG=v8:10582
Change-Id: I66716570b408501374eed8f5e6432df64c6deb7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589736
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71790}
We were storing the pointer to the WasmModule both as a shared_ptr and
as a raw pointer. Maybe this had historical reasons, but now it's just
redundant.
R=thibaudm@chromium.org
Change-Id: Id72d102b6df804f93e3ab0235eeceef91a6dd8fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593334
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71782}
This moves some fields and methods from the WasmRunner template to the
WasmRunnerBase base class. This avoids repeated compilation for the
different instantiations of the WasmRunner template.
Additional changes:
- SetUpTrapCallback, SetThreadInWasmFlag, and ClearThreadInWasmFlag are
static now.
- CheckUsedExecutionTier is unused, and did not even compile any more.
In the template class this was OK, because it's only compiled on first
use.
R=thibaudm@chromium.org
Change-Id: I485729cf4a1fd93fe6abb0be269694f0179fc4ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593331
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71781}
Implement the HostGetSupportedImportAssertions, whose purpose
is to filter the list of import assertions exposed to the embedder to
only those assertion with keys that the embedder recognizes. See
https://tc39.es/proposal-import-assertions/#sec-hostgetsupportedimportassertions.
This change doesn't actually implement it as a callback, but instead
passes the supported assertions during creation of the Isolate via
CreateParams. This expresses clearly the requirement that the supported
assertions must never change for the lifetime of the Isolate.
Note that we still need to maintain all assertions in a map
while parsing the import assertions clause, because duplicate keys for
an unsupported assertion still needs to be detected as a parse error. So,
the filtering is done later during
SourceTextModuleDescriptor::AstModuleRequest::Serialize.
The actual filtering algorithm simply iterates the assertions and the
supported assertion keys in a nested loop. There's currently only one
assertion in use ("type"), so there should be no reason to get too
clever here unless at least several more assertions are generally
supported.
Bug: v8:10958
Change-Id: I9a2d965e9d452718d0ddfe9dca55b7b4ed963019
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2572173
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71776}
This adds support for the following instructions:
br_on_null, ref.as_non_null, br_on_cast, i31.new
Bug: v8:7748
Change-Id: I210b8979327ea0031f89748b71b51abbac10bb8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2590041
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71773}
NewSpace::Grow shouldn't be invoked when the maximum semi space size
was already reached.
Bug: v8:11199
Change-Id: I78ba71b7a043f0a515be188f2023e301d6bc6eed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584864
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71769}
This is a reland of bee5992a6d.
Fixes a TSan race report by replacing a FlagScope in tests with
direct assignment to the flag in question.
Original change's description:
> [wasm-gc] Initial Liftoff support
>
> This CL implements Liftoff support for struct.get/set,
> struct.new_with_rtt, rtt.canon, and ref.is_null, which
> is enough to make the first testcase pass.
>
> Bug: v8:7748
> Change-Id: Id09e9872d2126127192c852b3cb6d57ff9417582
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584951
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71744}
Bug: v8:7748
Change-Id: I17de6803c23a88209102385010dfdf9b88e25ace
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593254
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71762}
Since the compile job can always be reused after creation (even if it
runs out of work), we do not need the logic to (re-)initialize it. In
fact, it will always only be initialized once already.
This allows us to initialize it once during construction of the
compilation state (or right after the initialization), and then access
it without locks later.
In addition, this CL
1) renames "current_compile_job_" to "compile_job_", since there will
always only be one now;
2) removes the {ScheduleCompileJobForNewUnits} method, and just does a
{compile_job_->NotifyConcurrencyIncrease()} instead;
3) removes the {has_priority_} field and just directly does a
{compile_job_->UpdatePriority} call.
The streaming test platform needed to be fixed to avoid calling {Join}
on the job handle, which would invalidate the handle afterwards.
Instead, we just run all tasks as long as there are any.
R=thibaudm@chromium.orgCC=etiennep@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I7094231e86d5f54cfca5e971b96fd81e994c874a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584946
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71757}
Codegen is identical to x64.
Tweaked a macro definition to do a dst == src1 check when AVX is not
supported, and updated a single caller in LiftOff.
Bug: v8:11086
Change-Id: Ic9645f3d1bf1c26a1aa6db6bc2fa67fc991f8bbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2579928
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71756}
Code like:
x = wasm_v32x4_shuffle(x, x, 1, 2, 3, 0);
is currently matched by S8x16Concat, which lowers to two instructions:
movapd xmm_dst, xmm_src
palignr xmm_dst, xmm_src, 0x4
There is a special case after a S8x16Concat is matched:.
- is_swizzle, the inputs are the same
- it is a 32x4 shuffle (offset % 4 == 0)
Which can have a better codegen:
- (dst == src) shufps dst, src, 0b00111001
- (dst != src) pshufd dst, src, 0b00111001
Add a new simd shuffle matcher which will match 32x4 rotate, and
construct the appropriate indices referring to the 32x4 elements.
pshufd for the given example. However, this matching happens after
S8x16Concat, so we get the palignr first. We could move the pattern
matching cases around, but it will lead to some cases where
where it would have matched a S8x16Concat, but now matches a
S32x4shuffle instead, leading to worse codegen.
Note: we also pattern match on 32x4Swizzle, which correctly generates
Change-Id: Ie3aca53bbc06826be2cf49632de4c24ec73d0a9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589062
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71754}
pextrq + movq crosses register files twice, which is not efficient.
Optimize this by:
- checking if lane 0, do nothing if dst == src (macro-assembler helper)
- use vmovhlps on AVX, with src as the operands to avoid false
dependency on dst
- use movhlps otherwise, this is shorter than shufpd, and faster on
older system
Change-Id: I3486d87224c048b3229c2f92359b8b8e6d5fd025
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589056
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71751}
This is the same as the original implementation in https://crrev.com/c/2567534
which was speculatively reverted due to flaky tests. Since then, there have
been some changes to fix those tests, so trying to get this in again.
Bug: v8:11002
Change-Id: I5bd0f63d3aec4cf6db403b35737f8b695b0f4e37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2589063
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71746}
This CL implements Liftoff support for struct.get/set,
struct.new_with_rtt, rtt.canon, and ref.is_null, which
is enough to make the first testcase pass.
Bug: v8:7748
Change-Id: Id09e9872d2126127192c852b3cb6d57ff9417582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584951
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71744}
The original implementation of matching was a RegExp on the source
which wasn't able to reliably distinguish between comments inside
of string literals and actual comments. For that reason, it had
a special rule to disallow quotes to remove false positives.
Original comment:
> Also, ['"] are excluded from allowed URLs to avoid matches
> against sources that invoke evals with sourceURL.
After the code was moved into the scanner, that shouldn't be an
issue anymore - the scanner knows that this is a real comment and
isn't part of a string literal.
Allowing quotes enables a slightly smaller encoding of source maps,
specifically in the case where there are no sourceContents:
Non-base64 source maps can get away with effectively no encoding
overhead (they typically don't contain whitespace).
Change-Id: Iffa5df28d80656fa56e603e7c0e57aa1f44d0014
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2576801
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Jan Krems <jankrems@google.com>
Commit-Queue: Jan Krems <jankrems@google.com>
Cr-Commit-Position: refs/heads/master@{#71742}
I think this was likely fixed by one of the other bugfixes in the
meantime. It doesn't flake with 50k runs locally.
Fixed: v8:2008
Change-Id: I9e6f1e7f75cf20c52d49937d980aafacaa23b401
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584945
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71715}
Add a method that returns the microtask queue that is being used
by the `v8::Context`.
This is helpful in non-monolithic embedders like Node.js, which
accept Contexts created by its own embedders like Electron, or
for native Node.js addons. In particular, it enables:
1. Making sure that “nested” `Context`s use the correct microtask
queue, i.e. the one from the outer Context.
2. Enqueueing microtasks into the correct microtask queue.
Previously, these things only worked when the microtask queue for
a given Context was the Isolate’s default queue.
As an alternative, I considered adding a way to make new `Context`s
inherit the queue from the `Context` that was entered at the time
of their creation, but that seemed a bit more “magic”, less flexible,
and didn’t take care of concern 2 listed above.
Change-Id: I15ed796df90f23c97a545a8e1b30a3bf4a5c4320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2579914
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71710}
Implementation is almost identical to x64, except that in the
instruction-selector, for AVX, we allow the second operand to
be a slot, and so we use InputOperand in the codegen.
Bug: v8:11008
Change-Id: I5b5ea4b5058dc0bf5ff1c24a67f9b787c5312106
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2576887
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71705}
So far we reported the script ID, but DevTools ignores that and uses the
source url instead. That url was just set to "wasm ", which the frontend
couldn't make any sense of.
This CL fixes this by passing the source URL to the code create event,
and also setting the position of the code inside the script (i.e.
wasm module).
R=thibaudm@chromium.org, petermarshall@chromium.org
Bug: chromium:1125986
Change-Id: Ic41dcd2768c60fd6748468d3a89fc4ffccb35932
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2581543
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71695}
Add new macro-assembler instructions that can handle both AVX and SSE.
In the SSE case it checks that dst == src1. (This is different from that
the AvxHelper does, which passes dst as the first operand to AVX
instructions.)
Sorted SSSE3_INSTRUCTION_LIST by instruction code.
Header additions are added by clangd, we were already using something
from those headers via transitive includes, adding them explicitly gets
us closer to IWYU.
Codegen sequences are from https://github.com/WebAssembly/simd/pull/380
and also
https://github.com/WebAssembly/simd/pull/380#issuecomment-707440671.
Bug: v8:11086
Change-Id: I4c04f836e471ed8b00f9ff1a1b2e6348a593d4de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578797
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71688}
Implement vclt and add some assembler tests.
Bug: v8:10983
Change-Id: I78c701180ddc90af4b59db86a25188f281167366
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575783
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71685}
Add new instruction vpaddl for signed and unsigned integers, adding
assembler, disassembler, simulator support, and also tests.
The signed and unsigned opcodes for vpaddl are separate enums, because
the helper EncodeNeonUnaryOp only takes a NeonSize (not NeonDataType). I
considered changing the signature, but none of the other instructions
use a NeonDataType, so it seems unnecessary.
Bug: v8:11086
Change-Id: I5e6694ae407779c1fd3604c5a40ca0a1b6ce061b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578233
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71671}
Prototype v128.{load,store}{8,16,32,64}_lane on Big Endian machines.
Lood/Stores need to be reversed manually on BE machines and as such
LoadLane and StoreLane opcodes cannot be done in a single instruction.
Therefore we divide them into separate "Load/Store" and "operation"
nodes.
Bug: v8:10975
Change-Id: If21c9663de41b872fe035d15526830f244605c48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2577820
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71665}
This is a reland of ab4d9717f2.
The original CL did a std::move before the final use of the NativeModule.
PS2 removes that.
TBR=petermarshall@chromium.org, thibaudm@chromium.org
Original change's description:
> [wasm] Pass the script ID to code logging
>
> We didn't pass a script ID with the code creation events for profiling.
> This made DevTools lose the connection to the wasm script, hence
> jumping from the profiler entry to the source did not work.
>
> This CL changes the timing of code logging a bit such that the script is
> always allocated before logging. In the queue of code to be logged we
> then also store the script ID, and finally set it on the {CodeEntry}
> object.
>
> R=thibaudm@chromium.org
>
> Bug: chromium:1125986
> Change-Id: I2248c1d520bc819436bbe732373f7a3446b64f48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575057
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71654}
Bug: chromium:1125986
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Change-Id: I2a7c5fe04fff726836b1279e3d05b1702a4efb76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578980
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71663}
This is a reland of 064ee3c835
Issue 1: WasmEngine UAF when CompilationState is destroyed
asynchronously
Fix: Include https://chromium-review.googlesource.com/c/v8/v8/+/2565508
in this CL. Use OperationBarrier to keep WasmEngine alive.
Issue 2: In gin, JobTask lifetime is not extended beyond
JobHandle, thus making CancelAndDetach unusable.
This is fixed in chromium here:
https://chromium-review.googlesource.com/c/chromium/src/+/2566724
Original change's description:
> Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."
>
> Reason for revert: Data race:
> https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34121
>
> It was assume that MockPlatform runs everything on 1 thread. However,
> MockPlatform::PostJob previously would schedule the job through
> TestPlatform, which eventually posts concurrent tasks, thus causing
> data race.
> Fix: Manually calling NewDefaultJobHandle and passing the MockPlatform
> ensures the jobs also run sequentially.
>
> Additional change:
> - CancelAndDetach is now called in ~CompilationStateImpl() to make sure
> it's called in sequence with ScheduleCompileJobForNewUnits
>
> Original CL description:
> To avoid keeping around a list of job handles, CancelAndDetach() is
> used in CancelCompilation. Dependency on WasmEngine is handled by a
> barrier that waits on all jobs to finish.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Original-Commit-Position: refs/heads/master@{#71074}
> Change-Id: Ie9556f7f96f6fb9a61ada0e5cbd58d4fb4a0f571
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2559137
> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71459}
TBR=ulan@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I6175092c97fea0d5f63a97af232e2d54cccea535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569360
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71662}
This reverts commit ab4d9717f2.
Reason for revert: UBSan issues: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/14184/overview
Original change's description:
> [wasm] Pass the script ID to code logging
>
> We didn't pass a script ID with the code creation events for profiling.
> This made DevTools lose the connection to the wasm script, hence
> jumping from the profiler entry to the source did not work.
>
> This CL changes the timing of code logging a bit such that the script is
> always allocated before logging. In the queue of code to be logged we
> then also store the script ID, and finally set it on the {CodeEntry}
> object.
>
> R=thibaudm@chromium.org
>
> Bug: chromium:1125986
> Change-Id: I2248c1d520bc819436bbe732373f7a3446b64f48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575057
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71654}
TBR=petermarshall@chromium.org,clemensb@chromium.org,thibaudm@chromium.org
Change-Id: I03c90c77b55e770797a6d66b1d778992a047e07a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1125986
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575070
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71660}
We didn't pass a script ID with the code creation events for profiling.
This made DevTools lose the connection to the wasm script, hence
jumping from the profiler entry to the source did not work.
This CL changes the timing of code logging a bit such that the script is
always allocated before logging. In the queue of code to be logged we
then also store the script ID, and finally set it on the {CodeEntry}
object.
R=thibaudm@chromium.org
Bug: chromium:1125986
Change-Id: I2248c1d520bc819436bbe732373f7a3446b64f48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575057
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71654}
Although every Primitive is a Data, the Cast operations for the
subclasses of Primitive do not allow casting directly from Data to the
subclasses without first going through Value. Because of this,
Primitives extracted from a V8::FixedArray require two casts to get to
the "real" type.
Thus, as a convenience to embedders, this change makes it possible to
cast directly from Data to all the subtypes of Primitive.
Also, this change makes the parameter names in the declarations match
those in the definitions, though there does not seem to be a universally
followed convention regarding these.
Bug: v8:10958
Change-Id: I18dc3fbb9a9bccb2cb3b75efd829af64d46d8eb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573816
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71649}
Prototype v128.{load,store}{8,16,32,64}_lane on arm.
Bug: v8:10975
Change-Id: I649f567f39f8a5ba6992a86b761f93f62619c139
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565079
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71628}
This is a reland of 716dae3ae0
Original change's description:
> [wasm-simd][ia32] Prototype sign select
>
> The implementation is the same as on x64.
>
> Bug: v8:10983
> Change-Id: I2654ce4a627ca5cc6c759051ab9034c528d9f25a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567194
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71606}
Bug: v8:10983
Change-Id: I05af92ec2d3531dd2e0d27353cc665967fb5c387
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2574001
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71627}
Port String::Flatten to Torque (using a fast C call for the
non-allocating part) and provide fast and easy access to sequential
string data in Torque: GetStringData() flattens if necessary and
computes slices that allow direct access.
Applications: String.prototype.replaceAll, String.prototype.endsWith,
and String.prototype.beginsWith now use GetStringData() and direct
slice access instead of the slow StringCharCodeAt and they no
longer bail out to the runtime for flattening.
Drive-by changes:
- Expose String instance type bits as bitfields and enums in Torque.
- Fix method lookup in Torque to include superclass methods.
- Use char8 and char16 types in more places.
- Allow fast C calls with void return type.
- Add Torque macros to create subslices.
- Add no-GC scopes to runtime functions loading external string data.
Bug: v8:7793
Change-Id: I763b9b24212770307c9b2fe9f070f21f65d68d58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565515
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71611}
This reverts commit 716dae3ae0.
Reason for revert: broke noavx build https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/33124/overview
Original change's description:
> [wasm-simd][ia32] Prototype sign select
>
> The implementation is the same as on x64.
>
> Bug: v8:10983
> Change-Id: I2654ce4a627ca5cc6c759051ab9034c528d9f25a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567194
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71606}
TBR=bbudge@chromium.org,zhin@chromium.org
Change-Id: I6408268945e41ef7acf5938ac989bab9824df185
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10983
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573996
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71607}
The implementation is the same as on x64.
Bug: v8:10983
Change-Id: I2654ce4a627ca5cc6c759051ab9034c528d9f25a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567194
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71606}
First step towards the new exception handling proposal:
https://github.com/WebAssembly/exception-handling/issues/125
This is essentially a revert of:
"[wasm] Switch to new 'catch' and 'br_on_exn' proposal."
The changes are:
- "catch" instruction takes a tag immediate,
- "rethrow" instruction takes a label immediate,
- Add "catch_all" instruction,
- Remove "br_on_exn" instruction,
- Do not push exceptions on the stack, only the encoded values
R=clemensb@chromium.org
CC=aheejin@chromium.org
Bug: v8:8091
Change-Id: Iea4d8d5a5d3ad50693f645e93c13e8de117aa884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484514
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71602}
TurboFan creates DisallowHeapAccess scopes, to prevent heap access in
the concurrent parts of the compiler. Then, for parts of the compiler
that do want to access the heap, it either creates Allow* scopes (which
should be avoided since they "punch a hole" in the Disallow* scopes), or
relies on a weakening of Handle::IsDereferenceAllowed which allows
handles owned by a LocalHeap to be dereferenced even if there is a
DisallowHeapDereference scope.
This patch:
a) Strengthens the implicit requirements around handle dereferencing
to require a running heap on this thread (either main-thread heap
or an un-parked, un-safepointed LocalHeap).
b) Removes the overly strict Disallow scopes in TurboFan, relying
instead on implicit requirements for allocation/handle
dereferencing in off-thread code.
c) Cleans up the "should_disallow_heap_access" predicate to be more
explicit about what should be disallowed (e.g. property accesses
can't be computed concurrently)
Change-Id: Icb56b7764913ac17e2db197a70bb189af88a6978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554617
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71600}
I'd implemented Module::GetModuleRequests() such that it can only be
called on a SourceTextModuleRecord, forgetting that one of the APIs
it replaces, Module::GetModuleRequestsLength(), could be called on a
synthetic module. The old behavior allowed embedders to write code that
iterates over a module's requests without needing to handle synthetic
modules as a special case. GetModuleRequestsLength() would just return
0 for all synthetic modules and the code to process the requests
would be skipped seamlessly for them.
With the new GetModuleRequests() API, this would no longer be possible,
and embedders would explicitly need to check IsSyntheticModule()
before calling it. Thus, to reach parity with the old API, this change
allows embedders to call GetModuleRequests() on a synthetic module,
which will always result in an empty FixedArray.
Bug: v8:10958
Change-Id: I6024261fe46d18fa7acc83b0ec8f69d6af21b28d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2570146
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71599}
This is a reland of 2afb00c0e8
Original change's description:
> [heap] Remove SWEEPING phase in incremental marking
>
> The SWEEPING phase in incremental marking was used to finish sweeping
> of the last GC cycle concurrently before starting incremental marking.
> This avoids potentially long pauses when starting incremental marking.
> However this shouldn't be necessary in most cases where sweeping is
> already finished when starting the next cycle. The implementation also
> didn't cleanly separate the GC cycles.
>
> In case the sweeping phase is necessary for pause times, we can
> introduce a "CompleteSweep" phase which runs right before starting
> incremental marking.
>
> Change-Id: Iaff8c06d5691e584894f57941f181d0424051eec
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567707
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71555}
Change-Id: I173bdeaf342d4c0590453f7d9eeb8ab5cfddc73c
Bug: v8:11220, v8:11221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2571111
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71592}
Also construct the `JSMap`s used to store these names lazily and
only on-demand, and construct them directly instead of first doing
a `std::vector<Handle<String>>` and using that to construct the
`JSMap`. The latter resulted in a gigantic root set of 150k+ handles,
which wasn't well received by the GC.
Bug: chromium:1154154
Fixed: chromium:1154564
Also-By: bmeurer@chromium.org
Change-Id: I92e8931f15eda133e2a62b5cc53fbe1f2dafcead
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568275
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71589}
This is a reland of e2aa734aef
The original change was speculatively reverted in
https://crrev.com/c/2568925 but seems unrelated to the flakey
test failures (which are on x64).
Original change's description:
> [wasm-simd][arm] Prototype i8x16.popcnt
>
> Bug: v8:11002
> Change-Id: Ib97e51ed52249a1af7a4b879396b70a016991719
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567534
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71552}
Bug: v8:11002
Change-Id: I714918e2640d27d29953f940e3bedeb9ea2f8a08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567243
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71585}
Concurrently accessing internal external uncached strings is not
thread-safe. We are removing a case where we can make such a string
through MakeExternal.
Bug: v8:7790
Change-Id: I958062c15cf40ccc330600bb572de98620866e54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565511
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71573}
This reverts commit 2afb00c0e8.
Reason for revert: Some tests started to timeout.
Original change's description:
> [heap] Remove SWEEPING phase in incremental marking
>
> The SWEEPING phase in incremental marking was used to finish sweeping
> of the last GC cycle concurrently before starting incremental marking.
> This avoids potentially long pauses when starting incremental marking.
> However this shouldn't be necessary in most cases where sweeping is
> already finished when starting the next cycle. The implementation also
> didn't cleanly separate the GC cycles.
>
> In case the sweeping phase is necessary for pause times, we can
> introduce a "CompleteSweep" phase which runs right before starting
> incremental marking.
>
> Change-Id: Iaff8c06d5691e584894f57941f181d0424051eec
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567707
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71555}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: I9adea60c21ff7cdfa7bbac3e6a4a240640fa5ea9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569766
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71570}
Unifies various operators for dynamic map checks with the naming
scheme of DynamicCheckMaps (to be similar to CheckMaps.
BUG=v8:10582
Change-Id: I8ac842f55fe31cdc7b84968d077017a86ddf4442
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567952
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71559}
The SWEEPING phase in incremental marking was used to finish sweeping
of the last GC cycle concurrently before starting incremental marking.
This avoids potentially long pauses when starting incremental marking.
However this shouldn't be necessary in most cases where sweeping is
already finished when starting the next cycle. The implementation also
didn't cleanly separate the GC cycles.
In case the sweeping phase is necessary for pause times, we can
introduce a "CompleteSweep" phase which runs right before starting
incremental marking.
Change-Id: Iaff8c06d5691e584894f57941f181d0424051eec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567707
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71555}
Prototype v128.{load,store}{8,16,32,64}_lane on arm64.
All the required assembler, disassembler, and simulator changes are
already available. The biggest changes here are in the
instruction-selector. ld1 and st1 only supports no-offset or post-index
addressing, so we have to do our own addition (base + index) to
construction the actual memory address to load/store from.
Bug: v8:10975
Change-Id: I026e3075003ff5dece7cd1a590894b09e2e823db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558268
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71551}
This is a reland of a69b7ef2ff
Original change's description:
> [wasm-simd][ia32] Prototype store lane
>
> Prototype v128.store{8,16,32,64}_lane on IA32.
>
> Drive by fix for wrong disassembly of movlps.
>
> Also added more test cases for StoreLane, test for more alignment and offset.
>
> Bug: v8:10975
> Change-Id: I0e16f1b5be824b6fc818d02d0fd84ebc0dff4174
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557068
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71511}
Bug: v8:10975
Change-Id: I2c9b219b9ab9d78a83d1bf32ad1271d717471c19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567317
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71547}
In order to reduce the codegen size of dynamic map checks, add the
ability to have an eager with resume deopt point, which can call
a given builitin to perform a more detailed check than can be done
in codegen, and then either deoptimizes itself (as if the calling
code had performed an eager deopt) or resumes execution in the
calling code after the check.
In addition, support for adding extra arguments to a
deoptimization continuation is added to enable us to pass the
necessary arguments to the DynamicMapChecks builtin.
Finally, a trampoline is added to the DynamicMapChecks which saves
the registers that might be clobbered by that builtin, to avoid
having to save them in the generated code. This trampoline also
performs the deoptimization based on the result of the
DynamicMapChecks builtin.
In order to ensure both the trampoline and DynamicMapChecks
builtin have the same call interface, and to limit the number
of registers that need saving in the trampoline, the
DynamicMapChecks builtin is moved to be a CSA builtin with a
custom CallInterfaceDescriptor, that calls an exported Torque
macro that implements the actual functionality.
All told, this changes the codegen for a monomorphic dynamic
map check from:
movl rbx,<expected_map>
cmpl [<object>-0x1],rbx
jnz <deferred_call>
resume_point:
...
deferred_call:
<spill registers>
movl rax,<slot>
movq rbx,<object>
movq rcx,<handler>
movq r10,<DynamicMapChecks>
call r10
cmpq rax,0x0
jz <restore_regs>
cmpq rax,0x1
jz <deopt_point_1>
cmpq rax,0x2
jz <deopt_point_2>
int3l
restore_regs:
<restore_regs>
jmp <resume_point>
...
deopt_point_1:
call Deoptimization_Eager
deopt_point_2:
call Deoptimization_Bailout
To: movl rax,<slot>
movl rcx,<expected_map>
movq rdx,<handler>
cmpl [<object>-0x1],rcx
jnz <deopt_point>
resume_point:
...
deopt_point:
call DynamicMapChecksTrampoline
jmp <resume_point>
BUG=v8:10582
Change-Id: Ica4927b9acc963b9b73dc62d9379a7815335650f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560197
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71545}
So far the main thread can have two different kinds of local handles,
regular main thread handles and local handles in its LocalIsolate. This
is both confusing and error-prone.
This CL retargets local handles creation for the LocalIsolate on the
main thread to always create regular main thread handles instead.
Bug: v8:10315
Change-Id: I4df509a0fc1bd630ba956b5eaacacbe706ddb4ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527062
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71534}
Avoid data race when enabling flag with concurrent thread that reads
that flag as well.
Bug: v8:10315
Change-Id: I9eecc48e21b1070e8db444021264eec2784f5102
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567697
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71528}
This reverts commit 064ee3c835.
Reason for revert: Causing blink_web_tests to fail on builder "WebKit Linux MSAN"
https://bugs.chromium.org/p/chromium/issues/detail?id=1153968
Original change's description:
> Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."
>
> Reason for revert: Data race:
> https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34121
>
> It was assume that MockPlatform runs everything on 1 thread. However,
> MockPlatform::PostJob previously would schedule the job through
> TestPlatform, which eventually posts concurrent tasks, thus causing
> data race.
> Fix: Manually calling NewDefaultJobHandle and passing the MockPlatform
> ensures the jobs also run sequentially.
>
> Additional change:
> - CancelAndDetach is now called in ~CompilationStateImpl() to make sure
> it's called in sequence with ScheduleCompileJobForNewUnits
>
> Original CL description:
> To avoid keeping around a list of job handles, CancelAndDetach() is
> used in CancelCompilation. Dependency on WasmEngine is handled by a
> barrier that waits on all jobs to finish.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Original-Commit-Position: refs/heads/master@{#71074}
> Change-Id: Ie9556f7f96f6fb9a61ada0e5cbd58d4fb4a0f571
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2559137
> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71459}
TBR=ulan@chromium.org,jkummerow@chromium.org,ahaas@chromium.org,clemensb@chromium.org,etiennep@chromium.org
Bug: chromium:1153968, v8:11209, v8:11210, v8:11212
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I2c8406bea81ee7cf6c5726c2fec50fffdce09611
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566446
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71519}
This CL applies kSetOverflowToMin in TruncateFloat32ToInt32,
TruncateFloat32ToUint32, and TruncateFloat64ToInt64, allowing
EffectControlLinearizer to request truncating to INT32_MIN
or INT64_MIN in case of overflow.
Port: d4b29d7525
Bug: v8:11121
Change-Id: I1ef794e89641d0be6e9be9bdb99fd7737f465821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2537417
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#71516}
This reverts commit a69b7ef2ff.
Reason for revert: Broke msvc https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15975?
Original change's description:
> [wasm-simd][ia32] Prototype store lane
>
> Prototype v128.store{8,16,32,64}_lane on IA32.
>
> Drive by fix for wrong disassembly of movlps.
>
> Also added more test cases for StoreLane, test for more alignment and offset.
>
> Bug: v8:10975
> Change-Id: I0e16f1b5be824b6fc818d02d0fd84ebc0dff4174
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557068
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71511}
TBR=bbudge@chromium.org,zhin@chromium.org
Change-Id: Ic9386ea1254c1e0d9b42e92723b1a951fafe3a8b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567315
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71512}
Prototype v128.store{8,16,32,64}_lane on IA32.
Drive by fix for wrong disassembly of movlps.
Also added more test cases for StoreLane, test for more alignment and offset.
Bug: v8:10975
Change-Id: I0e16f1b5be824b6fc818d02d0fd84ebc0dff4174
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557068
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71511}
This change completes the necessary API changes for import assertions
discussed in
https://docs.google.com/document/d/1yuXgNHSbTAPubT1Mg0JXp5uTrfirkvO1g5cHHCe-LmY.
The old ResolveCallback is deprecated and replaced with a
ResolveModuleCallback that includes import assertions. Until
ResolveCallback is removed, InstantiateModule and associated functions
are modified to accept both types of callback, using the new one if it
was supplied and the old one otherwise. An alternative that I chose not
to go with would be to just duplicate InstantiateModule and associated
functions for both callback types.
SyntheticModule::PrepareInstantiate's callback parameter was unused so I
removed it.
Bug: v8:10958
Change-Id: I8e9fbaf9c2853b076b13da02473fbbe039b9db57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551919
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71506}
This is the 3rd step in a series of CLs to move the SharedFunctionInfo
class to kNeverSerialized and make it concurrently accessible from
the background thread. This CL:
* Adds synchronization to PrepareFunctionForDebugExecution
* Adds tests that mess with SharedFunctionInfo while it is accessed
by another thread.
Bug: v8:7790
Change-Id: I2200fc7b6e977cda4e1003cb83d6ff49b1f1e337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523318
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71495}
This is a reland of 21e479441e
The fix is in the encoding of vmov. Bit 23 (the U bit) should be 0,
whether the NeonDataType is NeonS32 or NeonU32. Also added a DCHECK
in the simulator to assert this.
Original change's description:
> [wasm-simd][arm] Prototype i64x2.bitmask
>
> Cleanup to simulator to remove repetitive logic to get instruction
> fields.
>
> Bug: v8:10997
> Change-Id: I01f0b99f85788b41e4cab505fc94362d637c396f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554256
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71391}
Bug: v8:10997
Change-Id: I93b5d2168a50446d4a3b487ad83d6af8ea9ba8ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558262
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71467}
Reason for revert: Data race:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34121
It was assume that MockPlatform runs everything on 1 thread. However,
MockPlatform::PostJob previously would schedule the job through
TestPlatform, which eventually posts concurrent tasks, thus causing
data race.
Fix: Manually calling NewDefaultJobHandle and passing the MockPlatform
ensures the jobs also run sequentially.
Additional change:
- CancelAndDetach is now called in ~CompilationStateImpl() to make sure
it's called in sequence with ScheduleCompileJobForNewUnits
Original CL description:
To avoid keeping around a list of job handles, CancelAndDetach() is
used in CancelCompilation. Dependency on WasmEngine is handled by a
barrier that waits on all jobs to finish.
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#71074}
Change-Id: Ie9556f7f96f6fb9a61ada0e5cbd58d4fb4a0f571
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2559137
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71459}
This CL extends the TruncateFloat64ToInt64 machine operator with a
TruncateKind, allowing EffectControlLinearizer to request truncating
to INT64_MIN in case of overflow. The CL adds the necessary low-level
support when generating code for kArm64Float64ToInt64. It also enables
relevant tests as part of the fast API call suite.
Bug: v8:11121
Change-Id: I0cb9964cc3c2ff49e6b0bbfe4a20f280e4aab337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560718
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71449}
Currently MockPlatform has shorter lifetime than the isolate that uses
it. Creating isolate before MockPlatform leads to races in concurrent
tasks that were scheduled before the MockPlatform replaced the default
TestPlatform. This caused issues after landing
https://chromium-review.googlesource.com/c/v8/v8/+/2561198
This CL ensures that MockPlatform is valid throughout the whole
lifetime of the isolate
Bug: v8:11198
Change-Id: I79f82712165d1f1fbe0fe9af68aedf126e54b241
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562121
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71443}
Scopes in V8 are used to guarantee one or more properties during its
lifetimes. If a scope is not named e.g MyClassScope(args) instead of
MyClassScope scope(args) it will get created and automatically destroyed
and therefore, being useless as a scope. This CL would produce a
compiling warning when that happens to ward off this developer error.
Follow-up to ccrev.com/2552415 in which it was introduced and
implemented for Guard classes.
Change-Id: Ifa0fb89cc3d9bdcdee0fd8150a2618af5ef45cbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555001
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71425}
Pass the Isolate/LocalIsolate through to StringTable matchers and
WriteToFlat, so avoid having to get the Isolate via the String, and to
avoid locking on the main thread entirely. This allows us to remove the
String overload of the SharedStringAccessGuardIfNeeded constructor
entirely, to avoid this anti-pattern in the future.
Bug: chromium:1146972
Change-Id: I53bba126b105e1c9629d6e64d8bb574e62e3ad45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557988
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71398}
Port 3836aeb039
Original Commit Message:
Apart from removing Min and Max (utils.h), this is mostly a renaming.
In a few cases I had to add a cast. In a bunch of cases I had to use
initializer lists to force call-by-value for static member constants
because call-by-reference wouldn't compile (like in the previous CL).
In a few places I used initializer lists in place of nested min/max
operations.
R=neis@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Iecb43c19b8e16721e942553d7d811daf74bedc02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557570
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71396}
Prototype v128.load{8,16,32,64}_lane on IA32 (stores will come later).
This is pretty similar to x64 version, except that there is no signal
handler for OOB access, so kProtected is not a valid access mode.
Left some TODOs for myself to merge the new instruction codes
(kIA32Pinsrb) with the replace lane Wasm instructions.
Bug: v8:10975
Change-Id: I5c9f9a45e2e7f06e8fab4a28cdfe1857ccc35880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557063
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71394}
Cleanup to simulator to remove repetitive logic to get instruction
fields.
Bug: v8:10997
Change-Id: I01f0b99f85788b41e4cab505fc94362d637c396f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554256
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71391}
This change refactors the v8.h API as discussed in
https://docs.google.com/document/d/1yuXgNHSbTAPubT1Mg0JXp5uTrfirkvO1g5cHHCe-LmY/edit#heading=h.q0c9h4p928mn
such that a v8::Module exposes module requests as a FixedArray of
ModuleRequest objects, which can then be used to obtain their module
specifier and source code offset. This replaces the old functions that
passed back individual specifier Strings and Locations via repeated
calls to getters that take an index. These are marked as deprecated.
The new ModuleRequest interface includes a getter for an
ImportAssertions FixedArray, which will contain the import assertions
for the request if --harmony-import-assertions is set, and will be
empty otherwise.
One notable change here is that the APIs now return source code offsets
rather than v8::Locations. The host must then call the new
Module::SourceOffsetToLocation to convert these offsets into line/column
numbers. This requires a bit more back-and-forth, but allows the host to
defer the cost of converting from source offset to line/column numbers
until an error needs to be reported, potentially skipping the work
altogether.
Bug: v8:10958
Change-Id: I181639737c701e467324e6c781aa4d7bdd87ae8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545577
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71387}
- Use C++ primitives (int, bool) for the ScriptOrigin constructor.
- Deprecate the old accessors and constructor
Bug: v8:11195
Change-Id: I739edd6b4c58e19a8a16ddce863eea14ec933697
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555005
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71384}
Apart from removing Min and Max (utils.h), this is mostly a renaming.
In a few cases I had to add a cast. In a bunch of cases I had to use
initializer lists to force call-by-value for static member constants
because call-by-reference wouldn't compile (like in the previous CL).
In a few places I used initializer lists in place of nested min/max
operations.
Bug: v8:11074
Change-Id: I53a5411be6334ff41e7a8517e6b87fb46f14d086
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545523
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71380}
