If memory is statically known to be out of bounds, do not generate code
for the load or store, and also mark the rest of the current block
unreachable to avoid unnecessary code generation.
This also prevents us from having to special-case illegal memory
offsets in the LiftoffAssembler. For valid code, the offset will always
be smaller than 2GB.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: Ib5a9006780098e9f2ab9eda4bac7939f15612ae0
Reviewed-on: https://chromium-review.googlesource.com/939821
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51623}
According to the spec, exported wasm functions should not have a
[[Construct]] method, hence they don't have a prototype.
R=bmeurer@chromium.org
CC=titzer@chromium.org
Bug: v8:7503
Change-Id: I9e142d65a80c0ef6dbd743421771f194c2d50614
Reviewed-on: https://chromium-review.googlesource.com/939782
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51622}
Port be4cd67ce2
Original Commit Message:
This adds support for poisoning the stack pointer and implicit register
arguments like the context register and the function register in the
prologue of generated code with JavaScript linkage. The speculation
poison is computed similarly to the interpreter by matching expected
with actual code start addresses.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:798964
LOG=N
Change-Id: I0d015fd8a8f05982d947a4a1c0be1a825ac19d64
Reviewed-on: https://chromium-review.googlesource.com/940460
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51621}
Port 5586ecfc68
Original Commit Message:
This decouples the checking of the {kJavaScriptCallCodeStartRegister}
from the deoptimization checks. We now rely more heavily on the above
register and should check its validity more broadly. Note that there
also is a bug fix for the ARM port contained in this change.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ic8b58994b083c6c0ec73173120cedf6391b1c964
Reviewed-on: https://chromium-review.googlesource.com/938522
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51620}
This is a reland of 89737c5d04.
Original change's description:
> PPC/s390: [turbofan] Ensure instruction start is in fixed register.
>
> Port c462ddc80b
>
> Original Commit Message:
>
> This makes sure that {JSFunction} invocations always load the code start
> address into the fixed {kJavaScriptCallCodeStartRegister} register. This
> allows us to perform PC-relative operations more effective. For now this
> only applies to code with {kCallJSFunction} linkage.
>
> R=mstarzinger@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
>
> Change-Id: If346a3cbaea820b1fcec38c5105605496961a888
> Reviewed-on: https://chromium-review.googlesource.com/938721
> Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#51608}
Change-Id: I5b118c3903847cc13e2ce228e9713f8ae55ce193
Reviewed-on: https://chromium-review.googlesource.com/940342
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51619}
This reverts commit 89737c5d04.
Reason for revert: Sorry, missed the portion in code-generator
Original change's description:
> PPC/s390: [turbofan] Ensure instruction start is in fixed register.
>
> Port c462ddc80b
>
> Original Commit Message:
>
> This makes sure that {JSFunction} invocations always load the code start
> address into the fixed {kJavaScriptCallCodeStartRegister} register. This
> allows us to perform PC-relative operations more effective. For now this
> only applies to code with {kCallJSFunction} linkage.
>
> R=mstarzinger@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
>
> Change-Id: If346a3cbaea820b1fcec38c5105605496961a888
> Reviewed-on: https://chromium-review.googlesource.com/938721
> Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#51608}
TBR=mstarzinger@chromium.org,michael_dawson@ca.ibm.com,jyan@ca.ibm.com,joransiu@ca.ibm.com
Change-Id: I9a0810aa35ff39651397055ab53d250c2f6f09e0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/940341
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51617}
This also adds a DCHECK that the buffer does not have guard pages in
MaterializeArrayBuffer because the code there does not know how correctly set up
a buffer with guard pages.
Bug: chromium:801849
Change-Id: Ic761fcdfbd16a2d6e87f4eb135f5d03b7aa2d71d
Reviewed-on: https://chromium-review.googlesource.com/938968
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51616}
This reverts commit 01db326cc2.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/1607
Original change's description:
> [Assembler][x64] Make immediates immutable
>
> On x64, we already pass immediates by value. This CL ensures that this
> is indeed cheap, and it makes immediates immutable.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7310
> Change-Id: I53a0666d53b9de69d390621298798c03b5190497
> Reviewed-on: https://chromium-review.googlesource.com/934341
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51613}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: Id3870e671c106644b62353c2b6c0ec2607596166
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7310
Reviewed-on: https://chromium-review.googlesource.com/939901
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51614}
On x64, we already pass immediates by value. This CL ensures that this
is indeed cheap, and it makes immediates immutable.
R=mstarzinger@chromium.org
Bug: v8:7310
Change-Id: I53a0666d53b9de69d390621298798c03b5190497
Reviewed-on: https://chromium-review.googlesource.com/934341
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51613}
The type std::enable_if<cond> does always exist, it only makes sense to
check for std::enable_if<cond>::type. But the way this is used here we
also cannot do that, so just replace this by a good old "#ifdef DEBUG".
Drive-by: Minor unrelated cleanup (constexpr and ifdef).
R=eholk@chromium.org
Change-Id: I6bc27ee3adfd3ec3d38d61df67dd9cdff0faf2f7
Reviewed-on: https://chromium-review.googlesource.com/939387
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51612}
This change ensures that GVN does not move StringSubstring out of
switches, which might introduce partial redundancies.
Bug: chromium:816522
Change-Id: I63b91edd995c84b68d756ed5de08fa13567f3d80
Reviewed-on: https://chromium-review.googlesource.com/939621
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51610}
Implement Spill and Fill instructions on MIPS in Liftoff along with
some instructions that are needed for their implementation and that
are using them directly.
Also, fix issue with i32_set_cond that reproduced while
implementing these instructions.
Bug: v8:6600
Change-Id: I846f427e5d1345e9162ad3b2ffefe2a827732da1
Reviewed-on: https://chromium-review.googlesource.com/939399
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51609}
Port c462ddc80b
Original Commit Message:
This makes sure that {JSFunction} invocations always load the code start
address into the fixed {kJavaScriptCallCodeStartRegister} register. This
allows us to perform PC-relative operations more effective. For now this
only applies to code with {kCallJSFunction} linkage.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: If346a3cbaea820b1fcec38c5105605496961a888
Reviewed-on: https://chromium-review.googlesource.com/938721
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51608}
Previously GetSharedFunctionInfoForStreamedScript didn't either check the
compilation cache or put the result of compilation into the compilation
cache. This would mean future compiles would need to re-parse / compile
the same script even if the isolate had already seen it. This CL
fixes this.
Also refactors the compilation pipelines to ensure we call debug->OnAfterCompile()
for all script compiles even when loading from a cache.
BUG=v8:5203
Change-Id: I4b06bdfc566425f4e6d70fc3e6e080b0dc497d48
Reviewed-on: https://chromium-review.googlesource.com/939464
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51607}
When generating a 64bit memory operation on ia32, we need to emit two
operations, one at {offset+4}, one at {offset}. The computation
{offset+4} can overflow, which is ok because
1) it won't be used for code generation later, and
2) the generated code will not be reached because the memory access is
always out of bounds anyway.
R=ahaas@chromium.org
Bug: v8:7499, v8:6600
Change-Id: Ia4660688c3291700c48efc201d15fc370b4dd854
Reviewed-on: https://chromium-review.googlesource.com/939389
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51604}
The number of arguments passed on the stack might exceed the regular
object size limits. Hence we need to emit write barriers when copying
the arguments from the stack into the allocated array.
Bug: chromium:813450
Change-Id: I829c5c32b1a7b5f4ddb01cc6ea92f85ab47126aa
Reviewed-on: https://chromium-review.googlesource.com/939174
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51603}
This is a reland of 800daded0b.
Original change's description:
> [turbofan] Masking/poisoning in codegen (optimized code, arm64)
>
> This introduces masking of loads with speculation bit during code generation.
> At the moment, this is done only under the
> --branch-load-poisoning flag, and this CL enlarges the set of supported
> platforms from {x64, arm} to {x64, arm, arm64}.
>
> Overview of changes:
> - new register configuration configuration with one register reserved for
> the speculation poison/mask (kSpeculationPoisonRegister).
> - in codegen, we introduce an update to the poison register at the starts
> of all successors of branches (and deopts) that are marked as safety
> branches (deopts).
> - in memory optimizer, we lower all field and element loads to PoisonedLoads.
> - poisoned loads are then masked in codegen with the poison register.
> * only integer loads are masked at the moment.
>
> Bug: chromium:798964
> Change-Id: Ie6bc9c3bdac9998b0ef81f050a9c844399ca3ae4
> Reviewed-on: https://chromium-review.googlesource.com/928724
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51576}
Bug: chromium:798964
Change-Id: I6c87d34c4e05fca0bd7f5447555133ecb0fb7a2e
Reviewed-on: https://chromium-review.googlesource.com/939402
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51602}
This adds support for f32.neg and f64.neg. Note that this cannot be
computed as "0 - src", as this would not turn 0 into -0. Instead, we
need to explicitly flip the sign bit.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I3cbcfa156c5d2a727e0e2da279369bf055f0d657
Reviewed-on: https://chromium-review.googlesource.com/937202
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51601}
This will fire if the CAST is never useful. This is helpful if you add
a TNode return type to a function - its callers no longer need to cast
the result if the types are the same.
Change-Id: If0b04c615cb2dbfa91ba43d5d0d35ace5a31d4e7
Reviewed-on: https://chromium-review.googlesource.com/934449
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51599}
Turbofan can only handle 64K control inputs for merges. Such large
can only be created by functions with 64K jumps, so we limit the
bytecode size to the minimum size of bytecode arrays with 64K jumps.
Bug: chromium:815392, v8:7438
Change-Id: I674705e87e19ce451b40d5827c9fe3e6ec17293a
Reviewed-on: https://chromium-review.googlesource.com/938421
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51598}
Several cleanups:
- unify identical macro defintions
- use existing macros instead of duplicating the code
- add AVX versions for xorps and xorpd (to be used by Liftoff)
R=mstarzinger@chromium.org
Bug: v8:7310, v8:6600
Change-Id: Id37c58cf6187533ad9d4a0ca8bc5d49f9de66785
Reviewed-on: https://chromium-review.googlesource.com/937124
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51597}
This reverts commit 2542720357.
Reason for revert: code-coverage failures on gc-stress bot: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/17956
Original change's description:
> Reland: [Compiler] Use CompilationCache for StreamedScript compilation.
>
> Previously GetSharedFunctionInfoForStreamedScript didn't either check the
> compilation cache or put the result of compilation into the compilation
> cache. This would mean future compiles would need to re-parse / compile
> the same script even if the isolate had already seen it. This CL
> fixes this.
>
> Also refactors the compilation pipelines to ensure we call debug->OnAfterCompile()
> for all script compiles even when loading from a cache.
>
> BUG=v8:5203
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
>
> Change-Id: I0a74c5b67bfaca5e50511d5f72da0ab53d8457f6
> Reviewed-on: https://chromium-review.googlesource.com/937724
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51594}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mythria@chromium.org
Change-Id: I784b9eeff75a677b9f2276fa05a0d1af09772baa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/939401
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51596}
There is a clear mistake of using kWasmF64 instead of kWasmF32.
R=ahaas@chromium.org
Change-Id: I638d568b3736fdb8417f17bcd04d17268a45b965
Reviewed-on: https://chromium-review.googlesource.com/939178
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51595}
Previously GetSharedFunctionInfoForStreamedScript didn't either check the
compilation cache or put the result of compilation into the compilation
cache. This would mean future compiles would need to re-parse / compile
the same script even if the isolate had already seen it. This CL
fixes this.
Also refactors the compilation pipelines to ensure we call debug->OnAfterCompile()
for all script compiles even when loading from a cache.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0a74c5b67bfaca5e50511d5f72da0ab53d8457f6
Reviewed-on: https://chromium-review.googlesource.com/937724
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51594}
Scavenger::PromoteObject and Scavenger::SemiSpaceCopyObject load and
dereference the map of the object to compute the alignment.
This is unsafe because the object can be already migrated by another
thread and the map word can contain the forwarding address.
This patch removes the map load and uses the provided map argument to
compute the alignment.
Bug: chromium:811278,chromium:807178
Change-Id: I7343344dc65ae26eefb2602c55dee87bb511bc72
Reviewed-on: https://chromium-review.googlesource.com/939172
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51592}
This changes the encoding of the {HandlerTable} from an array of Smi
values to a byte array. It allows embedding of said array into the
instruction stream of {Code} objects (similar to how safepoint tables
work). For interpreted bytecode the table is attached as a {ByteArray}
to the bytecode.
The advantage of this approach is a more compact encoding and also the
ability to move such tables easily off the GC'ed heap if needed (as is
done for WebAssembly code for example).
R=jarin@chromium.org
Change-Id: I3320415dff69b3d1053825bda0d667a28232bf6d
Reviewed-on: https://chromium-review.googlesource.com/934642
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51589}
Always return the given length (limit) for typed arrays in PrepareElementsForSort
since typed arrays do not have holes.
Bug: v8:6719
Change-Id: Ic455ceca6563fc66a4e4a78c7bf5df1ad17afb4a
Reviewed-on: https://chromium-review.googlesource.com/615104
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51588}
Currently all instances share the exact same export wrappers (pointed
to by the corresponding compiled module). This bug, however, does not
cause a problem at runtime. This CL makes sure that all compiled modules
have their own export wrapper table during instance instantiation.
Change-Id: I385d79ab8ad42672f7ab72755387d161b1e9ee81
Reviewed-on: https://chromium-review.googlesource.com/937715
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51585}
Refactor the helpers to use return values instead of continuation functors.
This reduces compilation time in Release mode from 30s to 10s (Debug: 10->7s).
Also shorten the boilerplate code a bit.
Bug: v8:7310
Change-Id: Icf6309e4fd5478a1f55979112d1219bc7eaf4e6d
Reviewed-on: https://chromium-review.googlesource.com/938316
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51584}
This proposal has not moved beyoned stage 2 in two years, and has never
moved past the HARMONY_INPROGRESS state in flag-definitions.h.
It was originally added to aide in desugaring yield*, but is no longer
used for that purpose.
Bug: v8:4700, v8:7310
Change-Id: Ieca40d8e4bf565516bbe71e47b996daa70d2e835
Reviewed-on: https://chromium-review.googlesource.com/935297
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51582}
The x87 port itself has been gone for awhile.
Bug: v8:7310
Change-Id: I1c938ba93720af361733f2c09dc5f128173b5675
Reviewed-on: https://chromium-review.googlesource.com/935198
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51581}
Recent Fuchsia SDKs have begun removing both symbols for unsupported
POSIX APIs, and also the relevant definitions, and even headers.
This CL:
- Removes dependencies on <sys/resource.h>.
- Adds a working implementation of GetUserTime().
- Fixes GetCurrentThreadId() to use the native (32-bit) Fuchsia thread
handle, rather than the (64-bit) pthread*, to avoid potential for id
clashes when truncating the value into a 32-bit int.
Bug: chromium:707030
Change-Id: Ic5774e138f7657123dd65d0fb7ef5d87876766e8
Reviewed-on: https://chromium-review.googlesource.com/933247
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51579}
This reverts commit 800daded0b.
Reason for revert: breaks arm64 build
Original change's description:
> [turbofan] Masking/poisoning in codegen (optimized code, arm64)
>
> This introduces masking of loads with speculation bit during code generation.
> At the moment, this is done only under the
> --branch-load-poisoning flag, and this CL enlarges the set of supported
> platforms from {x64, arm} to {x64, arm, arm64}.
>
> Overview of changes:
> - new register configuration configuration with one register reserved for
> the speculation poison/mask (kSpeculationPoisonRegister).
> - in codegen, we introduce an update to the poison register at the starts
> of all successors of branches (and deopts) that are marked as safety
> branches (deopts).
> - in memory optimizer, we lower all field and element loads to PoisonedLoads.
> - poisoned loads are then masked in codegen with the poison register.
> * only integer loads are masked at the moment.
>
> Bug: chromium:798964
> Change-Id: Ie6bc9c3bdac9998b0ef81f050a9c844399ca3ae4
> Reviewed-on: https://chromium-review.googlesource.com/928724
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51576}
TBR=rmcilroy@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,rodolph.perfetta@arm.com,martyn.capewell@arm.com,pierre.langlois@arm.com
Change-Id: I1b5dad27f9620c7da3277602081f392de6221caf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/937861
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51578}
This reverts commit c41c7a0943.
Reason for revert: relanding now that the perf waterfall has had a stab at this revert.
Original change's description:
> Revert "Use all available workers for concurrent marking."
>
> This reverts commit 3c62f7ae07.
> (and commit 4939463c77)
>
> The goal of this revert is to contrast the effect on perf bots of
> landing it vs reverting it to more easily attribute its impact.
>
> R=hpayer@chromium.org
>
> Bug: chromium:812178
> Change-Id: I7c977b1b0b587f787263272400d87f6aae7af634
> Reviewed-on: https://chromium-review.googlesource.com/936761
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51546}
TBR=gab@chromium.org,hpayer@chromium.org
Change-Id: I1ecfc70867dc5424cba1a9ecd229ae031c3e9aa4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:812178
Reviewed-on: https://chromium-review.googlesource.com/937725
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51577}
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only under the
--branch-load-poisoning flag, and this CL enlarges the set of supported
platforms from {x64, arm} to {x64, arm, arm64}.
Overview of changes:
- new register configuration configuration with one register reserved for
the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
of all successors of branches (and deopts) that are marked as safety
branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
* only integer loads are masked at the moment.
Bug: chromium:798964
Change-Id: Ie6bc9c3bdac9998b0ef81f050a9c844399ca3ae4
Reviewed-on: https://chromium-review.googlesource.com/928724
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51576}
Implement Load and Store instructions for liftoff on MIPS.
Function CallTrapCallbackForTesting also implemented to prevent
test from failing when address is out of range.
Bug: v8:6600
Change-Id: I85e48334d171ad6d86a02eeba51e4f07edaf9648
Reviewed-on: https://chromium-review.googlesource.com/934133
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51575}
Previously, Strings without an iterator would go to the runtime path
and fail on because it expected a JSReceiver type. This was in-line
with what the elements accessor expected. We can actually handle all
object types in the final slow path (using LookupIterator) so it is no
problem to change the accept types.
Bug: chromium:816289
Change-Id: Iebb8de0bb7551aee3894c8a23836d079c93726a7
Reviewed-on: https://chromium-review.googlesource.com/937461
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51574}
