On div and rem on ia32 and x64, we sometimes need to spill. If this
spilling code happens inside of a branch, the cache state will reflect
that the value was spilled, even though the actual spilling code might
not have executed.
R=titzer@chromium.org
Bug: v8:6600, chromium:839800
Change-Id: I93b681a23119f903feb54235d6d44a7cbd5815fe
Reviewed-on: https://chromium-review.googlesource.com/1044185
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52995}
The {baseline_compilation_units_} and {tiering_compilation_units_}
fields should only be accessed if the {mutex_} is held.
Also, the number of compilation units is already taken care of inside
of {RestartBackgroundTasks}, so no need to explicitly pass it.
R=ahaas@chromium.org
Change-Id: I8f36ed141b587ee1bea41291545f39546d8cf24e
Reviewed-on: https://chromium-review.googlesource.com/1044213
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52994}
Since address is a uintptr_t, there is no need to implement a specific
hasher.
R=mstarzinger@chromium.org
Bug: v8:7570
Change-Id: I47e652929ef201e742224541d9df4360444e3ba8
Reviewed-on: https://chromium-review.googlesource.com/1044209
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52993}
ExternalString::kShortSize is not the same as i::kShortSize, caused
incorrect reporting for code stats for two byte strings.
Bug: chromium:837659
Change-Id: Icbb39f2103aa4fa72bd5b1258cb8e1d4aee10441
Reviewed-on: https://chromium-review.googlesource.com/1044212
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benoit L <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52992}
macros.h already not only defines macros, but also templatized helpers
like {bit_cast} and {arraysize}. Thus {implicit_cast} also belongs
there.
R=tebbi@chromium.org
Bug: v8:7570
Change-Id: Iaea6075dad359d62498453575f22d73ca84e2323
Reviewed-on: https://chromium-review.googlesource.com/1042401
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52991}
This CL factors the parts of the JSGraph that only depend on the
machine part of JSGraph into a separate base class, MachineGraph.
This helps separate the two layers and also allows the MachineGraph
to be constructed without an Isolate, which is needed for fully
asynchronous compilation, a goal for WASM.
R=mstarzinger@chromium.orgCC=jarin@chromium.org, mvstanton@chromium.org
BUG=v8:7721
Change-Id: Ie8bc3de40159332645dcb3cadcee581e1bf9830a
Reviewed-on: https://chromium-review.googlesource.com/1043746
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52990}
Add binop tests for div and rem of i32 and i64. The test is extended to
handle traps, and to check that the value of local variables is not
affected by the operation.
R=titzer@chromium.org
Bug: v8:6600, chromium:839800
Change-Id: I1a4cbc40bd399666d9831d021afb96e0c53a9f64
Reviewed-on: https://chromium-review.googlesource.com/1044166
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52989}
In order to get more test coverage (also on ClusterFuzz), stage Liftoff
and tier up behind --future.
R=hablich@chromium.org
CC=titzer@chromium.org
Bug: v8:6600
Change-Id: I718e17957b26f60aa4c002333035f693344806e0
Reviewed-on: https://chromium-review.googlesource.com/1042385
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52987}
The Promoted* prefix was used to refer both to the total number of old
generation objects, and to the delta of objects moved from the new to
old generations.
PromotedTotalSize() is also renamed, to reflect the actual calculation
it performs
Bug: chromium:837583
Change-Id: Id27a0661618257ef64eb469a83bb49c0e8ce6923
Reviewed-on: https://chromium-review.googlesource.com/1042314
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52986}
This is a reland of a0c57368a9
Original change's description:
> [wasm] Maintain link from Instance to Module.
>
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
>
> R=clemensh@chromium.org
>
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}
Change-Id: I9854400bfc1d22bd258f17118fcb7460cdc3acd5
Reviewed-on: https://chromium-review.googlesource.com/1043786
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52985}
- In debug builds, 'assert(<expr>)' evaluates and aborts execution
if the provided Torque expression is false at runtime.
assert(<expr>) supports the same set of expressions protocols
as Toruqe's if statement, i.e. both bool values and BranchIf-
style tests. Upon failure, the assertion prints the Torque
source code of the failed expression, not the generated CSA
code.
- 'unreachable' calls CSA's Unreachable() and signals to Torque
that code execution cannot continue (i.e. its statement
returns the 'never' type). In debug builds, the line number
and position of the statement are printed before breaking.
- 'debug' calls CSA's DebugBreak(). In debug builds, the line
number and position of the 'debug' are printed before breaking.
Change-Id: I4efd052536bb402c097a0d5f7be56e154b5b3676
Reviewed-on: https://chromium-review.googlesource.com/1042570
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52984}
Instead rely on the scope info containing the name as well.
Change-Id: Ie1f96ea023a793b11209510566f6831b1dfd40ab
Reviewed-on: https://chromium-review.googlesource.com/1042567
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52983}
The CL fixes the mips port in the CL [debug] introduced runtime side
effect check (7a2c371383), that caused
several test failures.
BUG=
Change-Id: Ia1b45fd57d7b77c912562c97f7fc6bf2aa378fe2
Reviewed-on: https://chromium-review.googlesource.com/1030193
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Miran Karić <miran.karic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52982}
This makes sure that allocations of {HeapNumber} objects happening in
the JS-to-Wasm and Wasm-to-JS wrappers are ordered with respect to
changes of the {trap_handler::IsThreadInWasm} predicate. Otherwise the
compiler can (and will) move the allocations across changes of this
predicate and cause safety checks to fire.
R=clemensh@chromium.org
Change-Id: I5366ec0c184929fbd5b60c827d9908fb6ca1d91a
Reviewed-on: https://chromium-review.googlesource.com/1042399
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52979}
The grow_memory opcode basically just executes a runtime call, but
needs to check a condition first, and convert to and from Smi.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: If7d62a8bb0ca6d02bd47ef6048cc65da502b002b
Reviewed-on: https://chromium-review.googlesource.com/1042185
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52978}
On arm64, we had {RegisterBase::bit} (defined in assembler.h) and
{CPURegister::bit} (defined in assembler-arm.h). {CPURegister} inherits
from {RegisterBase}. The two methods methods have different
behaviour on the special {no_reg}, which is only relied on in very few
places.
This CL fixes these places to avoid the use of {no_reg}, and removes
the overwritten method.
R=mstarzinger@chromium.org
CC=rodolph.perfetta@arm.com
Change-Id: I859cc0d4ffc48fae018ee262f3e5403774db87a8
Reviewed-on: https://chromium-review.googlesource.com/1042188
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta%arm.com@gtempaccount.com>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52977}
Side effect free whitelist now
- supports 'typeof' when it performs Load operations
- runtime checks for Array.p.splice
Bug: v8:7588
Change-Id: I45bcd705f8d3f2d2ee61f018566439bf56d1bcbc
Reviewed-on: https://chromium-review.googlesource.com/1037926
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52976}
Since 94ce16b704, when loading an iterator from null or undefined, we
generate the error message "x is not iterable" instead of the unwieldy
"Cannot read property 'Symbol(Symbol.iterator)' of undefined". However
Runtime::GetObjectProperty, which is used as slow path by LoadICs, did
not check for this case, leading to different messages being generated
depending on IC state.
Bug: chromium:823130
Change-Id: Ie98500b97efef401aac9880b9af47d58c3c2825d
Reviewed-on: https://chromium-review.googlesource.com/1042951
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52974}
Port 519bd47f6c
Original Commit Message:
With the exception of the InterpreterEntryTrampoline, all builtins are
now isolate-independent and can be embedded into the binary.
This CL updates the corresponding list and also contains a few smallish
tweaks to support having these builtins off the heap:
* wasm: copy the off-heap builtin, not its trampoline.
* Code::contains: support off-heap builtins.
* JSFunction::is_compiled: compare builtin index instead of identity
(this is relevant during mksnapshot when we transition from the
on-heap builtin to its off-heap representation + the trampoline).
* Remove old DCHECKs.
* A few tweaks in macro-assembler ports that have snuck in recently.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ib16ce35f5ebdade42720f536ac521c79e7c46778
Reviewed-on: https://chromium-review.googlesource.com/1042927
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52973}
Port ab9e012426
Original Commit Message:
Original CL: https://crrev.com/c/1018468
During code generation, we generate self-references (i.e. references to
the Code object currently being generated) as references to a temporary
handle. When the final Code object has been allocated, the handle's
location is fixed up and RelocInfo iteration fixes up all references
embedded in the generated code.
This adds support for this mechanism to the builtins constants table
builder. CodeObject() is now a new handle pointing to a dedicated
self-reference marker in order to distinguish between self-references
and references to undefined. In Factory::NewCode, we patch up
the constants table.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Iba0f4435125b9d6c3fda7fc3e9836494b6eb6f45
Reviewed-on: https://chromium-review.googlesource.com/1042216
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52969}
This is a preparatory CL to find a potential regression on x86.
Bug: chromium:835558
Change-Id: I3859b59d1497d4b7447ad38ee352cf4bbdeb4502
Reviewed-on: https://chromium-review.googlesource.com/1027842
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52967}
- Separates measuring from wasm::SerializeNativeModule so caller
can allocate or reserve the buffer memory. Call site thus avoid
one unnecessary copy.
Bug: chromium:719007
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I50412c0c0279114dcdc1aead810ad39e7c4e2a6e
Reviewed-on: https://chromium-review.googlesource.com/1039183
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52965}
Define and use TurboAssembler::AssertUnreachable
Bug: v8:6600
Change-Id: I6901896ea4fd7e0fe24dd76a1afbb409a24a2994
Reviewed-on: https://chromium-review.googlesource.com/1040766
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52963}
Temporarily skip this test until it can be fixed.
TBR=machenbach@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7718
Change-Id: I04b6c47b72ed041b2b22669187b8afbcc0c05ff6
Reviewed-on: https://chromium-review.googlesource.com/1042398
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52960}
This should reduce the probability of running out of stack space while logging
a fatal error message.
Additionally this CL distinguishes the error OOM error message when there is no
isolate available on the background thread.
Bug: chromium:839166
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I17e929f322dda20127fbf86a6154af5460e53490
Reviewed-on: https://chromium-review.googlesource.com/1041964
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52958}
As with other code size stats, this doesn't distinguish between live and
dead objects, and doesn't scan the young generation.
Also make ExternalString::is_short() const.
Bug: chromium:837659
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I72815edb719ba61d9727e226ff1da0fc4af22a24
Reviewed-on: https://chromium-review.googlesource.com/1032994
Commit-Queue: Benoit L <lizeb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52955}
There are likely cleanups that can be done after this CL:
- context-related functions in the interpreter and compiler take ScopeInfo as
well as ScopeType and slot-count as input. The latter 2 should be directly
derived from the former. We should be able to drop FunctionContextParameters.
- ContextExtension is probably not needed anymore, since we now always have the
correct scope_info directly in the SCOPE_INFO_INDEX slot.
Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67
Reviewed-on: https://chromium-review.googlesource.com/785151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52952}
This reverts commit a0c57368a9.
Reason for revert: Speculative revert due to failures with custom
snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/19061
Local bisect also points to this change:
http://shortn/_IhVxU2FKLu
Original change's description:
> [wasm] Maintain link from Instance to Module.
>
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
>
> R=clemensh@chromium.org
>
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: I1830e6ce14314f06f918a0c428182bfd68354ad9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1041968
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52949}
This is a preparatory step for implementing generics. Along the way, clean up
and encapsulate a bunch of code, including:
* Fully encapsulate Scope by adding the new class ScopeChain that provide an
abstraction for creating and activating scopes.
* Untangle Modules and Scopes.
* Unify scope activation so that it is always associated with an AST node
and triggered by a RAII helper class.
* Unify (somewhat) how builtins and macros are created, fixing a few
inconsistencies with when and how parameters and their types are declared.
* Create a new Declarations class that brokers between the visitor classes and
the ScopeChain. This moves handling of declaration-related errors out of the
visitors but also makes it possible to do so without polluting Scope and
ScopeChain with details about resolving SourcePositions in error cases.
Change-Id: I180017d4cf39ccf5ef1d20b84f53284c252f8d87
Reviewed-on: https://chromium-review.googlesource.com/1038504
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52947}
