Commit Graph

68027 Commits

Author SHA1 Message Date
Georgia Kouveli
ce85e66a20 [cfi][arm64] Change InterpreterEnterBytecode use of LR for CFI.
This use of LR previously allowed overwriting it with arbitrary addresses
that aren't signed. Change this so we never return to an arbitrary LR.

Instead of loading the InterpreterTrampolineEntry address into LR directly,
use an ADR instruction to place into LR the address of a piece of code
that jumps to the InterpreterTrampolineEntry instead. This makes a difference
because BR is also constrained by BTI, whereas RET isn't.

An alternative would have been to `Call` instead of `Jump` to the target
bytecode and avoid the ADR instruction altogether, but I wanted to keep the
same behaviour with respect to the return stack that the existing code
exhibits.

Also add a comment to src/regexp/arm64/regexp-macro-assembler-arm64.cc for
a similar use of LR that should eventually be removed.

Bug: v8:10026
Change-Id: I24a13481f3fa416247dab8f9e5ae6f52f6b2ad42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764761
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#73535}
2021-03-19 11:35:53 +00:00
Shu-yu Guo
fd75c97d3f [interpreter] Apply Reflect.apply transform in BytecodeGenerator
Calls with a spread expression in a non-final position get transformed
to calls to Reflect.apply. This transformation is currently done in
the parser, which does not compose well with other features (e.g.
direct eval checking, optional chaining).

Do this transform in the BytecodeGenerator instead.

Bug: v8:11573, v8:11558, v8:5690
Change-Id: I56c90a2036fe5b43e0897c57766f666bf72bc3a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2765783
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73534}
2021-03-19 11:02:43 +00:00
Jakob Gruber
2dd02967a7 [compiler] Visit-order-independent inlining heuristics
When making inlining decisions in the JSInliningHeuristic, it's
possible that a Node is not a candidate on the first visit, but
becomes a candidate in later visits due to other node reductions.

These later visits should also result in the inlining decision being
made. Until now this was prevented by the visit aborting early since
the Node was added to the seen_ list on the first (unsuccessful)
visit.

This CL changes the seen_ insertion to happen only once a positive
inlining decision was made.

Change-Id: Ide7f6abd3c1d9759d7422fcd5ad9c7daff825795
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764759
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73533}
2021-03-19 10:30:30 +00:00
Santiago Aboy Solanes
4194d3bbf5 [compiler] Read the bit_field in MapData concurrently
`has_non_instance_prototype` can be modified in live objects. For the
native context's map that we serialize on the background this bit is
"set" but it doesn't change value (i.e. it is set to false when it was
already false).

Bug: v8:7790, v8:11575
Change-Id: I070c0f0e383250d0e3cb92065d1113662976cabf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772609
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73532}
2021-03-19 10:23:00 +00:00
Santiago Aboy Solanes
6556b4ac3e Initialize bit field in map using relaxed store
Restore of https://chromium-review.googlesource.com/c/v8/v8/+/2194012.
I changed it to be non-atomic and missed the fact that the concurrent
marker accesses the has_prototype_slot concurrently.

Bug: v8:7790, v8:11353
Change-Id: I292aeacb340b6340c40b633db2591c7d0cbca3bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772608
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73531}
2021-03-19 10:17:21 +00:00
Leszek Swirski
0545b16250 [compiler] Enable off-thread finalization by default
Bug: chromium:1011762
Change-Id: I960b3f57fa29f25d4cda038304825375ada686b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2108039
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73530}
2021-03-19 10:07:21 +00:00
Leszek Swirski
791e085d2f [sparkplug] Add always_sparkplug variant
Add an always_sparkplug testing variant, and fix a couple of issues it
found.

Bug: v8:11420
Change-Id: I7d87a41e3413f40271a0140118531f075d633b23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773047
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73529}
2021-03-19 09:52:50 +00:00
v8-ci-autoroll-builder
baa83b38b7 Update V8 DEPS.
Rolling v8/build: ff9d9de..100ae19

Rolling v8/buildtools/third_party/libc++abi/trunk: c93be42..4e07843

Rolling v8/third_party/aemu-linux-x64: fU_J9KtzLrfiXhqpf_1eV01gy30M641raluN5uaKPNAC..ASZAw9q3qc9gzTTRn-mGL72ir5Z_qIi5GvZGRBYa4sMC

Rolling v8/third_party/depot_tools: 2737963..9757ad5

Rolling v8/tools/clang: 41f9e2d..283bb29

Rolling v8/tools/luci-go: git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816..git_revision:ea8dc31395c76b2990112b29b02386628d795d2d

Rolling v8/tools/luci-go: git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816..git_revision:ea8dc31395c76b2990112b29b02386628d795d2d

Rolling v8/tools/luci-go: git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816..git_revision:ea8dc31395c76b2990112b29b02386628d795d2d

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Iefca39aa2842894aaa4ec039bad4862533cbf0e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2774713
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73528}
2021-03-19 04:00:20 +00:00
Ng Zhi An
2969e67e3c [wasm-simd][ia32][x64] Optimize i64x2.extend_high_i32x4_{s,u}
- Use movhlps instead of pshufd if dst == src
- use xorps with punpckhdq instead of two shuffles

Bug: v8:11470
Change-Id: I50f77b8591372cccca48b9a6078fc3132fe48a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773902
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73527}
2021-03-19 00:29:09 +00:00
Ng Zhi An
b1c09571cc Reland "[wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen"
This is a reland of 1a69d8d874

The fix is to skip this regression test on systems that do not
support SIMD.

Original change's description:
> [wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen
>
> It did not handle the case where dst == src. We switch the registers
> used around to write to scratch first and ensure we don't overwrite dst.
>
> Bug: chromium:1187831
> Change-Id: Idf447aa1a3eff3920f2dfa3e0ec11efae37778cd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762425
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73521}

Bug: chromium:1187831
Change-Id: I1bb6f4ce69f98064d3da5113e3b4c5a4f75a08c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2774133
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73526}
2021-03-18 22:49:09 +00:00
Junliang Yan
88c1ae95b6 s390x: [liftoff] implement CallRuntimeStub
Change-Id: I505ea67af31006f3f233eef390f234cfc0188d6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2774479
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73525}
2021-03-18 21:33:39 +00:00
Ng Zhi An
7311c6a9c5 [relaxed-simd] Move qfma and approx behind relaxed-simd flag
Move them from post-mvp to relaxed-simd flag.

We will have a follow up change to move all the relaxed-simd tests into
their own file.

Bug: v8:11583
Change-Id: Iea9809a309bac428c856e5d0bd024fe0070d5921
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773898
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73524}
2021-03-18 20:55:59 +00:00
Junliang Yan
0b70cbabbe s390x: [liftoff] implement TailCalls and Calls
Change-Id: I1dd37b86634aae67a0cb7f0bf4d5b21e1f1845df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773803
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73523}
2021-03-18 20:29:09 +00:00
Clemens Backes
1004312157 Revert "[wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen"
This reverts commit 1a69d8d874.

Reason for revert: Fails on nosse: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/41365/overview

Original change's description:
> [wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen
>
> It did not handle the case where dst == src. We switch the registers
> used around to write to scratch first and ensure we don't overwrite dst.
>
> Bug: chromium:1187831
> Change-Id: Idf447aa1a3eff3920f2dfa3e0ec11efae37778cd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762425
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73521}

Bug: chromium:1187831
Change-Id: I40d360b16338ef52e7e4327d4166c194ee950827
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773802
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73522}
2021-03-18 18:07:11 +00:00
Ng Zhi An
1a69d8d874 [wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen
It did not handle the case where dst == src. We switch the registers
used around to write to scratch first and ensure we don't overwrite dst.

Bug: chromium:1187831
Change-Id: Idf447aa1a3eff3920f2dfa3e0ec11efae37778cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762425
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73521}
2021-03-18 17:14:59 +00:00
Leszek Swirski
d7ed4f97c2 [sparkplug] Inline TypeOf checks
In the TestTypeOf handler, use the statically known value of the type-of
literal flag to emit the specific type-of check for that type, rather
than going to the general type-of builtin. These checks are very simple,
so we can get away with hand-writing them in the baseline compiler.

Bug: v8:11420
Change-Id: Id9f51042916abaea62f929a2f95cf2c64dc32ee3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772613
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73520}
2021-03-18 17:10:19 +00:00
Ng Zhi An
f5fe49f0f3 [relaxed-simd] Add experimental feature flag
This is not used anywhere yet, and will be later used to gate
instructions like FMA (which is prototyped).

Bug: v8:11583
Change-Id: I2eac60cde6998490fcf3aee11c618ab5478346ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2770605
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73519}
2021-03-18 16:51:09 +00:00
Michael Achenbach
470d5e0561 Revert "[test] Extend testing on Mac on arm64"
This reverts commit f187d0a13f.

Reason for revert: https://crbug.com/v8/11587

Original change's description:
> [test] Extend testing on Mac on arm64
>
> Ensure more testing of --future for different test types on Mac.
>
> No-Try: true
> Bug: v8:11527
> Change-Id: Iac499dc48dde3342ad2057f86ef1ad5fa43b4eac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772981
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73514}

Bug: v8:11527, v8:11587
Change-Id: I76a1baccdf20ed32b02fe8509ae13f7b62651592
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773051
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73518}
2021-03-18 16:33:09 +00:00
Clemens Backes
fa565b9306 [no-wasm] Fix compilation by #if'ing out test code
The test was extended in this CL: https://crrev.com/c/2762420
It now uses wasm::SimdShuffle, which is only available if webassembly is
enabled.
Thus, #if out the test if webassembly is disabled.

Drive-by: Add a missing include.

R=jkummerow@chromium.org
CC=zhin@chromium.org

Bug: v8:11238
Change-Id: I1b53d0145467b58616a161944fb88d2ca256fd58
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772978
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73517}
2021-03-18 16:14:05 +00:00
Frank Emrich
1dff082298 [dict-proto] C++ implementation of SwissNameDictionary, pt. 9
This CL is part of a series that adds the C++ implementation of
SwissNameDictionary, a deterministic property backing store based on
Swiss Tables.

This CL adds test-swiss-name-dictionary-infra.[h|cc], which contain
the infrastructure for writing tests that simulatenously check the
C++ and CSA/Torque implementation of SwissNameDictionary operations.

The actual tests are added in a subsequent CL, which will be the last of
this series.

Bug: v8:11388
Change-Id: I89cbc7e575ed694fe34cb66c0e1ec70683504bd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742574
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73516}
2021-03-18 16:08:04 +00:00
Leszek Swirski
89b3cd33b2 Revert "[bigint] Begin src/bigint refactoring"
This reverts commit c4b44d5d48.

Reason for revert: UBSan failures (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/15621/overview)

Original change's description:
> [bigint] Begin src/bigint refactoring
>
> This patch moves a first function, Compare, from src/objects/bigint.cc
> to src/bigint/, to blaze the trail. More to follow!
>
> Bug: v8:11515
> Change-Id: Id7fa0b40ea852dbed1360f7ab439cb32d0c15762
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737295
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73511}

Bug: v8:11515
Change-Id: I98f3e385c785297b1b71de07fc4835da2bbe816c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773048
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73515}
2021-03-18 15:39:06 +00:00
Michael Achenbach
f187d0a13f [test] Extend testing on Mac on arm64
Ensure more testing of --future for different test types on Mac.

No-Try: true
Bug: v8:11527
Change-Id: Iac499dc48dde3342ad2057f86ef1ad5fa43b4eac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772981
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73514}
2021-03-18 15:01:24 +00:00
Clemens Backes
dd8a12499e [wasm] memory.grow cannot happen in asm.js code
We do not emit this opcode in the asm.js to wasm translator, hence we do
not need to handle this case in the function body decoder.
Replace it by a DCHECK to catch bugs where we might accidentally emit
the opcode.

R=thibaudm@chromium.org

Change-Id: Ibaa07099f30b871c28e3d3cebae96277f46e3164
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2768619
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73513}
2021-03-18 14:50:19 +00:00
Milad Fa
d95b1645a7 PPC/s390: [wasm-simd] Canonicalize shuffles when creating TurboFan graph
Port d16eefe0f2

Original Commit Message:

    We currently canonicalize shuffles in the architecture specific
    instruction selector. This has the drawback that if we want to pattern
    match on nodes that have a shuffle as input, they need to individually
    canonicalize the shuffle. There can also be a subtle bug if we
    canonicalize the same shuffle node twice (see bug for details).

    This moves the canonicalization to "construction time", in
    wasm-compiler, when building the graph. As such, any pattern matches in
    instruction-selector will only need to deal with canonicalized shuffles.

    We introduce a new kind of parameter for shuffle nodes,
    ShuffleParameter, to store the 16 bytes plus a bool indicating if this
    is a swizzle. A swizzle essentially: inputs to the shuffle are the same
    or all indices only touch 1 input. We calculate this when
    canonicalizing, so store this bit of information inside of the node's
    parameter.

    We update the tests in x64 to handle special cases where, even though
    the node's inputs are not swapped (due to canonicalization), they need
    to be swapped for the specific instruction selected (e.g. palignr). The
    test data also contains canonicalized shuffles, so we have to manually
    canonicalize them.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I9872fcdaa06739c8972f02d81e77bcbf372126c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773138
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73512}
2021-03-18 14:49:14 +00:00
Jakob Kummerow
c4b44d5d48 [bigint] Begin src/bigint refactoring
This patch moves a first function, Compare, from src/objects/bigint.cc
to src/bigint/, to blaze the trail. More to follow!

Bug: v8:11515
Change-Id: Id7fa0b40ea852dbed1360f7ab439cb32d0c15762
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737295
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73511}
2021-03-18 14:39:34 +00:00
Thibaud Michaud
0ee6f90a5f [regalloc] Fix slot requirement for live ranges defined by a const
Live ranges defined by a constant operand normally don't require a spill
slot since they can just rematerialize the value from the constant. In
the attached issue however, deoptimization adds an explicit slot
requirement for a range that is defined by a constant operand. This case
is not expected in the register allocator and we eventually hit a
DCHECK.

This fix allocates a new stack slot during the MeetRegisterConstraints
and adds the missing gap move.

Drive-by: remove dead method LiveRange::NextSlotPosition.

R=sigurds@chromium.org
CC=​nicohartmann@chromium.org

Bug: chromium:1146880
Change-Id: I08fbb890f2f3d9574196989cf3e5ef6232433484
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563689
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73510}
2021-03-18 14:25:14 +00:00
Ross McIlroy
0cfeb2c0a3 [Turboprop] Remove DecompressionOptimization phase from TurboProp.
Reduces the overhead of mid-tier optimization without much impact on
mid-tier generated code performance.

BUG=v8:9684

Change-Id: I81889049f718ec2b18a805b11aab119754466c95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772611
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73509}
2021-03-18 13:39:04 +00:00
Ross McIlroy
dcb0d4a668 [Turboprop] Avoid calling RepresentationFor in mid-tier allocator.
RepresentationFor is quite hot in MidTierAllocator profiles. To
optimize this, instead stash the representation in the
VirtualRegisterData and pass that about consistently instead of
passing the virtual_register int and having to retrieve both
representation and VirtualRegisterData for the vreg multiple times.

This improves mid-tier allocation time by ~8% on Octane benchmarks.

BUG=v8:9684

Change-Id: Ied01fbdab013c278da022d1df321b08fbfc68a4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2768618
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73508}
2021-03-18 12:43:44 +00:00
Georgia Kouveli
9a97c8630a [cfi][arm64] Change OSR entry use of LR.
The previous uses of LR here allowed overwriting it with arbitrary addresses
that aren't signed. Change this so we never return to an arbitrary LR.

This makes a difference even when we replace the RET with a BR, because BR is
constrained by BTI, whereas RET isn't.

Bug: v8:10026
Change-Id: Ibbf326ccf0cf32f6d9541c7a82108dc0373827df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767015
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#73507}
2021-03-18 12:37:09 +00:00
Georgia Kouveli
8de57ed75f [cppgc][arm64][cfi] Add PAC/AUT instructions to PushAllRegistersAndIterateStack.
Bug: v8:10026
Change-Id: Ie040d36d9a98943f97236998df53408bb060d028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764760
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#73506}
2021-03-18 12:36:04 +00:00
Igor Sheludko
a3ba8ce36a [sparkplug] Stage shorter builtin calls behind --future
... when v8_enable_short_builtin_calls is enabled for current build
configuration.

Bug: v8:11527
Change-Id: Ie7edf7ede5822f3b8f7ec815c89d0c50ec7657bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2770880
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73505}
2021-03-18 11:55:54 +00:00
Thibaud Michaud
d8b6e14c15 [wasm][interpreter] Fix multi-value try blocks
Fix target stack height of multi-value try blocks.

R=clemensb@chromium.org

Bug: chromium:1187896
Change-Id: I698b06141e65f7b545a695c035b862af31dd8875
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772236
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73504}
2021-03-18 11:12:54 +00:00
Igor Sheludko
2ce5acf66b [sparkplug] Don't use short builtin calls with code serializer
... because serialization of RUNTIME_ENTRY reloc infos is not supported
yet.

Bug: v8:11527
Change-Id: I0a0451710f7dd57b6393b8fad1620d29346a9f49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772602
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73503}
2021-03-18 10:58:14 +00:00
Manos Koukoutos
f4473d9829 Revert "[turbofan] Optimize TrapIf/Unless in BranchElim. and CommonOp-Reducer"
This reverts commit a3b1233e16.

Reason for revert: This approach has multiple issues and we have to reconsider it.

Original change's description:
> [turbofan] Optimize TrapIf/Unless in BranchElim. and CommonOp-Reducer
>
> Bug: v8:11510
> Change-Id: I1e8fcb54444e494c7d765ad556d09d954441361f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752876
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73468}

Bug: v8:11510
Change-Id: Id35bc4ebcb45a617f61993d857ad2291b0287ad6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772600
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73502}
2021-03-18 10:01:05 +00:00
Igor Sheludko
db27ea56ac Reland "[sparkplug] Enable shorter builtin calls behind --short-builtin-calls"
This is a reland of 5f9f09f4db

Original change's description:
> [sparkplug] Enable shorter builtin calls behind --short-builtin-calls
>
> ... on desktop x64 and arm64 if pointer compression is enabled.
>
> Bug: v8:11527
> Change-Id: Ie23b59312c6db34a5f40e23347b3c4f11173612d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767222
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73498}

Bug: v8:11527
Change-Id: I5b5524b6b4b301e4afcc09e4621942b77b56c07d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772235
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73501}
2021-03-18 09:38:34 +00:00
v8-ci-autoroll-builder
310210a368 Update V8 DEPS.
Rolling v8/build: 37b76d6..ff9d9de

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b965b65..c730dae

Rolling v8/third_party/depot_tools: 36de4be..2737963

Rolling v8/tools/clang: 752611e..41f9e2d

Rolling v8/tools/luci-go: git_revision:19175e196dd495f6e092845f7d777cb5bf157b3e..git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816

Rolling v8/tools/luci-go: git_revision:19175e196dd495f6e092845f7d777cb5bf157b3e..git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816

Rolling v8/tools/luci-go: git_revision:19175e196dd495f6e092845f7d777cb5bf157b3e..git_revision:e81c0c9c528d0a416922e4ccd958d0de59a64816

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I7a3f21d3d171596b6d98a843379bd1c146f2ae54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2771598
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73500}
2021-03-18 04:07:36 +00:00
Zhi An Ng
a749d03e2f Revert "[sparkplug] Enable shorter builtin calls behind --short-builtin-calls"
This reverts commit 5f9f09f4db.

Reason for revert: Broke https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20-%20release%20builder/21079/overview

Original change's description:
> [sparkplug] Enable shorter builtin calls behind --short-builtin-calls
>
> ... on desktop x64 and arm64 if pointer compression is enabled.
>
> Bug: v8:11527
> Change-Id: Ie23b59312c6db34a5f40e23347b3c4f11173612d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767222
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73498}

Bug: v8:11527
Change-Id: I48ec54a134a293e31d4d26ce3a82a27a714fde6a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2770599
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73499}
2021-03-17 23:02:05 +00:00
Igor Sheludko
5f9f09f4db [sparkplug] Enable shorter builtin calls behind --short-builtin-calls
... on desktop x64 and arm64 if pointer compression is enabled.

Bug: v8:11527
Change-Id: Ie23b59312c6db34a5f40e23347b3c4f11173612d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767222
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73498}
2021-03-17 22:53:23 +00:00
Thibaud Michaud
28cd97b8d4 [wasm][eh] Do not trap on special exception objects
Throwing an object that needs special property lookup currently traps
when we catch it in wasm. We should just return undefined to let the
caller know that this is not a wasm exception object.

Drive-by: use the named {caught_tag} register consistently.

R=clemensb@chromium.org

Bug: chromium:1188825
Change-Id: I8ebd4db756ac7ba04208ab43c7349c28b813fc49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767519
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73497}
2021-03-17 22:42:58 +00:00
Jakob Kummerow
e2aae12a87 [wasm][test] Update mjsunit WasmModuleBuilder
This brings the WasmModuleBuilder in the mjsunit test suite
up to date wrt. the latest changes of the GC proposal.

Bug: v8:7748
Change-Id: I4e1a3d34a1e83626ab89d2fa0e10ca4aa61d75ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690590
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73496}
2021-03-17 22:41:53 +00:00
Ng Zhi An
d16eefe0f2 [wasm-simd] Canonicalize shuffles when creating TurboFan graph
We currently canonicalize shuffles in the architecture specific
instruction selector. This has the drawback that if we want to pattern
match on nodes that have a shuffle as input, they need to individually
canonicalize the shuffle. There can also be a subtle bug if we
canonicalize the same shuffle node twice (see bug for details).

This moves the canonicalization to "construction time", in
wasm-compiler, when building the graph. As such, any pattern matches in
instruction-selector will only need to deal with canonicalized shuffles.

We introduce a new kind of parameter for shuffle nodes,
ShuffleParameter, to store the 16 bytes plus a bool indicating if this
is a swizzle. A swizzle essentially: inputs to the shuffle are the same
or all indices only touch 1 input. We calculate this when
canonicalizing, so store this bit of information inside of the node's
parameter.

We update the tests in x64 to handle special cases where, even though
the node's inputs are not swapped (due to canonicalization), they need
to be swapped for the specific instruction selected (e.g. palignr). The
test data also contains canonicalized shuffles, so we have to manually
canonicalize them.

Bug: v8:11542
Change-Id: I4e78082267bd03d6caedf43d68d81ef3f5f364a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762420
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73495}
2021-03-17 22:27:13 +00:00
Michael Lippautz
fdae1b6583 cppgc: Refactor object allocation to improve binary size
Refactor SpacePolicy on a non-templated class to avoid the situation
of having MakeGarbageCollectedTraitBase<T>::SpacePolicy<U> refer to
different T and U which make it hard for the compiler to alias
anything.

Bug: chromium:1056170
Change-Id: I78eb0362d43403ad2712bcb65746eeb9f6ad44fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2769338
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73494}
2021-03-17 22:01:23 +00:00
Ulan Degenbaev
fcdf35e6d7 Skip global registration of [Shared]ArrayBuffer backing stores
Previously we needed to register the backing stores globally because
the embedder could create them from a raw pointer. This is no longer
possible after the removal of the old API.

The global backing store registry now keeps track only of wasm memory
backing stores.

Bug: v8:9380
Change-Id: Iffefbf14dcafc1f9ce0dc3613335c754c9cb649a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2763874
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73493}
2021-03-17 20:46:03 +00:00
Milad Fa
63661ce7c6 PPC [simd]: Implement vector extend multiply low/high
Also added multiply low/high and vector merge instructions to
the simulator.

Change-Id: I889004b5572ee7df75be706c424ac2e83e53e8b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2769058
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73492}
2021-03-17 20:27:13 +00:00
Shu-yu Guo
f32b18bc62 [logging] Fix deadlock with ICEvent
Bug: chromium:1188868
Change-Id: If3916891806b7db7c4556f0dc50ae73afa06036c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2766223
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73491}
2021-03-17 19:42:08 +00:00
Clemens Backes
17af2b71ba [wasm][debug] Test instrumentation breakpoint with source map
This tests the 'beforeScriptWithSourceMapExecution' mode of
setInstrumentationBreakpoint for wasm.

R=bmeurer@chromium.org

Bug: chromium:1151211
Change-Id: I3020ab3e67e090407e2641a105c513e7614aa305
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764342
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73490}
2021-03-17 19:41:03 +00:00
Ng Zhi An
5bf07566ce [wasm] Move asm regress tests into regress/asm
These tests require --validate-asm, which is available only on
WebAssembly enabled builds. This was causing problems
on https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/15320/overview.

Moving them into regress/asm, the status file automatically skips these
tests if WebAssembly is not enabled.

Bug: v8:11238
Change-Id: Ib337fb6bd43319f61a33302efd4277c092935a9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767600
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73489}
2021-03-17 17:58:41 +00:00
Igor Sheludko
f531603290 [sparkplug][arm] Port Sparkplug to arm
Bug: v8:11421
Change-Id: Ia4d3a20b9fdb5bc262cf480ece6e189aedff388f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762143
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73488}
2021-03-17 17:50:01 +00:00
Andreas Haas
7d2ac7b48d [turbofan][verifier] Handle kUnalignedLoad and kUnalignedStore
The machine graph verifier did not handle kUnalignedLoad and
kUnalignedStore yet, which caused problems with debug builds on arm.

R=mvstanton@chromium.org

Bug: v8:11384
Change-Id: I1a33c1e5993f9f0dd453a2d3f757e0eaff65b479
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2756213
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73487}
2021-03-17 17:38:51 +00:00
Omer Katz
93c7ffa3f4 cppgc: Refactor Sweeper initialization.
Sweeper cannot assume that platform never changes, so that we can
support using testing-specific platforms.
Instead, the sweeper gets the current platform from HeapBase on sweeping
start. The platform is set to nullptr whenever sweeping is not active.

Bug: chromium:1056170
Change-Id: I749e1dbfa204635fbb446a8c383aaa2548a717be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767139
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73486}
2021-03-17 17:25:21 +00:00