This CL applies the following changes:
- JSCallReducer no longer generates a CheckBigInt in front of the
generated BigIntAsUintN.
- This results in a slight change of the semantics of the latter, which
now includes the necessary type check. Typer and Verifier are changed
accordingly.
- The BigIntAsUintN operator is now effectful, since it can now deopt.
- IrOpcode::kBigIntAsUintN is now lowered in SimplifedLowering instead
of EffectControlLinearizer, the necessary type check is introduced
by the RepresentationChanger.
- Adds a small mjsunit test to check the correct deoptimization behavior
of optimized BigInt.asUintN.
==> Remove UseInfo::TruncatingWord64()!
Drive-by: Fix an issue in ChangeUnaryToPureBinaryOp when the new_input
is at index 1.
Drive-by: Introduce an %Is64Bit() intrinsic to allow tests to
distinguish 32 and 64 bit architectures.
Bug: v8:11682
Change-Id: I448f892d3bd2280d731ae5b248c833de8faf1bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843816
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74147}
This reverts commit df4dae7765.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm%20-%20debug/18512/overview
Original change's description:
> [arm] Make the constant pool check deadline smarter
>
> Rather than having periodic constant pool checks that almost always fail
> (because the constant pool deadline isn't close enough, or even because
> there's no constant pool to emit at all), set a single deadline on the
> first constant pool insertion which expires just before the maximum
> distance to the constant pool. Constant pool checks around unconditional
> jumps happen irrespective of this deadline.
>
> In particular, this is made possible by fixing the incorrect assumption
> that the constant pool can be emitted out of order. The new assumption
> (that the emission is in-order) is validated with a CHECK.
>
> Bug: v8:11420
> Change-Id: I061dd0b8c3476ba95ee1acfb3b485d8ba2adda91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2844665
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74141}
Bug: v8:11420
Change-Id: Ib822425749df33fb22a38d317c107a523b382e01
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846899
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74144}
JS-to-Wasm wrappers embed heap constants (like the undefined value), and
those heap values are being accessed during compilation for tracing.
This is not a data race, since those values are read-only. But if the
isolate dies while we are compiling those wrappers, we might read from
the heap after it has been free'd.
Ideally we would not access the isolate or the heap at all during
compilation, but delaying all tracing until the "finalization" phase is
not feasible, and removing the heap value printing from tracing would
significantly regress quality of this tracing.
Hence this CL only fixes the actual issue: That we keep compiling
wrappers when the isolate is already gone. It does so by introducing an
{OperationsBarrier} per isolate that is being taken by each thread that
executes wrapper compilation, and is used for waiting for background
threads to finish before the isolate shuts down.
Additionally, we actually cancel all compilation if a module dies (or
the isolate shuts down) before it finished baseline compilation. In this
state, the module cannot be shared between isolates yet, so it's safe to
fully cancel all compilation. This cancellation is not strictly
necessary, but it will reduce the time we are blocked while waiting for
wrapper compilation to finish (because no new compilation will start).
R=thibaudm@chromium.orgCC=manoskouk@chromium.org
Bug: v8:11626, chromium:1200231
Change-Id: I5b19141d22bd0cb00ba84ffa53fb07cf001e13cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846881
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74142}
Rather than having periodic constant pool checks that almost always fail
(because the constant pool deadline isn't close enough, or even because
there's no constant pool to emit at all), set a single deadline on the
first constant pool insertion which expires just before the maximum
distance to the constant pool. Constant pool checks around unconditional
jumps happen irrespective of this deadline.
In particular, this is made possible by fixing the incorrect assumption
that the constant pool can be emitted out of order. The new assumption
(that the emission is in-order) is validated with a CHECK.
Bug: v8:11420
Change-Id: I061dd0b8c3476ba95ee1acfb3b485d8ba2adda91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2844665
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74141}
BUG=v8:9684
Change-Id: Ia63928e67dd714690b4f54c14361c6ee5e81f604
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843809
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74139}
`exectionContextId` parameter in Runtime.addBinding is not working
correctly and does not have a practical use case. Therefore,
deprecating it in favour of the `executionContextName` parameter that
better serves the purpose of exposing bindings to isolated worlds. We
expect most users to be able to migrate to `executionContextName`.
Bug: chromium:1169639
Change-Id: Ic37cefa6a62501c7e903923f1f9c0da7e51326c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2844652
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74137}
Untangles the non-tracing GC optimization (Scavenger) that allows for
dropping objects that are only reachable from certain API references
from EmbedderHeapTracer. Instead, allow setting it on Isolate.
This allows for using the optimization when using cppgc.
Chromium-side: https://crrev.com/c/2844587
Bug: chromium:1056170
Change-Id: I20f28dd84c808872c7f9559c8c168e828794dd1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2844657
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74135}
Changes:
- Reintroduce CALL_INTERFACE() and use it over
CALL_INTERFACE_IF_REACHABLE_AND_OK() in contexts where
current_code_reachable_and_ok_ is known to hold.
- Add V8_LIKELY annotations.
Bug: chromium:1201718
Change-Id: I6a448a8955ecec20fdddef636d563cb1b5a93679
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846886
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74134}
Using the added lxvx and stxvx instructions, we can load and
store vector register values in a single instruction.
MRR encoding does not have a 16 byte alignment requirement.
Change-Id: I9c1d80fd867a0e79d3390e4a05e08cdf2a2e4835
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2845734
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74130}
This will make --regenerate_expected_files flag work for message tests.
Bug: v8:10773
Change-Id: Ica87bd69bd0a41e2a3c168d2200d0cd0c7f094da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2842387
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74127}
Doing a `!(B > A)` which is equal to `A >= B`. This way
we use one less instruction.
Change-Id: I49d50f11096e2d542eaabab82c17225c83e89b63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846980
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74125}
Unordered floating-point (non-)equality is implemented using two flags
on x64: kUnorderedNotEqual as "not_equal OR parity_even" and
kUnorderedEqual as "equal AND parity_odd". Only the first flag was
checked.
This change fixes the kUnorderedNotEqual case by emitting a second
cmov to also move the "true" value if the parity_even flag is set. The
kUnorderedEqual case is covered by inverting the condition in the
instruction selector.
This should also be optimal according to the code emitted by clang -O3
for equivalent C++ code.
Drive-by: remove unused overload of EmitWithContinuation.
R=neis@chromium.orgCC=ahaas@chromium.org
Bug: chromium:1200184
Change-Id: Iae438d29fb5897ca910a154f140a5a6a904490ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2844651
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74122}
Currently the --single-generation flags disables inline allocations
and forces all allocations to go via runtime where they are redirected
to the old generation.
This patch implements the young to old redirection in CSA and TF.
Bug: v8:11644
Change-Id: Ie945ba684fb0f41d5414a05be2f25245d4869d6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2839010
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74121}
Until this CL, the JSHeapBroker::GetPropertyAccessInfo (GPAI) process
was as follows:
1. GPAI is called on the main thread (MT) during the serialization
phase to create and cache PAIs.
2. GPAI is called again from the background thread (BT); only cached
PAIs from step 1 are usable.
As part of concurrent inlining, the goal is to move GPAI fully to the
background thread. This CL takes a major step in that direction by
making GPAI itself callable from the BT without resorting solely to PAIs
that were previously cached on the MT.
There are two main reasons why GPAI previously had to run on the MT:
a) Concurrent access to Maps and other heap objects.
b) Serialization and creation of ObjectRefs for objects discovered
during GPAI.
This CL addresses only reason a) and leaves b) for future work. This
is done by keeping the two-pass approach, s.t. the initial call of
GPAI on the MT discovers and serializes objects. We then clear all
cached PAIs. The second call of GPAI on the BT thus runs full logic in a
concurrent setting.
Once all relevant objects (= maps and prototypes) no longer require
MT-serialization, reason b) is also addressed and the first pass can be
removed.
The new logic is implemented behind the runtime flag
--turbo-concurrent-get-property-access-info (default true), intended
to be removed in the future.
Bug: v8:7790
Change-Id: Idbdbfe091d7316529246a686bb6d71c2a0f06f8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817793
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74120}
Bug: v8:11675
Change-Id: I8046e61d92b502a8c96f11e3ecfc528544c6ba97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843953
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74114}
As we can still intend to run the web-exposed profiler outside of an
origin-isolated environment, add support back for filtering by
v8::Context.
This reverts commit 05af368100.
Bug: chromium:956688
Change-Id: Idd98bea3213b5963f689a04de6c3743073efc587
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2785806
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#74112}
Instead of {func-index}+{pc of instruction relative to function}, make
it {func-index}:{pc of instruction in module}. This is more consistent
with existing conventions
(https://webassembly.github.io/spec/web-api/index.html#conventions) and
other tools (like output of wasm-objdump).
Bug: v8:10773
Change-Id: I7ceecafd984e2d1adbb57266e1f7448762e23ac9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2842267
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74110}
After appending 'unimplemented instruction' we need to increase the data
pointer to avoid an endless loop and to fulfill a later DCHECK.
R=jkummerow@chromium.org
Bug: chromium:1201114
Change-Id: I707809f81a4d9a6b3653b94b4836482c006b76ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843819
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74108}
This reverts commit fd16e67e49.
Reason for revert: TSAN no-CM flaky failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3413
Original change's description:
> Reland "[compiler] Perform MapRef's SupportsFastArray methods concurrently"
>
> This is a reland of ebd9dcdaac
>
> Reason for reland: std::atomic<> only works for primitive types i.e. it
> does not work for Object. We can change it to read/write the Object's
> Address, instead.
>
> Original (reverted) CL can be seen in PS1.
>
> Original change's description:
> > [compiler] Perform MapRef's SupportsFastArray methods concurrently
> >
> > We are safe to go through the native_contexts_list_ since we do it
> > through IsAnyInitialArrayPrototype which disallows the GC. Furthermore,
> > we read that list with an acquire load which guarantees that the fields
> > have been initialized.
> >
> > Bug: v8:7790
> > Change-Id: I778d51f4ead44e472f842693a7e9ff577d6acfe3
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826541
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74086}
>
> Bug: v8:7790
> Change-Id: I721c3a1e962951b0bc073dc74baf7fbeababc243
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843813
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74104}
Bug: v8:7790
Change-Id: I4efa8165b680eaa6c5c525d85d21962e6a5b1abb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843822
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74106}
This is a reland of 47077d9449 without
changes. The revert was false alarm.
Original change's description:
> [compiler] Fix more truncation bugs in SimplifiedLowering
>
> Bug: chromium:1200490
> Change-Id: I3555b6d99bdb4b4e7c302a43a82c17e8bff84ebe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2840452
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74097}
Bug: chromium:1200490
Change-Id: I75cac59050bc393d157a1ee5bed776c8986a7bbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843817
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74105}
This is a reland of ebd9dcdaac
Reason for reland: std::atomic<> only works for primitive types i.e. it
does not work for Object. We can change it to read/write the Object's
Address, instead.
Original (reverted) CL can be seen in PS1.
Original change's description:
> [compiler] Perform MapRef's SupportsFastArray methods concurrently
>
> We are safe to go through the native_contexts_list_ since we do it
> through IsAnyInitialArrayPrototype which disallows the GC. Furthermore,
> we read that list with an acquire load which guarantees that the fields
> have been initialized.
>
> Bug: v8:7790
> Change-Id: I778d51f4ead44e472f842693a7e9ff577d6acfe3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826541
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74086}
Bug: v8:7790
Change-Id: I721c3a1e962951b0bc073dc74baf7fbeababc243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843813
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74104}
For handles and external refs, use Move32BitImmediate directly rather
than mov -- mov will first try more compact encodings which will almost
certainly fail for embedded pointers, so it's not worth trying to use it
in baseline compilation where the compiler speed matters.
Bug: v8:11420
Change-Id: Ic0ed9f95d28302ae9737567aa863dc93666239e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843814
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74103}
This CL hardens the test function for unwrapping the C++ object to
only do so if the correct API object is passed from JS.
Bug: chromium:1201057
Change-Id: I81eb16efe2711bd788c775e3bcb712720bbe4782
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843347
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74102}
Changes:
- Remove TypeCheckBranchResult. Change TypeCheckBranch() to return bool.
Refactor call sites to reflect this (decouple current code
reachability check from type check).
- Unify TypeCheckBranch(), TypeCheckFallthrough(), and the type-checking
part of Return() into TypeCheckStackAgainstMerge().
- Make sure all TypeCheck* functions are only called within VALIDATE.
- In graph-builder-interface, rename end_env -> merge_env to reflect
its function for loops.
- Change expected error messages in some tests.
Change-Id: I857edc18db9c2454ad12d539ffe7a10e96367710
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2839560
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74100}
